For decades, the banking industry operated on a tacit principle regarding fraud: Caveat Emptor, let the buyer beware. If a customer was tricked into sending money to a scammer, the financial loss was tragic, but ultimately, it was often the customer's liability.

That era has irrevocably changed.

New "Mandatory Reimbursement" laws for Authorized Push Payment (APP) fraud have fundamentally changed the financial landscape for every bank.

Fraud prevention is more than ever a critical strategy for protecting revenue and reputation.

The Global Liability Shift: A Multi-Billion Dollar Reality

The United Kingdom served as the "Ground Zero" for this shift. With the rules effective since late 2024, the impact has been immediate and undeniable.

The first results are clear: UK banks reimbursed £112 million to victims, with a reimbursement rate hitting 88%.

But the UK is not alone. Accountability has gone global:

●      European Union: The upcoming PSD3/PSR regulations introduce strict liability for "spoofing" (bank impersonation), shifting the burden of proof onto the bank to demonstrate customer negligence.

●      Singapore: The Shared Responsibility Framework (SRF), effective December 2024, forces financial institutions to shoulder losses if they fail in specific digital hygiene duties.

●      Australia: The Scams Prevention Framework, passed in 2025, imposes heavy civil penalties for governance failures regarding fraud.

●      Brazil: The Pix MED 2.0 mechanism, mandatory by 2026, enforces multi-layer asset blocking to recover funds.

The "50/50"  Rule for Fintechs

Perhaps the biggest change concerning Neobanks and Fintechs is the 50/50 liability split introduced in the UK and now mirrored globally. The cost of reimbursement is split equally between the sending bank and the receiving bank.

Historically, "receiving" institutions (often Fintechs with fast onboarding) had little incentive to police incoming transfers. That has changed. Every mule account created on your platform now represents a direct financial liability, even if the fraud originated elsewhere.

The Top Threat: AI-Driven Industrialized Fraud

As regulatory pressure mounts, the threat landscape has evolved from "lonely hackers" to industrialized Fraud-as-a-Service.

Criminals are weaponizing Generative AI to bypass the very security measures banks use to detect them. Hyper-realistic Deepfakes and scalable Injection Attacks are rendering legacy defenses obsolete.

1. The Rise of Injection Attacks

This continues to be one of the biggest technical threats. In an Injection Attack, fraudsters do not present a face to the camera. Instead, they use emulators or virtual camera software. This allows them to "inject" a pre-recorded deepfake video, or even a pre-recorded, stolen, legitimate video, into the banking app's data stream.

Legacy biometric systems that only analyze the visual "face" are consistently bypassed by these methods. This allows criminals to open thousands of Mule Accounts using synthetic identities to launder stolen funds.

2. Deepfake Social Engineering

Fraudsters are using AI voice cloning and real-time video deepfakes to impersonate CEOs, bank officials, or family members. These "high-conviction" scams trick users into approving payments.

This is known as APP Fraud. It activates the mandatory reimbursement rules that banks must follow.

The Solution: Biometrics as an “Insurance Policy”

If the bank is responsible for the loss, the bank must control the risk. The only way to stop the bleeding is to prevent the creation of mule accounts and the authorization of fraudulent payments with absolute certainty. And to do that efficiently, Face Biometrics are still the best solution, when it is coupled with a robust Liveness solution.

1. Passive Liveness: Reducing Friction, Increasing Security

To protect users without hurting conversion, major financial institutions aroiund the world have chosen Passive Liveness.

Unlike Active Liveness, which asks users to blink or move, Oz Passive Liveness only requires a simple selfie. It then uses AI to:

●      Analyze micro-reflections on skin.

●      Validate depth data to detect screens, masks, or photos.

●      Deliver real-time verification with minimal friction.

The result: faster onboarding, fewer dropouts, and better fraud resistance.

2. Injection Attack Detection (IAD): The 2026 Essential

To shut down the mule farms enabling APP fraud, banks must stop injection attacks.

That means deploying solutions certified against:

●      CEN/TS 18099 (for Injection Attack Detection)

Solutions like Oz Forensics have achieved 100% detection accuracy in labs such as BixeLab. This provides a hermetic seal that defends against AI-powered synthetic fraud.

Conclusion: From Compliance to Survival

The equation is simple: Prevention = Protection.

Every dollar invested in certified biometric security is a dollar saved from the mandatory reimbursement bottom line. Financial institutions that rely on legacy defenses will become the target of choice for fraudsters and the bearer of massive reimbursement costs.

To protect your organization in this new regulatory era, you need a defense that stops not just the "fake face," but the "fake signal."

Is your fraud prevention ready for the era of global liability?

Contact Oz Forensics to deploy "NIST-Ready" and ISO-certified biometrics that protect your capital and your customers.