Skip to content

AI fraud warning: what small businesses should tighten now

Pen-and-ink illustration of a small shop counter with a laptop showing a warning shield, with a small tucked-away Union Jack as the only coloured element

AI fraud warning: what small businesses should tighten now

UK Finance has warned that fraud remains an industrial-scale threat after its latest annual figures showed criminals stole £1.28 billion through payment fraud in 2025. For small businesses, the important point is not only the size of the loss. It is how quickly scams are becoming more convincing, more automated and harder for busy teams to spot during a normal working day.

The banking and finance trade body said overall payment fraud losses rose by 4% in 2025. Unauthorised fraud losses fell by 5% to £703.4 million, but authorised push payment fraud moved the other way, rising 19% to £576.4 million. That matters because authorised scams rely on persuading a real person to make a payment, change bank details, buy something that does not exist, or move money under pressure.

UK Finance reported £75.6 million in business losses within authorised push payment fraud. It also said 66% of APP cases started online and 17% began through telecommunications. That mix should feel familiar to SMEs: email, messaging apps, social media, supplier portals, marketplaces and phone calls are now ordinary parts of trading. They are also the routes criminals use to reach staff, directors and customers.

Why AI changes the risk

AI does not create a completely new category of fraud. It makes old tactics cheaper and more persuasive. A fake invoice can be better written. A phishing email can sound like a real supplier. A bogus investment pitch can be tailored to a sector. Voice cloning and deepfake content can add pressure in targeted attacks, especially where a business already relies on quick approvals from a small number of people.

That is why the practical response is not to wait for a perfect AI detection tool. Small firms need simple controls that assume a scam may look professional, use correct names and arrive at a plausible time. The weaker point is often process rather than technology: a rushed payment, a bank-detail change accepted by email, or a junior staff member feeling they cannot challenge an urgent request.

BritishSME has previously covered how small firms can use cyber security guidance as a prompt for better day-to-day habits. Fraud deserves the same treatment. It is not just an IT issue. It is finance, customer service, HR, sales and leadership working to the same rules.

Payment checks should be boring and consistent

The most useful defence is a clear rule for money movement. Any new supplier bank details, changed payment instructions, urgent refund request or unusual transfer should be checked through a known route, not by replying to the message that made the request. That might mean phoning a saved number, using a supplier portal already on file, or asking a second manager to approve the change.

For very small teams, this can feel awkward. Owners may worry that extra checks slow the business down. But the cost of a two-minute verification call is tiny compared with a mistaken transfer. The rule also protects staff: if everyone knows there is a mandatory check, an employee can resist pressure without feeling they are being difficult.

Businesses should write the rule down and apply it every time. A control that depends on someone remembering when they are tired, busy or being rushed is not much of a control. A short payment checklist, stored near the finance system, is often enough: new payee, changed bank details, large payment, urgent request, unfamiliar tone, external link, second approval.

Train for realistic scams, not just obvious ones

Fraud awareness training can fail when it only shows clumsy examples. Staff need to see what a believable scam looks like: a supplier email with good grammar, a fake marketplace buyer who sounds plausible, an invoice that matches a recent order, or a call that uses publicly available company information. AI makes these details easier to assemble at scale.

A short quarterly exercise can be more effective than a long annual session. Pick one scenario: changed supplier details, a fake customer refund, a senior manager asking for gift cards, a recruitment scam, or a marketplace payment request. Talk through what the staff member should do, who they should ask, and what information should never be shared.

It is also worth reminding teams that a scammer may create pressure by using authority, urgency or embarrassment. The message may say a payment is confidential, a customer is angry, a deal will collapse, or a director is unavailable. A healthy business culture gives staff permission to pause.

Watch marketplaces, adverts and customer channels

UK Finance is calling for stronger responsibilities on online and telecoms firms, including action on fraudulent adverts and marketplace seller checks. SMEs should still protect themselves while that debate continues. If a business sells through marketplaces, uses paid social adverts, or relies on inbound leads, it should monitor impersonation and suspicious copycat activity.

That includes checking whether fake pages are using the company name, whether customers are being pushed to pay outside normal channels, and whether staff know how to escalate reports. For firms with a recognisable local brand, a copycat profile can damage trust even when the business itself has not been breached.

There is a customer-service angle too. If customers are regularly asked to pay deposits, settle invoices or confirm details online, make the legitimate route obvious. Use consistent payment instructions, warn customers that bank details will not change without a formal process, and publish a clear contact route for queries.

What to tighten this week

Small businesses do not need a complicated fraud programme to make progress. Start with payment approvals, supplier-detail changes, staff reporting routes and customer-facing payment instructions. Make sure at least two people know how to contact the bank quickly if a payment has gone wrong, and keep Action Fraud reporting details easy to find.

Owners should also review who can make payments, who can amend supplier records and who can access finance systems from personal devices. If an employee leaves, access should be removed promptly. If a supplier asks for a change, the verification step should happen before the finance record is updated, not just before the payment is made.

Finally, make fraud a standing management topic rather than an occasional scare story. AI will keep improving the appearance and timing of scams. The strongest SME defence is a calm, repeatable process that makes it normal to check before money or sensitive information leaves the business.

Sources

Sources: UK Finance, Fraud remains a national security threat as criminals steal almost £1.3 billion; Financial Conduct Authority, Warning List of unauthorised firms; UK Finance, AI and the future of fraud.

Related Posts

Pen-and-ink illustration of a small business owner checking payroll records at a desk, with a small tucked-away Union Jack as the only coloured element

HMRC minimum wage checks: what small employers should review now

HMRC has updated its employer factsheet on National Minimum Wage checks, making this a useful moment for small firms to review pay records, working time and underpayment risk.

Pen-and-ink illustration of a small business owner looking at supply chain boxes and a wind turbine plan, with a small tucked-away Union Jack as the only coloured element

UK-Japan investment deal: what SMEs should watch for

The UK-Japan investment package points to opportunities in clean energy, technology, infrastructure and life sciences, but small firms should watch for practical supply-chain routes rather than headlines alone.

Pen-and-ink illustration of a small shop owner reviewing a simple sales chart, with a small tucked-away Union Jack as the only coloured element

April GDP dip: what small businesses should watch now

April’s GDP dip is a useful prompt for small firms to check demand, cash flow and customer behaviour, especially in retail, services and local B2B markets.