the UAE ranks among the top five international destinations for stolen BEC funds, alongside the UK, Hong Kong, China, and Mexico
FBI IC3 business email compromise PSA · 2023 financial data
The UAE is one of the world's busiest cross-border payment corridors, which is exactly what makes it a magnet for payment fraud. These are the verified numbers from the UAE Financial Intelligence Unit, the FBI, and the region's banking surveys.
Last reviewed July 2026 · Every statistic card links to its source
estimated financial losses to fraud in the UAE, per the Financial Intelligence Unit's survey of 41 financial institutions (all fraud typologies, consumer and business)
UAE Financial Intelligence Unit, strategic analysis 2024 · 2021–2023
the UAE ranks among the top five international destinations for stolen BEC funds, alongside the UK, Hong Kong, China, and Mexico
FBI IC3 business email compromise PSA · 2023 financial data
of surveyed UAE banking fraud leaders estimate their institution's annual fraud losses above AED 18.3 million (USD 5 million)
BioCatch, 2026 UAE banking fraud survey · Published April 2026 (survey of 100 UAE bank fraud leaders)
the true cost to UAE organizations of every AED 1 lost to fraud, once investigation, labour, and remediation are counted
LexisNexis Risk Solutions, True Cost of Fraud (EMEA) · 2023 study data (published April 2024)
of surveyed UAE banking fraud, AML, and compliance leaders report increasing fraud losses at their institution
BioCatch, 2026 UAE banking fraud survey · Published April 2026
of surveyed UAE bank fraud leaders say their institution reimburses more than half of scam (authorized fraud) victims
BioCatch, 2026 UAE banking fraud survey · Published April 2026
surveyed UAE residents lost money to a scam in the past 12 months; the average resident encountered a scam attempt every three days
Global Anti-Scam Alliance, State of Scams UAE 2025 · 12 months to late 2025 (published January 2026)
of UAE scam victims fully recovered their losses; almost 60% of those who requested reimbursement received nothing
Global Anti-Scam Alliance, State of Scams UAE 2024 · 12 months to late 2024 (published November 2024)
of UAE organizations reported an increase in fraud over the prior 12 months
LexisNexis Risk Solutions, True Cost of Fraud (EMEA) · 2023 study data (published April 2024)
the Central Bank now requires banks to display the payee's name, account, and bank before a domestic transfer is confirmed, and to enable payee-name verification on Aani instant payments — consumer-facing steps, not a corporate confirmation-of-payee scheme
CBUAE Notice CBUAE/FCMCP/2025/3057 (text via Lexis Middle East) · Notice CBUAE/FCMCP/2025/3057, most requirements effective 31 March 2026
The UAE Financial Intelligence Unit's strategic analysis of fraud put estimated losses at AED 1.24 billion between 2021 and 2023, naming phishing, vishing, and business email compromise among the dominant typologies. The FBI adds an uncomfortable footnote: the UAE ranks among the top five international destinations for stolen BEC funds — money defrauded from businesses worldwide flows through accounts here.
The pressure is visible inside the banks. In a 2026 survey of 100 UAE banking fraud, AML, and compliance leaders, 58% reported rising fraud losses and 62% put their institution's annual fraud losses above AED 18.3 million. On the consumer side, GASA's research found one in three surveyed UAE residents lost money to a scam in the 12 months to late 2025.
For businesses the cost multiplies beyond the stolen dirham: LexisNexis puts the total cost at AED 4.19 for every AED 1 of direct fraud loss once investigation and remediation are counted, and 42% of UAE organizations reported fraud increasing year on year.
The regulator is moving — the Central Bank's 2025 fraud-control notice forces banks to show payee names before transfers are confirmed — but there is still no statutory reimbursement for authorized push payment fraud, and recovery rates are poor: in GASA's UAE survey, only 9% of scam victims fully recovered their losses.
Historically, a standard UAE bank transfer was processed on IBAN alone, with no beneficiary-name verification. That is changing: Central Bank Notice CBUAE/FCMCP/2025/3057 requires banks to display the payee's name, account number, and bank before a customer confirms a domestic transfer, and to provide payee-name verification on the Aani instant-payments platform — with most requirements effective 31 March 2026.
The scope matters: these are consumer-protection measures, not a UK-style corporate confirmation-of-payee scheme. Nothing in the current framework verifies a supplier's bank details on ordinary business-to-business transfers — that control remains the paying company's responsibility.
There is no statutory reimbursement for authorized fraud. Victims of BEC and invoice fraud have no legal right to be made whole, and in the 2026 banking survey only 26% of UAE bank fraud leaders said their institution reimburses more than half of scam victims. Complaints route through Sanadak, the Central Bank's ombudsman (free for consumers and SMEs), and banks must report fraud losses above AED 100,000 to the regulator.
The UAE economy runs on cross-border supplier payments — it is a re-export hub where paying a new overseas supplier by wire is routine. Yet ordinary IBAN transfers historically carried no name check, and the new Central Bank rules are consumer-facing. When a business pays a fraudster's account against a doctored invoice, the payment was authorized, and recovery depends on how fast funds can be traced.
The FBI's finding that the UAE is a top destination for BEC proceeds cuts both ways: the same mule-account infrastructure that receives foreign fraud money is available to target local businesses. And with finance functions of one or two people common in UAE SMBs, AI-polished vendor-impersonation emails land exactly where there is no second pair of eyes.
Verifying supplier bank details before payment is the one control a UAE business can deploy that the banking system does not provide for it. PayHQ makes that check systematic: every incoming invoice is compared against the supplier record you verified, and changed details are flagged before the transfer goes out.
The UAE Financial Intelligence Unit estimated AED 1.24 billion in fraud losses across 2021–2023, based on data from 41 financial institutions. Survey data suggests the pressure is rising: 58% of UAE banking fraud leaders reported increasing losses in 2026.
Historically no — transfers processed on IBAN alone. From 31 March 2026, Central Bank rules require banks to display the payee's name before a domestic transfer is confirmed and to enable name verification on Aani instant payments. These are consumer-facing measures; routine B2B supplier payments still depend on the payer's own checks.
No statutory scheme exists. A business that authorizes a payment to a fraudster has no legal right to reimbursement, and only 26% of surveyed UAE bank fraud leaders say their institution reimburses more than half of scam victims. Disputes can go to Sanadak, the Central Bank's ombudsman.
Two reasons: the FBI ranks the UAE among the top five international destinations for stolen BEC funds, and the economy's high volume of cross-border supplier payments means new-beneficiary wires are routine — the exact transaction BEC and invoice fraud exploit.
Every statistic on this page was checked against the named source in July 2026, and the figures quoted in the narrative come from the same verified set as the stat cards. Figures describe what each source measures — reported losses are not the same as total losses, and most fraud goes unreported. When a figure cannot be verified against a primary source, we remove it rather than keep it.
PayHQ checks every incoming invoice against your verified supplier records and flags changed bank details before the payment goes out.