Solutions to Protect Consumers from Fraud in Digital Finance

Executive Summary

Combating financial fraud, which comprises scams, has become a global priority. Fraud threatens financial stability by eroding consumer trust in financial service providers (FSPs). It also feeds money laundering, and it could reverse hard-won gains in financial inclusion by pushing people away from digital services. Finally, it raises significant consumer protection issues.

Fraud is a cross-sector and cross-border problem rising at unprecedented speed and scale. Several forces are driving this acceleration: the explosion of social media as a channel for scams, the use of generative AI (GenAI) by fraudsters, the increasing involvement of organized criminal networks, the rapid adoption of fast payments, and the rising use of consumer data in digital finance.

This paper presents a curated list of solutions that have shown some success in protecting consumers against fraud. Financial sector leaders need to consider these solutions in the context of a fast changing and broad ecosystem that involves data, telecom, cybersecurity, national security, and law enforcement authorities and stakeholders. Authorities could incorporate these solutions in a broader cross-sector national strategy to combat fraud.

A majority of the solutions use artificial intelligence (AI)-powered applications. Some solutions are regulatory and can be enacted directly by authorities. Others are technology based and fall to digital financial services (DFS) providers, fintechs, and market facilitators. A third category covers governance arrangements that define rules, roles, and responsibilities for all parties, often through collaborative approaches.

The following types of solutions are presented:

• I. Intelligence sharing and collaborative action: Governments and industry create hubs to share real-time intelligence and coordinate fraud responses across sectors.
• II. Detecting fraudulent advertising and fraud: Authorities, mobile network operators (MNOs) and internet platforms monitor and remove fraudulent promotions and block scam messages before they reach consumers.
• III. Telecom security standards: This solution describes upstream measures to secure communication networks that fraudsters use to initiate attacks.
• IV. User authentication: Stronger identity verification reduces account takeover (ATO) and onboarding fraud.
• V. Positive frictions for payment transactions: Deliberate pauses and checks give consumers time to reconsider risky transfers.
• VI. Behavioral biometrics and transaction pattern analysis: Banks and payment networks use real-time data on how users type, swipe, and transact to detect anomalies in milliseconds.
• VII. Fund recovery: Clear liability rules and cross-border coordination help return stolen funds to victims.
• VIII. Consumer behavioral campaigns: Education focuses on simple, repeatable actions rather than general awareness.

When integrating these solutions into the broader fraud landscape, policy makers and private sector leaders need to consider potential trade-offs. Nearly all solutions rely on consumer data, which raises privacy concerns, particularly for vulnerable groups. Aggressive antifraud measures can also inadvertently exclude consumers. Collaboration between competitors is essential but does not come naturally. AI is a powerful enabler but requires significant investments in capacity, especially in emerging market and developing economies (EMDEs). These tensions require conscious policy choices to align protection, privacy, financial integrity, and inclusion objectives and determine where to invest limited resources.

To better protect consumers against fraud, financial sector authorities will likely need to collaborate with other authorities and the government, as well as with the private sector and consumer groups, under some form of national anti-fraud & scam strategy that goes well beyond finance. Because fraud reaches across national borders, stronger cross-border collaboration is inevitable.

Global organizations, including the Financial Action Task Force (FATF), the Financial Stability Board (FSB), the Organisation for Economic Co-operation and Development (OECD), the International Monetary Fund (IMF), the World Bank Group (WBG), and the United Nations (UN), play an important role in fraud prevention by developing common principles and practical guidance for cross-border cooperation. The resources now available in EMDEs are grossly insufficient to protect consumers and the financial sector from fraud. Development agencies could play a critical role in developing low-cost, adaptable solutions that authorities and smaller providers in EMDEs can readily adopt.

Introduction

Imagine a world where everyone can use digital finance without fear in a way that improves their lives and financial health, with no fraud, scams, or loss of money. This publication aims to bring that world a step closer by providing a curated list of solutions¹ that show evidence of success in better protecting consumers against fraud.

Many countries are seeing financial fraud as a fast-growing threat that cuts across sectors and borders. Fraud is at the center of attention for several reasons: (1) fraud undermines financial stability because it erodes consumer trust in financial intermediaries and payment providers, which is a core concern for central banks and prudential regulators; (2) criminal activity related to financial fraud has increased exponentially in the past few years, exacerbating integrity concerns as illicit proceeds feed into money laundering and threaten the soundness of the financial system (Khiaonarong and Shanyuan 2026); and (3) fraud negatively affects financial inclusion by undermining consumer trust and erasing recent progress. This paper focuses on financial consumer protection aspects but acknowledges that these are not sufficient to eliminate the threat of fraud and scams and that other interventions (such as cybersecurity and the fight against crime) are essential. It also illustrates tensions between different financial sector policy and regulatory objectives.

With the acceleration of technology use in financial services such as artificial intelligence (AI) and the expanded use of consumer data trails, digital financial services (DFS) are reshaping the financial sector, broadening access and reducing consumer costs. At the same time, these DFS bring many new, nontraditional market actors into the value chain and customer journey that are increasingly outside the financial regulators' purview. Recent data and evidence show that DFS consumer risks are becoming more complex and growing rapidly, particularly fraud (including scams); see box 1 (Chalwe-Mulenga and Duflos 2026).

Protecting consumers from financial fraud requires action across the entire fraud chain, from prevention and disruption to recovery, and no single type of intervention is sufficient on its own. A critical starting point is having sound foundational frameworks in place: robust financial consumer protection, data protection, anti-money laundering/countering the financing of terrorism (AML/CFT), and cybersecurity regulatory and supervisory frameworks. At the same time, these interventions come with trade-offs such as the tension between fraud protection and data protection.

The solutions documented in this report can be applied at different stages of the fraud chain. They consist of regulatory requirements, technology-based tools, and multistakeholder collaborations. We have curated a list of 56 concrete examples of initiatives that have shown signs of success in protecting consumers from fraud based on publicly available information.

This report can be particularly useful for several groups: financial, data protection, and telecom authorities as well as DFS providers who are developing strategies and solutions to reduce fraud; other stakeholders in the digital finance ecosystem; and organizations working across sectors to reduce fraud. A recurring finding is that protecting consumers from fraud cannot remain within the boundaries of the financial sector: it demands coordinated action among financial authorities, telecom and cybersecurity regulators, law enforcement, DFS providers, consumer representatives, and market facilitators.

As described in Annex A, the global fraud landscape is diverse and complex, with many global organizations active in the fight against fraud. Some organizations, such as Standard-Setting Bodies (SSBs), develop norms for stability and cyber resilience, while others develop norms and standards for consumer protection or focus on law enforcement and AML. There are also several organizations that provide capacity to national authorities and global platforms that help fight fraud.

Within a country's DFS ecosystem, many actors can help protect consumers from fraud. Country-level stakeholders include the following:

• Financial sector authorities that oversee banking, payments, securities, insurance, and microfinance, as well as financial consumer protection bodies, alternative dispute resolution schemes, and financial intelligence units (FIUs).
• Nonfinancial authorities such as consumer protection, telecommunications, cybersecurity, data protection, AI, and competition authorities; law enforcement agencies; and ministries of the interior.
• DFS providers such as banks, insurers, fintechs, mobile network operators (MNOs), internet platforms, agent network managers, and industry associations.
• Consumer associations, advisory panels, consumer advisers and counselors, and journalists.
• Market facilitators such as payment networks, technology providers, app stores, e-commerce platforms, cybersecurity firms, regulatory technology (RegTech) companies, credit reporting agencies, and researchers.

Authorities with financial consumer protection (FCP) responsibility and other stakeholders struggle to keep pace with the fast growth of fraud, highlighting a need to develop solid regulatory and supervisory frameworks for consumer protection and data protection and to make existing FCP frameworks more proactive, strategic, holistic, and customer centric. In response, CGAP envisions a Responsible Digital Finance Ecosystem (RDFE) framework (Duflos et al. 2024) in which key ecosystem actors collaborate and build capability to strategically detect, prevent, and mitigate DFS risks (see figure 1). This approach safeguards consumers from potential harm, helps them recover lost funds, and ensures that DFS offer positive consumer outcomes. To implement this framework, CGAP is developing guidance and tools for FCP authorities and DFS providers that include a focus on better protecting consumers against fraud.

This report describes the nature, consumer benefits, and limitations of these solutions so that stakeholders can tailor them to their specific contexts. It does not provide detailed guidance on how to implement the solutions, how many resources they require, and how adaptable they are to other jurisdictions. We encourage readers to review and cross-check any outcomes associated with the initiatives they wish to explore further. Note that many of the solutions are AI powered, which requires organizations to have internal capacity to implement them.

We start with a short description of why the evolution of fraud makes it urgent to act to protect consumers' well-being. The list of solutions begins with those that involve significant collaborations, followed by those that prevent fraud, disrupt fraud, and aim to recover stolen funds.² Annex B provides a summary of initiatives described in the report, organized by type of solution and key stakeholder (for example, financial authorities and providers). The annex provides additional details of organizations leading each initiative, other partners, their operational model, and the technology used. Annex C provides seven additional solutions that are notable for their collaborative nature but for which we do not yet have evidence of impact. Finally, Annex D provides a typology of fraud.

The Need to Tackle Fraud in Digital Finance

In 2022, we conducted research on key risks for DFS users and found significant evidence that fraud was the fastest growing risk, often outpacing technology adoption (Chalwe-Mulenga et al. 2022).

The Scale of Fraud Continues to Grow

Numerous global reports indicate that the scale and complexity of fraud risks have increased. For example, the OECD (2026) reports a sharp increase in the share of jurisdictions whose authorities cite fraud and scams as one of the top three operating environment risks, and in 2025 fraud became the number one concern after ranking second in 2022. Further, the World Bank's (2025a) survey of financial sector authorities in 30 countries reported that 59 percent viewed fraud as the top consumer risk concern, with a comparable number citing supervisory challenges in addressing it. Similarly, a 2025 Mastercard survey of more than 13,000 consumers across 13 countries found that 80 percent had received a scam attempt (Hyman 2025).

CGAP and Innovations for Poverty Action (IPA) national surveys conducted between 2022 and 2025 also show widespread consumer exposure to fraud, with over 60 percent of DFS users receiving fraud attempts in Rwanda, Tanzania, Uganda, and Kenya (see figure 2). The surveys also highlight the financial impact on victims. For instance, in Rwanda, 15 percent of DFS users surveyed (representing 18 percent of those who received scam messages) lost money, while in Kenya, 14 percent did.

Moreover, some of the above surveys reveal that fraud victims not only lose money but also face non-monetary harms that can undermine their trust in DFS. In Kenya, Tanzania, and Uganda, DFS users who experienced a fraud attempt or lost money due to fraud tended to have lower trust in DFS providers (Blackmon et al. 2025a; Blackmon et al. 2025b; Blackmon et al. 2025c).

Fraud Is Becoming More Complex

Fraud is converging with other risks: Fraud, data misuse, and network downtime are closely linked with cybersecurity issues, as shown in figure 3. While cybersecurity aims to protect the confidentiality, integrity, and availability (the CIA triad) of information and information systems, cybercriminals seek to compromise them through disclosure, alteration, and destruction (the DAD triad). A cyberattack on a financial institution can cause system downtime and expose customer data, which may then be sold to criminals who use it to execute fraud. Criminals can also access data through social media or breaches of third-party providers (TPPs) and retail databases. When users face fraud, data compromise, or network outages, they may file complaints with FSPs or agents, but service disruptions and compromised data make transaction verification difficult, reducing the likelihood of fund recovery and complicating complaint resolution. In cases where DFS users are tricked by criminals to share sensitive information such as a personal identification number (PIN) or one-time password (OTP), it is difficult for DFS providers to help or trace illegal activity.

The convergence of fraud with other risks can drive over-indebtedness and worsen financial health, especially considering that digital financial literacy remains low globally, particularly among crypto users who often underestimate risks (OECD 2023, 2025a, 2025b). Low digital literacy weakens DFS users' responses to safeguards and warnings and contributes to harmful outcomes when compounded by low resilience and behavioral biases (OECD 2023).

Multiple forces are shaping how fraud emerges and spreads, making the interconnections between fraud, cyberattacks, and other DFS consumer risks increasingly complex.

AI amplifies fraud risks across multiple fronts: AI has lowered the cost and skill required to commit fraud through fraud-as-a-service models that comprise a dark web network selling tools and services that enable even low-skill actors to buy synthetic identities, mule accounts, and stolen personally identifiable information and generate polymorphic malware³ (LexisNexis 2026; Sumsub 2024). AI developments enable fraudsters to reach unprecedented speed, sophistication, and scale (Duflos 2025).

Identity fraud has surged and become more complex as generative artificial intelligence (GenAI) creates identities that interact with and adapt to verification systems in real time, making them harder to detect (Cloud et al. 2025).⁴ Based on Sumsub's global data, identity fraud attempts surged 700 percent between 2022 and 2025, while losses increased from 1.7 to 2.2 percent during the same time period.⁵ GenAI-related synthetic fraud also increased globally, accounting for 50 to 70 percent of credit fraud losses (Singh 2025). AI is now enabling advanced biometric and liveness attacks that bypass Know Your Customer (KYC) controls, especially in digital banks and microfinance institutions (Smile ID 2025).

Social media's growing role in fraud: With 5.66 billion people globally (93.8 percent of internet users) now using social media (DataReportal 2025), fraudsters increasingly exploit these platforms through fake profiles, deceptive advertisements, and impersonation of high-profile individuals. Interpol (2024) reports that platforms like Facebook, YouTube, Instagram, and Telegram are used to recruit human trafficking victims who are then coerced into perpetrating fraud, particularly investment and romance scams. These schemes are further amplified via AI-generated deepfake celebrities who promote casual, relatable content (International Organization of Securities Commissions [IOSCO] 2025; Mascellino 2025; Nosker 2025; Mustak et al. 2023). Across Europe, Revolut (2024) found that 61 percent of scams originated on Meta platforms, accounting for 37 percent of total scam losses.

Real-time payment (RTP) systems growing as a target for scams: While AI has increased the sophistication of fraud types such as account takeover (ATO) and authorized push payment (APP) scams, these schemes are more prevalent on RTP systems, which are exploited for money mule activity. In its global analysis, Outseer (2024) reports a 57 percent rise in money mule behavior on RTP channels globally in 2023.

Criminal networks are expanding into online financial fraud: Fraud is increasingly coordinated, carried out by networks that include knowingly or unknowingly recruited money mules (Interpol 2024). Organized crime groups are now using automation and AI to run large-scale fraud operations, even trafficking over 220,000 people into scam farms across Southeast Asia (World Economic Forum 2025).

Vast volumes of data flowing through TPPs pose additional risks: TPPs are central to digital finance through application programming interface (API)-based data exchange but are highly vulnerable to cyberattacks. Risks are heightened in open finance systems when TPP activities—especially "write access," where a consumer grants access to a TPP to initiate actions, execute transactions, or modify information—lack strong security controls (Mazer and Farrel 2025). As open finance expands globally, fraud via TPPs is expected to increase. IBM (2025) notes that TPP attacks surged within a year, becoming the second-most-common breach vector and taking the longest to detect and contain.

CGAP has been tracking consumer risks in DFS for many years, and risks have accelerated at a remarkable pace in the past three years. It is important for financial sector authorities to understand the nature and scale of fraud affecting consumers. Use of nationally representative surveys on consumers' experience can help authorities to (1) detect the types of fraud-related vulnerabilities, risks, and consequences that consumers face; (2) assess the frequency and magnitude of consumer-facing fraud risks; (3) obtain a baseline that helps them measure progress in reducing fraud risks; and (4) help design and plan interventions with other ecosystem actors. A range of well-tested market monitoring tools can also help authorities better detect and understand fraud (Izaguirre et al. 2022).

Solutions to Address Fraud Risks

These solutions represent interventions that authorities, providers, and other stakeholders can take at different stages of the fraud chain, from the preparatory steps that fraudsters and scammers make before committing fraud and during it to the hiding and channeling of fraud proceeds after fraud is committed.⁶

Some solutions are regulatory in nature and fully actionable by authorities. Others fall under the scope of DFS providers, fintechs, and other market facilitators, most of which are technology-based. Authorities also play a key role in engaging the industry and raising supervisory and regulatory expectations. Other solutions function as governance arrangements that set the rules for participation, define expectations, and assign stakeholder roles and responsibilities—core elements that lead to collaborative solutions. This section presents eight types of antifraud solutions across four domains: education, prevention, detection/disruption, and response/recovery (Financial Action Task Force [FATF] 2025; UNDP 2025).

"Intelligence Sharing and Collaborative Action" solutions exemplify how the RDFE framework's collaborative principles can be implemented to close information gaps that fraudsters exploit, improve analysis, and orchestrate multistakeholder interventions. This solution spans the four domains noted above by engaging multiple stakeholders either voluntarily, through regulatory mandates, or within government centers specifically created for this purpose.

Most solutions presented in this report fall under prevention. They aim to prevent fraud before it occurs, in the early phase of the fraud chain. These solutions address issues regarding telecommunications security standards, identity (ID) verification and authentication, fraudulent advertising, and intentionally slow transactions and impose limits on fast payment amounts. Other solutions under detection/disruption disrupt scams and fraud in progress by triggering warning messages, freezing funds, or blocking mule accounts; they disrupt fraud schemes by affecting their profitability and dismantling fraudsters' criminal infrastructure (for example, mule account networks and fraudulent websites). A third group of solutions, response/recovery, aims to reimburse consumer losses, coordinate enforcement actions, and reclaim assets after fraud has occurred. Finally, some solutions aim at educating consumers so that they can play a more proactive role in preventing and reporting fraud.

Solutions are not exclusive but highly complementary. Given the complexity and multisectoral nature of fraud, all stakeholders along the fraud chain must act; an increasing number of financial regulators around the world are issuing more comprehensive laws and developing multisectoral strategies and regulatory frameworks.⁷ For each type of solution, we have identified concrete examples of initiatives that have reported initial signs of success. Their description and evidence of impact are obtained from public sources. In the case of national authorities, these sources include reports, official public statements, regulations, and press releases from regulatory and supervisory authorities, levels of government, and enforcement agencies. Information from other stakeholders is obtained from reports, use cases, and data published on their websites. Information obtained from specialized analysts, news outlets, and consulting firms is corroborated against available information from original sources and solution partners.

I. Intelligence Sharing and Collaborative Action

Modern fraud exploits information gaps among banks, MNOs, big techs, TPPs, and authorities.⁸ The solutions we present aim to close these gaps by sharing intelligence and taking coordinated fraud prevention, detection/disruption, and response/recovery actions. Some jurisdictions create government anti-scam centers, which operate as central hubs that collect and analyze fraud data from disparate sources and coordinate actions. In other cases, collaborative actions operate by designing legal and technical frameworks that enable intelligence sharing among players from different sectors or by participating in flexible collaborative networks to exchange real-time risk signals and coordinate enforcement actions.⁹

Some initiatives are built for immediate, rapid response (minutes to hours) to stop live fraud. Other solutions function as long-term enforcement task forces whose primary goal is not only to coordinate a response but also to proactively investigate and dismantle entire fraudulent operations through coordinated raids, legal takedowns, asset seizures, and the recovery of funds.

(A) Government Anti-Scam Command Centers

National anti-scam command centers are centralized hubs where data and intelligence from disparate sources are combined, analyzed, and used to quickly disrupt fraud. They integrate the distinct capabilities, data, and legal authorities of different government bodies—such as law enforcement, financial regulators, and telecom regulators—with those of financial institutions and telecom providers and set up clear collaboration, intelligence exchange, and enforcement coordination protocols.

There is no single model for national antifraud centers, as each country adapts its approach to local needs. Malaysia and Indonesia have created centers focused on rapid action and fast fund recovery after a scam.

Examples of solution:

• Malaysia's National Scam Response Centre (NSRC), launched in 2022, brings together the National Anti-Financial Crime Centre (NFCC), Royal Malaysian Police (PDRM), Bank Negara Malaysia (BNM), and Malaysian Communications and Multimedia Commission (MCMC). When victims call 997, the NSRC coordinates an immediate response by tracing and freezing stolen funds, sharing information with police, and working with MNOs to block scam numbers. Its work is powered by the National Fraud Portal (NFP), led by BNM and PayNet, which supports real-time fund tracing across the industry using AI and machine learning (ML). Since integrating with the NFP, the NSRC has cut investigation times by 70 percent, raised case escalation by 41 percent, and increased fund-freezing success from 0.5 percent to 30 percent (BNM 2024; BNM 2025; FNA 2025). By Q3 2025, it had recovered RM 12.91 million and returned RM 1.99 million to victims.
• The Indonesia Anti Scam Center (IASC), launched in 2024, acts as a national coordination hub (Otoritas Jasa Keuangan [OJK] 2024). It shares consumer reports across OJK, Kominfo, and fintech industry groups and enables fast blocking of scammers' accounts, websites, and phone numbers. Since its creation, the IASC has blocked 415,385 accounts, secured Rp 511.1 billion, and returned Rp 161 billion to victims of scams (OJK 2026).
• Australia uses a proactive model focused on disrupting scams before losses occur. The National Anti-Scam Centre (NASC), created in 2023 by the Australian Competition and Consumer Commission (ACCC), is a national hub that brings together government agencies, banks, MNOs, and digital platforms. It breaks down data silos by using short-term "fusion cells" where experts from the ACCC, Australian Securities and Investments Commission (ASIC), industry, and platforms work together to analyze scam activity and coordinate fast disruption. A key feature is the Intel Loop, run with the Australian Financial Crimes Exchange (AFCX), which enables real-time intelligence sharing between banks, MNOs, and platforms. The NASC combines this industry data with scam reports from the public received via the ScamWatch public portal, to create a full picture of scam activity and act quickly. This model helped reduce national scam losses by 25.9 percent in 2024, contributing to a 17.8 percent drop in scam reports (NASC 2025a). Throughout 2024, the NASC referred over 8,000 URLs for takedown, preventing an estimated $A 36 million in losses. Agencies such as the Australian Taxation Office (ATO) now use NASC data to identify mule accounts involved in tax fraud (ATO 2025).
• India has adopted a technology-driven system suited to its digital payments landscape, where mobile numbers are widely used for unified payments interface (UPI) transactions.¹⁰ The Digital Intelligence Platform (DIP), led by the Department of Telecommunications, and in coordination with the Reserve Bank of India (RBI), the Indian Cyber Crime Coordination Centre (I4C), acts as a central hub that links telecom data such as fraudulent SIM cards, device IDs, and consumer reports of suspected scams or messages via Sanchar Saathi portal feature with financial data from banks and UPI providers. The system generates a Financial Fraud Risk Indicator (FRI) for each mobile number, and banks use this real-time rating to block high-risk transactions or freeze accounts before fraud occurs. According to India's Ministry of Communications (2025), since the FRI went live in May 2025, it has flagged 4,000 to 5,000 high-risk numbers each day and triggered the freeze of over one million bank accounts and wallets in the first three months. By October 2025, DIP had prevented 5.5 million risky transactions and helped avoid INR 2.28 billion in potential losses (Times of India 2025).

(B) Ecosystem Collaboration Frameworks—Multistakeholders

These solutions are public private and ecosystemic by design. They bring together authorities and digital finance players from banking, telecoms, technology, and law enforcement. In some cases, industry leads the work in partnership with regulators; in others, private sector coordination is driven by regulatory expectations for greater collaboration. The goal is not broad enforcement but a trusted framework that lets different sectors exchange real time intelligence and stop scams early, intervene during high risk payments, and quickly trace or freeze stolen funds.¹¹

Examples of solution:

• Stop Scams UK is an industry-led coalition that acts as a central coordination hub. It follows a "hub and-spoke" model, creating the legal and technical framework that links banks (such as Barclays, HSBC, and NatWest), technology firms (such as Google, Meta, and Microsoft), and telecom companies (such as BT and Vodafone). The Financial Conduct Authority (FCA) and the UK communications and data privacy regulators act as strategic collaborators. Information flows in multiple directions. MNOs report malicious calls and texts, tech platforms flag scam ads and fake profiles, and banks share data on fraudulent transactions. This joint intelligence allows quick action, such as banks freezing mule accounts identified through MNO data. A key feature is the 159 hotline, which connects users who receive suspicious calls directly to their real bank, cutting off scammers and giving MNOs data to block fraudulent numbers. Stop Scams UK efforts removed 50,000 harmful websites by October 2023 and identified more than 7,000 mule accounts by February 2024 (Stop Scams UK, 2023; Stop Scams UK, n.d.). The hotline's impact is clear, with daily calls rising to more than 1,300 and participating banks increasing from 9 in 2021 to 27 in 2025.
• In Asia, Hong Kong's Financial Intelligence Evaluation Sharing Tool (FINEST) is a public-private system that helps stop money mule account networks used to move scam funds. It is co-led by the Hong Kong Association of Banks, the Hong Kong Monetary Authority, and the Hong Kong Police Force (HKPF). FINEST works as a fast, secure channel rather than an analysis tool. Member banks identify high-risk or suspected mule accounts and immediately share this intelligence with all other participants. This coordination breaks down data silos and helps banks block illicit fund transfers before money is moved across institutions. FINEST launched as a five-bank pilot in June 2023, focused on corporate accounts, and expanded to ten banks by March 2025. HKPF (2025) reports that FINEST processed more than 580 intelligence reports in that time, helped disrupt multiple criminal networks, and supported the police-led Upstream Scam Intervention initiative, which stopped over 3,000 scams and saved HKD 199 million (about US$25 million). A more advanced version of the platform is planned for late 2025, including support for personal accounts.
• Singapore's ScamShield Suite is an integrated antifraud system led by the National Crime Prevention Council and the Singapore Police Force (SPF). The ScamShield app uses on-device AI to filter scam SMS messages and a police-managed blacklist to block fraudulent calls. Users can also report suspicious messages, calls, and links, creating an essential crowdsourced intelligence channel. The app connects to a 24/7 helpline (1799) for real-time checks and offers a direct link to major banks' fraud teams. An educational website and WhatsApp/Telegram alert channels add further layers of protection. Between March 2022 and October 2023, the ScamShield Suite flagged 5 million scam SMS messages and blocked 80,000 scam numbers (Ministry of Home Affairs, Singapore 2023). The system has logged 1.27 million checks and nearly 600,000 user reports and verified more than 230,000 suspicious WhatsApp messages and calls by June 2025 (Ministry of Home Affairs, Singapore 2025; SPF 2025). In Q1 2025 alone, users submitted 453,000 reports and helped block 14,405 scam numbers (ScamShield n.d.).
• Scam Signal in the UK fights APP fraud by giving FSPs a real-time risk signal before approving a payment. It was launched in 2023 through a collaboration between FSPs and all major UK MNOs, led by UK Finance and the Global System for Mobile Communications Association (GSMA), which supplied the Open Gateway API standard. Although not a government-run system, it was shaped by regulatory expectations for stronger industry cooperation. When a customer initiates a payment, the bank sends anonymized mobile network data to the MNO through Pay.UK. The MNO checks for risk factors such as recent SIM swaps or call forwarding and sends back a risk signal. FSPs then use this signal to approve, delay, or block the transaction. While system wide results are still emerging after a November 2024 rollout, a three month pilot led by Vodafone showed a 30 percent improvement in scam detection. In a case study, Telefónica (2025) reports that early adopters experienced up to a 41 percent drop in live scams and 44 percent fewer fraud losses.
• Globally active fintech BioCatch (2024b) helps stop illicit funds from reaching mule accounts by focusing on the risk of the recipient account. When a receiving account is flagged as high risk, this information is shared immediately with the sending bank, which can pause or block the transfer before the money leaves the account, even if the customer has been socially engineered. Covering more than 85 percent of Australia's banked population, the system scaled up in Q3 2025, analyzing over 180 million payments and detecting more than $A 60 million in attempted fraud (BioCatch 2025a). The network exhibits strong performance against social engineering scams, assessing payment risk in over 70 percent of cases before funds are transferred (FinTech Times 2025). Building on its success, BioCatch Trust Argentina launched in May 2025 in partnership with local banks and fintechs.
• Meta's Fraud Intelligence Reciprocal Exchange (FIRE) enables banks and Meta to share threat signals, such as fraudulent URLs, phone numbers, and email addresses. Financial institutions provide granular data that is analyzed using Meta's AI/ML, which recognizes scam behavior patterns, takes down linked accounts, and sends back aggregated intelligence to refine their internal models. The first pilot, developed in collaboration with Stop Scams UK (with NatWest and Metro Bank), removed approximately 20,000 Meta accounts (Meta 2024). In Australia, in partnership with AFCX, FIRE blocked 8,000 pages and 9,000 AI-generated celebrity scams across Facebook and Instagram (Taylor 2024).
• Beyond telecom and banking partnerships, the Global Signal Exchange (GSE)¹² initiative expands intelligence sharing into a truly multisector network. Launched in late 2024 by the Global Anti Scam Alliance (GASA) and the DNS Research Federation (DNSRF), it serves as a global hub for real time scam intelligence. The GSE connects more than 230 organizations across technology, telecoms, finance, cybersecurity, and government, allowing them to exchange a wide range of "threat signals." These include malicious URLs, scam domains, fraudulent IP addresses, fake social media profiles, scam posts, and compromised ad accounts. The platform uses AI to analyze incoming data and distribute actionable intelligence so participants can disrupt scams quickly. For example, Google uses GSE data to block dangerous URLs in Search and Ads, while Meta removes fraudulent pages and profiles across Facebook and Instagram. The GSE has grown rapidly; by December 2025, it had shared more than 500 million threat signals, up from 200 million in May 2025.

Other interesting collaborative examples are in development, leveraging federated learning technology, such as Swift-Google Cloud Federated Learning and Project AIKYA. Some regulators, in cooperation with other regulatory authorities, are developing comprehensive regulatory frameworks for scam prevention, such as Australia's Scam Prevention Act 2025 (Annex C).

(C) Coordinated Disruption and Enforcement Partnerships—Multistakeholders

These partnerships address the limits of slow legal processes and traditional institutional structures by bringing together government, law enforcement, and industry to close information and authority gaps that criminals exploit. Their purpose is to enable fast, coordinated action, such as removing malicious apps or blocking fraudulent accounts, to protect consumers from risks like predatory lending, data misuse, and crypto-phishing. They operate as flexible, operational frameworks that keep pace with rapidly evolving criminal tactics and strengthen collective defenses.

Examples of solution:

• India's Fintech Association for Consumer Empowerment (FACE), which coordinates a multistakeholder framework to fight fraudulent lending apps. FACE, now a recognized self-regulatory organization (SRO) for the fintech lending sector, gathers data on predatory practices and privacy breaches from its members and shares this intelligence with government partners: the Reserve Bank of India (RBI) for policy action, the Ministry of Home Affairs (MHA) for criminal investigations, and the Ministry of Electronics and Information Technology (MeitY) for removing harmful apps (FACE 2023). FACE also works with Google as a "priority flagger," enabling the rapid takedown of malicious personal loan apps from the Google Play store. Following an RBI whitelist of legitimate apps, more than 4,700 non compliant or fraudulent lending apps were removed from the Google Play store by August 2023 (Government of India, Ministry of Finance 2024).
• Another example of a public-private partnership is Canada's Operation Avalanche, a regulator-led initiative led by the British Columbia Securities Commission (BCSC 2025) designed to disrupt crypto scams known as "approval phishing," where victims are tricked into granting malicious smart contracts access to their tokens. The partnership brings together police, regulators, and private firms. Chainalysis acts as the technical partner by identifying compromised wallets on the Ethereum blockchain, and this intelligence is shared with cooperating crypto platforms such as Coinbase, Wealthsimple, and Kraken to help contact affected users. This coordinated approach allows teams to warn victims quickly and prevent further losses. In its first operation in March 2025, the team reached 89 victims and uncovered about Can$4.3 million in stolen crypto assets. The BCSC plans to make Operation Avalanche a regular part of its antifraud program.
• Indonesia's Satgas PASTI is a government-led partnership with broader enforcement powers. Launched in 2017, it is a multiagency task force led by OJK with participation from Bank Indonesia, the National Police, Kominfo, and other government bodies. Satgas PASTI has a wide mandate to eliminate illegal financial activities, including unlicensed lending, investment fraud, Ponzi schemes, and illegal crypto operations. The task force gathers intelligence through cyber patrols and public reports and then carries out a coordinated "ecosystem blockade": Kominfo removes the entity's online presence, OJK and Bank Indonesia freeze related accounts, and the police open criminal investigations. Its enforcement has been extensive. By May 2025, Satgas PASTI had shut down 13,228 illegal entities, including 11,166 online lenders and 1,811 investment schemes (OJK 2025).

Strategic Considerations and Potential Challenges

Intelligence sharing and collaborative action can be applied to most of the solutions described in this paper and have great potential due to their ecosystemic nature. There are also specific trade-offs and challenges. Data protection, privacy, and transparency trade-offs are key considerations for authorities and partners. It is important to ensure that the "scam signal" information shared among MNOs, banks, authorities, and big techs under these solutions is the "minimum necessary." Otherwise, there is a risk of violating privacy laws. Some initiatives use information on attempted and verified fraud reported by the public. In such cases, proactivity, timeliness, and the quality of consumer reports are essential, so education and consumer engagement efforts are integral to these initiatives.

important to ensure that the "scam signal" information shared among MNOs, banks, authorities, and big techs under these solutions is the "minimum necessary." Otherwise, there is a risk of violating privacy laws. Some initiatives use information on attempted and verified fraud reported by the public. In such cases, proactivity, timeliness, and the quality of consumer reports are essential, so education and consumer engagement efforts are integral to these initiatives.

In light of these examples, we see some potential challenges with these solutions:

• Effective cooperation: It is difficult to get direct competitors, such as banks, MNOs, and agencies with different mandates to share data in real time. Authorities can help actors to collaborate.
• Incomplete ecosystem participation: If major players do not participate, fraudsters shift activity to the "weak links."
• Technical interoperability and cost: Connecting legacy and modern systems, standardizing data formats, and maintaining real-time APIs for information sharing is complex and expensive, especially for smaller institutions.

II. Detecting Fraudulent Advertising and Fraud

This category of solutions includes initiatives to monitor fraudulent advertising, deployed by financial authorities as an integral part of their traditional market conduct oversight. It also includes initiatives that big tech platforms and MNOs implement for the detection and blocking of websites, fraudulent advertisements that circulate on their platforms, and scam messages and calls that use MNO networks, which prevent them from reaching the consumers and dismantling fraudsters operations.

(D) Monitoring Fraudulent Advertising by Authorities and Big Techs

Financial regulators are increasingly using advanced supervisory technology (SupTech) to proactively monitor social media and scan websites to identify misleading promotions, unlicensed advice, and investment scams. By leveraging AI and data analytics, this approach shifts oversight from reactive, complaint-based supervision to proactive, data-driven monitoring that detects and prevents consumer harm before it escalates.

At the same time, the increased use of digital platforms as enablers of digital fraud has led to growing regulatory pressure, pushing big tech platforms to shift from reactive moderation to preemptive verification and monitoring of financial services advertising content.

Examples of solution:

• As part of its data strategy, the UK's FCA (2022) monitors noncompliant financial promotions by regulated entities, investment scams, online fraud, and illegal advertising by unauthorized finfluencers. The FCA uses an automated system that scans hundreds of thousands of newly created websites each day, using advanced analytics and social media monitoring. This continuous cycle of scanning, analysis, warning, and disruption has significantly strengthened oversight. Website scanning increased from 100,000 per day in 2021 to 480,000 in 2024. Alerts for unauthorized firms and individuals rose 34 percent in 2022, reaching 2,240 alerts in 2024 (FCA 2024). Most notably, interventions to amend or remove misleading promotions increased from 564 in 2021 to 19,766 in 2024, and more than 1,600 illegal websites were blocked in 2024 alone. This intensified scrutiny has created a more hostile environment for scammers and finfluencers.
• In Australia, ASIC does more targeted monitoring than the FCA, concentrating on the most harmful forms of consumer abuse: investment scams and unlicensed financial advice distributed through websites and social media. Its model relies on continuous monitoring of online content—including discussions, advertisements, and posts—with a recent emphasis on finfluencers. To support this, ASIC uses advanced analytics, including trials of natural language processing (NLP) and machine learning (ML), to strengthen early fraud detection and improve oversight of online promotional activity. As of February 2025, ASIC had removed more than 10,000 fraudulent websites and investment scam ads (around 130 per week) (ASIC 2025). These enforcement actions are complemented by public guidance directed at finfluencers.
• Google confirms that financial advertisers are registered, for example, via the FCA Register in the UK or G2 Risk Solutions (G2RS) in Australia (ASIC), Singapore (MAS), and other markets, according to its Financial Services Advertising Policy (Google 2026a, 2026b).¹³ Google standardizes disclosures, restricts high risk products (for example, Contract for Difference (CFD) or crypto), and enforces its misrepresentation policy to counter AI driven deepfakes (Google 2024).¹⁴ At the same time, Google restricts advertisers' technical ability to target vulnerable groups or exclude protected characteristics (for example, "housing, employment and credit" in the US and Canada and "financial hardship" globally), removing the "perfect victim" from the scammer's reach (Google n.d. a; Google 2026a). Google reports that this multilayered approach has produced major results: 12.7 million account suspensions in 2023, 194 million blocked ads in 2024, and 700,000 accounts permanently removed, contributing to a 90 percent decline in specific scam reports.¹⁵

Another advertising detection solution is under development by the Commissione Nazionale per le Società e la Borsa (CONSOB), the Italian securities regulator, and Google, with a focus on investment advertisements. Regnology and the Gates Foundation have joined efforts to develop low-cost detection solutions for EMDEs' financial regulators (Annex C).

(E) Fraud Threat Detection and Spam Filtering by MNOs and Big Techs

MNOs, big tech platforms, and mobile phone manufacturers increasingly deploy AI/ML driven threat detection and spam filtering tools to detect and block fraudulent communications and phishing attempts. These solutions analyze behavioral and network patterns, flag risks in real time, and in some cases automatically block malicious content, thereby strengthening consumer protection and integrity across communication channels.¹⁶

MNOs use AI-powered solutions to detect and filter spam:

Examples of solution:

• Airtel evaluates sender behavior, message frequency, and geographic patterns in real-time—without reading message content—to detect suspicious SMS messages and calls employing an in house AI/ML system. Airtel's SMS Spam Alerts¹⁷ also checks URLs against a centralized blacklist and tags risky messages as "suspected spam" (Airtel 2025). When identifying a high risk URL, it blocks the domain and redirects users to a warning page. Between October 2024 and April 2025, Airtel reports flagging 27.5 million spam calls (≈1,560 per second), reducing spam volumes by 16 percent. Following its success in India, Airtel is expanding the solution to Nigeria, Uganda, Kenya, and 14 additional African markets.
• Viettel's AI "AntiSpam" analyzes call and SMS message patterns and reportedly blocked 15 million spam SMS messages in its first month of operation in Vietnam in 2020, contributing to a 32 percent decline in spam calls during the first semester of 2021 (BNews 2021; Viettel 2020). Viettel has since deployed the system in Cambodia (Metfone), Tanzania (Halotel), Myanmar (Mytel), Mozambique (Movitel), and Peru (Bitel).
• SK Telecom (SKT) provides real-time block of suspicious SMS messages and vishing alerts in South Korea (Korea Bizwire 2025). SKT deployed "AI Safe Block" through its AdotPhone dialer, powered by the AI security platform ScamVanguard, using a hybrid on-device/network model. The AI models are continuously updated with threat intelligence from SKT's network and crossreferenced with data provided by Korea Financial Security Institute. In its first month, SKT reported that it issued 190,000 warnings, and ScamVanguard now blocks over 1.3 million fraudulent calls or messages monthly. The Industrial Bank of Korea integrated ScamVanguard into its SurPASS system. The solution won the CES 2025 Best of Innovation–Cybersecurity award.
• KT Corporation's AI Voice Phishing Detection Service uses an on-device AI voice-to-text NLP to flag risky conversations in real time through the WhoWho caller ID app in South Korea. Within two months of launch (January 2025), KT reports preventing ₩16 billion in potential losses, achieving 90.3 percent accuracy on verified phishing calls (Chosunbiz 2025).
• Some operators instead use third party providers. In the Philippines, Globe Telecom automatically detects and blocks spam and scam messages, even with minor variations, by analyzing their structural and behavioral features. In partnership with Mavenir to deploy SpamShield, it uses advanced monitoring, adaptive analytics, and real-time AI/ML algorithms. Globe reports a 74 percent decline in bank related spam and scam SMS messages and a 44 percent drop in scam SMS messages reported by customers via Globe's portal in Q1 2024 versus Q1 2023 (Globe Telecom 2025).
• In North America and Europe, MNOs focus their AI/ML filtering systems on spam calls and voice phishing. Rogers (Canada) uses Hiya's Adaptive AI to analyze call origination patterns, velocity, and routing, alerting its users to possible scams (Rogers 2023). When Rogers identifies a call as suspicious, the feature displays a "likely spam" or "likely fraud" warning on the user's phone so that they can decide whether to answer or ignore the call. As of March 2023, Rogers reports that Spam Call Detect has flagged over 250 million spam or fraud calls during its first six months of implementation.

Big Techs using AI-powered solutions to detect and filter spams:

Big tech platforms integrate advanced AI to strengthen security and counter sophisticated social engineering and data theft tactics.

Examples of solution:

• A focused adaptation of Google's AI protection framework is employed at the core of the DigiKavach program, detecting and neutralizing fraud schemes—from predatory lending apps to payment scams. DigiKavach or "Digital Shield" is a multistakeholder collaboration between Google, FACE, and the I4C. Google's antifraud approach uses on-device AI to process transcripts and audio locally. Google ensures sensitive data remains on the device rather than the cloud, enhancing both privacy and security. In May 2025, Google upgraded Google Messages Spam Protection, using on device AI on Android phones to proactively flag scam patterns in SMS, MMS, and RCS. The Google Phone app dialer adds further protection through call screen and scam detection, offering real time transcription, automated hang-ups for confirmed spam, and interactive AI-based replies. Google is also piloting in-call protections for financial apps, alerting users when a banking app is opened during screen sharing with suspected fraudsters impersonating banks or government agencies. This work is strengthened by partnerships with FACE, which provides intelligence on predatory lending apps, and I4C, which supports joint threat analysis. Google reports that since late 2024, Google Play Protect has blocked nearly 60 million installation attempts of high-risk apps, neutralized over 220,000 malicious apps across more than 13 million devices, and Google Pay has generated over 41 million warnings to prevent fraudulent payments (Google 2025).

Strategic Considerations and Potential Challenges

Jurisdictions that have already put in place solid market monitoring will have an advantage in implementing these solutions. The surveillance of user communications and behavior raises data protection, privacy, and security considerations. For instance, as metadata contains signals about communication (for example, location, duration, and frequency), the analysis of metadata could be extended to other forms of surveillance. This means that having solid data protection regulation and enforcement will be essential in implementing such solutions. The effectiveness of this solution also depends on the awareness and proactiveness of consumers by reporting fraudulent communications and numbers and heeding the warning alerts issued by such applications.

In light of these examples, we see some potential challenges with this type of solution:

• Encrypted channels: Monitoring user communications often covers only the public channels, missing scams conducted in private or encrypted channels (for example, Telegram and WhatsApp).
• Resources: These initiatives are resource intensive and require advanced AI/ML models and skilled data scientists.
• Siloed and limited scope: Initiatives that operate only within one MNO network or channel (for example, SMS) have limited overall effectiveness.
• Third-party cooperation: The takedown of fraudulent and deceptive promotions and websites by platforms, hosts, and registrars requires close coordination between financial and telecommunications authorities.

III. Telecom Security Standards

The effectiveness of antifraud initiatives deployed by authorities, FSPs, and other participants in the digital financial ecosystem is enhanced by upstream measures designed to secure the primary channel that fraudsters use to initiate attacks: the telecommunication network. Mobile phones have made financial services widely accessible but have also become prime targets for fraud. A lost or stolen device poses a critical risk, as criminals can access banking apps and intercept SMS-based OTPs to steal money and personal information. These initiatives aim to secure mobile devices, curb the volume of fraudulent communications, and replace SMS-based OTPs with more secure user authentication methods.

(F) Telecom Security Regulations by Authorities

Telecom authorities have implemented regulations to secure devices, curb the high volume of counterfeit handsets, verify users, and police network traffic. Criminals no longer need to steal a physical phone; SIM swap attacks allow them to hijack a user's number and digital identity, making device blocking measures insufficient. In response, regulators have increasingly adopted mandatory SIM registration laws as a response to modern fraud risks. Now implemented in around 150 countries, these laws aim to link mobile numbers to verified identities to curb the anonymity of prepaid SIM cards. However, their effectiveness relies on mobile operators' practices, systems, and ID security standards (GSMA 2024). Identity verification practices by some MNOs will require major improvements to prevent criminals from impersonating legitimate subscribers during SIM swap attempts.

Examples of solution:

• While International Mobile Equipment Identity (IMEI) blacklisting is a core tool for disabling stolen phones, India's Department of Telecommunications (DoT) has extended its use to direct FCP through the Central Equipment Identity Register (CEIR).¹⁸ This centralized system—part of the Sanchar Saathi portal—moves beyond theft deterrence to active fraud prevention by giving users two capabilities: a public portal to block their own devices and an automatic tracing function that alerts law enforcement when a new SIM is inserted into a blacklisted phone. Since CEIR's nationwide launch in May 2023, more than 3.9 million stolen phones have been blocked and 2.4 million traced as of October 2025. Of the traced devices, over 628,200 were recovered, a 26.3 percent recovery rate. CEIR has had a direct impact on reducing fraud within India's rapidly expanding UPI ecosystem, where stolen phones are a primary vector for intercepting SMS OTPs used to authorize transactions.
• Some regulatory approaches now target network level traffic, recognizing that even verified users on secure devices remain vulnerable to fraudulent communications. Singapore's mandatory SMS Sender ID Registry (SSIR), launched by Infocomm Media Development Authority (IMDA) in January 2023, combats SMS phishing by requiring organizations to register official alphanumeric sender IDs (for example, "DBSBank"). This creates a centralized whitelist, ensuring that messages from unregistered IDs are automatically flagged as "likely SCAM," giving consumers real time warnings across all commercial SMS messages, including OTPs and alerts (IMDA 2022). Despite a 10.6 percent increase in total scam cases in 2024, SMS based scams fell sharply—from 2,625 cases in 2022 to 1,285 in 2024 (ScamShield 2024). While multiple factors contributed to these results, the SSIR is widely considered a central driver of this decline.
• The STIR/SHAKEN framework (FCC 2025), launched by major carriers in the US and mandated by the TRACED Act (Telephone Robocall Abuse Criminal Enforcement and Deterrence Act), combats illegal caller ID spoofing and robocalls. Led by the Federal Communications Commission (FCC), it enables MNOs (and fixed-line providers) to verify that the caller ID information transmitted with a call matches the caller's real phone number. The framework categorizes the call into three attestation tiers, and the lowest-trust calls may be labeled as "spam likely" or "unknown caller" or blocked. The framework is also implemented in Canada. In 2025, the FCC removed over 1,200 noncompliant providers, disconnecting them from the national network for failing to meet authentication standards (FCC 2025a).
• Another example of a comprehensive telecom regulation is Australia's Reducing Scam Calls and Scam SMS Industry Code, effective since 2022 (Australian Telecommunications Alliance [ATA] 2022). Enforced by the Australian Communications and Media Authority (ACMA), the code obligates operators to proactively disrupt fraud by monitoring networks, blocking suspicious calls and SMS messages (for example, short duration, high-volume calls, or abnormal routing), sharing threat intelligence, verifying sender IDs to prevent impersonation, and providing clear tools and guidance to consumers. By mid-2025, Australian telecom providers had blocked over 2.6 billion scam calls and 936.7 million scam texts (ACMA 2025). This proactive blocking contributed to a 13.1 percent reduction in scam losses in 2023 and a further 25.9 percent decline in 2024 (NASC 2025b). While part of a wider national strategy, the code remains a central mechanism for preventing scammers from reaching potential victims.

(G) API-Enabled Network Security Architecture by MNOs

These initiatives aim to replace vulnerable SMS based OTP authentication with a model that uses the mobile network itself as a real time security source. Enabled by the GSMA Open Gateway initiative,¹⁹ this approach relies on an API programmable architecture that queries the physical network—difficult for fraudsters to spoof—to generate dynamic risk signals. Instead of exposing raw user data, the system returns indicators such as SIM swap status, device integrity, and geospatial proximity, allowing financial institutions to run high security checks in the background and maintain a seamless user experience while reducing transaction abandonment.

Examples of solution:

• Itaú Unibanco implemented a SIM-swap initiative in Brazil, developed by Vivo (Telefónica 2025, n.d. a, n.d. b) under the GSMA Open Gateway framework, with participation from Claro and TIM. The system allows Itaú to instantly query any participating MNO to determine whether a SIM was recently changed, an important fraud signal, in which case the bank can block the transaction or require additional verification. This multioperator collaboration is essential because Itaú's customers span all three networks. Since its launch in December 2023, the SIM-swap solution has scaled rapidly. Itaú reports over five million validations per month by April 2025, reducing identity-validation costs by 15 percent and improving customer-analysis efficiency by 10 percent, enabling faster approval of legitimate transactions and more accurate fraud detection.
• Safaricom, Kenya's largest MNO, provides banks with a suite of antifraud APIs to combat account takeovers through SIM swap checks. Safaricom expands programmable security further by exposing location-based APIs to prevent remote withdrawal fraud (Safaricom 2023). The automated teller machine (ATM) vicinity-check API uses cell tower data to confirm that a customer's phone is physically near the ATM during a withdrawal, blocking the transaction when the locations do not align. By combining SIM swap and location signals, as of November 2024, its API suite reduced malicious SIM swap fraud to just 40 cases per 750,000 swaps (approximately 0.0053 percent) (Lawi 2024). These APIs have also contributed to an 87 percent reduction in social engineering scams in 2025 by serving as the operational layer through which banking partners apply Safaricom's AI-driven fraud-detection framework (Safaricom 2025).

Strategic Considerations and Potential Challenges

These types of solutions require both regulatory and technical enhancements. The role of regulators in requiring more security is essential. At the same time, MNO responsibilities (and limitations) in detecting scams and fraudulent communications and protecting consumer privacy, are key considerations for these initiatives. Cross-sectoral coordination between financial and telecommunication authorities is essential.

In light of these examples, we see some potential challenges with this type of solution:

• Fragmentation: Bilateral solutions (such as Vivo/Itaú) do not cover entire customer bases, requiring banks to maintain multiple vendors and build separate API integrations with each MNO.
• Usability barriers: In India, for example, the CEIR framework faced challenges ensuring that large numbers of users are capable of following the multistep process required to block a lost or stolen phone.

IV. User Authentication Solutions

With fraud risks escalating across digital finance, secure authentication is now a foundational defense rather than an optional safeguard. Regulators and FSPs are implementing stronger verification rules to prevent the creation of mule accounts and ATO fraud and ensure that only legitimate users access financial services. The following measures demonstrate how financial authorities and the industry are advancing multifactor and biometric authentication to protect consumers and reinforce trust in digital ecosystems.

(H) User Authentication Regulations by Authorities

Regulations that mandate strong verification and authentication are central to preventing unauthorized account access and ATO fraud. These frameworks create a more secure digital identity layer for users and also help prevent the creation of fraudulent mule accounts, which remain a major laundering risk in both bank and nonbank agent models.

The financial sector is rapidly adopting biometric authentication due to its security and convenience advantages. Many countries are developing digital ID and eKYC frameworks, assessing the right balance between security, privacy, and exclusion risks. Approaches vary among jurisdictions. For instance, the European Union (EU) treats biometrics as one component within a broader, multilayered security model, while jurisdictions such as Singapore, Vietnam, Thailand, and Pakistan have taken a more prescriptive approach by mandating biometric checks for higher-risk digital activities.²⁰

Examples of solution:

• Europe's strong customer authentication (SCA) requirements were introduced in 2019 and led by the European Banking Authority (EBA) and the European Commission under PSD2 (EUR-Lex 2018). SCA requires multifactor authentication for most user-initiated electronic transactions, using at least two factors: something the user knows (such as a password or PIN), something they have (such as a mobile device), or something they are (such as a fingerprint or facial recognition). Supported by industry 3 D secure protocols and the EMV 3D secure upgrade,²¹ SCA has significantly reduced fraud. During its initial rollout (2020–21), it reduced the value of fraudulent remote card payments by 40 to 60 percent. Fraud rates for card transactions are also ten times higher when one party is outside the European Economic Area (EEA) where SCA is not required (EBA 2024a, b).
• The State Bank of Vietnam (SBV) implemented mandatory biometric solutions requiring live facial scans and liveness detection²² for a wide range of high-risk digital activities. These include identity verification on new devices and authentication for high-value transfers and large commercial payments. Introduced in 2024, the measure aims to curb widespread online fraud and the growing use of rented or stolen identities to create mule accounts within the DFS agent network. The system cross-checks live biometric data against government records in the national population database, using either ID card chip reading, the VNeID digital identity app, or in-person verification for foreign nationals. By August 2025, the nationwide biometric mandate for all financial accounts removed nearly 86 million dormant or fraudulent accounts, contributing to a 59 percent drop in individual fraud and theft cases and a 52 percent reduction in mule accounts, significantly disrupting illicit fund flows (Vietnam Investment Review 2025; Vietnam+ 2025).

(I) Identity Verification and Biometric Authentication by FSPs and Fintechs

FSPs invest in biometrics to reduce onboarding fraud, prevent account takeovers, and enhance overall authentication security.²³ Most embed biometric tools directly into their mobile apps through specialized vendors.²⁴ Digital credit providers have been implementing biometrics as part of their multifactor authentication, largely during onboarding, loan applications, disbursements, and repayments (Izaguirre et al. 2025).

Examples of solution:

• Wema Bank in Nigeria adopted Daon's facial biometrics in 2024 after substantial SIM swap and phishing losses (Daon 2024). Integrated into the bank's ALAT app, the system uses passive 3D liveness detection and matches users against Nigeria's bank verification number database. According to industry reports, it reduced SIM swap and phishing fraud by 89 percent in early 2024 and lowered related support costs by 22 percent (Corbado 2025).
• BBVA Mexico leverages their Veridas proprietary onboarding service that uses identity document capture and video-passive liveness detection. Beyond onboarding, Veridas voice biometrics implement a "proof of life" system for over 140,000 pensioners, enabling secure, passive authentication via phone. The solution had a reported greater than 95 percent success rate in a case study, replacing high-friction branch visits for both initial identity validation and ongoing benefit disbursements (Veridas 2022).
• Smile ID helps address Africa's identity fragmentation by using its SmartSelfie technology to perform AI face matching, liveness detection, and digital document verification across 52 countries, with direct API integrations to more than 15 government authorities. Smile ID acts as an identity middleware by connecting directly to government databases to validate biometrics and ID data. Nigeria's Paga reported a 40 percent reduction in identity-related fraud and a drop in onboarding time from two hours to between seven and nine minutes after adopting Smile ID's liveness checks (Smile ID 2024b). Recognizing its regional importance, Mastercard partnered with Smile ID in a two-phase initiative starting in 2024, integrating its verification technology first into the merchant digital onboarding program and later expanding to broader consumer KYC across Mastercard's digital platforms (Mastercard 2025a).
• Following a similar focus on regional identity challenges, Advance.AI automates eKYC across Southeast Asia using proprietary optical character recognition (OCR) optimized for local ID formats. Its AdvanGuard engine reads national IDs such as the Vietnamese Căn cước công dân (CCCD) and Thai national ID and validates extracted data in real time against government databases like Indonesia's Dukcapil.²⁵ Liveness detection analyzes 3D facial depth and reflections to prevent spoofing by photos or masks. In Indonesia, Allo Bank reports onboarding more than 750,000 customers in a three-day event with an 80 percent success rate and verification speeds 50 percent faster than competitors (Advance.AI 2023). In Thailand, MONIX integrated Advance.AI into its FINNIX lending app to deliver its "five-minute loan," achieving rapid growth supported by 99 percent facial biometric accuracy and improved protection against spoofed or tampered IDs or 3D masks (Advance.AI n.d.; Monix n.d.).²⁶
• Unlike previous initiatives focused mainly on verification, Mastercard's global Biometric Checkout Program serves as an ecosystem-level governance and risk framework, setting strict standards that allow multiple biometric vendors to interoperate while decoupling biometric matching from payment authorization to limit data liability exposure (Mastercard 2022). Designed to standardize biometrics as a universal payment method, the program enables consumers to pay with facial or palm recognition (with a smile or a wave) (Mastercard 2023a). Early pilots in Brazil showed strong results: zero chargeback disputes or false positives, a 95-percent approval rate, 76-percent customer recommendation, and a 10-percent increase in average transaction value (Mastercard 2023b).

Strategic Considerations and Potential Challenges

While there are many promising solutions relating to user authentication, especially with AI advances, security, data privacy, and user experience are strategic considerations that authorities and providers need to balance. In many low-income and EMDE countries, the adoption of biometric authentication solutions may increase the risk of exclusion. Biometric data cannot be "reset" if compromised. In this context, weak cybersecurity frameworks may erode trust in the solution and adoption. Such solutions require solid data protection regulations and enforcement.

In light of these examples, we see some potential challenges with this type of solution:

• Algorithmic bias: Facial recognition algorithms may perform unevenly across demographics, risking false rejections or false acceptances.
• Dependency on government databases and infrastructure: The reliability of identity and biometrics cross-check with national identification databases depends on stable government systems and fast communications. Outages and slow communication networks can lead to high latency and service interruptions.
• Friction and user experience: Multifactor steps and live biometric scans may be affected by poor lighting, dirty lenses, or fingerprint and palm issues, which often cause authentication errors.

V. Positive Frictions for Payment Transactions

This section presents a set of "positive friction" solutions—both regulatory and industry driven—that deliberately slow or verify digital payments to prevent fraud. These include regulatory mandates such as name matching rules, cooling off periods, device restrictions, and locked fund features, as well as industry-led payee verification tools. Together, these interventions introduce intentional checkpoints into high-risk transactions to stop scams, misdirected payments, and unauthorized fund transfers before they occur.

(J) Positive Frictions Regulations by Authorities

Positive friction rules slow down digital payments to reduce fraud by adding mandatory pauses or verification steps. These "cognitive breaks" help prevent APP scams and accidental transfers by giving users time to reconsider before authorizing a transaction. Even when an account is compromised, such measures can stop fraudsters from instantly emptying funds.²⁷

Examples of solution:

• In the UK, to combat APP fraud and accidental transfers, the confirmation of payee (CoP) service—led by the Payment Systems Regulator (PSR)—checks the recipient's name against financial-provider records in real time, enabling users to act on a "match" or "no match" warning (FCA 2018). CoP has reversed a decade of rising fraud: by 2024, APP fraud fell, over 99 percent of Faster Payments were protected, 1.9 million checks occurred daily, and misdirected payment claims dropped 53 percent, underscoring CoP's dual effectiveness against both fraud and user error (Pay.UK 2024a, 2025). External reports also show declines of 30 to 32 percent across several scam categories (Finextra 2025). Inspired by this model, the EU is rolling out verification of payee (VoP),²⁸ and India's VerifyUPI ID applies the same principle by requiring users to confirm the recipient's name before entering their PIN.
• Another antifraud approach introduces mandatory delays for high risk actions. These "cooling off" periods give legitimate users time to respond to alerts and prevent the misuse of compromised data. BNM combines a 12 hour cooling off period with a single device rule to protect against account takeovers (BNM 2024a). When a fraudster attempts to register a new device or raise transaction limits, the delay blocks transfers and gives the real user a chance to intervene. This model is strengthened by pairing the cooling off period with a kill switch that lets customers immediately suspend digital banking access and block outgoing transactions. Because reactivation requires high friction steps—such as branch visits or enhanced eKYC—scammers cannot reverse it. These measures collectively led to a 52 percent drop in fraudulent unauthorized transactions involving malware and phishing in 2024, enabling the industry to prevent over RM 399 million (about $US95 million) in attempted fraud.
• Steered by Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS), Money Lock allows users to secure a portion of their funds from digital transfers (MAS 2024b). Activated digitally, customers choose the amount to "lock," which remains visible and interest bearing but cannot be moved through mobile or online banking—even if a scammer controls the device—requiring in person unlocking at a branch or ATM. Although not mandated, MAS supported its rollout and monitored adoption to help banks meet Shared Responsibility Framework (SRF) obligations. By mid-2025, Money Lock had 370,000 users and safeguarded over S$30 billion, more than triple the previous year (MAS 2025). Its success has encouraged Malaysian banks to introduce similar features, viewed as more reliable for asset protection than the reactive kill switch.

(K) Industry-Led Payee Name Verification by FSPs

The initiatives in this section are proactively driven by the industry, in contrast with those reviewed earlier where the regulator was a driving force.

Example of solution:

• A leading industry-led solution is the IBAN-Naam Check, introduced by Rabobank in 2017, well before UK or EU mandates. The system compares the payee's name with their IBAN in real time and returns a "match," "close match," or "no match." Within nine months of launch, Rabobank reported a 70 percent drop in invoice fraud and a 50 percent reduction in misdirected payments. The service, now operated globally by Surepay, supports CoP mandatory implementation in the UK and the EU's upcoming VoP regulation (Surepay 2020). In the UK, Lloyds Banking Group saw a 30 percent decline in bank-transfer scams after adopting Surepay's technology, and Surepay reports a 67 percent reduction in incorrect payments across banks, companies, and government agencies in the Netherlands.

Strategic Considerations and Potential Challenges

Friction and delays in legitimate transactions are critical in a digital finance sector where transactions occur instantaneously, but they can lead to customer frustration and dissatisfaction. Achieving the right balance between benefits and frictions that consumers would perceive as a result of these initiatives by authorities and providers is a key consideration. Customer education and proactive communication are important pieces to ensure consumers understand the benefits of enhanced security.

In light of these examples, we see some potential challenges with this type of solution:

• Technical and operational complexity: Implementation requires significant investment in interoperable information technology (IT) infrastructure and standardized processes across the industry.
• Warning fatigue: Payee name verification solutions can face challenges in the case of joint accounts or business accounts with multiple trading names, as well as the use of nicknames. These cases often trigger "no match" warnings. Users can become desensitized to these alerts, treating them as a routine obstacle, reducing the overall effectiveness of such solutions.

VI. Behavioral Biometrics and Transaction Pattern Analysis

This solution category uses behavioral biometrics, such as how a user types, swipes, or holds their device, and transaction pattern analysis to provide continuous, real-time, frictionless fraud defense. By profiling normal user behavior, these tools detect anomalies such as midsession account takeovers or unusual payments. They have been historically deployed by banks and other loan platforms to detect loan application anomalies and suspicious repayment patterns (Izaguirre et al. 2025).

These techniques are now rapidly expanding to payment processors and switches, since the rise of instantaneous and irrevocable payments has eliminated the "clearing window," requiring fraud detection within milliseconds. Combined with rising institutional liability, especially for APP fraud, this shift is driving processors to evolve from simple routing platforms into centralized intelligence hubs that apply behavioral biometrics and transaction analytics across the network.

(L) Behavioral Biometrics and Transaction Pattern Analysis by FSPs

These initiatives show that, regardless of size, all entities analyzed now use AI driven behavioral biometrics and real time transaction pattern analysis to move from simple identity verification ("Is this the correct password?") to intent verification ("Is the user acting under pressure?"). Large global banks often adopt vertical or orchestrator models that they build and customize internally, while regional and smaller banks typically rely on vendor led solutions tailored to their specific fraud risks.²⁹³⁰

Examples of solution:

• Brazilian digital bank Digio adopted the Fair Isaac Corporation (FICO)-integrated fraud prevention suite to improve fraud detection in its credit card business. The system combines the AI engine, which scores transaction risk in milliseconds by analyzing transaction patterns with automated two-way customer engagement to confirm suspicious activity. FICO (2021) reports that Digio doubled its detection rate to 60 percent and increased customer contact to 72 percent, above market averages. Another case study of an anonymous Brazilian digital bank reported an 87 percent drop in Pix fraud and an increase in customer-contact success from 23 percent to 96 percent after consolidating its fraud systems (FICO n.d.).
• AmBank, one of Malaysia's main financial groups, partnered with GBG to introduce a unified fraud management and endpoint protection from cyber threats platform that secures onboarding, transactions, and device activity (GBG, n.d.). During onboarding, the system checks applicant information against external data sources to prevent identity fraud. During live sessions, it monitors transaction patterns and behavioral signals, such as typing or mouse movement, device details, and other events, like login attempts, to detect suspicious activity. This approach allows AmBank to block fraud across all its digital channels. GBG reports that the bank has prevented more than RM 22 million in potential application fraud and RM 2.7 million in digital transaction fraud since 2019. With a false positive rate below 4 percent, the system helped raise customer satisfaction.

(M) Behavioral Biometrics and Transaction Pattern Analysis by Payment Networks

Payment networks, unlike individual financial institutions, can analyze transactions across all participating banks. This network-wide view lets them trace fund flows and identify mule networks, circular trading, and sudden spikes in activity that a single institution would not see. By embedding this intelligence into their platforms, processors detect whether a transaction is from a remote attacker or a coerced user and flag anomalies based on ecosystem-wide patterns rather than on isolated data.³¹

Examples of solution:

• Elo, a Brazilian domestic card network, adopted Feedzai's AI platform for real-time fraud prevention (Feedzai 2024). The solution builds behavioral and transaction profiles to detect anomalies and provides continuous network-wide risk scoring. Its platform as a-service model lets issuers set their own fraud rules and thresholds while benefiting from centralized analytics. According to Feedzai, one card issuer reported a 90-percent reduction in fraud between Q1 2023 and Q1 2024, and the platform improved approval rates and lowered false positives.
• In Spain, Payguard is a centralized hub run by Iberpay that aggregates real time transaction data from more than 70 banks. This allows it to identify mule networks, score each transaction in real time, and share confirmed fraud instantly so all banks can block high risk accounts. Payguard reports that 52 percent of its alerts, previously unknown to the banks, were confirmed as fraud, and another 20 percent provided useful intelligence for improving the models (Iberpay 2025).
• Mastercard TRACE was launched in the UK in 2018 with Pay.UK and expanded to the Asia Pacific region in 2025 through a partnership with BancNet InstaPay. TRACE is a centralized intelligence layer that aggregates transaction data across the payment system to detect money mule activity in near real time and alert financial institutions so they can stop fraudulent transfers (Vocalink Mastercard 2018). Since launch, Mastercard TRACE reports it has grown to cover 90 percent of the UK Faster Payments network across 21 institutions, identifying more than 574,000 matches worth £974 million by late 2023 (UK Parliament 2023). In the Philippines, the system is already flagging over 100 potential mule accounts each month (Business Times 2025).
• EBA CLEARING, the payment infrastructure provider for the SEPA, has introduced a Europe-wide fraud-detection layer by embedding a centralized intelligence system directly into SEPA payment rails.³² Launched in 2024, the Fraud Pattern and Anomaly Detection (FPAD) system uses a networkwide view of billions of transactions to spot high-risk patterns, such as multiple small accounts sending funds to a single mule account. Payment service providers can query the central risk engine in real time and receive instant alerts before authorizing payment.³³ EBA CLEARING reports that early adopters experienced a 35-percent drop in overall fraud, with one bank reporting a 37-percent reduction in fraud losses within 10 months (Flow 2024). By March 2025, FPAD covered more than 100 institutions, representing about two-thirds of the SEPA market.
• Visa Protect for account to account payments (A2A) is a global AI driven fraud detection system that operates across multiple payment networks, independent of Visa's own card rails. It brings together real time transaction data from participating banks and payment service providers to create a network wide view, using deep learning models to generate instant risk scores so institutions can block suspicious transfers before funds settle. Launched in the UK in May 2024 and now live in Argentina through COELSA, with pilots underway in Brazil's Pix, the solution is expanding to ten more real time payment systems. In the UK pilot, Visa Protect reports it has identified 54 percent of fraudulent transactions missed by banks' existing systems, improving fraud detection compared with a 40 percent pilot average, and potentially preventing £330 million in annual APP losses (Pay.UK. 2024b; Visa 2024). In Argentina, Visa reports the solution has achieved fraud capture rates of up to 73 percent.

Another interesting initiative in development is Tazama, a low-cost customizable utility for national payment switches and regulators (Annex C).

Strategic Considerations and Potential Challenges

Behavioral metrics may keep away many fraudsters, but behavioral and transactional data can be sensitive, so implementation of this solution requires careful consideration of AI explainability and data minimization requirements. Financial exclusion risks could be heightened in largely underserved population segments, with most users having little or no transaction history.

In light of these examples, we see some potential challenges with this type of solution:

• Complex integration and explainability: FSPs using multiple third party systems may struggle to combine different risk scores smoothly and comply with explainable AI requirements.
• Data integration issues: These systems require fast, real-time data from many sources. FSPs are restricted from sharing data with other FSPs or other sectors, which slows down or blocks information flow.
• High costs and talent needs: These platforms are expensive to build and maintain, and they require skilled data scientists and fraud analysts.
• Siloed and limited scope: Initiatives that operate only within one FSP or payment network have limited overall effectiveness.

VII. Fund Recovery

These solutions aim to minimize the financial losses that consumers may experience due to fraud. Some of them set rules defining the obligations of participating actors in a transaction, making them financially liable for their share of consumer losses. Others set up agile cooperation frameworks and mechanisms that allow the freezing and recovery of stolen funds across national borders.

(N) Shared Liability and Reimbursement Regulatory Frameworks by Authorities

This emerging category of regulation shifts the primary burden of responsibility from consumers to other actors in the digital ecosystem, such as banks and MNOs, thereby making them financially liable for fraud losses. Regulations assign clear duties and accountability for different actors. These rules incentivize investment in security technologies by MNOs and banks and establish a clear path for consumer recourse and reimbursement, enhancing consumer protection.

Examples of solution:

• To protect consumers from APP fraud, the UK PSR introduced a mandatory APP scams reimbursement requirement, in October 2024, replacing the earlier voluntary Contingent Reimbursement Model (CRM) Code (PSR 2025b). Under the new rules, victims are entitled to refunds of up to £85,000, with losses shared equally between the sending and receiving payment providers. Reimbursement must be made within five business days, and exceptions apply only in rare cases of customer fraud or proven "gross negligence." This standard is intentionally high, requiring firms to show that a customer ignored clear warnings or refused to cooperate with an investigation. Early results show a strong impact. In the first year, 88 percent of funds lost to in scope APP scams (£173 million) were reimbursed, and 82 percent of cases were resolved within five days (PSR 2025a). The policy expanded protection from 10 to 60 payment providers, and only 3 percent of claims were rejected under the negligence standard, showing no evidence of moral hazard. While direct comparison with the previous voluntary code is limited, the results mark a clear improvement over the 65 percent reimbursement rate reported by UK Finance in 2023.

Other major initiatives are underway in Singapore and Australia. In Singapore, the SRF assigns the scam loss between banks and MNOs on the basis of a set of specified duties, shifting the fraud burden from consumers to institutions. In Australia, the Scams Prevention Act is a flexible multiregulator framework. The government is expected to go one step further by including certain digital platforms, banks, and MNOs. It would be interesting to see the impact of these collaborative initiatives (Annex C).

(O) Cross-Border Fund Recovery Operations

Transnational scams exploit the gap between instantaneous global fund transfers and slow, nation-bound law enforcement. This speed and jurisdictional friction allow criminals to launder and withdraw stolen money before traditional legal channels can react, rendering recovery and victim redress nearly impossible.

Example of solution:

• To tackle the escalating threat of sophisticated scam syndicates operating transnationally in the region, Project FRONTIER+ directly connects the national anti-scam centers of member nations—including Singapore, Malaysia, Hong Kong SAR, Thailand, the Republic of Maldives, the Republic of Korea, and Australia—into a single agile regional network (SPF 2025). Led by the SPF's Anti-Scam Command (ASCom) and Malaysia's NSRC, this model aims to bypass slow, traditional channels, allowing for seamless, real-time intelligence sharing and rapid, synchronized responses. Project FRONTIER+ differs from other broad-mandate bodies like INTERPOL and Europol, which tackle all financial crime rather than focusing exclusively on scams. This focus enables its innovative operational model: a direct, peer-to-peer network connecting its members' national anti-scam centers, bypassing the slow bureaucracy of global agencies and providing the speed and agility needed to trace and freeze funds in real time. Project FRONTIER+'s early operations have yielded significant results. An initial joint operation between Singapore and Malaysia, conducted in February and March 2025, investigated 850 individuals related to over 2,700 scam cases, resulting in the freezing of 3,400 accounts and the seizure of over S$2 million. This was followed by a larger operation in May to June 2025, where ASCom and six regional partners recovered S$26.2 million in funds and froze 32,600 bank accounts.

Strategic Considerations and Potential Challenges

When setting the maximum reimbursement amount that victims of APP scams can receive, authorities strike a delicate balance between mitigating potential financial harm to consumers and avoiding perverse incentives that could lead to a rise in fraudulent reimbursement claims (moral hazard). At the same time, authorities should assess the financial and compliance costs that the framework represents to smaller financial institutions to ensure viability.

Regarding cross-border recovery initiatives, uneven technical and institutional capacity across jurisdictions may hinder the efficiency of recovery operations.

In light of these examples, we see some potential challenges with this type of solution:

• Data sovereignty laws: Conflicting data sovereignty laws limit what data can be shared across jurisdictions, limiting the effectiveness of cross-border recovery initiatives.
• Domestic scope: Reimbursement requirement frameworks are not applicable to international transfers.

VIII. Consumer Behavioral Campaigns

Anti-scam campaigns have evolved from simply providing information to actively shaping user behavior. This change recognizes that awareness and knowledge alone are insufficient, as criminals are experts at exploiting trust and urgency. These initiatives are led by authorities, nonprofits, FSPs, industry associations, and market facilitators who assume a leading or co-leading role and rely on support from other government agencies, behavioral scientists, education experts, and research organizations in the design and operational deployment of the campaigns.

It is challenging to demonstrate that these campaigns are effective, even though they raise public awareness, because their impact is difficult to isolate. They usually run alongside new regulations, FSPs' security upgrades, and law enforcement actions, making it hard to attribute a reduction in fraud solely to them. Moreover, many campaigns are too recent for full evaluation, and it takes time for their full impact to materialize.

(P) Actionable Frameworks by Authorities, FSPs, and Market Facilitators

The goal of these campaigns is to interrupt the emotionally driven reactions fraudsters rely on, creating a "moment of reflection." These campaigns aim to close the "awareness-action gap" by translating complex advice into simple, memorable, and actionable frameworks that empower individuals to challenge suspicious activity, often using humor, short videos, and the endorsement of well-known public figures.

Examples of solution:

• An example of such campaigns is Singapore's "I can ACT against scams"³⁴ campaign, a national initiative launched in January 2023 by the National Crime Prevention Council (NCPC) and the SPF, which aims to shift citizens from passive awareness to active prevention.³⁵ While Singapore's NCPC is formally a nonprofit governed by both private and public sector members, it functions as a true public-private partnership in which public representatives, including the SPF, are integral coleaders, not just participants. The ACT framework urges the public to add security features like ScamShield, check for scam signs and verify requests independently, and tell authorities and family about the scam. This message is disseminated through a comprehensive, multichannel strategy that includes social media, public advertisements, and bank partnerships. Public education efforts in Singapore are showing some positive results. The number of scam cases decreased by 26 percent in the first half of 2025, compared with the same period last year, and the percentage of scams involving social engineering fell from 86.1 percent to 78.8 percent, a decline that SPF (2025) claimed "may in part be due to public education efforts, which resulted in increased public vigilance." This heightened awareness is also reflected in the increased adoption of anti-scam tools like the ScamShield Suite, a key goal of the ACT campaign.
• The #BanksNeverAskThat campaign in the US, led by the American Bankers Association (ABA), instead focuses on teaching specific red flags,³⁶ a decentralized model providing free, co-brandable marketing materials to banks. This model allows banks, from large institutions to small community banks, to distribute a unified, educational message: your bank will never proactively contact you to ask for sensitive information like your PIN, password, or Social Security number. The campaign's humorous content (such as short videos and GIFs) highlights red flags in an engaging way and is reinforced by "Scam City," an interactive online game. The campaign, launched in October 2020, has seen significant and sustained growth, with participating banks more than doubling from 1,000 to over 2,300 by 2024. In a case study, Kish Bank reported a 94-percent decline in customer fraud losses in three months after implementing the campaign materials (ABA Banking Journal 2025).
• A distinct category of market facilitators has emerged to address the "last mile" of digital inclusion. Operating primarily in the research and consultancy spheres, these facilitators deploy campaigns that are more about developmental impact, targeting the specific cognitive vulnerabilities of new-to-digital users, especially vulnerable populations living in rural areas. A prime example is "Hey Sister! Show Me the Mobile Money!," a digital literacy initiative by Strategic Impact Advisors, United States Agency for International Development (USAID), and digital education provider Viamo, designed to bridge the gender gap by empowering women to navigate mobile money safely (Strategic Impact Advisors n.d.). Utilizing low-tech interactive voice response (IVR), the campaign delivers 25 dramatized audio lessons in local languages, through relatable character-driven narratives, covering essential mobile-wallet transactions and scam identification without requiring internet access or high literacy. This open-source model allows for local group-listening sessions and has expanded from its 2020 African pilot in Ghana, Malawi, and Uganda to reach markets in Kenya, Rwanda, Tanzania, and Latin America, prioritizing accessibility for underbanked populations with limited digital literacy. By 2021, the Hey Sister! campaign reported it reached 238,000 individuals, including 177,000 women, driving measurable improvements in digital hygiene (WBG 2025). The most dramatic shift occurred in PIN privacy, where the proportion of women refusing to share their credentials surged from 21 percent to 70 percent.³⁷ In addition, 60 percent of participants identified scam avoidance as the campaign's most significant impact.

(Q) Gamified and Experiential Campaigns by Authorities, FSPs, and Market Facilitators

Some of these solutions are now evolving toward gamified, experiential education to build long-term resilience against advanced threats like AI-driven deepfakes. Gamified campaigns use rewards and interaction to turn awareness into skill, fostering more lasting positive habits, proving especially effective for younger, digitally native audiences.

Examples of solution:

• While the ACT framework provides the core message, Singapore's NCPC also launched #XiamTheScams,³⁸ a separate campaign centered on a web-based life-simulation game and effectively serving as an engaging onboarding tool for real-world anti-scam tools like ScamShield. During its three-month run, the #XiamTheScams campaign attracted over 519,000 players who completed 10 million in-game scenarios. This engagement successfully translated into real-world protection, and NCPC reports driving the adoption of over 76,000 anti-scam measures like downloading the ScamShield app and enrolling in ScamShield alerts channel.
• HDFC Bank, the largest private sector bank in India, takes an even more experiential approach by simulating the scam itself through its "End of Scam Sale" campaign (HDFC Bank 2024). The initiative aims to educate the public on AI-driven deepfake scams. Operationally, it involved a multistep "hook and reveal" approach: first, a convincing deepfake video of a well-known actress is used to promote a fake sale on social media, offering steep discounts (Gan.AI 2024). The brand name sounds almost identical to that of an authentic high-end brand, a tactic often used by fraudsters. When users clicked the ad, they were taken to a landing page where a reveal video played, explaining that the setup was an educational "scam." The campaign's call to action was to join the "Vigil Army" WhatsApp channel for ongoing fraud alerts. A case study reports the campaign had a viral success, reaching 28 million people and successfully "scamming" 1.9 million into its educational reveal. It also indicates the engagement built a lasting asset, with 820,000 users joining the "Vigil Army" WhatsApp channel, and positive endorsements from government officials.
• Building on the same IVR-driven architecture used in Hey Sister!, the "Beera Mubangule" ("Be Aware") campaign in Uganda deepens this mobile approach by shifting from linear storytelling to an interactive, gamified model (IPA 2025). The campaign, developed by IPA and Viamo features a series of interactive, story-based audio lessons, in which users listen as fictional consumers interact with fraudsters attempting to deceive them. Launched in Airtel's network in Uganda, and using the "choose your own adventure" format based on Viamo's "Wanji Games" model, the program prompts users to make critical decisions at key moments in these dramas—such as refusing to share a PIN—and see the immediate consequences. This forces active participation by requiring users to evaluate risks, effectively translating the "stop, check, act" framework into an experiential learning loop that builds practical financial resilience for underbanked populations. Measured through a randomized evaluation, IPA indicates the percentage of consumers who reported losing money to fraud in the previous six months was reduced from 7.1 percent to 5.7 percent (and from 8.3 percent to 5.7 percent for women) while users also improved behavioral habits like a decrease in PIN/SIM sharing and an increase in the people checking to see if there are SIM cards registered with their national ID that they don't know about.

Strategic Considerations and Potential Challenges

Strategic Considerations and Potential Challenges

There is growing collaboration and synergy among authorities, the private sector, nonprofit organizations, and research organizations in the development and implementation of educational initiatives and consumer campaigns. At the same time, there have been many questions about the impact of education campaigns, which makes it critical for actors implementing such solutions to measure the long-term behavioral impact of such initiatives.

We see some potential challenges with this type of solution:

• Behavioral fade: The positive effects of a campaign can decrease over time as public attention wanes and the knowledge learned is not reinforced.
• Cost of participation: Scaling up initiatives based on IVR service requires partnership with MNOs to zero rate the SMS message and voice costs associated with the IVR service.
• Digital literacy and reach: Ensuring that campaign messages effectively reach and resonate with all segments of the population, particularly the most vulnerable, is a persistent challenge. Additionally, gamified campaigns are generally not accessible to less digitally literate populations, and limited device ownership and patriarchal norms remain major barriers.
• Gamification self-selection: Only users who are already interested in safety are likely to play the game, while the most vulnerable or overconfident may not.
• Legal and ethical challenges: Setting up consumers to make them fall into a "false scam" as a learning technique may face legal and ethical challenges.
• Limits of humor in campaigns: While humor makes the campaign viral, it risks trivializing the threat. Users may remember the joke but forget the specific behavioral instruction.
• Trust: Campaigns led by the industry and big tech platforms may be viewed as performative rather than genuine protection.

Considerations for Next Steps

Based on this research, we see some overarching opportunities, and trade-offs emerge. While it is too early to provide prescriptive recommendations, we propose some considerations for global organizations, country-level authorities, and other key stakeholders in the ecosystem to further utilize the opportunities while addressing trade-offs.

Opportunities

In terms of opportunities, a clear global and national movement is emerging to fight financial fraud. The growing emphasis placed on it by organizations such as the United Nations (UN), the WBG, the International Monetary Fund (IMF), the OECD, the Institute of International Finance (IIF), FinCoNet, and Consumers International, as well as SSBs, reflects this rising interest.

Another opportunity is the emergence of "ecosystemic" collaborations in the fight against scams and frauds that sometimes take the form of national strategies. These collaborations could strengthen the overall capacity of the financial sector to deal with a broader range of challenges in digital finance.

Finally, the use of AI opens new possibilities in the fight against financial fraud, enabling a large majority of the solutions described in this report. At the same time, the AI race is tight because criminal gangs and fraudsters also leverage AI capabilities to circumvent antifraud defenses. Those organizations that rapidly gain the capability to use AI-powered solutions will clearly be in a much better position to tackle fraud.

Trade-Offs

There is a potential trade-off between fraud protection and consumer data privacy. Almost all types of solutions rely on the use of consumer data to protect consumers against fraud (for example, biometrics and behavioral) but also raise concerns around data privacy and the potential exclusion of vulnerable and less digitally savvy consumers.

Another trade-off exists between protection and inclusion. Indeed, overly aggressive antifraud measures may have unintended financial exclusion consequences due to lack of proper identification, basic mobile devices, or poor network connectivity.

There is also a natural trade-off between collaboration and competition among different actors in the ecosystem. Not all actors recognize that collaboration may benefit them. Indeed, many of the collaborative solutions depend on direct competitors (banks, MNOs, platforms) sharing real-time intelligence.

There are also potential frictions in cross-border collaboration. National antifraud initiatives can disrupt local fraudulent activity, but they cannot seize foreign-based infrastructure or easily recover funds once they cross borders. This jurisdictional limitation is compounded by national legal barriers, stringent privacy regulations, and data-sharing restrictions that prevent rapid intelligence sharing between public agencies and private companies needed to match the speed of scammers.

Some of the solutions require major investments in sophisticated tools, specialized human resources, and technical capability for collecting, processing, and analyzing vast amounts of real-time data. Many authorities in EMDEs struggle to keep pace in the context of diminishing global resources, while fraudsters are adapting their tactics quickly. Leapfrogging will only happen with a comprehensive strategy.

Considerations for Country-Level Stakeholders

The journey to fight fraud in digital finance is still in its early days, and more learning needs to take place. While fraud is a cross-sector and cross-border issue and requires collaborations with a much broader ecosystem than only the financial sector, there are many things that financial sector authorities and other actors can contribute to protect consumers against fraud. An important starting point for financial authorities is to develop solid regulatory and supervisory frameworks for FCP, privacy, and data protection. Another important task to develop successful solutions requires them to have a good understanding of the challenges consumers face with financial fraud when using DFS. Authorities will gain information on fraud by using market monitoring tools (Izaguirre et al. 2022). They can also integrate the voice of consumers when developing new rules through consultation with consumer representatives or through in-house consumer panels (Duflos et al. 2021). Likewise, DFS providers who take a customer-centric approach may look actively for clients' feedback and pain points related to fraud to find solutions that are well adapted to them (CGAP 2025).

Financial authorities may consider developing specific antifraud national strategies or integrate significant antifraud initiatives in financial sector strategies. Given the cross-sector dimension of fraud, these strategies may be hosted by a government agency that has a broader mandate such as the ministry of interior. The UK government (Home Office) has just published a national Fraud Strategy, and Canada has also begun developing such a strategy. In the US, the Aspen Institute, in collaboration with over 300 experts from over 80 organizations, has facilitated the development of a national strategy to prevent scams (Bourke et al. 2025).

As part of a strategic approach, financial authorities will likely need to adopt "ecosystemic" solutions. They may have to engage with data privacy, cybersecurity, communications and technology, AML/CFT authorities, and enforcement agencies. Nonprofits, industry associations, FSPs, and consumer representatives can also play a proactive role. In Côte d'Ivoire, the collaborative design and implementation of an action plan by the DFS ecosystem—led by the financial authorities—contributed to a reduction in consumer losses from fraud from 14 percent to 5 percent within two years (Riquet and Duflos 2025). Collaboration will require breaking existing silos and fostering culture change in organizations, which will demand strong leadership. Given the potential trade-off between fraud protection and data privacy, financial authorities and data protection authorities will likely need further collaboration on regulatory and supervisory solutions that protect consumers against fraud and misuse of their personal data, while ensuring that excessive data collection does not fuel financial exclusion.

Authorities and other DFS ecosystem actors may need to assess and build their internal capacity to better understand and respond to fast-evolving threats more proactively. This requires a deep understanding of the fraud chain. Criminals continually adapt to new security measures and antifraud initiatives at an accelerating pace, leveraging communication channels and sophisticated AI tools (deepfakes). Agility and adaptation require resources. While AI may sound like a magic wand, supervisors in emerging markets who want to embrace AI-powered SupTech should begin by hiring staff with new types of skills, investing in data and modern IT infrastructure, building robust legal and governance frameworks, and fostering a culture of innovation and responsible experimentation. Without these foundations, even the most sophisticated AI tools will fall short of their potential (Dias and Izaguirre forthcoming).

Considerations for Cross-Border Collaborations and Global Stakeholders

Strengthening cross-border collaboration among governments will become increasingly vital because fraudsters don't have borders. Authorities can draw on promising models like Project FRONTIER+, which connects national anti-scam centers across seven countries to share intelligence and freeze funds in near real time. Expanding such networks to low- and middle-income countries could become a priority for governments and development partners.

This also requires more regulatory convergence than currently exists. Differences in data laws, crime enforcement mechanisms, AI-regulation frameworks, AML/CFT recommendations application, and consumer protection standards can weaken even well-intentioned information-sharing agreements. Global bodies, including the FATF, the FSB, the OECD, the UN, the WBG, and the IMF, can help by developing common principles and practical guidance that make cross-border cooperation faster and more accessible to authorities with limited resources. Without this global infrastructure, national efforts, even if effective at home, will continue to fall short against criminal networks that face no such constraints. The development of a global antifraud infrastructure may require more collaborations between SSBs. Protecting poor and vulnerable consumers in EMDEs will require a better-connected global ecosystem that puts the consumers, their protection, and their financial health at its center.

Cross-border collaboration will also be critical to mobilize the resources that EMDEs need to avoid falling behind. It might be in the interest of high-income countries to further invest in EMDEs to better protect their own jurisdiction in a highly connected digital world. These efforts also contribute to the fight against corruption, strengthening the governance and development prospects of EMDEs. Funders and development agencies can play an active role in developing customizable solutions that authorities and other DFS ecosystem actors in EMDEs can readily adopt and implement, with promising examples already emerging.

The fight against fraud calls for an accelerated collective response, one that brings together organizations that have long worked in silos, invests in the tools and research needed to learn what works, and puts the financial health and protection of poor and vulnerable consumers at its center, a vision that CGAP and its global partners are committed to helping bring to life.