Scams have become universal, affecting all types of consumers and every kind of organization. This has placed tremendous pressure on financial services firms, which often bear the brunt of the financial losses, to develop strong fraud prevention strategies to protect their customers.
In a recent PaymentsJournal podcast, Raj Dasgupta, Vice President of Product Marketing at BioCatch, and Suzanne Sando, Lead Fraud Analyst at Javelin Strategy & Research, discussed the evolving forms of scams, the varying global approaches to fraud prevention, and how financial institutions can develop a blueprint to combat these threats.
Inundated at Every Turn
One of the most impactful trends in recent years is that cybercriminals can now more accurately target their victims. For example, someone interested in investing may receive messages about cryptocurrency scams, while a job seeker might be targeted with fake job offers.
Even with this precision targeting, cybercriminals continue to cast a wide net.
“The target for these kinds of scams could be just about anybody,” Dasgupta said. “Usually, we are led to think that they would have been elderly people who are less tech savvy or who can be gullible, but not quite. It could have been anybody. What we are seeing romance scam-wise is it’s skewed towards the elderly. The scammers target lonely individuals who are looking to get into a relationship.”
“Or it could be an investment scam where it can target practically anybody, mostly the elderly, but then the younger demographic is also not immune to those kinds of scams,” he said. “If you are less averse to financial risk, you might end up investing in cryptocurrency in the hope of great returns, ultimately to realize that you’ve been scammed.”
These diverse scam variants are driving a widespread problem. In a recent survey conducted by BioCatch, respondents reported a 65% year-over-year increase in the total number of scams between 2024 and 2025. This included a 14% rise in purchase scams, the most common type worldwide.
Phishing scams via both voice and texting— oftenknown as smishing—also increased last year, along with significant upticks in romance and investment scams.
The lone bright spot in the study was a 15% decrease in impersonation scams, where criminals pose as legitimate agencies. This decline is likely due to increased awareness and more effective controls implemented by organizations.
“We saw minuscule drops in scam losses in the number of affected victims, but it’s not enough to throw the confetti and pop the champagne,” Sando said. “We’re still talking about a $20 billion problem for scams across 22 million victims, according to Javelin data. Scams feel so prevalent at this point. It feels like we can’t trust anybody or anything—we can’t trust any text that comes in, or emails, DMs, or social media.”
“Everything that we get is met with this air of distrust, and from a consumer perspective, rightfully so,” she said. “We’re inundated with these messages all the time, at every single turn. I don’t feel like I can trust that this voicemail that I got from my mom is really from my mom.”
A Changing Answer
In addition to rising volumes, scam messages have become more convincing and harder to detect. A major driver of this trend is new technology, particularly artificial intelligence.
“There are AI technologies which are easily adoptable, like writing out a grammatically correct email or a text message and making it look very real,” Dasgupta said. “Those are easily accessible technologies. Now it’s hard for our customers to detect if a victim was in fact receiving an email or a text which was constructed by AI.”
“The more sophisticated forms are not happening at scale so we can’t call them mainstream just yet, but that is not to say that things can’t change in about six months, because this is a space which is moving very fast,” he said. “Technology itself is changing very fast. I wouldn’t be surprised if I have to give you a different answer six months from now.”
AI has also enabled the creation of highly realistic deepfake audio and video. For example, a deep fake audio clip could be used in a call to convince someone that a family member is in distress and needs urgent help.
As retailers deploy AI in the shopping experience, such as through agentic commerce, cybercriminals are finding ways to exploit this technology. For instance, they could create counterfeit agent services or attempt to manipulate AI agents themselves. Unfortunately, these examples represent just a few of the many ways cybercriminals are leveraging AI for scams.
“We have not seen all that AI is capable of at this point,” Sando said. “That can go for how it can help financial institutions better mitigate scams, but it also stands true for criminals. They aren’t bound by regulatory bodies or compliance or governance teams or data privacy restrictions.”
“They can do whatever they want, so they can move a lot faster and more freely in adopting AI,” she said. “They’re more agile and they can do what they need to get it to fit their needs for their schemes.”
Not Just a Fraud Problem
The scale and sophistication of scams have imposed both direct and indirect costs on financial institutions. These include authorized losses, where customers are manipulated into approving transactions, and unauthorized losses, such as account takeovers or stolen cards.
Unfortunately, the impact of scams extends far beyond immediate financial losses. They can cause operational strain and reputational damage.
“Something that is not immediately apparent is that victims can leave the bank, so there is a real cost of attrition and related is the cost of acquisition,” Dasgupta said. “When one customer leaves, to get another customer to have the same level of profitability, your acquisition cost may be double what you normally have to acquire new customers.”
“Bear in mind also when the customers are leaving, in a lot of cases they’re seniors and they’ve had their life savings with the financial institution,” he said. “When they choose to leave, they’re leaving with all that money, so it’s a big deposit loss. It impacts the overall portfolio.”
In addition to driving customer attrition, scams consume substantial resources. Many institutions rely on staff to investigate incidents, and these teams are often quickly overwhelmed by the sheer volume of cases.
What’s more, the increasing effectiveness of scams has led to a rise in authorized losses, and the resources required to investigate and respond to these incidents are often substantial.
“All the associated costs mean that the profitability of your deposit portfolio is taking a hit,” Dasgupta said. “It’s not only the reimbursement losses, but everything else: investigative effort, regulatory exposure, regulatory requirements, compliance requirements, legal exposure, deposit loss, acquisition costs of new customers, and the profitability of the deposit base.”
“All of those things have to be taken into consideration when thinking of scams as a problem rather than just a fraud problem,” he said.
Getting It Right
Due to this combination of factors, scams have become a global scourge. However, some regions have made strides in developing effective scam prevention mechanisms.
“Two countries are top of mind when it comes to getting it right,” Dasgupta said. “One is Australia, and I would give a shout out to Australia because they’re not doing it because of regulatory pressure, but they’re doing it because they feel like they need to protect their customers. They’ve taken a variety of actions—be it technology related, be it process related—to make sure that their end users are not going to be victims of scams and lose money.”
“The UK is a bit different than Australia because there is regulation that came into effect not too long ago, where the losses will have to be divided out between the sending bank and the receiving bank so that the victim who’s a customer of one of those banks is not left holding the bag,” he said. “That’s a step forward.”
Conversely, the U.S. has lagged behind in this area. One reason is the sheer number of financial institutions operating in the United States; another is the country’s more market-driven regulatory approach.
While some leading U.S. banks have invested in scam prevention, significant progress remains to be made. The strategies adopted by other countries can provide useful guidance, but U.S. institutions will ultimately need to forge their own path.
“The important part to me is not taking exactly what some other country is doing and doing a copy-paste into the U.S.,” Sando said. “We know that’s not going to work. Everybody has their own regulations and things that are going to work for them. It’s about taking what strides other countries have taken, figuring out what’s feasible for the U.S. and taking action on that.”
“That is where I feel like we’re missing the boat,” she said. “We’re missing the take-action part in a big way. We’ve got a lot of good things going for us. We’ve got task forces and scam groups that are popping up that are sharing critical information and encouraging more industry-level information sharing. That’s a huge step forward. We now have to get to the point where we’re taking concrete action to stop those scams.”
Combating the Typologies
The most impactful action financial institutions can take is to acknowledge the scam threat and begin developing proactive solutions. Given the unlikelihood of regulatory mandate on scam prevention in the near term, organizations will need to lay the groundwork themselves.
Although this is a significant undertaking, the first step is to develop a dedicated strategy to mitigate the devasting impacts of scams. Then, it’s time to act.
“If they don’t act, they will be at a loss,” Dasgupta said. “Scams cannot happen if there is no mule account where the scam proceeds can be deposited. They’re all interlinked and at the end of the day the more accounts you have either become victims of scams or they’re holding illegal money from scams.”
“Banks are becoming very aware of it and at the highest levels they are making it their KPI to combat this entire ecosystem of different scam typologies and different attack vectors so that they can make their base more profitable and have better quality deposits,” he said. “That’s where my hope is that this trend continues, where banks are getting more aware of what needs to be done and taking action.”
