Fraud vs Scams: The Architectural Shift Required to Protect Real-Time Payments
By Jon Draper
Over the past two decades, the global financial sector has invested billions into securing the digital perimeter. Through behavioural biometrics, device fingerprinting, and complex transaction monitoring, the industry became proficient at keeping bad actors out of customer accounts. Yet, despite these defenses, global financial losses continue to compound at an unsustainable rate.
To grasp the scale of this issue, we only need to look at the UK Finance 2025 Half-year Report. In the first half of the year alone, criminals stole £629.3 million, equating to £2,300 lost and eight people victimized every single minute.
The reason for this paradox is a fundamental shift in the threat landscape. The industry is no longer primarily fighting unauthorized access; it is fighting authorized manipulation. To solve this, we must first re-evaluate how we categorize financial crime.
The Taxonomy of Theft: Unauthorized vs. Authorized
While often conflated in public discourse, “fraud” and “scams” represent distinct attack vectors that require entirely different defense measures.
Traditional Fraud (Unauthorized) occurs when a criminal bypasses security protocols to gain access to an account without the victim’s knowledge – think credit card cloning or Account Takeover (ATO). Where the defense is identity-centric. If the device, IP, or biometric signature is unrecognized, the system blocks the payment.
Scams (Authorized Push Payment- APP) are more insidious. In a scam, the victim is manipulated via social engineering or bank impersonation into initiating the transfer themselves. Because the victim is the one hitting “send”, traditional point-of-origin defenses are rendered obsolete.
While defenses against traditional fraud are relatively strong, the same cannot be said for APP fraud, where the transaction appears “clean” on the surface but the intent is criminal and the financial impact compounds exponentially. For instance, in the USA, Deloitte estimates that losses from authorized push payment fraud hit $8.3 billion in 2024. Without systemic changes to how financial institutions monitor authorized transactions, those losses are only set to increase and are predicted to reach $14.9 billion by 2028.
The Blind Spot of Transaction Monitoring
The core challenge in stopping APP scams is that most banks operate in a data silo. When a victim sends money to a “mule account” (an account used to launder stolen funds), the sending bank sees a legitimate customer performing a standard transfer. The receiving bank sees an incoming payment that appears to be like any other. Neither side has sufficient context to identify the crime in real time.
Criminals exploit this lack of visibility by distributing “mule clusters,” vast networks of accounts across multiple institutions, to move and “clean” money before it can be traced. To catch these networks, we must stop focusing on individual transactions and start examining network topology. By analyzing the entire payment ecosystem as a single, connected graph, we can utilize structural community detection. This identifies clusters of accounts that exhibit “mule-like” behaviour, such as high-velocity layering or circular fund flows, despite being spread across different banks
Identifying these networks, however, is only the first step toward moving from reactive monitoring to systemic immunization. The operational breakthrough occurs when we link the investigation of past crimes to the prevention of future ones. This is the “Virtuous Feedback Loop”. When a victim reports a scam, systems like FNA’s “Money Trails” can instantly trace the path of funds across the network. Once a mule account is identified and labeled, that intelligence can be pushed via API to every bank in the network.
When a second victim attempts to send money to any account in the mule network, the transaction is blocked before settlement. This synergy between AI models and real-time tracing significantly improves recall without increasing friction for legitimate users.
From Reactive Monitoring to Systemic Immunity
The shift toward authorized scams is being fundamentally accelerated by the adoption of real-time payments. According to ACI Worldwide, real-time payment rails are projected to facilitate 80% of APP scam losses globally by 2028. As money moves faster, the window for traditional intervention slams shut, and fraudsters are explicitly exploiting the immediacy of these transactions to steal funds before they can be traced.
However, the rise in authorized scams represents more than a change in criminal tactics; it is a fundamental challenge to the trust underpinning modern digital economies. In the era of real-time settlement, the traditional perimeter has dissolved. Security can no longer reside solely at the point of entry – it must live within the complex web of relationships between accounts.
Winning this battle requires a departure from past isolationist models. By adopting a network-first approach, leveraging Graph AI to expose the hidden architecture of mule clusters, financial institutions and regulators can finally move ahead of the threat. The goal is no longer just to flag a suspicious payment, but to immunize the entire financial ecosystem against systemic exploitation.
As demonstrated by the success of Malaysia’s National Fraud Portal, which has accelerated case investigation times by 75% and increased fund-freezing rates by 50x, the technology to solve this paradox exists today. The final requirement is the strategic will to collaborate. By bridging the gap between post-settlement investigation and pre-settlement prevention, we ensure that the speed of our payments matches only the sophistication of our collective defense.
