What is a National Anti-Scam Utility

A national anti-scam utility is the infrastructure gap no single bank can close

A National Anti-Scam Utility (NASU) is a country-level infrastructure that connects banks, telecoms, government agencies, and law enforcement into a single coordinated network to detect and intercept scams in real time. Unlike fraud controls operated by individual institutions, a NASU operates at the systemic level — sharing threat intelligence across the entire financial ecosystem the moment a scam is detected. The goal is to stop fraudulent funds moving between institutions before they can be withdrawn or laundered.

Scams have outgrown the defences built to stop them

Scams have outgrown the defences built to stop them. Globally, an estimated $442 billion was lost to scams in the past 12 months, with 70% of adults exposed to a scam attempt and 57% reporting an actual scam experience during that period.[1][2] Nearly a quarter of adults globally — 23% — went on to lose money as a result.[3]

Authorised Push Payment (APP) fraud — where victims are manipulated into sending money directly to criminals — has become one of the fastest-growing categories of consumer fraud globally. In the UK alone, APP fraud losses reached £450.7 million in 2024, according to UK Finance.[4] In Southeast Asia, industrial-scale scam operations run from compounds in Myanmar, Cambodia, and Laos are generating an estimated $40 billion a year, according to the UN Office on Drugs and Crime, with some estimates putting global annual revenue from these operations as high as $64 billion.[5]

The core problem is structural. Banks can only see transactions within their own walls. A fraudulent payment that moves from Bank A to Bank B to Bank C is invisible to any single institution acting alone. By the time one bank raises an alert, the money has already moved on. Traditional fraud systems were designed for a world where fraud was isolated. National Anti-Scam Utilities are designed for a world where fraud is networked.

A NASU changes the economics of scams. When intelligence is shared instantly across all participating institutions, mule accounts get flagged before they can be reused, fund movements can be traced and frozen in real time, and the infrastructure criminals rely on becomes progressively harder to operate. This matters because recovery after the fact is unreliable: globally, even when victims do report a scam to the payment provider used to send the money, only 30% are able to recover any of it, even partially.[6] A NASU is built to intervene before that point is reached.

How does it work?

Centralised intelligence sharing Participating institutions — banks, payment networks, telecoms — feed transaction alerts, flagged accounts, and scam reports into a shared platform. This creates a national-level picture of fraud activity that no single institution could build alone.

Real-time fund tracing When a scam is reported, the platform automatically traces the path of funds across institutions — identifying where the money went, which accounts it passed through, and where it currently sits. This process, which previously took days of manual investigation, can be compressed to minutes. FNA's Money Trails capability automates this tracing across the full chain of accounts involved in a fraud event.

Coordinated freezing and response Once funds are located, the platform triggers simultaneous alerts to all relevant institutions, enabling coordinated freezing before the money is moved again. Law enforcement receives structured intelligence packages rather than fragmented bank reports.

Secure multi-party architecture Because participating institutions are competitors, and because the data involved is highly sensitive, NASUs are built on secure data-sharing architectures — typically using techniques such as secure multi-party computation (MPC) or tokenisation — that allow institutions to collaborate on fraud without exposing their underlying customer data to each other.

How is it different from traditional bank fraud systems?

Traditional fraud systems are institution-scoped. A bank's fraud team sees its own transactions, its own flagged accounts, its own customer complaints. The analysis is retrospective — reviewing what happened after the fact — and the response is unilateral.

A National Anti-Scam Utility is network-scoped and real-time. The key differences:

  • Coverage: a NASU sees the full path of a fraudulent payment across every participating institution. A bank fraud system sees only the portion that touched that bank.

  • Speed: NASUs are built for intervention before funds are withdrawn. Traditional systems are optimised for investigation after the fact.

  • Intelligence accumulation: every scam reported to a NASU makes the network smarter — mule accounts, phone numbers, and patterns are shared instantly. Traditional systems build siloed knowledge that rarely reaches other institutions.

  • Governance: NASUs require a central operator — typically a central bank, national payments authority, or dedicated utility — to set rules, manage access, and ensure compliance. They are infrastructure, not just software.

Fragmented national responses leave the door open for networked criminals

The gap between institution-level fraud controls and the cross-institutional reality of modern scams is not a technology problem — it is a coordination problem. Multi-rail payment fraud exploits precisely this gap: criminals route funds across payment rails and institutions in the knowledge that no single participant can see the full picture. Until the unit of defence matches the unit of attack — the national network — individual institutions will always be responding to a threat they can only partially observe.

Real-world examples

Malaysia — National Fraud Portal and the NSRC Malaysia's National Scam Response Centre (NSRC) is one of the most advanced operational NASUs in the world. Built on FNA's Money Trails platform and operated by PayNet under the oversight of Bank Negara Malaysia, the NFP automates the end-to-end process of receiving fraud reports, tracing funds across banks, and sharing alerts to trigger account freezes. Governor Dato' Seri Abdul Rasheed Ghaffour of Bank Negara Malaysia has described the system as equipping NSRC operations with a fully automated process from fraud report management through to inter-bank alerts.

FNA's role in the Malaysia deployment earned the Central Banking Payment Services Initiative Award in 2025, recognising the NFP as a model for national-level fraud infrastructure.

G20 TechSprint 2025 FNA and Proto won the 2025 G20 TechSprint in the Fraud & Risk category for "Trust at Speed" — a solution combining multilingual AI-powered scam reporting with real-time fund tracing. The win, under the G20 South Africa presidency, validated the NASU model as the leading international framework for tackling industrial-scale scams.

European Union — Article 75 The EU's revised Payment Services Regulation (Article 75) mandates cross-border intelligence sharing between financial institutions to combat APP fraud. FNA's broadcast series has examined the practical infrastructure required to operationalise Article 75 as a pan-European NASU equivalent.

Regulatory mandates alone cannot substitute for shared infrastructure

The EU's Article 75 framework illustrates both the ambition and the limits of a regulatory approach. Mandating intelligence sharing is a necessary condition for a functioning national anti-scam utility — but it is not sufficient. The Fraud Portal infrastructure that makes cross-institutional interception operationally viable must exist before the mandate can be fulfilled. Jurisdictions that invest in the underlying platform now will be better positioned to meet emerging regulatory requirements than those waiting for the regulatory deadline to drive the build.

Frequently asked questions

Who operates a National Anti-Scam Utility?

Typically a central bank, national payments authority, or purpose-built utility company. In Malaysia, PayNet operates the NFP under Bank Negara Malaysia's oversight. The operator sets participation rules, manages the secure data environment, and coordinates with law enforcement.

Do all banks have to participate in a National Anti-Scam Utility?

Participation requirements vary by jurisdiction. In some countries participation is mandated by regulation; in others it is voluntary but strongly incentivised. A NASU becomes significantly more effective as participation approaches 100% of the national banking system — gaps in coverage create escape routes for criminals.

Is a NASU the same as a fraud database?

No. A fraud database is a static repository of known bad actors. A NASU is an active, real-time infrastructure that traces live transactions, triggers coordinated responses, and continuously updates shared intelligence. The distinction is the difference between fraud and scams historically acting like a wanted list versus a live surveillance network.

Can NASUs share data across borders?

Cross-border data sharing is technically feasible but legally complex. Secure multi-party computation techniques allow institutions to collaborate on fraud detection without transferring raw customer data across jurisdictions — a key enabler for the EU's Article 75 framework and for regional NASU networks in Southeast Asia.

How long does it take to build a NASU?

A basic operational NASU — covering fund tracing and inter-bank alerting — can be deployed in months if built on existing infrastructure like FNA's platform. Full national coverage, including telecom integration and law enforcement connectivity, typically takes 12–24 months depending on regulatory environment and the number of participating institutions.

Footnotes

  1. GASA & Feedzai, Global State of Scams 2025 Report, pp. 6, 16 — an estimated $442 billion was lost to scams worldwide in the last 12 months.

  2. GASA & Feedzai, Global State of Scams 2025 Report, pp. 6, 44 — 70% of adults globally were exposed to a scam attempt, and 57% had an actual scam experience, in the last 12 months.

  3. GASA & Feedzai, Global State of Scams 2025 Report, pp. 6, 14 — 23% of adults globally lost money to scammers in the last 12 months.

  4. UK Finance, as cited in FNA's related LinkedIn content — £450.7 million in APP fraud losses in the UK in 2024 (updates the previous £460 million/2023 figure).

  5. UN Office on Drugs and Crime (UNODC), as cited in FNA's related LinkedIn content — Southeast Asian scam centres generate an estimated $40 billion a year, with some estimates putting global annual revenue as high as $64 billion.

  6. GASA & Feedzai, Global State of Scams 2025 Report, pp. 6, 28 — only 30% of scam victims globally who report to their payment provider recover any money, even partially.

Next
Next

A Letter From… South Africa: Fraud collaboration and moving beyond isolated efforts