A 7-step enterprise fraud framework to redefine scam prevention

Scams, or authorised push payments, are the scourge of the day. While no formal figures exist, it is estimated that the global scam losses exceed $1tn per annum. Organised crime is at the heart of this increase, with some estimates putting 1.5 million employed as professional scamsters.

The rising professionalism of the scamsters, the availability of “off the shelf” scam tools (e.g., phish kits), the very high “gross margin”, the increasing digitization of customer experiences, and inadequate law enforcement are all contributing to a continued increase in scams across the world.

The regulatory expectations, and the associated cost of compliance, vary by market. The most extreme position exists in the UK, where financial institutions are liable for up to £85,000 in almost all cases. Most regulators are examining the “Shared Responsibility Framework” framework, and it is reasonable to assume that financial institutions will have to bear an increasing share of this cost.

Customer expectations prize fraud defences when selecting a financial institution. In a global survey of 18,000 customers, some 60% ranked “Good Fraud Protection” as either their top or the second priority. This was followed by “Ease of Use” (43%). While seemingly at odds, these two are the opposite sides of the same coin. Effective scam detection, measured by a high value detection rate at an acceptable level of false positives, becomes a key business growth imperative.

There is no one silver bullet defence against scams. The ideal scenario – a fully alert customer – remains unrealistic.

Instead, effective defence requires a multi-layered strategy. The following 7-step framework offers a practical, intelligence-driven approach toward scam defence.

1. Understand customer susceptibility

   The framework begins with proactive assessment of customer vulnerability through sophisticated susceptibility scoring. This involves harvesting both monetary transactions and non-monetary events across all customer touchpoints to create always-on customer profiles. This requires an applied intelligence platform that enables real-time assessment that evolves with each customer interaction. (Note: This approach needs to be vetted against local privacy and permissibility requirements.)

2. Create robust customer personas

   By developing personas that reflect psychographic and behavioural characteristics, institutions can assess specific scam vulnerabilities. For example, customers with high investible income who engage in cryptocurrency trading may be particularly susceptible to investment scams. Knowing customers helps to protect them.

3. Deploy targeted, personalised, proactive communication and education

   Generic scam warnings prove largely ineffective. The framework emphasises hyper-personalised, contextual messaging aligned to individual risk profiles and scam types, creating more informed and alert customers. Breaking the scammer’s spell is critical.

4. Alert and amplify with the susceptibility score

   At the heart of scam detection lies sophisticated monitoring of customer behaviour and activity. The framework recommends multi-layered decisioning that first identifies anomalies, then determines whether they’re associated with scams or traditional fraud. Enterprise fraud capabilities can “amplify” transaction scores based on customer susceptibility and personas.

5. Build dynamic in-journey engagement

   Understanding that customers in “hot states” often ignore generic warnings, the framework emphasises dynamic, personalised dialogue that creates appropriate friction and reflection opportunities. This may include cooling-off periods or post-transaction follow-up when customers are more receptive.

6. Close the back door

   Since stolen funds must flow through mule accounts, the framework emphasises real-time intervention capabilities beyond traditional anti-money laundering controls. This requires transitioning from monthly batch assessments to instantaneous monitoring and account freezing.

7. Collaborate across the ecosystem

   Build a formal ecosystem across the regulator, law enforcement, telcos, social media platforms, and industry bodies to facilitate data sharing and best practice. This is probably the hardest task.

Scam prevention demands more than traditional fraud controls — it requires a sophisticated, data-driven platform capable of analysing vast volumes of signals in real time, while maintaining the right balance between customer protection and experience. To operationalise this framework, banks can integrate advanced analytics, orchestration, and engagement capabilities across the customer lifecycle.

The scam epidemic represents an existential threat to customer trust and institutional stability. Financial institutions that wait for regulatory mandates or perfect solutions will find themselves at a significant disadvantage.

Success requires ruthless measurement and tagging of both structured and unstructured data to create virtuous feedback loops. Equally critical is constant engagement with operations teams and active monitoring to assess new vectors and anticipate emerging attack patterns.

As the threat landscape continues evolving, financial institutions must embrace proactive, intelligence-driven strategies that protect customers while maintaining operational efficiency. Use the seven-step framework as a roadmap to transform scam prevention from compliance obligation into strategic advantage and position for success in an increasingly complex risk environment.

Vineet Saxena, Fraud and Credit Fellow at FICO

“A 7-step enterprise fraud framework to redefine scam prevention” was originally created and published by Retail Banker International, a GlobalData owned brand.

The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.