When we look at the financial services landscape, more has changed in the last five years than in the last 30, especially when it comes to financial fraud. In today’s digital, instant, cross-border world, financial crime has become a sophisticated enterprise.
Recent figures from the BBC show that fraud cases have risen by 16%, with fraudsters stealing more than £3m a day in 2024.
PwC research also revealed that organised crime has become an increasing concern in financial services over the last couple of years.
In the past, the world of the financial fraud was clearly defined, and even large-scale events tended to have just a few key actors. For example, only five people were responsible for the 2009
Heartland Payment Systems breach that compromised over 100 million cards and over 650 financial service companies.
Today, there’s much more fluidity with criminals becoming more collaborative, often working as if they were a large corporate. Going into 2025, how can financial institutions ensure that they are ready to defend their businesses and their customers from
criminal enterprises?
The evolution of financial crime
Pre-Covid, we used to see criminals stay in their own lane. In a classic scam, you would have a middleman, a counterfeit card maker and a mule, and they would have a dark web collaboration space where they would coordinate their attack.
Now, criminals are organised, agile, collaborative and have cutting-edge financial technologies at their disposal, from dark web search engines to AI chatbots configured to deceive consumers and create ever-more convincing deepfakes. For example, WormGPT,
FraudGPT and DarkBERT are just some of the tools that have emerged on the dark web. WormGPT and FraudGPT were the criminals’ answers to ChatGPT – a generative AI tool that could help criminals craft phishing emails, generate malicious code, and even provide
hacking tutorials.
DarkBERT was the world's first dark web-specialised AI language model. While previous encoder language models tended to struggle with the dark web’s diverse vocabulary and structural difference, DarkBERT was specifically developed to understand the illicit
content found on the dark web.
All of these advances have given criminals the means to create well-crafted, convincing phishing campaigns that often contain polymorphic malware, which camouflages itself in systems to avoid detection.
And such threats are now top of the agenda for financial institutions. Whereas these kind of organised crime incidents were of little consequence in platform fraud pre-2020, PwC's earlier mentioned research finds that organised crime has now entered the
top three external concerns for financial institutions, accounting for 28% of incidents in 2024. Over half of the organisations surveyed stated that platform fraud resulted in financial loss, with over a quarter losing over $1 million as a result.
How fraud is shifting focus
The developments we have observed show us that fraudsters have turned their focus onto the weakest link: humans. We’re increasingly seeing fraud moving from card rails to account-to-account (A2A) transactions, which enables the fraudsters – through the real-time
payment rails – to access the funds instantly.
Data from
Juniper Research finds that the global volume of A2A payments is expected to grow from 60 billion in 2024 to 186 billion by 2029, signifying an increase of 209%. With this rate of growth, it comes as no surprise that fraudsters are similarly shifting their
focus toward the A2A space. However, card networks already have sophisticated protections in place, which, when applied to A2A transactions, can help financial institutions shore up their defences against increasing fraud.
Combining A2A and card network data will give banks the visibility to detect ‘bad’ accounts faster, which is why, at Visa, we have widened our focus and extended our fraud detection efforts to A2A payments.
In a
pilot with Pay.UK, we trialled a new overlay service which allows all UK banks and building societies to analyse money flows and use predictive artificial intelligence to detect fraud and help prevent crime before it occurs. The result was that the tool
correctly identified an additional 54% of fraud and APP scams beyond those spotted by the banks' prevention systems. This, when applied UK wide, has the potential to help save the UK economy over £330 million a year.
We have since extended and improved this overlay service – Visa Protect for A2A – beyond the initial pilot with PayUK that detected an incremental 54% of fraud.
The key is understanding that consumers have different purchasing patterns depending on whether they are moving money from accounts or if they are using their credit or debit cards. Taking the insights from both to then create holistic databases can help
banks catch up to 30% more fraud.
The network effect – fraud prevention in 2025
The ultimate goal of all these initiatives is to protect consumers from scams. To further consumer protection, the UK Payment Systems Regulator (PSR) has additionally introduced the 50/50 rule, which has been in effect since October 2024. This rule requires
the sending and receiving payment service provider to equally split the cost of reimbursing consumers in cases of authorised push payment (APP) fraud.
Having the 50/50 rule is a great step forward, but when we look to the future, we need to create more balance in the ecosystem so that every part of the ecosystem can work together to fight fraud. While the PSR’s rule allows banks to refuse reimbursement
to customers who have acted fraudulently, it also leaves banks having to expend considerable resources identifying and weeding out first-party fraud. First-party fraud, also called friendly fraud, occurs when someone knowingly provides false information or
misrepresents their identity for financial gain – in this case, customers filing fraud claims for purchases they have made themselves.
All of this goes to show what a complex problem the industry is facing. At Visa, we have our own dark web intelligence team, and we see the wave of fraud that’s coming. We are working hard to stay ahead of the criminals, but, looking at the year ahead, the
industry needs to link arms in defending consumers against the modern criminal enterprise. And while currently many financial institutions have their own, in-house solution, the positive impact of collaboration cannot be overstated.
Combining card network insights with bank insights enables both players to analyse global data, to identify where fraud is happening, and to spot trends as they emerge. The additional insights from the card networks then essentially enable banks to get more
valuable scores on their own data.
Looking at the evolution of payments, we can see that the payments environment is increasingly fragmented. So what’s next? Some suggest blockchain, some suggest agent-to-agent commerce. But either way, we need to ensure that we are not just protecting our
clients and customers from the challenges they face today, but from the threats of tomorrow as well.