According to Financial Times News, a panel at their Global Banking Summit revealed the staggering new reality of digital fraud. One example shown was a live deepfake video used in a romance scam, where a West African criminal gang impersonated a retired Asian dentist in real-time, fooling a victim out of $150,000. Critically, this wasn’t a one-off hack; it was an advertisement on the dark web for a monthly subscription service, meaning this advanced tech is now a product any criminal can buy. In the UK, fraud now constitutes 40% of all crime, with an estimated $10 billion lost to crypto scams in 2024 alone. The discussion centered on whether banks, regulators, and social media companies are doing enough, with new UK rules forcing a 50/50 liability split between sending and receiving banks for reimbursements.
Fraud-as-a-Service is the game-changer
Elliot Smither’s anecdote is the perfect, horrifying snapshot of where we are. The barrier to entry for high-tech crime has completely collapsed. You don’t need to be a coding genius anymore. You just need a credit card and a dark web marketplace. This turns fraud from a craft into a scalable, subscription-based business model. Organized crime isn’t just dabbling in tech; they’re structuring themselves like SaaS startups. That’s a fundamentally different and more dangerous threat than the phishing emails of yesteryear. It means the volume and sophistication of attacks can increase exponentially, almost overnight. How do you defend against an adversary that can simply upgrade its software package?
The unsustainable blame game
Here’s the thing: everyone on the FT panel agreed more needs to be done, but the real tension is about where the liability stops. Helen Child framed it brilliantly with her “concentric circles” analogy. The bank is the regulated center, surrounded by regulated fintechs, which are then surrounded by the completely unregulated “wild west.” When a scam happens out in that wild west, the victim, who trusts their bank, runs right back to that central circle. The bank ends up holding the bag for failures in a system it doesn’t control. As Helen pointed out, that’s an unsustainable liability model. It doesn’t encourage banks to invest in the broader ecosystem; it encourages them to build higher walls. We need something like an ABTA for financial tech—a trusted accreditation—but we’re nowhere near that yet.
The real source is outside the system
Both Carolina Garces and Ethan Salathiel hit on the crucial, and often missed, point: 70% of these scams originate online, outside the regulated financial ecosystem. They start on social media platforms, dating apps, or encrypted messaging services. The financial system is just the cash-out mechanism. So you can have all the banking regulations in the world, but if you’re not stopping the scam at its source—where the emotional manipulation happens—you’re just playing whack-a-mole at the last possible second. This is where the debate gets really sticky. Can we, or should we, force social media giants and tech platforms to have the same liability as a bank for what happens on their networks? Good luck with that.
Where do we go from here?
So what’s the path forward? The UK’s new reimbursement scheme is a start—it at least forces the industry to share the pain and stop pointing fingers at the victim. But it’s a reactive, financial Band-Aid. The proactive solution has to be systemic. It requires unprecedented collaboration between competitors (banks), sectors (tech and finance), and nations (fraud is borderless). We need real-time data sharing on threats, which is a huge hurdle for paranoid, competitive institutions. And honestly, we probably need a new regulatory framework that acknowledges this interconnected digital ecosystem, rather than trying to force old rules onto a new world. The alternative? Well, the subscription models for fraud tools are only going to get cheaper and better. And that’s a future nobody wants.
