A Scam is Not a Payment Event – it’s an Ecosystem

Why a connected, intelligence-driven anti-fraud strategy can help banks to see the ‘bigger picture’.

By Jonathan Lamb, Lead Engagement Manager, LexisNexis Risk Solutions

Scams rarely start at the bank, yet for too long, banks’ fraud strategies have been built firmly on the assumption that they do.

All too often, fraud prevention and detection mechanisms inside the world’s biggest financial institutions and lenders focus on internal signals, channel-by-channel controls and bank-only liability. This functional approach ignores a fundamental truth. Fraudsters collaborate across agile networks of shared intelligence. If banks are to gain the upper hand, they too must act as a network.

Scams begin far upstream, long before a successful fraudulent payment. Criminals exploit multiple platforms, communication channels, beneficiary networks and devices. Banks’ screening processes must rule out nothing.

The list of entry points is endless. Social media platforms, messaging apps, spoofed phone calls (vishing), smishing and phishing emails, manipulated search engine results, marketplace listings and job boards are just a few of the channels serving as the hook and bait, but what enables a successful scam is not the initial contact, but the journey that follows. Fraudsters establish trust, before creating urgency and isolating the victim so that they actively avoid the advice of others.

Control is key, maintained through a combination of technical enablers and psychological pressure. Remote-access and screen-sharing tools help guide victims through their own devices. Caller-ID spoofing creates an illusion of authority. Elaborate narratives tug the heart strings. Fake dashboards, websites and documentation reinforce legitimacy. Scripted coaching tells victims what to say and what not to say and how to respond if challenged. A combination of motional manipulation, fear, urgency, a desire for love, shame or obligation keep the victim compliant.

Banks know all too well that by the time the scam reaches their door, the narrative is so well entrenched in the victim’s mind that they will do anything within their power to ensure the payment reaches the fraudster.

The best prevention against such a complex set of attack vectors is a 360-degree view of risk across the whole ecosystem. Banks need clear visibility of the upstream threats coming their way in order to prepare for and counter the attacks. This is only possible with a fully connected, intelligence-driven anti-fraud strategy.

Yet most banks still employ siloed fraud controls against these pernicious waves of scams. Digital channels operate independently from online or telephony. Card payment screening operates independently to Faster Payments screening. They monitor outbound payments, but disregard the build up.Behavioural signals remain in digital channels and device signals remain in payment channels. Scam history is invisible to other payment channels such as CHAPS or international payments. Different teams use different data and technology. The list goes on. This creates conditions ripe for scammers to exploit, not because fraud controls are weak, but because they are disconnected.

Central to the issue is the need to understand scams as ecosystems, not payment events. Analysis from LexisNexis Risk Solutions reported more than 324,000 scam payments leaving UK victims’ accounts in 2025 alone, at a total value of £681M.

A scam is a multi-step journey: approach, engage, control, execute and extract. The payment is just one step and not even the most critical one, from a success perspective. What matters most is controlling victim for long enough to make a payment and moving the money quickly through an established laundering route to obfuscate fund recovery.

This is where money mules enter the frame. Far from a side show, mules are a crucial part of the scam ecosystem. We could even go so far to say that if you stop the mules, you stop the scam.

In the UK, this is now reflected in the 50/50 liability regulation, explicitly tying scam prevention to the detection and disruption of mule activity. Mules receive funds, move them on rapidly, layer them through multiple accounts, convert them into crypto or gambling flows, or transfer them offshore. Their dual goals are speed and distance; to evade detection and hinder recovery. In many cases, criminal organisations orchestrate scams and manage the mule networks that launder the proceeds. The latest LexisNexis® Cybercrime Report identified more than 292,000 such mule transactions linked to approximately £80 million in digital-payment value in the UK alone.

Scam disruption efforts must therefore focus on the multitude of entry and touchpoints across the journey: At first engagement, when behavioural signals indicate coaching or pressure; when remote-access tools appear or a device starts behaving unexpectedly; or when a beneficiary suddenly receives funds from known scam victims or inbound funds show mule-like patterns.

With all that in mind, an ideal connected scam strategy starts to look very different from a traditional approach. It replaces a single fraud check at point of payment with a tapestry of signals and risk decisions measured across the customer journey.

Behavioural intelligence informs risk decisions in payments. Inbound risk propagates into outbound controls. Telephony and branch channels see the same scam intelligence as mobile and web channels. Beneficiary and network intelligence inform not only whether a payment should be approved, but whether risk protocols dictate that the institution should freeze or trace activity or escalate risk signals for funds already in the system. AI-driven dynamic messaging interjects at critical points in the journey to educate, inform and break the flow of the scam before the victim authorises the payment.

This is what “a network to fight a network” means in practice. Criminals operate as adaptive, distributed systems. They test which scripts work best, which platforms are weakest, which banks are slowest and which controls can be most easily bypassed. Bad actors adapt their approach when friction appears. A defensive strategy that is fixed, siloed or channel-specific will always lag behind.

A defensive strategy that is connected, intelligent and network-aware can close the gap. The strategic shift, therefore, is not simply from detection to better detection. It is from late detection to early disruption. It is a shift from linear questions like ‘Is this payment fraudulent?’ to ‘Is this customer being manipulated?’ It is a shift from focus on individual events to understanding journeys holistically in real time, across narratives and networks. It is the shift from managing losses to preventing harm. Scams succeed because they operate upstream, across ecosystems and at human level. Scam prevention must do the same.