Protecting Consumers from Financial Scams and Frauds

This section outlines financial consumer protection approaches that public authorities are testing and implementing to protect consumers from financial scams and frauds. As shown in Figure 4.1, such approaches include the development of an official channel for reporting, requirements for financial services providers to report incidents and requirements of strong customer authentication, among others. These approaches are described in more detail in the subsections below, generally following the thematic order of preventing, detecting, stopping, responding and resolving incidents of financial scams and frauds.

Strong customer authentication procedures are frequently used to prevent and detect fraud. Indeed, 70 respondents indicated that there were standards or requirements for financial services providers regarding strong customer authentication requirements. These procedures give consumers extra protection against unauthorised transactions. In Hong Kong (China) and Türkiye, for instance, customers must provide additional confirmation if a high-risk transaction is considered suspicious or otherwise related to fraudulent activity. In Norway and the Slovak Republic, for example, payment service providers must apply strong customer authentication when the payer accesses their payment account online, initiates an electronic payment transaction, and carries out any action through a remote channel. Additionally, the Bank of Zambia issued a circular mandating commercial banks to implement two-factor authentication (2FA) for all card-not-present transactions.

Under the strong customer authentication procedures defined in the European Union’s Payment Services Directive (PSD2), financial services providers must verify the user’s identity using at least two of the following three components:

• something the user knows (e.g. password or PIN)

• something the user has (e.g. smartphone, token, payment card)

• something personal or biometric of the user (e.g. biometric data or facial recognition).

Public authorities, such as the Banco de Portugal, reinforce this obligation by setting out requirements for internal control systems, fraud prevention procedures and risk-based monitoring, including alert mechanisms and customer warnings. In this context, institutions are required to ensure that reporting, analysis and decision making processes relating to deviations, errors, fraud, breaches and other exceptional situations are integrated and implemented on an ongoing basis.

Findings from the joint European Central Bank and European Banking Authority 2025 Report on Payment Fraud (European Banking Authority and European Central Bank, 2025[32]) confirm the beneficial impact of the PSD2 strong authentication requirements: transactions, especially card payments, that were verified using strong customer authentication were less susceptible to fraud than transactions that did not use strong customer authentication. Furthermore, card payment fraud was higher when the payment recipient was outside of the European Economic Area, where strong customer authentication may not have been legally required nor used.

In addition, the European Union’s Payment Services Regulation (PSR), anticipated to enter into force in 2026, would maintain the requirement that strong customer authentication is mandatory for payer-initiated electronic payment transactions, access to payment accounts online, and any action through a remote channel that may imply a risk of payment fraud or other abuse. PSR would also maintain the requirement that strong customer authentication must be based on the use of two or more elements (see above), which must be independent, so that a breach of one will not compromise the reliability of the others. To address concerns that smartphone-centric authentication creates barriers for certain user groups, under PSR payment service providers would need to offer at least one authentication method free of charge suitable for customers who do not have access to digital channels, consumers with disabilities or consumers with low digital skills.

Standards or requirements for financial services providers to detect unauthorised payments or transactions are a common policy to tackle fraud; 60 respondents indicated that such standards or requirements were in place. Five respondents indicated that such standards or requirements were under development. For many jurisdictions, these standards and requirements stem from Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CFT) laws.

In many cases, authentication procedures and transaction monitoring mechanisms are used to detect unauthorised transactions. The aim of these procedures and mechanisms is to correctly identify attempts to use security credentials that were lost, stolen, or misappropriated or to ensure that the user is the legitimate owner of the account. Financial services providers must establish mechanisms for monitoring and identifying unauthorised or fraudulent operations. Thus, unauthorised transactions are usually detected and addressed through regulatory requirements including customer due diligence, transaction monitoring, and other controls such as multi-factor authentication to verify the user. Ideally, monitoring mechanisms should include analysis that can establish the typical, or normal use by the user, which then allows the financial services provider to detect anomalies. Banks or financial services providers then must notify the user if such anomalies are detected.

An example of such standards is the PSD21 in the European Union. Under PSD2, financial services providers are required to establish systems capable of monitoring transactions and must also use multi-factor authentication to verify the identity of users. In the event of unauthorised transactions, financial services providers are obligated to reimburse consumers unless the latter has acted fraudulently or with gross negligence. While these standards are legally mandated, it is important to note that the effectiveness of their implementation varies across institutions; some financial services providers are in the process of upgrading their capabilities to meet these requirements.

Another example is in Malaysia, where banks are required to deploy effective and efficient fraud detection and monitoring mechanisms on a real-time basis, which must capture high-risk transactions and facilitate early detection of unusual payments or transactions. This includes secure forms of authentication, removing all clickable hyperlinks in SMS communications, restricting customers to using only one mobile device for authentication of banking services, strengthening processes for enrolling new mobile devices or changing trusted devices and tightening triggers for blocking suspicious transactions. In Thailand, for instance, the Bank of Thailand mandates that financial institutions develop advanced detection systems, such as Fraud Scoring Models, to trigger risk-proportionate interventions against anomalous transactions. Furthermore, the Bank of Thailand encourages financial institutions to issue proactive warnings to customers who have unknowingly transferred funds to mule accounts. Additionally, in Canada, the Government of Canada announced plans in 2025 to introduce legislation to require banks to implement policies and procedures to prevent fraud targeting consumers, collect and report fraud data to the Financial Consumer Agency of Canada, obtain customers’ explicit consent before enabling high‑risk account features, letting customers disable those features, and allowing personal account holders to set their own transaction limits.

Forty-nine respondents indicated that standards or requirements were in place for financial services providers relating to procedures and/or systems to detect authorised payments or transaction fraud. This scenario refers to consumers being tricked into authorising a transfer of money to an account that they believe belongs to a legitimate payee but is, in fact, controlled by a fraudster or scammer. The distinction between unauthorised and authorised transactions is discussed in Box 4.1. Nine respondents indicated that such standards or requirements were under development.

Many respondents cite the ability to detect authorised transaction fraud as part of broader systems of transaction monitoring. In other words, even if there are not specific standards and requirements for ‘authorised’ transactions initiated through fraudulent means, payment service providers could use the same mechanisms cited above that detect unauthorised or suspicious transactions for this purpose. For example, according to Bank Negara Malaysia, general fraud detection standards that require service providers to detect potential fraud through consumer behaviour profiling will also present opportunities for service providers to develop their capability to detect potential fraud in suspicious or unusual authorised transactions.

In 2024, the Hong Kong Monetary Authority (HKMA) issued guidance on measures to protect bank customers from authorised payment scams (Hong Kong Monetary Authority, 2024[34]). This followed numerous e-banking and payment card security measures, as well as anti-deception initiatives established jointly with the Hong Kong Police Force (HKPF). Measures to protect consumers from authorised payment scams include dynamic monitoring systems capable of identifying high-risk situations or indicators and incorporating customer risk profiles, banking behaviours, transactional information, recent scam trends and typologies as well as external intelligence received through information sharing platforms. The guidance also explained how institutions should promptly alert customers to high-risk situations. If consumers decide to proceed with the transaction regardless of the alerts, institutions could consider further mitigation measures such as temporarily halting the transaction or assessing the need for law enforcement involvement. Lastly, the guidance also stressed the importance of sharing intelligence with other institutions, such as the HKPF and the Anti-Deception Coordination Centre.

Similarly, the European Union has implemented additional measures in Regulation (EU) 2024/886 to combat authorised transaction fraud, such as the verification of the payee by ensuring the name matches the name on the International Bank Account Number (IBAN) for transfers using the Single Euro Payments Area (SEPA) scheme. If the recipient’s name and IBAN do not match, the payer will be alerted (European Union, 2024[35]). Another protection measure being considered by the European Union is to restrict money transfers only to pre-approved wallets or recipients. Under the proposed Payment Services Regulation (PSR), expected to enter into force in 2026, the verification of payee requirements cited above would be expanded to apply to all credit transfers (electronic payments). For more details about PSR, please see Box 4.2. The verification service will be free for consumers and must operate within a few seconds to avoid undue friction. Such verification is an effective tool against misdirected payments and authorised push payment fraud.

In Italy, for example, the Banca d’Italia reported that 1 577 fraud alerts were issued, including about 7 700 fraudulent IBANs (a 230% increase in 2024 from 2023) and over 400 notices on merchants linked to fraud. Furthermore, while the number of anomalous transactions decreased, their monetary amounts grew, and 90% of fraud cases involved user-authorised payments via strong customer authentication, reflecting increasingly sophisticated payer manipulation techniques by fraudsters.

Fifty respondents indicated that there were standards or requirements in place relating to training of financial services providers’ staff to detect and recognise financial scams and frauds. Five respondents indicated that such standards or requirements were under development. These standards and requirements are frequently part of AML/CFT requirements, where the existing regulation is used to ensure that financial services providers are training their staff to recognise suspicious behaviour.

Training staff to detect and recognise fraud is an important element of fraud detection and prevention. For example, a 2024 Australian Securities and Investments Commission (ASIC) report on anti-scam practices of 15 banks highlighted instances where frontline staff missed red flags alerting to scams or neglected to properly escalate cases when identified, resulting in avoidable financial loss and increased distress for customers (Australian Securities & Investments Commission, 2024[36]). Furthermore, only two of six banks that were reviewed in-depth had policies and procedures for frontline staff that covered the key areas of identifying and responding to scams, supporting scammed customers and caring for customers experiencing vulnerability. In 2025, the Government of Canada announced its intent to introduce legislative amendments to require banks to ensure employees are trained on preventing and detecting fraud; at the time of publication the amendments had received royal assent but had not yet come into force as they required regulations to be operationalised.

Only 7 respondents have adopted Artificial Intelligence (AI) tools to detect financial scams and frauds, but 51 respondents are aware of the use of AI tools by regulated entities to detect or prevent financial scams and frauds. Nineteen respondents indicated that such tools were under development, including AI embedded in chatbots or SupTech tools. For instance, the Financial Services Agency of Japan issued an AI discussion paper in March 2025 that detailed the state and challenges of AI utilisation in financial institutions, as more than 90% of surveyed financial institutions in Japan use AI to streamline their operations, assist in customer service, engage in advanced risk management including fraud detection, and conduct market forecasting (Financial Services Agency of Japan, 2025[37]). In other instances, some authorities use AI for market and media sentiment analysis (Hong Kong Monetary Authority), complaints analysis (CONSOB and Banca d’Italia), web crawling (CONSOB) or systems that use machine learning to identify details of password input and button pressing to detect potential threats (Israel). For example, the Securities and Exchange Commission (SEC) of Thailand and the National Securities Market Commission (CNMV) of Spain are exploring the use of AI to help detect investment scams. Additionally, at the Capital Market Authority of Montenegro, AI is used to help identify companies from countries that may not be aligned with AML standards. Another example is in Ireland, where the Central Bank of Ireland developed an Innovation Sandbox Programme where seven participants are working to develop technological solutions for combatting financial crime (Central Bank of Ireland, 2026[38]).

Artificial intelligence can also be embedded in transaction and payment monitoring systems. For example, the Bank of Thailand requires commercial banks and e-money service providers to integrate artificial intelligence and machine learning into their monitoring systems. The technology is used to conduct real-time risk assessments on transactions and accounts, specifically targeting potential victims and high-risk mule accounts. In Hungary, for instance, the Central Fraud Monitoring System analyses payment transactions and provides information on the risk of payment fraud; payment service providers are required to send data to this system. In Spain, for example, Iberpay, the operator of the Spanish payment system (national electronic clearing system – SNCE), launched a sector-wide service “Payguard” that leverages AI to combat financial fraud in account-to-account payments. In Malaysia, since 2024 the National Fraud Portal enables fund tracing and rapid fraud response via information sharing among participants, supported by upcoming AI capabilities to proactively identify suspicious transactions and detect potential mule accounts.

Furthermore, among respondents, there is also awareness that financial services providers themselves have implemented various AI tools and applications to detect and prevent fraud, with varying degrees of advancement and maturity. For example, both the Central Bank of the Republic of Argentina and the Securities and Exchange Commission of Sri Lanka explained how financial services providers have begun exploring and adopting AI-enabled fraud detection. The benefit of harnessing AI for fraud detection is that AI systems can process large volumes of transactions in real time. According to the National Bank of the Republic of North Macedonia, licensed payment service providers are using commercially available monitoring tools such as IBM Trusteer, XTN Cognitive Security, and other commercially available monitoring tools to identify sudden changes in account usage or transactions that do not align with a user’s typical usage or behaviour. In Poland, for instance, a recent AI tool for behavioural biometry is being leveraged by mobile banking providers. The tool analyses usage patterns based on mobile device sensors to create a digital fingerprint, which can be used to detect a situation in which another person is trying to use or take control of the mobile device.

In general, AI tools are part of broader transaction monitoring or security systems rather than isolated anti-fraud solutions. While these tools might not have been designed to analyse fraud specifically, their transaction monitoring capabilities have a practical application for the detection and prevention of financial scams and frauds.

Fifty-nine respondents indicated that there were standards or requirements in place for financial services providers to halt or stop fraud if detected. Seven respondents indicated that their standards or requirements were under development. Frequently, such standards and requirements lead to payment service providers not undertaking a transaction if it would violate existing laws. In accordance with existing regulations to detect unauthorised or fraudulent transactions, providers are usually authorised to act in the case of unauthorised or suspicious transactions. For example, payment service providers in Hungary can reserve the right to block a payment instrument for reasons related to suspicions of unauthorised or fraudulent use of a payment instrument, and they must inform the user of this blocking. If such activity is not stopped, the burden or liability could fall on the payment service provider; similar policy settings have been promoted by the National Bank of Georgia and the National Bank of North Macedonia. The European Union’s Payment Service Regulation (PSR), once enacted, will provide a framework for transaction blocking in certain cases.

In Thailand, for example, the SEC Thailand requires cryptocurrency exchanges to have procedures for the temporary freezing of suspicious accounts and the conduct of additional customer verification. The Bank of Thailand mandates that financial services providers and e-payment service providers establish protocols for the temporary freezing of suspicious accounts and enhanced customer verification. Retail banks in Hong Kong (China), for instance, have implemented a 24/7 stop payment mechanism, which enables timely assistance to victims by intercepting funds upon receiving intelligence from the Hong Kong Police Force about fraudulent activity. In addition, in Ontario, Canada, the National Instrument 31-103 sets out conditions under which registered financial services providers may place a temporary hold on transactions, withdrawals or transfers if there is a reasonable belief that there is financial exploitation of the account holder (Ontario Securities Commission, 2022[39]). Additionally, the Government of Canada announced the introduction of legislative amendments to require banks to implement policies and procedures that include criteria they will use to decide whether to suspend or cancel suspicious transactions.

Account settings can also assist in preventing or halting fraud. For example, certain account settings such as maximum withdrawal limits and transfer limits can potentially prevent financial fraud. Forty-four respondents have standards or requirements for regulated institutions to allow customers to personalise these account settings. In Israel, for instance, providers are required to allow customers to set a limit (i.e. maximum charge) for a direct debit authorisation and to set an expiration date for the authorisation. Other respondents indicated that even without such standards or requirements written into regulation, individual financial services providers offer such functionality to their clients or have implemented daily withdrawal and transfer limits. For instance, the Bank of Lao PDR shared that payment services providers allow customers to personalise account settings such as enabling or disabling card usage online and/or abroad, as well as setting QR code payment limits.

Standards or requirements for financial services providers to report incidents of financial scams and frauds were cited by three-quarters of respondents. Often, such reporting requirements are defined in AML/CFT regulations and laws. Depending on the jurisdiction, data on financial scams and frauds must be reported to different regulators or supervisors. As shown in Figure 4.2, this data is most commonly reported to market conduct regulators or AML/CFT regulators, while 22 respondents (30% of those with such requirements) indicated such data must also be reported to the police or other law enforcement bodies. In Canada, for instance, the Department of Finance Canada recently announced legislative amendments that will require banks to report fraud data to the Financial Consumer Agency of Canada on an annual basis. Collaboration across different authorities with respect to data gathering and intelligence sharing is further discussed in Section 5.

As for consumers, 77 respondents indicated there was an official channel for consumers to report incidents of fraud. In some jurisdictions, it is a regulatory requirement for financial services providers to have a dedicated reporting channel for their consumers. Many respondents also noted the presence of multiple reporting channels available to consumers, including those run by individual financial services providers, the police or law enforcement bodies, and other public authorities that may operate their own hotline or reporting channel. This can pose challenges for consumers who wish to report the incident: for example, the Financial Markets Authority (FMA) of New Zealand acknowledged that consumers must determine themselves which government department could assist with their particular financial scam or fraud and then navigate to their website to see where they can report the incident. Depending on the institutional and data sharing arrangements, there may not be one centralised database for consumer-reported incidents of financial scams and frauds.

Regardless of the number of reporting channels available to consumers, consumers must be made aware of these channels in order to use them. Educating consumers about reporting channels is discussed further in subsection 4.3.2.

Figure 4.3 shows the number of respondents who indicated whether liability and reimbursement standards or requirements were in place, under development or not in place. Fifty-eight respondents indicated there were liability rules or arrangements for financial services providers concerning financial scams and frauds, while 45 respondents indicated they had reimbursement standards or requirements concerning financial scams and frauds in place. In Québec, Canada for instance, Fonds d’indemnisation des services financiers provides protection to Québec consumers and can compensate fraud victims of financial intermediaries up to a maximum compensation of CAD 200 000 per claim (Autorité des Marchés Financiers Québec, 2026[40]). AMF Québec analyses a claim, determines their eligibility for this compensation, and sets the amount of compensation to be paid to the victim.

Liability rules primarily pertain to unauthorised transactions, where financial services providers are usually required to reimburse the funds unless the customer is guilty of gross negligence or fraud. For instance, in Italy, Banca d’Italia issued a communication to the industry to draw the attention of payment service providers to the need to adopt practices that comply with the relevant PSD2 rules and that are based on the principle of fairness in customer relations (Banca d'Italia, 2023[41]). Financial services providers are generally not held liable when transfers are initiated or approved by the consumer; they are only liable if the transfer is made without the consumer’s consent.

A significant challenge arises in determining liability in the case of authorised transaction fraud or authorised push payment (APP) fraud. Generally, victims of APP fraud are not eligible for compensation from their financial services provider. However, a handful of jurisdictions have begun addressing this question of liability, recognising that under some circumstances technical authorisation should not be determinative of ultimate liability.

For example, in the United Kingdom, beginning on 7 October 2024, a new legal requirement specified mandatory reimbursement for most APP fraud cases using the Fast Payments system (Sullivan, 2024[42]). This was the first mandatory regime of its kind globally. Under this regime, reimbursement costs are shared between the sending and receiving banks.

Another example is in the Netherlands, where banks affiliated with the Dutch Banking Association have decided to offer compensation if a consumer falls victim to bank-help-desk spoofing (i.e. a fraudster contacts a victim pretending to be an employee of a bank’s help desk), under certain circumstances (Dutch Banking Association, 2021[43]). The consumer must report the incident to the police, provide the name and phone number of the bank that was spoofed, provide some evidence that spoofing occurred, and the victim must be a private (non-business) customer. Similarly, in the European Union, the European Commission’s Payment Services Regulation (PSR), expected to come into force in 2026, provides that, where a consumer has been manipulated by a third party pretending to be the consumer’s payment service provider using communications channels attributed to the payment service provider, the provider must refund the consumer the full amount of the resulting “fraudulent authorised payment transaction,” provided that the consumer has reported the fraud to the police and notified the payment service provider, and unless the consumer has acted fraudulently or with gross negligence. Box 4.2 provides a summary of some of the key anti-fraud measures expected under PSR. In Japan, for instance, the Remittance Fraud Relief Act stipulates procedures that allow victims of APP fraud to receive compensation from financial institutions for all or part of their losses.

There are three key challenges in implementing or improving the effectiveness of financial consumer protection measures to detect and prevent financial scams and frauds.

The first relates to the capacity of financial services providers and their ability to effectively monitor data and the high volume of transactions. Many respondents noted that inadequate monitoring and detection systems, and resource constraints for such systems and the training of staff, hinder financial services providers’ ability to effectively detect and prevent financial scams and frauds. Furthermore, respondents shared that a significant challenge for financial services providers is that legacy systems might not yet be equipped to meet real-time monitoring requirements, thus financial services providers will likely need to dedicate significant resources and investment to upgrade these systems and strengthen fraud controls. 

The second challenge relates to consumer education and awareness around financial consumer protection measures: consumers must be aware of the importance of procedures such as strong customer authentication and how to effectively use them. Many respondents stressed the important role of awareness campaigns and digital literacy initiatives so that consumers can safely engage with digital financial services. This knowledge is especially important for consumers who may have lower levels of digital capabilities and financial literacy.

The third challenge is improving the co-ordination among public authorities and across the financial ecosystem. Respondents noted that a lack of co-ordination and/or a central database of incidents of financial scams and frauds hinders their ability to effectively detect and prevent financial scams and frauds. Additionally, this is made more challenging given the increasing sophistication of financial scams and frauds, including the generation of deepfakes and advanced social engineering attacks using artificial intelligence.

As discussed in Chapter 2 of this report, many jurisdictions are concerned about the levels of digital financial literacy and digital capabilities of consumers. It is important that consumers are aware of common types of financial scams and frauds, including how to spot a scam or fraud attempt and what to do if they believe they are being targeted. Indeed, research indicates that consumers who can identify different signs or cues of financial scams and frauds (sometimes called ‘fraud literacy’) are less likely to fall victim (Us-Salam, Jose and Kelly, 2026[44]). Furthermore, consumers must understand the importance of multi-factor authentication and learn how to use these procedures. Public authorities therefore acknowledge the vital role that awareness campaigns and financial literacy initiatives play in helping to ensure consumers can safely engage with digital financial services. Indeed, 73 respondents indicated that fraud awareness is included in the country or economy’s National Financial Education or Financial Inclusion Strategy. The majority of respondents are therefore making efforts to raise awareness of financial scams and frauds, often in collaboration with other public authorities.

While any consumer can become a victim of a financial scam or fraud, consumers with lower levels of digital capabilities or digital financial literacy may be at a heightened risk when interacting with social media platforms and using digital financial products and services. Within increasingly digitalised credit markets, vulnerable consumers may be at heightened risk of harm. For instance, financially vulnerable consumers may be preoccupied with financial concerns that increase their cognitive load and make them less attentive to potential signs of scams (Mani et al., 2013[24]). Other research suggests that consumers who may be vulnerable due to low financial capability, cognitive decline, or material hardship were more likely to report experiencing mistreatment when interacting with financial services and to report having their financial accounts compromised (Lim and Letkiewicz, 2023[29]). Financial education therefore plays a critical role alongside financial consumer protection policies to strengthen consumers’ resilience against misleading or fraudulent practices. This section discusses financial education approaches that are currently being put into practice or tested.

Eighty-two respondents have led or participated in consumer awareness campaigns about financial scams and frauds. As shown in Figure 4.5, 71 respondents participated in awareness campaigns that targeted all financial consumers; 29 respondents have participated in awareness campaigns that focused on certain segments of the population, including young adults, older adults, retail investors, high-net-worth clients of investment companies, and residents of regions most affected by recent fraudulent activity. For certain segments of the population, such as older adults and adults with limited digital skills, targeted campaigns that include in-person seminars, simplified education materials and outreach though traditional media channels, may be more effective than general awareness campaigns. Twenty-two respondents indicated that they have participated in both types of campaigns, general and targeted.

Respondents also reported timing their campaigns with other events to increase engagement. Some respondents, including the Capital Markets Commission of Angola, the Financial Market Authority of New Zealand, and Banco de Portugal, find it useful to organise their campaigns around larger consumer awareness campaigns, such as World Investor Week,2 to help increase engagement and the reach of the campaign. For instance, by leveraging World Investor Week, the Financial Market Authority of New Zealand’s scam awareness campaign on social media was displayed over 30.8 million times and drew nearly 5 500 new social media followers.

Many respondents mentioned engagement with the 2024 Global Money Week campaign,3 which targeted young people and focused on digital financial education and cybersecurity. These respondents included Banco de España, Banca d’Italia, the National Commission for the Protection and Defense of Financial Services Users (CONDUSEF) in Mexico, the Superintendency of Banking, Insurance and Private Pension Funds (SBS) in Peru along with the central banks of Brazil, Georgia, Kosovo, Montenegro, Latvia, Lithuania, Portugal and Uzbekistan. Overall, 98 jurisdictions participated in 2024 Global Money Week, with 24.6 million children and youth participating through online and offline activities.4

Other examples of timed campaigns include:

• In Brazil, financial protection against frauds and scams was chosen as the key theme for the 2024 National Week on Financial Education, with almost 700 000 people participating in activities.

• In Germany, the roundtable on fraud prevention (a collaboration platform provided by the German central bank with participants from several ministries and national competent authorities, the banking industry, international payment providers, telecommunication and platform providers, merchant associations and other organisations) has agreed to launch a national awareness campaign via online channels in autumn.

• Both the Central Bank of Ireland and the Competition and Consumer Protection Commission run annual public awareness campaigns during sales and holiday periods; in October 2024, the Competition and Consumer Protection Commission’s Black Friday/pre-Christmas Shopping Awareness campaign reached over 7 million unique users.

• In Italy, Banca d’Italia leverages nationwide events and campaigns – also in collaboration with the national public television Rai and consumer associations – to promote financial literacy and raise citizens’ awareness of scams and practical self-protection measures.

• Banco de Portugal carries out awareness-raising activities during European Cybersecurity Month, as well as during other periods in which online shopping is typically heightened, including Black Friday and the Christmas season.

Other respondents use different media to reach consumers. In Italy, for instance, CONSOB has developed two educational theatre shows to educate citizens about fraud and crypto scams, as well as a short video distributed on institutional social media channels and national media to warn citizens about misleading offers received by telephone or via social media. In Lithuania, for example, the Bank of Lithuania (Lietuvos bankas) developed a strategic educational board game aimed at strengthening consumers’ ability to recognise financial fraud and protect their money and personal data (Lietuvos Bankas Eurosistema, 2025[45]). Another example is in India, where the Reserve Bank of India produced a booklet for schoolchildren that explains the different modus operandi of financial fraudsters. Lastly, the SEC Thailand developed a song and animated music video to empower investors to “think twice” before investing when faced with five warning signs of fraud. The song and music video were disseminated widely through various channels, including through influencer collaborations, a TikTok song cover contest and digital screens at major airports in Thailand. The SEC’s collaboration with finfluencers under the SEC Responsible Voices Project further amplified the reach of investor protection messages; this project has a combined reach of more than 14 million followers.

Given that many financial scams and frauds are committed online, respondents frequently leverage digital channels to educate consumers and issue warnings. This includes sharing content on their official website or circulating information on social media (and traditional media). For example, the National Securities Market Commission (CNMV) of Spain, through its Investor’s Portal, provides a range of dedicated resources (guides, infographics, online courses, etc.) on financial fraud, including information on the main types of fraud and guidance on what to do when in doubt. In Ireland, the Competition and Consumer Protection Commission’s “Scam University” features an online curriculum dedicated to informing consumers about a wide variety of scams; six different modules cover fake online shops, phishing, rental scams, investment scams, social media scams and romance scams.5

Many respondents also operate websites where consumers can check whether a provider is regulated in their jurisdiction, or if an online site is a legitimate domain. For example, BaFin has a database of regulated companies in Germany, while in the Netherlands, the Dutch AFM launched checkjeaanbieder.nl (check your provider), where consumers can check whether a party is known as fraudulent or is registered as a Dutch AFM licensee. In Thailand, the SEC promotes the “SEC Check First” verification tool to encourage scam reporting and help the public verify licensed capital market and digital asset service providers. Additionally, the UK FCA launched its Firm Checker via a promotional campaign in 2026, wherein the FCA’s mascot “Emil the Seal” delivered messages about the dangers of investment scams and the importance of verifying the legitimacy of financial services providers (Financial Conduct Authority, 2026[46]).

Some respondents have measured the reach and engagement of their campaigns. For example, in the Netherlands a broad campaign by the Dutch AFM on investment fraud, dating scams and supervisory authority impersonation scams was viewed 18 million times through advertisements on Meta, YouTube and the Google Display network. The fraud and scam awareness social media campaign of South Africa’s Financial Sector Conduct Authority, for instance, was displayed over 55 000 times, with more than 6 000 unique users viewing the content and over 2 000 unique users interacting with it. The Polish Ministry of Finance media campaign included outreach towards youth (13–17-year-olds) via TikTok and Instagram posts, which received 20–30 million views and approximately 80 000 clicks.

Notably, 80 respondents reported that as part of their consumer outreach initiatives, they provide guidance to consumers on where to report incidents of fraud or how to seek redress. These initiatives clarify which institution(s) should be contacted depending on the payment instrument used, stress the importance of reporting incidents immediately, and provide guidance on available protections and reimbursement procedures.

Mechanisms for reporting financial scams and seeking redress are often integrated into financial education efforts through clear guidance, accessible reporting channels, and structured escalation pathways. Many authorities provide dedicated website sections, hotlines, and online forms; for example, Italy’s CONSOB offers “Watch for scams” and “Avvisi ai risparmiatori” webpages, alongside helplines, while France (AMF) and Spain enable reporting via online forms or helplines with guidance on next steps. The SEC Thailand, for instance, set up an “Investment Scam hotline” in November 2023 to encourage the public and investors to seek advice and report suspected scams.

This is often complemented by the inclusion of reporting information in education and awareness activities, such as South Africa’s outreach programmes that provide Ombud contacts and complaint procedures, or Hungary’s campaigns emphasising immediate action (e.g. contacting banks, police, or cybersecurity authorities). Banca d’Italia, for example, undertakes initiatives to inform consumers about how to report financial scams and request reimbursement. A common feature is a tiered reporting approach, whereby consumers are first directed to contact financial services providers, and, if unresolved, escalate complaints to regulators, ombudsman schemes, or courts.

In addition, many frameworks stress rapid response and behavioural guidance, encouraging immediate actions such as blocking accounts, collecting evidence, and notifying police. Other respondents, such as Romania, stressed that reporting fraud is essential not only for resolving specific victimisations, but also forms part of one’s civic duty, as reporting helps others who may be in danger of becoming victims.

Finally, reporting mechanisms are often embedded within multi-channel initiatives, including consumer portals, national hotlines, educational campaigns (e.g. Portugal’s #toptip campaign), and integrated digital tools (e.g. chatbots in the Philippines).

Programmes or initiatives designed to raise digital financial literacy levels of consumers can also help consumers protect themselves from becoming victim to financial scams and frauds. Indeed, 76 respondents have led or participated in programmes or initiatives to raise digital financial literacy and/or digital capabilities, either among all financial consumers or targeted towards certain segments of consumers, including youth, entrepreneurs, older adults or migrants. According to the most recent OECD/INFE Survey of Adult Financial Literacy, across 39 participating jurisdictions, digital financial literacy levels were relatively low; 29% of adults reached the target minimum digital financial literacy score (70 out of 100 points) (OECD, 2023[14]) (see Figure 4.6). This suggests that many adults may not have the requisite knowledge, behaviours or attitudes to safely engage with digital financial services.

As the financial sector becomes increasingly digital, it is important that financial consumers can keep their personal information and personal finances safe from cyberattacks, fraud, scams or misuse. It is equally important that financial consumers are aware of how to use digital devices safely, particularly older adults and other groups who may have lower levels of digital confidence. Indeed, the ability to use digital services safely and protect one’s personal data can protect consumers from financial scams and frauds: for example, a study by Graham and Triplett (2016) found that higher levels of digital literacy decreased the odds of responding to a phishing email (Graham and Triplett, 2016[47]). Programmes or initiatives to raise digital financial literacy therefore frequently also aim to help educate consumers about risky behaviours. For example:

• Banca d’Italia is rolling out a nationwide digital financial education programme for seniors and low-skilled adults covering digital banking, financial products and fraud.

• Bank of Zambia participated in campaigns to help consumers participate safely in the digital payment ecosystem.

• In the Philippines, the central bank (Bangko Sentral ng Pilipinas) developed the BSP E-Learning Academy (BELA), a free online learning platform with a dedicated module on digital financial literacy, focused on fraud and scams awareness.

• In Moldova, a financial education campaign included information materials on financial scams and frauds along with seminars on preventing and combating money laundering and terrorist financing. The outreach of this campaign was estimated to have reached around 20 000 people.

• The Banco Central do Brasil launched a short video series on social media called “BC te Explica” (which means: the Central Bank explains). These weekly videos use casual and simple language and are aimed at the general public to address important issues of digital financial literacy, including scams and frauds, Pix (instant payment system) and open banking.

Box 4.3 discusses lessons from academic research and programme evaluations on which interventions may be most effective at reducing consumer susceptibility to financial scams and frauds.

Several respondents are collaborating with other public authorities on public awareness campaigns and initiatives to strengthen (digital) financial literacy. For example, AMF Québec, the Financial Superintendency of Colombia, the National Bank of Georgia, and the Banco de España collaborate with various authorities in their respective jurisdictions on financial education initiatives.

In Hungary, for instance, multiple authorities and government ministries collaborated on the KiberPajzs (“CyberShield”) project (Central Bank of Hungary (MNB) et al., 2022[57]), which aims to create user awareness around financial security risks in online spaces and raise basic digital security knowledge among financial consumers.

Another example is in Brazil, where the central bank has developed a financial education platform in partnership with the Brazilian Federation of Banks (Febraban). This online platform is free for any user, and offers personalised learning paths based on the user's Financial Health Index, which is calculated in the platform based on a questionnaire. The topics covered on the learning paths include frauds and scams, access to, and use of, digital financial products and services, budgeting, saving, and investments.

In Austria, for example, the central bank Oesterreichische Nationalbank (OeNB) developed a joint initiative with law enforcement as part of their new project “Generationen gemeinsam sicher.” (Oesterreichische Nationalbank, n.d.[58]) This initiative aims to strengthen fraud prevention across generations by educating students and then having them, under supervision, share this knowledge with older adults, thereby facilitating an intergenerational exchange of knowledge and experiences. The project also includes a series of short interactive videos, each dedicated to a specific scam type.

Many respondents have embedded fraud awareness into national financial education or inclusion strategies.

At the strategic objective level, several respondents explicitly include fraud awareness as a core goal linked to broader priorities such as financial resilience, inclusion, or digitalisation. For example, Ireland frames “increasing awareness of financial abuse, fraud and scams” as a specific objective within its national strategy, while Poland links fraud awareness directly to maintaining financial well-being in a digitalised financial system. Ukraine and Austria provide other examples of integrating fraud prevention into overarching strategic outcomes (e.g. protecting the population from fraud or strengthening awareness of scams, particularly online). For instance, in Austria and Portugal, the number of fraud victims is included as an indicator within the national strategies’ evaluation frameworks (OECD, 2021[59]; OECD, 2023[60]). As another example, fraud awareness and prevention are integral components of Canada's National Financial Literacy Strategy (2021–2026). Spearheaded by the Financial Consumer Agency of Canada (FCAC), the strategy aims to enhance Canadians' financial resilience by equipping them with the knowledge and tools to recognise and avoid fraud and scams.

Strategies commonly integrate fraud awareness through competency frameworks and learning outcomes, ensuring it is embedded in education systems and programmes. For example, the EU/OECD-INFE financial competence framework for adults includes competencies related to the awareness and ability of individuals to react to fraudulent situations, including the ability to report scams and fraud to the relevant authority (European Union/OECD, 2022[61]). In Italy, for example, competencies include recognising phishing, identity theft, fake investment platforms, and understanding how to respond to fraud.

Integration often occurs through specific measures and action plans, which operationalise fraud awareness through concrete interventions. Many countries include:

• public awareness campaigns and communication actions (e.g. Argentina’s campaigns on phishing and identity theft; South Africa’s recurring “Warning Wednesday” scam alerts; Austria’s mass communication campaigns)

• dedicated tools and platforms (e.g. France’s public website section on scams; Peru’s suite of resources including courses, games, and fraud-awareness platforms)

• targeted educational programmes (e.g. Spain’s training for new users of digital financial services; Romania’s workplace-focused adult education; school curricula in Slovakia).

Many strategies embed fraud awareness within digital financial literacy and inclusion agendas, reflecting the growing importance of online and platform-based financial services. For example, since 2023, the Banco de Portugal has had in place an evidence-based strategy on digital financial literacy to foster the safe use and trust of digital financial products and services, which was developed jointly with the OECD and the European Commission and includes specific objectives, actions and performance measures related to financial scams and frauds (OECD, 2023[60]). Other respondents similarly reported integrating fraud prevention into initiatives promoting digital literacy and access.

Several respondents highlighted multi-stakeholder approaches, such as:

• national platforms or committees co-ordinating financial education

• cross-government strategies aligning financial literacy with payments, inclusion, or social policies

• dedicated working groups or advisory bodies.

Several challenges may arise when designing and using financial education or consumer awareness campaigns to prevent or mitigate financial scams and frauds. Notably, respondents acknowledged the biases that shape consumer behaviour, and that these biases may make some consumers inherently more distrustful of the formal financial system or susceptible to fraudsters’ manipulations of human emotions. Respondents noted that victims of financial scams or fraud frequently felt enormous pressure to act quickly; in their haste to respond, their judgement became clouded and fraudsters were more easily able to manipulate them.

Respondents also noted that outreach efforts and awareness campaigns can be costly. Outreach efforts are also more difficult with certain groups of the population, such as consumers who may be vulnerable due to personal characteristics or circumstances or those who do not engage frequently with online media. Another challenge is that it can be difficult to measure the impact or success of public awareness campaigns. Lastly, some respondents noted that when multiple public authorities are involved in addressing financial scams and frauds, it is more difficult to co-ordinate and apply consistent messaging in outreach campaigns.