Protecting Consumers from Financial Scams and Frauds

There are a range of factors contributing to the rise in the incidence and severity of financial scams and frauds. This includes the increased sophistication of scams and frauds, which may leverage artificial intelligence, deepfakes, and the ever-changing digital landscape to create new and sophisticated schemes, putting all consumers at risk of becoming victims. Furthermore, in rapidly evolving digital environments, lower levels of digital financial literacy or digital capabilities leave financial consumers vulnerable to becoming victims. Financial consumers may fail to identify fraudulent schemes, to understand the security features and elements used to authenticate applications, websites or transactions, or to know how to correctly use security measures implemented by service providers (such as push notifications or multi-factor authentication). As usage and access to social media platforms continues to grow, consumers may be unaware that these platforms do not vet financial advice or endorsements. Many consumers may therefore be willing to trust viral or popular content on these platforms. Consumers may also provide personal data on these platforms, making them targets for fraudsters and scammers who can use the information to gain access to accounts.

Additionally, inadequate systems to detect or prevent unauthorised transactions or payments are also driving an increase in the incidence and severity of financial scams and frauds. Detection algorithms used by financial services providers may not always be robust, and integrating new technology (e.g. AI, machine learning) to enhance fraud detection can be costly, particularly for smaller institutions with limited budgets or systems. Fraudsters can exploit existing gaps in institutions’ prevention and detection systems, which can result in significant financial losses for both consumers and institutions.

In this landscape, it is important for public authorities to collect, or have access to, data on the incidence and severity (i.e. amount of financial loss) of financial scams and frauds. The value of having a typology or classification system is that it allows public authorities to engage in more systematic monitoring and analysis of different types of financial fraud, to identify patterns or high-risk areas, track trends, and allocate resources effectively. This evidence base can inform risk-based supervision and help authorities target their response and monitor further developments.

As seen in sections 4 and 5, respondents to the Questionnaire are implementing a range of financial consumer protection and financial education approaches to protect financial consumers from becoming victims of financial scams or frauds. While there is no single policy or regulation that can effectively protect all financial consumers, this section highlights policy recommendations, drawing on effective financial consumer protection and financial education approaches to protect consumers from financial scams and frauds.

Protecting consumers from financial scams and frauds begins with the establishment and enforcement of robust financial consumer protection frameworks at the national level. The G20/OECD High-Level Principles on Financial Consumer Protection (the Financial Consumer Protection Principles) are the international standard setting out the essential elements for comprehensive and effective financial consumer protection frameworks. As a starting point, all jurisdictions are encouraged to establish a legal, policy and regulatory framework that aligns with the Financial Consumer Protection Principles.

The Financial Consumer Protection Principles specifically cover the risk of financial scams and frauds, through Principle 10 on the protection of consumer assets against fraud, scams and misuse. As stated in this Principle, protection mechanisms should be appropriately developed and implemented by oversight authorities and financial services providers, and should be readily adapted to the ways digital products, cross-border transactions and new types of financial products and services may heighten security risks and consumers’ exposure to financial scams and frauds.

Public authorities should also work to ensure financial services providers themselves have effective mechanisms in place to protect consumers from financial scams and frauds. This includes, for example, strengthening regulatory expectations around secure systems with effective means to monitor transactions (ideally in real-time), adequate safeguards such as know-your-customer (KYC), due diligence controls and multi-factor authentication procedures to ensure the user is legitimately providing consent. Indeed, a majority of respondents indicated that inadequate systems to detect or prevent unauthorised transactions and payments on the part of financial services providers were a key driver of the recent increase in the incidence and severity of financial scams and frauds. This highlights the continued importance of standards or requirements for effective systems to detect suspected incidences of fraud alongside robust cybersecurity measures.

It is crucial that financial services providers continuously engage and strengthen their consumer protection mechanisms against fraud. Databases such as IOSCO’s I-SCAN network can serve to facilitate these efforts. Supervisory guidance that establishes expectations around monitoring risks from emerging technologies, such as AI-generated deepfakes and impersonation scams, can further strengthen protection against fraud.

The increased sophistication of scammers and fraudsters, and the growing severity of this issue for consumers, highlight the importance of allocating sufficient resources to the detection and prevention of financial scams and frauds, by public authorities and financial services providers. Respondents to the Questionnaire pointed out how tools that leverage advanced analytics, machine learning and other artificial intelligence may assist staff in analysing transactions and more quickly flag suspicious or fraudulent behaviour.

Another important fraud prevention mechanism is preventing bad actors from accessing financial services in the first place, so such actors are unable to carry out financial crimes such as fraud and money laundering. Alongside reinforcing robust protection measures and ensuring financial services providers have effective fraud detection and blocking mechanisms in place, it is equally important that financial services providers strictly follow AML/CFT requirements. Jurisdictions are also encouraged to review the FATF Recommendations and to identify the money laundering and terrorist financing risks they may be exposed to, as well as consider the FATF guidance on how addressing illicit finance and financial inclusion are mutually supportive policy goals (Financial Action Task Force, 2025[67]). Additionally, conduct supervisors should prioritise the supervision and enforcement of AML/CFT standards and requirements, which are dedicated to ensuring that financial services are not being used for financial crime. At the same time, efforts to combat financial scams and frauds require a careful balance similar to that in AML/CFT, as overly stringent controls or de-risking practices may unintentionally exclude legitimate users from accessing formal financial services, potentially undermining financial inclusion objectives.

Liability and redress mechanisms are an important component of financial consumer protection mechanisms. As stated in Principle 10 of the Financial Consumer Protection Principles, there should be clear and transparent liability arrangements between financial services providers and consumers in the event of financial loss. Mandatory reimbursement rules and shared-responsibility models can help jurisdictions design fair liability and redress policies. Additionally, the Financial Consumer Protection Principles highlight the importance of strong and effective legal, judicial or supervisory mechanisms to protect consumers from and sanction against misconduct, financial frauds, abuses and errors.

In this context, fair liability and redress would mean that victims are not left bearing undue loss and that the redress process is accessible, timely, transparent and proportionate. Fair liability and redress require a clear and balanced approach for determining responsibility, and proper incentives for both financial services providers and consumers to proactively prevent financial scams and frauds. For instance, financial services providers are liable when, for example, fraud detection systems are inadequate. Victims, on the other hand, would bear responsibility if they acted with gross negligence while recognising that in some circumstances, technical authorisation of a payment should not be determinative of liability.

Furthermore, the accessibility and ease of this process are crucial to ensuring fair outcomes for consumers. This means having simple reporting procedures, not having excessive documentation burdens for consumers, and providing additional support for consumers who may be experiencing vulnerability. The aim is to avoid complex legalistic claims processes and systems that would discourage victims from reporting and pursuing recovery of their lost funds. Lastly, such redress procedures should be fully transparent so that victims understand why a decision was made, what evidence was considered to make the decision and how to challenge or appeal the outcome if deemed unsatisfactory. In sum, fair liability and redress are not simply about refunding money to victims; they also promote equity, trust and accountability in the financial sector.

If a financial scam or fraud occurs, it is important that victims are able to, and know how to, report incidents. Victims of financial scams and frauds may often be confused about whether to contact their financial services provider or the police or someone else. A centralised, dedicated reporting channel can therefore simplify the process by acting as the first entry point and directing consumers to the right public authorities within a jurisdiction. Furthermore, a dedicated reporting channel that is clear and accessible encourages consumers to report incidents quicky, providing a structured and effective way for victims to seek help, reduce further financial loss, and support broader fraud prevention efforts. This dedicated reporting channel should provide the opportunity for victims to provide as much detail about the incident as possible.

Alongside a dedicated reporting channel for consumers, there should be clear guidance and advice for consumers on what to do immediately after an incident. Often, following an incident of a financial scam or fraud, victims need to act quickly, with actions such as blocking payment or credit cards, stopping payments or transactions, or freezing financial accounts. A dedicated reporting channel can form part of clear and timely guidance on what steps to take; timely reporting of incidents can increase the likelihood that victims are able to recover the stolen funds and/or prevent further transactions. Moreover, such guidance on steps to take following an incident can help reassure victims that their experiences are being taken seriously and that public authorities and trained professionals are dedicated to resolving the issue.

A dedicated reporting channel not only streamlines and simplifies reporting processes for consumers, but it also supports data collection across the anti-fraud ecosystem. For instance, a centralised reporting channel provides a way for incidents to be tracked and investigated consistently. This will help public authorities collect standardised, high-quality data about the incidents; such data can then be used to understand emerging financial scams and frauds, and who may be at risk. This information can then help public authorities strengthen their own fraud prevention efforts and support responses across the payment ecosystem, including rapid information-sharing among payment service providers, identification of mule accounts and, where legally possible, timely measures to prevent further losses.

In sum, a dedicated reporting channel:

• simplifies the process of reporting, encouraging victims to do so

• guides victims on the appropriate action(s) to take

• enables timely action that can limit further financial losses

• builds an evidence base for public authorities to leverage in their prevention efforts.

It is important for authorities to collect and classify data on the prevalence and severity of different types of financial scams and frauds in a consistent fashion. Such evidence is vital to inform risk-based approaches, understand the scope of the problem, and help authorities prioritise their efforts and monitor further developments.

As described in Chapter 3, this report puts forward a typology of financial scams and frauds based on ten dimensions. Authorities that do not yet have a typology in place are encouraged to use this as a point of reference. By using this typology, authorities can engage in more systematic and consistent recording, monitoring and analysis of different types of financial fraud. This enables policymakers, regulators and supervisors to identify patterns or high-risk areas, track trends and then dedicate resources to combatting the most common types of scams and frauds or those that result in the largest amount of financial loss to consumers.

A typology can also be used to assess the effectiveness of consumer-facing safeguards, such as whether and how multi-factor authentication or confirmation-of-payee checks had been used or bypassed, to help authorities set evidence-based standards for these safeguards.

Furthermore, a shared typology of financial scams and frauds can be leveraged for cross-sector intelligence sharing between financial services providers, financial regulatory and supervisory authorities, telecommunications providers, and digital platforms to help detect and disrupt financial scams and frauds.

It is also important that consumers have the requisite knowledge, skills and behaviours to safely engage with digital financial products and services.1 A majority of respondents indicated that inadequate digital financial literacy and/or digital capabilities were a key driver of financial scams and frauds. Programmes to foster digital capabilities and digital literacy skills can therefore complement actions and infrastructure designed to protect consumers’ assets from financial scams, frauds and misuse.

A key component of digital financial literacy that becomes important in the context of preventing financial scams and frauds is the ability to identify and consult trusted sources of information when making financial decisions. This is especially important as consumers increasingly use social media where content from finfluencers and other users may promote misleading claims. Public authorities can, for instance, establish an accessible channel for consumers to check if a financial services provider is regulated or authorised, and promote messaging around the importance of verifying trusted sources of financial information.

Other examples of initiatives could include efforts to inform consumers about secure personal data management practices and necessary precautions such as protecting and changing passwords, verifying links and managing credentials. In the OECD’s Digital Financial Literacy Core Competency Framework for Adults in ASEAN, for example, the third content area is dedicated to “Staying safe in a digital financial environment” and sets out key competencies within the categories of “Awareness, Knowledge and Understanding”, “Skills and Behaviour” and “Confidence, Motivation and Attitudes” related to financial scams and frauds (OECD, 2026[68]). The core skills and behaviour related to personal data management habits provide an illustrative starting point for public authorities and include, for example,

• using strong passwords

• regularly changing passwords/PINs

• using different passwords/PINs for financial and nonfinancial accounts

• activating multi-factor authentication

• limiting data disclosure only to licensed and verified financial service providers

• not using public (or non-secure) Wi-Fi networks for online shopping

• checking the security of websites before making online purchases.

The EU/OECD-INFE Financial Competence Framework for Adults similarly includes elements specifically targeting awareness, skills and attitudes relating to financial scams and frauds (European Union/OECD, 2022[61]).

Efforts relating to digital financial literacy could also include security nudges in online or mobile banking applications that, for instance, prompt users to periodically update passwords. Such nudges can be particularly effective given that the consumer is already engaged in the online or mobile banking application. Additionally, these efforts should include clear, simply messages (e.g. “Change your password to protect your account” or “Never click on links to log in.”)

Some respondents stressed that consumers may not understand or properly use authentication tools. This points to the need for education efforts that explain how to use features such as multi-factor authentication for accessing accounts or initiating transactions and help consumers understand why these features are important. In jurisdictions where multi-factor authentication is a general requirement, efforts should focus on educating consumers on how to use this security tool. In jurisdictions where it is not yet a requirement (i.e. consumers can choose to enable or disable the feature), efforts need to convey both the information on how to enable and use strong customer authentication and why it is beneficial to use.

While multi-factor authentication introduces a layer of friction in the payment or transaction process, which some consumers may find frustrating, it is also an important fraud prevention measure. In addition, to the extent that consumers are aware of its importance or are required to use this feature, this may introduce a moment of ‘pause’. This ‘pause’ – especially if accompanied by a just-in-time warning – would help consumers reflect on whether they want to proceed with a transaction or whether there are signs that the transaction could be linked to a scam or fraud, serving as a last line of defence against sophisticated scams. The user interfaces of financial services providers and social media and online platforms should make these detection and prevention tools simple and intuitive for consumers. It is equally important to remind consumers that bank employees or other employees of financial services providers will never request personal data, codes or passwords.

Along with initiatives to raise levels of digital financial literacy generally, awareness efforts should teach consumers how to detect and prevent becoming a victim to financial scams and frauds. First, initiatives should emphasise the key warning signs (e.g. urgency, pressure tactics, unrealistic offers, secrecy) that could alert consumers to fraud or scam attempts. While financial scams and frauds may take many different forms, key warning signs common across all types of financial scams and frauds include:

• urgency and pressure tactics, e.g. “you must respond within minutes,” “act now or miss out,” or “your account will be suspended immediately”

• offers that sound too good to be true, e.g. exclusive investment opportunities, guaranteed high returns with zero risk, or sudden prize earnings without having entered into a contest

• requests for sensitive information, e.g. passwords, PIN codes, verification codes or full bank account details.

Secondly, education initiatives should familiarise consumers with different types of financial scams and frauds, ideally the types that are most commonly occurring in the jurisdiction. This involves consumer awareness campaigns or timely warnings about emerging financial scam and fraud types, using multiple channels to help ensure accessibility and reach but sticking to a consistent message. These campaigns should aim for clear and simple messaging with materials that are easily understandable.

Third, initiatives should inform consumers on what to do if they suspect a potential financial scam or fraud. This includes messaging with clear instructions for the immediate actions to take, including:

• stopping communication with the potential fraudster or scammer

• refusing to click on links or share sensitive information

• contacting the bank or financial services provider through official channels

• reporting the incident through the dedicated reporting channel, which should also contain guidance and instructions for further actions (see 6.3 above).

Lastly, any consumer awareness campaigns about financial scams and frauds should clearly state that falling victim to a financial scam or fraud is not a sign of personal failure or lack of education; anyone regardless of age, education or level of confidence using digital financial services can become a victim.

Successfully combatting financial scams and frauds requires co-operation across the anti-fraud ecosystem, including utilities and telecommunications service providers, general and sectoral public authorities, police and law enforcement agencies, social media and online platforms, as well as financial services and payment service providers, and consumers themselves. Indeed, fraudsters and scammers do not operate only in one sector, thus strengthening real-time, operational co-operation across the anti-fraud ecosystem is crucial. Furthermore, to better understand emerging trends and design effective solutions, collaboration with consumer representatives can ensure that victims’ perspectives inform policy design.

Many of the public authorities which responded to the Questionnaire shared how weak controls and systems of financial services providers, telecommunications providers, social media and online platforms have contributed to the increased incidence and severity of financial scams and frauds, while also highlighting efforts to bring various stakeholders together to share information. Policymakers and public authorities should continue to work collaboratively with industry and other government, regulatory and supervisory authorities, as well as with law enforcement agencies and utility companies, to share information to better understand emerging trends in financial scams and frauds.

An effective form of collaboration could take the form of a co-ordination committee, network or other arrangement, comprising all relevant stakeholders under the leadership of one or more public authorities, which could be established for the purpose of co-ordinating efforts to address financial scams and frauds. This kind of arrangement, such as national scam centres or joint task forces, can support jurisdictions to establish or strengthen whole-of-government approaches. They can be more impactful by establishing a shared strategy or direction with common goals, pooling resources, providing a forum to share current developments and emerging trends, and co-ordinating consumer messaging to ensure consistency.

Furthermore, this collaboration can be leveraged to outline clear expectations for accountability across actors in the broader anti-fraud ecosystem, i.e. public authorities, financial services providers, telecommunications providers, social media and online platforms.

International collaboration and information sharing across borders are another important strategy to effectively address financial scams and frauds. To the extent possible, policymakers and oversight authorities should also work collaboratively with foreign counterparts and relevant international organisations and networks to share information and intelligence about cross-border financial scams and frauds. For example, securities regulators should consider becoming signatories to the IOSCO Multilateral Memorandum of Understanding concerning Consultation and Cooperation and the Exchange of Information (IOSCO MMoU) and to the Enhanced Multilateral Memorandum of Understanding Concerning Consultation and Cooperation and the Exchange of Information (EMMoU) to facilitate information exchange on enforcement matters. By participating in international fora, authorities are better able to monitor emerging trends across borders.