Building trust and protecting your brand: key insights from industry leaders

How to secure the entire customer journey, from onboarding to transaction monitoring, all while keeping experience front and centre?

Paul Morris, from Vonage, and Zhenya Winter, from Bottomline, shared more during an interactive discussion with The Paypers. Mirela Ciobanu, Lead Editor, reports.

Introduction

In an era where fraud is increasing and becoming more complex and damaging, banking, fintech, retail, or any sector that handles large-scale financial communications feels the pressure of protecting its customers while maintaining seamless experiences.

The numbers speak for themselves:

• Online fraud is projected to cost businesses USD 10.5 trillion by 2025.
• 75% of organisations experienced a smishing attack in 2023.
• In the UK, identity fraud linked to mobile products rose 87% in 2024, with over 421,000 cases reported - making telecoms one of the top targets.
• The average cost of a single data breach reached EUR 4.9 million last year - the highest ever, and a 10% increase over the previous year.

From phishing and smishing to deepfakes, account-based fraud, and Artificially Inflated Traffic (AIT), these threats undermine both financial stability and customer trust. With compliance tightening up, especially across the UK and Europe, with new rules like the PSR reimbursement mandate and VOP requirements, the task becomes more daunting. And yet, fraud prevention still often relies on outdated tools like SMS-based OTPs, which can be socially engineered.

During a recent webinar hosted by The Paypers, Paul Morris, Head of Fraud & Regulatory Product, at Vonage, and Zhenya Winter, Head of Global Marketing - Financial Messaging, at Bottomline & Ambassador at Women of Fintech, portrayed the current threat landscape and shared insights into how to detect and stop these threats while modernising fraud defence tools, building trust, and enabling compliance.

The evolving fraud landscape

Traditional fraud detection tools such as one-time passwords (OTPs), document checks, and other static trust signals are no longer as effective as they once were. Fraudsters have learned to socially engineer customers into handing over OTPs, exploit them for artificially inflated traffic schemes, and use AI or synthetic identities to bypass identity checks.

Paul mentioned that one growing but often overlooked form of fraud in communication channels is artificially inflated traffic (AIT), also known as fake traffic. AIT occurs when fraudsters use bots to generate massive volumes of SMS requests, such as fake app download verifications, creating the illusion of real customer activity. The financial impact of this type of fraud is staggering: some global brands report losses of USD 1.5 million per month, and industry estimates put global AIT losses at nearly USD 39 billion in 2023.

A notable example of the consequences of these attack vectors cited during the discussion is the 2020 Twitter Bitcoin hack, where attackers gained control of high-profile accounts through social engineering and phone number compromises.

Fraud has become industrialised, with ‘fraud-as-a-service’ platforms, sometimes costing as little as USD 150 a month, enabling criminals to launch phishing attacks, steal card details, load them onto mobile wallets, and process payments through networks of card machines. Beyond this, enterprises face impersonation fraud, where fraudsters pose as trusted brands to trick customers. A major concern for banks and payment providers is Authorised Push Payment (APP) fraud, where victims are manipulated into sending money to fraudsters.

Many organisations still fight fraud in silos, separating SMS, payments, or voice channels, without sharing risk signals across the ecosystem. As a result, another tactic that plagues the financial system is the rise of multimodal fraud, where attacks begin on social media, move to SMS, and then redirect to messaging apps, and eventually lead the victim into a fraudulent transaction, demanding a coordinated response across industries.

This need for collaboration, coordination of multiple parties to detect and stop fraud, and gathering contextual data about the user and their journey, is emphasised with new legislation like the Economic Crimes Transparency Act 2023, which introduces a ‘failure to prevent fraud’ offence. This law makes organisations across all industries responsible for taking reasonable steps to prevent fraud, not just financial institutions.

Modernising with network-powered solutions

New solutions are shifting fraud prevention toward network-powered, silent authentication methods that can’t be intercepted or socially engineered. Rich Communication Services (RCS) is emerging as a secure upgrade to SMS, giving brands verified, encrypted channels that fraudsters can’t impersonate. At the same time, network APIs provide powerful new signals such as unspoofable device location, SIM-swap detection, and even ‘call in progress’ alerts when a customer may be speaking to a scammer. Together, these innovations strengthen trust, protect brands, and reduce friction by embedding security directly into communication and transaction flows.

Regulatory compliance as an enabler

Zhenya championed a refreshing perspective on regulation: ‘Regulation is a friend and not a foe. It's there to encourage best practice and ultimately keep customers safe’.

The role of the regulation is to protect customers and enforce best practices. In regions like the UK and Europe, failing to comply can bring not only reputational damage but also real penalties, even disintermediation for financial institutions. At the same time, fraud prevention cannot rest solely on banks; payments are a global ecosystem, requiring collaboration and greater standardisation across borders, systems, and languages.

ISO-led standardisation is becoming increasingly important in enabling this consistency. For example, ISO 20022 provides structured, rich data that can help detect fraud patterns, reduce friction, and break down silos across the organisation. While banks and FIs are mandated to adopt ISO 20022, corporates are not, and many remain confused or disengaged about how to use it. The message is that fraud prevention isn’t only the responsibility of banks and regulators; corporations must educate themselves, take ownership, and use available tools effectively, both to protect against fraud and to maintain their brand and competitive edge.

Moreover, safeguards such as confirmation of payee and the UK’s mandatory reimbursement scheme, which splits liability 50/50 between sending and receiving institutions in the event of fraud, are in place to protect consumers. Still, individuals must take some responsibility: if a consumer ignores repeated warnings and proceeds with a fraudulent transaction, personal culpability comes into play. 
Ultimately, fighting fraud requires an ecosystem-wide approach that combines regulation, industry cooperation, international standards, and consumer awareness.

Balancing security with customer experience

The discussion revealed a nuanced approach to the friction versus frictionless debate. Paul shared surprising insights from consumer trials: ‘If we made security completely invisible behind the scenes to consumers, they trusted the transaction less’. This finding suggests customers want visible security measures that build confidence. Zhenya agreed, emphasising that with proper end-to-end fraud solutions leveraging modern technologies like APIs and cloud infrastructure, institutions don't need to compromise between security and user experience. The key lies in adaptive systems that adjust friction levels based on risk assessment and customer behaviour patterns.

Conclusion

As fraud tactics continue to evolve at breakneck speed, the message from industry leaders is clear: organisations must adopt a mindset of continuous evolution and collaboration. By embracing regulation as an enabler, investing in modern fraud prevention technologies, and maintaining open communication with customers, institutions can build trust while protecting their brand. The future lies not in choosing between security and customer experience, but in leveraging advanced tools and standardisation to deliver both seamlessly.

About author

Mirela Ciobanu is Lead Editor at The Paypers, specialising in the Banking and Fintech domain. With a keen eye for industry trends, she is constantly on the lookout for the latest developments in digital assets, regtech, payment innovation, and fraud prevention. Mirela is particularly passionate about crypto, blockchain, DeFi, and fincrime investigations, and is a strong advocate for online data privacy and protection. As a skilled writer, Mirela strives to deliver accurate and informative insights to her readers, always in pursuit of the most compelling version of the truth. Connect with Mirela on LinkedIn or reach out via email at mirelac@thepaypers.com.