Cleafy report key takeaways: how to disrupt digital fraud and improve UX

Why is this report worth reading? Because it offers a fresh, out-of-the-box perspective on the fight against fraud. Rather than focusing on traditional attack scenarios — where a fraudster gains access to a genuine account and misuses it — the report highlights a more modern, trust-based form of fraud. In this new reality, users are manipulated into making fraudulent payments themselves, believing they are legitimate. The fraud doesn’t start with the transaction itself, but at the very first interaction between a customer and a fraudster — when intent is misled, not just data.

Cleafy advocates for a ‘left-shift’ approach to fraud detection: a multi-layered strategy that starts well before the transaction is executed. By collecting contextual and intelligence data early on, financial institutions can anticipate and prevent fraud before it happens.

Let’s dive into the key takeaways from the report.

One of the clearest messages from Cleafy’s report is that modern fraud isn’t just about money lost — it’s also about emotional manipulation, legal complexity, and the growing use of sophisticated technology to deceive users.

The battleground has shifted. Fraud now starts before the transaction. It begins with the first point of contact between victim and scammer — often emotionally charged and highly convincing. The scams don’t depend on technical vulnerabilities but rather on psychological ones.

According to UK Finance, GBP 485 million was lost to Authorised Push Payment (APP) scams in the UK in 2023. And Europol highlights that 90% of money laundering cases involve money mule networks, which help fraudsters move stolen funds quickly and discreetly. This growing complexity makes it harder to spot fraud if you’re only looking at the transaction level.

Source: Cleafy Report

The report stresses out that fraud prevention needs to shift left — meaning, start earlier in the customer journey. Before the payment screen. Before confirmation clicks. That’s where banks and fintechs can create meaningful intervention points.

What stood out to me most was how social engineering is now tech-enabled. Fraudsters blend emotional manipulation with tools like spoofed caller IDs, fake websites, remote access software, and even deepfake audio/video. Their goal isn't to break into systems but to convince victims to open the door themselves — willingly.

This is why it’s no longer enough to watch for stolen credentials or login attempts. Financial institutions need contextual visibility. They need to spot signs like:

• Remote access activity

• Device or location changes

• Concurrent phone calls during banking sessions

• Unusual behavioural flows

These real-time behavioural signals offer early warning signs that something is off — even when the login appears genuine. Ultimately, it’s about moving from reactive fraud response to proactive detection, giving fraud teams the tools to detect and disrupt fraudulent activity before money leaves the account. And that’s what makes Cleafy’s approach both refreshing and essential reading.

One of the most eye-opening insights from Cleafy’s Disrupting Digital Fraud guide is the central role that money mule networks play in enabling fraud. While many discussions focus on the victim and the transaction, mule accounts often go unnoticed — yet they are critical to how fraud operations scale and succeed.

Behind every successful scam is a system to move and disguise stolen funds, and money mules are that system. These aren’t just passive participants — they’re active cogs in the fraud machine, whether knowingly or not.

There are three main types of mule accounts:

• Unwitting mules – Often students or job seekers recruited via fake job ads or remote work offers. They’re unaware they’re laundering money.

• Witting mules – Individuals who knowingly rent out their accounts in exchange for a share of the stolen funds.

• Synthetic mules – Entirely fake or hijacked identities/accounts, created just to move money.

What’s alarming is that mule recruitment is hiding in plain sight. Social media platforms, messaging apps, and even dating sites are used to lure people in.

These accounts show suspicious behaviours, such as:

• Receiving irregular or high-value deposits

• Quickly forwarding money to multiple destinations

• Being linked to known fraud cases or previously compromised sessions

That’s why real-time, ongoing monitoring is essential. The report makes a strong case for behavioural profiling and transactional flow analysis — looking beyond individual accounts and connecting the dots between sessions and signals.

Thus, stopping fraud doesn’t just mean blocking a transaction. It means dismantling the infrastructure — and that starts with identifying and shutting down mule networks before they can do harm.

Source: Cleafy

Cleafy’s Disrupting Digital Fraud guide highlights a major trend that financial institutions can’t afford to ignore: regulation is tightening—and it’s pushing fraud detection to happen earlier, smarter, and with greater transparency.

Here’s what stood out to me, and why it matters for your fraud strategy:

PSD3 & UK Payment Services Regulator (PSR) - These new regulations shift the liability onto banks—even when scams are ‘authorised’ by the customer. That means if someone is tricked into transferring money, the bank may still be on the hook, unless they can prove they did everything possible to detect and prevent it.

GDPR & the EU AI Act - With the rise of AI-driven fraud detection, regulations are demanding more than just results—they want explainability. If a model flags a transaction as suspicious, institutions will need to show how and why the decision was made. Black box models are no longer enough.

DORA (Digital Operational Resilience Act) - Fraud isn’t just a security issue—it’s now recognised as a threat to operational continuity. DORA requires financial institutions to treat fraud resilience as core to their tech infrastructure. In short: fraud must be part of your operational risk playbook.

One of the most powerful ideas in Cleafy’s Disrupting Digital Fraud report is what they call a ‘shift-left’ approach—a multi-layered method that transforms fraud prevention from a reactive process into a proactive discipline. Fraud detection shouldn’t begin at the moment of transaction. By then, it’s often too late. Instead, the report argues for moving detection upstream—to the very first signs of suspicious behaviour: a user logging in from a new location; a session moving abnormally fast, or concurrent phone call during a payment attempt.

This shift-left mindset gives banks more opportunities to intervene intelligently adding friction only when needed, keeping things smooth for genuine customers while frustrating fraudsters. It also means relying less on historic patterns and more on real-time contextual signals, such as use of remote access tools (RATs); abnormal navigation paths; or behavioural anomalies that deviate from a user’s norm.

Finally, Cleafy recommends enriching this approach with threat intelligence: known malware types, leaked credentials, and device fingerprints tied to mule activity. These details move fraud detection from guesswork to evidence-based decisions—helping teams respond faster and with greater confidence.

Customers want smooth payment experiences—but that convenience is exactly what scammers exploit. Instead of playing catch-up with fraud, banks need to shift from ‘detect and reimburse’ to ‘predict and prevent’.

Source: Cleafy

Cleafy’s shift-left approach makes this possible by enabling early detection through real-time behavioural insights, privacy-first analytics, and shared threat intelligence. The goal? Spot fraud before funds leave the account—protecting users without compromising their experience.

Don’t miss your free copy of Cleafy’s Disrupting Digital Fraud industry guide — packed with insights on how to stop scams and money mules before they strike.

About Mirela Ciobanu

Mirela Ciobanu is Lead Editor at The Paypers, specialising in the Banking and Fintech domain. With a keen eye for industry trends, she is constantly on the lookout for the latest developments in digital assets, regtech, payment innovation, and fraud prevention. Mirela is particularly passionate about crypto, blockchain, DeFi, and fincrime investigations, and is a strong advocate for online data privacy and protection. As a skilled writer, Mirela strives to deliver accurate and informative insights to her readers, always in pursuit of the most compelling version of the truth. Connect with Mirela on LinkedIn or reach out via email at mirelac@thepaypers.com.