From invisible protection to shared responsibility: the rise of collaborative fraud defence

Effective fraud defence requires active consumers, not passive targets. Trace Fooshée, Strategic Advisor at Datos Insights, explains why involving users is the key to stopping AI-powered scams.

For decades, fraud detection has been based on a handful of relatively fundamental architectural assumptions. Chief among these is the assumption that consumers should remain blissfully unaware (and unbothered) by efforts to detect and prevent fraud. A great deal of effort, therefore, has been poured into making the business of acquiring, accumulating, and interrogating risk signals as passive and unobtrusive as possible. In short, the work of detecting and stopping fraud should happen around consumers, not with them.

This assumption was thoughtful, sound, and defensible in an era when the risk signals that were useful in predicting fraud were available within the area of the payments ecosystem that financial institutions had ready access to. Risk signals like transaction velocity, device fingerprints, IP addresses, behavioural patterns, and the details of the transaction payload enable financial institutions to build formidable fraud detection and prevention countermeasures for many years. For many years, therefore, the architectural assumption to keep fraud controls invisible to consumers has been sufficient to adequately control for fraud.

It is no longer sufficient. The fastest-growing threat in payments today is authorised payment fraud scams, which are proving to be an exceptionally challenging threat to the payments ecosystem and to this architectural assumption. By duping the consumer into initiating the payment on their behalf, fraudsters can avoid creating nearly all of the risk signals that financial institutions depend on to detect fraud. In the absence of useful risk signals, inferring the intent of the consumer is exceptionally difficult to do with any ‘commercially reasonable’ degree of precision.

It’s important to consider that the majority of the risk signals that are useful in predicting a scam are created on telecommunications networks, social media platforms, and technology ecosystems. The companies that manage these platforms are constrained from sharing these signals with other companies (including financial institutions), and if a consumer is a victim of a scam that was initiated and cultivated using their platform, they are very rarely exposed to reimbursement or punitive liability. Financial institutions, on the other hand, are often expected to bear liability for reimbursement despite the fact that they only have visibility into the last few inches of a mile-long scam journey. To add insult to injury, they have very few reliably predictive risk signals in those last few inches. 

This is the structural problem that Datos Insights identified as Trend 10 in its ‘Top Trends in Fraud & AML, 2026: Building Agile Defenses Against AI-Driven Financial Crime’ report. The solution it points toward is not another layer of institutional detection. It is a fundamental rethink of who participates in fraud defence.

The signals financial institutions cannot see

If fraud executives are largely aligned on the nature of the problem of scam detection and prevention as being the lack of access to the risk signals that exist in chat sessions on social media platforms, browsing and ecommerce interactions, phone conversations, email correspondence, and SMS messages, then the solution comes down to how to get access to those signals. There are two paths to this objective.

The conventional path preserves the architectural assumption by pursuing signals from payment networks, telecom companies, and social media platforms through consortium models and safe harbour provisions like US Section 314b. These approaches have achieved some inter-institutional sharing, but most fraud executives acknowledge they have not produced the scale or consistency needed to move the needle on scam detection.

The alternative path is to enlist consumers directly. Chat sessions on Telegram, WhatsApp, and SMS, browsing and ecommerce interactions, phone conversations, and email correspondence are all highly predictive indicators of a scam in progress. They exist on the consumer’s side of the boundary that fraud controls were never designed to cross. The question is whether financial institutions can get there with consumer consent rather than workarounds.

A different architecture: the consumer as active participant

Some of the vendors on the frontier of the pursuit of the alternative path, like Scam Rangers and Scamnetic have launched tools that financial institutions can deploy directly for consumer use, enabling customers to assess whether an SMS message or website is likely to be fraudulent. These tools represent a meaningful step forward, but the next generation of consumer-collaborative security platforms will go further. Imagine a consumer-oriented tool that not only helps consumers evaluate suspicious content but also acquires, accumulates and, with the consumer’s consent, shares relevant signals with their financial institution’s fraud control framework.

Think of it as a personal security agent that is commissioned by the consumer to gather risk signals that can be shared either with the fraud risk engine at the consumer’s financial institution or with a risk mitigation and interdiction agent that the consumer has employed. Regardless of how the risk engine is deployed, what matters is that the signals that have remained a blind spot for so long will be revealed and put to use to better protect consumers from financial predation.

Requiring the consumer to voluntarily opt in to acquiring, accumulating, and sharing these signals is a vital element of this approach. When consumers choose to share signals with their financial institution through their personal fraud agent, the conventional constraints on information sharing become more navigable. The consumer is not a data source being surveilled. They are a willing participant who has decided to enlist their bank as a partner.

Datos Insights research found that 42% of fraud executives believe AI personal assistant fraud-detection apps residing on consumers’ devices have the greatest promise for making an impact on detection and prevention. This figure reflects both the urgency of the scam problem and the degree to which financial institutions recognise they need help from the consumer side of the equation.

What changes when consumers join the defence

Financial institutions that build consumer-collaborative frameworks gain access to a class of signals that have genuine potential to significantly improve the accuracy and effectiveness of their authorised payment fraud detection capabilities. More importantly, consumer-collaborative security frameworks provide tangible evidence of the commitment of the financial institution to actively engage with their customers in the interest of promoting the most vital element of achieving financial well-being and trust, keeping their customers safe from financial predation.

An approach such as this also has great potential to differentiate a financial institution from its competition in terms of product design and provisioning. A financial institution that knows a customer is actively participating in fraud defence, sharing signals through an approved fraud security agent, can customise product parameters and provisioning profiles. This would enable financial institutions to optimise margins and revenue based on a balance of commercial and risk parameters. The justification for higher limits on person-to-person transfers and other electronic funds transfers becomes substantially easier to quantify when the financial institution has greater visibility into the risk profile of those transactions. Participation in the fraud-defence ecosystem becomes something worth rewarding.

Perhaps most consequentially, intervention becomes possible at an earlier stage than current frameworks allow. When a consumer's fraud security agent and the financial institution’s own systems converge on credible evidence that a scam is in progress, the FI can reach out to the consumer directly, not after a suspicious payment has been flagged, but before the consumer has initiated one. The intervention happens in the window when it can actually prevent harm.

From trend to norm: what has to happen

The Datos Insights report frames 2026 as a potential inflection point, the year when consumer-oriented fraud signal acquisition, detection, and interdiction capabilities may achieve breakthrough market traction. This is an emerging model, and a handful of early-mover vendors gaining traction is not the same as a transformed market.

Several things need to go right. Consumers have to see the value proposition clearly enough to opt in. Asking consumers to share some elements of their digital interactions with their financial institution in exchange for better protection and potentially more favourable terms is not unreasonable, but it requires trust, and trust requires financial institutions to be genuinely transparent about what they are asking for and why.

Financial institutions need to build or procure the frameworks to integrate consumer signals into their detection logic and to design the product policies that make participation meaningful. That is not a trivial undertaking. And the regulatory environment around what can be shared, how, and with what consent framework will need to continue evolving.

While there are significant challenges, none are insurmountable. The economic pressure to more meaningfully address the scam problem is substantial and continues to accelerate in terms of scale and urgency. The need for more insightful signals is also well known among fraud executives. What has been missing is a viable architecture for acquiring those signals at scale without violating privacy norms or information-sharing constraints.

Security as a shared responsibility

The payments ecosystem has always depended on trust. That trust has historically been maintained largely invisibly by fraud teams working behind the scenes, by detection systems consumers never see, by rules and thresholds set by institutions acting on their own.

That invisible model is straining under the weight of AI-enabled, consumer-targeting fraud. The scam epidemic is not a failure of institutional sophistication. Engaging consumers more deliberately, as informed, consenting participants rather than passive subjects, is a recognition that effective fraud defence in an era of AI-powered scams requires the whole ecosystem to participate. Banks, payment networks, solution providers, and consumers all have a role to play.

About author

Trace Fooshée is a Strategic Advisor with Datos Insights’ Fraud & AML practice since 2019. Mr. Fooshée’s background includes experience as a management consultant for EY and Deloitte and more than 11 years with SunTrust Bank, where he served most recently as Head of Fraud Strategy. Mr. Fooshée has been an active member in various industry groups, including the ABA and the Bank Policy Institute’s BITS Fraud Reduction Steering Committee.

 

 

 

About Datos Insights

 

Datos Insights is the leading research and advisory partner to the banking, insurance, securities, and payments technology industries - both the financial services firms and the technology providers who serve them. 

In an era of rapid change, we empower firms across the financial services ecosystem to make high-stakes decisions with confidence and speed. Our distinctive combination of proprietary data, analytics, and deep practitioner expertise provides actionable insights that enable clients to accelerate critical initiatives, inspire decisive action, and de-risk strategic investments to achieve faster, bolder transformation.