Alin Becheanu (ING Romania): investment scams, AI-driven fraud, and why reimbursement is not enough

Alin Becheanu, Head of Fraud Monitoring & Prevention at ING Bank Romania, shares how fraud tactics are evolving, and why prevention must go beyond reimbursement toward shared responsibility and systemic collaboration.

In this edition of Leadership Insights, Alin reflects on the past 12 months in fraud prevention and outlines how banks, customers, regulators, and tech platforms must rethink their roles in combating financial crime.

‘Never say never’: fraudsters are persistent, and adaptive

One of the most striking lessons from the past year, Alin notes, is the persistence of fraudsters. He recounts a case where a victim was deceived three separate times by the same criminal network: first through an investment scam, then through a fake tax payment request, and finally by fraudsters posing as a recovery agency promising to retrieve the lost funds.

The takeaway? Fraud is no longer a one-off attack. Criminals build multi-stage scenarios tailored to victims’ psychology, exploiting stress, urgency, and hope.

In investment scam cases, victims are persuaded to install remote access software under the pretext of technical support. Once installed, attackers gain full control of the device, including access to banking apps, email, and SMS authentication messages.

Phishing continues to thrive because it leverages urgency and fear, account blocks, police investigations, or fiscal penalties. Meanwhile, impersonation scams exploit authority bias, pushing victims into rapid, irrational decisions.

Corporate Fraud: Deepfakes and Business Email Compromise

At the SME and corporate level, fraud patterns shift slightly:

• Business Email Compromise (BEC)
• CEO/CFO impersonation
• Invoice fraud
• Investment scams targeting entrepreneurs

One notable example referenced during the discussion is a high-profile deepfake impersonation case, where criminals replicated a CFO’s identity during a video call, convincing an employee to authorise a multimillion-dollar transfer.

Invoice fraud also remains prevalent. Fraudsters hack or spoof vendor emails and send altered invoices with modified bank details. Payments are made automatically, often only discovered weeks later when the legitimate supplier flags non-payment.

The key mitigation? Strong internal controls: segregation of duties, confirmation procedures, and clearly defined payment policies.

From Fear to Protection: Building a Partnership Model

Despite the escalation in tactics, Alin emphasises that fraud prevention must not be fear-driven, it must be partnership-driven.

Banks and customers must act as co-defenders.

For banks, key strategies include:

• Real-time decision engines adapted to instant payments.
• Geolocation-based anomaly detection.
• Behavioural pattern monitoring.
• Context-aware alerts (e.g., detecting transactions made during suspicious phone calls).
• Interactive confirmations that involve customers in decision-making.

ING’s geolocation initiative, gradually rolled out over two years, now covers a large share of its customer base, demonstrating that persistence in deploying protective features pays off.

Equally important are external partnerships. ING worked closely with regulators, telcos, and law enforcement to combat phone spoofing, successfully blocking landline spoofing in Romania from mid-2023 onward.

For customers, responsibility is equally critical:

• Protect credentials as physical keys.
• Stay informed about emerging scams.
• Verify independently; hang up and call official numbers.
• Understand that manipulation is often the core mechanism.

Fraud prevention is no longer just about systems; it’s about behavioural awareness.

What’s missing? the root cause debate

In concluding the discussion, Alin raises a provocative concern regarding the evolving regulatory framework, particularly around reimbursement obligations.

While protecting victims is essential, he argues that focusing primarily on reimbursement risks creating moral hazard and shifting responsibility away from root cause mitigation.

Instead, he calls for deeper discussions around:

• Cross-industry data exchange.
• Stronger accountability for social media platforms hosting scam ads.
• Pre-screening and due diligence requirements for sponsored financial promotions.
• Faster, digitalised reporting mechanisms for victims.
• More robust tools for banks to detect and prevent fraud upstream.

Fraud flows through multiple touchpoints such as social media, telecom networks, payment rails. Banks are often the final checkpoint, not the origin.

The future of fraud prevention, Alin concludes, lies in coordinated ecosystem defence, and not isolated institutional responsibility.

About the author

Alin Becheanu is the Head of Fraud Monitoring & Prevention at ING Bank Romania. In his role, he is also actively involved in numerous fraud prevention campaigns. He contributes to the development of new, innovative products and services aimed at ensuring the safety of customers.

Alin has 20 years of experience in managing fraud and money laundering risks. Furthermore, he is the president of APCF - the Association for the Prevention and Combating of Fraud.