SCAMS and money mule accounts are the top fraud concern of bank executives in the Asia-Pacific, according to a survey by global analytics software firm FICO.
Seven in 10 or 69% of senior officials of financial institutions in the region said scams and mule accounts have become the “dominant threat” for the industry, according to a FICO poll, which it conducted during its Asia Pacific Fraud Forum in June and had more than 40 fraud and risk executives as respondents.
This reflects the continued rise in these forms of fraudulent activities where victims are tricked into sending money to criminals, it said.
“Unlike traditional fraud, which typically involves unauthorized transactions that banks can detect and block, scams often bypass existing defenses because payments are authorized by the victim. Once the money is sent, criminals rely on mule accounts to quickly move funds across institutions and borders, making recovery extremely difficult,” FICO said.
This comes as scam-related losses reported by the financial sector reached “historic highs” last year, it noted, with Malaysia recording $12.78 billion in losses. Thailand also saw $1.7 billion in damages and Singapore reported $860 million in losses, up 70% year on year.
“Similar trends were reported in the Philippines and Indonesia, where scam-related activity now dominates cybercrime reports,” FICO said.
The Bangko Sentral ng Pilipinas (BSP) earlier said that its supervised financial institutions saw P5.82 billion in losses from cyberattacks in 2024, up 2.6% from P5.67 billion the previous year.
Top cybersecurity risks faced by BSP-supervised institutions last year include phishing, “card-not-present” fraud, account takeover or identity fraud, and hacking, with losses due to phishing and card-not-present activities estimated at P1.8 billion and P1.5 billion, respectively.
FICO’s poll also found that 52% of banking officials in Asia-Pacific said that social media platforms are the top external threat vector for scams, followed by messaging apps (35%).
“In a region with more than two billion social media users, platforms such as Facebook, TikTok, and Telegram have become key channels for targeting scam victims and recruiting money mules,” it said.
“Criminal syndicates use these platforms to impersonate officials, promote fake investments, or advertise bogus job opportunities. Many victims are lured into schemes that appear legitimate on the surface, while others are convinced to “rent out” their accounts in exchange for quick cash, not realizing they are enabling financial crimes.”
Banks in the region also said that operational barriers limit their ability to detect and respond to scams. These barriers included siloed data (46%), a lack of connected insights across products and channels (28%), and limited real-time integration with third-party systems (13%).
“Scam activity is often fast, fluid, and fragmented,” said Dattu Kompella, managing director of Asia-Pacific for FICO. “To respond effectively, banks need connected systems that provide a complete, real-time view of risk. Without breaking down internal silos and unifying insights across teams, many institutions will remain on the back foot.”
Meanwhile, only 14% of executives said banks should fully reimburse customers that fall victim to scams, while half said compensation should only apply when the bank is at fault. The remaining 36% of respondents said they support a “shared responsibility model” between banks and customers.
A FICO survey released in May showed that Filipinos are most concerned about falling for financial scams amid the surge in real-time payments, with 35% of respondents saying their top worry is the risk of being tricked into sending money to criminals.
Meanwhile, concerns about identity theft also persist among Filipino respondents, with over 23% citing it as their top financial crime concern. This was followed by having a bank account taken over by a fraudster (16%), their credit or debit card being stolen and used (13%), their cash being stolen (8%), and fake online retailers and fake advertisement tricking them into buying goods that never arrive (6%).
The Anti-Financial Account Scamming Act (AFASA), which was signed into law by President Ferdinand R. Marcos, Jr. in July 2024, aims to help prevent and penalize digital financial cybercrime.
Money mule activities are part of the prohibited acts or offenses under the AFASA, along with social engineering schemes, which could be considered economic sabotage if it involves three or more people as perpetrators or victims, mass mailers, and human trafficking, as well as opening a financial account under a fictitious name or using the identity or identification documents of another person.
The law allows the BSP to probe financial accounts suspected to be involved in prohibited acts identified under the law. BSP-supervised institutions can also freeze disputed funds related to these incidents.
Financial institutions are also required to adopt stricter information technology risk management measures to protect their customers from fraudulent schemes done online. These include adopting fraud management systems, as well as safeguards like the limitation on the use of interceptable authentication mechanisms like one-time passwords. — BVR
