Mon, 29 Sep 2025
“He told me he loved me, that he was flying to Brussels next week. All I needed to do was send €5,000 so he could ‘finalise his ticket.’ By the time my bank flagged the transfer, it was too late.”
On September 23, senior leaders from fraud, payments, and cybersecurity gathered at De Warande for The Banking Scene Think Tank, in collaboration with XTN Cognitive Security. The session focused on scams and how the Belgian banking sector is evolving to the age of instant payments and more advanced fraud tactics.
Let one thing be clear: scams cannot be prevented solely with technical solutions. It requires a much more holistic approach that considers psychological, organisational, systemic, and technological factors and solutions. Without updating Belgium’s strategies, there is a risk of falling behind.
“If it smells phishy, it probably is” was a quote from a Febelfin research report in August 2025, which reported that banks lost €49 million in fraud through phishing last year, despite 75% of attempts being stopped before money was stolen. But these figures only tell part of the story, because fraud goes much further than phishing only.
The true cost of scams is far harder to measure:
And fraud methods are multiplying. Participants pointed to investment fraud, invoice fraud, impersonation scams, the emerging “shell game” malware targeting mobile devices and new accounts, and so much more. A particularly frequent case is romance scams, often aimed at men over 40, where fraudsters slowly gain trust before extracting money, potentially being contacted after that by a fake fraud recovery agent, to steal money a second time.
Banks struggle here: even when detection systems flag suspicious transfers, customers insist they are legitimate because they are emotionally entangled.
One banker observed that victims of scams often feel shame, a rarely discussed aspect that weakens trust in the entire financial system.
Organisations like Febelfin and the European Banking Federations are working hard on awareness campaigns. Although these campaigns demonstrate their importance, it is difficult to persuade the average person on the street about it, until it is too late.
Belgium has historically taken pride in leading the way in instant payments. However, this achievement has led to a paradox: while customers benefit from faster transactions, it also provides more opportunities for fraudsters.
Instant payments remove the buffer fraud teams once relied on. A scammer who convinces a victim to transfer money has already won — the money is gone in seconds, often across borders. The Confirmation of Payee should solve part of this challenge, it remains to be seen how the fraud cases will evolve after the Instant Payments Regulation Requirements of October 9 goes live with higher limits etc. The sentiment is mixed: some a worried, while others have been testing higher limits already without much impact on their fraud cases.
Instinctively, as the EU’s instant payments mandate expands access and reduces costs, the attack surface only grows wider. The UK’s decision to introduce liability sharing for APP fraud was seen as a warning sign. It has compelled banks there to invest more proactively in prevention.
With PSD3 and the new Payment Services Regulation (PSR) on the horizon, many fear that liability will increasingly shift onto banks, while it should be a more common responsibility with all involved stakeholders.
Belgium has a strong record of industry collaboration, and Febelfin’s awareness campaigns and shared anti-phishing platforms are notable examples. These efforts have raised public awareness, but their limits are clear: campaigns rarely stop fraud at the point of attack.
Collaboration 2.0 must go further: cross-bank intelligence sharing, enriched transaction and identity data, and joint detection models. The will is there, but under legal, compliance or trust pressures many of these initiatives don’t materialise or fail over time. The Dutch initiative Transactie Monitoring Nederland (TMNL) showed both the promise and the pitfalls. It aimed to pool transaction data across banks, but was dismantled after privacy regulators called it a “bancair sleepnet,” and new EU AML rules narrowed the legal space for such efforts.
We often complain about silos within banks, but the silo mentality also applies to regulations, which explains why collaboration is challenging in the fight against fraud. What can be shared and what cannot be shared? Which regulations are limiting the options and how can they be overcome?
The lesson is clear: Collaboration 2.0 cannot be about bigger databases. It must be smarter and narrower, built on trigger-based sharing, federated intelligence models, and proactive engagement with regulators. And it must extend beyond banks, to telcos, PSPs, and platforms, where scams increasingly originate. And there lies another challenge, because fraudulent social media campaigns can be painful for consumers, but lucrative for social media advertising.
True collaboration isn’t about doing more of the same, it’s about designing trustworthy, intelligence-led networks that fraudsters cannot exploit, with respect for privacy.
One of the most notable insights revealed how scams highlight the divide between fraud and cybersecurity teams:
Banks not just suffer from a technology gap, but also from an organisational one. Fraud and cyber remain siloed, even as threats converge. Breaking the fraud–cyber divide may be just as urgent as investing in new detection technologies.
Some front-runners understand this and invest in behavioural tools and other AI-driven mechanisms to detect suspicious behaviour. It is a good example of cybersecurity teams and fraud teams working together for a better world.
This will be essential because banks that are struggling today are already falling behind the facts, while AI agents, whether fraudulent or not, are just around the corner.
The path forward is clear. Banks must move from:
This evolution will not be easy. It demands cultural change inside banks, regulatory clarity around what can and cannot be shared, and trust between institutions that too often see themselves as competitors first. But without these shifts, banks risk fighting borderless, intelligence-led criminals with tools designed for a slower, more predictable era.
The Think Tank Dinner revealed that Belgium’s banks, and banks at large, are facing a perfect storm: scams that outpace awareness campaigns, costs that exceed reported figures, shifting regulations that alter liability, and collaboration that remains too superficial. Romance scams in particular highlight the limits of prevention — banks can flag suspicious payments, but they cannot override human trust once it has been manipulated.
The path forward is not about banks acting alone. It is about shared responsibility:
Awareness remains essential, but it cannot be the final step. New technologies will be crucial to keep banks' doors as close as possible, but they won't prevent all fraud. In a real-time economy, the only sustainable defence is an ecosystem-wide, intelligence-led approach where all stakeholders share responsibility.
And so, as a stakeholder, what will you do to reduce fraud?
In case you missed it, take a look at our white paper, "Fincrime Fighters: The Unsung Heroes of Banking" for more fraud prevention insights.