“He told me he loved me, that he was flying to Brussels next week. All I needed to do was send €5,000 so he could ‘finalise his ticket.’ By the time my bank flagged the transfer, it was too late.”

On September 23, senior leaders from fraud, payments, and cybersecurity gathered at De Warande for The Banking Scene Think Tank, in collaboration with XTN Cognitive Security. The session focused on scams and how the Belgian banking sector is evolving to the age of instant payments and more advanced fraud tactics.

Let one thing be clear: scams cannot be prevented solely with technical solutions. It requires a much more holistic approach that considers psychological, organisational, systemic, and technological factors and solutions. Without updating Belgium’s strategies, there is a risk of falling behind.

The Hidden Costs No One Quantifies

“If it smells phishy, it probably is” was a quote from a Febelfin research report in August 2025, which reported that banks lost €49 million in fraud through phishing last year, despite 75% of attempts being stopped before money was stolen. But these figures only tell part of the story, because fraud goes much further than phishing only.

The true cost of scams is far harder to measure:

• Lack of transparency: not all fraud is being reported, even if the bank takes the blame
• Reputational erosion: once defrauded, customers rarely view their bank the same way.
• Operational strain: countless hours lost in manual investigations, liaising with law enforcement, and handling disputes.
• Customer experience damage: false positives and friction hurt the very relationships banks are trying to protect.

And fraud methods are multiplying. Participants pointed to investment fraud, invoice fraud, impersonation scams, the emerging “shell game” malware targeting mobile devices and new accounts, and so much more. A particularly frequent case is romance scams, often aimed at men over 40, where fraudsters slowly gain trust before extracting money, potentially being contacted after that by a fake fraud recovery agent, to steal money a second time.

Banks struggle here: even when detection systems flag suspicious transfers, customers insist they are legitimate because they are emotionally entangled.

One banker observed that victims of scams often feel shame, a rarely discussed aspect that weakens trust in the entire financial system.

Organisations like Febelfin and the European Banking Federations are working hard on awareness campaigns. Although these campaigns demonstrate their importance, it is difficult to persuade the average person on the street about it, until it is too late.

The Instant Payments Paradox

Belgium has historically taken pride in leading the way in instant payments. However, this achievement has led to a paradox: while customers benefit from faster transactions, it also provides more opportunities for fraudsters.

Instant payments remove the buffer fraud teams once relied on. A scammer who convinces a victim to transfer money has already won — the money is gone in seconds, often across borders. The Confirmation of Payee should solve part of this challenge, it remains to be seen how the fraud cases will evolve after the Instant Payments Regulation Requirements of October 9 goes live with higher limits etc. The sentiment is mixed: some a worried, while others have been testing higher limits already without much impact on their fraud cases.

Instinctively, as the EU’s instant payments mandate expands access and reduces costs, the attack surface only grows wider. The UK’s decision to introduce liability sharing for APP fraud was seen as a warning sign. It has compelled banks there to invest more proactively in prevention.

With PSD3 and the new Payment Services Regulation (PSR) on the horizon, many fear that liability will increasingly shift onto banks, while it should be a more common responsibility with all involved stakeholders.

Collaboration Fatigue vs. Collaboration 2.0

Belgium has a strong record of industry collaboration, and Febelfin’s awareness campaigns and shared anti-phishing platforms are notable examples. These efforts have raised public awareness, but their limits are clear: campaigns rarely stop fraud at the point of attack.

Collaboration 2.0 must go further: cross-bank intelligence sharing, enriched transaction and identity data, and joint detection models. The will is there, but under legal, compliance or trust pressures many of these initiatives don’t materialise or fail over time. The Dutch initiative Transactie Monitoring Nederland (TMNL) showed both the promise and the pitfalls. It aimed to pool transaction data across banks, but was dismantled after privacy regulators called it a “bancair sleepnet,” and new EU AML rules narrowed the legal space for such efforts.

We often complain about silos within banks, but the silo mentality also applies to regulations, which explains why collaboration is challenging in the fight against fraud. What can be shared and what cannot be shared? Which regulations are limiting the options and how can they be overcome?

The lesson is clear: Collaboration 2.0 cannot be about bigger databases. It must be smarter and narrower, built on trigger-based sharing, federated intelligence models, and proactive engagement with regulators. And it must extend beyond banks, to telcos, PSPs, and platforms, where scams increasingly originate. And there lies another challenge, because fraudulent social media campaigns can be painful for consumers, but lucrative for social media advertising.

True collaboration isn’t about doing more of the same, it’s about designing trustworthy, intelligence-led networks that fraudsters cannot exploit, with respect for privacy.

Fraud vs. Cyber: The Last Big Silo

One of the most notable insights revealed how scams highlight the divide between fraud and cybersecurity teams:

• Fraud teams monitor transactions.
• Cyber teams focus on system threats.
• Scammers operate in the space between, exploiting human psychology with malware, phishing, and impersonation.

Banks not just suffer from a technology gap, but also from an organisational one. Fraud and cyber remain siloed, even as threats converge. Breaking the fraud–cyber divide may be just as urgent as investing in new detection technologies.

Some front-runners understand this and invest in behavioural tools and other AI-driven mechanisms to detect suspicious behaviour. It is a good example of cybersecurity teams and fraud teams working together for a better world.

This will be essential because banks that are struggling today are already falling behind the facts, while AI agents, whether fraudulent or not, are just around the corner.

Towards Intelligence-Led Protection

The path forward is clear. Banks must move from:

• Detection → Prediction: not just spotting fraud after it happens, but using behavioural and device intelligence to prevent it.
• Silence → Sharing: moving past reputational fear to embrace real-time intelligence exchange and exchange best practices. Not everyone may agree, but we should not see fraud prevention as a competitive advantage.
• Awareness → Action: campaigns are useful, and essential, but fraudsters adapt faster than posters and warnings can. Only real-time protection makes a difference.

This evolution will not be easy. It demands cultural change inside banks, regulatory clarity around what can and cannot be shared, and trust between institutions that too often see themselves as competitors first. But without these shifts, banks risk fighting borderless, intelligence-led criminals with tools designed for a slower, more predictable era.

Conclusion: Belgium’s Choice

The Think Tank Dinner revealed that Belgium’s banks, and banks at large, are facing a perfect storm: scams that outpace awareness campaigns, costs that exceed reported figures, shifting regulations that alter liability, and collaboration that remains too superficial. Romance scams in particular highlight the limits of prevention — banks can flag suspicious payments, but they cannot override human trust once it has been manipulated.

The path forward is not about banks acting alone. It is about shared responsibility:

• Banks strengthening detection and collaboration.
• Regulators providing clear frameworks that enable data sharing.
• Telcos, PSPs, and tech platforms stepping up as partners in scam prevention.
• Customers continuing to be educated and supported in recognising fraud attempts.

Awareness remains essential, but it cannot be the final step. New technologies will be crucial to keep banks' doors as close as possible, but they won't prevent all fraud. In a real-time economy, the only sustainable defence is an ecosystem-wide, intelligence-led approach where all stakeholders share responsibility.

And so, as a stakeholder, what will you do to reduce fraud?

In case you missed it, take a look at our white paper, "Fincrime Fighters: The Unsung Heroes of Banking" for more fraud prevention insights.

We reflect on our Think Tank session with added insights from conversations we had, and sessions that we moderated or attended at Sibos 2025 in Frankfurt. From malware to quantum and more, we discuss the state of scams and fraud through a different lens in this episode which you can watch below or find on your favourite podcast platform here.