As instant payments become the norm across Europe, banks face a tougher balancing act between speed, convenience and fraud prevention. In our ongoing series of fraud interviews, Martijn de Ruijter, Head of SEPA Payments at Rabobank, shared a practical view of how fraud is evolving, why Verification of Payee is helping but not solving everything, and why the future of fraud prevention will depend on layered controls, better collaboration and smarter use of friction. (You can find more Fraud Fighting insights in our recently published white paper here.)

Speed has long been sold as an unquestioned advantage in payments. Faster journeys, fewer obstacles and a better customer experience have all been central to the modern payments story. But fraud has a way of testing every assumption. When money moves in seconds, the time available to detect a scam, intervene with a customer or recover funds shrinks dramatically.

That is why the fraud debate around instant payments is becoming more nuanced. The question is no longer whether customers want fast payments. They clearly do. The question is how banks can support that expectation while still protecting customers from increasingly sophisticated scams.

That was a core theme with Martijn. His perspective is grounded in operational reality rather than broad claims. The most useful point he makes is also one of the simplest: fraud controls do not end fraud. They change it. And in a real-time payments environment, that means banks need to think less in terms of single fixes and more in terms of an adaptive system of protection.

Verification of Payee is making a difference, but it is not the end of the story

One of the clearest points to emerge from the discussion is that account verification measures such as Verification of Payee do matter. According to Martijn, Rabobank saw a marked reduction in invoice fraud when name and account checks were first introduced in the Dutch market.

That matters because it confirms that well-designed payment controls can reduce losses in a meaningful way. In a debate that can sometimes become overly theoretical, that kind of practical evidence is important.

But it is only half the picture.

As domestic invoice fraud became harder to execute, fraudsters adapted. Rather than disappearing, some activity shifted towards invoice fraud involving European IBANs outside the Netherlands. In other words, the control worked, but it also displaced criminal behaviour.

That is a critical lesson for fraud professionals. A reduction in one fraud type does not necessarily mean the wider problem has been solved. More often, it means the criminal market is moving to wherever resistance is lowest.

“Fraud does not disappear when a control works. More often, it moves.”

For banks operating in a connected European payments environment, this has clear implications. Domestic improvements are important, but they need to be viewed through a cross-border lens. Otherwise, fraud can simply reappear elsewhere in the payment chain.

APP fraud remains difficult because manipulation happens before the payment

The conversation also highlighted why authorised push payment fraud remains such a stubborn challenge.

Traditional payment controls often assume that the key moment is when the customer initiates the payment. That is where banks place warnings, confirmation messages and, increasingly, beneficiary checks. But Martijn makes an important point: by the time many APP scam payments are made, the fraudster has already done the hard part.

The criminal has built trust. They have created urgency. They have manipulated the customer into believing that the payment is necessary and safe. In some cases, they have even coached the customer to ignore or override warnings from the bank!

That changes how banks need to think about intervention. A warning at the point of payment can still help, but it may already be too late if the customer has been thoroughly prepared to distrust anything the bank says.

This is one of the reasons APP fraud continues to challenge the industry despite improvements in account verification. Fraudsters do not just avoid controls. They actively design their scam scripts around them.

Payment fraud is not just a payment problem

We also discussed the critical point that what customers, the general public and the press often call “payment fraud” is simply “fraud that ends in a payment”.

That distinction matters.

The manipulation may begin on a marketplace, a social media platform, a messaging service or via a phone call. The payment is simply the final step in the chain. Yet the burden of prevention often sits heavily with the bank because that is where the financial loss becomes visible.

This creates a mismatch. The bank sees the transaction, but other actors may hold earlier warning signals. A marketplace may be able to detect abnormal seller behaviour. A telecom provider may have indicators linked to spoofing or SIM-related compromise. A digital platform may spot suspicious patterns long before a customer reaches the payment stage.

For Martijn, this is why the industry needs a broader ecosystem view. Fraud prevention will remain incomplete if it is treated as something the bank can solve on its own.

He is clear that better fraud outcomes will require better collaboration.

That includes marketplaces, digital platforms, telcos and, where relevant, public authorities. The logic is simple enough. Criminals operate across the chain. They do not respect the boundaries between sectors. Yet information sharing remains patchy, often limited and frequently constrained by uncertainty about what can be shared.

Trend sharing is one thing. Case-level operational data is another. The latter remains much harder.

For fraud professionals, this is a familiar frustration. Everyone agrees collaboration matters, but progress often stalls when governance, legal risk and commercial sensitivities come into play.

Incentives matter as much as intent

One of the sharper observations from the interview is that collaboration tends to happen for one of three reasons. Organisations want to collaborate, they are required to collaborate, or they have a direct stake in the outcome.

That final point may prove the most important.

Goodwill helps, but it rarely delivers consistent results at ecosystem level. Regulatory requirements can push progress forward, but they do not always create deep engagement. Real change often happens when incentives are aligned and when actors across the chain have genuine exposure to losses or reputational consequences.

That is why discussions around reimbursement, liability and the future shape of PSD3 and related regulatory developments are so important. If fraud losses are shared more clearly across the ecosystem, more participants may have reason to improve controls and contribute data.

The policy debate is not straightforward, but the principle is hard to dismiss. Fraud prevention improves when responsibility is distributed in a way that reflects the real structure of the problem.

Why a layered fraud strategy matters more in real-time payments

A useful feature of Martijn’s thinking is that he does not present any single control as a silver bullet. Instead, he describes fraud as a complex system. That is a helpful way to frame the challenge.

Fraud is shaped by customer behaviour, payment design, criminal adaptation, operational processes, reimbursement rules and incentives across the ecosystem. Change one part of that system and behaviour changes elsewhere.

That is why banks need layers.

Verification of Payee is one layer. Daily payment limits are another. Customer education still has a role. So do operational intervention teams, risk scoring models and cooperation with actors beyond banking. None is sufficient on its own. Together, however, they create multiple moments where a scam can be interrupted or made less profitable.

This is particularly important in the context of instant payments. When response windows are measured in seconds, prevention becomes more valuable than recovery. Once funds have moved and been dispersed, the opportunity to intervene may be gone.

The case for intelligent friction

One of the most practical parts of our conversation focused on friction.

For years, friction has generally been treated as the enemy of good customer experience. The historical aim has been to remove as much of it as possible. But fraud is changing that conversation. In certain scenarios, carefully designed friction is not a flaw. It is a safeguard.

Martijn spoke about measures such as daily payment limits and cooling-off periods as ways to give customers a moment to step back and regain perspective. That matters because many scams depend on pressure. Fraudsters want customers to act quickly, in isolation and without reflection. Time works against the scammer.

Rabobank has seen notable reductions in some reimbursable fraud categories after introducing daily payment limits. That is an important reminder that a smoother journey is not always the same as a safer one.

The challenge, of course, is calibration. Too much friction and genuine customers become frustrated. Too little and the bank leaves itself exposed.

The real question for banks is not whether friction is good or bad. It is where friction is justified, when it should be applied and how intelligently it can be targeted.

“In the right context, friction is not a failure of customer experience. It is part of fraud prevention.”

Human intervention still has an important role

Technology is central to modern fraud prevention, but Martijn also underlined the continuing importance of human intervention.

In high-risk cases, a call from the bank to the customer can still be one of the most effective interventions available. A trained colleague can ask questions, test the customer’s understanding of the payment and look for signs of coercion or manipulation in a way that automated messages often cannot.

But that approach is resource-intensive. It does not scale neatly. Not every suspicious case can be handled with the same level of personal attention.

There is also a trust challenge. Banks have spent years educating customers not to trust unexpected calls from someone claiming to be their bank. So, when a legitimate intervention call is made, the customer may naturally be suspicious.

Rabobank’s use of in-app confirmation messages to show that the contact really is from the bank is a good example of joined-up thinking. Fraud prevention is not just about detecting risk. It is also about making legitimate intervention believable and safe.

Instant payments make fraud prevention harder, not impossible

My final question was a bit direct: “Do you think that the SEPA framework has made fraud prevention easier or has it made it harder?”

Martijn’s answer was careful but clear.

If anything, it has made the task a little harder.

That is not because instant payments cause fraud in themselves. It is because they compress the time available for detection and intervention. Older models built around delayed settlement and batch-based processing are less suited to this environment.

That means banks need to act earlier and more selectively. It also means the design of payment controls will become more important. The strongest fraud strategies will not rely on catching every bad transaction at the last second. They will combine better behavioural detection, smarter use of friction, earlier customer engagement and stronger coordination across the ecosystem.

What fraud leaders should take away

The most valuable aspect of Martijn’s perspective was his resistance to easy answers.

• Verification of Payee helps, but does not remove the need for other controls.
• Warnings matter, but they often arrive late in the scam journey.
• Human intervention works, but it is expensive.
• Collaboration is necessary, but it needs stronger incentives.
• Instant payments deliver real customer value, but they also make prevention more urgent and more complex.

For fraud leaders, the lesson is clear. The goal should not be to find a single measure that solves the problem. It should be to build a model that can adapt as fraud adapts.

That means thinking in layers. It means designing controls around real customer behaviour rather than idealised journeys. It means recognising that fraud is rarely confined to one institution, one channel or one moment in the payment process.

Above all, it means accepting that the future of fraud prevention in payments will depend as much on coordination and design as on detection.

For banks, PSPs and the wider fraud-fighting community, that is not always the simplest answer. But it is probably the most realistic one.

(If fraud fighting is your focus and you would like to know more about The Latest Trends in Compliance: AML and Sanctions and Screenings | AMLA and the Supervisory Shift: What It Means for Banks and Fintechs | The current state of Fraud according to GASA | The New Face of Fraud: How AI Changes the Rules and many more topics relevant to fraud, risk and compliance specialists, then join us on May 28 in Brussels for all the above and a whole lot more!)

If you prefer to hear directly from the expert, then you can watch or listen to the full interview with Martijn below, or find us on your favourite podcast platform here (don't forget to like, subscribe or follow - preferably all three 😇).