Who is leading the fight against confidence scams, and who should?

U.S. agencies have moved from public advisories to more meaningful enforcement actions against perpetrators. In October, we saw coordinated cross-border enforcement actions by the U.S. and U.K. against Southeast Asian fraud networks, the designation of a financial institution (FI) as a primary money laundering concern, and the indictment of a fraud network mastermind.

Enforcement actions are effective for reducing safe havens for criminal operators, but they are only part of the solution. Minimizing internet-based fraud needs to be a comprehensive, multi-pronged effort with FIs playing a critical role in the fight. Confidence scams in particular exploit quick conversion rails and opaque intermediaries.

They also benefit from the silos among banks, fintechs, crypto firms, and law enforcement. These factors allow scammers to convert and move money faster than law enforcement can intervene. Yet, FIs are uniquely positioned to prevent the flow of funds by detecting grooming patterns, interrupting suspicious outflows, and enabling consumers to reconsider risky decisions.

Context and practical guidance for FIs

FIs already have the mechanisms to monitor customer activity and establish baseline behavior. What they need is to configure their rules differently. For example, traditional fraud detection is configured to catch unauthorized transactions, such as a purchase made with a stolen card or atypical international transactions. Similarly, traditional money laundering-based rules typically center around threshold amounts.

But identifying romance scams and pig butchering transactions requires a different application of behavioral analytics, with more focus on behavior and context. This is because they are facilitated by the victims themselves.

FIs also have access to the necessary data to reasonably infer some customers’ susceptibility to confidence scams, which typically start on dating sites and social media platforms. Using machine learning and behavioral analytics, FIs can flag and monitor at-risk customers by detecting dating app or social media activity, such as subscriptions and micro “gifting,” via merchant descriptors and Merchant Category Codes.

According to FINCEN, some confidence scam victims liquidate tax advantaged accounts or take out Home Equity Lines of Credit (HELOCs) or second mortgages to fund their “investments.” Pig butcherers may allow victims to withdraw small amounts of their investments during the “fattening” stage to further establish trust. Similarly, romance scammers request small-value payments during the early stages of the scheme to gain more confidence from the victim and to normalize the activity, so that subsequent larger transfers are less scrutinized. These small, early payouts are a manipulation tactic; they are proof that the scam operates on trust and not that the transactions are legitimate.

Against this backdrop, FIs will need to reconfigure rules to detect sudden or unusual behavioral patterns, including cadence and sequence, that typically reveal themselves during the earlier stages of the scheme. This includes:

• Internal transfers of funds from savings or a certificate of deposit to checking accounts, followed by immediate attempts to transfer to new beneficiaries or to a Virtual Asset Service Provider (VASP).
• Large, sudden incoming transfers from external retirement custodians or brokerage accounts, as well as large outgoing transfers following a HELOC or second mortgage.
• Multiple or large transfers to VASPs by customers with no prior history of cryptocurrency engagement.
• Low-value incoming credits from new sources followed by high-value outgoing transfers to new beneficiaries or VASP.

Enhanced transaction screening and deliberate friction

Introducing friction points during the authorization stage to flag high-risk transfers for temporary holds before hitting irreversible rails is crucial for authorized push payments. Most banks send automated text messages when customer activity appears unusual, such as an international point-of-sale transaction. The same logic can be applied so customers receive a clear and concise on-screen prompt to acknowledge or attest that the transfer is voluntary and not coerced.

Romance scam victims often misrepresent the true reason behind large transfers, and FIs too often process them without verification. This is a missed opportunity for first-line staff at banks and credit unions in particular.

When staff are adequately trained to spot in‑person red flags and signs of emotional manipulation, they are positioned to screen and delay risky transactions. Brief verification scripts, like asking whether the customer has ever met the recipient in person before, and if the transfer was prompted online, along with collecting corroborating documents, are crucial preventative measures. This pre-transaction authorization moment could also be the last reliable opportunity for staff to prompt customer doubt before an irreversible transaction.

These steps introduce delays to the customer experience, but the tradeoff is added customer protection.

The hard work ahead

Gone are the days of the easy-to-spot Nigerian prince scams.

Criminal tactics have evolved, and will continue to adjust to changes in technology and consumer behavior. Though governments and social platforms should respond in kind and continue to improve upon their safeguards, FIs are at the head of the table.

They are the only players positioned to analyze and interrupt transaction flows in real time. It is a heavy burden to bear, but they are undeniably the best, immediate defense in thwarting illicit money flow.