The missing link to stop fraud

By Erik Vesterlund5 min read
Abstract illustration of a payment moving along a highlighted path through a chain of connected financial institutions, with the final node fading to represent a closing recovery window.

The fight against fraud has long centered on one thing: detection. Transaction monitoring, behavioral analytics, AI and increasingly sophisticated models, all with the same goal, to catch the fraudulent payment before the money leaves the account. Detection has improved enormously over the past decade.

But along the way the industry built in an assumption that costs victims a great deal of money every year. When a payment does slip through, and some always will, the belief is that the money is gone and the case is closed. The customer approved the transfer, the funds left the account, everyone moves on to the next alert.

That assumption is wrong. Large sums that could have been recovered never are, for the single reason that no one tried in time.

The question the industry stopped asking

Detection is necessary, but it is not the whole picture. By putting almost all of its effort into stopping a payment at the moment it is made, the industry has stopped asking what happens in the minutes and hours afterward.

This is not a hypothetical gap. Phishing, smishing, and investment scams have one thing in common: the victim often realizes what happened very quickly. Within minutes, they call their bank and ask for the payment to be stopped. By then the detection systems have already done their job, or failed to. The question is no longer whether the fraud can be detected, but whether anything can still be done about it.

For most institutions, there is no real answer to that question. That is the blind spot.

Follow the money

The answer is in how the money actually moves. A fraudulent payment rarely lands straight in a criminal's pocket. It travels through a chain of regulated institutions: banks, payment service providers, e-money institutions, and crypto exchanges. Each one has its own controls.

That is an opportunity. Every link in the chain can act. A receiving institution may already have flagged the account holder as high risk. It may be able to hold or delay a payment pending review. The money does not always pass through instantly and invisibly.

So for a period after the fraud, the money is still inside the regulated system. And as long as it is, it can be reached.

A closing window

But the window does not stay open. The funds may reach for example a crypto exchange, be converted into crypto, and leave for a wallet outside the regulated perimeter, and there are other exits. Once the money leaves the system, recovery becomes extremely difficult, and usually impossible.

It all comes down to a question of speed: can the institutions in the chain act before the window closes?

In practice, the answer is an email

Here is how it works today. When a bank wants to stop a fraudulent payment further down the chain, it identifies the institution that received the money, finds the right contact details if it has them, and sends an email. Then it waits, and hopes someone on the other side opens it in time.

That is the best the industry has for stopping fraud between institutions. An email, sent into an inbox, read whenever it happens to be read.

The weakness is obvious. Fraud moves fast; people in organizations generally don't. Based on Reqport's data, around 30% of these fraud-response messages in Sweden are sent outside working hours, in the evenings, overnight, and on weekends, exactly when no one is watching the inbox. A process that depends on a person being at their desk cannot keep pace with fraud built to move fast.

The fix is not complicated. The communication between institutions needs to be direct and structured, rather than manual and email-based.

If a message from one institution to another can be acted on automatically, pausing a transaction for review the moment it arrives, then confirmed fraud can be stopped in real time, and the money returned to the victim instead of vanishing into an unregulated wallet.

This is the missing link. What the industry needs is not another layer of detection, but a faster, automated way for the institutions that already detect fraud to act on what they find.

It needs no new rulebook

The natural objection is regulatory. Data sharing in financial crime is the subject of large initiatives and long debates, much of it about the legal changes that broader sharing would require.

But this case is narrower, and the sharing already happens today. When a bank emails the next institution in the chain, the two parties already exchange the information needed, tied to a specific transaction they are handling together. It is not a new category of data sharing waiting for a new framework.

The point is not to create a new right to share. It is to make a transfer of information that already takes place direct and automatic, instead of manual and slow. It does not need to wait for new regulation.

A better way forward

Detection will keep improving, and it should. But the next real reduction in fraud losses will not come from catching slightly more payments at the moment they are made. It will come from closing the gap that opens right afterward, between an institution realizing a payment is fraudulent and the next institution in the chain being able to do anything about it.

The money is recoverable for longer than most people assume. What has been missing is the connection that lets institutions act together, in real time.


Erik Vesterlund

CEO, Reqport