Karmine Consulting

Tag: AML

  • Digital Marketplace Scams: Follow the Money and Fight Back with AI

    Digital Marketplace Scams: Follow the Money and Fight Back with AI

    Introduction

    Digital marketplaces have revolutionised commerce by enabling instant global trade at scale. This same infrastructure that connects billions of buyers and sellers has also opened new territory for financial crime. Marketplace scams, from fake listings and cloned storefronts to payment diversion schemes, are now among the fastest-growing fraud typologies worldwide.

    According to a 2024 report, global scam losses exceeded US $1 trillion in 2023.

    A subsequent 2025 survey by the same organizations found that roughly 23% of adults worldwide reported losing money to a scam. In the United States, scam-related fraud incidents rose 56% in 2024 and financial losses more than doubled. Scams have now overtaken traditional card abuse as the dominant form of online fraud.

    For banks, this escalation is significant. Marketplace scams intersect directly with formal payment systems, prompting regulatory scrutiny and placing pressure on financial institutions to treat these typologies as part of the broader financial crime agenda. As consumer trust erodes, regulators are tightening oversight and financial institutions are racing to strengthen defences. Increasingly, that defence is AI-powered, combining fraud prevention with the forensic discipline of “follow the money.”

    The Rising Threat of Digital Marketplace Scams

    Marketplaces thrive on accessibility which makes them ideal hunting grounds for organized fraud rings posing as legitimate sellers. For financial institutions, digital marketplaces represent a high-velocity fraud environment. Criminal networks exploit automation, anonymity, and the high-volume transaction flow to strike quickly and disappear before detection.

    Common tactics include –

    • Non-delivery and counterfeit goods: Fake online stores offer large discounts, take payment, and disappear without sending the product.
    • Seller impersonation: Scammers copy or hack trusted seller accounts and redirect buyers to pay outside the platform.
    • Phishing and fake support: Criminals pose as marketplace staff or buyers to trick users into sharing passwords or payment details.
    • Overpayment and refund scams: Fraudsters overpay with stolen cards and ask for a refund before the original payment is reversed.

    Behind these familiar fronts lies a professionalized underground economy. Fraud operations share data, reuse templates, and now deploy generative AI to create fake storefronts, invoices, and customer chats.

    Interpol now estimates cyberfraud generates around $3 trillion annually surpassing the profits of the global drug trade.

    A recent Reuters investigation revealed internal Meta documents suggesting that up to 10% of the company’s projected 2024 revenue, roughly US $16 billion, was linked to ads related to scams or prohibited goods. The same algorithms that promoted legitimate sellers were also monetising fraudulent campaigns. This showed how platform design can amplify deception when integrity controls are not embedded from the start.

    The Cost of Fraud: Why Businesses and Banks Care

    For consumers, marketplace scams mean lost money. For the financial sector, they mean chargebacks, regulatory exposure, and reputational damage. When fraudulent sellers disappear, banks and card networks often absorb refund costs and operational losses.

    Global e-commerce fraud losses are projected to increase from US $44 billion in 2024 to US $107 billion by 2029.

    This represents an increase of around 141%, according to Juniper Research. A separate TransUnion study found that companies worldwide lose an average of 7.7% of annual revenue to fraud-related costs.

    Regulatory frameworks are reinforcing accountability:

    • Singapore’s Scam Liability Framework (2024) requires strict real-time controls and full reimbursement where banks fail to protect customers.
    • The UK Payment Systems Regulator (PSR) introduced mandatory reimbursement for authorised push payment (APP) scams in 2025.
    • The European Union’s Payment Services Regulation (PSR2) and the forthcoming AI Act strengthen fraud prevention and transparency requirements for platforms and payment providers.

    Collectively, these frameworks shift the burden from voluntary security measures to enforceable obligations. Fraud prevention is now being positioned as a financial-crime compliance priority.

    Following the Money: Turning AML Discipline on Scams

    Every scam must move money. This gives banks a unique vantage point. The same analytical discipline used in AML investigations can expose the structures behind marketplace scams.

    Banks and payment providers use:

    • Transaction pattern analysis to identify clusters of small, fast withdrawals typical of cashout networks.
    • Link analysis to map shared IP addresses, devices, and beneficiary accounts across multiple seller profiles.
    • Graph analytics to visualize connected fraud rings spanning platforms or borders.

    When several seller accounts route payments to the same endpoint, or when refund flows repeatedly converge on identical processors, these systems flag the anomaly. The insight is simple here – money leaves digital footprints long after a fake storefront disappears.

    Cross-border data sharing and federated learning allow banks to trace typologies across jurisdictions without exposing private data. This capability is essential because fraud networks operate globally while regulation still largely remain national.

    AI to the Rescue: Intelligent, Adaptive Defences

    Fraudsters are increasingly weaponizing AI through deepfake voices, synthetic identities, and automated chat scripts to elevate the sophistication of marketplace scams. Financial institutions are responding by embedding AI across fraud systems to identify anomalies in real time and learn continuously.

    Key applications include:

    • Real-time anomaly detection: Scans behaviour and transaction data continuously to identify unusual patterns within milliseconds.
    • Predictive risk scoring: Evaluates every payment, login, or listing by assigning dynamic risk probabilities.
    • Evidence Analysis: Document and content analysis that flags recycled images, forged seller documents, repeated scam scripts, and counterfeit invoices tied to fraudulent merchants.
    • Identity Screening: Uses facial matching, liveness checks, and document validation to confirm seller authenticity.

    Federated learning: Enables banks to share fraud insights securely without exposing customer data.

    In 2025, a SWIFT pilot involving 13 international banks showed that federated learning combined with privacy-enhancing technologies doubled real-time detection effectiveness.

    These models learned collectively while keeping sensitive information protected. Mastercard has reported similar advances, noting faster detection of compromised cards and greater ability to intercept fraudulent transactions before authorisation.

    The message is clear. AI has become both the weapon and the shield. Institutions that do not modernise will fall behind the curve.

    Layered Defences and Collective Vigilance

    No single tool can solve fraud. Leading institutions now combine technology, human judgment, and ecosystem collaboration to build layered resilience.

    • Multifactor authentication and transaction controls prevent account takeovers and rapid-fire payouts.
    • Real-time monitoring and customer kill switches allow rapid containment when fraud is suspected.
    • Consumer-facing warnings have reduced scam success rates by prompting users before they complete risky transfers.
    • Industry consortia such as the Global Anti-Scam Alliance are building shared intelligence networks that complement federated learning models.
    • Regulatory frameworks (EU’s forthcoming AI Act) require platforms to disclose AI-generated content, which reduces the spread of deepfake scam advertising.

    These measures represent a whole-of-network approach where banks, fintechs, marketplaces, and regulators collaborate to strengthen digital trust.

    Conclusion: Trust Is the Currency of Digital Commerce

    Digital marketplace scams represent the financial crime frontier of the decade, where cyber deception meets payment infrastructure. The response requires advanced analytics, AI

    Banks can dismantle scam networks by tracing the money flows behind digital storefronts. AI deployed across detection layers positions them ahead of fast-changing typologies. While, collaboration with regulators and technology firms then closes the systemic gaps and loopholes that fraud networks exploit.

    The lesson from the Meta ad-scam revelations is clear. When deception becomes profitable, trust becomes optional. Financial institutions now play a central role in safeguarding the digital marketplace, and fraud prevention must reflect that responsibility.

    Trust is the new currency of digital commerce. Integrity is the regulator that protects it.

  • Less Noise, More Focus: How FinCEN is quietly rewiring the AML narrative

    Less Noise, More Focus: How FinCEN is quietly rewiring the AML narrative

    Introduction

    Recently, FinCEN released two developments that deserve close attention: the October 2025 SAR FAQs and a proposed Cost of Compliance Survey for NBFIs. Read together, these signals point to a shift away from measuring AML effectiveness through volume and accelerating toward evaluating quality and intelligence value of what is submitted.

    This is a significant reframing. The intent is not to reduce vigilance, but to challenge the long-standing assumption that more SARs automatically reflects stronger control and more spend implies deeper compliance entrenchment.

    The question is whether this shift will give institutions enough regulatory confidence to reduce defensive filing and instead base filing decisions on contextual suspicion and risk evidence.

    What the SAR FAQs clarify

    FinCEN is drawing a subtle boundary between suspicious behaviour and alert thresholds. The FAQ clarifies that –

    • Transactions near the US $10,000 currency threshold do not, by themselves, automatically require a SAR. A reason to suspect or suspicion remains the key trigger.
    • A separate account review is not obligatory post-SAR, unless the institution’s risk analysis supports it.
    • Institutions are not mandated to document every decision not to file a SAR, beyond alignment with risk-based internal controls.

    This is a direct encouragement to reduce mechanical alerting / reporting without weakening coverage integrity and move towards intelligence driven filings.

    The Proposed Compliance Cost Survey

    FinCEN has proposed a Cost of Compliance Survey and is seeking comments before implementation. This survey indicates their intent to build evidence before recalibrating the compliance burden. The survey targets casinos, money services businesses (MSBs), dealers in precious metals and stones, credit card operators and loan and finance companies because these segments carry high regulatory overhead but often may not produce proportional intelligence value.

    Structural changes cannot be justified based on industry sentiment or fatigue but require proof that the current architecture is not positioned to generate intelligence.

    This survey is aiming to distinguish where compliance effort translates into useful insight for enforcement versus where it simply creates operational volume.

    • Which activities generate genuine investigative value?
    • Which activities have high workload with low-intelligence outcomes?

    Shift in Regulatory Posture

    Read together with the SAR FAQs, this indicates a meaningful shift in supervisory posture.

    • From quantity to quality: Active dissuasion of reflexive filings triggered solely by thresholds or as simply a defensive practice. The directive seeks to question whether the cost of monitoring & filing is justified by results. Reduction in SAR output will only work if the coverage is not compromised.
    • From burden to calibration: The Survey acknowledges that AML/CFT compliance imposes real costs and that regulatory design should reflect proportionality.
    • From checklist to intelligence: The emphasis is shifting toward genuine risk-based programs driven by intelligent monitoring and meaningful results rather than sheer volume. This means that firms will have to implement stronger and comprehensive controls to defend their non-filing decisions.

    Some parts of the AML stack may be over engineered relative to the intelligence they produce. If the survey results confirm this, FinCEN will have the evidence to rebalance the compliance burden without being accused of weakening their stance against money laundering and terrorism financing.

    Our view: Where does this direction lead?

    If regulators start framing effectiveness in terms of signal value rather than output, firms will be expected to justify why their control design looks the way it does. Supervisors will not only look at how many alerts or SARs are generated, but whether the architecture that created them is proportionate, risk anchored and defensible.

    That requires some structural shifts:

    Customer 360 needs to become real infrastructure instead of a conceptual diagram on the slide. Entity resolution, unified data lakes, consistent identifiers and relationship mapping have to be real engines that support detection, not just a reference point. Until analysts see behavioural patterns, network context and historical context in one place, coverage will remain shallow and decisions will continue to default to defensive filing.

    Federated learning needs to progress to ecosystem scale. This does not require firms to pool raw data. It requires a pattern / signal exchange layer that allows multiple institutions to strengthen typology understanding and accelerate detection maturity without breaching privacy.

    It also forces a shift internally. Most institutions still do not have effective horizontal signal sharing across their own product, fraud, AML, cyber security and customer teams. If internal departments cannot share context consistently, external signal exchange will not produce an uplift.

    Given the pace of typology evolution, federated learning models will become necessary if institutions want sustainable accuracy.

    Feedback driven SAR programs are the need of the hour for effective recalibration. Today SARs exit the institution with no structured utilisation signal being returned. Without feedback, firms cannot measure the quality of their output and in such scenarios, quantity becomes the comfort metric. Even basic outcome metadata would allow firms to tune thresholds, recalibrate models and prioritise investigations based on what actually matters.

    The FCA and UK-FIU have demonstrated that structured feedback can be distributed in sanitised formats through information sharing, thematic insights and standardised communication without revealing sensitive investigation detail. A similar FinCEN version of that would significantly increase the value of industry effort.

    Model driven Analytics and AI need to move beyond threshold tuning and rule stacking. With recent developments, there is increased expectation for models to be explainable, grounded in evidence and aligned to measurable signal improvement rather than generic accuracy.

    Analyst skill sets will also need to shift toward structured reasoning, feature literacy and narrative building based on pattern logic. These changes focus on improving control quality so that effort is applied where it produces intelligent signals rather than volume.

    Conclusion

    The real value shift is not reviewing / filing less. It is moving analyst time from first level alert dispositioning into investigation work that actually produces intelligence. Better data, privacy safe collaborative learning and feedback loops are the practical enablers.

    Lower noise will demand stronger defence of non-filing decisions because scrutiny will shift to the quality of rationale rather than the comfort of large numbers. Institutions that rebuild their data foundations, participate in privacy-safe shared learning and advocate for structured feedback loops will be aligned with this new supervisory trajectory.

    Institutions that cling to volume as the primary indicator of performance risk remaining trapped inside alert noise.