How financial institutions and fintechs can turn the tide on the rise of banking scams

As fraudsters continue to evolve, we break down common scams and how financial institutions can fight back.

That elderly relative who swears they’ve been chatting with Brad Pitt on Facebook and has been loaning him money for months? Odds are they’re the victim of a banking scam. From celebrity deepfakes and romance scams to spoofing and phishing, cybercriminals are upping their game. Nearly two-thirds of Americans have been in the crosshairs of a digital financial attack. And it’s not just the elderly. 

At this point, it seems we all know someone who has been a victim or an intended victim of a scammer. Even celebrities like Andy Cohen have fallen prey to convincing schemes, while journalists like crime writer Michael Wilson and financial advice columnist Charlotte Cowles have shared their own stories of swindle. 

As fraudsters have become more sophisticated and started to enlist the help of generative AI, they have been able to fool even the most savvy customers. In fact, Alloy’s 2025 State of Scams Report found that 85% percent of Americans worry that scams are becoming harder to detect because of AI technologies.

US consumers lost a record $12.5B to fraud in 2024 — up 25% from the previous year — with imposter scams ranking as the most common cause of fraud-related losses. With the influx of scams, legislators are seeking more ways to protect victims through proposed bills like the Taskforce for Recognizing and Averting Payment Scams (TRAPS) Act and other interventions.

In Alloy’s 2025 Fraud Benchmark Report, account takeover (ATO) fraud was cited as the second-most common type of fraud seen by banks, fintechs, and credit unions. Authorized push payment (APP) fraud was also named in the top five fraud types seen in the last twelve months.

With over half (60%) of financial institutions and fintechs experiencing increased fraud over the last year, it’s important to demystify questions around banking scams, like:

• What types of fraud are linked to bank scams?
• What are financial institutions and fintechs required to do to protect their customers?
• What are financial institutions and fintechs currently doing to educate their customers about banking scams?
• What can financial institutions and fintechs do to recover trust after a customer is scammed?

We explore these questions and more below.

What are some common types of banking scams?

The majority of consumers believe they can spot a financial scam, but the reality is that, under the right circumstances, even the most scam-aware people can miss red flags.

Fraudsters are becoming more sophisticated — the gift card cons we all know well are just the tip of the iceberg. That’s why it’s so important for both consumers and financial organizations to understand which banking scams are most prevalent and how to help customers avoid them.

What is a banking scam?

A banking scam encompasses all instances when a bad actor tricks a legitimate user into either sending them money or granting the fraudster access to their bank account. 

Scammers may use stolen account numbers or credit card information to drain their victims’ accounts, and there are countless tactics to do it:

• Spoofing the phone numbers and other contact information of a bank or government agency to get victims to reveal sensitive information like social security numbers or bank account numbers
• Impersonation phone calls or text messages from family members “in trouble” who need money transferred to them immediately
• Social media account impersonation that manipulates targets into sharing account information or credit/debit card numbers with their “loved ones”

The list goes on. But there are two main types of fraud perpetrated by banking scams that are crucial to understand: account takeover (ATO) fraud and authorized push payment (APP) fraud.

What is ATO fraud?

ATO fraud occurs when fraudsters gain unauthorized access to a target’s bank account. Once a fraudster gains control of an account, they will often change the passwords and begin to transfer money out of the account themselves before the legitimate account owner can regain access to the account to stop the transfer.

Learn more about account takeover fraud here

What is authorized push payment (APP) fraud?

APP fraud, sometimes called an imposter scam, occurs when a fraudster swindles an authorized user into transferring money to a bad actor, often through AI-driven social engineering scams.

How leading financial institutions and fintechs can prevent scams from happening in the first place

Because these scams use authorized accounts, credentials, and/or fund transfers, they can be difficult to detect — and even more challenging to resolve while maintaining customer trust.

So, how can organizations prevent their customers from ever falling victim to scammers?

Robust fraud controls at onboarding

Protection begins at the first touch. Comprehensive fraud checks at onboarding will filter out fraudsters, preventing them from ever opening accounts where they can funnel fraudulent money in the first place.

→ Learn more about Alloy’s onboarding solution

Step-up authentication methods

Step-up authentication methods add an extra layer of cybersecurity against unauthorized account access. Step-up authentication methods most useful for preventing scams include multi-factor authentication (MFA) and selfie ID verification.

Learn more about step-up authentication here

Pop-up messages

Many financial institutions and fintechs use pop-up messages to force customers to take an extra second to think about who they are sending money to. They’ll also require a double opt-in before sending the payment, which can help slow things down when scammers create a sense of urgency that gets customers to act more quickly and scrutinize less.

A focus on identity over transactions

When financial institutions or fintechs focus solely on transaction monitoring without identity risk management, they can only catch the scams after identity theft occurs and a fraudulent transaction has already gone through. This means the money has already been stolen by the time the bank detects the fraudulent behavior, and as funds move faster, the chances of actually recovering the funds diminish.

Instead, focus on building an evolving risk profile for each customer, outlining their typical behaviors, devices, and channels to help you spot an anomaly after they’ve become a target of a scammer, but before a fraudulent transaction has occurred.

Learn more about how an identity and fraud prevention platform can help you proactively manage ongoing risk.

Customer education programs

As part of the Office of the Comptroller of the Currency (OCC)’s Risk Management program, banks are required to have fraud training and education programs for both employees and customers. That said, there are no specific metrics a bank must adhere to for consumer education.

As scams have become increasingly common, financial institutions and fintechs have ramped up their customer education programs to better arm customers against common banking scams, using new and creative mediums.

For example, the American Banking Association (ABA), with participation from banks around the country, runs an annual campaign called #BanksNeverAskThat to make learning about banking fraud a fun and interactive activity rather than a dry lecture. They’ve built out a list of red flags, a quiz to test your sense for scams, and even a video game. 

With roughly three-fourths of consumers believing that educational materials from their financial institutions help them identify when they’re being scammed, financial institutions and fintechs can’t afford to put education on the back burner.

5 tips for financial institutions and fintechs building out their customer fraud education strategy

1. Consider all your channels platforms for educating customers. Prioritize channels where you see the most activity. Understanding how your customers interact with your banking services will ensure you allocate the right investment to the right channels.
2. Educate your customers on an ongoing basis. You don’t have to create a whole video game, but you can’t just send one email and call it a day. Build a strategy that includes regularly educating your customers about the different types of scams and fraud risks they may face.
3. Use examples and language that your customers can understand. We all know there are many complicated terms and acronyms in financial services. Save those for internal education programs. When educating your customers, use relatable terms and examples.
4. Focus your educational efforts on the scams you see most commonly. If you’re seeing an increase in a certain type of scam, like phishing emails, be proactive about educating customers on how they identify suspicious actions before it’s too late.
5. Strike the right balance between education and fear-mongering. It’s easy to sound pessimistic when talking about all the different scams your customers can possibly fall victim to. Keep the focus on empowering them with the tools to protect themselves, and reassure them that you have their back in the fight against fraudsters.

The importance of “the moment of truth”

In banking, your overall customer experience is only as good as your fraud processes. Banking professionals often use the term “the moment of truth” to describe the moment when a customer is victimized by a fraudster.

At this moment, how a bank or fintech responds to the fraud incident has a lasting impact on the customer — and their business. Alloy’s 2025 State of Scams Report found that 97% of consumers rank fraud prevention and security measures as the most important factors in choosing a financial institution.

When there’s a compromise, customers look for a thorough response and expect immediate action. Alloy’s report shows that 68% expect a bank to freeze compromised accounts, and 67% expect their stolen funds to be reimbursed by the institution. 

Communication is another key element to a scam response done right. Did the customer know where to call and how to report the activity? Was the activity detected and the loss prevented? If money was successfully moved out of the account, did the customer get it back? How quickly was the issue resolved, and was communication about it clear, concise, and timely? Close to nine in ten consumers (87%) say that if their bank failed to notify them of a scam attempt immediately, it would negatively impact their trust.

Overall, it’s imperative that a customer feels their situation is being handled properly and with empathy. This interaction can define their relationship with their financial organization in the future, and prompt them to secure any other at-risk bank accounts they may have elsewhere.

If a customer has a negative experience, their business could be lost for good. But if the situation is handled well, they may be more inclined to deepen their relationship with the bank and expand the products and services they are using.

Fighting fraud is a team effort. When financial institutions, fintechs, and customers all work together with strengthened protective measures and deeper education, the tides may finally start to turn on these financial predators.