Cyber Fraud: Banks Urge Cross-Industry Action and Modernized Rules

Banks and other financial players said federal policy updates and tighter collaboration with adjacent industries are needed to curb online scams more broadly, according to security specialists speaking during a Wednesday webcast about the growing criminal threat.

Online fraud is broadly defined as deception carried out through digital channels—such as email, text messages, social media, apps, or fake websites—designed to trick victims into sending money or revealing sensitive information like passwords, account numbers, or identity details.

In practice, that can include phishing messages that impersonate a bank, identity theft that uses stolen data to open or take over accounts, romance scams that manipulate victims into repeated payments, investment scams that promise outsized returns, and online shopping fraud involving counterfeit storefronts or non-delivered goods. Common categories also include account takeover, business email compromise, and other social-engineering ploys that pressure targets into acting quickly.

Scams often work by targeting people at scale with convincing lures, then steering a victim into a high-pressure interaction—sometimes with spoofed phone numbers, look-alike domains, or AI-generated messages and voices—until the victim shares credentials or authorizes a payment. Online fraud persists because it is lucrative, can be carried out with relative anonymity and speed, and often succeeds when security gaps, weak passwords, or delayed reporting give criminals time to move funds through money mules and layered accounts. The after-effects can extend beyond direct financial loss, including emotional distress, lost time, damaged credit, and reputational harm when compromised accounts are used to target others.

Individual prevention typically starts with strong, unique passwords and multifactor authentication, skepticism toward unsolicited messages that request money or login details, and careful verification of websites and senders before clicking links or sharing information. Security tools and habits—such as device updates, password managers, account alerts, and limiting what is posted publicly—can reduce exposure and make it harder for criminals to manipulate targets.

Donna Turner, a consultant with Risk Insight Solutions and former chief operating officer at Early Warning Services, the bank-owned parent of Zelle and Paze, said programs overseas show that working across sectors produces real gains. “We should embrace an all‑industry playbook similar to what’s proven abroad,” she said.

Turner and fellow speakers appeared at “Attacking Fraud in the AI Age,” a virtual forum on how artificial intelligence is reshaping the fight against illicit activity, from identity theft to account abuse, co-hosted by Payments Dive and Banking Dive.

Cross-Industry Collaboration Against Cyber Threats

As scammers deploy AI‑fueled tactics, uniting banks, telecom carriers, and social platforms could be especially powerful, said Paul Benda, executive vice president for risk, fraud, and cybersecurity at the American Bankers Association.

To halt schemes earlier, telecom and social network telemetry should flow into banks, with reciprocal account intelligence shared back, Benda said. With end‑to‑end visibility, institutions can trace money mules and stop transfers to accounts known to support criminal activity.

Speakers argued that preventing online fraud at an organizational level increasingly depends on combining those signals with coordinated controls, including stronger customer authentication, rapid detection of unusual behavior, employee training to resist social engineering, tighter verification for high-risk transactions, and faster cross-sector escalation when suspicious activity is identified.

The panel also featured Mark Kwapiszeski, executive chief information officer at PNC Bank, and David Maimon, head of fraud insights at SentiLink, a San Francisco risk solutions firm.

Kwapiszeski urged stronger coordination so institutions can shift from reacting to proactively dismantling entire criminal rings rather than isolated incidents.

He added that applying AI jointly across institutions could expose how these networks are wired, pinpointing the nodes that, once removed, cause the enterprise that commits scams to collapse.

Policy Changes to Take Action on Data Sharing

On the policy front, Turner called for a modernized safe‑harbor framework that would broaden liability protections when firms coordinate to deter illicit transfers. Today’s limited shield stems from the Bank Secrecy Act, which permits sharing tied to suspected money laundering or terrorism and defines the legal authority for such exchanges.

Benda said those Bank Secrecy Act boundaries illustrate why a different regulatory approach is needed to enable robust information exchange between banks and non‑banks.

He noted the statute’s timelines do little to prevent or stop fraud and its coverage excludes other sectors, making it an ineffective tool for real‑time prevention.

For consumers who suspect they have been targeted, specialists generally recommend acting quickly: contact the bank or payment provider immediately to flag the transaction, secure accounts by changing passwords and enabling multifactor authentication, and preserve messages, receipts, and other records. Victims may also file a police report and notify appropriate reporting agencies, and in cases involving identity theft, alert credit bureaus to place fraud alerts or credit freezes.

Recovering money lost to online scams can be possible, but outcomes depend on how the payment was sent, how quickly it is reported, and whether funds have already been moved onward. Banks and payment services may be able to stop, reverse, or recall certain transfers in limited circumstances, and disputes or chargebacks may apply to some card-based transactions, but delays can sharply reduce the chances of recovery.

Public‑sector involvement intensified last week when President Donald Trump signed an executive order addressing cybercrime, directing a 60‑day review of tools and capabilities to confront cross‑border criminal organizations.

The order also requires a 120‑day action plan to prevent, disrupt, investigate, and dismantle groups driving online scams.

Trump has additionally tapped Justice Department attorney Colin McDonald to lead a new national fraud enforcement division, and his nomination is pending a Senate confirmation vote.