Beyond the Black Box:
Why human-centric fraud demands ecosystem-wide transformation

Fraud is changing fast, and so is the conversation around how the industry responds. This executive summary offers an early look at the thinking behind Ecommpay’s upcoming two-part white paper. Part 1 will be released in April, with Part 2 following later in the year.

There is no denying that fraud is a growing threat. Each year, case numbers rise, financial losses increase, and the methods criminals use to defraud consumers and businesses continue to evolve. These shifts make it increasingly difficult for businesses, individuals, regulators and governments to keep up, let alone get ahead of fraud. Clearly, more must be done to drive real, meaningful change.

To help businesses that rely on the successful operation of e-commerce – from merchants to FinTechs and a myriad of other operators – a new report from Ecommpay examines fraud through the lens of systemic human vulnerability and the current misplacement of resources, regulation and tools. Bringing together insights from fraud, compliance and regulation experts, the report also provides merchants with guidance to help them make vital changes that protect their businesses from becoming targets or falling victim to fraud.

The interviews revealed a fundamental paradox: while fraud has shifted from technical exploitation to human manipulation, the regulatory and industry response remains anchored in technical and institutional solutions. Having built our own ground-breaking fraud detection solutions, Ecommpay is helping merchants protect themselves and their customers from fraud, stopping criminals in their tracks.

The goal is for these insights to spur merchants and FinTechs into action, encouraging them to join forces with competitors, industry bodies, regulators and government to bring about the change we have all been waiting for.

To register for an advance copy of the first part of this report, please sign up here.

The Crime Survey for England and Wales (CSEW) for the year ending March 2025 showed a 31% year-on-year increase in fraud incidents. Within this rise was a 30% increase in bank and credit account fraud and a 23% increase in consumer and retail fraud. In 2024–25, there were an estimated 4.2 million fraud incidents. Around three million resulted in a loss, and 2.1 million victims were reimbursed, leaving close to one million incidents unresolved and financial institutions significantly out of pocket.

There are also a number of areas where fraud risk is growing. For example, romance scams, which often take place across borders, are becoming more prevalent, with the topic now warranting its own report by the FCA. But whatever the type of fraud, one thing is clear: criminals are winning.

Adding to the challenge is the uncomfortable truth that fraud is a borderless crime. Typologies may differ across geographies, depending on the payment methods and systems in use, but fraud can target any location from anywhere – fraudsters no longer act locally; they act globally. In direct contrast, businesses are required to adopt and manage local regulatory requirements that are often fragmented.

To bring about the necessary gear shift that will allow the sector to tackle fraud head-on, we first need to understand what we are up against.

The report analyses the current fraud landscape, the regulatory knots in which we find ourselves tied, how the human element creates vulnerability, and how we can each play our part in transforming the fraud landscape to better protect individuals and businesses.

With the help of leading industry experts, we have identified three uncomfortable truths that must be acknowledged before we can move forward:

• Current fraud prevention creates competitive disadvantage and market distortion – smaller players with limited resources cannot compete with larger organisations.
• Human psychology has become the primary attack vector – but fraud prevention technology and regulation are still built around protecting systems rather than addressing human vulnerabilities.
• Regulatory frameworks contain inherent conflicts that cannot be resolved at the institutional level – the Financial Ombudsman could become the de facto regulator for fraud and Consumer Duty conflicts, potentially reshaping regulation itself. The regulatory environment cannot evolve at the same pace as criminals, and with businesses bearing the cost of complying with laws that fraudsters simply evade, it is almost impossible for them to stay ahead.

While significant, lasting, global change will depend on major shifts in how the industry works together and is regulated, there are practical steps e-commerce merchants can take today to help protect themselves and their customers.

Discuss fraud prevention with your payment provider

• Do they have robust processes in place that benefit from, but do not rely solely on, AI and machine learning?
• Is their payment gateway PCI DSS compliant?
• Do they use encryption protocols such as TLS (Transport Layer Security)?
• Do they use tokenised payments to keep customers’ real card details hidden?
• Do they regularly update their systems to keep pace with the latest regulation and emerging fraud types?
• Will their system flag unusual customer behaviour that could indicate fraud?

Carry out an audit of your own systems

• Are there weak spots, vulnerabilities or easy ways for fraudsters to exploit your customers?
• Do you have strong customer authentication in place, such as biometric verification and one-time passcodes?
• Do you monitor transactions for suspicious patterns?
• Are your customer details secure?
• Could you implement transaction limits or request additional verification for higher-value or first-time purchases?
• Is your returns policy clear and accessible on your website, helping reduce the risk of refund fraud?

This is especially valuable for newer forms of fraud, such as APP fraud, which may be unfamiliar to customers.

Staff should be taught to spot signs of fraudulent behaviour, follow protocols for verifying customer ID, and know how to escalate suspected fraud cases.

Fraudsters are continually finding new ways to get their hands on other people’s money. Staying informed about emerging trends can help ensure your fraud prevention measures remain fit for purpose.

Established, trusted brands are easy targets for fraudsters, who use fake sites to trick customers into spending.

Even if a transaction was stopped, report it so the PSP can investigate and potentially trace the fraudster and any connected activity.