The FTC’s message is clear: online fraud is growing, fast
In its 25 March 2026 testimony, The Rising Scam Economy: Modernizing Federal Approaches to Protect Americans from Foreign Fraudsters, the U.S. Federal Trade Commission delivered a blunt warning to Congress: the scam economy is expanding. In 2025 alone, U.S. consumers submitted 3 million fraud reports and reported $15.9 billion in losses. That is a sharp increase from the previous year’s more than $12 billion. The FTC further notes that reported fraud losses have risen year after year for six consecutive years and are up nearly 430% since 2020.
The FTC also makes clear that these figures likely understate the true scale of harm. Taking underreporting into account, it estimates that the overall cost of fraud to consumers for 2024 could have been as high as $195.9 billion.
Notably, the European Union still lacks comparable fraud statistics across its Member States.
Investment scams are now the biggest loss driver
The FTC’s most important finding is not merely that fraud is rising. It is that investment scams now generate the highest aggregate consumer losses. In 2025, consumers reported more than $7.9 billion in losses from investment scams, with an average individual loss above $10,000. Roughly half of all reported fraud losses for 2025 were attributable to investment scams.
This matters because it confirms that online investment fraud is not a niche consumer issue. It is one of the most damaging fraud categories in the modern digital economy. The FTC also reports that consumers suffered the highest aggregate losses by sending money through bank payments, followed by cryptocurrency, while credit cards remained the most frequently identified payment method in fraud reports.
The FTC is pointing to the real problem: infrastructure
The FTC openly acknowledges that cross-border fraud is difficult to fight directly. That is why it has made it a priority to act not only against fraudsters, but also against companies that unlawfully facilitate foreign schemes and give them access to U.S. payment and communications systems. In the FTC’s own logic, cutting off access to infrastructure is essential to cutting off the fraud.
That is the key point Europe should not ignore.
Modern scams do not scale on persuasion alone. They scale because they gain access to:
- payment processing,
- bank accounts,
- telecom networks,
- platforms,
- merchant infrastructure,
- and cash-out channels.
What this means for Europe
For EFRI, the FTC report confirms something fundamental: single victims cannot be left alone with an industrialised fraud problem. Where fraud is cross-border, data-driven, and infrastructure-dependent, the response cannot rest on individual complaints, fragmented ADR systems, or years of litigation by consumers who do not control the evidence, the payment rails, or the transaction data. EFRI’s shared-responsibility paper argues that effective redress must be institutional, European, and aligned with functional control over risk.
What we see in the Payvision Files
The Payvision chats show that, in chats between Uwe Lenhoff and his fraud managers from 2015 until the end of January 2019, the scam organisation was focused above all on two things: leads and payment facilities. Online fraud does not work without payment processing. Without banks and payment processors, stolen funds cannot be collected, laundered, and routed to the scam networks. The chats show that finding payment processors willing to work with scammers was one of the organisation’s most important operational priorities. This is exactly why banks and payment processors must be at the centre of any serious anti-fraud response.
During the three-year scam period, several banks and payment service providers, including Wirecard Bank (October 2016) and SafeCharge (April 2017), stopped servicing entities linked to Lenhoff and Barak, largely because public warnings had made clear that the operators lacked the required licences. This demonstrates that AML and compliance rules can be effective when institutions choose to enforce them. In EFRI’s view, and based on chats contained in Lenhoff’s criminal court files, Payvision’s continued cooperation — despite being a DNB-licensed and supervised payment institution — helped keep the scam infrastructure operational and enabled Lenhoff and Barak to harm European consumers on a scale of roughly €350 million over more than three years.
EFRI’s position is not merely that Payvision ignored red flags. EFRI’s position, based on its Payvision dossier and related materials, is that Payvision actively supported the fraud system by helping to structure merchant arrangements, processing large volumes for the Lenhoff/Barak platforms, maintaining the payment flows despite repeated warning signs, and authorising settlement flows that, according to the chats found, helped keep the operation functioning.
Enablers such as Payvision must be identified and held liable. Managers who knowingly keep scam infrastructures running should be treated accordingly under criminal law, just like the beneficial owners behind the fraud schemes. Online fraud will not be addressed adequately until authorities understand this. At present, law enforcement focuses on closing call centres. But the chats over a three-year scam period (Lenhoff´s criminal court file) show that recruiting new call-centre staff was never the real challenge. The real challenge was securing banks and payment processors willing to keep the fraud system operational.
The real lesson of the FTC report
The FTC report should be read as more than a U.S. fraud update. It is an institutional acknowledgment that the fight against online fraud must move upstream.
If investment scams are now among the largest sources of consumer loss, and if bank payments and other financial channels are central to the damage, then the legal and regulatory focus cannot remain limited to the visible scammers at the front end. It must include the infrastructure that made the scam economy operational in the first place.
That is the wider significance of the FTC’s warning.
And that is why Europe must finally stop treating scam losses as isolated consumer mistakes and start addressing them as what they are: the product of organised fraud systems that depend on institutional access to payments, platforms, and communications networks. The FTC has now said as much. Europe should finally act accordingly.
If fraud depends on regulated infrastructure, then institutions that keep that infrastructure available cannot be treated as bystanders.
