Modern Fraud Has Become Infrastructure
Modern online fraud is no longer a collection of isolated scams. It has become infrastructure.
Large-scale online investment fraud operates through networks of online advertising, social media manipulation, call centres, fake trading platforms, shell companies, payment service providers, acquiring banks, bank accounts, crypto ramps, nominee structures and international money flows. Victims are not merely deceived by a website. They are drawn into a professional fraud architecture.
This is not random fraud. It is a highly industrialised professional fraud and extraction system.
For Europe, the decisive question is therefore no longer only how consumers can better protect themselves. The real question is how regulators, legislators and industry can urgently and effectively interrupt a highly professionalised fraud infrastructure that has evolved over years, operates across regulated and digital channels, and now enables fraud at industrial scale.
The Problem Is Fragmentation
Modern financial crime exploits fragmentation. Banks see individual transactions. Payment service providers see individual merchants. Platforms see individual advertisements. Crypto providers see individual wallets. Telecommunications providers see parts of the communication layer. Regulators see individual licensed entities. Law enforcement often sees individual complaints.
The fraud system operates across all of them.
A single payment may look ordinary. A single merchant may appear formally documented. A single advertisement may be one of thousands. A single complaint may look like an isolated consumer loss. But when these fragments are connected, a different picture emerges: repeated brands, repeated payment channels, repeated complaints, repeated chargebacks, repeated merchant structures, repeated beneficiary accounts and repeated movement of funds.
The problem is not only lack of information. It is lack of aggregation, lack of timely intervention and lack of consequences.
Information Sharing Is Now Officially on the Agenda
Both the United States and the European Union now recognise that it is not possible to fight networked fraud through isolated monitoring alone.
In the United States, FinCEN’s updated Section 314(b) Fact Sheet of 12 June 2026 promotes greater information sharing between financial institutions to identify fraud, money laundering, terrorist financing, narcotics trafficking, sanctions evasion and other criminal activity. Section 314(b) provides a liability safe harbor for voluntary information sharing where institutions suspect activity may involve money laundering or terrorist financing, including fraud as a possible predicate offence. FinCEN also recognises real-time sharing and the need to detect repeat actors moving across institutions.
The latest EU Payment Services Regulation compromise text follows the same logic. Article 83a introduces fraud information sharing between payment service providers. Payment service providers are required to participate in information-sharing arrangements and exchange fraud-related data where there are objectively justified reasons to suspect fraudulent behaviour.
The EU approach is in some respects stronger because it is framed as a duty for payment service providers, not merely as a voluntary safe-harbor mechanism. But it is also heavily limited by data protection safeguards, purpose limitations, retention limits and protections against unjustified de-risking.
Both systems therefore point in the same direction: more information sharing, better network intelligence and stronger cooperation.
But this is only the beginning of the answer.
Information Sharing Is Necessary — But It will not be Enough
The central weakness of the current policy debate is that information sharing is often treated as if it were the solution itself. It is not. Information sharing is only useful if it leads to intervention.
In many large-scale online investment fraud cases, the relevant information already exists somewhere. Complaints exist. Chargebacks exist. Suspicious transaction patterns exist. Fraudulent merchants exist. Shell companies exist. Domains, phone numbers, wallets, advertising campaigns and beneficiary accounts exist.
The failure is often not the absence of signals. The failure is the absence of consequences.
This is where EFRI’s position goes beyond the current regulatory trend. The United States promotes information sharing through Section 314(b). The European Union proposes fraud information sharing under the PSR. Both are necessary. But neither is sufficient if institutions remain free to continue processing payments, maintaining accounts, servicing merchants, hosting fraudulent advertisements or enabling crypto conversion after repeated warning signs have become visible.
If banks, payment service providers, platforms, telecom operators and crypto ramps exchange information but do not interrupt the infrastructure, the fraud system remains intact.
The decisive question is therefore not only whether institutions share information. The decisive question is what they are legally required to do once the pattern is visible.
Fraud Moves Faster Than Criminal Enforcement
EFRI’s experience in cross-border online investment fraud cases shows why this matters. Law enforcement remains structurally slower than the fraud industry. This is not a criticism of individual prosecutors or investigators. Many work under difficult conditions and with limited resources. The problem is systemic.
Fraud networks move money within EU countries in minutes. They change domains, brands, merchants, bank accounts and wallets in days. Mutual legal assistance and cross-border evidence gathering still take months even between EU countries.
In one documented Payvision-related case, a European Investigation Order issued by a Munich prosecutor in December 2017 in a fraud investigation concerning option888 led to a Dutch production order against Payvision only months later. The investigation concerned credit card payments of a German cardholder to option888. Payvision ultimately responded through its legal department and identified the relevant merchant, website, MID and MCC in July 2018 around seven months later.
Formal cross-border channels may eventually produce evidence, but they are far too slow to interrupt a live fraud infrastructure. From EFRI’s daily work with prosecutors and victims, this is not unusual. It is the normal delay of European criminal enforcement in digital financial crime.
That is why the decisive lever must move earlier: to the industries that control the infrastructure while the fraud is still running.
Infrastructure Providers Cannot Remain Passive
Banks, payment service providers, acquiring banks, card schemes, crypto on- and off-ramps, advertising platforms, telecommunications providers and technical service providers cannot hide behind the role of neutral intermediaries when repeated fraud patterns become visible.
Where they have data and they have the knowledge, they must not look away. Where they see patterns, they must not remain silent. Where they can stop payments, terminate merchants, block fraudulent advertising, freeze wallets or prevent repeat abuse, they must act.
This is not an anti-innovation argument. It is a trust argument. Digital finance, online payments, crypto access points, digital identity and digital capital markets all depend on trust. If consumers experience that fraudsters can operate for years through real bank accounts, payment processors, platforms and apparently regulated structures, they lose trust not only in one provider. They lose trust in the digital economy itself.
From Transaction Monitoring to Relationship Monitoring
The regulatory model must move from transaction monitoring to relationship monitoring.
It is no longer enough to look only at individual transfers, accounts or merchants. Institutions must analyse recurring patterns and relationships between merchants, payment flows, brands, platforms, wallets, shell companies and beneficiaries.
Modern fraud is rarely visible at the level of one transaction. It becomes visible through repetition and connection: the same brands under new corporate shells, the same payment channels serving different fraudulent platforms, the same merchant types generating complaints and chargebacks, the same structures moving funds to offshore entities, crypto wallets or money mules.
Information sharing can help reveal these relationships. But once the relationship is visible, the system must not stop at awareness. It must move to disruption.
Shared Liability and a Duty to Disrupt
EFRI calls this shared liability.
Responsibility must arise along the fraud chain, not only at the final fraudster and not only at the victim. It must arise where real control exists. Those who profit from financial and digital infrastructure must bear responsibility when that infrastructure is repeatedly used for fraud and warning signs are visible.
This does not mean that every bank or payment provider is automatically liable for every scam. It means something more precise: when professional infrastructure providers can detect repeated abuse and have the power to intervene, they must not be allowed to remain passive.
Europe therefore does not only need more information about fraud. It needs earlier interruption of fraud: payment freezes where fraud indicators are strong, termination of repeatedly abused merchants, removal of fraudulent advertising, blocking of mule accounts, effective cooperation with crypto ramps and firm responsibility and liability where infrastructure providers ignore visible, repeated patterns of abuse.
Fraud information sharing can help. Public-private cooperation can help. The U.S. Section 314(b) model can offer useful inspiration because it recognises real-time sharing, layered financial trails and repeat actors moving across institutions. But none of this will be sufficient if it does not create enforceable duties to disrupt the underlying infrastructure.
The next regulatory step must therefore be a duty to disrupt. Institutions that have the data, the professional capacity and the technical ability to intervene must not be allowed to remain observers while fraud systems continue to operate.
The financial industry must move beyond exchanging warnings. It must freeze suspicious flows, disrupt abusive payment channels, identify high-risk payment-rail participants and take effective action against those that repeatedly enable fraud to scale.
The Task Is to Destroy the Infrastructure of Fraud
Cybercrime is organised asset extraction by digital means.
And if fraud is organised industrially, consumer protection cannot remain artisanal.
The task is not merely to teach consumers to be more careful. The task is to destroy the infrastructure of fraud.
The real test is whether the financial and digital industries are willing to identify the next Payvisions and Wirecards before victims, prosecutors or journalists have to do it for them
Fraud infrastructure does not survive in a vacuum. It survives because banks, payment providers, acquirers, platforms, telecom operators, crypto ramps, auditors, lawyers and compliance functions continue to treat repeated warning signs as isolated incidents.
There are more companies like Payvision and Wirecard in the system. The question is not whether the industry can see them. The question is whether it is willing to remove them.
A fraud signal that is merely shared, stored or discussed does not protect a victim. A warning that does not trigger action is not prevention. A pattern that is recognised but not interrupted becomes part of the problem. Payvision and Wirecard illustrate that problematic financial-infrastructure providers can remain embedded for years in apparently legitimate ecosystems despite repeated warning signs.
The next step must therefore be responsibility: clear intervention duties, active infrastructure cleanup and shared liability across the fraud chain. The industry must clean its own ecosystem. It must identify, isolate and remove the rotten infrastructure providers that make industrial-scale fraud possible.
Without that shift, Europe and the United States will build better systems for describing fraud after the money has gone. They will exchange more intelligence about networks that have already changed names, moved accounts, replaced merchants and opened new wallets
That is not disruption. That is institutionalised hindsight.
If digital finance wants public trust, it must prove that its infrastructure cannot be used for industrial-scale asset extraction with impunity.
Without enforceable duties to act, information sharing will remain too slow, too soft and too comfortable for the very institutions that hold the power to stop the fraud earlier.
Without trust, there will be no sustainable digital financial economy.
And it is urgent, so get started!
