FIs Combating Romance Scams - The Good, the Bad and the Ugly

Image

In October 2025, the UK’s Financial Conduct Authority (FCA) released a report on how banks and payment firms are dealing with romance scams.  This 10-page report is packed with information for any financial institution around the world to assess how they might perform in such an audit. 

The Financial Times highlighted that “The UK’s financial watchdog has warned that banks are failing to prevent a growing threat of romance scams, with cases rising by almost 10 per cent last year. The Financial Conduct Authority said on Friday that it had identified multiple instances where banks and payments companies had missed opportunities to identify suspicious transactions.”

The FT added more concern by saying Lloyds Bank recently “warned of a 52 per cent rise in romance scams over the past year for that age group (over age 55), compared with the previous year.”  This is the age group that losses the most amount of money in Authorized Push Payment scams.

The Report Methodology

  • The FCA reviewed six bank and payment firms. Some were well established and some were new.

  • The FCA reviewed 60 confirmed fraud cases. Cases where there was no scam loss were not included  in this study.

  • 85% of these cases originated from online platforms.

The Challenges the FCA Acknowledges

  • The victims are well groomed (over weeks and months) in the romance scam before the victim ever starts the first financial transaction.

  • The fraudsters have a high-level working knowledge of the banking sector and how to circumvent the fraud controls.

  • There will be a number of romance scam cases the bank staff will not be effective in stopping the money transfers.

  • Fraudsters may get the victims to start with low-value payments to ‘reinforce trust and avoid detection”.

  • In nearly half of the cases reviewed, victims did not disclose the true purpose of the payment.  

  • In some cases, the fraudster and the victim had met in person.

  • In 15% of the cases, customers had previously been victims of fraud while banking with the same firm.

What the FCA Found

The FCA found that a number of firms were really doing a good job of detecting and blocking romance scam transactions.  This demonstrated “that meaningful, tailored care is not only achievable but can play a vital role in reducing harm.” 

Examples of good practices are:

  • “Firms’ detection systems had adequately deferred high-risk payments for manual intervention, required customers to interact with a staff member before the payment instruction was confirmed.”

  • “Use of various data points to improve their ability to detect suspicious transactions, such as previously being a victim of fraud, attempted payments to a high-risk beneficiary and funds being received from a loan provider and then promptly sent to money transfer services.”

  • Information sharing between sending and receiving bank.

  • Effective staff training on dealing with scams.

  • Establishment of specialist scam teams to interact with customers/victims.

  • Use of the Banking Protocol, where the bank staff can bring local police to the branch to talk with the customer.  This is a good control, but the FCA noted that firms reported “that the Protocol is not always effective when the customer remains under the fraudster’s influence and police intervention does not break it.”

  • Compassionate aftercare.

  • Meaningful efforts to help customers recognize and avoid fraud, using interactive education online, and using real life examples to highlight the risks of online relationships.

But, the FCA also found significant issues with a number of these firms.  This is an important finding because the UK has the strongest prevention regulations around consumer scams of any country in the world.  And if there are problems protecting consumers in the UK, then just think about how many financial institutions around the world might have deficiencies in detecting and preventing consumer financial scams.

This FCA report is just about romance scams, but think about investment scams/pig butchering (maybe larger than romance scams), impersonation scams and the other types of consumer scams.

So, what were the weaknesses the FCA detected?

  • A firm failed to detect” 6 high-value payments totaling  over £131,000 sent to overseas jurisdictions.”  There was no prior history of such transactions.

  • Over a one-year period, one “victim made 403 payments totaling £72,000.”

  • Victims opened new accounts, transferred money from their existing account to the new accounts and immediately dispersed the funds.  The receiving bank failed to notice this activity.

  • In some cases, investigators did not account for transactions made via methods other than Faster Payments, such as cash withdrawal, card transactions and gift card purchases.  This is key because the regulations focus on Faster Payments and not these other transaction methods.  Some of these firms appear focused on the regulations, not the problem.  Obviously, the fraudsters have figured out these gaps and move some of the victims to the non-monitored alternative transaction methods.  The FCA said: “Without capturing and analyzing the full spectrum of payment activity, they lacked a holistic view of romance fraud. This can limit the ability to detect emerging trends and shifts in fraudster tactics.”

  • A victim told staff they wanted to send money via cryptocurrency payments to Iraq.  The staff saw screenshots of conversations and other clear indications of a romance scam but still approved the transactions.

  • Many firms were not aware of customer vulnerabilities, but effective staff training can sometimes help staff identify these vulnerabilities.

Summary

The FCA gave credit to those institutions that are doing a good job in preventing romance scam losses.  But it also highlighted significant inconsistencies in how a number of firms deal with helping to stop romance scam losses.

This report highlights the importance of both detection and interdiction.  Even with the best anomaly detection, if the firm does not have excellent trained staff in the psychology of scams, the ability of the staff to convince the customer to cancel the transaction will be limited.

Michelle Hilscher, a PhD in psychology and a behavioral economist at the Deloitte Toronto office reminds us that staff training must be on-going as “finding the best approach for each customer interactions will take trial and error, just like how the scammer worked to master the best grooming pitch.”

The report also highlighted the need to address all payment transfer types—bank to bank, international, cash, crypto—when developing scam controls.

Another important point to bring up is the involvement of scam victims and their advocacy groups, such as AARP in the US and LoveSaid in the UK.  This can be an excellent way to help focus staff training on being effective in helping to convince the customer they are involved in a scam.

In a recent situation in the US, the apparent lack of victim advocacy involvement occurred.  The American Bankers Association put out a romance scam education ad that was panned by victim advocates.  So, money spent for education missed the mark.

To all FIs—take the time to read this FCA report in detail.  It is only 10 pages, but it is filled with a wealth of information.  Assess your firm and see how you think you might have scored in preventing romance scam losses.

About Ken Palla

Since 2005, Ken Palla has been in Online Security.  He was a Director at MUFG Union Bank, retiring in early 2019.  At MUFG Union Bank he managed the online security for both commercial and retail customers.  Ken was an advisor to the RSA eFraud Global Forum and a Program Committee member for the annual San Francisco RSA Conference. 

In 2019, he received the Legends of Fraud Award.  He has published many white papers—on the need to focus on online customer safety, on online authentication and on how to select a multi-factor authentication solution. 

Most recently, he has been writing about consumer financial scams and how around the world financial institutions are adding scam controls and sometimes providing reimbursement.  He is currently consulting to banks and to online security vendors and is a member of The Knoble Scam Committee.

Connect with Ken Palla on LinkedIn
Nov 3, 2025
9 minute read
Category
Best Practices Topic - Fraud Prevention Scam Trends Topic - Fraud Research Topic - Scam Detection Industry - Financial Authorities
Written by
Global Anti-Scam Alliance (GASA)
Global Anti-Scam Alliance (GASA)
Share article

Latest blogs & research

Romance scams continue to grow worldwide, exploiting trust, emotional vulnerability, and online relationships to manipulate victims into financial and emotional harm. Timed around Brazil’s Valentine’s Day period, the latest GASA meet-up, Golpes do Amor — Como eles acontecem e como se proteger, explored how these scams operate, why they are so effective, and how individuals can better recognise warning signs before becoming victims. Hosted by the Brazil Chapter of the Global Anti-Scam Alliance (GASA), the discussion highlighted findings from O Estado dos Golpes no Brasil. According to the report, romance scams have already affected 18 per cent of surveyed Brazilian adults, while 6 per cent of victims reported falling for this type of scam more than once. Beyond financial losses, speakers emphasised the severe emotional consequences victims often experience, including shame, trauma, and loss of trust. Read the Report – O Estado dos Golpes no Brasil Speakers: Rose Leonel, Journalist and Founder – ONG Marias da Internet Tanila Savoy, Founder – Associação Nacional de Vítimas da Internet (ANVINT) Lisandréa Salvariego Colabuono, Police Chief and Coordinator – NOAD, Polícia Civil de São Paulo Renata Salvini, Brazil Chapter Director – Global Anti-Scam Alliance A major focus of the discussion was the manipulation techniques commonly used in romance scams. Speakers explained how scammers frequently create convincing identities, often pretending to be foreigners, military personnel, or individuals living abroad, while avoiding in-person meetings and building emotional dependency over time. Urgency and financial pressure were highlighted as major warning signs, particularly when victims are pushed to act quickly or send money under emotional circumstances. The webinar also explored the lasting psychological impact of these crimes and reinforced that victims should never be blamed. Rose Leonel shared her personal story of transforming trauma into advocacy after becoming a victim of non-consensual intimate image sharing, an experience that ultimately contributed to the creation of the Rose Leonel Law in Brazil. Speakers stressed the importance of reporting scams, noting that even small details can assist investigations and help prevent future victims. The conversation reinforced the need for greater public awareness, victim support, and collaboration between civil society, law enforcement, and digital platforms to address emotionally manipulative fraud more effectively. Through initiatives like this meet-up, GASA continues working with experts and organisations worldwide to strengthen scam prevention and support victims of online fraud. Watch the full discussion below to learn how individuals and organisations can better recognise and respond to romance scams.

Romance Scams in Brazil: Warning Signs and Prevention

Experts from Brazil discuss how romance scams work, their emotional impact, and how victims can protect themselves online.

Topic - Scam Awareness Video Event - GASA Meet-Ups Industry - Law Enforcement
Acción coordinada. Impacto real. México lidera el cambio

De Viena a la Acción: GASA México y UNODC México Cierran Brechas Operativas

GASA México y UNODC México formalizan un Acuerdo de Intercambio de Comunicaciones, convirtiendo los compromisos globales de Viena en acción coordinada contra el fraude.

News Topic - Fraud Policy Industry - Policy Makers Region - Latin America
un global fraud summit what comes next discussions

What the UN Global Fraud Summit Discussions Tell Us About What Comes Next

Watch expert discussions from the UN Global Fraud Summit on the industrialisation of fraud, global collaboration, public–private frameworks, and next steps for implementation.

Best Practices Industry - National Cyber Security Centers (NCSCs) Region - Europe Region - Global
gasa webinar

Game Over for Scammers: Regional Defenses Against Online Gambling–Related Scams

Experts from INTERPOL, ACMA, and DGOJ examine how gambling-related scams operate and how global enforcement is responding.

Region - Europe Video Topic - Fraud Policy Event - GASA Meet-Ups
22,000 Fraud Signals Bank Attack Trends – March 2026

What 22,000 Fraud & Cyber Crime Operator Signals Reveal About the State of Bank Attacks

Falkin's analysis of 22,661 fraud operator signals shows how bank attacks are evolving across regions, typologies, and AI-driven scam infrastructure.

Research Region - Global Scam Trends Topic - Fraud Research
Microsoft White Paper on Link Analysis and Digital Fingerprinting in Fraud Detection

Reinventing Fraud Detection Through Digital Fingerprinting and Link Analysis

A Microsoft white paper examines how digital fingerprinting and link analysis shift fraud detection from isolated events to connected, network-level intelligence.

Research Topic - Fraud Prevention Region - Global Topic - Scam Detection
gasa meet-up

On the Frontlines: Fighting AI-Powered Scams & Fraud

Experts from Microsoft, OpenAI, Google and C4ADS share how AI is shaping scams and how to fight back.

Topic - Fraud Prevention Region - Global Video Topic - Scam Detection

Telecoms on the Front Line: GASA at the Stimson Center Dialogue on Combating Scams

According to GASA’s Global State of Scams Report, telecommunications channels—voice and SMS in particular—remain a predominant “front door” for scams.

News Topic - Fraud Policy Region - North America Industry - Policy Makers