The fight against payment fraud has historically relied on detection. Transaction monitoring, behavioral analytics, and increasingly sophisticated models all share the same goal: catch the fraudulent payment before it leaves the account. This approach sounds right, and detection has improved enormously over the past decade.
But it has quietly produced a damaging assumption. When a payment does slip through, and some always will, the prevailing belief is that the money is gone and the case is closed. The victim approved the transfer, the funds left the account, and everyone moves on.
That assumption is wrong. And it is the reason a large amount of recoverable money is never recovered.
The Blind Spot in a Detection-First World
Detection is necessary, but it is not the whole picture. By focusing almost entirely on stopping a payment at the moment it is made, the industry has neglected the question of what happens in the minutes and hours after a fraudulent payment goes through.
This is not a hypothetical gap. Fraud takes many forms, phishing, smishing, investment scams, and they have one thing in common: the victim usually realizes what happened very quickly. Within minutes, they call their bank and ask for it to be stopped. At that moment, the detection systems have already done their job, or failed to. The relevant question is no longer “can we detect this?” but “can we still do something about it?”
For most institutions, there is no real answer to that second question. And that is the blind spot.
Following the Money
The good news is hidden in how the money actually moves. A fraudulent payment rarely lands directly in a criminal’s pocket. It travels through a chain of regulated institutions, banks, payment service providers, e-money institutions, and crypto-asset service providers (CASPs). Every one of these is a regulated entity with its own controls.
That structure is an opportunity. Each link in the chain has the ability to act. A receiving institution may have flagged the account holder as high risk. It may hold or delay a payment pending review. The money does not always pass through instantly and invisibly.
In other words, for a short period after the fraud, the money is still sitting inside the regulated system. And as long as it is inside that system, it is reachable.
A Closing Window
This window does not stay open. At some point the funds reach a CASP, are converted into crypto, and leave for a wallet or a service outside the regulated perimeter. Once that happens, recovery becomes extremely difficult and usually impossible.
So the entire problem reduces to a single question of speed: can the institutions in the chain act before the window closes? Everything depends on the answer.
The State of the Art Is an Email
Here is how that question is answered today. When a bank wants to stop a fraudulent payment further down the chain, it identifies the receiving institution, and if it has the correct contact details, it sends an email. Then it waits, and hopes that someone on the other side opens it in time to act.
That is the current state of the art for stopping fraud between institutions. An email, sent into an inbox, read whenever it happens to be read.
The weakness is self-evident once it is named. Fraud moves in minutes; email does not. Based on Reqport’s data, roughly 30% of these fraud-response messages in Sweden are sent outside working hours, in the evenings, overnight, and on weekends, precisely when no one is watching the inbox. A manual process that depends on a human being at their desk is structurally incapable of keeping pace with fraud that is designed to move fast.
The Missing Link
The fix is not conceptually complicated. The communication between institutions in the chain should be instant and structured, rather than manual and email-based.
If a message from one institution to another can be acted on automatically, pausing a transaction for review the moment it arrives, then confirmed fraud can be stopped in real time, and the money returned to the victim instead of vanishing into an unregulated wallet.
This is the missing link. The breakthrough the industry is looking for is not yet another layer of detection. It is a faster, automated way for the institutions that already detect fraud to communicate and act on what they find.
No New Rulebook Required
The natural objection is regulatory. Data sharing in financial crime is the subject of large initiatives and long debates, much of it centered on the legal changes that broader sharing would require.
This case, however, is far narrower, and it is already permitted. When an institution is part of a transaction chain, it is allowed to share the transaction information needed to act on that specific transaction. This is not a new category of data sharing demanding a new legal framework. It is the information directly tied to a payment that the institutions involved are already handling together.
The implication is significant: this does not need to wait for new regulation. The legal basis already exists.
A Better Way Forward
Detection will keep improving, and it should. But the next meaningful reduction in fraud losses will not come from catching slightly more payments at the moment they are made. It will come from closing the gap that opens immediately afterward, the gap between an institution realizing a payment is fraudulent and the next institution in the chain being able to do anything about it.
The money is recoverable for longer than most people assume. The legal basis to act already exists. What has been missing is the connection that lets institutions act together, instantly. Building that connection is the most direct path to stopping fraud that has already slipped past detection, and to getting victims their money back.