If you've ever tried to justify scam prevention investments to your executive team, you know how quickly the conversation shifts: “But how much is this really costing us?”

That’s exactly the problem.

Unlike unauthorized fraud, where financial losses are tracked, reimbursed, and clearly visible, authorized push payment (APP) scams live in a gray zone. Customers initiate the payments – often under manipulation – so there’s no clear fraud loss on the books. And in most regions, banks aren't required to reimburse.

No reimbursement. No line item. No urgency.

But we know the true impact runs much deeper. Scam losses are underreported, underestimated, and under-classified. Operational costs balloon. Customer trust evaporates. Attrition quietly chips away at long-term revenue. And still, most banks struggle to model this impact in a way that drives budget decisions and strategic investment.

An initiative takes shape

Late last year, I was having a conversation with The Knoble about launching a new initiative: a best practices guide for implementing scam controls. Every bank knows scams are a problem—and most genuinely want to do more. But many simply don’t know where to start.

That’s where we began.

We brought together a working group of fraud leaders from across the financial industry to identify the most effective scam controls—what works, what doesn’t, and where banks should focus. But as the conversations progressed, a new theme kept surfacing:

“It doesn’t matter how good the controls are if you can’t get the budget or buy-in to implement them.”

That insight changed everything.

This initiative didn’t start out as a business case, but that’s where it ended up. The real barrier isn’t just technical – it is strategic. So, we shifted direction. Instead of publishing another list of recommendations, we focused on solving the bigger problem: how to quantify the impact of scams and build a compelling business case for investment.

The result is this guide, Measuring the Impact of Authorized Push Payment Scams: A Practical Framework for Financial Institutions, along with its companion cost calculator. These resources, created by practitioners for practitioners, are designed to give fraud and risk teams the tools they need to build a business case, secure investment, and strengthen scam prevention efforts. Only then can we start having the right conversations about scam strategy and controls.

What I learned along the way

As a non-practitioner, I had the privilege of listening to candid conversations between fraud professionals who live this challenge every day. Here are three things that stuck with me:

1. Fraud teams care deeply about protecting people.
   What stood out most was the passion and sense of mission shared by fraud professionals. These are people working to solve incredibly complex problems—not just to stop losses, but to protect human beings from serious financial and emotional harm.
2. Banks are doing more than they’re given credit for.
   Despite what we see in the headlines, many banks are making meaningful investments in scam awareness and prevention programs. But because the media tends to focus on what went wrong, that work often goes unnoticed.
3. Regulators are paying closer attention to customer education.
   More and more, banks are being asked not just how they prevent fraud but how they educate and empower customers to avoid scams in the first place. It’s becoming a key expectation, not just a nice-to-have.
   
   

Final thoughts: The need to change the conversation

One of my biggest takeaways from this initiative is how narrow the public conversation around scams often is. We usually only hear the heartbreaking stories—someone losing their life savings to a romance scam or being tricked into sending money to a fake investment scheme.

But what we don’t hear are the efforts happening behind the scenes to stop it.

In Australia, for example, some banks have taken bold steps to publicly share what they’re doing to protect customers from scams. I wish more banks around the world would follow that lead. But I also understand the hesitation. Talking openly about fraud can carry real reputational risk. No one wants to trigger panic, overload call centers, or imply their institution is vulnerable.
Still, this silence creates a problem. It makes it harder for fraud teams to get internal visibility and funding. If we can’t talk about scams publicly, it becomes even harder to talk about them strategically within the organization.