Hello Fraud Fighters!
This week, Wise finds itself at the center of a half-billion-euro money laundering investigation and the story is a cautionary tale in what happens when low-friction fintech scale meets AML sandpaper. We also have the FBI's latest damage report ($21 billion, since you asked), a 14-year sentence for the celebrity-backed green neobank that turned out to be neither green nor clean, and the uncomfortable discovery that after all the AI fraud-detection investment, a bank teller in Scarsdale is still catching scams that the algorithms missed.
Let's get into it.
Big Story: Wise's Half-Billion-Euro Problem
It would appear that fintech poster child, Wise, may have been involved in some activities that were rather unwise.
On June 1st, the Bureau of Investigative Journalism revealed that Belgium's prosecutors opened a criminal investigation into Wise Europe last year after the company's accounts appeared in hundreds of cross-border judicial assistance requests from law enforcement agencies across more than 30 European countries. The transactions under review exceed €500 million and are linked to suspected fraud, corruption, and drug trafficking proceeds. The Brussels prosecutor's office confirmed the investigation is at an advanced stage and nearing its conclusion, with a direct summons to criminal court (the Belgian equivalent of formal charges) being prepared. Wise confirmed the probe in a market statement to the London Stock Exchange and shares fell as much as 20% on the day.
This is not the first time Wise's AML controls have attracted official displeasure. The National Bank of Belgium identified documentation failures as far back as 2021, ordering a remediation program after finding Wise lacked proof of address for hundreds of thousands of customers. In July 2025, US state regulators fined the company $4.2 million for Bank Secrecy Act and AML violations. And the CFPB separately took action over deceptive ATM fee marketing and failures to file SARs on time.
Wise is an extraordinarily efficient machine for moving money across borders at low cost with minimal friction. However that efficiency makes it a target for nefarious individuals moving criminal proceeds across borders at low cost with minimal friction and frankly, every major cross-border payments operator faces this tension.
The case also shines a light on the regulatory geography problem in European fintech. Wise Europe is regulated out of Belgium but serves customers across the EU. The UK's FCA (which oversees Wise's 3 million British users) declined to comment when TBIJ asked whether it was providing assistance to Belgian investigators. The fragmented oversight structure means a single problematic entity can accumulate enforcement actions across multiple jurisdictions before any one regulator has the full picture.
For compliance and AML teams at cross-border payment fintechs, this case is a stress test in plain sight. Transaction monitoring that works adequately at one level of volume may be materially insufficient at ten times that volume. SAR filing obligations don't have a grace period for fast-growing companies. And "we cooperated with every request" is not the same as "we had controls capable of catching this before the requests arrived."
Quick Hit #1: The FBI's $21 Billion Damage Report
The FBI's 2025 Internet Crime Complaint Center annual report recorded $20.9 billion in cybercrime losses last year, a 26% increase over 2024's $16.6 billion and the first year in the IC3's 25-year history that complaints exceeded one million. Investment fraud led all categories at $8.6 billion; BEC was second at $3 billion; tech support scams came in third at $2.1 billion. The over-60 cohort suffered $7.7 billion in losses (up 37% year-over-year) remaining the most targeted demographic by a significant margin.
For the first time, the FBI tracked AI-enabled cybercrime as a distinct reporting category: 22,000+ complaints, and nearly $900 million in directly attributed losses. That $900 million figure almost certainly understates the real number substantially since it captures only cases where victims or investigators specifically flagged AI involvement. Given that investment scams, BEC, and tech support fraud all routinely use AI tooling now, the true AI-attributable share of the $21 billion is almost certainly a multiple of what's reported.
One more observation: the $21 billion figure represents a near-five-fold increase in half a decade. Yikes!
Quick Hit #2: Aspiration's Co-Founder Gets 14 Years
Joseph Sanberg, 46, co-founder of celebrity-backed green neobank Aspiration, was sentenced on June 2nd to 168 months in federal prison for wire fraud causing at least $248 million in losses to investors and lenders. The DOJ's Central District of California laid out a scheme running from 2020 to 2025: falsified brokerage statements to fraudulently secure $145 million in loans, sham customers generating fake revenue to inflate investor metrics, and concealed conflicts of interest.
Judge Wilson, who called the circumstances "among the worst I've ever seen" and said the case had "touched almost every badge of fraud," rejected defense arguments that Sanberg's anti-poverty work and good intentions warranted leniency. Backers who were defrauded include Steve Ballmer, who lost his entire $60 million investment and wrote to the court asking for a sentence that would deter future fraudsters, along with Leonardo DiCaprio and Drake.
Quick Hit #3: The Teller Saw It Coming
The New York Times reported this weekend that America's bank tellers are increasingly functioning as front-line fraud investigators, a direct consequence of cybercrime losses that have grown five-fold since 2020, per the FBI data above. JPMorgan Chase has responded by hiring behavioral scientist Elizabeth Huppert to train branch staff and call center agents in the emotional and psychological mechanics of scams. The illustrative example from the piece: a Chase teller in Scarsdale intervened when an 81-year-old customer was being walked through opening a "protective" new account by someone on the phone impersonating a bank official.
That detail is worth noting: after years of investment in AI-driven fraud detection, anomaly scoring, and real-time transaction monitoring, a social engineering attack on a vulnerable customer was caught by a human being who noticed something felt wrong. JPMorgan has also introduced a feature allowing customers to designate a trusted contact to be notified when suspicious transactions are flagged, a direct response to the psychological profile of elder financial abuse, where victims are often reluctant to act on their own. The operator takeaway is not that technology doesn't work. It's that the fraud types driving the most losses (investment scams, tech support fraud, impersonation) are fundamentally social attacks. And social attacks, at the moment of execution, still often require a human defense.
Quick Hit #4: Google's Android Takes On Deepfake Calls
Google launched fake call detection for Android on June 2nd: an RCS-backed device handshake that flags suspected spoofed calls impersonating saved contacts. The mechanism: when a call arrives, the caller's device sends a real-time encrypted confirmation signal over RCS. If the signal is absent (meaning someone is spoofing the number) the recipient's screen displays an immediate warning to hang up. Enabled by default on Android 12+ devices running Phone by Google, rolling out globally starting with Pixel. Google has designed it on open RCS standards so other manufacturers and app developers can adopt the same verification layer.
This builds on Google's earlier verified financial calls feature, which cross-checks incoming calls against installed banking apps and can automatically terminate connections that fail verification. INTERPOL's March 2026 threat assessment cited impersonation fraud as a leading driver of over $400 billion in global losses. The FTC separately put US impersonation scam losses at $2.95 billion in 2024 alone. The feature doesn't solve the problem — it requires both parties to be on Android running Phone by Google, which is a meaningful constraint — but it's the first serious infrastructure-level attempt to address number spoofing at the device layer rather than the network or call-centre layer.
Quick Hit #5: Agentic Commerce Is Here. So Is Agentic Fraud.
Ravelin's Agentic Commerce and Fraud Report 2026, based on a survey of more than 1,500 merchants, found that 44% of enterprise merchants have already integrated agentic commerce protocols, with another 32% planning to within six months. Just 6% have no plans to adopt. The technology (autonomous AI agents that research, compare, and purchase on behalf of consumers) is moving from novelty to operational reality faster than most fraud teams are ready for.
The fraud vectors Ravelin identifies are a preview of where the next arms race is headed. Agent hijacking: a malicious actor intercepts or manipulates a legitimate shopping agent mid-task. Impersonation: fraudulent agents posing as legitimate ones to harvest payment credentials from merchants and consumers alike. Automated credential abuse: bad actors deploying their own agents to execute fraudulent transactions at volume, bypassing the behavioral signals that traditional fraud systems were built to detect.
The liability question has no clean answer yet. If an AI agent completes a purchase using stolen credentials, responsibility is genuinely unclear between the merchant, the AI provider, and the protocol developer. The old fraud detection playbook was built to identify suspicious human behavior. It has no reliable answer for suspicious agent behavior, and the fraudsters (of course) got there first.
This Week in Fraud is a publication for fintech operators, fraud teams, and risk professionals. Have a tip or story? Drop Nick Holland a note at [email protected]
