Hello Fraud Fighters!

Welcome back to This Week in Fraud, Newsletter #2 (Electric Boogaloo). This week, the UK finally admitted its fraud reporting system was broken and built something that might actually work. Meanwhile, a Forbes 30 Under 30 CEO got charged with fraud, Fiserv got sued (again) for selling insecure banking platforms, and AI-generated pay stubs are now easier to make than real ones.

Let's get started...

Nick

Big Story: The UK fraud tsunami

The UK is being ravaged by fraud. As a Brit, I can testify that there's always been a fraud problem, but things have gone a bit "pear-shaped", as we say. 

UK Finance reported that consumers lost £629 million to fraud in the first half of 2025 alone—a 3% increase year-over-year across 2.1 million cases. Fraud now accounts for roughly half of all recorded crime in the country. Investment fraud is up 55%. Romance fraud is up 35%. Every single minute in H1 2025, £2,300 was confirmed stolen, and another £5,590 in attempted fraud was blocked. Relentless. 

Romance scams: the 95-day con

In other UK fraud news, TSB Bank released its annual romance fraud report this week, and the stats are brutal — the average victim makes 11 payments and loses £7,500 over 95 days. 58% of these scams start on social media platforms, with Facebook alone accounting for 30% of the study’s total romance fraud cases, while dating apps represent only 42%. 

One in five cases involved blackmail, and the methods are evolving. Scammers claim they're living abroad (43% of cases), impersonate celebrities (29%), or pose as military personnel (18%). The alibis explain absence while the emotional hooks such as financial hardship, travel funds to finally meet,and medical emergencies create urgency. 

The saddest part… over-55s account for 58% of cases, with 65-74-year-olds the most targeted demographic at 23%. It’s shameless and despicable exploitation of loneliness and trust, but it works. And, in an era of deepfakes indistinguishable from reality, this won’t stop. 

Britannia bites back

SO what’s being done to stem the fraud? Actually, the UK has revamped its legacy fraud reporting system, Action Fraud, which was, frankly, a failure. Victims reported crimes and heard nothing, investigations didn't happen, and cases went nowhere. It had been broken for years, and everyone in financial services knew it.

In response, this week the City of London Police launched Report Fraud—a unified national platform that replaces Action Fraud entirely. For the first time, fraud and cybercrime reporting are combined in one place (amazing to think they weren’t before). Cases get triaged, flagged for specialist investigation, and shared across police forces. The City of London Corporation funded £13 million for development and committed £2.5 million annually for operations.

Commissioner Pete O'Doherty framed it cleanly: fraud and cyber are now the most common crimes in the UK, accounting for around 50% of all offenses and costing billions annually. Report Fraud is the first real attempt to build a national infrastructure that matches the scale of the problem rather than a Band-Aid (Elastoplast for our UK readers).

Separately, the Financial Conduct Authority (FCA) staged an event at Waterloo station this week. They installed a fake ATM during rush hour that promised to "give away a fortune." When commuters walked up, a seal popped out of the screen—Emil the Seal, the FCA's mascot—and told them to check if financial firms are real before investing.

It sounds goofy. But the number behind it is serious: around 700,000 people in the UK lose money to investment scams. The stunt launched the FCA's new Firm Checker tool, designed to help consumers verify whether a financial firm is genuine and authorized. The lesson: if the deal looks urgent, exclusive, or too good to miss—stop, check, then decide.

Quick Hit #1: Cornerstone says fraud is now a balance-sheet issue

Cornerstone Advisors published their annual What's Going On in Banking study this week. It’s an eye-opening report—based on a survey of 416 senior executives at banks and credit unions, the fraud headline is blunt: roughly 40% of banks and 50% of credit unions reported higher fraud losses in 2025, and most expect it to worsen in 2026. First-party fraud—customers defrauding their own bank—now accounts for more than 40% of total losses. Three-quarters of institutions are increasing fraud prevention budgets in response.

Ron Shevlin, Cornerstone's chief research officer, frames it succinctly—"AI, crypto, and fraud are no longer future-state discussions. They're reshaping banking right now." 

The study also found that nearly half of banks (49%) and 59% of credit unions have already deployed generative AI, with agentic AI now being discussed at the executive or board level at more than half of institutions. Over 70% of banks have discussed stablecoins at the board level. The optimism is there—8 in 10 execs are bullish on the industry in 2026—but it's tempered by execution anxiety and the reality that fraud losses are nibbling (or actively feasting) into margins.

Quick Hit #2: DOJ charges 31 more in ATM jackpotting ring

The Justice Department charged 31 individuals this week in connection with a large-scale ATM jackpotting operation. Many are alleged members of the Venezuelan gang Tren de Aragua. The method: Ploutus malware loaded via thumb drive or physical access to the ATM's internals, which then sends illegitimate commands forcing the machine to dispense cash. The scheme allegedly stole $5.4 million from community banks and credit unions in over 80 separate cases. 

This is the industrialization thesis playing out in the physical world. Jackpotting used to be niche, technically demanding crime. It's now organized gang territory with coordinated multi-state execution. The Southern District of New York is prosecuting the case, and it's one of the largest ATM fraud takedowns on record.

Quick Hit #3: AI paystubs are here—and they're scarily easy to make

Inscribe published its 2026 Document Fraud Report this week, and the finding is uncomfortable: AI-generated fraudulent documents increased nearly 500% between April and December 2025. The target? Paystubs and bank statements—the two documents that sit at the core of every lending and onboarding decision.

97% of fraud leaders surveyed by Inscribe say they're concerned about this. The detection arms race is already underway—different AI models leave different traces in metadata, pixel-level artifacts, compression patterns. Tools like Inscribe are training on those signatures. But right now, the attack is faster than the defense, and the volume is scaling faster than manual review teams can keep up.

Quick Hit #4: Fraud as an upsell opportunity — Fiserv sued (again)

FiCare Federal Credit Union filed suit this week against Fiserv over its Virtual Branch Next online banking platform. The allegation: hackers broke in repeatedly, took over customer accounts, stole money, and when FiCare flagged it, Fiserv didn't reimburse the losses. Then, in December, Fiserv told FiCare it would need to pay for a security upgrade to get basic protections like MFA and biometrics. Audacious.

This isn't a one-off. Self-Help Credit Union in North Carolina filed a similar suit in December, alleging Fiserv secured its own internal systems with biometrics and layered MFA while running client data on email passcodes—a practice the National Institute of Standards and Technology explicitly recommends against. Law360 reported that FiCare's complaint specifically accuses Fiserv of allowing the platform to be "repeatedly hacked, again and again"—then using those failures to upsell security features.

The complaint from FiCare is specific: "Fiserv's systems lack basic security controls. They expose member information to easy compromise. They allow hackers to easily steal staggering amounts from financial institutions. And Fiserv continued to sell and operate these systems while assuring FiCare Federal that everything was secure." Cheeky.

Quick Hit #5: Forbes 30 Under 30 adds another fraudster to the tally

Gökçe Güven, 26-year-old founder and CEO of fintech startup Kalder, was charged last week by federal prosecutors with securities fraud, wire fraud, visa fraud, and aggravated identity theft. Güven was featured in Forbes' 2025 30 Under 30 list. The company joins an increasingly long roster of 30 Under 30 alumni facing fraud charges—Sam Bankman-Fried, Charlie Javice, Elizabeth Holmes, and Martin Shkreli among them.

The allegations: during Kalder's April 2024 seed round, which raised $7 million from more than a dozen investors, Güven presented a pitch deck claiming 26 brands were "using Kalder" and 53 were in "live freemium." In reality, prosecutors say, many were on heavily discounted pilots, and some "had no agreement with Kalder whatsoever—not even for free services." The deck also claimed $1.2 million in annual recurring revenue. The DOJ alleges Güven kept two sets of books—one with inflated numbers for investors, one with the real financials.

Prosecutors also allege Güven forged employment records and created fake consulting agreements to fraudulently obtain a U.S. work visa. The indictment details how investor presentations showed fake customer logos, inflated contract values, and revenue projections with no underlying contracts.

This Week in Fraud is a publication for fintech operators, fraud teams, and risk professionals. Have a tip or story? Reply to this email.