
Fraud is not a competitive problem. The criminals targeting one bank will likely be targeting all of them. And yet, for most of the past four decades, the industry's default response has been to report losses after they happen and screen against shared lists of known bad actors. That model is becoming obsolete.
By 2030, global fraud losses are projected to hit US$58 billion annually. Instant payment rails have removed the recovery window that once gave banks breathing room. AI has allowed new risk vectors to scale rapidly. And governments around the world are now transferring the cost of scam losses from victims to the institutions that processed the payment. The economics have shifted. Reporting a loss now almost always means realising one.
The institutions that close that gap will be the ones sharing intelligence before any transfer is made.
There’s been much discussion regarding shifting from a reactive to proactive fraud defense strategy. We’ve discussed in a previous article about the upsides of national anti-scam centres.
In order to achieve that, however, the necessary foundation must be put in place. Fraud consortiums provide a good launching pad that enables a conglomerate of institutions to build towards this goal.
1. The consortium is not newThe first banking fraud consortium has been operating since 1988. The model now spans six continents, covering identity, payments and financial crime.
What the past four decades have proven is that no single bank has sufficient reach on its own. A fraudster who opens a mule account in one institution, initiates a social engineering attack through a telco platform, and receives funds at a second bank is invisible to any one participant.
Consortiums provide a holistic view of the entire payment rail through every touchpoint, breaking traditional siloes and enabling greater visibility and in turn, response.
2. Fraud has moved beyond banking perimeters78% of UK APP fraud begins online. 80% of TSB scams originate on Meta platforms. A bank-only data pool will always be one step behind because the origin point of the fraud sits outside it.
The consortiums that have achieved real results are the ones that extended their membership beyond banks to include technology companies, telcos, and public sector entities.
3. Intelligence is pooled and utilisedA dormant account logging in at the exact moment funds arrive is a weak signal at any single bank. Shared across institutions in real time, it becomes a reliable mule indicator. Under a consortium, one confirmed fraudulent device at Bank A, linked through shared device and IP signals to accounts at Banks B and C, surfaces an entire mule network.
This is intelligence that no single member can generate alone.
Three production systems running today show what this looks like at scale:
These are production systems stopping fraud before money leaves the account.
Institutions that remain outside these networks are exposed and limited in resources to respond to any attack.
Four decades of operating consortiums across multiple regions have produced a clear set of patterns. Some models have scaled and endured. Others have stalled or shut down. The difference is rarely technology. It is governance, legal architecture and operational discipline.
1. Establish the legal basis before you scaleThe Netherlands' TMNL consortium was technically the most ambitious pooled transaction monitoring effort in Europe. It was suspended in 2024 because the legal basis for data sharing became contested under EU and Dutch privacy law. The banks had to step back and redesign the entire model.
The lesson is straightforward. A well-funded, technically capable consortium can be stopped cold by an unresolved legal question. Before onboarding members, define the regulatory footing for sharing. Legislation or a clear regulatory mandate from the start removes the uncertainty that kills momentum later.
2. Do not rely on voluntary participation aloneThe US Section 314(b) safe harbour has allowed banks to share financial crime information since 2002. After more than 20 years, approximately half of eligible institutions had never registered. Permission to share is necessary. It is not sufficient.
Every consortium that has achieved genuine scale has one of three structural backbones: a binding sector accord, a regulator-built platform, or a legal mandate.
3. Move from post-event reporting to pre-transaction intelligenceThe historical model asks: what fraud have we confirmed, and how do we warn others? The new model asks: what signals are available right now, at this point of payment, that can stop this transaction before funds move?
Today’s FIs need to ask: how far upstream can we move detection?
Device fingerprinting, behavioural biometrics, dormancy markers and session-level signals are rarely included in traditional consortium data pools. They are also the signals most likely to catch fraud in the act.
Consortiums that limit their data sharing to confirmed fraud lists are working with old and redundant intelligence. The pre-transaction layer is where the next generation of fraud prevention sits.
4. Widen the membership circle as the fraud movesFraud does not start at a single bank. It starts on social platforms, messaging apps, and telco networks.
A consortium that only connects banks will always be missing the source data.
The UK's evolution of Cifas into the Stop Scams UK and Meta FIRE programme is the cleanest example of how this plays out over time. What starts as a credit-industry registry eventually has to span tech, telcos and the public sector to stay relevant.
5. Five operational questions before you go liveGovernance failures are the most common reason consortium efforts stall. Five operational questions must be resolved before launch.
6. Technology is the easy partThe infrastructure to share fraud signals in real time exists today. The challenges that have stopped or slowed every major consortium effort have been legal ambiguity, governance design and the gap between voluntary intent and structural obligation. Solve those first and the rest follows.
Data sharing consortiums are proving that privacy and protection are not in conflict. Distributed Tokenization is a one way encryption method that allows institutions to match behavioural signals across networks without ever exposing raw customer data or PII outside their own environments.
The logical endpoint of shared fraud intelligence is invisible authentication. In the future, passwords might be a relic, especially if behavioral, context and risk signals become advanced enough. Trusted traffic replaces manual verification entirely.
AI is shifting from reactive monitoring to predictive simulation. Consortiums will soon run network-level models of how fraud might evolve before it occurs, preemptively blocking accounts before fraudulent funds ever arrive.
And perhaps most importantly: shared data is approving more legitimate customers, not just catching more bad ones. Consortium intelligence expands financial access for applicants with thin or no credit history, turning fraud defense into financial inclusion.