Banking Threat Bulletin: February 2026

February 27, 2026 by ThreatMark

February’s headlines tell a consistent story. Fraud is scaling across social media platforms, AI-driven campaigns, and even public-sector loan programs. From billions generated through scam ads to synthetic identities infiltrating onboarding processes, the common denominator is industrialization. At the same time, regulators and institutions are responding with stronger reimbursement frameworks and deeper intelligence sharing. The common thread is clear: when fraud industrializes, the response must be equally coordinated.

1. Social Media Platforms Generated £3.8bn from Scam Ads Across Europe

Social media platforms generated nearly £3.8bn in revenue from malicious ads across Europe in 2025, according to Juniper Research. Around 10% of ad impressions across major platforms were linked to scams. With total impressions projected to reach 1.4 trillion by 2030, revenue tied to scam ads could more than double unless stronger controls are introduced.

The findings intensify the debate over social media accountability for fraud. While platforms point to existing detection efforts, banks argue that upstream responsibility is essential if scam-driven payment fraud is to be meaningfully reduced. With the upcoming PSR placing conditional liability on online platforms, regulatory pressure is beginning to extend beyond the banking sector across the EU.

2. EU Advances Anti-Fraud Plan to Strengthen Data Sharing

The European Commission has unveiled a new anti-fraud initiative aimed at enabling greater data sharing between Financial Intelligence Units and private-sector stakeholders, alongside expanded cooperation beyond the EU. The action plan targets fraud carried out online and by telephone, signaling a stronger EU-level push to coordinate intelligence and reduce scam impact.

The proposal also introduces EU-wide victim support guidelines and calls for more consistent reporting channels and improved access to compensation. Authorities would step up efforts to detect and trace fraudulent advertising and criminal proceeds, aiming to disrupt funds flowing through payment accounts, crypto transfer chains, and e-money services. For banks, this points to increased expectations around cooperation, reporting quality, and the ability to act on shared intelligence.

3. PSR Publishes Fraud Data Around Reimbursement Requirement

The latest PSR report on Authorized Push Payment (APP) scams covers the start of 2024 up to 7 October 2024, when the Mandatory Reimbursement Requirement (MRR) came into force. Of all reported APP scam claims since October 2024, around 70% fell within the scope of the MRR, while 30% were deemed out of scope. Among those in scope, 88% of losses were reimbursed during the regime’s first twelve months.

Before October 2024, reimbursement averaged roughly 60% by value, with significant variation between firms, meaning outcomes depended heavily on the victim’s bank. There was also a stark imbalance on the receiving side: the fraud rate for non-directed firms by value was 41 times higher than for the 14 largest banking groups, highlighting how smaller PSPs were disproportionately used as destinations for scam funds.

4. “Ghost Student” Scam Fuels Large-Scale Federal Loan Fraud

The US is facing a surge in so-called “ghost student” scams, where fraudsters use stolen or synthetic identities to enroll in community colleges, secure federal loans and grants, and vanish once funds are disbursed. The scale is significant: more than $350 million in related fraud has been investigated over the past five years, with over 200 active cases nationwide and some schemes suspected of exceeding $1 billion in illicit gains. In certain states, nearly a third of community college applications have been flagged as fraudulent.

The scheme underscores how identity theft and remote onboarding vulnerabilities can enable large-scale new account fraud, particularly in open-enrollment environments with limited verification controls. As fraudsters industrialize these application-based schemes, robust identity verification and synthetic identity detection are becoming essential not just for banks, but for any organization distributing funds or facilitating access to credit.

5. “All-Green” Fraud and Onboarding Risk Among Key 2026 Trends

AI is reshaping fraud at scale in 2026. Michal Tresner, ThreatMark’s CEO, warns that generative AI is enabling synthetic identities, automated deception, and attacks that bypass traditional controls. One of the most operationally challenging shifts is the rise of “all-green” fraud: correctly authenticated sessions where every check passes, yet customers are being manipulated into transferring funds.

Onboarding is emerging as another pressure point. Recent “ghost student” fraud cases in the US show how onboarding weaknesses can be exploited far beyond traditional banking. As Sara Seguin of Alloy notes, institutions have the least certainty about identity authenticity and intent at account opening, while Tresner highlights the rapid growth of synthetic identities built with realistic documents and AI-generated media. Together, these trends signal a structural shift: static checks at onboarding and authentication are no longer enough. Detecting intent and behavioral anomalies in real time is becoming critical to limiting losses.

6. UK Launches “Report Fraud”

The City of London Police has formally launched Report Fraud, a new national reporting service replacing the long-criticized Action Fraud platform. Designed as a single gateway for cybercrime and fraud reporting across England, Wales, and Northern Ireland, the system aims to centralize intelligence, strengthen victim support, and improve coordination between policing and industry.

The move follows years of criticism that Action Fraud operated as a “black hole” for victim reports—a serious issue in a landscape already defined by underreporting. For example, only around a third of businesses experiencing fraud report it externally, and just 6% contact law enforcement. The real test now is whether better analytics and coordination will translate into visible enforcement outcomes and renewed confidence in reporting.

7. How Telecom Data Feed APP Fraud Prevention in the UK

Fraud, however, doesn’t always originate on social media. In the UK, a significant share of scams is initiated through spoofed calls, SIM swaps, and other telecom-based tactics before a payment ever reaches the bank. In his Finextra contribution, Ben O’Brien, Managing Director at Jaywing, argues that telecom data is emerging as a critical early warning layer in the fight against APP fraud.

He notes that pre-transaction telecom signals, such as SIM swap activity, network anomalies, and call spoofing indicators, can be incorporated into fraud decisioning while a transaction is under consideration. When used in real time, this additional context enables earlier intervention and reduces both APP scams and account takeover risk.

8. INTERPOL Operation Red Card 2.0 Demonstrates Scalable Fraud Disruption

INTERPOL’s Operation Red Card 2.0 shows what coordinated fraud disruption looks like when intelligence sharing leads to action. Between December 2025 and January 2026, law enforcement agencies across 16 African countries targeted online scams, mobile money fraud, and fraudulent loan schemes. The operation resulted in 651 arrests, the takedown of more than 1,400 malicious domains and servers, and the recovery of over $4.3 million linked to scams causing more than $45 million in losses.

The operation relied on real-time information exchange between public authorities and private-sector partners, including cybersecurity firms contributing infrastructure and threat intelligence. Rather than isolated takedowns, Red Card 2.0 focused on dismantling shared systems that enable fraud to scale across borders. For banks, this reinforces a central theme of 2026: fraud is industrial, and only coordinated, cross-sector action can meaningfully disrupt it.

Banking Threat Bulletin highlights the stories shaping global fraud prevention and customer protection. Stay informed. Strengthen trust. Protect your customers.