Beyond Compliance: How Credit Unions Can Avoid the Courtroom in Fraud Cases

As more scam victims take their cases to court, US banks and credit unions are facing a stark reality: compliance with regulations may no longer be enough to shield them from legal and reputational fallout.  

Across the board, customers, lawmakers, and judges are signaling a growing expectation for institutions to actively prevent authorized fraud. 

The headlines are hard to ignore. Craig Hurt, an elderly man in Oklahoma with vascular dementia, lost over $5 million in a pig-butchering scam. In 2023, his wife sued Arvest Bank, the regional lender that processed the wire transfers, arguing it failed to act on clear warning signs.  

Cases like this are no longer rare.  

In California, an 80-year-old widow is suing JPMorgan Chase and several of its employees, claiming they enabled pig-butchering scammers who drained nearly her entire life savings. A federal judge denied JPMorgan’s motion to dismiss. 

In Texas, a 77-year-old woman lost more than $50,000 to an elaborate scam. Although she contacted her bank and was told the wire transfer to China had been stopped, the money went through. She sued Chase for failing to protect her. The case was settled confidentially. 

Scam Victims Fall Through the Legal Cracks 

While Europe is shifting more liability onto banks through measures like the UK’s APP scam reimbursement rules and PSD3, the US has yet to implement a comparable regulatory overhaul. 

The foundation of US fraud law dates back to 1970 when banks were first required to report suspicious activity linked to money laundering. Later, as debit cards and electronic payments became mainstream, Congress introduced rules mandating fraud screening and customer reimbursement—but only for unauthorized transactions. 

That definition still holds: fraud, in legal terms, means someone accessed an account without the customer’s knowledge or consent. But modern scams fall outside that scope. Instead of hacking into accounts, fraudsters deceive victims into authorizing the transfers themselves. As a result, banks are often under no obligation to intervene or reimburse the loss, even when warning signs are clear. 

The result is a growing protection gap for Americans who are tricked into sending money under false pretenses. 

Vulnerable Customers, Rising Expectations 

Elderly customers are especially vulnerable to scams. After a lifetime of saving, many have significant assets, and their natural trust is often exploited through impersonation and romance scams. Many also struggle to keep up with digital tools, making it harder to assess risk when targeted. 

Several US states have recognized this vulnerability by introducing laws that specifically apply to customers over the age of 60 or 65. In some cases, these laws require banks to report suspected scams to state authorities or allow them to contact a trusted third party when fraud is suspected. 

One notable example is a 2024 California bill that would have allowed banks to pause suspicious transfers over $5,000 by elderly clients and notify a designated contact. The bill passed the state legislature but was ultimately vetoed. 

When Compliance Isn’t Enough 

Although scam victims still face legal hurdles when suing their banks, lawsuits are becoming increasingly common and they’re pushing institutions to take more responsibility than what the law currently requires. 

These cases offer two clear lessons. First, the bar for fraud prevention is rising. Second, compliance is no longer enough. To stay competitive, banks and credit unions must adapt to shifting customer expectations and anticipate the kind of regulatory changes already unfolding in Europe. 

Even when a lawsuit is dismissed or ends in a settlement, the reputational damage can be significant and measurable. More than 30% of scam victims in the US choose not to stay with their financial institution after falling victim to fraud. And 75% say they would switch providers if they believed their bank’s fraud protections were inadequate. 

Read more about the real cost of fraud in the US 

Scam Prevention as a Duty of Care 

This shift reflects a higher standard of care, one that increasingly extends beyond technical compliance.  

The case of an 80-year-old widow who hadn’t sent a wire transfer in over six years, yet suddenly wired $720,000 over the course of three weeks, raises a clear question: shouldn’t that trigger red flags? In today’s fraud landscape, defrauded plaintiffs and their lawyers are bringing exactly these kinds of questions to court. 

Scam prevention is increasingly being viewed as part of a financial institution’s duty of care. Banks and credit unions are expected to recognize signs of manipulation, sometimes clear, sometimes subtle, as they’re happening and take reasonable steps to protect their customers from harm. 

To meet that standard, many credit unions and banks will need to strengthen their scam prevention capabilities. That means moving beyond traditional controls focused on unauthorized access or stolen credentials, and investing in tools designed to counter modern fraud tactics; scams that are increasingly sophisticated, AI-driven, and rooted in social engineering. 

Disrupting the Scam, Not the Customer 

Many scams begin with a phishing site. Banks that can detect and take down this infrastructure before a customer engages are already disrupting fraud at the source. The ability to act at this perimeter, —using phishing detection and takedown capabilities, is a critical first step in reducing risk across the customer base. 

Once the scam reaches the customer, the window of manipulation begins. This is where real-time, customer-facing support makes a critical difference. Solutions such as ScamFlag, which allow users to flag suspicious messages or requests inside the banking app, can help identify scams in progress and guide customers away from completing harmful transactions. 

If a scam progresses further, behavioral intelligence offers another layer of defense. Social engineering often changes how people behave, causing hesitation, abnormal navigation, or uncharacteristic transaction behavior. Systems that monitor these patterns in real time can detect signs of manipulation even when login credentials and devices appear valid. This allows banks to intervene and stop fraud before it is completed. 

Finally, when a scam succeeds, the stolen funds often move quickly through money mule accounts spread across institutions. This is where interbank coordination becomes essential. Sharing intelligence about suspicious accounts and transaction patterns helps detect scams more accurately and disrupt money laundering. As the Wall Street Journal recently noted, industry voices are calling for regulatory clarity to enable this kind of cooperation. 

Getting Ahead of Compliance 

Lawmakers in the US are beginning to adjust to the realities of modern fraud. More than 20 states already have laws that give banks a safe harbor from legal action when they delay transactions out of concern for financial exploitation. More legislation is likely to follow. 

The growing number of lawsuits shows that waiting for regulation isn’t a strategy, but a liability. As courts test the boundaries of what counts as reasonable action or legal negligence, court decisions may soon formalize those expectations. 

For banks and credit unions, it’s better to prepare now. Not just simply for the regulatory changes ahead, but for the expectations already rising among customers. They want smooth, seamless transactions, along with meaningful protection when it matters most. 

The good news is that both are possible. With the right tools, banks and credit unions can protect their members without adding friction and demonstrate that they’re ready for the fraud landscape that’s already here. 

Protect your customers with ThreatMark