Fraud on Wheels: Fighting the Growing Threat of Mobility Fraud | “What The Fraud?” Podcast

THOMAS TARANIUK: Hello, dear listeners, and welcome to the final episode of this season of What The Fraud?, a podcast by Sumsub, where digital fraudsters meet their match. I’m Thomas Taraniuk, currently responsible for some of our very exciting partnerships here at Sumsub, the global verification platform helping to verify users, businesses, and transactions as well.

This week we’re looking into how the cars we drive and rent are becoming the new frontier for cybercrime. From ghost drivers to fake IDs to money laundering and QR code scams, the mobility space is now facing a new wave of digital threats.

Our special guest this week is Karolina Kaušylaitė, Compliance Manager at Tesla Financial Services and an expert in anti-money laundering. She’s worked at PPRO and N26 Bank, tackling financial crime from multiple angles. Today she’s here to help us understand how criminals exploit modern vehicle services and what the industry must do to stay ahead.

From political science to fighting financial crime

Karolina, thank you so much for joining us today. Let’s start with your journey. You built a career tackling financial crime across major fintechs and banks, but I read this started all the way back at university. Can I ask what sparked your interest?

KAROLINA KAUŠYLAITĖ: Actually, that was a very unexpected journey. You probably know that I studied political science. I actually started working at Western Union and thought, “I’m just going to make some money, start my career, and go into political science—maybe get into international relations.”

When I started working at Western Union, I was immediately faced with financial crime fighting. And it was just so interesting, because it felt like in a way I was saving the world. We were helping people who weren’t sure who they were transferring money to. People would come into the office and say, “Oh, sorry, I think I just transferred $10,000 to a person who promised me some money in Nigeria.”

It felt so interesting, and I thought, okay, I’ll start looking into this more broadly. That’s how I started studying criminology, got into tourism financing studies, and here we are. I explored different industries from consultancies to neobanks, and now I’m here in the automotive industry—which is a different type of space to explore when it comes to financial crime. It’s so different from everything I have seen.

Top fraud trends in mobility: Phishing, QR codes & fake rentals

THOMAS TARANIUK: Certainly a very different type, and that’s what we’ll be exploring today as well. So you now focus, Karolina, on mobility at Tesla Financial Services. What fraud trends are hitting this space hardest right now, from your perspective?

KAROLINA KAUŠYLAITĖ: Well, there are quite a lot. Quite recently I was talking to my colleagues, and we called one trend the “easiest” to detect—but as I was made aware, it’s probably not that common for the outside world. Let’s talk about QR codes plus phishing, which is now called “quishing” in our industry.

This happens when QR codes are tampered with fake ones. We see this very often at EV charging stations and parking lots. It also happens quite often in bigger cities like Berlin, when you try to rent out a scooter or a bike.

The essence of this fraud is to steal your personal information and payment information. When you try to pay for parking or rent a car, that’s the last place you expect to get scammed. It’s supposed to be a seamless, easy process—and accidentally you’re in a phishing attack.

Why identity fraud is so rampant in the mobility industry

THOMAS TARANIUK: A whole world of trouble. Absolutely. Identity fraud is a massive concern, right? But one thing that the industry is looking at is tackling it head-on. Why are mobility platforms especially vulnerable to identity fraud versus, let’s say, other industries?

KAROLINA KAUŠYLAITĖ: I think the mobility industry evolved so fast. It heavily relies on seamless customer onboarding and providing services fast and in a timely manner, with the product being at the top and compliance and anti-money laundering prevention being the last step.

So it’s really easy to misuse this industry for identity fraud. One key thing is that it’s still in a very gray regulatory zone. Regulations are not keeping up with the fraud tendencies we see. Since it’s very easy to get a car—just take a selfie, a picture of your ID, and you unlock it—there’s no ongoing monitoring.

In banking, providers monitor your account—what you’re doing, your daily transactions. In mobility, once you open the account and the contract with the car service provider, that’s it. There’s no ongoing monitoring. That’s why it’s very easy to misuse these types of accounts for fraudulent and money laundering activities.

Suggested read: Trust on the Move: Fraud Prevention and Verification in the Mobility Industry (2025)

Is regulation coming for the mobility sector?

THOMAS TARANIUK: Super scary. Which way do you see it going as an industry? Are they going to become super regulated, specifically in the EU and the UK?

KAROLINA KAUŠYLAITĖ: That’s a very good question. I don’t think they’re going to be heavily regulated, but I think regulators will start looking at one possible solution—information sharing between providers.

What the banking and fintech industries already do is share information about customers—where money is coming from, what’s going on with the account, etc. I think this is the next step for the mobility industry as well, where we’ll be forced to share information with banking partners, payment providers, and among mobility providers like Uber, Share Now, and others.

This has already been called out recently following a case in Frankfurt. The CEO of FreeNow, when they uncovered a fraud ring, called for more information sharing between car service providers. That’s one of the only ways to track fake identities and crime/fraud rings.

Suggested read: Fraud Rings: A Dangerous Trend Businesses Should Be Aware Of

What are ghost drivers, and why are they so dangerous?

THOMAS TARANIUK: Got it. That makes a lot of sense. Now, one tactic that keeps coming up is ghost drivers. We recently saw a case in Boston where fake IDs were used for as many as 2,000 drivers. Can you explain what a ghost driver is and how serious a problem it is?

KAROLINA KAUŠYLAITĖ: Ghost drivers are actually a rather new fraud trend in the industry. A ghost driver is someone who is not supposed to be driving that car. Someone else passed the KYC onboarding checks, but a different person operates the vehicle.

There are actually three types of ghost drivers:

• Synthetic ghost: Someone fakes an ID that doesn’t belong to any real person. It’s altered and can’t be tied to an actual individual. They then fake the entire onboarding process and use the account.
• Mule ghost: Similar to mule accounts in banking. Someone passes KYC checks, but then rents or sells the account to someone else, who uses it to drive the car.
• Bot ghost: This is the most tech-driven type. Someone might legitimately register with a platform but never drive. They create a bot or code that simulates routes and locations to launder money. This helps illicit funds enter the system as “legitimate” payments, which can then be withdrawn.

And in addition to that, they can age the account—keep using it for years undetected. Since there’s no ongoing monitoring or behavioral analytics, these accounts are barely caught. Eventually, they’re sold on Telegram or the dark web. A recent German media report said you don’t need to hack Uber—just 200 euros and a Telegram account, and you can buy a whole new profile.

How criminal networks use luxury car rentals to launder money

THOMAS TARANIUK: I find that super interesting, Karolina—especially the fact that they’re money laundering. These actual businesses are taking a fee, which is just a cost of business for these launderers. And of course, they’re creating these bots that act as the users at the end of the day. So it’s a two-way problem. The mobility industry as a whole is a big target for money laundering.

We saw this case in Germany where luxury vehicle rentals were used to launder massive amounts of money, generally through criminal networks. Could you walk us through how these schemes typically work within a criminal network in a country like Germany?

Suggested read: How to Detect Money Laundering in Vehicle Sales

KAROLINA KAUŠYLAITĖ: So let’s say criminals are establishing fake companies in Germany, Italy, Spain, and Austria. These companies claim to provide services like luxury vehicle rentals or sales. What happens is that the criminals launder money through these companies under the guise of legitimate services.

In one case I read about, they paid monthly fees for cars that didn’t even exist. The company didn’t actually own any vehicles—it was just a front. But that’s how the criminals integrate illicit funds into the legitimate financial system.

So in your banking app, if the compliance team were to look at it, a €500 monthly payment to what appears to be a legitimate car leasing company wouldn’t immediately raise suspicion. It seems normal, and it blends into the system.

The same goes for car dealerships. Our industry is cash-intensive and deals with high-value goods that are easy to move internationally. For example, someone might buy a €300,000 Mercedes with a fake invoice. At first glance, the transaction seems legitimate, and just like that, illicit funds become legitimate.

These funds are then used again to buy art, luxury cars, and so on—it becomes a vicious cycle. There were several cases like this uncovered in Germany and other parts of Europe.

Suggested read: The Three Stages of Money Laundering and How Money Laundering Impacts Business

And here’s the interesting part for compliance professionals: these cases weren’t discovered randomly. They were uncovered because suspicious activity reports and transaction reports were filed. Sometimes we feel like there’s no point in filing them because we don’t get feedback, but this shows they do matter. Those reports in Germany and Italy actually triggered investigations.

THOMAS TARANIUK: I can imagine so. What a good story, thank you, Karolina. From the perspective of underreporting, it might be quite difficult to see how big the problem really is. As you mentioned, criminals launder funds through the mobility industry and cycle it through over and over again, which makes it very clear how big the issue is.

What can companies do to spot red flags and fight mobility fraud?

When it comes to fighting back, what can companies actually do? Are there obvious red flags they should be watching for, or does this require a more agile, tech-driven approach?

KAROLINA KAUŠYLAITĖ: It’s a bit of both. Compliance teams are everywhere and should always check if the customer’s profile matches their activity. Even though ongoing monitoring isn’t yet a common practice, there are warning signs from the start. Let’s break this down.

First, look at the ID: does it seem unusual? These days, especially with AI and deepfakes, it’s tough to tell. But sometimes fraudsters put in little effort. You might notice different fonts, elements glued onto the ID, wrong colors, or outdated formats if you compare it to what it should look like.

Then there’s behavioral analytics, which I think will become essential. For example, do we see multiple signups from the same IP address? That’s suspicious. Most people use a single phone or device, so if ten phones are registered to one IP, that’s a red flag.

Another solution is moving towards biometric data verification—things like live selfies or fingerprint scans before unlocking a high-value vehicle. This adds a layer of verification beyond just uploading a photo. If something fails, like the biometric verification at pickup, we know immediately that something’s off.

Suggested read: Driver’s License Verification in Mobility: How Platforms Stay Compliant & Safe

Ghost drivers—where someone signs up but someone else is driving—are hard to detect. But we can use GPS to identify unusual behavior. Are the rides always short? Are the patterns identical? That may indicate bots or scripts.

If providers offer wallet services, it’s another area to monitor. Look at transactions: where’s the money coming from? Is it being transferred into crypto? Is the withdrawal frequency suspicious? Same amounts, large values—these patterns can help us detect anomalies.

Each case is unique, but those are the trends I’d expect to see.

QR code scams in mobility

THOMAS TARANIUK: Very interesting. A lot of red flags, and clearly you have deep insight into them. The fraud vectors and vulnerabilities in the mobility industry are really interesting. And with AI in the picture, I assume it’s becoming even harder to detect fraud, right?

You mentioned something earlier—quishing—where people use QR codes to commit fraud. Can you explain how those scams work and why they’re becoming more common in the mobility industry?

KAROLINA KAUŠYLAITĖ: In the mobility industry, especially with electric vehicles, it’s all about seamless customer experience. For many, it’s their first EV, so they’re excited about the tech. This makes it the last place they expect to be scammed.

Paying for parking or EV charging via QR code is common. Fraudsters take advantage of this by placing fake QR code stickers—sometimes you can tell they’re fake, but often they’re professionally done.

The user scans the code, thinking they’re paying for EV charging. The fake site looks almost identical to the legitimate one. It mimics the typical phishing scam: you input your card and personal details, press “pay,” but it doesn’t go through. You try again, thinking it’s a glitch.

Meanwhile, the scammer collects your payment data—or installs malware on your phone. Game over. What the fraudster gets is your card info.

It’s just like clicking on a phishing email link, and we always say not to do that. You should apply the same caution with QR codes. Whether it’s for unlocking a scooter or paying for charging—always check the link. Is the URL legit? Or does it look odd—like “electricvehicle-xxx.com”? Look for grammatical errors, weird fonts—anything off.

If something does go wrong, we’re ready to help users and block accounts. But this kind of scam is becoming more common because people just don’t expect it. They’re so focused on the EV experience that they don’t think twice.

Suggested read: Hot New Fraud Trends in 2025: AI Scams, Pig Butchering, and Mobile Payment Attacks

Protecting users and drivers from industry fraud

THOMAS TARANIUK: Especially valid for protecting users within the base of customers that you have, and the drivers as well. How do you see this developing as we move forward, as the type of fraud within the industry?

KAROLINA KAUŠYLAITĖ: That’s why a lot of electric vehicle providers will go and implement the QR code payments into their own apps. So it could be an internally developed tool, an internally developed service, so you wouldn’t have to use the random QR codes to pay for the car payments on a smaller scale. When it comes to scooters and bikes, I think that’s always going to be a human error. You just need to remain vigilant and to know what to do next if this mistake happens. We cannot protect everything—it’s just human nature.

THOMAS TARANIUK: Certainly the case. Human nature. We talk about it a lot in the podcast.

Are connected cars secure enough today?

Do you think the industry is moving fast enough when it comes to securing connected cars? And what role do technologies like biometrics and behavioral monitoring play in securing connected mobility?

KAROLINA KAUŠYLAITĖ: That’s a very great question that we keep on asking ourselves on a daily basis. Because on one hand, GDPR and data privacy laws really protect our information, and we should not supply that information to places where it’s unnecessary. The same goes for the financial services industry. We really are considering: do we actually need this customer data, or is it just nice to have? Especially in Germany, with its strong privacy concerns, we’re very protective of these details.

So this is an ongoing question we try to answer—how to protect our customers while only gathering the data we truly require and not treating them as suspects for possible crimes. I don’t think we’ll ever have a final answer to that. But, as I mentioned before, if we engage in information sharing between industry players and use more liveness detection, biometric data, or monitor customer behavior, that would help. Then we wouldn’t need to overregulate the industry or overburden customers—for example, asking for payslips just to take a €3 ride.

If we take a different approach, where the customer agrees to authenticate with a live video instead of sending a selfie—that would help. And in terms of data protection rights, this would be equally effective.

THOMAS TARANIUK: Makes a lot of sense. So the role of technologies like biometrics and behavioral monitoring can’t be understated when it comes to securing connected mobility. But from your perspective, Karolina, do you think the industry is moving fast enough when it comes to securing connected cars? Or are we quite slow?

KAROLINA KAUŠYLAITĖ: In short—no, we’re not fast enough. Let’s think about it. Fraudsters are already using AI and deepfakes to impersonate people. They’re already there. They use the darknet and Telegram channels to exchange information on the weaknesses of our KYC onboarding apps—how to exploit certain traits.

And when it comes to technology and our efforts to prevent that, we’re one step behind. In every industry I’ve worked in, it’s always been a reactive approach instead of a proactive one. We wait for something to happen. We wait for a massive fraud ring or incident, and only then do we think: “We should have monitored this better.”

When it comes to product growth and strategy, compliance always comes after. We always say that non-compliance costs more than compliance, but there’s a constant battle between product and compliance—and unfortunately, that’s why technology and regulation don’t keep up. We always focus on product growth, and everything else comes after.

Emerging threats in transportation

THOMAS TARANIUK: Especially when there’s so much competition in the space as well — it makes it very difficult. So, Karolina, what are the new battlegrounds in mobility fraud? I mean, what are people like you worrying about that the rest of us might not yet have seen?

KAROLINA KAUŠYLAITĖ: I think ghost drivers are one of the most recent and significant challenges. They’re becoming a big issue in our industry, and we’re still figuring out how to deal with and proactively prevent these kinds of activities.

Besides that, we should be seriously worried about our personal details being stolen and sold—whether that’s on the darknet or Telegram channels. That’s another major battleground. The data of drivers and customers is being sold for €200, and it’s available to anyone. I’m not even sure we know yet how to prevent that effectively. It’s a whole new level of threat that’s just emerging.

Is there a silver bullet for fraud in mobility?

THOMAS TARANIUK: Is there a silver bullet as well, Karolina?

KAROLINA KAUŠYLAITĖ: If I had that answer, I think all the problems in the financial crime industry would be solved. Ideally, all financial players should invest in their compliance departments, in strong systems that can detect unusual behavior and patterns. Aside from that, I think the best solution lies in professional information sharing and doing our best within the industry.

Future outlook: Regulation, AI, and risk prevention

THOMAS TARANIUK: We’ve also seen great leaps in technology—both in the mobility sector and in related industries—in recent years. So Karolina, what changes do you think are coming next? What are you specifically watching for?

KAROLINA KAUŠYLAITĖ: There are a couple of things changing.

1. First, I’d mention the regulatory landscape. This year, the AMLA institution was established in Germany to provide guidance and strengthen anti-money laundering controls. Across industries, not just mobility, we’re looking for stronger supervision and better guidelines—especially for information sharing.
2. Second, AI. Fraudsters are already using AI to create fake identities and commit crimes. But I’m hopeful that in the coming months and years, we’ll also use AI to strengthen our defenses—to make identity barriers tougher to breach with stolen, fake, or tampered data. That’s a development I’m really watching closely.

The overlooked importance of compliance in mobility

THOMAS TARANIUK: Those are some really good points. From the perspective of the issues we’ve covered today, it’s clear that this affects everyday people—whether they’re using mobility apps to make their lives easier, or working as drivers trying to make a living. And of course, the tertiary effects of money laundering go far beyond just finances—into areas like terrorism, which you’ve studied and worked against throughout your career. So what would you say is not focused on enough within the mobility sector?

KAROLINA KAUŠYLAITĖ: To summarize: in the mobility industry, compliance is madly overlooked in general. As we’ve discussed, everything is about seamless onboarding and customer experience.

We should also remember that the mobility and automotive industries are now deeply intertwined with financial services and the broader economy. This isn’t just about a €10 ride from the airport: it carries serious implications for financial crime and compliance breaches.

And this is still widely underestimated.

Quick-fire questions

THOMAS TARANIUK: I agree completely. And of course, it affects everyday life and every ecosystem—locally and internationally. Now before we end the episode, we always dive into five quick-fire questions to get to know our guest better. Are you ready, Karolina?

KAROLINA KAUŠYLAITĖ: Let’s try.

THOMAS TARANIUK: One: When choosing a digital wallet, do you go for more features or better security?

KAROLINA KAUŠYLAITĖ: Better security.

THOMAS TARANIUK: Excellent answer. What’s one thing about fraud that still surprises you, even after all your experience?

KAROLINA KAUŠYLAITĖ: Actually, human nature, that we still fall for very simple scams. Whether it’s scanning a QR code for a bike ride or clicking on a fake discount link in an email.

THOMAS TARANIUK: I’ve learned to double-check everything too. Have you ever been the victim of fraud yourself?

KAROLINA KAUŠYLAITĖ: Yes. I clicked on a link for what I thought was a half-price Lego set. Biggest mistake. I lost about €200. But I consider that a small price to pay for a lifelong lesson.

THOMAS TARANIUK: So what habit do you now rely on to stay safe online?

KAROLINA KAUŠYLAITĖ: If I click on a link, I always check if it looks legitimate. And if I can, I always pay via Apple Pay. I never transfer money to bank accounts from random links. It’s either instant card payment or Apple Pay.

THOMAS TARANIUK: Excellent. Last one: If you could have any other career outside of your current role in fraud prevention, what would it be?

KAROLINA KAUŠYLAITĖ: I don’t think I’d change much. I love my career. But I might focus more on education—delivering training sessions, speaking more on preventative measures, and helping others understand the trends we see in AML and fraud.

THOMAS TARANIUK: What a wonderful answer. And if you want to educate, podcasts are a great place to start. You’ve been fantastic today. Karolina, thank you so much for joining us on the What The Fraud? podcast and sharing your insights with us and our audience.

KAROLINA KAUŠYLAITĖ: Thank you so much for having me.