APAC Fraud Insights | "What The Fraud?" Podcast—Singapore WTF? Summit, Part 2

THOMAS TARANIUK: Hello and welcome back to What The Fraud?, a podcast by Sumsub where digital fraudsters meet their match. We are here in Singapore for part two of our podcast, special live from the What The Fraud? Summit. Today, we are talking about what happens when fraudsters have the same tools that we do—when deepfakes cost half a million in a single Zoom call, when voice cloning takes three seconds of audio.

In this episode, we’re getting more perspectives on whether we are winning or whether we’re losing the fight from the people in the know. This is the hard part, so let’s go.

If you’ve listened to the What The Fraud? Podcast before, you know that AI can be used both as a weapon, but also as a shield or a protective measure. That tension isn’t simply going away. But there are other players in this fight that we haven’t talked about yet: governments, law enforcement, global regulators, and many more, because tech, as well as collaboration, are great, I mean, really great—but at some point, you need handcuffs.

T Raja Kumar, President, Financial Action Task Force (FATF) 2022–2024

T Raja Kumar has led the Financial Action Task Force from 2022 to 2024. That’s the global money laundering and terrorist financing watchdog. Mr. Kumar, it’s a pleasure to have you here today at the What The Fraud? Summit and on the What The Fraud? Podcast as well.

T RAJA KUMAR: Well, thank you so much. Wonderful to be here, and I look forward to the opportunity to share some insights.

THOMAS TARANIUK: Wonderful. And Mr. Kumar, you’ve actually described the rise of global scams and fraud as the quote-unquote “fraud-demic era,” which is very interesting. What makes right now so critical, and what does it actually take, let’s say, for governments to stay ahead of real threats?

T RAJA KUMAR: I think the big challenge we are facing now is the sheer scale and sophistication of fraud. It’s at a level that’s unprecedented. It’s at a level that we’ve never seen before, and this is because we are actually seeing how technology is being deployed by scammers, right?

Suggested read: More Sophisticated—and More AI-Driven—Than Ever: Top Identity Fraud Trends to Watch in 2026

You are seeing the industrialization of how they operate as well. And hence, when you take a look at the scam factories that have sprouted around the world, they are conducting global operations at scale, in multiple languages. It’s a complex undertaking that they’ve actually gotten into.

THOMAS TARANIUK: Amazing to hear. And so fraud-as-a-service—fast—you described earlier, that’s one of your panels, of course. It’s industrialized scams on a larger scale than most people understand, right? I mean, we’re talking about huge collectives of individuals coming together to defraud common folk.

What will it take to mount, let’s say, a collective defense—not locally, not regionally, but globally—to actually stop or mitigate the damage of this type of fraud? What does meaningful public-private collaboration look like to you?

T RAJA KUMAR: There is no single silver bullet that can actually deal with this problem. It’s a matter of getting organized at the national level. And this is something that governments can’t do by themselves.

It really requires governments to work very closely, hand in glove, with the private sector and civil society at large as well, to help connect the dots. Because each of these pieces—each entity—is seeing a part of the overall puzzle. You need to piece it together. And that can only happen when you have the flow of information, the flow of data, that then allows the private sector and governments to have a holistic picture of what’s going on. Then you have a fighting chance of better sense-making and developing strategies to tackle it.

Beyond national-level strategies and action plans, we can see from experience how scammers are very quick to move operations when the going gets tough in one jurisdiction, when the authorities crank up the enforcement machinery, for example. They’re very quick to displace to the next location.

This is part of the resilience they’re building into their organizations as well, which means we then have to think about regional collaboration. It’s not a surprise that when we look at the scale of some of these scam factories, people from the region are being recruited, brought into these compounds, and forced to operate.

Literally, this is slave labor in today’s age, and they’re given targets and consequences if they don’t meet them. So you’re dealing with a very challenging problem, regional in dimension, and countries have to come together, exchange information, collaborate, and essentially take these operations out.

One final point I want to make is that this is not just about going after the physical locations of these scam factories. You also need to target the money that fuels them and the profits generated from them. When you cut off that flow of money, you cut off the lifeblood of criminal enterprise. That crimping of their operations prevents them from mounting even more elaborate schemes.

THOMAS TARANIUK: Certainly the case. Cutting off Medusa’s head in multiple places may mean another head appears elsewhere, but you need to cut off the money flow coming in, and like any business, it will shutter. It’s not a victimless crime. We talk about the victims on the other side, but the perpetrators themselves can also be victims.

T RAJA KUMAR: As we’ve seen from the scam factories, people are forced—it’s forced labor. And the reason why I’m very passionate about this is that everyone is a potential victim these days. This isn’t something only the gullible fall prey to.

Everyone is a potential victim these days. I’ve come across professionals—highly educated people. All it takes is a moment of impulsivity, of not fully considering what’s in front of you before you click on that link.

So one has to be very circumspect these days. One has to think about authentication and make sure to verify things before entering a transaction. It’s scary, and that’s the kind of due diligence we have to adopt in this day and age.

THOMAS TARANIUK: Education of the public is certainly one of the biggest priorities.

T RAJA KUMAR: Absolutely critical.

THOMAS TARANIUK: How should the ecosystem at large respond? What role can tech—such as companies attending here today at the What The Fraud? Summit—play in detection as well as prevention?

T RAJA KUMAR: On the technology front, there’s such a rich range of tools available today. These are needed, first, to help financial institutions better sense-make what’s happening within their own organizations.

That sense-making then informs the defenses they mount to detect this activity. Sharing such information across entities is also very important so that the entire financial community can be collectively more alert.

Technology gives tools both to law enforcement—helping them sense-make, pinpoint what’s going on, investigate, seize money, and go after perpetrators—and to industry.

Financial institutions are already using data analytics, AI, and other tools to better understand account activity and determine whether it’s nefarious or not. One challenge is that many don’t yet have a good enough understanding of AI’s full potential.

That’s why my message during the keynote was that it’s helpful for technology firms, governments, and regulators to come together. Technology firms can share potential use cases, regulators become better informed, and everyone understands how best to deploy these tools.

THOMAS TARANIUK: Collaboration often leads to innovation. You’ve also spotlighted Operation Frontier as a breakthrough in regional enforcement. What lessons from that experience could shape stronger global frameworks?

T RAJA KUMAR: In Singapore, we realized there was a need for a real-time operational center—not just involving police, but also banks, financial institutions, and now online platforms as well.

In real time, you intercept funds before fraudulent proceeds can leave the country.

THOMAS TARANIUK: Looking forward to 2026 and beyond, what trends do you expect in the fraud space?

T RAJA KUMAR: In the shorter term, I foresee a sharp increase in scams and fraud as criminals leverage technology and as new entrants use fraud-as-a-service tools available online.

But what I hope to see is a strong pushback as countries galvanize national action plans, regional collaboration increases, and global cooperation strengthens. That’s when we’ll start pushing back severely, leading to a reversal of the situation. I’m optimistic things will improve in the longer term.

THOMAS TARANIUK: From the perspective of traditional finance, how do you think crypto will shape the future fraud landscape?

T RAJA KUMAR: Let's be clear here. Crypto is both a force for good and something that criminals abuse to disguise and obfuscate the source of funds.

THOMAS TARANIUK: What do regulators and the private sector need to do to stay ahead in the next couple of years?

T RAJA KUMAR: There needs to be strong engagement between regulators, private sector firms, and technology providers offering cutting-edge solutions. Regulators must stay abreast of developments, assess use cases, and leverage regulatory sandboxes to test ideas, manage risk, and scale what works.

THOMAS TARANIUK: Collaboration is absolutely crucial. One last question—putting yourself in the shoes of fraudsters and analyzing their psychology can be useful. How difficult is it for companies to identify weak points proactively rather than reactively?

T RAJA KUMAR: Companies need to be extremely alert that their systems aren’t being hacked or compromised. We’ve seen business email compromise scenarios where attackers intercept major payments.

This means every company needs to harden defenses. Cybersecurity is crucial in this age. Defenses must be stronger, higher, and more robust. In doing so, we create a more hostile environment that deters scammers and delivers measurable impact.

Holly Fang, President, Singapore FinTech Association

THOMAS TARANIUK: Regulation enforcement, industry coalitions—that’s the stick—but there’s also a carrot: innovation. Digital wallets, real-time payments, the infrastructure that could make fraud harder if we build it right. And I guess that’s where our next guest comes in.

Holly Fang is the president of the Singapore FinTech Association, the hub connecting the city’s entire fintech ecosystem. So, Holly, welcome to the What The Fraud? Podcast here in Singapore, at the What The Fraud Summit.

HOLLY FANG: Thank you. Thanks for having me.

THOMAS TARANIUK: So Holly, when you look at, let’s say, Singapore and APAC as a whole, what does the future of digital payments look like?

HOLLY FANG: Well, I come from the world of payments, and I think the future for payments is connected. It’s interoperable. It’s truly bringing a global or regional experience with a fully local experience.

And what I mean by that is, we are already seeing a lot of integrations happening across the region. As an example, we’re seeing bilateral real-time payment linkages like PayNow, PromptPay—PayNow, Do It Now.

The other thing that we’re seeing is also the convergence of payment infrastructure and financial workflows. Businesses are increasingly expecting everything to be all-in-one. And we’re seeing a lot of that coming up: all-in-one financial workflows, all-in-one operating systems, all-in-one payment infrastructure—where fintechs are building workflows like invoicing, expense management, payroll management—all of that included together. So I would say the future will be integrated, interoperable, and connected.

THOMAS TARANIUK: Excellent to hear. And Holly, from your personal work with fintechs and SMEs, what payment challenges are still not solved, would you say—specifically within APAC?

HOLLY FANG: So Asia Pacific is extremely fragmented. Just take ASEAN, for example. It’s made up of 11 countries, each with its own regulatory regimes, its own payment rails, its own data localization rules.

And so for fintechs or businesses in general operating in more than one country, they pretty much have to build up their infrastructure from scratch. And that’s very, very difficult to navigate.

I think for SMEs also. They’re a little bit behind when it comes to linkages for real-time payments. A lot of that is still very much focused on, say, P2P or C2M—so consumers paying merchants. But when we’re talking about B2B payments, that’s actually a lot more complicated.

B2B ticket sizes tend to be bigger. They tend to be multi-currency. They tend to be invoice-linked with credit terms, with compliance documentation requirements. And so a B2B transaction is not just a movement of funds, but also a movement of information. There are compliance checks, documentation requirements, accounting, reconciliation—so that’s very complicated, and that is still being solved today.

THOMAS TARANIUK: Definitely. And do you think the fragmentation across different regions—across ASEAN and et cetera—is actually increasing the likelihood that fraudsters are able to benefit?

HOLLY FANG: For sure. I think this morning at the conference we heard about the democratization of fraud. With any sort of innovation or technological breakthroughs and advances, it also benefits fraudsters. It benefits good and bad actors alike.

And I think that’s something I also worry about, which is that with AI and with these real-time linkages, it also increases risk. Because once funds hit a bad actor’s account, it’s very hard to recover them.

But what’s good and encouraging to see is that companies like Sumsub—and a lot of these technologies—are also coming up to fight these crimes and financial fraud. Technologies such as real-time anomaly detection and pattern recognition are helping to prevent losses from occurring.

So that gives us a lot of room for hope, but we cannot let our guards down.

I work at the Singapore FinTech Association, and even my team is telling me they’re receiving phishing emails in my name, telling them to authorize certain payments or provide sensitive information.

THOMAS TARANIUK: That’s quite humbling, isn’t it? I imagine getting one in my colleague’s name would be quite a shock.

And I think you’re completely right there, especially as new products for the retail market are being released. Digital wallets now are moving towards—not maybe a replacement for banks—but they’re certainly getting there in terms of consumer acquisition. Do you think it’s hype, or do you think it’s reality that all of these digital wallets across Southeast Asia are going to overcome the OCBCs and major banks? Will they coexist or compete in the future?

HOLLY FANG: In my day job, I actually do a lot of banking partnerships. So I don’t see a future where banks will be replaced. I think it’s really about working even more closely together.

Banks form the backbone of our economy. There’s a lot of trust given by the public and by governments. Getting and maintaining a banking license takes a lot of effort. Banks are our way of accessing central bank money for settlement and clearing. Even though increasingly fintechs—like Wise, like Revolut—are also going down that path.

As per fintechs and wallet builders, their strength is really in user experience and accessibility. Things like real-time onboarding, real-time data, analytics, insights, and fully integrated solutions.

THOMAS TARANIUK: Stuff that fraudsters like as well.

HOLLY FANG: That is true. And this is why you need speed and user experience, but you also need to work with very strong financial institutions with strong governance controls and frameworks.vTogether, that brings about safety and trust for consumers and businesses.

THOMAS TARANIUK: So as payments get faster and individuals get onboarded to banking apps and digital wallets even faster—and as most of APAC becomes more digital—we heard earlier today that it’s about 2.9 billion people online in the region. What worries you in that instance about fraud, but also gives you confidence?

HOLLY FANG: What worries me about fraud is what worries everybody—the pace of innovation also accelerates the pace of fraud. Things like deepfakes, mimicking identities, exploiting system vulnerabilities—that’s all going to happen.

But the good thing is that this is also raising awareness. Awareness within the public, among fintechs, FIs, regulators—everyone is coming together to fight fraud.

One encouraging thing is innovation in fraud detection. We talked earlier about companies like Sumsub and others in this space, truly leveraging AI, machine learning, and pattern recognition to detect fraud.

The other is stakeholders coming together as an ecosystem to take a more offensive rather than defensive approach. With cross-border collaboration, we can be faster and more responsive in dealing with losses.

THOMAS TARANIUK: I completely agree. If fraudsters are on the offensive, we need to be proactive too. Being reactive is too late—they move quickly, transfer funds, and it’s almost…

HOLLY FANG: …like they vanish into thin air before losses occur.

THOMAS TARANIUK: One hundred percent. They operate across multiple regions, which means we need multi-regional knowledge sharing and data sharing. What’s missing right now from collaboration—whether it’s inter-industry, inter-region, or government and law enforcement focused?

HOLLY FANG: At the Singapore FinTech Association, we just did a “Data Without Borders” report on data connectivity and data sharing among ASEAN countries. What we found is that we’re deeply fragmented. We don’t have a system for sharing data across borders, even within ASEAN’s 11 markets. There’s no standardization or harmonization of how data can be shared safely and securely. And that definitely impedes joint or cross-border efforts in fraud prevention.

THOMAS TARANIUK: Do you see a light at the end of the tunnel? A pathway to getting governments and regulations aligned so the future is brighter and more open to sharing?

HOLLY FANG: I definitely think so. And I think that will be accelerated by what we discussed today. Fraudsters are getting smarter, with smarter tools and fraud-as-a-service. The losses and damage to people, governments, and economies will push regulators and stakeholders to act faster and be more offensive.

THOMAS TARANIUK: Being on the offense is important. So Holly, looking five years ahead—2030, 2031—what’s the biggest change in payments you hope becomes reality?

HOLLY FANG: When we talk about payments, we always talk about speed, efficiency, and cost. Whether it’s real-time payment linkages on the fiat side or new stablecoin rails for 24/7 settlement, everyone’s trying to solve the same thing.

Which is for businesses and people to focus on buying and selling goods and services, instead of worrying about how funds move.

So five years down the line, I hope we’ll have a truly integrated, native experience for moving money and data across borders—maybe starting in ASEAN—where businesses can forget about payments and just focus on their business.

THOMAS TARANIUK: I one hundred percent agree. Holly, thank you for coming on What The Fraud? I hope you had a great day at the What The Fraud? Summit, and I really appreciate your insights.

HOLLY FANG: Thank you very much. Thanks for having me.

Pasi Koistinen, CISO at Coinhako

THOMAS TARANIUK: Real-time detection. Connected data. That’s the dream. But here’s the problem: even with the tech, fraud prevention fails when teams don’t talk to each other. And of course, your fraud team, cyber team, compliance team—they’re all in silos.

My next guest has been shouting about this for years and years. Pasi Koistinen is Chief Information Security Officer, otherwise CISO, at Coinhako, and author of several books on cybersecurity, AI, and crypto as well, including Artificial Intelligence Cybersecurity.

Pasi, welcome to the What The Fraud? Summit and the What The Fraud? Podcast as well. Great to have you.

PASI KOISTINEN: It’s my pleasure.

THOMAS TARANIUK: So you’ve just moderated, very kindly, a panel on cyber-fraud fusion, which is an interesting combination of words. What surprised you most about how organizations are actually fusing fraud, cyber, and compliance teams?

PASI KOISTINEN: Well, I think it’s not surprising, but then again, it’s an evolution. Companies tend to have a history—a technological history—and the weight of that history to drag along.

That means they’ve built spot solutions for fraud management under different teams, at different ages and times. And they’ve managed different kinds and types of fraud as different phenomena.

It used to be probably the right decision at the time, when the tech allowed you to do such a thing. It used to be bleeding-edge—maybe it’s not anymore.

Today, when we look at the whole landscape of fraud, it’s very diverse, and a lot of teams work with it. It’s under compliance, it’s under customer service, it’s under security teams and fraud teams—it depends on the size and shape of the organization where it belongs.

Historically, it seems that each of these has a separate solution for a different kind of need. And I think part of the problem is that people might talk to each other, but they don’t utilize the data that’s available to them in the best possible way. I think there’s a better way to do it in the future.

THOMAS TARANIUK: Absolutely agree. Why is unifying fraud, cyber, and compliance teams so critical? What breaks when the systems operate separately?

PASI KOISTINEN: The way it works is that the business of a fraudster—or a criminal—is to break rules that you’ve internalized for yourself when you work in a financial institution, for example, you’re thinking, 'Well, my fraud team is taking care of the fraud part, they’re investigating it.' Then we have a compliance team who takes another part. Our security team is looking at the network edge and how traffic comes in and goes out.

The attacker doesn’t really care. Their business is to break the law. Their business is to extract value—to steal assets, typically from your customers.

They’re not looking at it as a fractured process with different parts. They’re looking at it as any possible means to misuse that process or those disconnected pieces of process.

So where they usually strike—what they exploit—are the interconnections between those processes.

THOMAS TARANIUK: Certainly an interesting view as well. How important is it from your perspective, Pasi, for banks, crypto exchanges, fintechs, telcos, and regulators to share threat data in real time—not historical algorithmic approaches, but real time?

PASI KOISTINEN: I think it’s very crucial. There are different levels of data sharing. There’s the strategic level, where you try to understand generally how adversaries work, what kinds of adversaries are out there, and what the future risk to your organization is. What should you be building? What cyber readiness do you need?

Then there’s operational and tactical-level data sharing. Those get mixed very easily with each other.

But the idea is that if you want to intercept fraud while it’s happening right now, and you want to stop it before it passes through, it has to be really fast. It has to be operational, and it has to have the necessary details to stop it.

That’s where we’re stumbling into practical problems with regulation and secrecy and privacy. Of course, there are ways to anonymize the data, but sometimes this becomes a problem.

I know that banks are already doing some of this globally. They have data-sharing or threat-information-sharing associations and parties.

In crypto, not so much. Crypto is inherently different from banking systems. Banking is a number of closed systems within each organization, whereas with crypto, you can analyze blockchains openly and pull them as a data lake into your machine learning or AI system and analyze them. That’s a different thing. You can inherently bring threat intelligence into your service and integrate it. That’s a groundbreaking difference between those two.

THOMAS TARANIUK: What do you see for the future of the convergence of crypto and fintech for real-time data sharing?

PASI KOISTINEN: I think this is going to be a gradual process. Crypto is not just one crypto line. There are centralized players like crypto exchanges, and then there’s the DeFi community, and they have slightly different values.

DeFi highly values privacy and the right to be anonymous, which is threatened by legislative pressure to identify and KYC in the centralized economy of crypto and traditional banking.

If you try to guess where it’s going to go first, we’ve already seen big investment funds in the US. Investment companies are moving forward with crypto. They’re setting up ETFs. There are banks specializing in crypto or making it part of their business—tier-one banks as well. I think they’re all taking careful steps. They’re probably moving ahead with centralized parts first and not DeFi, because DeFi comes with anonymity challenges that contrast strongly with legislative requirements in banking systems, where you must know your customer.

That’s going to be a stumbling block between those two. It’s interesting to see how it plays out. I can’t make a definitive guess, but banks have been around for hundreds of years, whereas DeFi hasn’t. So I think DeFi will have to bend.

THOMAS TARANIUK: In your book Artificial Intelligence Cybersecurity, you note that AI threats are faster, smarter, and harder to predict, while traditional defenses are faltering. How do adaptive AI and machine-learning-driven risk models help security teams keep up and keep pace? Are today’s systems capable of updating in real time, or do we need more advanced solutions?

PASI KOISTINEN: I think we have to keep up. The problem, like you said, is that different kinds of AI tools—like generative LLMs, for example—allow attackers to scale attacks. They also improve attack quality, making phishing emails more convincing. And the quantity they can produce—and personalize—based on social profiles makes them super believable.

The issue is that attackers can do this for a million people just as easily as for ten. AI enables that.

On the defender side, we’re catching up—not a surprise, because it’s always been a cat-and-mouse game. But right now, the volume of attacks has increased dramatically.

That’s due to AI and global crime syndicates, many of which are concentrated in Southeast Asia. We’re seeing a lot of volume, but our defensive measures using the same tools aren’t catching up yet. They’re still being built and designed.

The first hurdle is security, but also knowledge and skills in AI and ML. We don’t yet have enough professionals who understand security and AI equally well and can integrate the right tools into processes correctly.

So first, you have to solve the people problem. Then you have to find solution types that fit your problem.

It’s not as simple as bolting an LLM onto an existing process. If you have textual data—like threat feeds—you can use an LLM to evaluate incoming text effectively. But what about the rest? There are many processes under security. But this is needed.

THOMAS TARANIUK: Can you give me one achievable fusion win—something concrete that could measurably cut APAC scams in 12 to 24 months?

PASI KOISTINEN: I don’t want to point fingers, but crime syndicates tend to operate with a common modus operandi. They often get internet access via satellites.

What we should do as an industry is identify, together with law enforcement, the compounds where they operate and cut off internet access. That’s the first thing to focus on. That’s a preventative measure. Of course, international cooperation is required, because access can be replaced easily.

On the defensive side, there are many things we can do, but none will fully stop attacks. That’s one of the problems—we’re sitting ducks in financial institutions and other industries.

We can’t stop this without cooperation from the public sector, police, and sometimes international organizations like the UN, which has been active in this space. I think the problem has to grow big enough to get that attention.

THOMAS TARANIUK: A couple of things I’ve taken away from this discussion—beyond fusion within organizations—are cross-border collaboration, regulator engagement, industry alignment, and educating consumers. Is there anything else you’d like to add, Pasi?

PASI KOISTINEN: AI is coming fast in cybersecurity. I’m from that practice, and I don’t think many people—especially at the operational, day-to-day level—yet understand how profoundly it will impact the industry.

We’re only seeing the first signs right now. We’ve recognized that we need these tools in some form, and they’re shifting security from deterministic models to probabilistic, risk-based, AI-driven decisions.

That’s a big change. You’ll likely see security teams first hiring ML or AI experts, and that’s just the beginning.

THOMAS TARANIUK: Absolutely the case. Pasi, thank you for coming on the What The Fraud? Podcast and joining the What The Fraud? Summit.

PASI KOISTINEN: My pleasure.