The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

As the UK tightens regulations on payment security, those in fraud prevention are in the thick of it. Criminals are more organised than ever, and regulations like the Payment Service Regulations (PSRs) aim to help institutions keep pace with these threats. Yet, the real difference-maker is intelligence sharing, a strategy that every anti-fraud team needs to prioritise.

It’s not just about compliance

Regulation like the Payment Services Directive 2 (PSD2), leave no room for doubt, security isn’t optional anymore. But regulatory compliance is only part of the story. The real challenge for fraud teams is keeping up with the fast-moving world of financial crime, where fraud tactics evolve at lightning speed.

What used to require advanced technical skills has now become easier. Malware, phishing kits, and even full-blown fraud toolkits are available for purchase on the dark web. The rise of "fraud-as-a-service" means that even those with limited technical know-how can execute complex scams. This shift forces financial institutions to rethink their approach, making collaboration more vital than ever. Sharing intelligence on new threats helps institutions stay ahead of criminals and stop fraud before it spreads. It’s not just about meeting compliance targets, it's about proving that protecting customer transactions is a top priority.

Fraudster’s new playbook

Regulations like PSRs push the need for stronger security measures, but there’s more at stake than just following the rules. Fraudsters today are masters of manipulation, using tactics that range from phishing emails to fake apps disguised as harmless games or security updates. Their real weapon is social engineering, convincing people to hand over sensitive information willingly.

For fraud detection teams, intelligence sharing is key. By sharing insights across institutions, fraud analysts can spot patterns quicker and take action sooner. When one institution detects a new scam, like zero-day malware, passing that information on enables others to safeguard themselves before the fraud spreads any further.

Breaking down barriers to collaboration

Of course, sharing intelligence isn’t without its challenges. Some institutions hesitate, not wanting to expose their weaknesses, while privacy concerns create another barrier. But these roadblocks aren’t impossible to overcome.

Anonymising data can allow organisations to share what’s essential without giving away too much. And though it might feel counterintuitive to share information with competitors, collaboration strengthens everyone’s defences. When one team spots a threat and shares it, the entire network benefits, cutting down the risk for all.

Real-world proof: The Teabot example

Teabot, a sophisticated Android malware, is a perfect example of how collective action can curb the damage caused by emerging threats. This malware targeted banking credentials by exploiting Android’s Accessibility Services, allowing attackers to quietly hijack accounts.

One financial institution, working with Cleafy’s real-time threat detection, spotted the zero-day malware on nearly 100 devices just two weeks after integrating Cleafy’s SDK into their mobile app. Cleafy quickly classified the malware and within days provided a targeted solution that dramatically limited the malware’s reach. While suspicious activity spiked, Cleafy’s timely response led to a 94% detection rate over just 20 days.

Here’s the critical point: the intelligence gathered from this incident was shared with customers via Cleafy’s ASK platform and the threat report was distributed globally. This enabled other institutions to brace for Teabot and stop it before it could do significant harm. That’s the power of collaboration, what starts as an isolated threat becomes a shared defence across the industry.

Looking ahead: Fraud risk experts must collaborate

Fraudsters are getting smarter, and financial institutions need to keep up. UK payment regulations like the PSR reinforce the need for tighter security measures, but more importantly, they show that collaboration is essential. For fraud teams, intelligence sharing is no longer optional—it’s critical to staying one step ahead.

The rise of threats like Teabot proves that no institution is immune to the dangers of modern fraud. But it also demonstrates that by working together and sharing intelligence, the impact of these attacks can be greatly reduced. By collaborating, financial institutions can spot and counter fraud more effectively, saving both money and reputations.

As fraudsters continue to organise and refine their methods, institutions must do the same. The more we share, the safer the financial ecosystem becomes. To dive deeper into how intelligence sharing can fortify your defences and boost compliance, explore Cleafy’s latest whitepaper: Intelligence as defence - Sharing threat intelligence to combat financial threats.