US$23.6 Billion Lost to Scams in Southeast Asia — What It Means for Banks

There's a growing crisis in Southeast Asia's digital economy that's reaching into people's wallets, trust networks, and payment systems. The 2025 State of Scams in Southeast Asia report by the Global Anti-Scam Alliance (GASA) and BioCatch estimates that approximately US$23.6 billion was stolen region-wide over a 12-month period — roughly US$660 lost per adult.

For anyone building, operating, or regulating payment rails across ASEAN, this number should be a wake-up call.

$23.6B

Stolen across SEA in 12 months

63%

Of adults encountered a scam

48%

Of stolen funds moved via bank transfers

<24h

From first contact to money lost

The Scale of the Problem

Based on surveys of approximately 6,000 adults across ASEAN markets, the GASA report found that nearly 63% of adults reported encountering a scam in the past year. Of those, 22% actually lost money, with only a small fraction able to recover any of it.

The dominant scam types are investment scams, followed by impersonation and "unexpected offer" tactics. The speed is alarming: a large share of scams complete within 24 hours of first contact, leaving almost no time for victims to recognize what's happening or for banks to intervene after the fact.

This isn't just a consumer protection issue. The report shows that 48% of stolen money moves through wire and bank transfers, with another 36% flowing through e-wallets. Banks and payment service providers are the primary transit points for scam proceeds, whether they know it or not.

Country-Level Spotlight: Singapore's Record Losses

Even in Singapore — one of the region's most sophisticated financial markets — scam losses hit a record S$1.1 billion in 2024, a 70% increase from S$651.8 million the prior year, according to the Singapore Police Force's annual scam report. Investment scams, job scams, and government official impersonation scams led the losses. The median loss per case was S$1,389, but the aggregate impact was staggering.

Singapore's regulatory response has been swift. The Shared Responsibility Framework (SRF), effective December 16, 2024, now requires financial institutions to bear losses from phishing scams if they fail to meet specific anti-scam duties — including real-time fraud surveillance, 12-hour cooling-off periods for new device activations, and 24/7 self-service account freeze ("kill switch") capabilities.

Singapore is among the first jurisdictions globally with a framework that explicitly assigns fraud liability to banks. Other SEA regulators are watching closely.

The Organized Crime Machine Behind the Numbers

Behind these financial losses is a deeply troubling human reality. The UNODC reports that more than 300,000 people are held in scam compounds across Southeast Asia — many trafficked under false job promises and forced to work 15–17 hours daily under threat of violence. These are industrial-scale operations, reinvesting profits and leveraging multi-lingual workforces to run romance fraud, crypto scams, and phishing campaigns.

As crackdowns intensify in Myanmar, Cambodia, and Laos, these operations are expanding into Africa, South Asia, the Middle East, and Pacific islands. The Oliver Wyman analysis notes that generative AI and upcoming real-time cross-border ASEAN payment linkages will further amplify the challenge.

Why This Is a Problem for Banks, Not Just Consumers

The traditional framing of scams as a "consumer awareness" problem is shifting fast. Three forces are converging to make fraud prevention an existential operational priority for financial institutions:

Liability is moving to banks. Singapore's SRF is a blueprint. When regulators mandate that banks bear losses for fraud they fail to detect, the ROI calculation for fraud prevention technology changes overnight.
Real-time payments demand real-time decisions. With PayNow, PromptPay, QRIS, BI-FAST, and InstaPay moving money in seconds, banks have milliseconds to decide whether a transaction is legitimate. Batch-based screening and manual review queues simply cannot keep up.
Banks are the transit layer. If 48% of scam proceeds move through bank transfers, then banks are part of the infrastructure that scam syndicates depend on. Mule account detection, velocity checks, and cross-institution intelligence sharing are no longer optional.

What Fraud Teams Should Be Asking Right Now

If these numbers from the GASA report resonate with what your institution is seeing, here are the questions worth raising internally:

Can we make sub-second decisions? If your fraud system can't evaluate a transaction before funds leave the account, you're already behind the speed of real-time payment rails.
Are we detecting mule accounts? Scam proceeds don't disappear — they transit through accounts. Behavioral patterns around rapid fund cycling, new account velocity, and unusual inbound/outbound ratios are detectable.
Is our system auditable for regulators? Under frameworks like Singapore's SRF, banks must demonstrate they met their anti-scam duties. "We had rules in place" isn't sufficient — you need evidence of real-time surveillance and documented decision trails.
Do we understand cross-border patterns? With ASEAN payment linkages expanding, fraud patterns increasingly span jurisdictions. A system tuned only for domestic transactions will miss cross-border scam flows.
What's our deployment model? Data residency requirements across SEA markets are tightening. Can your fraud detection run on-premise if a regulator requires it?

The Bottom Line

US$23.6 billion is not an abstract number. It represents real losses absorbed by consumers who largely have no recovery path, flowing through bank accounts and e-wallets that financial institutions operate. As regulators shift liability toward banks and payment speeds leave no room for after-the-fact review, the institutions that invest in modern, real-time fraud decisioning will be the ones that protect their customers — and themselves.

Run-True Decision is building a fraud decision engine for Southeast Asian banks — with real-time decisioning, on-premise deployment, and pre-built fraud detection templates designed for regional payment patterns. Talk to us to learn how we can help.