Fraud is not fading. It is mutating. For years, banks pointed proudly to falling APP (Authorised Push Payment) fraud losses, as if the war was being won. But look deeper: overall fraud losses haven’t budged. The game didn’t stop. It just moved.
Fraudsters are treating their craft like a business model. They buy off-the-shelf kits, automate attacks, and pivot faster than most compliance teams can hold a meeting. At recent industry events, including UK Finance’s Key Conversation: Fraud, the tone shifted. No more polished reassurances. Instead: realism. The banks admit it. Fraud is scaling faster than their defences.
Now, here’s the uncomfortable truth for Dutch SMEs: if banks are struggling, what chance do you have with fewer people, older tools, and smaller budgets?
Where Fraud Really Starts
Banks still throw most of their energy at catching fraud after money starts moving. That’s like locking the stable once the horse is already gone. By the time a fraudulent transaction pings the system, the attacker has already:
- Done reconnaissance on the victim,
- Engineered trust through social manipulation,
- Compromised a session or device,
- Set up the infrastructure to disappear the money.
The SME version looks like this:
- A fake supplier slips into your inbox with an invoice that looks flawless.
- An employee receives a WhatsApp message “from the CEO” to urgently transfer funds.
- A new “client” sets up a deal, pays the first invoice, then vanishes after the second.
The attack didn’t start with the transfer, it started weeks earlier when someone studied your LinkedIn profile, your Chamber of Commerce filing, or your website contact page.
The Shift Left, From Banks to SMEs
Banks are waking up to the idea of “shifting left”, catching signals earlier, before the transaction. This same mindset is vital for SMEs. Ask yourself:
- Do you validate supplier IBAN and VAT numbers before paying?
- Do you watch for unusual device or login behaviour in your systems?
- Do you have a second-person approval before large transfers?
Fraud doesn’t wait at the finish line. It runs the whole race with you. If you only check at the end, you’ve already lost.
Breaking Silos, A Lesson from the Big Players
For too long, banks split cybersecurity and fraud into separate worlds. Different teams, different data. Meanwhile, attackers happily exploited the gap. Now, forward-looking banks like BCC Iccrea Group in Italy are fusing the two. By monitoring sessions and signals in real time, they cut fraud by 80% and saved over €0.5M each month.
SMEs often repeat the same silo problem, just on a smaller scale:
- IT sees a strange login but doesn’t tell Finance.
- Finance adds a new vendor without cross-checking with Management.
- HR hires someone with system access but doesn’t align with IT controls.
Fraud thrives in those blind spots. Coordination isn’t bureaucracy, it’s survival.
Fraudsters Are Startups. Are You?
Fraud gangs now operate like agile startups: lean, innovative, and global. Your company, by contrast, might still rely on annual audits and Excel spreadsheets. That’s the gap they exploit.
At a UK Finance panel, one speaker joked: “Nobody grows up wanting to fight fraud; most of us fall into it.” The line landed because it’s true: most fraud defence has been reactive, accidental, improvised. Meanwhile, attackers are proactive, structured, and well-financed.
To survive, SMEs must copy the mindset:
- Respond fast, not next week.
- Update controls continuously, not once a year.
- Treat fraud as an operational risk, not a side issue.
What This Means for Dutch SMEs
Fraud isn’t a “banking” problem anymore. SMEs are now a training ground for attackers. You’re less defended, less regulated, easier to manipulate, and every euro lost hurts harder.
The playbook for survival is clear:
- Spot earlier. Validate before money moves.
- Back your people. Train them to recognise manipulation.
- Fuse intelligence. Finance, IT, HR, same battlefield, same rules.
- Match the mindset. Move as fast as the fraudsters do.
At Xtroverso, we remind entrepreneurs daily: fraud is not just a crime against money. It’s a crime against trust, the trust between partners, suppliers, and staff. Lose that, and you lose more than balance-sheet numbers.
The banks are learning the hard way. SMEs don’t have the luxury to learn slow.
The question isn’t if fraud will test your business. It’s whether your defences are reactive or ready.