Europe’s record year of payments-crime takedowns exposes uncomfortable questions about incentives, capacity and the limits of current enforcement strategies.
Europe has chalked up a stellar year of striking down sophisticated payments crime. November alone delivered two headline-grabbing busts: nine arrests linked to a fake-crypto investment network alleged to have laundered more than $699.4m (€600m).
“Operation Chargeback”, which dismantled three industrialised credit-card fraud and laundering rings which skimmed the data of 4.3 million cardholders across 193 countries – €300m in confirmed losses and €750m in attempted damages.
These were no takedown of bedroom scammers. They were full-stack criminal enterprises: social-engineering experts armed with aggressive sales scripts, teams running synthetic identities, orchestrated money-mule pipelines and crypto-mixing infrastructure -fraud as a service, with quarterly targets.
The instinctive policy response remains arrest, prosecute, incapacitate. That should be unavoidable for ringleaders. Yet 2025 underlines a parallel reality: public agencies are being consistently outpaced in skills, tooling and speed evolving to meet the design of scams.
This raises a more awkward question than most officials care to admit: should law enforcement ever hire (or at least “convert”) select offenders instead of simply locking them away… or put simply, can the prey be turned to the catcher?
Matching talent
Enforcement agencies already make selective use of ‘outside expertise’,though usually from the ethical end of the spectrum.
The Pentagon’s 2016 “Hack the Pentagon” bug bounty uncovered more than a hundred unique vulnerabilities in under a month, a demonstration that structured, incentivised scrutiny can harden systems more efficiently than an army of IT consultants.
The UK’s National Cyber Security Centre embeds vetted industry specialists inside government teams, drawing on private-sector depth within strict guardrails.
Europe, too, has tentatively experimented with conversion. The Netherlands’ Hack_Right programme offers first-time, low-harm cyber-offenders structured re-education and supervised pathways into legal cyber work; researchers broadly view it as a credible diversion mechanism.
Extend that logic to payments crime and a narrow use-case emerges: peripheral but technically capable insiders -the scriptwriter, the infrastructure admin, the coder of laundering routines -rather than the architects of exploitation or the organisers who weaponised people at scale.

Payments crime = high sophistication
The €600m crypto scam detailed by Eurojust operated dozens of polished investment platforms, complete with funnels, retention scripts and cross-border laundering flows. Operation Chargeback exposed subscription-fraud factories exploiting merchant categories and far-flung acquirers.
Exposed was the operational design of systems laid out to help forensics prioritise choke points: beneficiary checks, mule networks, and merchant onboarding gaps. Those who built the machine can map it faster than any training course
Meanwhile, capacity constraints bite. Even Europol’s wider “Endgame” disruptions cannot stem the rapid rebuild-and-resurface cycle. Fraudsters iterate faster than agencies can recruit. Operational knowledge as to how scammers cycle domains, repurpose remote-access tools, script first-contact calls holds a half-life measured in months. Targeted conversions could compress learning curves and turn yesterday’s criminal TTPs into tomorrow’s detection playbooks.
Redlines & risks
Hiring criminals invites obvious dangers: moral hazard, reputational blowback, insider compromise and legal entanglements. Sensible policy would require hard boundaries:
- No ringleaders or repeat offenders. Conversion should apply only to peripheral, first-time actors where cooperation materially improves public safety. Organisers and coercive actors should be kept in the prosecutorial lane.
- Justice first. Cooperation follows charges and due process; it does not replace them. Restitution and deterrence matter.
- Zero-trust model. Engagements must be short, revocable and tightly monitored, with least-privilege access and rigid separation from live payments data. Think red-team reservist, not staff analyst.
- Independent oversight. Ethics committees, judicial review and time-boxed agreements provide the necessary scaffolding.
- Teach, don’t touch. Converted specialists write playbooks, document infrastructure, and train investigators—not run operations or handle funds.
What a pragmatic 2026 policy looks like
- Tiered pathways.
Pathway A would move to expand Hack_Right-style programmes across the EU for youth and first-time offenders.
Pathway B would create narrowly defined cooperation agreements in payments crime focused on knowledge transfer, simulation exercises and blueprinting scam infrastructures. - Payments-specific missions. Converted expertise could map mule networks, stress-test merchant-onboarding controls, deconstruct scam funnels and design playbooks for real-time beneficiary checks.
- Shared legal templates. Standardised EU cooperation agreements, court disclosures, restitution requirements and uniform background checks would borrow governance from the UK’s i100 model.
- Metrics that matter. Success would be measured not in headlines (“agency hires hacker”) but in reduced dwell times for scam sites, higher interdiction rates and faster case builds.
Answering predictable objections
“Won’t this encourage more crime?” – Not if eligibility is tightly constrained and the expected value of offending remains firmly negative. Diversion for youths and controlled cooperation for select specialists do not dilute deterrence.
“Isn’t this just bug bounties by another name?” – Not really. Bug bounties probe code; payments crime thrives in the messy interface between humans, merchants and financial plumbing. Agencies need insight into operational design, not just software flaws.
“Why not hire clean talent instead?” They should and must. But conversion addresses a specific informational gap: the lived experience of criminal workflow design, available immediately, under supervision. It complements ethical pipelines rather than replacing them.
A new reckoning
Prosecuting the architects of Europe’s €600m crypto scam and the networks behind Operation Chargeback remains essential. But 2025 showed payments crime has matured into a services industry with impressive operational dexterity.
A narrowly drawn conversion track -diversion for first-timers and justice-first cooperation for a select few peripheral specialists could turn illicit tradecraft into public-interest defence.
Do it sparingly, transparently and under zero-trust conditions. Anything looser is reckless; anything tougher risks leaving Europe permanently one step behind.