Fraud is increasingly structured across multiple accounts and operators, with low-value, high-frequency activity exposing gaps in traditional AML monitoring.
Fraud detection frameworks built to identify large or unusual transactions are failing to capture a growing share of suspicious activity, as operators report an increase in low-value, high-frequency behaviour structured across multiple accounts.
Speaking during Payment Expert’s 2026 Digital Day, panellists described a shift away from isolated fraud attempts towards coordinated activity that remains deliberately below traditional AML thresholds. One example repeatedly cited was the use of sub-€2,000 transactions, where activity may appear benign in isolation but becomes significant when spread across multiple accounts.
Olena Demchenko, Head of AML Governance at FDJ United (formerly Kindred) noted the focus on larger transactions risks overlooking the cumulative impact of smaller, structured activity, where “a lot of smaller fish are flowing through the net”.
Fraud without borders
This shift is being driven by increasingly organised approaches to fraud, with activity no longer confined to single accounts or operators. Instead, panellists pointed to coordinated efforts that exploit differences in controls and monitoring across platforms.
Luis Carlos Perez, AML/CT Officer – MLRO at Lottofy, says fraud attempts are no longer isolated but structured across multiple operators to exploit individual weaknesses. These patterns often involve the movement of funds between accounts, using multiple identities to avoid triggering alerts tied to individual customer behaviour .
The result is a form of activity that appears fragmented when viewed at the account level, but forms a larger pattern when analysed collectively.
A recurring theme across the discussion was the continued reliance on account-level monitoring, despite fraud increasingly operating at a network level. Carlos Perez highlighted that many operators still assess risk on a “single view” of the customer, rather than identifying relationships between accounts and transaction patterns. This approach limits the ability to detect coordinated behaviour, particularly when activity is intentionally distributed.
Internal structures can also contribute to gaps. Panellists noted that fraud, AML and payments teams often operate in parallel, with limited integration of data or findings, reducing the ability to identify patterns that cut across functions.
Speed over size
Alongside the shift in structure, panellists pointed to a change in how risk manifests, with transaction velocity emerging as a more relevant signal than transaction size.
High volumes of activity within short timeframes were cited as a recurring feature of suspicious behaviour, particularly when combined with newly created accounts or rapidly changing payment methods. While this does not automatically indicate fraud, it was described as a pattern that requires closer scrutiny.
As Demchenko explained, the focus on lifetime or longer-term thresholds can overlook activity concentrated within shorter periods, even where the overall value remains relatively low.
AI lowers the barrier
The ability to scale this type of activity is being supported by wider access to tools that were previously limited to more sophisticated actors.
Anthony Jordan, Head of Payments and KYC at ODDSET, pointed to the growing use of synthetic identities, where legitimate data is combined with generated documents to pass verification checks. What was previously the domain of organised groups is now more accessible, increasing the volume of attempts rather than simply their complexity.
Panellists also highlighted the role of artificial intelligence in enabling both the creation of fraudulent profiles and the coordination of activity across accounts. What was previously the domain of organised groups is now more accessible, increasing the volume of attempts rather than simply their complexity.
Ian Perrygrove, Chief Risk Officer at Kwiff, notes that the wider availability of these tools has expanded participation, with individuals able to experiment and scale activity more easily than in previous years. While payment methods themselves were not identified as inherently higher risk, the move towards faster and more seamless transactions was described as exposing weaknesses in existing controls.
Instant and account-to-account payments, in particular, reduce the time available for intervention, placing greater emphasis on real-time or near real-time monitoring. As Carlos Perez suggests, the issue lies less with the payment method and more with the reliance on delayed analysis, where activity is reviewed days after it occurs.
At the same time, the increasing use of virtual and disposable cards introduces additional complexity, making it more difficult to link transactions to a consistent identity.
A shift in approach
In response, panellists pointed to a gradual shift towards combining behavioural data with payment information, alongside more continuous approaches to customer verification.
Rather than relying on one-off checks at onboarding, ongoing monitoring of customer behaviour was described as becoming more central, particularly where patterns deviate over time. This includes the use of behavioural biometrics and transaction analysis to build a broader view of activity across the customer lifecycle.
The discussion also reflected a reassessment of friction, with some panellists noting that additional verification steps can support both fraud prevention and user confidence, depending on how they are applied.
Regulatory developments are expected to add further complexity, particularly with the establishment of new European AML frameworks and supervisory bodies.
Panellists referenced the upcoming EU Anti-Money Laundering Authority (AMLA) and broader efforts to harmonise compliance requirements across jurisdictions, alongside the need to prepare for changes to verification processes and digital identity standards.
At the same time, emerging technologies, including more advanced forms of automated interaction, are expected to introduce new considerations for both fraud detection and customer verification.
