The Philippines’ Anti-Financial Account Scamming Act (AFASA) shifts fraud prevention from a post-onboarding checkpoint to a continuous obligation across digital systems. Safeguards are expected to begin before know-your-customer (KYC) checks and extend through login, transactions, and payouts.
For Tamás Kádár, CEO and Co-Founder of SEON, that shift exposes the limits of static, perimeter-based checks, particularly as AI lowers the cost and speed of coordinated attacks. As those attacks scale, regulators increasingly expect risk to be assessed continuously and decisions to be explainable. In this interview, Kádár argues that resilience now depends less on managing individual cases and more on identifying and disrupting coordinated campaigns.
What does AFASA signal about regulators’ expectations for fraud controls in digital systems?
According to the Global Anti-Scam Alliance’s “Global State of Scams 2025 Report,” US$442 billion has been lost to scams globally, with nearly one in two people reporting that they have experienced a scam. This reflects a threat landscape in which fraud activity remains widespread.
AFASA sits within a broader regulatory shift in which safeguards are expected to be embedded across the full digital journey. Fraud and AML can no longer operate as bolt-on checks applied only after onboarding.
In practice, regulators expect risk to be assessed through a continuous control loop, starting from the first interaction before KYC and extending through login, checkout, and payouts. Outcomes must remain fast for genuine customers, while also being explainable and auditable for supervisors and partners. Operationally, this means a single, connected process linking screening, alerting, investigations, and case management, with proportionate responses: approve low-risk activity quickly, escalate when signals conflict, and intervene only where risk genuinely converges.
Because requirements differ by market, programs also need governance structures that reflect local lists and regulatory frameworks without undermining global consistency. Fraud and AML should be treated as part of the product experience, with a documented rationale behind every decision so it can be reviewed across business units, partners, and markets.
Which fraud risks are organisations consistently late to recognise, even when warning signs are already present?
Two patterns often surface only after losses occur.
Synthetic identity orchestration can appear as healthy customer acquisition when viewed in isolation: bursts of new email accounts, manipulated or emulated devices, thin or fabricated digital footprints, and unusual velocity.
Mule infrastructure often hides in refunds and payouts, including shared devices used across multiple accounts, overlapping network traits, and flows that resemble layering or structuring. The core problem is usually fragmentation rather than data scarcity.
When behavioural, device, onboarding, and payment signals sit in separate tools, analysts see tickets rather than a campaign. The response is both cultural and technical. Organisations need to evaluate intent from first touch and enrich identity with device, network, and behavioural context. Investigators also need relationship mapping and movement-of-funds visibility so they can connect people, devices, and money quickly.
This shift reduces unnecessary manual reviews, shortens time to resolution, prevents repeat losses, and produces documented rationale for partners and regulators.
How has AI lowered the barriers to committing fraud?
AI has industrialised parts of the fraud supply chain. Activities that once required coordinated human effort, such as credible social engineering, convincing documents, and multi-step account farming, can now be executed by automated systems that sustain believable personas across channels, operate at machine speed, and scale volume on demand.
Deepfakes and synthetic biometrics are now capable of bypassing superficial checks. Around peak seasons, this shift becomes visible in the data: attack intensity rises faster than legitimate traffic, bots test system thresholds, and bursts of newly created identities flood sign-up funnels.
A context-rich assessment is therefore critical as a countermeasure, distinguishing genuine human behaviour from automation before harm occurs. Controls should begin pre-KYC by assessing device and network integrity, navigation flow and timing cadence, digital presence signals, velocity, and prior touchpoints. When signals align, let users through instantly; when something conflicts, add proportionate friction; when risk truly converges, hold.
Over time, establishing a baseline of legitimate behaviour becomes decisive, exposing subtle deviations that synthetic agents struggle to replicate while keeping decisions explainable.
What trade-offs are firms still getting wrong between fraud controls and customer experience?
A common mistake is applying one-size-fits-all friction during peak periods by tightening checks for everyone “just to be safe.” This reduces conversion and increases latency without materially improving protection.
Another recurring issue is organisational: Fraud, AML, and product teams operate in parallel, so screening, alerting, investigations, and casework occur in separate environments. The result is inconsistent outcomes, slow hand-offs, and customers who don’t understand why they were blocked or delayed.
A more effective approach is context-driven, risk-based treatment delivered through a connected workflow. Approve instantly when signals align, request additional evidence only when indicators conflict, and reserve holds for the small subset of genuinely high-risk cases. Investigators need visibility into shared devices and behaviours, along with transaction-flow context that reveals coordinated transfers.
Customers should receive clear next steps when further evidence is required. This combination reduces unnecessary reviews, shortens time to resolution, keeps legitimate users moving, and creates a documented audit trail that partners and regulators can follow.
What assumptions about fraud resilience should digital businesses re-examine?
Scale is not safety. Attackers scale too, particularly with AI, so fraud architectures that rely on static, point-in-time checks at the perimeter tend to underperform against adaptive, multi-touch campaigns.
Resilience now requires continuous, explainable risk assessment across the customer journey. Organisations need to evaluate risk at first touch, monitor sessions and transactions in real time, and investigate using relationship and movement-of-funds context so they can identify campaigns rather than isolated events.
Global templates also need re-examining. Operations are increasingly multi-jurisdictional, so teams require configurations that reflect local lists and frameworks while keeping outcomes consistent and transparent across markets.
Manual review cannot absorb peak-season pressure. Peak periods require automation alongside a clearly defined human role. Models can surface patterns and prioritise alerts, while analysts assess intent, context, and proportionality. This reduces unnecessary reviews and helps keep latency low for legitimate users.
The strategic shift is from case management to campaign disruption. Organisations need to expose shared devices and behaviours, trace movement of funds, and document the rationale behind actions so decisions can be understood across partners and regulators.
