Efforts to fight online financial scams are missing the mark
In September, the European Commission launched formal inquiries into some of the largest companies on the internet, including Apple, Google, Microsoft and Booking.com. Using the EU’s Digital Services Act as a mechanism to request the information, the commission sought to determine what measures these companies, which are considered very large online platforms, are taking to prevent their services from being weaponized for financial scams.
The formal information requests target fraudulent app store products, such as counterfeit banking apps and online search results that may inadvertently direct users to dangerous websites. Wide-reaching online marketplaces such as Booking.com also face scrutiny for potentially serving users with fake hotel listings that lead to travelers losing their deposits.
Online financial fraud is reaching a crisis point. In the U.S. alone, the Federal Trade Commission estimates that consumers lost more than $12.5 billion to fraud in 2024, a 25 percent increase from 2023. The FBI believes the 2024 losses are as high as $16.6 billion. This simply cannot continue, and the question is not whether regulatory action will be proposed in the U.S., but when.
For its own part, the EU’s goal is sound. Companies found to be outside Digital Services Act compliance may face fines of up to 6 percent of their annual revenue. For companies like Apple and Google, that means billions of dollars in lost revenue.
However, I question whether targeting these massive online platforms alone is the right approach in combating today’s rapidly evolving fraud tactics.
Deepfakes are now a primary enabler of online fraud, with files across the internet surging from half a million in 2023 to 8 million in 2025. Moreover, deepfakes are now estimated to be responsible for 6.5 percent of all fraud attacks. Voice cloning in particular is easily achieved, as demonstrated in a $25 million fraud case in Hong Kong, where AI-generated video and voice calls impersonated a company executive. AI also allows scammers to spin up fake versions of popular websites in minutes and to do so with a high degree of accuracy.
We have to consider whose responsibility it is to crack down on the growing fraud scourge and whether or not it is realistic to expect very large online platforms always to be a step ahead.
The Trump administration has argued that EU regulators are leaning too heavily on American companies — which make up the majority of very large online platforms — to invent a solution. Some view it as regulatory overreach. But the reality remains the same: Fraud is surging, and the public sector appears incapable of stopping it.
These massive online platforms playing a significant role in stemming the tide is certainly reasonable, but I believe we may be missing an opportunity to address the problem in a more immediate and long-lasting way.
Online marketplaces, domain registrars and other platforms that host the content feeding these large platforms are the true entry point for fraudsters.
Consider a fake Airbnb listing found through a Google search. The scammer who created it started on Airbnb but was significantly aided by Google crawling, cataloging and serving it to users. Still, when the listing achieves its purpose and fraud occurs, it’s Airbnb’s reputation that is sullied, not Google’s. It’s these “feeder” sites, apps and platforms that have the most significant incentive to implement stronger security.
The most effective solution focuses less on reactive content moderation and leans more heavily on proactive identity verification. Playing whack-a-mole with fraudulent listings after they appear still leaves users vulnerable while they are active, but platforms focusing on identifying who is posting the content can eliminate scammers at the source.
Domain registrars such as GoDaddy have a crucial role to play as well. With many scam websites operating on newly registered domains that were created with little to no verification, stronger identification protocols will create friction that will turn bad actors away while still allowing legitimate businesses to thrive.
I can easily imagine a near future where the security reputation of a site or online marketplace is factored into search rankings, just as site speed and mobile-friendly browsing are today. Google has always incentivized best practices through its algorithm and extending that structure to fraud prevention would benefit the entire digital ecosystem while keeping scam artists at bay.
To be clear, large online platforms must still be counted on to help protect users during every interaction. But if we focus only on these large platforms while ignoring the countless smaller services where fraudulent content is born, we’re chasing symptoms while ignoring the causes.
On the internet, there are no borders. Fraudsters exploit this reality every moment of every day. Because of this, every link in the chain, from registrar to marketplace to search engine, should feel the obligation to verify, authenticate and protect its users. Our largest online platforms play a key role, but the rest of us need to pull our weight as well.
Iryna Bondar-Mucci is a senior fraud group manager at Veriff.
Copyright 2026 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
