The Resilience and Survivability Survey II explores this question through a longitudinal study that tracks the same businesses over time to better understand what drives their resilience, recovery, and long-term growth.
The survey builds on the 2023 baseline study to examine the impact of the Mastercard Foundation MSE Recovery Fund on financial access, business continuity, profitability, employment, and enterprise resilience among Uganda’s MSEs. It particularly emphasizes businesses led by women, youth, refugees, and PWDs.
The findings offer vital insights into the realities that businesses continue to face, from access to finance and informality to digital adoption, flexible financing, and business development support. It also highlights the strategies that have been helping enterprises survive and grow.
The study was developed under the Mastercard Foundation MSE Recovery Fund. The fund is implemented by Financial Sector Deepening (FSD) Uganda in collaboration with MSC (MicroSave Consulting), Asigma, and gnuGrid.
Part 1 of this series discussed how Bangladesh’s digital payments ecosystem works well at the retail counter but breaks along supply-chain payment routes. Digital money enters shops through QR-based transactions and interoperable transfers, yet it rarely travels further upstream to wholesalers, distributors, and manufacturers. It affects the growth of MSMEs in Bangladesh and the way it happens across emerging markets and developing economies (EMDEs) .
In cash-based supply chains, the confirmation of transactions is instant. Digital payments have not yet matched that certainty. Until they do, businesses will continue to reach for cash, and the supply chain will depend on informal, unrecorded transactions.
Digitizing B2B payments, therefore, changes more than payment methods. It changes how liquidity circulates, how credit is assessed, and how supply chains are managed. If upstream payments remain cash-based, four structural consequences follow.
1. Liquidity remains tied to physical movement rather than digital circulation
Retail distribution operates on daily working-capital cycles. Today, liquidity moves quickly within local cash-based routes, but that speed depends on physical handling, transport, and deposit. This limits how efficiently funds move across actors, locations, and financial institutions.
The risk is that cash is slow. As a result, payment speeds continue to depend on physical proximity rather than on real-time confirmation across the supply chain. Inventory release remains tied to where cash is located, not where digital liquidity could circulate instantly.
2. Supply-chain credit cannot scale without transaction visibility
If B2B payments remain cash-based, millions of businesses stay invisible to lenders. A retailer may purchase goods from the same distributor every week for years. Yet, without digital transaction histories, that relationship remains outside formal credit systems. Without verified purchase records, lenders cannot reliably assess how much a business earns, their repayment discipline, or inventory cycles.
As a result, lenders continue to exclude retailers and distributors from structured working-capital financing despite their active participation in the retail economy. Digital supply chain payments would make these commercial relationships visible and help develop inventory-linked lending and distributor-anchored credit models.
3. Inventory intelligence remains fragmented across supply chains
Cash-based transactions make reconciliation slow. Distributors and sales representatives report incidents inconsistently across networks. Manufacturers lack visibility into distributor-level offtake. Distributors manage fragmented ledgers across routes and outlets, while policymakers lack reliable insights into transaction flows across retail networks.
Without digital settlement trails, supply chains cannot generate the transaction intelligence required to forecast demand, manage inventory efficiently, or support evidence-based policy decisions to formalize the retail sector.
4. Cash-handling risk remains embedded in distribution operations
Across distribution routes, sales representatives and distributors handle large volumes of cash daily. Each step, including collection, transport, counting, deposit, and reconciliation, introduces operational risks and cost.
The lack of better digital payment solutions for upstream supply chains ultimately constrains the growth of MSMEs in Bangladesh. When digital money cannot flow from retailers to distributors to manufacturers, working capital stays trapped, formal credit remains out of reach, and millions of small businesses operate below their potential. Digital transformation must extend beyond the shop counter to drive inclusive economic growth.
The persistence of cash in upstream retail payments is not primarily a question of merchant awareness or consumer adoption. Bangladesh already has widespread QR infrastructure, strong mobile financial services usage, and expanding interoperability across providers.
Regulators and payment providers designed the existing pathways for person-to-business transactions, not for distributor-led inventory payment settlement across layered supply chains. Distribution networks depend on route-level confirmation, thin-margin settlement economics, and same-day liquidity cycles. Without payment systems that reflect these operational realities, digital tools cannot replace cash for inventory purchases.
Experience from other markets show that upstream digitization succeeds only when payment architecture is redesigned around supply-chain economics rather than consumer payment behavior. Bangladesh alone does not face breaks in supply chains. Across emerging markets, consumer payments digitized quickly while B2B flows remained cash-dependent due to liquidity timing, reconciliation gaps, misaligned merchant discount rate (MDR) structures, and sales-representative-driven workflows.
These markets overcame these constraints through ordering, delivery, and settlement systems rather than treating payments as a separate layer.
So, what will it take to digitize B2B payments in Bangladesh? Global experience shows that B2B digitization succeeds only when payment architecture reflects the realities of supply chains. For Bangladesh, five design principles emerge clearly.
Instant settlement as the foundation, not a feature: Distributor liquidity cycles operate daily. If settlement is delayed or uncertain, inventory release slows immediately. B2B payments require guaranteed real-time settlement aligned with inventory movement rather than end-of-day confirmation cycles.
MDR and pricing rules aligned with distributor margins: Consumer-grade MDR levels do not match wholesale distribution economics. As seen in Brazil’s Pix model, zero or near-zero MDR enabled B2B payments to scale rapidly across thin-margin supply chains. Pricing frameworks for B2B transactions must reflect the operating margins of distributors, which MSC’s research shows are often only 1–2%. This can be achieved through tiered pricing structures, capped transaction fees, or near-zero cost transfers for high-value supply chain payments.
Reconciliation must be embedded within distribution workflows: B2B payments function reliably only when ordering, delivery, and settlement confirmation are synchronized. Payment confirmation must be visible to retailers, sales representatives, distributors, and manufacturers simultaneously. Dispute-resolution mechanisms must link directly to digital invoices and the delivery of receipts.
Digital funds must remain usable across supply-chain tiers, not trapped within merchant collection channels: When a retailer pays a distributor digitally, the distributor must be able to reuse those same funds immediately for upstream purchases from manufacturers or suppliers. Today, most digital collection tools do not support seamless onward circulation across supply-chain relationships. Without this ability to reuse incoming digital liquidity across tiers, payment systems cannot support continuous digital settlement along distribution routes.
Incentives must support upstream liquidity circulation: Supply chains depend on the predictable availability of liquidity. If distributors cannot reuse incoming digital funds immediately for upstream purchases, they revert to cash. Settlement certainty must be combined with liquidity-assurance mechanisms that support continuous digital circulation across supply-chain tiers.
Bangladesh has successfully digitized how consumers pay in shops, but not the movement that keeps supply chains running. Upstream flows remain cash-driven because existing payment pathways were never designed for high-value, time-sensitive distribution networks. The next step, therefore, is to enable digital liquidity to move across the supply chain with the same certainty as cash. Bangladesh does not need more digital touchpoints. It needs digital money that can move with the same reliability as the goods it pays for.
A retail shopkeeper in Manikganj, Rubel single-handedly handles sales, ledger updates, and cash counting. He sells packaged foods, beverages, and household essentials, such as lentils, rice, and soybean oil. While he owns a Bangla QR from a mobile finance service (MFS) provider and understands merchant payments through this channel, he rarely uses it to receive payments from customers. The reason, though, is practical.
After Rubel receives a digital payment, he must withdraw the funds from a nearby agent and incur both merchant discount rate (MDR) charges and agent fees. Why is this so? Because the wholesalers and distributors who restock his shop demand cash instead of digital funds, which otherwise could be transferred to their accounts. As a result, even when customers pay digitally, Rubel must use cash to stay in business.
This experience is not unique to Rubel. Across Bangladesh’s 7.8 million small and medium retailers, digital payments often enter shops and businesses but cannot circulate through the supply chain. The issue is not whether retailers accept digital payments, but whether they can use digital money to restock inventory. Currently, most retailers cannot use digital money for restocking.
Bangladesh has been actively advancing the digitization of payments at retail points of sale. However, the broader digitization of liquidity flows across the supply chain has yet to begin.
Wholesale and retail trade contribute nearly USD 160 billion (BDT 17.4 trillion) across the sector in 2025. Every retail transaction triggers a chain of upstream payments: Retailer to wholesaler, wholesaler to distributor, and distributor to manufacturer. These payment cycles keep essential goods flowing daily across the country.
It shows that only a small share of payment flows, nearly 10% beyond the retail counter, remain digital once transactions move upstream into distributor and wholesaler payments.
It reveals that around 37% of retailers avoid digital payments not because they prefer cash, but because their own suppliers, such as distributors and wholesalers, require cash settlement.
This pattern reflects a structural mismatch between how digital payment tools are designed and how retail supply chains actually function.
Bangladesh has made visible progress in the digitization of payments at the retail counter. Interoperable QR acceptance has expanded, mobile wallets have seen wide use, and consumers are increasingly comfortable with digital payments in everyday transactions. Digital payments are becoming part of routine commercial activity at the point of sale. However, payment flows change once they move beyond the retail counter to wholesalers and distributors.
Cash dominates payments in Bangladesh’s retail value chains despite the availability of interoperable payment tools, such as Bangla QR and the inter-FSP fund transfer system. More than 9 million microentrepreneurs, from fast-moving consumer goods (FMCG) shops to pharmacies and agri-business retailers, contribute roughly 25% to the nation’s GDP and drive significant economic activity. Yet most transactions between retailers, wholesalers, dealers, distributors, and producers still occur in cash. The challenge is not the absence of digital infrastructure. It is that existing payment pathways were designed primarily for people-to-business transactions (P2B), not for business-to-business (B2B) ones.
Digital money stops at the shop counter because existing payment tools are not designed to serve upstream business requirements. Consumer-grade payment tools were designed primarily to help businesses receive payments from customers. When these same tools are used for inventory purchases across supply chains, they fail to match the liquidity timing, pricing realities, and confirmation requirements of distribution networks. The following three operational barriers explain why digital money often stops at the shop counter instead of moving upstream.
Barrier 1: The retailer’s trap, money goes in, but cannot move upstream
When a customer pays retailers like Rubel digitally, the funds are received in the retailer’s mobile wallet. Rubel’s wallet could be a personal MFS account, such as bKash, Nagad, or Rocket, or a dedicated merchant wallet offered by the provider. In both cases, the funds cannot be easily forwarded to upstream suppliers for inventory restocking. However, the retailer cannot easily use those same digital funds to pay suppliers.
Most digital payment products, such as merchant wallets and QR-based collections are designed primarily to receive customer payments. While options, such as bank transfers or QR payments technically exist, they lack features essential for routine B2B use that include bulk transfers and seamless onward payments. As a result, funds become trapped. The retailer who receives a digital payment from a customer cannot easily forward those funds to wholesalers or distributors and are forced to cash-out.
Barrier 2: The distributor’s math, fees that work for shops do not work for bulk
A typical shopkeeper, such as Rubel, might make a profit of BDT 5 (USD 0.041) to BDT 10 (USD 0.081) for every BDT 100 (USD 0.81) of goods sold. A distributor, who moves goods in bulk, often makes only BDT 1 (USD 0.0081) to BDT 2 (USD 0.016) for every BDT 100 (USD 0.81) of goods sold. Digital payment fees, that is, merchant discount rates (MDR), are usually around 1%. For retailers, this fee is deducted from the payment they receive, but their profit margin is wide enough to absorb the cost. Yet for a distributor, the same 1% fee is deducted from the payments they receive from retailers. Since their margin is only 1% to 2%, this fee consumes half or more of their profit. As a result, even if the technology worked perfectly, economics would still block the adoption of digital payments upstream.
Barrier 3: The confirmation gap, which the distributors cannot afford to wait or wonder
When distributors hand over goods to retailers or wholesalers, they need immediate confirmation that payment has been received and matched to a specific order. Cash provides instant confirmation of payment. Existing digital payment tools cannot yet provide the order-linked confirmation and reconciliation that certain distributors require to release inventory confidently. These tools also do not support the partial-payment structures that are common in B2B transactions. As a result, distributors continue to rely on cash as it remains the only payment instrument that reliably matches inventory release with settlement confirmation.
These operational barriers are closely linked to how retail distribution networks function. Retail supply chains operate through layered relationships that connect retailers, wholesalers, dealers, sub-distributors, distributors, and manufacturers. Sales representatives (SRs) play a critical role in the delivery of goods, collection of payments, and confirmation of settlement across these networks.
Distribution routes depend on route-level confirmation and same-day liquidity availability, which makes the certainty of payment essential for inventory movement or management. Consumers increasingly use mobile wallets and banking apps for payments. However, transactions within upstream relationships remain overwhelmingly cash-based, as existing digital tools do not yet match the liquidity timing, confirmation certainty, and reconciliation needs of distribution networks.
The three operational barriers described are deeply embedded in the policy rules, provider systems, and merchant incentives that shape Bangladesh’s digital payments ecosystem for its vast number of micro, small, and medium enterprises (MSMEs).
At the macro level, which covers policy, pricing, and rails: The same MDR misalignment and lack of instant settlement make digital payments economically unviable for distributors and break daily liquidity cycles.
At the meso level, which covers provider systems and operations: The absence of batch payments, multi‑user access, and SR‑level reconciliation means distribution networks cannot replace cash‑based workflows.
At the micro level, which covers merchant incentives and behavior: Retailers perceive digital balances trapped, as upstream actors demand cash, and settlement uncertainty discourages retaining digital value for inventory purchases.
Together, these reflections show that upstream payments remain cash‑based. The issue is not the unavailability of digital tools. Rather, the problem stems from the ecosystem, where policies, providers, and merchants remain focused on consumer-facing payments rather than supply‑chain settlement.
Bangladesh has successfully digitized customer payments at the counter. It has not yet been digitized how that money moves through the supply chain, from retailer to wholesaler to distributor to manufacturer. Until digital money can move upstream with the same speed, certainty, and reconciliation as cash, B2B payments will remain outside the country’s digital payment ecosystem.
Understanding this structural gap is the first step. Part 2 explores what this means for liquidity circulation, credit visibility, and the depth of Bangladesh’s digital transformation. Read the next part here.
Financial fraud is a systemic problem being addressed by individual solutions. Across most markets, the response to a scam victim is to report it to the bank, file a police complaint, submit evidence to a regulator, and hope. Meanwhile, the fraud operation that targeted that victim is already processing the next call, the next transfer, and the next cash-out.
Fraud ecosystems have been deliberately engineered to move faster than the institutions designed to stop them. Banks and regulators need to move beyond better awareness campaigns or faster forms of grievance management to close this gap. It requires a fundamental redesign of accountability and understanding of who is responsible for what and when in the transaction chain.
The blind spots across the ecosystem
The accountability gap is not located in a single institution. Rather, it runs across the entire ecosystem, where each actor’s blind spot enables the next fraud.
Banks are positioned closest to the transaction, which should make them the most effective line of defense. Yet most fraud detection systems are calibrated to identify unauthorized transactions, such as credential theft, account takeover, and card skimming. Authorized push payment (APP) fraud is another type of fraud in a completely different category, where the victim is manipulated into initiating a payment themselves. APP bypasses most conventional controls. MSC’s Mind the Gap report found that more than 60% of fraud victims across India, Bangladesh, and Kenya did not know what grievance mechanisms existed. 48% of victims who attempted to report were dismissed for their inability to furnish evidence.
Existing grievance resolution systems are largely designed around what the institution needs and not what the victim can provide. MSC’s consumer protection research in India has consistently documented this gap across the financial services lifecycle. We have traced the cycle from transparency of product terms at onboarding, to the accessibility of recourse channels post-harm. Our customer protection in the Indian digital financial services series mapped specific failure points related to recourse and transparency that leave customers without an effective remedy when things go wrong.
In India specifically, the Prevention of Money Laundering Act (PMLA) creates a structural paralysis, as banks cannot freeze suspected mule accounts without authorization from the court or law enforcement. This creates a legally mandated delay that fraudsters systematically exploit. The IBA Working Group has proposed that banks be granted enhanced authority to place temporary holds on suspected mule accounts before formal orders arrive, which is a necessary regulatory design reform that remains pending.
Fraud is also rampant in the telecom sector. Caller ID spoofing, SIM swaps, and the leasing of backend numbers to route fraudulent calls are all examples of vulnerabilities at the telecom layer. The UK’s Ofcom interventions show that these are solvable. Regulators can impose mandatory blocking of international calls that fake domestic numbers, block invalid caller IDs, and ban leasing backend numbers used to hijack calls. Although these are technical controls with measurable impact, most jurisdictions have not implemented them.
Digital platforms, such as social media, messaging apps, and digital marketplaces, are another source of most scams. Yet, platform accountability for fraud from their infrastructure remains largely voluntary. Recorded Future’s 2024 Payment Fraud Report identified nearly 1,200 scam domains linked to fraudulent merchant accounts and nearly 11,000 e-commerce domains infected by Magecart skimmers. This is a threefold increase from 2023. Takedown times for fraudulent pages are measured in days, while scam operations are measured in hours.
MSC’s Building trust through design report adds another perspective. Deceptive interface design, which comprises manipulative consent flows, hidden fees, and guilt-tripping prompts, erodes user agency and creates conditions for external fraud to thrive. Regulatory accountability must extend to the design layer, not only to obviously illegal content.
Even where consumers know how to report, the system often fails them. MSC’s TRUST framework identifies the precise dimensions in which most grievance systems fail. Transparency suffers when consumers do not understand the terms they agreed to. Consumers lose recourse when complaint channels close, require multiple steps, or operate in a language they do not speak. They face information asymmetry at every point, which undermines their ability to understand what happened. Security investments fall behind. And once fraud occurs, timeliness matters most, yet procedural compliance systematically sacrifices it.
What effective accountability looks like
Three jurisdictions have moved furthest towards a systemic accountability model. Their approaches converge on the common principle that fraud prevention is a shared responsibility across the transaction chain, not a consumer obligation.
Since October 2024, payment service providers in the UK must reimburse APP fraud victims more than USD 100,000, with costs split between sending and receiving banks. The one-year assessment showed that reimbursement alone is insufficient, as it simply compensates victims but fails to break the criminal business model. The more impactful interventions have been at the telecom layer, such as caller ID blocks, filters for invalid numbers, and requirements for operators to verify business customers.
In Australia, the Scams Prevention Framework was passed in early 2025. It requires banks, telcos, and digital platforms to implement defined controls or bear liability for losses, with penalties of more than USD 35 million or 30% of turnover during the breach period. It includes digital platforms as designated entities and becomes the first framework to formally extend accountability to the channels where scams originate.
Singapore’s Shared Responsibility Framework, effective December 2024, allocates liability in a defined sequence. In it, liability falls first on the financial institution, then on the telecom operator, and finally on the consumer. This can occur only if both institutions have fulfilled their obligations. This waterfall model establishes clear, predictable accountability for each actor and upholds the principle that consumers should not bear losses when institutions have failed in their duties.
What behaviorally informed prevention actually requires
Accountability frameworks set the incentive structure. But institutions and regulators must make different design decisions to build the actual prevention architecture.
Contextual friction, not generic warnings: Transaction-level interventions, such as cooling-off periods for high-risk payments, purpose prompts, and real-time behavioral flags, are demonstrably more effective than warning messages delivered at onboarding. India’s NPCI removed P2P UPI collect requests, a concrete example of friction designed into the system.
Cross-institutional intelligence sharing: Mule account registries, cross-bank fraud signals, and real-time data sharing between banks, telcos, and platforms turn individual detection into network-level prevention. India’s MuleHunter.AI at the RBI Innovation Hub is an early example of this direction.
SupTech and RegTech investment: MSC’s SupTech data maturity framework finds that one-third of regulators still rely on manual submissions, and fewer than 10% of smaller jurisdictions have full data standardization. The limiting factor is data quality. Many authorities validate data manually. Regulators cannot supervise what they cannot measure. Fraud cannot be detected if reporting systems lag transactions by weeks.
Capability-building as a regulatory obligation: Financial literacy must shift from a CSR activity to a mandatory, measurable output. To address this, MSC’s PTE Framework offers a practical model for how phygital capability delivery driven by teachable moments can be designed, contextualized, and evaluated across diverse user segments.
Victim-centered grievance design: Regulators can use the MSC TRUST framework to redesign grievance resolution systems to build solutions from the victim’s perspective. These should be accessible in local languages, multi-channel, credible, and be able to initiate protective holds without a court order.
The way forward
Fraud today is institutionally tolerated due to design fragmentation: Banks are responsible for transactions, telcos are responsible for calls, platforms are responsible for content, and regulators are responsible for their own sectors. In the space between those silos, fraud operations run freely.
The evidence from the UK, Australia, and Singapore, and from MSC’s field research across Asia, Africa, and the Pacific, proves that institutions must design protection into the transaction rather than just bolt it on. It also requires a grievance management system built for the person who has just been deceived, not for the institution that manages its liability.
The fraud supply chain is end-to-end, and the protection system that counters it must reflect this reality.
This is Blog 3 of a three-part MSC series on fraud supply chains. Blog 1 examined why ordinary people fall for fraud. Blog 2 examined how fraud operations are industrialized and monetized.
Somewhere in a compound in Myanmar or Cambodia, a team of workers, many of them trafficked, sits at a screen following a script. They know exactly what to say, when to escalate, how to handle a hesitant victim, and when to hand the call to a “supervisor” for added authority. They are not criminals in any conventional sense. They are employees of a fraud enterprise, one that has refined its operations through feedback loops, performance metrics, and iterative script improvement in the same way a legitimate call center would.
In 2025, the reality of financial fraud is a supply chain that we have to understand before we can disrupt it. The supply chain moves through distinct levels. Fraudsters target victims, exploit their vulnerabilities, execute the fraud, and cash out through formal transaction channels.
The organizational structure of fraud as an industry
In 2024, Americans lost at least USD 10 billion to fraud operations run from call center farms, as per US State Department estimates. These farms are human compounds where operators force workers to perpetrate fraud under the threat of violence. The UN estimates more than 200,000 people are held in such scam compounds across Southeast Asia.
These fraudsters are well organized and operate with a clear division of labor. They have:
Lead generators who source and segment victim databases from data leaks, scraped job portals, and purchased call lists from the black market;
Callers and script operators who execute the opening approach, build rapport, and identify the most responsive targets;
Escalation specialists and fake supervisors who add authority at the critical decision moment, which breaks the remaining resistance;
Technical enablers who manage spoofed caller IDs, remote access tools, fake KYC portals, and cloned banking interfaces;
Mule handlers and cash-out specialists who receive and rapidly move funds out of the banking system before detection is possible.
Fraud networks continuously use performance data to refine scripts. These are based on which phrases work, where victims hesitate, and when they drop off. AU10TIX’s fraud evolution analysis notes that networks copy and scale high-performing scripts, which is why remarkably similar scam variants appear simultaneously across geographically distant markets. This is not a coincidence, but a result of franchising.
How is the agent layer exploited?
In emerging markets, the last-mile agent network is both a financial inclusion asset and a vulnerability prone to fraud. MSC’s long-running research on DFS agent fraud across Uganda, Kenya, Bangladesh, and India has documented that fraudsters exploit agents at two levels. They are often unwitting entry points for fraudsters who manipulate them into assisting transactions, and as active participants in fraud rings that exploit their privileged system access.
In India, the AePS (Aadhaar-enabled Payment System) layer is particularly exposed. Our dedicated AePS fraud analysis found that AePS-related fraud accounts for 11% of 1.13 million reported cases, which equals INR 823.74 crore or USD 98 million approximately. Surprisingly, some providers reported up to 20 times more fraud than others as a percentage of their total transaction volume. This variance is not random. It reflects systematic exploitation of weaker-controlled agent channels, where biometric spoofing, cloned fingerprints, and social engineering of agents combine to drain accounts at scale.
The agent layer is where the first line of consumer interaction occurs for the most vulnerable users. Oral, semi-literate, and rural populations rely on agent mediation rather than self-initiated digital transactions. MSC’s research on customer vulnerability and trust in Indian digital financial services (DFS) found that agents in some villages set the same PIN, such as 1234 or 5555, for every user they onboarded. This vulnerability is systemic. It stems from a convenience-over-security trade-off that defines last-mile delivery, and fraud networks are quick to exploit it.
What are the tools that enable manipulation?
The industrialization of fraud is inseparable from its technical infrastructure. The toolkit has become both more accessible and more sophisticated simultaneously.
Fraud-as-a-Service platforms now operate like SaaS companies, and include subscription pricing, modular attack kits, customer support, and feature roadmaps. A small-time fraudster can subscribe for as little as USD 50 per month to access enterprise-grade phishing templates, synthetic identity generators, deepfake toolkits, and on-demand botnets. The barrier to entry has collapsed.
The core technical instruments in play are:
Caller ID spoofing and SIM swaps, which make calls appear to originate from legitimate bank or government numbers.
Remote access trojans (RATs), which give fraudsters live control of a victim’s device. Credit unions in the US reported a 55% increase in RAT-enabled fraud in 2025, now 15% of all credit union fraud.
Fake KYC portals and cloned banking interfaces, which are designed to harvest credentials in real time while appearing to resolve a legitimate problem.
Dark patterns and deceptive UI exploit the same cognitive vulnerabilities as scam calls. MSC’s Building Trust Through Design report identifies five manipulative interface tactics. These include guilt-tripping, hidden fees, and forced bundling fraudsters use to manipulate users through apparently legitimate platforms. When deceptive design is embedded within those platforms, the boundary between platform fraud and external scam dissolves.
In India, the technical layer is specifically tuned to the United Payments Interface (UPI) infrastructure. Research by CUTS International exposes malicious apps that train mules to use bank-specific UPI apps, register UPI IDs with different mobile numbers to intercept OTPs, and use merchant payment addresses to make transactions appear legitimate. The system even provides scripts for mules to follow when questioned by bank officials and acts as a supply chain within a supply chain.
The money supply chain: From transfer to disappearance
The moment a victim authorizes a payment, a second one begins, designed to make that money irretrievable within minutes.
The flow is precise: funds arrive in a mule account, are immediately redistributed across multiple secondary accounts, converted to stablecoins, cryptocurrency, or prepaid instruments through weak-KYC exchanges, and withdrawn through agents. BioCatch’s 2025 Digital Banking Fraud report documents that by mid-2025, stablecoins accounted for 63% of all illicit on-chain transactions, with an estimated USD 649 billion in fraudulent flows. Unlike volatile cryptocurrencies, stablecoins offer criminals dollar-pegged stability combined with instant, irreversible transfers that bypass traditional SWIFT monitoring and AML controls.
The mule network is expanding at an alarming speed. US financial institutions reported a 168% surge in confirmed money laundering cases in the first half of 2025. In India, mule recruitment operates as a Telegram-based pyramid scheme. Agents recruit participants who want easy money to move funds through their accounts and often do not understand the legal exposure they carry. When accounts are frozen, the fraud network provides recovery scripts. When accounts are closed, new ones are opened with fake GST registrations and business certificates.
The legal architecture compounds the problem — The Prevention of Money Laundering Act prevents banks from freezing suspected mule accounts without a court order. Fraudsters are acutely aware of this delay and systematically exploit it by moving funds in the window between detection and authorization.
The design implication
Design is one of the most neglected and highest-impact tools available, but it works best as one lever in a larger system. Regulators, platforms, and banks must intervene and disrupt the fraud supply chain at multiple nodes simultaneously, not just educate consumers at the end of the chain. The operational machine is built on the assumption that detection will be slow, mule accounts will remain open long enough to be cleared, legal channels will create delays, and victims will be too ashamed or confused to report quickly.
The question is not whether we can outpace the fraud supply chain. It is whether we can redesign the protection system with the same rigor that the fraud supply chain has been built.
This is Blog 2 of a three-part MSC series on fraud supply chains. Blog 1 examined why ordinary people fall for fraud. Blog 3 highlights the accountability gap in financial fraud prevention.
The phone rings, and the call seems routine. It could either be a bank representative who confirms your account details or a courier company that verifies your address for a pending delivery. This call could also be from a government official who warns that your Aadhaar number has been flagged for suspicious activity and you must act within the hour.
None of these calls feels like fraud, and that is precisely the point.
Financial fraud is no longer opportunistic, as it is a precision-engineered behavioral system. These fraudsters study how trust is built, urgency clouds judgment, and shame keeps victims silent. Solutions will fail until we treat fraud as a psychological problem rather than an information problem.
Fraudsters succeed when they act unremarkably rather than suspiciously. The scammers study the language, cadence, and escalation patterns of real institutions and replicate them accurately. These institutions include banks, telecom operators, government agencies, and couriers. By the time a victim senses something is wrong, they have already been lured into a pre-planned conversation.
Our 2024 report on consumer protection in digital financial services (DFS) across India, Bangladesh, and Kenyahighlighted key patterns of exposure to fraud. This report found that 55% of low- and moderate-income respondents had received fake calls or SMS messages that mimicked legitimate institutions. The most common types were impersonation scams and attempts to compromise personal identification numbers (PINs), which require no technical sophistication on the fraudster’s part. They only need a script that convinces and the right moment.
The research across the three countries also shows that more than 60% of respondents did not know what to do after fraud occurs. Crucially, the research revealed that complaints about financial fraud often fall under multiple jurisdictions, which include financial service providers (FSPs), financial regulators, and law enforcement agencies. Victims or customers often do not know about these jurisdictional boundaries, which leads them to file complaints with the wrong authority and results in unresolved grievances and complaint rejections.
Artificial intelligence (AI) now outpaces consumer awareness of fraud tactics. Feedzai’s 2025 research found that voice cloning represents the most common form of AI-powered fraud reported by financial professionals globally, cited by 60% of respondents. Deepfake-related fraud surged 1,740% between 2022 and 2023. In the most high-profile case of the decade, UK-based engineering firm Arup lost USD 25.5 million to a deepfake scam. A finance worker approved 15 wire transfers during what appeared to be a routine video call, where every other participant was an AI-generated deepfake.
Most evidence on AI-enabled fraud focuses on global trends. However, early signals from markets, such as India, indicate growing exposure to AI-enabled fraud through impersonation scams, synthetic identities, and social engineering. This trend underscores the need for proactive safeguards within digital financial systems, even in contexts where large-scale incidents may not yet be fully documented.
The crisis has moved beyond simple phishing and hurts trust in the most insidious way possible. We must examine how fraudsters manipulate the human mind to understand why people fall for fraud. It comes down to three reliably exploitable mechanisms: Authority, urgency, and fear.
Humans are prone to comply with credible authority figures. A caller who quotes an account number, references a recent transaction, and uses the correct department name instantly bypasses our skepticism. Research shows that victims fall for fraud when the signal environment is constructed to resemble legitimacy rather than due to carelessness. In India, the impersonation of Central Bureau of Investigation (CBI) officers, Telecom Regulatory Authority of India (TRAI) officials, and bank fraud departments is now a scripted, scalable operation.
Yet, fraudsters do not wield authority solely through phone calls. MSC’s 2025 report on dark patterns in DFS documents how deceptive interface design exploits the same authority dynamic within legitimate-looking platforms. This design includes guilt-tripping language, hidden fees, and misleading consent flows. The line between dark patterns and fraud is thinner than most regulators acknowledge.
Deliberation is the enemy of fraud, as the instruction to act now is not accidental. The fraudster demands action within 30 minutes, before an account is frozen, or before a penalty applies. It is the single most effective mechanism to suppress verification behavior. ACFE notes that AI-enhanced social engineering has raised clickthrough rates on fraudulent communications by up to 45%, precisely because personalized urgency triggers automatic rather than reflective responses.
In India, a 67-year-old woman in Hyderabad was kept in effective digital house arrest for 17 days by fraudsters who impersonated crime investigation officers. She lost INR 55 million (USD 600,000) before her family understood what had happened. This case was not an outlier but a documented pattern of coercion-based scams where the fear of legal consequences was weaponized to induce sustained compliance. Once a victim is under the fraudster’s logic, they no longer seek external validation. This fraudster becomes their only trusted guide by design.
Gender compounds this dynamic. Officials in MSC’s fieldworkon DFS fraud found that fraudsters view women and elderly individuals as easier targets. Most female respondents in this study hesitated to approach authorities on their own and required a male family member to be present. Victims experienced the repeated questions and multiple visits from authorities as barriers rather than as systems of support. After a fraud incident, most female and elderly victims relied on their children or male family members to conduct all online financial transactions on their behalf. Such dependence compounds long-term financial exclusion.
The most harmful phase of financial fraud is what happens after such incidents. Victims rarely report these frauds immediately due to shame. When they do report these incidents, recovery rates become extremely marginal.
Academic research published in the Journal of Medical Case Reports in 2025 found that scam victims consistently experience depression, anxiety, shame, and post-traumatic stress disorder (PTSD). These symptoms are comparable to other forms of serious trauma. The victim-blaming that follows from family members, peers, and sometimes even institutions compounds the silence. The National Cybersecurity Alliance has documented that “fraud shame” often causes victims to withdraw from their family entirely, which increases the isolation that made them vulnerable in the first place.
MSC’s fieldwork on DFS fraud also found that the recovery rate of money lost to fraud remains below 1%. A Local Circles survey found that 74% of fraud victims in India could not recover their losses within three years of the fraud incident. The primary reasons cited were limited awareness of grievance resolution mechanisms, victims’ reluctance to file complaints out of fear of humiliation, and slow, inefficient coordination between banks and cybercrime reporting cells.
The victims’ silence reflects a structural failure. MSC’s 2024 report also found that more than 60% of fraud victims across India, Bangladesh, and Kenya did not know about the existence of grievance resolution mechanisms in the first place. The 48% of victims who tried to report such fraud had their complaints dismissed due to a lack of evidence.
The system is not built for the victim’s reality.
The Global Anti-Scam Alliance’s 2025 report found that 57% of respondents across 42 countries were scammed in the previous year, and 23% lost their money. The gap between what happens and what is recorded exists precisely because shame, confusion, and institutional distrust keep victims quiet.
The dominant consumer protection paradigm, awareness campaigns, warning messages, and tip sheets, rests on a flawed assumption that people fall for fraud because they lack information. They do not. Instead, they fall for fraud as their cognitive and emotional systems are being expertly manipulated at precisely the moment when they are most vulnerable.
MSC’s fieldwork on DFS fraud confirms this directly. Most fraud victims expressed lower confidence in DFS after their experiences, and many subsequently relied on family members to conduct transactions on their behalf. Generic awareness campaigns do not rebuild confidence or reach people at the moment of risk. The following four design shifts matter most:
Deliver teachable moments rather than time-distant campaigns: MSC’s digital financial capability framework identifies the points in a user’s journey when they are most receptive. This framework delivers contextually suitable prompts through phygital channels matched to the user’s literacy, access, and trust profile. The phygital, teachable, and engagement (PTE) model offers a practical alternative to one-size-fits-all mass campaigns.
Build simulation instead of information: Scenario-based training and role-play build the muscle memory of skepticism, not just the awareness of risk. MSC’s Helix Institute has designed and delivered such capability-building programs at scale across Asia and Africa.
Embed friction at the point of payment. Nudges for cooling off, transaction purpose prompts, and contextual warnings at the exact moment a high-risk payment is initiated. MSC’s 2025 report on dark patterns in DFS argues that harmful design principles can be inverted to protect consumers when providers are held to an ethical design standard.
Remove stigma from the victim experience: Grievance resolution systems must be designed for the emotional state of a fraud victim. These systems must be compassionate, accessible, and presumptively credible rather than evidence-demanding.
The design gap between fraud tactics and consumer protection must close. FSPs, regulators, and capability-building practitioners must stop to ask “did we tell them?” rather than ask, “did the design protect them when it mattered?”
The fraudster already knows the answer to that question. It is time for protection systems to catch up with the fraudsters.
This is Blog 1 of a three-part MSC series on fraud supply chains. Blog 2 examines how fraud operations are industrialized, scripted, and monetized. Blog 3 highlights the accountability gap in financial fraud prevention.
This site uses cookies, by continuing your navigation, you agree with our Cookie Policy.
