Every day European banks monitor billions of euro in transactions. We look for anomalies, flag suspicious patterns and enforce strict financial regulations to prevent criminals using the financial services system.
We do this every day to protect our customers because the human cost – when a customer’s life savings, house deposit or pension nest egg are stolen by fraudsters – can be devastating and truly life-altering.
Consumers can also be tricked into buying goods that don’t exist, from fake concert tickets to cutlery sets. In each case, hard-pressed consumers have money stolen from them that they have worked hard to earn.
However, many of these crimes don’t begin in shadowy corners of the internet, but rather as paid-for online advertisements.
Fraudulent online advertising is much more than a nuisance; it is a systemic threat to consumers and to the trust that underpins the digital economy.
As the scale of this problem continues to grow, Europe’s response should move from the reactive removal of fraudulent ads to prevention by design. That starts with a simple principle borrowed from banking: if you take money for a commercial service, you need to know who is paying you.
When a customer walks into a bank branch or opens an account via an app, banks must run a series of “know your “customer” and anti-money laundering checks.
We seek to verify identity, address and the source of funds. We do this because the integrity of the financial system depends on knowing exactly who is walking through our doors. If a bank fails to verify a customer and accidentally facilitates crime, the penalties from regulators are rightly severe and made public.
This contrasts with the approach to online advertising, which is generally designed to be as frictionless as possible. It is easy to take out an online advertisement, without passing through the checks and balances that financial services companies must undertake. This has contributed to the current position where fraudulent online advertising is prevalent.
Some countries are already taking action to prevent fraudulent adverts being shown to the public. In the UK, the Online Safety Act and Ofcom’s impending regulatory codes are considering proactive, identity checks on online advertisers before adverts are published.
Under the Ofcom proposals, social media platforms will need to take action to deal with scam adverts. It says more than half of UK adults have come across potentially fraudulent ads online, with more than a third seeing them often.
If the draft measures were to pass into law, firms that fail to comply could be made to pay £18 million (€21 million) or 10 per cent of global turnover – whichever is greater.
Australia is also taking similar action on proactive advertiser verification with its Scams Prevention Framework. These new regulations are now out for consultation and due to come into force in 2027.
In 2023, Australians lost more than $2.74 billion (€1.7 billion) to scams and 65 per cent of victims received no refund or remedy, according to official data.
At a European Union level, while the EU Digital Services Act (which came into force from late 2022 onwards) was a big step forward in tackling illegal online content, its approach to fraudulent advertising has not kept pace against the current scale of the problem.
Relying on users to report scam ads so they can be taken down is not effective. The fraudster simply creates a new profile and buys another ad. The scale of the problem is such that there are vast numbers of fraudulent online adverts in circulation every day.
Also as AI becomes more sophisticated and widely available, fraudsters are increasingly using it to make scams more convincing, personalised and difficult to detect.
From AI-generated phishing emails and fake websites to cloned voices and synthetic identities, these technologies are enabling criminals to target consumers at scale and with greater precision than ever before.
AI models have the potential to accelerate the risks, lowering the barriers for fraudsters and increasing the volume and sophistication of fraudulent activity. For financial institutions, protecting customers from fraud is a critical priority.
Beyond the financial losses involved, fraud can undermine confidence in digital services and damage the trust that underpins customer relationships. Organisations therefore need to combine robust controls with effective customer education, helping people recognise emerging threats and make informed decisions online. But effective regulation needs to support all of this.
We have an opportunity to overhaul the EU digital rule book with the impending introduction of the Digital Fairness Act. Led by the commissioner for democracy, justice, and the rule of law, Ireland’s Michael McGrath, this legislation is being designed to tackle deceptive digital practices and protect European consumers online.
The EU now has a unique opportunity to bring the standards of the offline world into the digital sphere, and incorporate prevention by design.
Bank of Ireland believes three new rules would significantly protect consumers from online fraud.
First, enhanced “know your customer” obligations should be introduced for the big online platforms as categorised in the EU Digital Services Act, where advertisers seeking to target EU audiences must verify their identity using established identity frameworks.
Second, the verified identity of the entity paying for the advertising should be transparently available to the public as part of the advert details.
Finally, recognising the increased level of harm from investment fraud, advertisers attempting to buy space using keywords such as crypto investments, high-yield investments, trading platforms, loans, financial advice, investment comparisons, or fraud recovery services should trigger automated increased due diligence checks.
These accounts should be restricted until they prove a valid authorisation from a recognised financial services regulator.
European banks will continue to invest heavily in security, detection and consumer education, but we cannot win this fight alone.
A customer approving a transaction is often the last step in a lengthy fraud process that originated from a fake online advert. Defending and protecting European consumers calls for action across a range of areas, including online advertising.
Áine McCleary is group chief customer officer of Bank of Ireland














