Singapore lost 913 million Singapore dollars — $713 million — to scams in 2025, and authorities recovered only SG$140.5 million of that amount, underscoring a widening gap between payment speed and fraud response across Southeast Asia.
Project Nexus and ASEAN instant payments
Project Nexus, led by the Bank for International Settlements, aims to connect domestic instant payment systems — India’s UPI, Singapore’s PayNow, Thailand’s PromptPay and Malaysia’s DuitNow — so that "nearly 1.7 billion people and businesses across five economies" can send money internationally almost instantly and at lower cost. The initiative will materially expand multilateral, real-time peer-to-peer transactions across the region, but the program is moving forward while a matching multilateral fraud-response framework remains unresolved.
Singapore’s losses illustrate the recovery shortfall
The scale and recoverability problem is stark in Singapore’s 2025 figures: SG$913 million lost to scams with only SG$140.5 million recovered by the Anti-Scam Command. That recovery shortfall "clearing showing the gap that exists in tracking and recovering the lost amount," according to the reporting. The data point is notable because Singapore is described in the source as having "arguably the most sophisticated anti-scam infrastructure in the region," yet still faces a large unrecovered loss total.
Three-country fraud sequence and the busiest corridors
Group-IB’s threat intelligence describes a typical fraud pattern that spans three jurisdictions: a victim loses money in one market, funds move through mule accounts in a second, and are cashed out — often via cryptocurrency — in a third. The most active corridors identified are Thailand–Singapore, Malaysia–Singapore and Thailand–Malaysia, each exploiting bilateral payment rails that central banks created for legitimate cross-border transfers.
Operational seams: visibility, law and political barriers
Yuan Huang, global fraud intelligence lead at Group-IB, summarizes the operational problem as a visibility seam: "Individual markets can often act quickly when funds remain within a domestic payment system. The moment money crosses a border, end-to-end traceability breaks down. Fund tracing across ASEAN's real-time payments grid remains a patchwork." Huang added that the architecture "is built on three layers that operate at very different speeds."
The report highlights three concrete roadblocks to an effective regional response. First, legal fragmentation: "Vietnam requires domestic storage of certain personal data. Malaysia imposes data-localization requirements on financial and telecommunications data." Second, asymmetric political will — the piece reports that in some upstream jurisdictions, "elements of state or state-adjacent power structures benefit economically from scam infrastructure." Third, capability asymmetry: Singapore’s systems are comparatively mature while other countries lag; the Philippines has only recently enacted the Anti-Financial Account Scamming Act, which "mandates real-time fraud monitoring across central bank-supervised institutions."
What this means for technologists, policymakers, and end users
- Technologists and security teams should expect pressure to design privacy-preserving, real-time intelligence-exchange mechanisms and shared mule-account disruption tools — precisely the operational interoperability Brian Hanley says will close the seams.
- Policymakers and regulators face choices about data governance and cross-border legal frameworks: the region "built payment interoperability before resolving data governance, liability and law-enforcement cooperation," and answering those deferred questions is now urgent as Project Nexus pushes toward operational status.
- End users and the public will remain exposed unless national anti-scam centers and public-awareness campaigns are scaled and regionally connected; the reporting cites stronger public awareness campaigns and connected National Anti-Scam Centers as elements of a realistic regional model.
Brian Hanley, executive director of the Global Anti-Scam Alliance, frames the mismatch bluntly: "Scam operations are inherently cross-border and now highly industrialized," yet "most response mechanisms remain domestic, sector-specific and reactive." The timeline deepens the urgency: with Project Nexus expected to make the rails materially faster by year end, defenders are racing to retrofit defensive interoperability after a deliberate choice to prioritize payment speed.
The region can look to Europe for a template noted in the reporting: when the EU expanded instant payments, it mandated fraud prevention standards and built schemes such as Verification of Payee into the rollout rather than retrofitting them later. ASEAN, by contrast, "built payment interoperability before resolving data governance, liability and law-enforcement cooperation," leaving unanswered how real-time cross-border tracing, mule-account disruption and privacy-preserving intelligence sharing will be implemented at scale.
The immediate question, plainly stated in the source material, is whether ASEAN can match its technical ambition on instant payments with an equally robust, operationally interoperable fraud response before Project Nexus brings a materially faster and wider set of rails online.
Source: Payment Rails Open, Fraud Response Still Lagging — GovInfoSecurity




