By NHI Mgmt Group Editorial TeamDomain: Identity Beyond IAMSource: ChainalysisPublished January 22, 2026

TL;DR: Crypto-enabled fraud cost victims at least $14 billion globally in 2025, while the UK is shifting from reporting-led fraud handling to prevention-led disruption through reporting reform, overseas enforcement coordination, and AI-assisted controls, according to Chainalysis. The practical implication is that fraud now sits at the intersection of identity verification, transaction monitoring, and access governance, not just investigations.


At a glance

What this is: Chainalysis argues that fraud has become industrialised, cross-border, and increasingly AI-enabled, with crypto used to move illicit funds quickly and at scale.

Why it matters: For IAM, fraud, and identity teams, the shift matters because transaction abuse increasingly depends on trusted identities, delegated access, and verification failures rather than isolated payment events.

By the numbers:

👉 Read Chainalysis' analysis of fraud, crypto tracing, and UK prevention reform


Context

Fraud is no longer just a customer trust problem. It now behaves like a transnational cyber-enabled crime system that combines social engineering, payment exploitation, and crypto-based laundering, which makes identity verification, account controls, and transaction monitoring part of the same governance chain.

That matters because the attacker’s path often starts with trust abuse. A victim, customer, employee, or even a mule account is persuaded or coerced into authorising movement, and the control failure is frequently in the identity layer long before funds reach the blockchain or the exchange.


Key questions

Q: How should organisations stop fraud before a transaction is completed?

A: They should use layered controls that score intent, counterparty risk, device reputation, and account behaviour before authorisation. The key is to challenge high-risk actions in real time, not after settlement. For payment and crypto flows, prevention needs to sit inside the decision point, where step-up verification or blocking can still stop loss.

Q: Why does fraud now overlap with identity governance?

A: Because modern fraud depends on trusted identities, delegated access, and account recovery weaknesses. If an attacker can convince a system to trust the wrong person or wallet, the financial loss follows from an identity failure. That is why fraud prevention, IAM, and transaction monitoring increasingly need shared policies and shared signals.

Q: What do teams get wrong about AI-based fraud detection?

A: They often assume the model itself is the control. In reality, machine learning only helps when it is paired with clean data, current fraud patterns, and operational escalation rules. Without those supports, teams can end up automating inconsistent decisions rather than improving trust.

Q: Who is accountable when an authorised fraud payment is not blocked?

A: Accountability depends on where the control failure occurred. Under the PSR model described in the article, a PSP can be liable if it failed to apply verification of payee, perform transaction monitoring, or block a suspicious transaction. That makes evidence quality and control execution part of accountability.


Technical breakdown

How crypto-enabled fraud scales through identity trust abuse

Modern fraud operations use social engineering, impersonation, and AI-generated content to create believable trust signals at the point of action. The technical pattern is less about one compromised system and more about orchestrated deception across channels, where victims are manipulated into authorising transfers, revealing credentials, or bypassing verification steps. Crypto then accelerates the final stage because it can move value across borders quickly and can be split, mixed, and re-routed through multiple services. This is why fraud detection cannot live only in post-transaction review. It has to combine identity signals, behavioural patterns, and network intelligence at the moment trust is being exploited.

Practical implication: Practitioners need controls that validate intent and counterparty risk before authorisation, not after settlement.

Blockchain analytics and fraud network attribution

Blockchain analytics works by linking wallet addresses, transaction patterns, and service touchpoints into a graph that can reveal the same criminal infrastructure across many separate victim reports. This is valuable because individual scam events often look isolated, yet the underlying address, exchange, or mule network may be reused across dozens of cases. In governance terms, this turns fraud response from case handling into network disruption. The technical challenge is enrichment, correlation, and confidence scoring, not simple alerting. Once a firm can connect a wallet or domain to a wider fraud cluster, it can block, freeze, report, or escalate with much higher precision.

Practical implication: Teams should integrate blockchain intelligence into fraud case management so repeated infrastructure can be detected and actioned faster.

Why reporting systems matter to fraud operations

A fraud reporting platform is only useful if it can triage, normalise, and correlate reports into operational intelligence. The UK model described in the article shifts from a reporting inbox to a system that can identify patterns, relate one victim report to another, and expose the infrastructure behind the crime. That is a meaningful design change because fraud investigations often fail when evidence remains fragmented across banks, telecoms, exchanges, and law enforcement. Once reporting data is structured properly, it becomes a source of attribution, disruption, and policy insight rather than a passive record of harm.

Practical implication: Organisations should design fraud intake so reports can be correlated across channels and fed into investigation workflows.


Threat narrative

Attacker objective: The attacker aims to convert trust into irreversible monetary loss while obscuring the money trail across jurisdictions.

  1. Entry begins with AI-assisted social engineering, impersonation, or scam outreach that convinces the victim to trust a false counterparty or message.
  2. Escalation follows when the victim authorises payment, shares credentials, or routes funds through accounts and wallets controlled by the fraud network.
  3. Impact occurs when crypto or fiat is laundered across borders, cashed out, and reused to finance additional fraud operations.

NHI Mgmt Group analysis

Fraud is now an identity governance problem, not just a financial crime problem. The article shows that trust abuse, account compromise, and transaction authorisation sit at the centre of modern fraud operations. That means verification, entitlements, and transaction controls are increasingly part of the same governance boundary. For identity teams, the practical conclusion is that fraud prevention and access governance now need shared policy and shared telemetry.

Cross-border fraud exposes a verification trust gap. When 75% of UK fraud is reportedly instigated or facilitated from abroad, perimeter-based assumptions stop working. The governance issue is not only where the attacker is located, but where trust is granted and how quickly that trust can be revoked or challenged. This is where identity proofing, step-up verification, and mule detection become operationally linked. Practitioners should treat trust establishment as a continuously measured control, not a one-time event.

Crypto tracing turns isolated fraud cases into reusable intelligence. The most valuable shift in the article is the move from reactive case closure to network-level disruption. That mirrors a wider identity security lesson: one compromised account or wallet often reveals a broader access pattern, not just a single incident. The named concept here is transaction trust collapse, where the failure is not the payment rail itself but the overconfidence placed in unauthenticated or poorly verified intent. Teams should build response processes that assume reuse, clustering, and replay across fraud campaigns.

Private-sector liability is pushing fraud controls closer to IAM and PAM. Reimbursement and prevention obligations mean firms can no longer treat fraud as a downstream customer support issue. If payment initiation, account recovery, or delegated access is weak, the organisation inherits operational and regulatory exposure. That makes identity lifecycle management, privileged action review, and high-risk transaction controls relevant to fraud programmes. Practitioners should align fraud prevention with identity governance rather than keeping them in separate silos.

AI will matter most where it helps decide before value leaves control. The article’s point is not that AI is a cure-all, but that speed and scale now favour prevention at the point of transaction. In identity terms, that means risk scoring has to inform authorisation before a customer, employee, or service account completes an irreversible action. The field implication is clear: fraud operations that remain post-fact only will keep losing ground to industrialised, AI-assisted deception.

What this signals

Transaction trust collapse: fraud programmes will increasingly be judged on whether they can stop irreversible actions before value leaves control. That moves the emphasis from alert volume to decision quality, and it pulls IAM, fraud, and transaction monitoring into the same operating model.

The next maturity step is not broader monitoring alone, but better linkage between identity events and financial behaviour. Teams that can connect account recovery, payee changes, and wallet activity will be able to detect repeat abuse patterns earlier and reduce false confidence in isolated controls.

For practitioners, the programme implication is straightforward: fraud controls now need governance, not just tuning. Where strong identity signals are available, they should drive preventative action, and where they are absent, the control gap becomes part of the risk register rather than a tooling issue.


For practitioners

  • Unify fraud and identity telemetry Correlate identity proofing signals, account recovery events, device reputation, and transaction risk into a single fraud decision layer. That lets teams detect when the same trust failure is being reused across onboarding, login, and payment flows.
  • Add step-up checks before irreversible transfers Require stronger verification for high-risk payments, wallet changes, beneficiary edits, and account recovery actions. The control should trigger on risk context, not just static thresholds, so fraudulent authorisations are challenged before settlement.
  • Feed blockchain intelligence into case management Use wallet clustering, address attribution, and exchange touchpoint data to connect apparently separate fraud reports. That shortens investigation time and improves the odds of freezing or flagging related accounts before funds are fully laundered.
  • Map mule and recovery paths as identity journeys Track how fraudsters move from initial contact to mule account use, account takeover, and cash-out. Treat each handoff as a governance event so offboarding, monitoring, and escalation rules can be tightened around repeatable abuse patterns.

Key takeaways

  • Fraud at this scale is now a cross-border identity and transaction security problem, not a standalone financial abuse issue.
  • The article’s figures show both the harm and the enforcement pressure, from $14 billion in crypto-linked fraud to reimbursement models that already returned tens of millions to victims.
  • Practitioners should shift from post-incident fraud handling to preventative decisioning that combines identity proofing, transaction risk, and network intelligence.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST SP 800-63, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST SP 800-63SP 800-63AIdentity proofing is central where fraud relies on trust abuse and impersonation.
NIST CSF 2.0PR.AA-01Authenticating users and transactions underpins fraud prevention and authorisation controls.
NIST SP 800-53 Rev 5IA-2Authentication controls matter when fraud exploits weak verification and account recovery.
GDPRArt.32Fraud systems often process personal and behavioural data that need appropriate safeguards.

Strengthen identity proofing and step-up checks for high-risk onboarding, recovery, and payment actions.


Key terms

  • Authorised Push Payment Fraud: A payment scam in which the victim is persuaded to authorise the transfer themselves. The transfer is technically authorised, but the decision is corrupted by deception, which makes liability, evidence, and prevention harder to separate from standard transaction controls.
  • Blockchain Analytics: Blockchain analytics is the use of transaction tracing, wallet screening, and risk scoring to understand how crypto assets move across addresses and services. In compliance programmes, it supports source-of-funds checks, sanctions screening, and escalation decisions, but it only becomes effective when the output drives an actual control action.
  • Identity proofing: The process of verifying that a person is who they claim to be before granting or restoring access. In higher-risk recovery paths, proofing can include stronger evidence checks such as government ID validation or liveness-based facial verification so the assurance level matches the sensitivity of the request.
  • Transaction Risk Scoring: A policy method that adjusts authentication strength according to the value, sensitivity, and context of the action being attempted. It is not a login-only control. It uses device, behavioural, and transaction signals to decide whether a request should proceed, step up, or fail.

What's in the full article

Chainalysis' full article covers the operational detail this post intentionally leaves for the source:

  • How blockchain analytics is used to trace scam proceeds through mixers, exchanges, and cash-out points
  • How the UK’s Report Fraud model is designed to triage and correlate reports into actionable intelligence
  • How AI-powered prevention tools fit into transaction monitoring and reimbursement-driven fraud controls
  • How international enforcement, sanctions, and mutual legal assistance support disruption of overseas scam networks

👉 Chainalysis' full article covers the enforcement model, blockchain intelligence use cases, and prevention controls in more detail.

Deepen your knowledge

The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, and secrets management. It helps practitioners connect identity controls to broader security and fraud-risk programmes.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org