In this article, BeyondFS Co-Founder and Partner Matt Beattie argues that while data sharing is critical to reducing fraud, it’s currently failing – not because firms are unwilling, but because the practical, legal and technical barriers remain too high.
Fraud now accounts for 41% of all crime in England and Wales, according to the ONS. A recent UK parliamentary report suggests that losses from Authorised Push Payment (APP) fraud alone could hit £3 billion a year.
The public is losing billions. Banks are picking up a large share of the cost. And criminals are evolving faster than the industry can respond.
Of course, much is being done to address the problem, from investment in new technologies to more collaboration across sectors. But one recurring theme in my conversations with industry leaders is the need for better data sharing, particularly between banks.
It makes perfect sense in theory: if the good guys can see more transaction data, more customer information, and a helicopter view of behavioural patterns across multiple institutions, then the red flags should be easier to spot.
Data sharing is firmly on the agenda, and institutions want to collaborate – the question is how. The challenge is that sharing data at scale, securely, accurately and in real time, is far harder in practice than it sounds.
There are promising developments. AUSTRAC’s Collaborative Analytics Hub in Australia allows banks and law enforcement to jointly analyse transactions. And in the UK, the Stop Scams data-sharing platform is enabling real-time alerts between banks, telecoms and tech firms. These are working examples of collaboration that can improve detection and response.
TMNL in the Netherlands is another example – a joint effort by the major Dutch banks to pool transaction monitoring data. It showed early promise but has since opted to reassess its strategic direction in order to comply with the EU’s AMLR (Anti Money Laundering Regulation) due in 2027, resulting in the team shrinking from 70 to around 15.
One of the biggest challenges is technical compatibility. No two organisations structure their data in the same way. Even when field names look similar, the definitions and formats often don’t match. Without a common unique identifier, we can’t confidently say we’re talking about the same customer, let alone the same transaction.
Before they can collaborate externally, most organisations need to sort out their own internal data integration across credit, payments, and transaction systems. There are tools and consultancies that can help you map and reconcile data sets. But this alone is a big job.
Legal Entity Identifiers (LEIs), first heavily leveraged under the EMIR regime’s 'no LEI, no trade' rule, were meant to improve transaction matching across firms. But uptake has been inconsistent. In 2013, just 13% of trades had valid LEIs; by 2021, that figure was still only 60%.
Part of the issue is weak governance. But it’s also commercial – there are still incentives to bypass or fudge LEIs to get trades through quickly, with plans to tidy things up later. Matching accuracy has improved, but it’s still well short of where it needs to be. It’s progress, but the problem’s far from solved.
Even if you have solved the technical challenges, there are serious commercial and legal considerations:
- Privacy: GDPR doesn’t prevent fraud-related data sharing, but the guidance can be grey, and compliance teams often err on the side of caution.
- Commercial sensitivity: If you share detailed financial crime data, you may be revealing who your clients are, what they’re doing, and how you price services. That could give competitors an edge – and understandably, some firms aren’t comfortable with that.
- Trust in data handling: A recent cyberattack on the US Office of the Comptroller of the Currency (OCC) exposed over 150,000 emails to hackers, with the breach going undetected for nearly two years. When banks learned of this in February 2025, many stopped sending sensitive data to the OCC. Trust in data handling takes years to build, and moments to lose.
Given all this, data sharing should be a strategic decision, not a compliance box-tick or a knee-jerk response to pressure from industry groups.
Here are the questions every firm needs to ask:
1. Can we share our data legally and responsibly?
The legal frameworks are becoming more flexible with GDPR carve outs around fraud and financial crime prevention, but interpretation still varies. Legal and compliance teams need to be fully involved, and boards need to understand the risks.
2. Do we want to share it?
This is a commercial decision. If fraud is a big cost to your business or customers – and if you believe collaborative insight will materially reduce that cost – then it may make sense. But if the risks outweigh the likely benefits, it’s reasonable to walk away.
That said, there are ways to reduce the sensitivity of shared data. Techniques like pseudonymisation or anonymisation can help mask identifiable information, while still allowing useful analysis. More advanced tools – often called privacy-enhancing technologies – are also being tested to let firms collaborate without fully exposing raw data. These approaches aren’t perfect, and they add complexity, but they do offer a middle ground for firms that want to share carefully and securely.
3. Can we technically support it?
Even internally, many institutions struggle to get their own systems speaking to each other. Mapping your own data, creating a clean and consistent view of clients, and building the plumbing to connect with others – that all needs time, money, and leadership backing.
4. What’s driving this?
This may be the most important point. Fraud clearly impacts customers and causes operational pain – but it’s rarely the biggest drain on profitability. So if the business case isn’t compelling, and the governance is unclear, you’re unlikely to see real commitment.
Data sharing is increasingly part of the conversation – and in theory, it can help tackle fraud. But the real-world challenges are significant. Legal, technical, and commercial hurdles all need to be addressed, and that won’t happen by accident.
For some organisations, investing in better internal controls and sharper analytics may deliver more immediate returns than launching a cross-industry data-sharing initiative. For others, collaboration could be the missing link.
There’s no one-size-fits-all answer. But there is a growing recognition across the sector that these decisions need to be made deliberately – with a clear understanding of the trade-offs involved.
If you're reassessing your fraud strategy or exploring secure ways to share data, we can help you define the right approach and build the operational foundation you’ll need to make it work. Get in touch with us to explore what's possible.
