Nigeria’s financial institutions lost N52.26 billion to digital fraud in 2024, according to the Nigeria Inter-Bank Settlement System (NIBSS). This marked a 196% increase over five years, even as the number of individual fraud cases fell. Indonesia recorded Rp7.9 trillion ($474 million) in losses from online scams between November 2024 and November 2025, according to Indonesia’s Financial Services Authority (OJK), with the country logging the highest number of fraud reports globally. In the Philippines, the suspected digital fraud rate stood at 13.4% of digital transactions in 2024, which is predicted to be 148% higher than the global average and the country has now exceeded the global fraud rate for five consecutive years, according to TransUnion.
These are aggregate numbers that describe a sector-wide problem.
What they do not capture is what a single major fraud incident does to the institution it happens to and that is a different, more personal, and more actionable conversation.
The immediate cost is the smallest cost
When a fraud incident occurs, the first number anyone looks at is the direct financial loss. That figure matters, but it is rarely the one that determines whether an institution recovers quickly or slowly. The harder costs come in the weeks and months that follow.
The reputational cost arrives first. In Nigeria, 40% of fintech users now express distrust in mobile platforms, according to the 2024 Nigeria Consumer Protection Survey by Innovations for Poverty Action, which also found that nearly one in four digital financial services users had experienced fraud attempts or unexpected charges in the past year. Of those who encountered a problem, only about half sought formal redress, not because they were satisfied, but because they had concluded that raising a complaint was unlikely to produce results. That silent erosion is more dangerous than a public complaint. The users who stop trusting your platform and never tell you are the ones you will never win back.
The customer exodus follows. Research on Indonesian banks suggests that a single major fraud incident can trigger deposit withdrawals of 25–40% within weeks from affected institutions, with the process of rebuilding trust taking years and requiring significant ongoing investment. In the Philippines, where 34% of consumers surveyed reported losing money to fraud schemes in 2024, with the average loss exceeding PHP 44,700, equivalent to more than two months’ salary for most Filipino households, the decision to switch banks after a fraud incident is a real, lived consequence.
The regulatory cost completes the picture. Nigeria’s CBN introduced risk-based cybersecurity frameworks for deposit money banks in 2024, with industry-wide enforcement penalties reportedly exceeding N15 billion that year. Indonesia’s OJK issued 147 enforcement actions related to fraud prevention deficiencies in 2024, including 23 operational suspensions. In the Philippines, the BSP has backed the Anti-Financial Account Scamming Act and is moving toward mandatory real-time fraud monitoring standards. The direction of regulatory travel across all three markets is unambiguous: institutions that cannot demonstrate active, auditable fraud prevention capability will face escalating consequences.
What the growth curve actually looks like after an incident
The damage to a digital bank’s growth trajectory after a serious fraud incident follows a recognisable pattern.
Acquisition slows immediately
Word spreads fast in markets where community trust drives referral and where social media makes a single bad story visible to thousands of potential customers. The cost per acquired user rises because the organic referral channel (which drives some of the highest-quality growth in emerging markets) effectively closes for a period.
Activation rates fall in parallel
Users who heard about the incident and still downloaded the app complete onboarding at lower rates. The doubt that a fraud story creates shows up most clearly in the moment a new user is asked to deposit real money or link a real account for the first time.
Engagement drops
Engagement falls among existing users who were not directly affected but who watched how the institution handled the incident. Speed of communication, transparency about what happened, and clarity about how it was resolved are the variables that determine whether those users stay or begin quietly reducing their activity. Institutions that communicated clearly and resolved affected accounts quickly recover much faster than those that were slow or opaque.
Retention losses hit hardest among the highest-value users
In every market, the customers with the most options are also the most mobile. A high-value SME customer who experiences a fraud incident on your platform, or who simply watches one happen to someone they know, has both the motivation and the means to move.
The infrastructure gap underneath the incident
Most fraud incidents at digital banks in emerging markets are not the result of uniquely sophisticated attacks, they are the result of a gap between the speed at which the institution grew and the speed at which its fraud detection infrastructure kept pace.
Nigeria’s fraud data illustrates this clearly: while the number of fraud cases fell by 31% between 2020 and 2024, the total financial losses rose 350% over the same period. Fewer incidents, but each one far more damaging. That is the signature of increasingly organised fraud networks targeting institutions with incomplete detection capability; finding and exploiting the gaps that rapid digital growth opened up.
In Indonesia, OJK’s own data shows that of Rp7.9 trillion in losses recorded between November 2024 and November 2025, only Rp386.9 billion was successfully recovered. The recovery rate is not a legal or operational problem primarily, it is a speed problem. OJK explicitly noted that the average time between a fraud occurring and a victim reporting it in Indonesia is twelve hours, compared to ten minutes in more mature markets. Funds that move through multiple accounts in twelve hours are effectively unrecoverable. The institutions that can detect the anomaly and intervene before the transfer completes are the ones that protect their customers and their own growth curve.
The Philippines data adds another dimension. Online scam complaints tripled in 2024, and e-wallet fraud is now the most common consumer complaint. That growth in complaint volume is partly a sign of increased awareness, but it is also a sign that fraud is finding new surfaces faster than defences are being updated. The institutions most exposed are those whose fraud rules were written for the transaction patterns of two years ago.
What separates the institutions that recover from those that do not
There are several variables, including:
Speed of detection
An institution that catches a fraud incident in real time by flagging the anomaly, blocking the transaction, and notifying the customer has a fundamentally different story to tell than one that discovers the damage after it is done. That difference is mostly in whether the institution has a complete, unified view of transaction data available to detection systems in near real time, or whether that data is fragmented, delayed, or siloed across systems that do not talk to each other.
Speed of communication
Customers who are told immediately what happened, what the institution is doing about it, and what they need to do are far more likely to stay than customers who find out from a news article or a social media post. The ability to communicate in real time with affected customers depends on the same data layer that enables real time detection. Institutions without it cannot communicate quickly because they cannot identify the affected population quickly.
Speed of resolution
Clear runbooks for disputes and fraud reports, backed by fast access to transaction history for internal investigation, determine how long the reputational damage lasts. An institution that resolves affected cases within 24 hours is a different story in the market than one that takes two weeks.
The common thread is infrastructure. The institutions that handle fraud incidents well are not necessarily the ones with the most sophisticated machine learning models. They are the ones whose data layer, core, and operational processes are connected well enough that they can see what is happening, act on it, and communicate about it before the damage compounds.
The investment framing
The instinct in many organisations is to treat fraud prevention as a cost centre; a necessary overhead that competes with growth investment for budget. The data from Nigeria, Indonesia, and the Philippines suggests a different framing.
In a market where one in four digital financial services users has already experienced fraud attempts, where the Philippines has exceeded the global fraud rate for five consecutive years, and where Nigeria’s fraud losses rose 196% in five years even as transaction volumes grew, the question is truly whether your infrastructure will catch it before it becomes an incident that resets your growth curve.
The cost of building a fraud-ready data layer and detection capability is a fraction of the cost of one serious incident. The institutions that understand that are treating fraud infrastructure as a prerequisite for growth, not a constraint on it.
AI for digital-first banks
Ready to put this into practice? Download Oradian’s Digital-First Bank’s Guide to AI in 2026 for a practical breakdown of what fraud-ready infrastructure looks like, including the data layer requirements, pilot design framework, and AI readiness checklist your team can use to assess where you stand today.
Get the Digital-First Bank’s Guide to AI in 2026
Get the digital-first bank’s complete operating model
The first step to true AI success is effective management of data and the first step to supportive data is a core you can trust. Start your core banking journey today by emailing vanda.jirasek@oradian.com to book in a meeting.
