Hong Kong occupies an unusual position in Asia's fraud landscape. It is not technically part of Southeast Asia — but it is deeply integrated into the ASEAN region’s financial flows, a preferred destination for fraudulent funds, and one of the region's most active fraud enforcement jurisdictions. In 2024, deception losses (such as impersonation scams) reached HKD 9.15 billion. Deception cases now account for nearly half of all reported crime in the city.
What makes Hong Kong instructive is not the scale of the problem but the specific nature of the gap. Hong Kong has sophisticated payment rails. It has active enforcement cooperation. It has a developed bank intelligence-sharing tool in the region. What it does not have is payee verification, no scheme, no mandate to confirm that the account receiving funds belongs to the named beneficiary, and no requirement to surface that check to the payer before a transfer is confirmed.
The payer initiates the transfer, but the check runs without them, and the result never reaches them.
The Deepfake Moment
In February 2024, the Hong Kong office of a multinational company lost HKD 200 million in a single fraud. Scammers used AI deepfake technology to impersonate the company's CFO and colleagues in a video conference call, convincing a finance employee that a series of urgent fund transfers had been authorised by senior leadership. The employee transferred the money. The CFO had never made the call.
This case became a global reference point for AI-enabled fraud, and it is also a driving force of fraud discussed in Part 1 of this series, which mapped how AI, mule networks and regulatory fragmentation are reshaping payment fraud across Asia, which illustrates something specific to Hong Kong's fraud profile: the attack vector was not utilising a weak payment system. It was a weak verification moment. The employee had no mechanism to confirm, before authorising the transfers, that the accounts receiving funds belonged to the entities they were supposed to belong to. The payment system worked exactly as designed. The fraud succeeded because verification was absent at origination.
Hong Kong's police force has since dismantled two criminal syndicates using deepfake technology, arresting 58 individuals. The deterrence is real.
What Hong Kong Has Built
FINEST (Financial Intelligence Evaluation Sharing Tool), following its December 2025 upgrade, now links all 28 retail banks in Hong Kong, enabling interbank sharing of information on suspicious accounts. Interbank information sharing volumes grew multi-fold since the upgrade. Banks can warn each other about suspicious account holders in near real time, a significant operational improvement over the siloed model that preceded it.
FRONTIER+, the cross-border anti-scam collaboration platform co-established with Singapore in October 2024, connects ten jurisdictions and has demonstrated operational results. The April–May 2025 joint operation coordinated through FRONTIER+ with 1,858 arrests, 32,607 bank accounts frozen, USD 20 million intercepted. Hong Kong police investigated 301 cases in that operation, arresting 337 suspects and recovering HKD 49.5 million.
Scameter+, Hong Kong's public scam-checking tool, was upgraded in 2025 with proactive blocking capability, identifying 267 scam domains not yet reported by the public in December 2025 alone. Public searches rose 17.6% following the upgrade.
The 'Money Safe' service, rolled out across all Hong Kong retail banks by December 31, 2025, requires face-to-face verification before customers can access funds in protected accounts, a deliberate friction-based intervention to reduce the window for scammers to extract funds.
The results are visible. In 2025, Hong Kong police successfully intervened in 4,060 deception cases, a 69.4% increase over 2024, and intercepted HKD 480 million in fraudulent payments, a 158.4% increase. The enforcement capability is real and growing.
The Verification Gap
Hong Kong's FPS infrastructure is sophisticated. The Hong Kong Monetary Authority (HKMA) requires banks to conduct real-time name-matching on FPS transfers above HK$1,000 — a threshold lowered in February 2025 from the previous HK$10,000 limit, which scammers had been deliberately exploiting by keeping transfers below it. Transfers that do not pass the check are rejected, and the sending bank must inform the customer.
The missing element is a mandate, a requirement that the verification check be performed and that the payer be shown the result before funds move.
Receiving banks hold the account name records that enable the check. The check runs. What does not happen is the result being surfaced to the payer at the moment of initiation. The HKMA circular permits displaying a partially masked version of the payee name as an acceptable form of compliance. Name display and name-matching are not the same thing. Display shows the sender what name is associated with the account they are sending to. Matching confirms whether the name they entered corresponds to the name on record at the receiving institution.
In the UK's Confirmation of Payee (CoP) scheme and the EU's Verification of Payee (VoP) scheme under the Instant Payments Regulation, the match result is mandatory and surfaced to the payer before they confirm the transfer. A mismatch triggers a warning. The payer decides whether to proceed, but they do so with information they did not previously have.
The missing element is a mandate, a requirement that the verification check be performed and that the payer be shown the result before funds move.
Hong Kong: The Ceiling of Enforcement Co-operation
We previously identified a driving force of fraud being national frameworks meeting borderless fraud, as the structural problem across the region. Hong Kong's enforcement record is the strongest illustration of what the fraud ceiling looks like when cross-border cooperation is working well.
The FRONTIER+ operation's finding that identical scam scripts migrate across jurisdictions after police crackdowns is particularly instructive. Impersonation-of-customer-service scams that peaked in Hong Kong in 2024 and declined following enforcement action began appearing in Singapore and Macao in 2025, using the same scripts and the same playbooks. Fraud syndicates do not retire their methods. They relocate and redirect them. Enforcement without the upstream verification layer simply moves the problem to the next jurisdiction.
Across the region criminals exploit the same pre-payment verification gap
Taken together, the four markets examined in this series with the Philippines, Singapore, Hong Kong, and the broader ASEAN region examined in Part 1, describe the same structural problem from different angles.
Each has a fraud crisis that is, by any measure, severe. Each has a regulatory response that is meaningful within its borders. Each response stops at the same point: the moment before the payment moves.
Across the Philippines, Singapore, Hong Kong, and every ASEAN corridor, iPiD's Know Your Payee (KYP) platform provides the missing layer: real-time account verification confirming the beneficiary before funds move. No awareness campaign, no post-payment hold, and no enforcement operation stops a fraudulent payment now it matters. Verification at origination does.
- Hong Kong Police Force — Law and Order Situation Reports (2024, 2025)
- Hong Kong Police Force — Cross-Border Anti-Scam Operation, FRONTIER+ (June 2025)
- Hong Kong Monetary Authority — FPS Name Matching Requirements (February 2025)
- HKMA — Anti-Fraud Campaign and Money Safe Service (2026)
- South China Morning Post — Joint Police Crackdown on Cross-Border Scams (June 2025)
- UK Payment Systems Regulator — Confirmation of Payee Scheme
- European Payments Council — Verification of Payee Scheme Rulebook (2026)
