Scams, or authorized push payments, are the scourge of the day.

While no formal figures exist, it is estimated that the global scam losses exceed $1 trillion per annum. Organized crime is at the heart of this increase, with some estimates putting 1.5 million employed as professional scamsters.

The rising professionalism of the scamsters, the availability of “off the shelf” scam tools (e.g., phish kits), the very high “gross margin”, the increasing digitization of customer experiences, and inadequate law enforcement are all contributing to a continued increase in scams across the world.

The regulatory expectations, and the associated cost of compliance, vary by market. The most extreme position exists in the UK, where financial institutions are liable for up to £85k in almost all cases. Most regulators are examining the “Shared Responsibility Framework” framework, and it is reasonable to assume that financial institutions will have to bear an increasing share of this cost.

Customer expectations prize fraud defences when selecting a financial institution. In a global survey of 18,000 customers, some 60% ranked “Good Fraud Protection” as either their top or the second priority. This was followed by “Ease of Use” (43%). While seemingly at odds, these two are the opposite sides of the same coin. Effective scam detection, measured by a high value detection rate at an acceptable level of false positives, becomes a key business growth imperative.

7 Steps to Scam Prevention

There is no one silver bullet defence against scams. The ideal scenario – a fully alert customer – remains unrealistic.

Instead, effective defence requires a multi-layered strategy. The following 7-step framework offers a practical, intelligence-driven approach toward scam defence.

1. Understand Customer Susceptibility

The framework begins with proactive assessment of customer vulnerability through sophisticated susceptibility scoring. This involves harvesting both monetary transactions and non-monetary events across all customer touchpoints to create always-on customer profiles. This requires an applied intelligence platform that enables real-time assessment that evolves with each customer interaction. (Note: This approach needs to be vetted against local privacy and permissibility requirements.)

2. Create Robust Customer Personas

By developing personas that reflect psychographic and behavioural characteristics, institutions can assess specific scam vulnerabilities. For example, customers with high investible income who engage in cryptocurrency trading may be particularly susceptible to investment scams. Knowing customers helps to protect them.

3. Deploy Targeted, Personalized, Proactive Communication and Education

Generic scam warnings prove largely ineffective. The framework emphasizes hyper-personalized, contextual messaging aligned to individual risk profiles and scam types, creating more informed and alert customers. Breaking the scammer’s spell is critical.

4. Alert and Amplify with the Susceptibility Score

At the heart of scam detection lies sophisticated monitoring of customer behaviour and activity. The framework recommends multi-layered decisioning that first identifies anomalies, then determines whether they’re associated with scams or traditional fraud. Enterprise fraud capabilities can “amplify” transaction scores based on customer susceptibility and personas.

5. Build Dynamic In-Journey Engagement

Understanding that customers in “hot states” often ignore generic warnings, the framework emphasizes dynamic, personalized dialogue that creates appropriate friction and reflection opportunities. This may include cooling-off periods or post-transaction follow-up when customers are more receptive.

6. Close the Back Door

Since stolen funds must flow through mule accounts, the framework emphasizes real-time intervention capabilities beyond traditional anti-money laundering controls. This requires transitioning from monthly batch assessments to instantaneous monitoring and account freezing.

7. Collaborate across the Ecosystem

Build a formal ecosystem across the regulator, law enforcement, telcos, social media platforms, and industry bodies to facilitate data sharing and best practice. This is probably the hardest task.

How to Operationalize the Enterprise Fraud Framework

Scam prevention demands more than traditional fraud controls – it requires a sophisticated, data-driven platform capable of analyzing vast volumes of signals in real time, while maintaining the right balance between customer protection and experience. To operationalise this framework, banks can integrate advanced analytics, orchestration, and engagement capabilities across the customer lifecycle.

The Path Forward

The scam epidemic represents an existential threat to customer trust and institutional stability. Financial institutions that wait for regulatory mandates or perfect solutions will find themselves at a significant disadvantage.

Success requires ruthless measurement and tagging of both structured and unstructured data to create virtuous feedback loops. Equally critical is constant engagement with operations teams and active monitoring to assess new vectors and anticipate emerging attack patterns.

As the threat landscape continues evolving, financial institutions must embrace proactive, intelligence-driven strategies that protect customers while maintaining operational efficiency. Use the seven-step framework as a roadmap to transform scam prevention from compliance obligation into strategic advantage and position for success in an increasingly complex risk environment.

Pet Planet, based in Livingston (West Lothian, Scotland), launched in July 1999 and over the past 27 years has become “a trusted destination for everything pets need”.

The Pet Planet website reads: “We pride ourselves on offering a wide variety of high quality products and building lasting relationships with our customers.

“We’re here to make sure your pets have everything they need to live their happiest, healthiest lives!”

Pet Planet enters administration

After nearly 27 years, Pet Planet is now at risk of closing after collapsing into administration, according to Companies House and The Gazette.

James Stephen and Kiri Holland have been appointed administrators.

What happens when a company goes into administration?

When a company enters administration, it means that it is unable to pay expenses, debts, or other liabilities, according to SquareUp.com.

Companies House adds: “When a company goes into administration, they have entered a legal process (under the Insolvency Act 1986) with the aim of achieving one of the statutory objectives of an administration. This may be to rescue a viable business that is insolvent due to cashflow problems.

“An appointment of an administrator (a licensed insolvency practitioner) will be made by directors, a creditor or the court to fulfil the administration process.”

A statutory moratorium is put in place once a company enters administration, giving it “breathing space” to allow for financial restructuring plans to be drawn up free from creditor enforcement actions.

A company can continue to trade while in administration, but daily management and control are handed over to the administrators.

Companies House continues: “Within 8 weeks it is the administrators’ role to formulate administration proposals.

“Creditors are then asked to vote by a decision procedure to approve the administrators’ proposals.

“If the administration involves a sale of all or part of the company’s business, the proceeds (after the costs of the procedure) will be distributed to creditors in a statutory order of priority.”

Administration will end automatically after 12 months unless the administrator asks the court or creditors for an extension.

Through administration, a company can be:

• Rescued and passed back to the directors
• Enter liquidation
• Be dissolved

Other UK companies that have closed or entered administration/liquidation in 2026 (so far)

It has been a rough start to 2026 for the UK high street, with several other retailers entering administration and others announcing widespread store closures.

Major high street retailers, including River Island, Primark, and Poundland, have already been forced to close stores in 2026, while Revolution and BrewDog shut the doors to 21 and 38 pubs, respectively.

Several other retailers have fallen into administration, including:

Meanwhile, four UK travel companies have closed in 2026:

EcoJet Airlines, billed as “the world’s first Electric Airline”, also entered liquidation after just three years, resulting in the cancellation of all planned flights.

What has a nose, wings and runs off of hydrogen? Ecojet 😎 pic.twitter.com/y8QGiBdFe2

— ecotricity (@ecotricity) July 17, 2023

UK delivery company Yodel is set to be phased out over the coming months after being acquired by InPost.

RECOMMENDED READING:

It’s also been reported that Morrisons is looking to sell some of its in-store pharmacies as it continues to cut costs.

It’s not been all bad news for the UK high street, with several major brands announcing new store openings for 2026, including Aldi, M&S, and Superdrug.

Have you shopped online at Pet Planet before? Let us know in the poll above or in the comments below.

Cybersecurity leaders aren’t struggling with visibility as much as they are with prioritisation.

With cloud-native apps, identity, SaaS, OT, and more, the attack surface today is much broader than the one traditional programs were designed to address. The consequence is all too familiar: thousands of alerts, disjointed insights, and still, no clear answer to what should be an obvious question: what matters most to the business today?

This is where exposure management and AI-driven exposure assessment enter the picture, with the operational model being Continuous Threat Exposure Management (CTEM).

Why CTEM matters

What problem is CTEM solving?

Traditional security tools are very good at identifying vulnerabilities, but not as good at identifying those vulnerabilities that are actually exploitable and have a significant impact. This issue has become more pronounced as the environment becomes more distributed and interconnected.

CTEM provides a new approach that is continuous and risk-based. It changes the paradigm from detection to exposure. Rather than relying on regular scans and scores that do not change over time, it’s all about the process of discovery, analysis, validation, and action.

At a high level, the benefits of CTEM are:

• The ability to focus on what is actually reachable and exploitable
• A way to focus on business risk rather than technical severity
• Having continuous risk assessments as environments change

The fundamental shift is from “what is vulnerable?” to “what could actually be used against us?”

The five stages of a CTEM program

How do you operationalise exposure management?

CTEM is more of a lifecycle than a tool. Like any good lifecycle, it is iterative.

It begins with scoping. Here, businesses identify what matters most. What are critical assets? What are key business services? What are systems with financial or regulatory implications? Without scoping, prioritisation is soon noise.

Discovery is next, and it is far more complicated than it is made out to be. Environments are in motion. Assets are spinning up and down. Identities are changing. And new risks are emerging every day. Maintaining an inventory of what is in IT, in the cloud, and beyond is foundational.

Once exposures have been defined, prioritisation is the key challenge. This is where context is important. Prioritisation that is effective takes into account:

• Exploit availability and attacker activity
• Asset criticality and business function
• Network exposure and identity access paths

This is where companies go beyond general severity ratings and into something much more actionable.

The fourth stage is validation. This is where realism is introduced. It answers whether this exposure is actually exploitable. This is done by examining attack paths and simulating attacks.

Lastly, there is mobilisation. This is where action is taken. It is where there is integration with workflows, assigning action items, and tracking progress in a measurable way.

Building unified exposure visibility across the attack surface

Why is visibility still such a challenge?

Most organisations have made significant investments in various tools, and the problem is that the visibility is fragmented. Cloud security, identity security, endpoint security, and network security are usually implemented in parallel and generate their own data and priorities.

The problem is that risks don’t exist in silos. Risks are the result of interactions.

Exposure visibility gives the ability to bring these domains together.

• How are the vulnerabilities related between the environments
• How does the identity and access provide unintended pathways
• How does the combination of the weaknesses create real attack opportunities

For example, the configuration of the workload in the cloud could be considered low risk. However, when the permissions are excessive and the workload is exposed, the risk is more obvious.

The connections between the risks are not always obvious unless the cross-domain exposure is considered.

Continuous discovery across a dynamic attack surface

Why isn’t periodic scanning enough anymore?

Because the environment doesn’t sit still.

The nature of cloud-based workloads is ephemeral. Applications are constantly being updated. User roles and permissions are in constant flux. In this environment, periodic assessment is plagued by blind spots, where snapshots are obsolete almost as soon as they’re taken.

Continuous discovery solves this problem by providing real-time visibility into your environment. This is because we recognise that your attack surface is constantly changing, and your risk assessment must follow.

This is particularly critical in:

• Cloud-native environments
• Hybrid infrastructures
• Businesses that are adopting risk-based cloud security models

With no continuous insight, entities are making decisions based on incomplete data.

Prioritising cyber risk with business context

How do you decide what to fix first?

It is in this area that security software often falls short, as the sheer number of vulnerabilities far outweighs the number of ways to address them.

It is in this area that organisations are increasingly turning to AI to help address the problem. It is able to do so by correlating data from different domains, to:

• Identify potential paths of attack
• Uncover vulnerabilities that are actively being exploited
• Correlate technical risks to business risks

This is where the real value of such an approach comes in – not only is it more efficient, but it is also more understandable.

From vulnerability scans to continuous, contextualised exposure insight

What is the role of traditional vulnerability management today?

Vulnerability scanning is still a fundamental technique. Tools like Nessus are very good at finding known weaknesses, misconfigurations, and patch problems.

Scanning, however, is no longer sufficient on its own.

A scanner, by itself, will tell you what you have. It won’t tell you:

• Is the vulnerability reachable?
• How does it get exploited?
• What are the business implications?

As part of a CTEM-based approach, vulnerability information becomes part of a larger model of exposure. It’s augmented, validated against “real world” scenarios, and weighted by relevance.

This is the evolution from simple data collection to decision support.

Integrating CTEM with existing security workflows

How do you make CTEM actionable?

Insight is useless if action is not taken. This is the biggest pitfall in the implementation of cybersecurity initiatives.

The operationalisation of CTEM is the integration of CTEM into existing workflows. This includes:

• Integrating CTEM findings into existing IT and DevOps ticketing systems
• Aligning remediation activities with business priorities and ownership
• Measuring the effectiveness of remediation activities over time

Additionally, there is a need to change the way we communicate CTEM findings. This is so that the findings are communicated in a way that the business can understand.

The most successful organisations in the implementation of CTEM are those that treat the process as a shared responsibility.

The bigger shift: from reactive security to exposure reduction

Exposure management and AI-driven exposure assessment are a result of a larger shift in the world of Cybersecurity. They represent a shift from:

• Alerts to insights
• Volume to context
• Technical severity to business risk
• Periodic review to continuous assessment

This goes beyond a change in tools, to altering how we think about cyber risk.

Prioritisation will be the key differentiator

The attack surface will carry on expanding, and complexity will continue to rise. Therefore, in this environment, the ability to prioritise is going to be the key differentiator.

As organisations continue to mature their CTEM programs, they are no longer just trying to find problems. They are trying to gain a better understanding of their risk and be more proactive.

The key to success is not how many problems are discovered, but how well the risk is reduced.