How Apate.ai Is Using AWS to Help Banks Combat a $2bn Problem and Get Ahead of the Scam Prevention Framework

Table of contents

The scale of the scam problem in Australia

Scams continue to impose a significant and evolving threat to Australia’s financial system. According to the ACCC’s Targeting Scams Report, Australians reported $2.18 billion in scam losses in 2025, across 481,523 reports, with 274,577 involving a financial loss.  

These losses are far from evenly distributed. Investment scams alone accounted for $837.7 million, followed by payment redirection, romance, phishing, and remote access scams. The scale of these figures underscores the financial and societal impact of scam activity, but they reveal only part of the picture.

Equally important is the intelligence contained in reports that do not result in financial loss.  

The ACCC highlights that these interactions provide valuable insight into how scams are executed and how they can be disrupted before harm occurs. This perspective shifts the focus from responding to fraud after the fact to identifying and acting on early signals of scam activity.

SPF: a regulatory shift toward proactive intervention

The Scam Prevention Framework (SPF) formalises this shift in expectation. From 1 July, banks will be required to demonstrate that they are not only responding to scams but actively preventing them, elevating scam prevention to a board-level responsibility.

Under the SPF, actionable scam intelligence extends well beyond transactional data. It includes any information that provides reasonable grounds to suspect a scam, such as:

  • Phone numbers  
  • URLs  
  • Social media profiles  
  • Digital wallets  
  • Bank account details  

These artefacts represent the operational infrastructure that scams depend on. The framework also introduces clear timing expectations, requiring organisations to investigate actionable intelligence within defined timeframes and, where possible, detect scam activity as it occurs.

This regulatory evolution changes the standard by which banks are assessed. Success is no longer measured solely by the ability to detect fraudulent transactions, but by the capacity to identify and act on scam activity early enough to prevent customer harm.

The Visibility Gap in Modern Fraud Operations

Despite significant investment in fraud detection technologies, most banking systems remain inherently transaction-centric. They are designed to respond to anomalies in payment behaviour, account activity, or customer interactions once a financial event is imminent or underway.

However, scams typically begin long before any transaction takes place. They unfold through conversations - via phone calls, messages, or online interactions - where trust is cultivated, authority is established, and victims are gradually persuaded to act.

This creates a visibility gap. Banks see the financial outcome of a scam, but not the preceding manipulation that leads to it. Mule accounts, for example, are often identified only after multiple transactions have occurred, and intelligence about scam infrastructure is frequently fragmented across institutions.

Apate.ai: intelligence from inside scam operations

Apate is embedded directly into the channels where scams happen, gathering unique data from the mouths and keystrokes of scammers themselves.  

Across voice, SMS, and digital messaging platforms, thousands of advanced conversational AI agents operate as intended victims. When scam attempts are detected, traffic is deliberately diverted toward these agents. Instead of reaching a real person, the scammer reaches Apate.

Thousands of diverse agents (with different genders, ages, accents, languages and even personas) are activated to respond in real time, keeping scammers engaged and allowing the interaction to unfold naturally. As it does, the operation begins to reveal itself. Payment instructions are shared, fraudulent bank accounts are disclosed, malicious links are sent and wallet addresses, phone numbers, and scripts surface as part of the flow.

That intelligence is structured immediately and fed into banking fraud workflows, allowing institutions to identify infrastructure while campaigns are still active.

Apate’s platform data shows that 57% of mule accounts are identified upstream, before they would typically be detected through traditional banking processes.

This is AI used offensively against organised fraud. The same technology that has accelerated digital communication is now being used to dismantle the business models of scammers globally, reducing their margins, disrupting their infrastructure, and making coordinated fraud increasingly difficult to sustain.

Insights from inside scam operations

What becomes clear when you observe scams from inside live interactions is that they are rarely chaotic. They are organised, repeatable, and often campaign-based. Below are examaples of some conversations that Apate has surfaced:  

Medicare Data Harvesting and Impersonation Scams

In one recent month, 33% of the inbound scam calls observed by the platform were Medicare phishing, highlighting a huge push for scammers to harvest healthcare data.

The script barely changed, mainly citing a ‘friendly receptionist’ from the local gp clinic who was looking to ‘verify details’ relating to a patient’s records.  

This campaign illustrated a concerted and coordinated campaign designed to extract names, dates of birth, Medicare numbers and other personal information that could be reused or resold.

Investment Scams

Investment scams follow a different structure, but the mechanics are equally deliberate.

In one interaction, a scammer claimed to be an investment expert, with the peculiar strategy of 'buying high and selling low.'" The mistake was almost comical, however they persisted and rebuilt credibility by being transparent about prior losses. A small initial trade was used as proof of competence, with $1,500 allegedly turning into $8,000 in a matter of days.  

Romance Scams

Romance scams unfold more slowly.

In one extended exchange, the conversation drifted into everyday detail, including a discussion about cooking paneer curry. There was no immediate financial pressure. The pacing was intentional. Emotional investment preceded financial instruction. Only later did the narrative shift toward money.

Individually, these interactions might seem anecdotal. Viewed at scale, they show something more significant: coordinated activity built on shared infrastructure and repeatable tactics.

How AWS Bedrock enables real-time scam intelligence

Delivering this capability at scale requires robust and flexible infrastructure. Apate leverages AWS to support thousands of concurrent scam engagements across voice and messaging channels, ensuring that interactions can occur continuously and in real time.

At the core of this architecture is Amazon Bedrock, which powers the conversational intelligence of Apate’s agents. Bedrock enables the agents to generate adaptive, context-aware responses, allowing conversations to evolve naturally based on the behaviour of the scammer. This dynamic engagement increases the depth and quality of intelligence that can be extracted from each interaction.

AWS also provides the scalability and resilience necessary to process large volumes of unstructured conversational data. Intelligence derived from these engagements is structured and delivered into banking systems in real time, ensuring that it can be acted upon without delay.

Through this partnership, AWS supplies the technological foundation, while Apate delivers the intelligence layer that transforms live scam interactions into actionable insights for financial institutions.

What this means for banks under SPF

The introduction of the SPF is reshaping how banks approach scam prevention at both operational and governance levels. Executive and board discussions are increasingly centred on the timing and quality of intelligence rather than solely on detection metrics.

Key questions now include:

  • Where are the organisation’s visibility gaps?  
  • How early can emerging scam campaigns be identified?  
  • Can mule accounts be recognised before they are used?  
  • Is there clear, evidence-based documentation demonstrating that preventative action was taken?  

These considerations reflect a broader shift toward intelligence-led fraud management. Banks are expected not only to respond effectively to incidents but also to demonstrate proactive measures that prevent scams from reaching customers in the first place.

Conclusion: a new operating model for scam prevention

The Scam Prevention Framework marks a significant evolution in Australia’s approach to combating scams. By emphasising early intervention and actionable intelligence, it encourages financial institutions to move beyond reactive detection toward a more proactive and preventative model.

Apate.ai plays a central role in enabling this transition by providing real-time, evidence-grade intelligence derived from within scam operations themselves. Supported by the scalability and advanced AI capabilities of AWS and Amazon Bedrock, this approach offers banks a practical pathway to meeting regulatory expectations while strengthening customer protection.

As scams continue to evolve in scale and sophistication, the ability to observe and disrupt them at their source will become an essential component of modern fraud operations.

Book a threat intelligence briefing to see how Apate.ai can support SPF readiness and strengthen your fraud defences.

Join us in revolutionising scam 
prevention into a proactive force for change.

Book a Demo

Let’s work together.

We work closely with each client to understand their unique requirements and provide a solution that fits. Reach out for a personalised consultation and to explore how our technology can transform your scam prevention and intelligence strategy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.