Michal Tresner is CEO of ThreatMark, a behavioral intelligence and fraud prevention company serving banks and financial institutions.

Every day, Americans lose money to scams that begin with an advertisement on social media and end with a bank transaction. Banks pay the resolution costs, while social media companies pocket the scammer’s ad revenue and user engagement.

The Safeguarding Consumers from Advertising Misconduct Act (SCAM), introduced into Congress in February with bipartisan support and ABA endorsement, does well to fix this imbalance. It deserves to pass. But anyone who believes platform advertising accountability alone will significantly reduce fraud hasn’t looked closely at how fraud actually works in 2026.  

SCAM gets it right in requiring social media companies to verify advertiser identity, investigate scam reports, and face FTC enforcement for non-compliance. Those are meaningful obligations. 

Moreover, these outcomes from SCAM would help address ABA President Rob Nichols’ concern that banks cannot be the only institution held accountable. Indeed, over two thirds of payments fraud originates on social media and search platforms, and Meta earns an estimated $7 billion in annualized revenue from scam ads, or roughly 10% of total revenue, according to UK Finance.

Fraud extends beyond platform ads

While SCAM covers search advertising and fake investment ads, the larger challenge of reducing fraud originating on social media needs a broader, ecosystem approach. 

For example, romance scams will not be effectively addressed by SCAM. This type of social engineering fraud can unfold over months of direct messaging that doesn’t rely on advertisements. 

Victims of this kind of fraud believe that they are freely making legitimate payments to romantic partners or to their bank's fraud department. 

By the point of transaction, the manipulation is complete and the transaction appears authorized, originating from recognized devices at familiar locations. The controls in SCAM alone can’t touch this. 

Banks know the limits of upstream controls, because banks are the last line of defense. But without broader liability on platforms, banks have to invest into resources that go above and beyond their last resort role.

Customer awareness programs, phishing defenses and other necessary fraud prevention strategies are set up before payment is initiated because banks know that, at deep regulatory and reputational cost, it’s too late to address fraud at the point of transaction.

Liability attaches to banks regardless of where the fraud starts. For instance, the U.K.’s Payment Systems Regulator (PSR) framework requires banks to reimburse authorized push payment fraud victims up to £85,000 (roughly $113,000 USD), with 86% of claims paid in the first three months. U.S. regulators are actively watching the U.K. model as a potential template.

So, even under SCAM, platform liability remains limited to the advertising unit, which is a structural issue. If liability shifts more broadly to the platforms themselves, social media companies will be incentivized to invest in prevention alongside the banking sector rather than treat fraud as an acceptable cost of doing business, or worse, an indirect source of revenue.

That said, it is true that even aggressive platform enforcement won't stop all fraud from reaching banks. 

There are verification gaps, where fraudsters shift to verified accounts using stolen identities or exploit platforms with weaker controls. Non-advertising vectors beyond romance scams such as impersonation will always be challenging to mitigate, even with a more collaborative ecosystem approach.  

Connecting the dots before payment

Greater liability on the platform side will incentivize social media companies to work with banks to connect the dots before the point of transaction, going beyond simple transaction monitoring that struggles to uncover broader behavioral patterns indicating fraud.

For instance, these patterns may include session timing anomalies suggesting users are following external instructions; navigation hesitation indicating user unfamiliarity with a process; device positioning revealing active phone calls during sensitive transactions; or typing pattern changes caused by stress or coaching. All of these signals are better identified through an ecosystem-wide view.

Neither banks nor social media companies can connect those dots alone. Each has only half the picture. The fraud lifecycle runs across both systems, and criminal networks exploit exactly that seam. More support on the platform side will help all parties stay ahead as fraud patterns continue to evolve.

The SCAM Act represents progress toward shared accountability for social platforms, as banks and financial institutions are already held to a high standard regardless of where the fraud originates, and banking leaders are right to advocate for it. 

But passing the bill and declaring victory would be a mistake. Banking leaders should be equally vocal about building shared defenses through behavioral analytics, real-time monitoring and cross-institution intelligence sharing. 

The end goal here should be for platform controls to reduce scam volume; bank defenses catching what gets through; and shared intelligence disrupting the networks running both.