If you live in the Philippines, chances are you’re one of the 66.4 million Filipinos using a fintech app—whether that’s an e-wallet, a digital lending platform, or an e-commerce service. We’ve become one of the most mobile-first markets in Southeast Asia, leading the region with 63% adoption of fintech apps, compared to 55% in Malaysia and 49% in Indonesia. In fact, mobile fintech usage in the region has more than tripled since 2019, and by 2030, projections say 6 in 10 Southeast Asians will be living their financial lives inside apps.
But with this convenience comes a shadow economy. In 2023 alone, scams targeting victims in Southeast Asia drained between $18 billion and $37 billion. Globally, the pattern is the same: the US recorded $12.5 billion in fraud losses in 2024 (a 25% spike year on year), while Europe logged over €6 billion in fraudulent transactions across 2022 and the first half of 2023.
This surge in mobile activity has been met with a corresponding increase in cyber fraud, with scams targeting victims in Southeast Asia resulting in estimated financial losses of between $18 billion and $37 billion in 2023 alone. The United Nations Office on Drugs and Crime notes that this rise is due to scammers’ increasing use of AI and advanced technologies. In the US, consumers lost over $12.5 billion to fraud in 2024, a 25% increase from the previous year, with investment and imposter scams accounting for a significant portion of the losses. In Europe, fraudulent transactions totaled €4.3 billion in 2022 and €2.0 billion in the first half of 2023. A major contributing factor to this fraud is the use of spoofed or synthetic identities, which bypassed Customer Identity and Access Management (CIAM) or biometric checks in over 72% of mobile fraud cases in 2024.
What makes Southeast Asia’s case particularly alarming is the sophistication of fraud tactics here. Synthetic identities and spoofed accounts bypassed security in more than 72% of mobile fraud cases in 2024. The problem isn’t just bad passwords or weak logins anymore. Fraudsters are using AI-generated identities, malware, and deepfakes to trick even biometric systems.
From Shadow IT to Shadow Identities
Cybersecurity pros have a term for this: Continuous Identity Protection. Instead of just checking who you are when you log in, it verifies your identity every single time you open a session, send money, or approve a transaction. That’s where Appdome’s IDAnchor comes in.
We spoke with Jan Sysmans, Appdome’s Mobile App Security Evangelist, who explained how the Philippines’ new Anti-Financial Account Scamming Act (AFASA) is changing the game. The law requires banks and fintechs to roll out real-time fraud management, bot defense, money mule detection, blacklists of malicious sources, and even a kill-switch that lets consumers instantly cut off fraudsters from their accounts.
Sysmans says IDAnchor is built with this environment in mind. It provides app-level recognition of both device and install, basically asking, “Is this really you?” every time without adding friction for the user. By binding an identity to the app itself across installs and sessions, it shuts down fake accounts, click fraud, and “ghost tapping” attacks before they even register.
Rapid Fintech Adoption
- Global Rise: The use of mobile fintech apps has become widespread in Southeast Asia, with mobile fintech app usage rising threefold since 2019.
- Leading the Way: As of May 2024, 49% of the Southeast Asian population uses mobile fintech apps, a number projected to grow to 60% by 2030. The Philippines leads the region in adoption at 63%, followed by Malaysia (55%) and Indonesia (49%).
- The Philippines: In the Philippines alone, 66.4 million people use fintech apps for digital lending, e-wallets, and e-commerce.
The Surge in Fraud
- Financial Losses: In 2023, cyber fraud in Southeast Asia resulted in estimated financial losses of between US $18 billion and US $37 billion.
- US Fraud: US consumers lost over US$12.5 billion to fraud in 2024, a 25% increase from the previous year.
- European Fraud: In 2022, fraudulent transactions in Europe, including credit transfers and card payments, totaled €4.3 billion. The first half of 2023 saw €2.0 billion in losses from fraudulent transactions.
- Primary Method: Over 72% of mobile fraud in 2024 involved spoofed or synthetic identities that bypassed existing security checks.
AI vs. AI
Fraudsters are already using AI to weaponize malware, generate deepfakes, and spoof security signals. The irony is that the same technology being used to power copilots and productivity assistants is also training scams to bypass your defenses.
Sysmans emphasizes that Appdome doesn’t replace existing security systems; instead, it verifies the integrity of the signals those systems rely on. In plain English: it makes sure your anti-fraud tools aren’t being fed fake data.
And the stakes are massive. Organized online crime in Southeast Asia generates close to $40 billion annually. For fintech companies, consolidating defenses—bot protection, API security, and identity verification—doesn’t just cut fraud losses. It also means fewer redundant SDKs, lower operational costs, and fewer sleepless nights for compliance teams.
What companies should be watching
If you’re a business trying to figure out if your defenses are holding up, Sysmans suggests keeping an eye on anomalies before, during, and after authentication. Because here’s the kicker: 60% of fraud happens after login. That’s where Appdome’s Threat Signals and MobileBOT Defense come in, monitoring 400+ attack vectors inside the app to flag things like geo-fraud, spyware, session hijacking, and social engineering attempts.
The bottom line? As our financial lives move deeper into mobile ecosystems, identity itself becomes the new perimeter. In a country as mobile-first as the Philippines, where regulations are tightening and scammers are innovating with AI, the question for companies isn’t just how to keep accounts secure—but how to keep identities trusted.
