Fighting Cyber-Enabled Fraud 2025

Beyond the names and numbers layer, multiple infrastructure domains offer structural opportunities for upstream prevention. Telecommunications infrastructure – including mobile networks, SMS routing systems and voice services – can implement authentication and verification measures that raise the barriers to abuse. These require a close support and alignment of national authorities to enforce the homogeneous application of such measures across the ecosystem. Cloud and hosting services – including reverse proxies, content delivery networks and managed hosting – have the capability to embed abuse detection and verification mechanisms into their service offerings. Payment systems and financial intermediaries can apply risk-based controls that disrupt fraud monetization pathways, while identity and authentication services can strengthen verification processes that make impersonation more difficult. Each of these layers represents an opportunity for service providers, platforms and intermediaries to implement upstream safeguards that structurally reduce the operational capacity available to bad actors, often while improving service quality and trust for legitimate users. While the results will no doubt vary across digital infrastructure services and individual providers, the evidence points to meaningful opportunity: preventive controls reduce criminals’ ability to acquire and operationalize digital infrastructure to further their schemes. A call for industry stakeholders to strengthen preventive controls Preventive actions must focus on structurally reducing bad actors’ ability to acquire, build or operationalize upstream digital infrastructure. Rather than relying solely on reactive takedowns or end-user vigilance, prevention seeks to embed systemic safeguards at the foundational layers of the internet – where abuse begins. By reinforcing integrity and accountability in domain registration, hosting, telecommunications and identity provisioning, prevention measures can shrink the surface area available for cyber-enabled crime and protect citizens long before harm occurs. Action 1 – Strengthen risk-based customer due diligence practices in digital infrastructure services: Based on the above, upstream digital infrastructure service providers should be required to implement risk-based customer due diligence practices.51 For standard and lower-risk services, validation should at the very least include syntactical error checking and verification that key attributes (e.g. name, organization, contact information, country) are consistent, complete and demonstrably linked to a real, reachable entity.52 Such a practice would be consistent with requirements outlined in the EU’s Network and Information Systems Directive 2 (NIS2).53 For higher-risk services – such as bulk domain registration and bulk messaging services – providers should require the use of traceable The Global Cyber Alliance takes a systemic approach to fostering collective action among internet infrastructure operators. Building on the global success of MANRS for routing security, our data-driven and community-based model powers initiatives like Domain Trust and AIDE – uniting registries, registrars, hosting providers and network operators to tackle abuse and measure real-world impact. Leslie Daigle, Chief Technical Officer and Internet Integrity Program Director, Global Cyber Alliance Fighting Cyber-Enabled Fraud: A Systemic Defence Approach 13