GSE in a Year: Impact Stories and the Road Ahead

Last month, the GSE team joined other fraud fighters in Lisbon for the Global Anti Scam Alliance Summit. We ran two sessions on 10 June at the Convento do Beato: a Plenary panel and a follow-on workshop titled "GSE in a Year: Impact Stories and the Road Ahead." Between the two, we heard from 18 speakers across government, law enforcement, big tech, telecoms, domains and non-profits. The conversations were honest, the results were concrete, and the momentum in the room was unlike anything we have seen before.

The Plenary set the tone.

Mark Chen, Division Director at GovTech Singapore, shared that between October 2025 and February 2026, Meta removed more than 30,000 fraudulent entities on Facebook and Instagram driven solely by signals shared by GovTech through the GSE. He also described how Singapore law enforcement has been leveraging the GSE league tables to have conversations with underperforming internet service companies ‘to drive action, and to get people to do better’.

Nick Sharp, Deputy Director at the UK National Economic Crime Centre within the National Crime Agency, described the role of the GSE within the context of the UK’s new Online Crime Centre, in which the GSE has been one of the pilot projects. He highlighted the real power of the GSE platform as the fan-out effect: one high-quality signal from a trusted source leading to the discovery of multitudes of connected data points across industry.

Jayde Richmond from the Australian National Anti-Scam Centre, put it plainly: data and intelligence is a public good, and the industry should treat it as one. Jayde announced that Australia is piloting with the Global Signal Exchange, in the context of its new legal framework to enable the sharing of actionable scam intelligence.

André Naumann from Google announced that, in addition to the traditional content reviews and threat actor investigations, its Trust and Safety operations will start tracking DNS infrastructure, and is leveraging the GSE’s league tables in this effort. Google is also proposing a new extended scam scale chain to include the DNS sector, reflecting its critical role in making the fight against cyber crime effective.

Following on from the Plenary, the GSE’s workshop ‘GSE in a year’ brought more impact stories and operational detail, hearing from existing partners on the impact of GSE to their scam fighting activities, and from the next generation of partners on the reasons for joining. The session was moderated by Joyce Hakmeh, and Lucien Taylor did an overview of the first year of GSE.

Mark Chen of GovTech expanded on Singapore's operational metrics, revealing that GovTech has contributed 180,000 high-confidence scam signals directly tied to actual cases and financial losses. Other GSE partners have uncovered at least 80,000 additional scam enablers from the signals shared by GovTech. The GovTech team is excited about the GSE’s Feedback API, which they poll every 5 minutes, and is looking forward to the upcoming push API. Chen noted that GovTech’s activities with partners including GSE results in the blocking of more than 2 million scam attempts every single month, contributing to a massive 28% drop in overall scams across Singapore in 2025 compared to the previous year.

Kiara Magr, Online Fraud Coordinator at the Centre for Cyber Security Belgium, detailed the challenge of sitting on an "enormous treasure of information" from citizens sending in 42,000 phishing emails per day, data they previously could not act upon beyond local ISP rerouting. Magr explained that the GSE serves as a trusted bridge to pass these indicators directly to hyperscalers who can execute immediate infrastructure disruptions. She also applauded the GSE's new push/pull feedback API, noting it creates a critical, transparent loop allowing national institutions to see exactly what takedown or follow-up action was taken on every signal they shared.

Nick Sharp of the UK National Crime Agency showcased a live video case study illustrating the "snowball effect" of public-private data sharing. By pumping legacy, non-personally identifiable material into the GSE as a test pilot, the NCA enabled Google to discover and dismantle a cluster of 50,000 connected fraudulent signals and 5,000 fake sites. Crucially, Google geolocated the operators, allowing the NCA to launch a live criminal investigation with law enforcement in West Africa. Sharp announced that the UK's permissive legal gateway will soon allow the Online Crime Centre to stream real-time personally identifiable information (PII), like email addresses, directly into the GSE to radically close the time window between collection and industry action.

André Naumann framed this operational shift using three figures: 1, 10, and 100. "The 1" represented the definitive zero-to-one infrastructure shift the GSE introduced to the industry. "The 10" highlighted a 10x reduction in signal acquisition costs by eliminating tedious, multi-month data onboarding hurdles. Finally, "the 100" marked the rare achievement of 100% actionability rates, verified during an early cross-platform data-sharing pilot executed natively with Meta.

Alexandra Gerst, Senior Corporate Counsel, Microsoft Digital Crimes Unit, spoke to how the GSE functions as a trusted bridge between national institutions and the major platforms, cutting through the bilateral complexity that previously made this kind of sharing impractical at scale. Highlighting Microsoft's history in cybercrime disruption since 2008, Gerst revealed that Microsoft has already ingested over 20 feeds totaling 160 million signals from the GSE marketplace to accelerate automated platform defence. She showcased how this infrastructure feeds into "strategic disruption operations," citing the takedown of Red VDS, a global criminal marketplace for cheap virtual computers used to orchestrate scaled attacks. Intelligence obtained from the disruption was funneled back through the GSE to neutralize infrastructure across multiple competing platforms, proving that coordinated sharing creates a permanent multiplier effect that opportunistic fraudsters cannot easily outrun.

Konrad Shek, Public Policy and Regulation Director at the UK Advertising Association gave a recorded message, highlighting the early successes of the GSE Advertising Abuse Workstream. Born out of the UK Government’s Online Advertising Taskforce, Shek described how a carrot-and-stick public-private framework led to a successful proof of concept where Google and Amazon exchanged threat signals via the neutral territory of the GSE. Advertising matters in this context, as it is so often the entry point into wider online fraud and financial harm. He noted that the pilot proved there is zero technical barrier to sharing malvertising, cloaking, and phishing signals at scale, setting the stage to bring in wider industry participants to support law enforcement tracking.

Raúl Burgos, Security Policy Manager at Meta, noted that sharing through the GSE removes the legal friction that has historically slowed cross-sector collaboration, because signals shared on the platform belong to the GSE itself. Burgos shared that Meta is now feeding its complete investigator-vetted URL blocklists directly into the marketplace. On average, after Meta enforces against something on its platform, the underlying assets remain in the wild and can continue scamming victims for up to three years. By leveraging automated, per-item feedback APIs, Meta has built radical accountability directly into the default code, allowing partners to understand what Meta did in response to signals shared with it. Meta has great partners, with whom negotiating a data sharing agreement takes on average two years, during which fraud and scamming continues. “The GSE allows us to get sharing right away”.

Six further speakers talked about their reasons for joining the GSE, and what they are hoping to achieve.

Jayde Richmond of the Australian National Anti-Scam Centre explained that Australia is currently at a critical precipice, building an advanced domestic data-sharing framework. She pointed out that Australia's upcoming mandatory legislation has intentionally built in concepts around integration to prevent duplication. This allows corporate entities to automatically fulfill their legal compliance obligations in Australia simply by routing their actionable threat telemetry through established, trusted global utilities like the GSE.

Eli Katz, Founder and CEO of XConnect, compared the rapid-fire ecosystem dynamics to "anti-scam speed dating," where organizations must establish trust instantly, present evidence, and get out before being blocked. Katz announced a major cross-sector integration joining XConnect's global telecoms intelligence with the GSE's internet-layer data grid. Noting that 64% of reported scams involve phone calls or SMS, Katz highlighted that connecting XConnect's live, authoritative numbering and liveness signals across 220 countries with the GSE's domain tracking creates a "one plus one equals three" disruption engine. He cited an e-commerce pilot where authoritative telecom data saved a single provider $75 million, proving phone intelligence is a frontline defense capability.

Takeaki Kanaya of the Japan Trust and Safety Association gave a recorded message, announcing that the JTSA has begun preparations to launch the Japan Anti Scam Alliance (JASA) alongside domestic industry and government partners.

Because modern fraud operates without borders, Kanaya explained that this new framework is actively exploring integration with the Global Signal Exchange. The collaboration aims to connect the GSE's global intelligence capabilities directly with Japan's network, creating a two-way pipeline. This infrastructure will allow Japanese operators to instantly translate global threat data into local disruption, while simultaneously feeding Japan's own emerging signals back into the GSE marketplace to protect the wider international community.

Zuzanna Crawford of Paypal announced their live pilot launched in mid-March, highlighting the GSE's ability to compress the lifetime of a scam by pulling industry into a single centralized clearinghouse. Crawford revealed that PayPal has already interacted with 5.6 million cyber threat intelligence signals across their global investigations, InfoSec, and fraud prevention teams. The pilot has yielded significant early success indicators, including validating known platform frauds and uncovering a highly sophisticated, hidden network of several hundred accounts moving significant transactional volume without firing typical red flags. These accounts have been restricted, and PayPal has begun uploading its own confirmed malicious email domains and URLs to the shared marketplace.

Jakob Bring Truelsen, CEO of Punktum dk, reported a cleanup efficiency rate of around 96% on his platform. Representing the core registry infrastructure administering the .dk domain space, Truelsen stated that aggressive identity controls since 2017 have made the Danish internet footprint incredibly secure. By plugging into the GSE network to increase signal volume, Punktum dk expects to identify an additional 2,200 infected or malicious Danish domains this year, successfully neutralizing at least 2,000 of them. He framed the partnership as a core commercial differentiator, using the GSE data engine to achieve their explicit corporate mission: making .dk the single safest and most trustworthy place to exist on the global internet.

Mike Haley, CEO of CIFAS announced a new partnership between GSE and CIFAS, leveraging CIFAS’ more nearly 800 UK-based members. Referring to the force-multiplier effect of the partnership, Haley said ‘this is how you scale the fight against fraud’. Haley announced the launch of "ScamLink," a unified kill-chain initiative that funnels customer transaction data from retail banks, insurers, and card issuers straight to GASA and the GSE. He noted that day one of the integration instantly moved 439 signals directly to giants like Google and Microsoft. Rather than requiring 800 separate corporate data-sharing agreements, CIFAS is taking on the legal architecture as an addendum to their existing ecosystem, promising to smash their initial target of 50 integrated members by the end of the week.

Richard Grayburn from The Media Trust offered perhaps the sharpest framing of the day: across the industry, we have built a strong defence, but no team that plays only defence wins a championship. The GSE is how the industry starts to play offence. Drawing on his background leading Amazon’s anti-malvertising operations, Grayburn pointed out the exhaustion of playing whack-a-mole against threat actors deploying 10,000 automated landing pages at a time. He argued that even a 99% clean ad environment across 200 billion monthly impressions leaves an unacceptable volume of victims. The future of the GSE is aggregating landing page data to extract downstream payment rails, bank accounts, and infrastructure markers, allowing tech and law enforcement to coordinate a synchronized, ecosystem-wide "lights out" disruption on target networks simultaneously.

Rounding off the session , Lucien Taylor gave a brief snapshot on what’s next, both from technical development, roadmaps and partnerships. He gave a spotlight to the work of the OXIL Research Team and its large-scale, AI-enabled analysis of ~30 million domain based threat signals.

The session offered a rich and varied overview of both the impact of GSE and the next gen of adopters including membership organisations. Overall, the speakers converged on the same point: the GSE offers something that bilateral agreements and internal tooling cannot, which is speed, scale, and a trusted neutral intermediary platform.


Our Authors