From Facebook Live to PayNow QR Codes: The AML Risk Behind Lucky Draw Scams in Singapore

The scam started on Facebook Live.

But for banks, payment firms, wallets, and compliance teams in Singapore, the real risk begins after the victim scans the QR code.

The Singapore Police Force recently warned the public about lucky draw scams involving Facebook Live. Victims were lured through livestreams promoting scratch cards or lottery tickets. After buying them, they were told they had won large cash prizes. To claim the prize, they were then asked to transfer more money as “administrative fees”.

In most cases, the payments were made through PayNow QR codes linked to a Liquidpay account.

That detail matters.

Once the victim authorises the transfer, the scam is no longer just a social media deception. It becomes a money movement problem.

Funds enter the financial system. They may move through payment accounts, bank accounts, wallets, mule accounts, or other channels before the victim realises the prize does not exist.

For financial institutions, the question is not only how the scam began.

It is where the money went next.

What Happened in the Facebook Live Lucky Draw Scam?

The scam followed a simple but effective pattern.

Scammers used Facebook Live to promote scratch cards or lottery-style offers that appeared to give participants the chance to win cash prizes. Victims who engaged with the livestream were told they had won a large amount of money.

But before they could receive the supposed winnings, they were asked to pay additional charges. These were framed as administrative fees, processing charges, or other payments needed to release the prize.

Victims were then directed to make payments through a PayNow QR code.

From the customer’s side, the transfer looked legitimate. The victim scanned a QR code, authorised the transaction, and completed the payment. The problem was that the payment was made to an account controlled or used by the scam network, not to a genuine prize organiser.

By the time the victim realised that no prize was coming, the recipient account may already have moved the funds elsewhere.

This is what makes the case important for financial institutions. The scam begins on social media, but the proceeds move through financial channels.

Why This Matters for Singapore Financial Institutions

Singapore has one of the most advanced real-time payment environments in the region. PayNow, FAST, wallets, and digital payment channels make transfers fast, convenient, and widely accessible.

That same speed can be exploited by scammers.

Lucky draw scams may involve relatively small individual payments, but the risk grows when multiple victims are directed to the same receiving account, QR code, or payment channel. What looks like one customer making a low-value transfer may actually be part of a wider scam collection pattern.

For banks, payment service providers, wallet operators, and fintechs, this creates three challenges.

First, the payments are authorised by the victims themselves. This means the transaction may pass authentication checks even though the underlying purpose is fraudulent.

Second, QR codes can reduce visibility for the customer. The victim may believe they are paying a fee to claim a prize, while the receiving account may not match the stated purpose.

Third, scam proceeds can move quickly. Once the payment lands, funds may be transferred onward, withdrawn, split, or moved across accounts before the victim reports the fraud.

This is why authorised push payment scams and QR-enabled fraud require more than basic transaction monitoring.

They require behavioural, network, and beneficiary-level detection.

The MAS Angle: Scam Controls Are Now a Compliance Priority

For Singapore financial institutions, scam prevention is no longer just a customer protection issue. It is also a governance, monitoring, and regulatory expectation.

MAS has sharpened expectations around scam-risk mitigation, customer protection, transaction monitoring, and institutional accountability. The Shared Responsibility Framework reinforces the need for financial institutions to maintain effective anti-scam controls and respond appropriately when scam losses occur.

This matters because QR-enabled lucky draw scams sit directly within that risk environment.

A victim-authorised payment may not look suspicious at the point of authentication. But if the receiving account is collecting payments from multiple unrelated victims, moving funds rapidly, or showing mule-like behaviour, the financial institution needs a way to detect and investigate that pattern.

Where scam proceeds move through an account, the issue may also become relevant for suspicious transaction reporting. The institution may need to assess whether the receiving account is being used to collect, layer, or move criminal proceeds.

In short, the fraud signal and the AML signal are connected.

The scam creates the payment.

The money trail creates the compliance risk.

The Money Trail Behind Lucky Draw Scams

A typical money movement pattern in a lucky draw scam may look like this:

1. Scammers promote a fake prize, lottery, or scratch card offer through Facebook Live.
2. Victims are told they have won and must pay a fee to claim the prize.
3. Victims scan a PayNow QR code and authorise the transfer.
4. Funds land in a payment account, wallet, or bank account used by the scam network.
5. The receiving account pools payments from multiple victims.
6. Funds are rapidly moved to other accounts, withdrawn, or layered through additional channels.

The scam depends on trust at the front end and speed at the back end.

The victim believes the livestream.
The QR code makes payment easy.
The account receives the money.
The network moves it before detection.

For compliance teams, the key risk is not only the first payment.

It is the movement after the payment.

The Mule Account Risk

Lucky draw scams need receiving accounts.

These may be mule accounts, compromised accounts, newly opened accounts, payment accounts, or accounts rented or controlled by intermediaries. Their role is to receive scam proceeds and move them onward.

The account holder may not be the scam organiser. In some cases, the account may belong to a mule. In others, credentials may have been compromised or the account may be part of a wider payment collection network.

The receiving account may show patterns such as:

• Multiple inbound transfers from unrelated individuals
• Similar payment amounts from different victims
• Payment references linked to prizes, lucky draws, scratch cards, or fees
• Sudden transaction spikes after a period of low activity
• Rapid outbound transfers after funds are received
• Transfers to common beneficiaries or linked accounts
• Movement from payment accounts into bank accounts or wallets
• Cash-out or onward transfer shortly after credit

Individually, some of these transactions may not trigger concern.

Together, they may reveal a scam collection account.

Red Flags Banks and Payment Firms Should Monitor

Facebook Live lucky draw scams can generate warning signs across customer behaviour, payment flows, and account activity.

Key red flags include:

• Multiple small or mid-value inbound payments from unrelated senders
• Sudden inflows into an account with no clear business or fundraising profile
• Payment references mentioning lucky draw, prize, lottery, scratch card, admin fee, or processing fee
• QR-linked payments flowing repeatedly to the same beneficiary account
• Rapid onward transfers shortly after incoming payments
• Funds split across multiple accounts after receipt
• Newly opened accounts receiving frequent credits soon after onboarding
• Dormant or low-activity accounts suddenly becoming active
• Receiving accounts with no clear economic rationale for the payment volume
• Common beneficiaries, devices, IP addresses, or phone numbers across several accounts
• Customer complaints or scam reports linked to the same recipient account

The strongest signal is often not one transaction.

It is the repeated pattern of many victims paying into the same or connected accounts, followed by rapid movement of funds.

Why Traditional Monitoring May Miss the Risk

Traditional monitoring systems may struggle with this scam because the payments can appear legitimate at first glance.

The customer authorised the transfer.
The amount may be small.
The payment channel may be normal.
The beneficiary account may not have a known risk history.

But scam proceeds often reveal themselves through clustering and velocity.

An account receiving one SGD 50 payment may not look suspicious. But an account receiving dozens of similar payments from unrelated senders within a short period, followed by quick outbound movement, deserves attention.

This is where financial institutions need monitoring that can connect:

• Sender diversity
• Payment references
• QR payment patterns
• Beneficiary account behaviour
• Fund movement speed
• Shared device or identity links
• Prior scam complaints
• Related account networks

The risk becomes visible when these signals are viewed together.

Why Fraud and AML Teams Need a Shared View

Lucky draw scams sit at the intersection of fraud and AML.

The fraud team may see the victim complaint.
The payments team may see unusual PayNow QR activity.
The AML team may see pooling, layering, and onward movement.

If these signals sit in separate systems, the institution may only see fragments of the risk.

A unified view helps teams understand whether a recipient account is simply involved in one disputed payment or whether it is part of a wider scam proceeds network.

This matters because scam proceeds do not stop being a fraud issue once they leave the victim’s account. Once they enter mule accounts or are layered through multiple channels, they become an AML issue too.

The same money trail can support fraud investigation, suspicious transaction reporting, mule account detection, and network disruption.

What This Means for Singapore Compliance Teams

For Singapore banks, fintechs, payment institutions, and wallet providers, this scam highlights three practical lessons.

First, QR-enabled payments need beneficiary-level monitoring. It is not enough to know that a customer authorised a transfer. Institutions need to understand whether the receiving account is showing scam collection behaviour.

Second, low-value payments can still create high-risk patterns. Lucky draw scams may involve smaller transfers, but volume, repetition, and rapid movement can indicate organised fraud.

Third, fraud and AML monitoring must work together. Scam proceeds can move from victim payments into mule accounts, payment accounts, bank accounts, wallets, or cash-out channels. Detection improves when these signals are connected.

In real-time payment environments, speed is critical.

By the time a scam is reported, the funds may already be gone.

How Tookitaki Helps Detect These Patterns

Tookitaki’s FinCense platform helps financial institutions detect financial crime patterns that cut across fraud, AML, mule accounts, and payment abuse.

For QR-enabled lucky draw scams and authorised push payment fraud, FinCense can help identify:

• Multiple victim payments into a common beneficiary
• Unusual inbound velocity into personal or payment accounts
• Rapid onward movement after credit
• Mule account behaviour
• Sender and beneficiary clustering
• Suspicious payment reference patterns
• Payment account and bank account linkages
• Dormant account reactivation
• Shared device, IP, or identity indicators
• Links between fraud complaints and AML typologies

FinCense also leverages the Anti Financial Crime Ecosystem, a shared typology intelligence network that helps institutions stay updated on emerging scam and laundering patterns across markets.

With unified case management, investigators can review customer behaviour, payment history, beneficiary relationships, related entities, alerts, and red flags in one place. This helps reduce investigation time, improve case quality, and support stronger suspicious transaction reporting.

The Bigger Lesson

The Facebook Live lucky draw scam is not just a social media scam.

It is a reminder that scams need payment infrastructure to succeed.

They need QR codes.
They need receiving accounts.
They need fast transfers.
They need mule networks.
They need ways to move funds before victims realise what happened.

For Singapore financial institutions, the key question is simple:

Can your monitoring system detect the money trail behind the scam?

Because in cases like this, the livestream creates the illusion.

But the payment flow reveals the risk.