ISFCA Exchange

ISFCA Exchange is a coordination framework for sharing indicators of financial threats. The programme helps organisations compare signals more quickly, identify recurring schemes, and strengthen protective measures without excessive disclosure of sensitive data.

What It Is How It Works What Data Is Shared Confidentiality Who Participation Is Intended For Frequently Asked Questions

What Is ISFCA Exchange

ISFCA Exchange is a voluntary programme for sharing verifiable threat indicators: domains, telephone numbers, communication templates, technical traces, signs of false regulatory requests, and other information that helps dangerous schemes to be recognised quickly.

The programme creates a shared observation framework: when several market participants see matching indicators, the fraudulent model can be confirmed more quickly and a warning can be issued before harm becomes widespread.

Important: ISFCA Exchange does not replace mandatory reporting, legal procedures, or organisations’ internal rules. It is an additional coordination layer that improves the speed of assessment and the quality of prevention.

How It Works

The exchange is structured around concise, verifiable signals that are useful for response.

Signal submission: a participant submits threat indicators together with a brief context of observation.
Comparison: ISFCA compares the material with known cases, warnings, and typologies.
Analytical assessment: the recurrence of the pattern, the scale of risk, and the appropriateness of publishing a warning are assessed.
Feedback: participants report which control measures proved effective and which indicators were confirmed in their environment.

Practical outcome: the time between the initial signal and a meaningful response is reduced — from verifying contacts and blocking domains to updating monitoring scenarios and client warnings.

Confidentiality and Data Handling

ISFCA Exchange operates on the principles of minimisation, proportionality, and purpose limitation. Priority is given to threat indicators and analytical value rather than the accumulation of excessive personal data.

Need-to-know principle: only information necessary for prevention and risk mitigation is shared.
Minimisation: where the task can be addressed without personal data, an anonymised or aggregated format is used.
Traceability: context, date of observation, and a minimal set of supporting materials are essential.

Who Participation Is Intended For

ISFCA Exchange is intended for organisations and functions that directly influence the level of protection for users and the market, including banks, payment services, investment platforms, crypto providers, marketplaces, and compliance, risk, security, and investigation teams.

For private individuals, the website provides a separate channel through the “Report”. Such reports are also used as an important source of signals for the overall threat picture.

Frequently Asked Questions

Is participation mandatory?
No. The programme is based on voluntary sharing of useful threat indicators and does not replace mandatory regulatory procedures.

Can only generalised indicators be shared, without sensitive data?
Yes. In many scenarios, domains, contact details, message templates, and a brief description of the observation are sufficient.

Does ISFCA request access to wallets, accounts, or devices?
No. ISFCA does not request seed phrases, private keys, verification codes, or remote access.