Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.

A toll-service operator is moving to shut down fake shops and phishing that target its customers. ASFINAG Maut Service GmbH plans a single-supplier framework to detect threats early and remove malicious sites that mimic its online toll shop.

What is being bought

ASFINAG Maut Service GmbH has launched the Fake Shop Detection and Takedown (FSDT2025) framework, published in October 2025.

The brief is direct: detect and prevent phishing, fraud and scams aimed at the toll shop, and take down fake sites quickly. The framework will be awarded to a single company. The buyer wants early warning and active defence to protect users and safeguard the integrity of its online sales.

Key elements signalled in the notice include:

Detection of phishing, fraud and scams.
Early intervention to “fend off” attacks.
Removal of fake shops that impersonate the toll brand.

The procurement is structured as a framework agreement, giving the buyer flexibility to call off services as needed while maintaining a single point of accountability.

Why now: more digital sales mean more impersonation risk

The move sits alongside a broader push by the toll operator to expand digital channels. In May 2022, the organisation sought partners to distribute digital short-term vignettes and route toll products online, aiming to accelerate e‑commerce for road access (distribution partners procurement). In July 2025, it went further, seeking an in‑car system for the sales and booking of digital toll products, signalling a shift towards embedded, vehicle‑based payments (in‑car toll payment procurement).

As payment and distribution options multiply, the risk of brand impersonation grows. Fake shops exploit consumer trust, harvest payment credentials, and can divert revenue away from legitimate channels. A targeted detection and takedown service is a pragmatic response: it aims to find malicious lookalike sites early and remove them before users are caught out.

Public bodies tighten the net on fake sites

The framework aligns with a wider public‑sector trend to monitor the web proactively and disrupt fraud at source:

In November 2024, the UK’s financial regulator sought a supplier to scan the web and take down scam infrastructure, including fraudulent websites, phone numbers and social media accounts that target consumers (proactive monitoring and takedown service).
In July 2024, motorway operator Sanef/Sapn moved to deploy secure transaction systems for heavy goods vehicle parking, reflecting a drive to harden payment points in the road network (car park transaction management systems).
In July 2023, Frontex launched framework contracts to develop and support the False and Authentic Documents Online system, an EU platform for sharing information on document security and falsification methods (FADO frameworks).
In January 2024, a national food‑chain regulator sought services to operate a fraud detection system that improves transparency and communication about fraud risks across the supply chain (fraud scoring system).

Alongside operational disruption, public buyers are investing in prevention and training. In August 2025, the national IT agency in Malta sought a cloud platform for security awareness, including a phishing simulator and training content (security awareness and phishing simulator). In June 2025, a national shared services body for health systems sought support to adjust a new model for combating fraud and waste, including software development and fraud management services (fraud and waste management services).

These examples underline a pattern: authorities are pairing tighter controls at the point of transaction with upstream monitoring and takedown. The aim is to reduce the opportunities for criminals to impersonate trusted brands and intercept payments before the damage spreads.

Scope, governance and what to watch

The ASFINAG framework signals several practical priorities:

Consolidation with one supplier for clear accountability.
Real‑time monitoring oriented to early detection.
Direct action to remove fake shops impersonating the toll service.

The notice does not set out technical requirements or service levels. That limits visibility on the scale of monitoring, response times, and the jurisdictions covered for takedown. The outcome will hinge on how quickly the chosen supplier can detect threats and coordinate removal with hosting providers and platforms.

There is also a strategic link to the buyer’s broader digital roadmap. As the toll shop moves into more channels, including in‑car purchasing, any anti‑fraud service will need to keep pace with new points of interaction and user journeys. Ensuring that takedown efforts are coordinated with customer communications and payment processes will be key to maintaining trust.

Other public bodies are making adjacent moves to harden identity and payment flows. In November 2025, a government office planned a framework for secure identification systems, goods and services (secure identification framework). In March 2025, the interior ministry in France sought document‑fraud prevention equipment for police, gendarmerie and customs, from automatic readers to video control stations (document fraud prevention equipment). The direction is clear: strong identity, secure payments, and rapid disruption of fraud infrastructure.

Outlook: Watch for the award decision and any published details on performance measures for detection and takedown. Also look for how the framework interfaces with the buyer’s ongoing work on digital toll distribution, including in‑car purchasing. Together, these moves will shape how motorists buy toll products online and how the public sector counters the fake shops that follow.

Highway toll service targets fake shops and phishing