The democratization offered by AI is making it easier for low-skilled, inexperienced bad actors to launch high-impact schemes.
Even the “deep web,” which unlike the dark web, includes hidden parts of the internet that can be accessed without a special browser for maintaining anonymity, can be a hotspot for fraudsters, Alex Hall, trust and safety architect at AI-powered fraud management platform Sift, told Bank Automation News, an Equipment Finance News sister publication.
A former fraudster who targeted financial institutions, he said secure messaging apps such as WhatsApp and Telegram are particularly favored by scammers.
Fraudsters will ultimately pursue any avenue they believe will lead to success, and no organization is immune. Fintechs, small credit unions and large banks are susceptible, Hall said, adding that collaboration within the financial services sector is critical for successful fraud prevention.
“Industry collaboration is huge when it comes to fighting fraud,” Hall said. “Fraudsters don’t stick to just one platform, so we can’t either.”
Amanda Balmer, financial crimes risk officer at the $8.7 billion Pennsylvania State Employees Credit Union, agrees. She told BAN that the accessibility of AI tools combined with dark web resources provides fraudsters with more tools to carry out scams, fundamentally altering the fraud landscape in terms of frequency and diversity of attacks,
“It’s extremely important to ensure all digital security teams are working together to identify signs of such attacks prior to them impacting your members/customers,” Balmer said.
For Citizens Bank, outpacing fraud also means continuously investing in new tools, solutions, data insights and staffing, Jen Martin, head of fraud and disputes at the $217 billion Citizens, told BAN.
“Scams are going to become much more realistic and harder to identify — it’ll be harder to know what’s fake and what’s real,” Martin said. “As the threats evolve, and they’re evolving quickly, you want to have the right tools in place to see those threats changing very quickly, and then adjust your strategy.”
The industry is on notice.
As digital banking and AI-enabled scams rise, FIs and regulators alike are adjusting their strategies, prioritizing cross-industry collaboration and tech investment. The following guide incorporates “best practices” strategies from financial services leaders interviewed by BAN:
FBI strategy
The FBI has adapted with proactive strategies to stay ahead of increasingly sophisticated fraud operations, an FBI spokesperson told BAN, outlining the bureau’s strategies:
- Rapid fund recovery: Using the Financial Fraud Kill Chain (FFKC) to help victims freeze stolen funds quickly;
- Crypto and decentralized finance tracking: Leveraging blockchain tools and the Illicit Virtual Asset Notification platform to trace and disrupt illicit crypto transactions;
- AI threat monitoring: Tracking fraud actors using AI and sharing trends to help prevent attacks;
- Dark and deep web surveillance: Monitoring forums and Telegram markets for stolen data, fraud services and laundering schemes;
- Compliance advocacy: Promoting strong KYC practices and educates institutions on evolving fraud tactics; and
- Public-private collaboration: Partnering with banks via its InfraGard program, task forces and IC3 alerts to share threat intelligence and stop fraud early.
Shifting strategies
In addition to increased collaboration between the public and private sectors, international and regional regulators are beginning to work cohesively to combat fraud, Richard Hills, senior managing director at financial crimes advisory firm K2 Integrity, told BAN.
“We’re seeing a clear shift in regulatory expectations from ‘box-ticking’ toward demonstrable effectiveness,” Hills said. “Supervisors are now asking how risk is actually being mitigated — not just whether a policy exists, but whether it’s having the intended impact in practice. This means more attention on data integrity, how data is used, how risk decisions are documented, and how systems respond to emerging typologies.”
“As financial crime moves fluidly between jurisdictions, channels and asset classes, including crypto, regulators are placing greater emphasis on cross-border collaboration and intelligence sharing.”
— Richard Hills, senior managing director, K2 Integrity
Regional regulators such as the FBI, the U.K.’s Financial Conduct Authority and Saudi Arabia-based Gulf Cooperation Council implement international standards developed by global financial crime watchdog the Financial Action Task Force (FATF), such as the FATF’s 40 Recommendations framework for combating money laundering and terrorism financing, he said.
The FATF’s top two priorities:
- Assessing risks and applying a risk-based approach
- National cooperation and coordination.
“Regulatory convergence is gradually becoming a reality, even as differences in local enforcement and risk appetite remain,” he said.
Another notable shift in the past year is the move toward more risk-based and data-driven compliance models, Hills said.
While regulators aren’t mandating AI or machine learning, they are promoting tools that enhance the effectiveness of fraud management programs, he said. In response, FIs are moving beyond static rules to adopt advanced analytics that improve transaction monitoring, customer risk scoring and sanctions screening, he said.
For example, Bankwell Bank utilizes fraud detection and KYC platforms that analyze customer behavior, such as typing speed, device usage and transaction patterns, to detect anomalies that may indicate account takeover or fraud, even if the credentials are correct. Steven Brunner, chief risk officer at the $3.3 billion Bankwell, told BAN.
Direct consumer feedback can be another source of high-quality data, said PSECU’s Balmer. “Reviewing clicks or views for email and video campaigns is not enough — it’s also important to measure the effectiveness based on general feedback from our members and their susceptibility to falling to scams,” Balmer said. “By utilizing a mixture of both quantitative and qualitative data, we’re able to effectively measure the impact of our member outreach and education programs.
“Importantly, regulators themselves are also embracing technology. Many regulators are investing in regtech to enhance their own capabilities, whether in the form of data analytics, machine-readable reporting or risk-based prioritization,” Hills said, adding that AI tools like network analysis and natural language processing offer a clear advantage over traditional systems.
For example, the Securities and Exchange Commission has been using the National Exam Analytics Tool to perform deep analytics since 2014, according to a May 13 report by financial services risk and compliance consultant ACA Group. The U.K.’s Financial Conduct Authority plans to integrate AI capabilities into its compliance platform over the next five year to enhance detection of fraud and market abuse, according to the report.
As a result, supervision is becoming more digitally driven and focused on measurable outcomes, pushing institutions to modernize their compliance strategies accordingly, he said.
Fraud’s ‘inflection point’
The financial services industry is at an “inflection point,” with regard to financial fraud, and this could prove to be in FIs’ favor, Jeff Scott, vice president of fraudtech at digital banking service provider Q2 and a former KeyBank executive, told BAN.
While FIs are still dealing with traditional fraud in addition to rapidly evolving technology-driven fraud, Scott expects FIs to be on better footing as fraud prevention technology becomes more advanced and affordable.
Q2 in January announced a partnership with software firm Alloy to integrate real-time fraud detection into its platform to address risks such as account takeovers and peer-to-peer payment fraud. The digital banking provider plans to roll out new fraud mitigation tools for FIs in the next 12 to 18 months, Scott said.
Q2’s clients include:
- $1.9 trillion Wells Fargo;
- $2.7 billion Avidia Bank; and
- $1.1 billion Texas Security Bank.
Fraud will keep evolving, but the industry will get better at responding more quickly as it depends upon consumer trust to survive, he said.
Editor’s note: This is the third installment of a three-part series and originally appeared in Bank Automation News, an Equipment Finance News sister publication. Click here to view Part 2.
