Prepare For The AI Fraud Wave Coming To A Device Near And Dear To You

Forbes

29-05-2025

Hacked displayed on a mobile with binary code with in the background Anonymous mask. (Photo by ... More Jonathan Raa/NurPhoto via Getty Images)
Do you find it exhausting to combat the increasing number of fraud scams lurking in your email inbox? You are not alone. Sophisticated AI enabled organizations are becoming cleverer by the day. Many of us don't notice threats, because some messages seemingly are coming from people we know—until we click on it or download the latest scam—like a party invitation. Yeah, I did.
We may not think or care much about the differences between online fraud and cybersecurity attacks until we experience one firsthand. There are very real distinctions. E.g. fraud typically aims to deceive individuals for financial gain via psychological tactics, while cyber attackers exploit system vulnerabilities.
If you walked with me, around the cyber security vendor booths at this years' RSA Show in San Francisco and saw the billions of dollars being invested to keep people and organizations safe, you may think—oh I'm safe! Sadly, you're not. And now more than ever, there are two types of people, those who have been hit and those who will be.
Cyber attacks tend to dominate the news more, but the fact is that fraud is growing faster. It may go under-reported, and hence it is more insidious (well, fraud's easier to sweep under the rug, since it usually doesn't involve mass exploits of large companies or system infrastructure).
But news about fraudsters targeting surfers phones, a global payments coordinated attack, and a personal experience that tried to take me down recently, all made me wonder about the state of this kind of crime, and a better way to fight it. Given all this uncertainty, let's look at this in light of the growing number and types of incidents, with the prospect of AI making it even worse for any of us.
Fraud is a massive problem that I believe will be accelerating more with AI. The Global Anti-Scam Alliance (GASA) estimates scammers cost consumers over $1.3 Trillion in fraud last year.
In 2024 U.S. consumers reported losing over $12.5 billion due to this kind of crime, a 25% increase from the previous year, that seems low. Scam-related fraud incidents surged by 56%, with financial losses increasing by a whopping 121% in 2024, according to PYMNTS. In comparison, cyber-attacks rose by 30% last year.
Several factors have contributed to its rise besides AI. The COVID-driven growth of e-commerce and digital businesses of all kinds have increased our poorly secured digital footprints, opening them to exploitation.
And where are fraudsters naturally drawn to? Like Deep Throat said in the Watergate era, 'follow the money.' Willie Sutton famously advised robbing banks, because that's where the money is. And hence it is banking and finance that are particularly vulnerable. New fintech apps and real-time payment methods create opportunities to defraud.
In fact, McKinsey & Company projects losses, just from payment card fraud to reach $400B globally over the next decade. It will likely be higher. Part of this will be authorized push payment (APP) fraud which is expected to grow at an 11% CAGR from 2023 to 2027, according to the same report.
Fraud exploits can have wonky names. Perhaps some explanation will help. E.g. the APP fraud referenced above entices victims to part with their money under false pretenses, leaving them on the hook for liability since they authorized the payment.
Synthetic ID fraud combines real and fake information to open accounts and build credit profiles. This kind of 'Frankenstein fraud' is hard to detect because the resulting ID technically doesn't exist but behaves like a real person.
Grandparents beware. AI deepfakes impersonate people via voice, images or video, and can be used to generate synthetic IDs too. According to Raiinmaker CEO, J.D. Seraphine, 'voice-cloning software tricks elderly people out of millions by finding their grandchildren's voices on TikTok and using these sounds to call their 'grandparents' claiming they've been arrested or are hurt and urgently need bail money or medical funds.' Can you hear me now?
Fraudsters Targets: 80 year old using her smartphone to check in with friends and family and share ... More photos on various social networks.
As the name implies, mule account fraud involves recruiting people to move illicit funds through their bank accounts, knowingly or unknowingly.
With friendly or first-party fraud, the user intentionally commits the act, e.g., by disputing a legitimate transaction for a refund (chargeback fraud). It's growing fast in e-commerce and fintech and is hard to detect because it comes from legitimate users.
The bad actors are constantly evolving their tactics, growing increasingly more sophisticated using AI, deepfakes, and social engineering to bypass traditional security measures. There are fraud rings coordinating large-scale attacks that employ bots and rapid-fire automated scripts. AI, the Dark Web and other tools drive down costs and make it easier to scale their fraud organizations.
'More and more business is happening online,' said Jay Chaudhry, CEO of cloud security vendor Zscaler, in a recent interview with me. 'We're all getting interconnected. And as more and more commerce and business happens online, bad guys want a piece of the action without working hard.'
Unfortunately, you can't effectively fight it with brute force technology and tactics alone. New exploits are constantly being introduced, making it hard to predict where fraud will hit next. Businesses and use cases are unique, adding to the challenges of measuring and fighting fraud. All these things mean that the threat landscape is rapidly evolving, the challenges growing—and individuals are paying the price.
Fraud prevention and cybersecurity are plagued by some of the same issues, including evolving threats, automation, and the need for real-time defense. Having the right technology can help in both cases. There is a rich ecosystem of cyber vendors, in fact it's a crowded and mature market. The anti-fraud technology market is growing too, and is segmented by factors including fraud type, deployment mode, enterprise type, and industry.
E.g. Socure provides AI-powered digital identity verification as part of their fraud prevention solutions, typically for large enterprises. Sift specializes in digital trust and safety, offering an AI-powered platform to protect e-businesses from fraud and abuse. Kount has a similar profile, but emphasizes comprehensive protection across the entire customer journey, while Sift focuses on automating fraud decisioning for growth-oriented businesses.
But it's not just about the latest whiz-bang technology. Enterprise leaders need an overarching strategy involving tech and best practices that can keep customers safe and brand reputations pristine, and in compliance with relevant regulations.
The goal is to arrive at a comprehensive anti-fraud approach that proactively defends against existing threats and the 'unknown unknowns.' And perhaps it is here that fraud fighters can learn a thing or two from the cybersecurity crowd.
Another anti-fraud vendor that's getting attention is DataVisor. They are redefining fraud prevention with an AI-powered platform that proactively detects and stops everything from payment fraud to complex financial crimes in real time. Leveraging unsupervised machine learning, advanced link analysis, and a real-time decision engine, DataVisor's cloud-native solution scales effortlessly to billions of events per day—empowering businesses to uncover emerging threats before damage is done. So, AI doesn't just make it worse after all.
Forrester recently named the company a leader in their anti-money-laundering (AML) Wave report. Also, Forbes profiled their top execs and the company made our Fintech 50 List.
I had heard their CEO Yinglian Xie speak about the rising fraud threat, and the need for greater industry cooperation; and wanted to find out more. So, we discussed what the company is doing to make a bigger impact in this growing sector—and what we should do next. Yinglian also championed the need for a comprehensive Fraud Prevention Framework, that could be modeled after the National Institute of Standards and Technology's (NIST's) Cybersecurity Framework.
She explained that NIST takes a very proactive approach to cybersecurity, while fraud response is often reactive. CSF is a voluntary framework (rather than a mandate) that helps organizations manage and reduce cybersecurity risks. It focuses on six core functions: Govern, Identify, Protect, Detect, Respond, and Recover.
Yinglian said: 'True resilience requires defending against evolving threats. Conceiving and implementing a framework would help rally the industry against fraud and to stay ahead of these challenges.' The components could mirror the core functions recommended by NIST CSF.
Author and management guru Peter Drucker famously said, 'You can't manage what you don't measure.' This occurred to me when Yinglian explained that improving the measurement of anti-fraud capabilities using benchmarks is critical for identifying gaps and focusing efforts and budgets accordingly. Also, the industry should strive for improvements in information sharing, collaboration, threat intelligence, and post-mortem analysis.
She is asking the industry to join her and the company in shaping the future of anti-fraud efforts. Datavisor will be forming a working group and invites early adopters to participate in sharing ideas for building fraud benchmarks and a framework for 2025 and beyond. My company, Reboot Partners, will be volunteering to help advance these initiatives with governments and the private sector.
Achieving comprehensive anti-fraud capabilities is important for many reasons. It can keep our money safer and protect businesses against reputational impact and large fines. Better fraud-fighting through technology and industry cooperation will accelerate new use cases, reduce financial-related launch delays and strengthen defenses.
Keep an eye on this explosive area for your organization, yourself, friends, family—and your email accounts—more threats arrived in your inbox while you were reading this.