08-08-2025
How To Balance Privacy And Protection In The Age Of AI
Dan Pinto is CEO and cofounder of Fingerprint. With over a decade in tech, he is an entrepreneur behind many startups.
It seems like we see a new headline about data breaches every day, with one revealing that 16 billion credentials have been leaked over the years. In other words, data breaches are now a fact of life. As a result, consumers are increasingly more privacy-aware, and companies are looking for or have already implemented solutions to help mitigate the damage of past breaches and/or prevent future ones to ensure business continuity.
However, incidents like the breach reported by LexisNexis Risk Solutions also reveal a troubling irony: The very solutions designed to help prevent fraud and stop data breaches are becoming high-value targets themselves. But when you think about it, it's not that big of a surprise. Many fraud prevention companies require collecting and storing vast amounts of customer and company data to work effectively. The result? A massive treasure trove of valuable information that's highly tempting to bad actors.
The impact of this latest trend is profound. When the companies that suffer data breaches are also the ones tasked with safeguarding financial systems, identities and other valuable information, it doesn't just impact customers—it impacts trust across the entire digital ecosystem.
The Escalating Cost Of Storing More Data
Traditional fraud prevention approaches operate under the assumption that more data equals better protection. Fraud prevention companies are no different, and many also work with multiple third-party vendors (who also collect and store data on their own systems) to strengthen their security.
Yet, each third-party relationship introduces new potential points of failure, and too many organizations compound this risk by storing data in test environments or allowing interconnected platforms access without adequate security checks.
The Identity Theft Resource Center reported 3,158 publicly disclosed data breaches in 2024. While supply chain attacks targeting third-party vendors accounted for a smaller portion of incidents, they had an outsized impact, affecting hundreds of organizations and millions of individuals. The report also highlighted a rise in phishing and business email compromise schemes, with generative AI contributing to more convincing attack tactics.
Because fraudsters are constantly adapting their methods to bypass fraud prevention measures, organizations need to continuously evolve their fraud prevention strategies to effectively safeguard both customer and company data and privacy.
The Modern Approach To Fraud Prevention
Today, no single approach to fraud prevention is effective. As fraudsters become more sophisticated and leverage AI tools, bots and agents, organizations must prioritize flexible and privacy-conscious approaches to deterring fraud rather than assuming extensive data collection and storage is the only path to effective fraud prevention.
Instead, they should create adaptive defenses to suit their specific needs, using a multitude of technologies that aim to detect and mitigate threats while respecting user privacy. These can include implementing solutions that analyze user behaviors and process device and network signals, in addition to continuously training machine learning models on new data to improve risk-scoring methods.
Essential Data Security Practices
As the internet as a whole evolves toward a more privacy-conscious world, organizations must implement additional comprehensive modern measures to protect their systems. Here are a few non-negotiables:
Social engineering attacks continue to be a highly effective fraud tactic, and they're now bolstered by generative AI. It's essential to provide continuous training to staff so they can better spot deepfakes and identify phishing attempts and other manipulation techniques.
Access to company systems should require additional verification on top of the username and password, especially where sensitive data is stored.
Assume any single security layer can be compromised. Implementing multiple security layers, such as device fingerprinting, multifactor authentication and other methods of verification, can help thwart attacks.
Live customer data should never be stored in development environments. Data governance policies should provide clear guidelines on how to handle sensitive data, including the measures that should be taken to protect data from unauthorized access.
What's Next: Course-Correcting For Privacy-Conscious Fraud Prevention
Today's top leaders are recognizing that privacy-conscious approaches offer advantages beyond fraud reduction. Customers value organizations that demonstrate a commitment to protecting their most valuable and personal information, in line with the industry moving towards stricter data protection regulations.
High-profile breaches offer sobering reminders that even the most sophisticated companies are not immune. The recent wave of security incidents across fraud prevention providers should push us to ask tougher questions:
• What assumptions are we still making around fraud prevention that no longer apply?
• Can we build fraud detection that doesn't depend on personally identifiable information (PII)?
• What would a future look like where privacy is the default, not the exception?
Companies that are exploring a diverse set of privacy-forward fraud prevention tools and strategies will be better positioned to minimize risk and maintain customer trust.
The Bottom Line
Fraud prevention is at a turning point. The legacy approach—collecting more data and building more walls—has failed repeatedly in a landscape defined by automated threats, social engineering and AI.
The organizations likely to thrive are those willing to challenge legacy assumptions about what is required to prevent fraud, especially as AI continues to evolve and become ever cheaper and easier to use. More companies are investing in behavioral analytics, device intelligence and real-time monitoring systems that can identify bad actors and threats without impacting user experience, compromising user data or exposing themselves to data liabilities.
This shift is a strategic one. It requires executive teams and leaders to audit data flows, re-evaluate vendor dependencies and implement frameworks that treat data minimization as a critical piece of business continuity.
The question isn't whether this transformation will happen; it's whether your organization will lead it or simply react to it. The companies making this transition can better define the next decade of fraud prevention.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
