Creating a synthetic identity used to be the realm of seasoned hackers, but now it can be done with a few simple prompts. Just as artificial intelligence has fueled countless business innovations, it has also been a boon for bad actors—allowing cybercriminals to commit fraud at a fraction of the cost and with greater sophistication.

In a recent PaymentsJournal podcast, Danica Kleint, Product Marketing Manager for Fraud Solutions at Plaid, and Jennifer Pitt, Senior Fraud Management Analyst at Javelin Strategy & Research, examined how AI is rendering fraud-fighting methods obsolete, and the tools and techniques organizations can use to defend against future threats.

The Flywheel Effect

Bad actors use AI as a proving ground. Within AI models, cybercriminals can create and test fabricated credentials. Unlike legitimate businesses, threat actors aren’t encumbered by regulatory or ethical boundaries, allowing them to evolve their methods faster than fraud prevention professionals can respond.

<figure class="aligncenter size-full is-resized"></figure>

These bad actors also exploit vast repositories of stolen personal data from the growing number of data breaches, as well as the wealth of information that consumers and businesses share online. With more data and advanced tools, cybercriminals can now construct synthetic identities that are extremely difficult to detect.

Compounding the problem, many financial institutions still rely on outdated verification methods.

“When I was working in banking, I had to review customer service calls, and there were several calls where fraudsters called in pretending to be the victim,” Pitt said. “They would give static identity information—that’s all that these call centers were asking for: name, date of birth, account number—and they didn’t verify anything else. This is information that they’re easily able to get on the internet through social media or that has been leaked from data breaches.”

To make matters worse, today’s fraud attacks are often highly coordinated, executed by far-reaching and organized fraud rings.

“Not only do they have better tools to commit fraud, but we’re also seeing them collaborate more and share tips and insights,” Kleint said. “It’s this flywheel of a rapid increase in fraud across the whole ecosystem. I remember not that many years ago, fraudsters were just two people in a dorm room trying to hack a few things here and there.”

“Now, they’re these large-scale operations where there’s even TikToks readily available to learn how to commit fraud,” she said.

Layering Fraud Defenses

In the battle against increasingly sophisticated fraud schemes, financial institutions can no longer rely on a single line of defense. The most effective strategy is to build layered defenses—a coordinated system of tools, data, and analytics that work together to detect and prevent fraud from multiple angles.

While some organizations worry that such an approach could increase customer friction, advancements in technology have significantly reduced these concerns.

One effective starting point is to leverage the significant customer data FIs already possess. With the right analytics, institutions can use these data points to run synthetic or stolen identity checks, helping uncover fabricated identities or records linked to deceased individuals.

Beyond identity verification, FIs now have an increasing number of tools at their disposal.

“An interesting one that we’ve been seeing catch a ton of fraud lately is facial duplicate detection,” Kleint said. “It’s a super simple concept: have we seen this face across our platform or service multiple times?”

“But not that many companies are doing it,” she said. “You take a picture from the ID or from the selfie image and you just see if you’ve seen that face across your organization multiple times.”

In addition to facial duplication detection, financial institutions should deploy systems that flag duplication across other identity elements. For example, if a bank identifies the same name or date of birth used to open a dozen accounts, this could signal coordinated fraudulent activity.

Device intelligence and behavioral analytics add another critical layer of protection. These systems can identify atypical patterns in how customers interact with platforms, alerting the institution to potential risks in real time.

Ultimately, organizations benefit from taking a broader, comparative view of customer behavior. By evaluating an individual’s activity alongside peers in similar demographic groups, FIs can distinguish between legitimate anomalies and genuinely suspicious behavior.

“What a lot of financial institutions that have some behavioral analytics in place are lacking is they’re just looking at a single customer,” Pitt said. “That addresses account takeover for that customer, but it doesn’t address things like new account fraud.”

“It’s looking at the device intelligence in the beginning to see if that device has been used before,” she said. “Is this typical behavior of a customer that’s in that demographic that gives this typical KYC information? Looking at the historical data of that customer—as well as the historical data compared to that demographic—is critical.”

Shifting the Strategy

Technology alone isn’t enough. More organizations are realizing that true resilience requires a shift in strategy—not just in tools.

“Companies are focused on fraud at the very beginning, at onboarding, but it happens throughout the entire lifecycle of a customer,” Kleint said. “Often, they forget about how they could potentially have account takeovers later in the journey and we’re seeing that be so prevalent right now.”

While continuous fraud prevention is important, one of the most critical strategic shifts for financial institutions is opening the lines of communication with their peers.

By sharing data within an industry consortium, organizations can begin to leverage collective network insights—not only to understand how an individual or device has behaved on their own platform, but also how that behavior extends across other institutions.

Because bad actors often operated in organized groups, it’s important that financial services firms work together so fraud attacks can be traced back to the organizations that initiated them.

Still, many FIs remain reluctant to participate in a consortium model due to compliance and privacy concerns. While these concerns are well-founded, as long as customers have full visibility into how their data is being used and organizations encrypt personal information, consortium members can share intelligence freely while still meeting their regulatory and privacy obligations.

“Financial institutions in particular are hesitant sometimes because of privacy concerns,” Pitt said. “They’re afraid not only will they violate privacy laws, but they’re also afraid that they’ll alienate their customers by sharing information. But collaboration is going to be key—if we can’t collaborate, we are going to continue to lose this fight.”

Across the Entire Ecosystem

Unfortunately, the fight against fraud is only getting tougher. Generative and agentic AI tools are advancing at a meteoric pace, giving bad actors new ways to deceive and exploit. To keep up, companies must adopt technologies that close the gap—and work together to establish stronger, industry-wide standards for identifying and preventing fraud.

Perhaps more importantly, organizations need to make the most of the systems already in place.

“Plaid’s network powers digital finance—one in two Americans have used Plaid in some way,” Kleint said. “We’ve seen a billion device connections across the ecosystem and because of that scale, we can see how those devices and individuals have conducted themselves across the entire financial ecosystem.”

After all, fraud is ultimately about financial gain—and the surest way to uncover and trace it is by following the money.

“We sit at the center, so we have this view that nobody else has,” Kleint said. “We can see patterns like a person connecting to six different fintech apps within a week. They’re using different personally identifiable information, but they’re using the same device or the same email. It’s these patterns that fraudsters are not aware of. They’re not aware that we can see all this, and it’s super powerful in understanding potential risks.”

The post The Rise of Smarter Cybercriminals Demands Stronger Fraud Defenses appeared first on <a href="https://www.paymentsjournal.com