The financial services industry is experiencing a surge in fraud rates, driven by the increasing ability of bad actors to access cutting-edge technologies, like artificial intelligence (AI), via open source marketplaces on the dark web. In the United States, estimates put annual fraud losses between $550 billion and $750 billion, with every dollar lost costing financial institutions (FIs) $4.41. So untenable is the situation, in fact, that a recent American Bankers Association (ABA) report described the rise of scams as a “global conflict” and a “whole-of-society threat to America.”
But this does not mean more traditional financial crimes are being left by the wayside. Instead, FIs around the world are being forced to wage a war of many fronts — battling check fraud, as well as account takeovers (ATOs), social engineering campaigns, authorized push payment (APP) scams, first party fraud, and a raft of attacks on digital payment channels.
Cybersecurity Awareness Month is no better time to explore this highly complex criminal landscape and consider the ways in which FIs can develop proactive, multi-layered defense strategies.
The Shifting Tectonics of Fraud
Financial criminals are strikingly adaptable. When regulatory measures and systemic controls fall into place to protect one area of payments, criminals simply shift their focus to the weaker link in the chain. This is apparent in the cross-border space, with the rise in domestic pre-payment checks driving criminals to exploit regional disparities in jurisdictions, languages, and banking systems to extract money from remittances, for example.
But criminal activity cycles through payment methods, too. Despite the broad switch to digital and real-time services, checks remain a targeted payment method for fraud, with 63% of organizations having experienced check fraud in 2024. By the end of this year, check fraud losses are projected to reach $24 billion, as fueled by the emergence of social media marketplaces for buying and selling fraudulent checks. By case volume, however, APP fraud is most pervasive. These crimes leverage social engineering techniques, such as phishing, vishing, and smishing, which use emails, phone calls, and text message channels, respectively, to convince or threaten victims into sending money to fraudulent accounts. Criminals create a feeling of fear to coerce individuals into sending funds. In some cases, AI tools — as sourced via the dark web — are being leveraged by bad actors to generate deep fakes of individuals familiar to victims, in order to trick them into parting with their cash.
First Party fraud continues to be a growing problem, fueled when we have a rise of economic uncertainty. Fraud is not only perpetrated due to fear or greed, sometimes, it is by need. We see when the economy worsens, opportunistic fraud rises. Just as destructive are ATO frauds, which, according to Javelin’s 2025 Identity Fraud Study, are officially the fastest-growing fraud type having resulted in $15.6 billion in losses in 2024 alone.
This barrage of risk creates a “whack-a-mole” environment where financial institutions constantly have to keep up with crime trends and develop new suppression techniques. When embedding cybersecurity solutions directly into existing workflows, institutions see better adoption rates and outcomes.
Threats Across the Account Lifecycle
Risks differ as an account or relationship ages. New accounts, for example, often defined as under 30 days old, are a popular target among cybercriminals, due to the shortage of transaction data associated with the account. Despite this, we find that FIs successfully catch 97.4% of fraud attempts on new accounts.
Interestingly, though 50% of fraud cases take place on new accounts, those aged between three and six months account for 35% of total charge-offs, despite comprising only 3% of deposited funds. Fraud in tenured accounts, which by definition have been open for over a year, also poses risks, especially when trying to identify it under the guise of a romance-related transaction.
The most effective defense strategies that look at the account lifecycle evaluate the relationship between payer history and depositor behavior. Fraud detection accuracy and false positive reduction hinge on understanding typical payment patterns, flagging anomalous activity, and blocking suspicious transactions ahead of time. Fortunately, these capabilities can now be supercharged by AI, which monitors transactions in real time, flags unusual behavior, uncovers hidden connections between accounts, devices, and merchants, and assign a fraud risk score to payments. Unlike static rules, AI continuously improves as new fraud techniques emerge, retraining itself on fresh data to stay effective. This, coupled with threat intelligence from the cyber space, can be very telling in the fight against fraud.
To supplement these technical responses, institutions can also use operational measures, including:
- Training staff to immediately recognize and report suspicious links, phishing attempts and potential malware
- Know Your Customer (KYC) schemes to understand users’ typical banking habits and authenticate them when necessary
- Security controls such as Check Positive Pay and Automated Clearing House (ACH) debit filters to help protect users against numerous payment crimes.
Fighting Fraud on Every Front
Today’s fraud risk can be overwhelming because it is so multifaceted. The techniques and tools deployed by cybercriminals vary at the domestic and cross-border level, across payment methods, account lifecycles, and even between customer segments.
Now is the time for FIs to reflect on the challenges ahead, evaluate their existing defense strategies, and explore new technologies to enhance their fraud prevention frameworks.
With an AI-powered arsenal that employs cyber threat intelligence, FIs can now take the fight to cybercriminals, and on every front catch fraud with a multi-layered defense strategy before it is able to impact the banking ecosystem.