How AI Is Increasing Fraud Risks Across The Fintech Industry

With the simultaneous arrival of easy-to-access AI tooling and real-time payments in the US, fraudsters are coming out en masse.

While death and taxes may be the only two supposed certainties in life, the continued transition from an analog to digital world makes it seem more likely that we will experience fraud and (still) taxes as the consistent, pervasive themes of our everyday lives.

This introduces vast implications for both consumers and businesses alike – whether it be the question of who is liable for the fraudulent activity or how much friction is introduced to the process to mitigate such activities. Furthermore, in a world that’s still predominantly built on trust, businesses are the ones taking a concerted and proactive approach to solve what might be one of the biggest challenges our digital economy faces today.

Having now spent more than 10 years in the world of payments, and currently dedicating my full-time efforts to the security and compliance side, I was particularly excited to see the recent announcement stating that Trustmi had raised $17 million for its end-to-end payments security platform. Fintech founder Gili Raanan of Cyberstarts told the Israeli newspaper Calcalist that: “The problem of protecting payments is one of the most painful and complex issues for any modern organization.”

This is true, and it’s going to take a momentous effort. With the recent rollout of real-time payments from The Clearing House on their RTP^Ⓡ Network alongside artificial intelligence tools and large language models that can now run on local machines, it feels as though we are at a crucible moment ripe for fraud. All the while, this is happening with the backdrop of payment fraud losses tripling since 2011 and expected to keep rising with total costs exceeding $40B by 2027!

Industry Consortiums To Take Down Fraud

Over the past month, at least three different industry consortiums have formed to tackle payments-related fraud issues writ large:

SardineX is a group led by Soups Ranjan and his team of Sardines dubbed the ‘fraud squad’ that also includes the likes of Chesapeake Bank, Visa
V
, Airbase, Blockchain.com, Alloy Labs Alliance, iLex, and Novo with the specific goal of curtailing payment fraud.

Beacon is a “collaborative, anti-fraud network enabling financial institutions and fintech companies to share critical fraud intelligence via API across Plaid” and led by Plaid itself as well as 10 other founding members including Tally, Credit Genie, Veridian Credit Union, and Promise Finance.

Mastercard is spearheading its own AI-related efforts across the pond alongside nine prominent UK banks including Lloyds Bank, Halifax, Bank of Scotland, and Monzo.

While it’s promising to see our industry come together like this, I’m left wondering whether we actually need even more collaboration in this approach. How do we ensure these individual consortiums are sharing data with one another? Wouldn’t it be better if both Visa and Mastercard
MA
were sharing the same data across networks?

Regulatory and Technological Challenges Impacting Progress

Two primary areas impede our ability to sleep well at night here:

1. From a regulatory perspective, the macro trend seems to be pointing toward a nationalized or localized approach to data storage and sharing – which is difficult to reconcile with an internet that is essentially global by default. Despite the various regulators best intentions, increased fraud may be a very real unintended consequence of local privacy regimes across Europe, India, Brazil, and domestically in the US with the California Consumer Privacy Act. We need to ensure this isn’t lost in the broader conversation around consumer privacy. Furthermore, and especially as it relates to payments data, we cannot forget about the heavy operational challenges that the Payment Card Industry Data Security Standards puts on businesses.
2. Privacy-enhancing computation and advanced technologies such as homomorphic encryption are becoming much faster and more scalable but still lack any sort of widespread adoption. Data clean rooms are another potential solution if the regulatory landscape will accommodate. In general, there is no shortage of exciting new possibilities if you follow the Gartner^Ⓡ Hype Cycle^TM for Data Security, 2023 (July 2023) and see the evolution of data security moving to a more modular and flexible cloud-based architecture approach across the ecosystem. But in the absence of an industry standard spec, protocol or at least agreed-upon set of technologies, it isn’t clear how we tackle this problem at scale.

According to Gartner: “Mature clients believe that if data can flow securely among individuals, organizations and governments, wiser decisions can be made and better outcomes can be delivered, both for businesses and society as a whole. However, an increased amount of data-related regulations and associated legal, security and privacy risks are blocking this data sharing”

Given that both the dominant and prevailing tailwinds for increased fraud – AI and RTP^Ⓡ – as well as the primary regulatory and technological challenges for tactically addressing the issues require collaboration across both the private and public sectors, we can logically assume we need the same broad support at the consortium-level.

Without this ongoing collaboration across the sectors, we will begin to see disjointed and ineffective solutions that solve niche use cases at best, and become detrimental to progress at worst. The answer simply cannot be further regulation – and it must include a defensive AI strategy with comprehensive participation from all of the relevant platforms fighting the fraudsters on the frontlines.