Fighting Smarter Fraud: Learning to Navigate an AI-Driven Threat Landscape

As fraudsters harness AI to automate and personalize attacks, financial institutions face a rapidly evolving threat landscape. This episode of the ProSight Banking Strategies podcast explores how banks can respond with layered defenses, smarter analytics, and disciplined governance.

For more information on this topic, see the latest article in Bobbie Paul’s Fraud Factors series.

Subscribe to ProSight Podcasts: Apple, Spotify, Amazon Music, YouTube

TRANSCRIPT:

Frank Devlin: This is the ProSight Banking Strategies Podcast. We’re here to inform you on the top trends, challenges, and opportunities in banking today. ProSight is a leading non-lobbying connector of people and information with deep expertise in risk, fraud, compliance, and retail and commercial banking. Our purpose is to empower financial services leaders to strengthen and advance our industry through training and insights, as well as tools and resources, like this podcast.

Hello and welcome to this ProSight Banking Strategies Podcast. I’m Frank Devlin, senior editor at ProSight. For financial institutions and their customers, the fight against fraud has entered a new and rapidly evolving phase, one defined by artificial intelligence. Financial institutions are investing heavily in real-time decisioning and defenses, but fraudsters aren’t standing still. They’re leveraging the same technologies to scale attacks, mimic human behavior, and exploit vulnerabilities faster than ever before. Is this an arms race? And if so, who’s actually winning? From deepfake-driven scams and synthetic identities to fully automated fraud operations, the threat landscape is becoming more sophisticated, more accessible, and more difficult to detect. At the same time, banks are walking a tightrope, strengthening defenses without creating friction for legitimate customers, and embracing AI while managing the risks it introduces.

Today, we’re joined by Bobbie Paul, managing director for fraud at Huron, who will let us in on what’s happening on the front lines. We’ll explore how fraudsters are using AI to supercharge social engineering and how financial institutions can respond with smarter, more adaptive defenses. We’ll also look ahead, what does fraud look like in the next three to five years if trends continue? Welcome, Bobbie. Before we get started, can you tell us just a little bit about your background in fraud mitigation?

Bobbie Paul: Certainly. It’s great to be here with you today, Frank, and looking forward to our conversation.

Devlin: Thank you. Same here.

Paul: I have been in the industry for about 30 years and have worked in many different areas, industries, and across the services within financial institutions. I started my career at Citi. I moved on to Dell Financial Services. I have been in consulting and I’ve worked at various other institutions leading global fraud departments and managing programs across not only general banking, but FinTech services, as well as banking-as-a-service. It’s a passion of mine, and again, I’m happy to be here with you.

Devlin: Well, we’re really happy and lucky to have you, Bobbie. So I thought maybe we could start with the headline question: In this arms race between fraudsters and financial institutions that are employing AI, who’s ahead right now?

Paul: In the environment today, I don’t necessarily say either is ahead. I would say that the environment is an acceleration phase for both of them. Fraudsters have historically benefited from the agility of AI more than large institutions, and AI is continuing to amplify the advantage. Criminals, they adopt the new tools and test the tactics quickly. They scale successfully without governance or regulatory interference, if you will. Operational constraints that the financial institutions face certainly create challenges for them.

The financial institutions still have a slight advantage because we maintain access to the data, good data. You hear the old term garbage in, garbage out. We know how to make sure that our data is good. We have the fraud intelligence, the behavioral analytics, and our controls. The challenge is that institutions, we have to be accurate, explainable, and compliant, while the fraudsters, they only need occasional success. We have to be right every day with the financial institutions. So I think the race is a heated one. We pull ahead, they pull ahead. We do have advantages, but in the end, I think that it’s more about the speed of adaptation and how well we adapt to it and remain agile, just as the fraudsters do.

Devlin: Really interesting and important point about how fraudsters, they don’t have to be right every time. They can throw a hundred exploits against the wall and just not even really maybe know what they’re doing, they’re buying intel and that sort of thing and capabilities on the dark web maybe, and they just need to be right once.

Paul: Just once.

Devlin: So that’s a really daunting task. Yeah. So maybe this doesn’t have to be AI-specific, but as we’re advancing and getting more technological, is there a certain surprising fraud attack you’ve seen recently or perhaps heard about at a conference or some kind of gathering?

Paul: I wouldn’t say it is the attack itself. AI brings with it a level of sophistication. You don’t have to have the sophistication and skills to use AI. So in general, the attacks that previously required significant skills are more executable and repeatable at scale by less sophisticated actors. So the surprise that this brings to us is we could foresee this coming, the usability of AI and any new technology, not just AI, it brings forth an entire new population and community of bad actors into play. So we are fighting the fight of old, but we are fighting it at an ever-increasing scale.

Devlin: Yeah. So the attack surface is much larger. Do you mean just the fact that agents can be deployed, non-human agents, or actually, there are more physical human people trying to get in on the act of fraud as well?

Paul: I would say it’s the more human people because of what you mentioned, the AI-generated communications. The communications can be transposed into multiple languages at once.

Devlin: Right.

Paul: The deepfake technology, you don’t have to be an expert anymore to create deepfakes. You don’t have to be an expert anymore to create stolen identity and documentation that support those. So, it’s the human capital that is increasing, and increasing scalability with Ai and agentic AI helps. Unfortunately, the fraud community is growing.

Devlin: It sounds like it’s all bad. It sounds like deepfakes are bad, synthetic identities are difficult, phishing. Are any of these more concerning examples of technology-enabled fraud? Is there a way to delineate them or are they just all a challenge?

Paul: Yes. So I believe there are three that really stand out. The first is around the deepfakes, the video and voice impersonation, because these two, they really accelerate targeted account takeover, business email compromise, executive impersonation, and those are the ones that they don’t take a long tail of a fraud event to create a tremendous amount of loss financially. It only takes one. You have a business email compromise that’s successful. You have an executive impersonation that’s successful. The loss to the institution is significant in that one hit.

I’d say the second one is around synthetic identity. Synthetic identity continues to cross industries within the world, not just financial institutions, we see just the cross-reference into other industries. But the support of AI-generated documentation and information is making that more difficult to combat, and unless you have a mature program, unless you have the budget to invest in that technology, the processes, the people to actually combat it, the smaller institutions suffer from that greatly.

And then, of course, AI also allows us to be more real with each other. I put that real in quotations because it helps engineer, at a highly personalized level, the phishing attacks, the vishing attacks. Things that we used to be able to spot easily are not so easily spottable now and they seem like we’re talking to real people, we’re talking to real businesses. So, the social engineering is creating a new level of trust when it shouldn’t be trusted.

Devlin: I know at a very basic level, we’re not seeing the sort of obvious spelling mistakes and that sort of thing if AI is helping people polish up their exploits. But what else is making things seem more real? The written word itself is better, the way they’re doing it, it’s more real, or do you mean it has to involve some aspect of voice or visual?

Paul: It is, the writing is a large part of it. So even if the voice isn’t involved, AI enables fraudsters to use demographic information. So the social engineering that AI is able to do is what really gets the community, the consumers over the line of this seems real. They know me. This is my bank. It knows me. It knows what I’ve done. It knows where I’ve been and it speaks to me in my language. So the social engineering part of it, I think, is really driving. The amount of effort we’ve put into educating consumers and the market as a whole is being tested because of the ability of AI to use the social engineering, personalizing the information, and they’re getting past that comfort level. We have created a community of trust but verify, and now AI is making it so that our customers believe they have verified.

Devlin: Yeah. So, it’s disarming people, where-

Paul: It is.

Devlin: … their antenna are not going up. They’re like, “Oh, this is so-and-so,” and they’re not even questioning it. Another thing that you mentioned that I wanted to get to was you were talking about it’s easier to do this at scale. And so, I wanted to ask you about, is it almost as though fraud is becoming industrialized? How would you classify what’s happening there, where you can maybe launch many more exploits than you could? How do you defend against that?

Paul: So, I do think that we are increasingly seeing fraud operate more like a business than individual crime incidents. AI has enabled the fraudsters to automate their own reconnaissance, their content creation, their testing. We now see fraud campaigns. We used to refer to them as fraud rings. Well, there are fraud rings, but now there’s actually fraud campaigns being executed. And the result is a shift from those individual fraud attempts to the highly scalable fraud operations that don’t just target one to 10, 20 at a time, even with bots, hundreds at a time, we now see them targeting thousands and tens of thousands of individuals simultaneously.

Devlin: When you say fraud campaigns, I’m almost picturing a boiler room or something like that, where there’s a bunch of like-minded fraudsters and they’ve got charts up and they’re tracking their progress. But how sophisticated do some of these exploits get? How much are we talking about rings of 10, 20, 30 people in a crime ring? Is that a thing? Is that happening?

Paul: It is a thing. We also see state-funded fraud rings, fraud operations. We’re moving slowly from the fraud rings to a standard operating model for them, if you will. They are using their own models. They’re leveraging public tools. It’s common. They’re able to use available models, available open source tools, commercial AI platforms, open APIs. It’s become much more of a business for them and scalable. So these rings are becoming larger, they’re becoming sponsored, it is a business. And you reference that boiler room-

Devlin: Yeah.

Paul: … you’re not far off, in that they’re just not in a boiler room though. They actually have commercial building access.

Devlin: Oh.

Paul: They have places of business.

Devlin: I thought you were going to say that we’re all doing it virtual, but now you’re saying it’s even more set up than I was thinking.

Paul: They do.

Devlin: Yeah.

Paul: So, you have virtual fraud, but you truly do have operations and physical operations where they have dozens of people and they have their own desk.

Devlin: But it just shows what banks and their customers are up against. It’s not just a couple of hours, someone’s going to take a chance and get through on a fraud. It’s a very sophisticated structure.

Paul: It is very well-defined structure. Like I said, they have their own operating models now.

Devlin: Is that taken into account, the fact that things are so put together, and we’re talking about less sophisticated attempts, but now they’re under still sophisticated organizations? Is that something that’s on the mind of someone like you and someone like a fraud official at a bank? They have to account for, weigh in the fact that they’re up against a nation state or a big crime ring. Does that make the attack surface seem any different or you just have to do your job and do your best?

Paul: I think you need to be aware. You need to understand the level of attacks that could come your way. We just touched on the operating model of fraud rings, fraud operations. AI though, current technology has, as we mentioned before, it’s also lowered that entry level, that barrier to get into it. And so, AI has been a force multiplier, not only for these operations of frauds, but also those with less technical expertise, those without the language skills, et cetera, they are there too.

So you do have to be aware, but you still, to your point, you still have to do your job, and it’s from the spectrum of being attacked from individual fraudsters that appear to be sophisticated because of our tools that we have available, but also the fraud rings, the fraud operations. And many of the processes, the solutions that we use and will continue to be used to thwart both ends of the spectrum. You go in every day, you do your job, you look for those emerging trends, you use the technology we have to fight the bad technology, if you will. Being aware, but yes, you still have to do your job. And it’s from both ends of the spectrum. You can’t really focus on just one or the other one will overtake.

Devlin: I wanted to move on and talk about more ways that financial institutions can play it back, but I wanted to dig down into one more thing. You mentioned the spectrum. And so, here, I was asking questions about nation states and big organizations. The other side of that spectrum is maybe an AI agent-

Paul: Yes.

Devlin: … that maybe just someone sets free and just does what it can to see how they can manipulate and get through defenses. Is that happening already and can you share any information? And then, is it like a spy versus spy, and then a bank would set up their own agents and they would try to find and capture these? It just seems so futuristic, but I feel like we’re here or we’re almost here.

Paul: So, I like the word futuristic because I do believe we’re still in the early stages. We don’t know the full extent of capabilities-

Devlin: Right.

Paul: … nor preventive capabilities. The direction’s very clear though, to your point. We are heading to more and more automated portions of the fraud life cycle. I mentioned that targeted research and that identity aggregation before being able to generate that content automatically. I don’t believe that we see fully autonomous fraud operations today, but are they getting there? Are they using the portions of the technology that automates things and processes more quickly and removes some of that reliance on human capability? Definitely.

I think in the industry and institutions, we should anticipate the increased use of AI-enabled agents that will perform more of those multi-steps simultaneously. So removing some of that human intervention on their part, and the implications will be a continued increase in velocity, the scale, and the attack persistence. Going back to, for multiple reasons, the financial institutions have to be right every day, the fraudsters only have to be right ones, so it doesn’t cost them to try and fail, if you will. So, they will continue to exploit that and find ways to automate more the process of the fraud life cycle and attack.

Devlin: So right now, today, so forget the future and a year or two, what AI models, types of AI are most effective in detecting fraud? Maybe even some that had been used five, 10 years pre-generative AI.

Paul: I like that you say pre-generative. Definitely, there is no singular method, in my opinion. I believe that the most effective fraud programs, we continue to leverage multiple approaches rather than any one single model. Some of these solutions, tools, models, they include behavioral analytics, obviously, the anomaly detection, entity resolution, link analysis, going back to some old school that’s become new school, the supervised machine learning, the unsupervised pattern detection that is used within AI, obviously. And I would say that a particularly powerful solution is graph and network analytics, and that’s because fraud rarely occurs in one place in isolation, and the ability to be able to find those hidden relationships between identities, devices, accounts, transactions, I think that continues to be one of the significant advantages when you’re using that.

Devlin: I just was thinking with AI, I just had a thought about deepfake voice and video scams, and I was wondering where that stands right now in detecting them. I know that maybe a year or so ago, there were certain telltale things that would happen. You could ask someone who might be using a fake voice or a video to move a certain way, and then things would pixelate and you’d go, “Oh, this is a fake.” Are fraudsters getting better at that? What’s the state of the art now and the state of prevention for deepfakes?

Paul: So unfortunately, they are getting better. It used to be, to your point, yes, in aliveness, we would ask you to blink or we would ask you to turn your head left and then right.

Devlin: Ah, okay. Right, right.

Paul: AI has enabled the fraudsters to overcome that. More recent ones include inserting something into the picture. I recently just saw, they call it the finger, the hand. AI was very poor at moving objects, so we started to ask to move your hand with your face. And now, we find that AI has enabled fraudsters to even overcome the moving hand in front of your face. So yes, they are getting better. I do believe that the solutions that are out there… We have some great vendors in the industry who are using AI, of course, and are very good at detecting it. We have some disruptors out there that are creating solutions to disrupt it.

Devlin: Right.

Paul: And saying that, that’s why I go back to what we just talked about, the multi-layer, because even something as sophisticated as using solutions to identify a deepfake image, photo, video, voice, still won’t capture 100%. There is a cost of doing business. We won’t ever stop all the fraudsters and we know that. But having the right approach of a layered fraud program, having the solutions that can mature your program, and understanding your risk and when to deploy them and using it wisely. I would never recommend deploying everything everywhere. It’s very expensive and then the fraudsters know exactly how to get around you. So I go back to that layered approach, using it wisely, and understanding that you won’t capture 100%, but a mature program should capture much of it.

Devlin: There’s the term risk appetite. I don’t know if there’s a term fraud appetite, where your organization decides, within a certain basis points range, we’re not going to spend millions of dollars to prevent a couple of hundred thousand dollars in fraud. So is it that sort of-

Paul: It is.

Devlin: … decision that’s made? Yeah? Okay.

Paul: It is. Fraud losses fall within that risk appetite, and that appetite is usually defined because we recognize it’s not just technology. We recognize we are going to have losses. How much loss can you absorb? How much is reasonable? But also, how much effort do you put into protecting your business and your consumers, your customers? And being able to have those layers of controls that include the authentication, the technology, the procedures, and the human review. The human review still becomes very important when you’re up against the more sophisticated, the deepfake-enabled fraud.

Devlin: So where does it stand right now, do you think? And I imagine it will change. There’s a role, like you’re saying, for humans to review a transaction or a relationship. But then, there’s also real-time decisioning that whether you want to call AI or automated, certain things just happen in the background, and it’s why a credit card purchase might get flagged, et cetera, et cetera. How is AI going to change that? How might AI already be changing that backroom decision-making when fraud is a concern?

Paul: AI plays a part in both. Real time and then post-transaction, post-loss are critical, and AI is essential in both, in my opinion, because we are using AI in our models, in our tools and our solutions for preventing the fraud, meaning we’re trying to mitigate that loss before the funds leave the institution, before the account is taken over and requests are made. But we will have those times where we miss it and it gets through.

That post-transaction or opportunity and the analytics around that is still valuable because it helps us identify those emerging threats, whether it’s a fraud attack, a trend, or a way to prevent it. It helps us improve our models. It also helps us uncover the organized fraud networks because we can do that link analysis. We begin to understand, was this a one-off? Do we have a larger problem and is it just our institution? Detecting the activity is not always apparent at that time of authorization and you can’t insert friction into every transaction.

Devlin: Right.

Paul: So, the strongest programs will use, I think, both, the preventative pre-capability, as well as the detective capabilities afterward, with AI and with the human intervention.

Devlin: Yeah. So there’s that almost age-old balance between friction to slow up fraud and prevent fraud, but then you also have the customer experience on the other end. We were talking about fraud appetite and knowing a certain amount of fraud will get through, but in the big picture, it’s better because you don’t want to spend more than you’re saving. But there might also be opportunity cost on the other side. So not only are you maybe if you overprotect, if that’s a word, but maybe spend more than you need to spend or devote to fraud prevention, you’re also maybe losing some customers because they just don’t like being held up and everything’s so fast and real-time payments now. I’ve heard some people say that perhaps AI will reduce false positives, will make it easier to reduce friction without compromising your fraud defenses. What do you see happening there?

Paul: They should reduce the false positives. The AI is to make our models better. So false positives, sometimes that term gets a bad rep also. Consumers also expect us to be protecting them. In the world we live in, I mentioned the education we’ve done across industry for so long, consumers know that fraud is out there. They expect financial institutions to protect their money, their identities, their very livelihood at times.

So not all interaction is bad. Fraud transaction reviews, fraud interactions, whether it’s AI-initiated and it’s just a text that comes up on my phone or it is a human, an actual analyst calling, it should be near transparent. They should know that they’re being protected. When we do introduce that friction, it should be apparent, if not obvious, that we are doing so for the benefits of protecting them, their funds. And it becomes a brand loyalty, an expectation factor that businesses need to consider. So false positives are a metric that we’re always going to identify, but I do think we need to understand also that every interaction is an opportunity to convey our dedication to protecting our customers also.

Devlin: Yeah, that’s a great way to look at it. And assuming AI does make that smoother, and as you were saying, it should, as far as making friction less painful, et cetera, so is there a chance it works so well that it creates vulnerabilities? Maybe there is a loss in knowhow. I know a lot of people are worried about if more is relied on from AI, that maybe the folks coming up now, they won’t have the same learnings and are they going to be able to lead? Or could it create blind spots, like, okay, we’re automating so much and we think we have it covered, but maybe you’re not looking in the right spaces anymore because you’re so reliant on AI? Is that too theoretical or is that something you’ve thought about or considered?

Paul: That is not too theoretical. That’s a lot to unpack and I have considered it. So absolutely, AI does introduce and create its own risk. Those include things like model drift, bias, explainability, which is a huge one for regulators, data quality issues, and as you said, the over-reliance on automation. One of my biggest concerns with the automation complacency is that organizations, we tend to start trusting model outputs if we don’t have sufficient challenge processes, oversight, and governance, and that is why the human accountability remains critical.

Within the industry, financial institutions need to be able to answer the questions of, where am I using AI? What is the data I’m inputting? Who has access to change that model? Who has access to challenge that model? What attributes can be introduced? Do I even know what attributes are being introduced? And what does that life cycle of change management and monitoring include? Many institutions can’t answer those questions. Many institutions haven’t thought about, how do I put this within my risk assessment? How has it become part of my risk assessment integrated, not as an afterthought?

So governance is a huge portion of that, and I actually wrote a perspective paper recently on that, specifically around governance, because the way of the future is going to include AI. Mature programs, applications that are successful within those programs will have a strong governance framework. Those who don’t will not have success with it. As far as the human capital, there’s been a lot of focus on the automation and efficiency that AI brings, which is great. It’s good for the business, it’s good for our customers. But we haven’t given enough attention, I think, to the risk of eliminating too much of that human expertise. And everybody can see it, it’s in the news, it’s on LinkedIn, we’re talking about it over coffee.

The mature organizations though, my view, my observation is that they’re not eliminating human expertise. They may be reallocating some of it, putting it to better use. But the experienced investigators, the analysts, the risk professionals will continue to remain essential for validating the outputs of the AI, identifying the trends, and challenging the model assumptions, and when you get down to it, high-impact decisions that we have to answer to, closing an account, denying the funds, firing somebody, anything like that. Those high-impact decisions, I do not foresee a time where human oversight and final decisions will be taken away. I believe that organizations should carefully balance the efficiency objective with that operational resilience and understand that the long-term implications and limitations of AI, we’re still discovering all of the good and all of the bad. So I go back to AI can be a very powerful force multiplier, but it’s not a replacement for accountable decision-making and domain expertise.

Devlin: So, you just told us, in your perspective, what you think fraud mitigation functions might look like in future years. We’re getting towards the end of this interview now. I was wondering, next-to-last question, what do the fraud exploits look like in three to five years, do you think, if current AI trends continue?

Paul: I think they’re going to keep being more personalized. I’m very attuned to that, the fact that they are getting so good at mimicking true communication, that they’re going to be personalized because of the ability to take in more data, take in demographic data, to adapt to it and be scalable. So we’re going to see increased attacks, they are going to be personal, they’re going to generate more identities. More synthetic personas, I think, are going to hit the industry than ever before. The automation of that social engineering and the orchestration of those campaigns that I mentioned, I think, are going to increase.

And I think that eventually, we’ve seen that blur of lines between cybercrime, identity fraud, AML financial crime, social engineering, and the tools have made a lot of advancements that have blurred our ability to separate them, and I think that that continues and we start to see very large impacts to institutions that miss them. On the flip side of that though, our defensive technologies also will include these advancements, will still become more intelligent, will be more proactive. As long as we continue to combine the analytics, the governance, the investigators, and we remain as agile as the fraudsters are, we still beat them and edge them out in the end.

Devlin: Yeah. That’s a nice way to end it. But it doesn’t sound like you’re saying there’s a silver bullet and it’s going to get a lot easier. You’re saying it’s going to be hard work. If we do it well, we’ll stay a bit ahead. There’s no magical solution coming to this fraud challenge.

Paul: There is no magical solution. There are only dedicated fraud fighters out there. And I think that we do take it in the end.

Devlin: We covered an awful lot. I really appreciate your time. But was there maybe one issue we did not discuss that you think it would be important for our audience to hear? Or if there’s anything maybe that you’d really like to emphasize that we didn’t talk about before we let you go?

Paul: I would say that there’s no longer a question of whether AI should be used. I occasionally hear that now, but so much less. It’s really not a question anymore. It is where we use it, it is how we use it, when should humans be engaged, and how the decisions remain governed. Governance is going to be a huge aspect so that we do it right and that we can continue to gain the benefits of the new solutions, opportunities that we have to fight fraud at a higher level and become just as aggressive as fraudsters are against us. We are against them.

Devlin: Yeah.

Paul: The future of AI and risk is accountable augmentation and ensuring that we deploy it appropriately, governed, within well-defined documented frameworks that we can challenge ourselves and we don’t become complacent.

Devlin: Thanks so much. That’s a really compelling idea to end on, so I really appreciate that. So thanks, Bobbie, for sharing your perspectives with us today in the ProSight Banking Strategies Podcast. To our listeners, thanks for spending your valuable time with us. If you liked it, please spread the word. I’m Frank Devlin.

The views expressed by the speakers are the speakers’ own and do not reflect the views of ProSight Financial Association, BAI, or RMA. The views expressed and information shared are of a general nature and are not intended to address the circumstances of any particular individual or entity. No one should act upon any such views or information shared during this podcast without appropriate professional advice after a thorough examination of the particular situation.