Fighting AI with AI – How financial institutions can tackle the next generation of fraud

by Petyo Dimitrov, Director of Data & AI at Avenga

– What happens when you build a wall to stop an intruder?
– They go out and buy a taller ladder… (author’s note: my AI editor copilot flagged this joke as “AI-generated”, which was both funny and hurtful to my sense of humour)

Financial institutions are facing a new wave of AI-augmented fraud that is growing in scale and sophistication. In the US alone, consumers reported losing $12.5 billion to fraud in 2024, a 25% increase over the prior year. Cybercriminals are using deepfakes, voice clones, and chatbot phishing to evade established controls. Success depends on balancing security with customer experience, meeting regulatory expectations, and adapting as fraud patterns evolve.

Understanding AI-enabled fraud threats

Classic fraud schemes like identity theft and phishing are now strengthened by generative AI. Deepfake impersonations – realistic generated videos or cloned voice calls let fraudsters convincingly pose as bank executives or customers. For instance, attackers used a deepfake video to impersonate a CFO and trick a finance employee into transferring $25 million. Synthetic identities and document forgeries have also grown as criminals use AI to generate fake IDs or composite identities that bypass basic remote identification checks, so-called Know-Your-Customer(KYC) checks.

Multi-layered AI defense

Modern anti-fraud platforms layer several AI and machine learning (ML) approaches, each addressing a specific attack vector. Key components include:

• Augmenting analysis specialists with AI copilots. Agentic assistants automatically collect & summarise data for specific requests and draft a response that a human specialist can quickly review & finalise. For reference, in one of our assistant deployments, analysis times were reduced by ~50%. Using Large Language Models (LLMs) experts can make natural language requests like “Show me all transactions from this device in the past week” instead of writing Structured Query Language (SQL) or digging through dashboards.
• Biometric verification. Facial recognition with liveness detection – e.g. using 3D depth-sensing cameras, multi-angle selfies or dynamic instructions to smile or turn your head can defeat simple video replay. Computer vision checks for signs of deepfakes such as inconsistent eye reflections, lighting, skin texture, or audio-video mismatch. Innovative content provenance standards like the Coalition for Content Provenance and Authenticity (C2PA), including Adobe, Microsoft, Google, Intel, OpenAI, etc., help verify source authenticity.
• Synthetic data. Using generative AI, banks are supplementing their real data by creating realistic fake transactions, synthetic identities, or attack scenarios. This way, detection systems can be trained on rare or hypothetical fraud patterns without violating customer PII.
• Real-time anomaly & behavior models. Known attacks are detected via supervised models (like random forests and gradient boost trees), while novel fraud tactics not seen in training data require unsupervised/semi-supervised methods (like clustering, outlier detection, and autoencoders). Graph neural networks (GNNs) further strengthen anomaly detection by mapping networks of accounts, devices, and IPs to expose coordinated fraud groups that are invisible in isolation. Using this approach, Avenga has automated a client’s claim fraud detection, resulting in a 30% reduction in processing time.

Implementation realities you can’t ignore

Deploying AI for fraud prevention struggles with fragmented data silos and quality. For example, if customer identities cannot be correlated or event times are misaligned, model training becomes very challenging. Also, legacy systems were never designed for AI workloads. Avenga already has several clients modernising their data platforms and migrating to the cloud to get easier access to scalable storage, streaming, ML runtimes and AI services.

A fundamental trade-off is catching fraud without degrading customer experience. Overly sensitive detection systems flag more fraud and produce more false positives. For example, blocking a real customer’s purchase because it resembles a fraud pattern. Having clear recovery paths like fast un-block flow via One-Time Password (OTP) are essential.

Finally, unlike fraudsters, financial institutions operate under strict oversight. Our clients invest a lot in Reliable AI practices to ensure bias checks, explainability of model decisions, immutable audit trails, and thorough model documentation are in place.

Next steps

Below is a brief checklist to assess your foundation for a multi-layered AI defense and suggestions on what to do if you identify a gap.

1. Do we have a single, trustworthy view of customers, accounts, devices, and transactions? Put the modernisation of your data platform on the roadmap.
2. Do we have a clear 12-24-month history and sufficient data for confirmed fraud cases across core products and channels?

Set up a central “fraud label registry”, backfill 12 months of cases and track new cases.

3. Can customers recover quickly from a false block (e.g., via a step-up authentication)? Is the median time tracked as a KPI?
   Plan this business process or preventing fraud will happen at the expense of your customers.
4. What would a 10% reduction in false positives mean in cost savings, chargeback reduction, and customer retention?
   Define this metric to help justify future investment to stakeholders and keep prototypes and development on track.