Fraud's New Front Line Isn't the Bank
?utm_source=reddit
Banks got good at stopping credit card fraud. Now the fight has moved to social media, and the enemy has generative AI. The old playbook is worthless.
Banks thought they had a handle on fraud. Transaction monitoring, chip-and-PIN, two-factor auth. They were wrong. The fight is no longer about stolen card numbers; it’s about stolen identities, weaponized by AI. According to security expert Emma Lindley MBE, 70% of APP fraud originates online, often starting on social media platforms that have none of a bank’s security rigor. The phishing email with bad grammar is dead. It's been replaced by a flawless, AI-generated message, a deepfaked video of your CEO, or a cloned voice authorizing a seven-figure wire transfer. The old walls were built in the wrong place.
For years, bank defense was siloed. The cyber team guarded the perimeter with firewalls while the fraud team analyzed transaction patterns. The two rarely spoke, and their tech stacks certainly didn't. This structure is now a critical failure mode. The new playbook requires fusing these units. At a recent Finextra event, Lindley noted a 20-25% reduction in fraud when cyber and fraud teams collaborate closely, sharing budgets and organizational charts. This isn’t about a new algorithm; it’s plumbing. It’s creating a unified data model where a malware signature from a security appliance can instantly flag a pending wire transfer as high-risk, breaking down the walls criminals now bypass with ease.
The banks are pouring money into this fight. As NatWest Group's Ashley Bostel explained, financial institutions are investing heavily in AI not to get ahead, but simply to "try and keep up." Their adversaries have no regulatory friction, no compliance departments, and no legacy systems. They can deploy the latest generative AI tools the day they drop. Meanwhile, banks are hamstrung by fragmented global regulations and internal controls that often devolve into what one prosecutor called "tick box exercises." The core asymmetry is that banks pay the price for failure, while the tech platforms where these scams are staged collect ad revenue. The money is flowing out of the fortified banking system through doors left wide open on the internet's less-regulated frontiers.
In the next three years, the corporate org chart will be redrawn by necessity. The roles of Chief Information Security Officer and Head of Fraud will merge, because the distinction has become meaningless. Expect acquisitions as cybersecurity firms absorb fraud analytics specialists to build the unified platforms banks now desperately need. Regulators will eventually be forced to look beyond the banks and question the liability of the platforms where these attacks are born, a trend the Finextra survey shows is already underway. The real question isn't whether AI can be stopped. It is, when a deepfake of a CEO tricks an employee into wiring millions to a thief, who pays the bill: the bank, the AI vendor, or the platform that hosted the scam?
More in Finance

Klarna's Bid to Become a US Bank Was Always the Endgame
The pink 'Pay in 4' button is everywhere. Now it wants your paycheck. The friendly installment plan was always just the on-ramp to becoming a full-fledged, deposit-taking bank.

The IMF Warns That Code Is About to Run the Banks
Tokenization promises instant, cheap transactions. The IMF’s latest report warns that it also promises instant, systemic collapse if the code is wrong. The financial system's guardrails are being replaced by software.