AI-Driven Synthetic Fraud: A Growing Threat to Financial Institutions

AI-driven synthetic fraud a growing threat to UK financial institutions: By Paul Weathersby

We recently shared some insights highlighting a critical issue for the financial services industry: as UK consumers increasingly rely on digital platforms, synthetic fraud is on the rise. Our latest data has shown a staggering 60% increase in synthetic identity fraud cases in 2024 compared to the previous year, with these cases now constituting nearly a third (29%) of all identity fraud. What this underscores is the evolving tactics of fraudsters, who are leveraging advanced technologies like generative AI to create convincing fake identities. As these fraudulent activities become more sophisticated, financial institutions are having to find ways to better safeguard themselves and their consumers against new threats. To effectively combat this escalating issue, financial institutions must prioritise two key strategies: deploying cutting-edge technologies and fostering collaborative efforts. By embracing innovative solutions and working together, they can enhance their defences and ensure robust protection against the ever-changing landscape of fraud. Understanding synthetic fraud Historically, creating new identities to apply for financial products involved combining an individual's sensitive information, such as national insurance numbers or dates of birth, with either different identities or fake personally identifiable information. This process was time-consuming, but with generative AI, synthetic fraud can take place in a matter of minutes. Some criminals go as far as to fabricate entire social media accounts to make their fake identities feel more legitimate. Detecting synthetic fraud is considerably more challenging than traditional identity fraud. Because synthetic identities are not linked to real individuals, there is no person monitoring the credit file who might raise the alarm. As a result, fraudulent accounts or lines of credit can go unnoticed for extended periods. Unlike identity theft, where the real person might notice and report unfamiliar accounts, synthetic fraud lacks this layer of detection, making it harder to spot. Generative AI also aids fraudsters in altering voices and producing convincing fake identity documents to bypass security screenings. It is believed that the number of fake passports generated through AI could now exceed digitally altered physical documents for the first time. The role of artificial intelligence Fortunately, AI solutions are at the forefront of the solving the problem too. These advanced systems can analyse vast amounts of data in real-time, identifying patterns and anomalies that may indicate fraudulent activity. The three most prevalent use cases are: Ultimately, the integration of AI and other advanced technologies has had a significant impact on fraud prevention in the UK. According to UK Finance, financial services companies prevented £710 million of unauthorised fraud in the first half of the year. This success is largely due to the sophisticated fraud-prevention technologies now in place. The role of data sharing Data sharing also plays a crucial role in preventing synthetic? fraud by fostering collaboration and information exchange among industry players. It enables banks, insurance companies, and other financial firms to share data on fraudulent activities, suspicious transactions, and emerging threats in real-time, creating a robust mechanism against fraud. One of the main benefits of data sharing is the ability to identify and mitigate fraud patterns more effectively. By pooling data from multiple sources, financial institutions can detect abnormalities and patterns that may indicate fraudulent activity. This allows for quicker identification of fraud schemes that might go unnoticed if companies were operating in isolation. Moreover, data sharing enhances the speed and accuracy of fraud detection. When a suspicious transaction is flagged by one company, the information can be rapidly shared, alerting other members to potential threats. Staying ahead What is interesting is that additional research by Experian, which surveyed more than 500 financial service companies, found that only a quarter (25%) feel confident in addressing the threat posed by synthetic identity fraud. Additionally, just 23% feel equipped to deal successfully with AI and deepfake fraud. This highlights the critical need for businesses to take action now. While the fight against fraud is an ongoing battle and criminals continue to develop new methods, the key for financial institutions is to remain vigilant and proactive in updating their strategies against preventing financial crime. By leveraging the latest AI and data-sharing technologies, and fostering industry collaboration, they can stay ahead of emerging threats and safeguard their customers.

Fraud Prevention in Digital Lending: AI vs. Cybercriminals: By Dmitriy Wolkenstein

Digital lenders must scale trust as fast as fraud is scaling. The platforms that survive will design adaptive, ethical, and AI-enhanced security -- not as friction, but as fluid, invisible strength. In 2024, 42.5% of all fraud attempts in the financial services sector were AI-generated, according to Signicat's Battle Against AI-Driven Identity Fraud report. Not just assisted -- entirely automated (Signicat, 2024). Synthetic identities, deepfaked documents, bot-generated applications. It's not science fiction. It's happening now. And with nearly one in three of these attempts succeeding, the message is clear: digital lending is under siege. We are under the siege of industrialised identity warfare. Fake identities have become fully synthetic. They're not cobbled together from stolen data; they're designed from the ground up -- crafted by generative models that know how to pass selfie checks, answer KYC questions, and mimic the digital footprint of a 28-year-old freelance consultant with a healthy cash flow. Once clunky and easy to spot, bots now behave like anxious students filling out a loan form. They scroll like humans. They pause to "think." They backspace on ZIP codes. Powered by reinforcement learning and access to public onboarding flows, these bots are trained to pass, not to smash. Document fraud has gone from the domain of shady print shops to scalable SaaS. Entire marketplaces now offer plug-and-play bank statements, pay slips, and utility bills, customised by geography, income tier, and even the employment industry. More than sloppy Photoshop jobs, they're precision fakes that pass OCR and metadata checks because they've been tested on real lenders' systems. And lenders? They're in an existential moment. The same digital pipes that promised inclusion and speed have widened the attack surface. Every seamless UX flow, every "apply in minutes" promise, is now a potential entry point for weaponised algorithms posing as borrowers. Digital lending began with the promise of inclusion and democratised credit. With just a smartphone and an internet connection, borrowers could apply for credit in minutes -- no paperwork, no queues, no friction. It removed the traditional gatekeepers and replaced them with data, algorithms, and user flows designed for speed. However, doing so also created an attack surface that fraudsters have learned to exploit at scale. Cybercriminals today operate like agile startups. Many subscribe to fraud-as-a-service models on the dark web -- complete with tech support, user dashboards, and updates that rival those of legitimate SaaS platforms. Their tools are built with the same sophistication used by the companies they target. They're using generative AI to craft synthetic profiles that mimic real people down to biometric nuances. They forge documents that beat OCR checks. They unleash bots that simulate human hesitation in online forms. This isn't your average phishing scam. It's industrial-grade fraud engineered by algorithms. The Arms Race in Digital Identity: Behavioral AI and the Human-Machine Pact Yesterday's fraud detection relied on static red flags -- unusual IP addresses, mismatched ID documents, and brute-force login patterns. These worked when the fraud was blunt. It isn't anymore. Today's fraudsters are behavioural mimics. They understand the logic behind your onboarding flows better than your interns. They know what triggers a review. And they're building around it. Although most financial institutions already deploy AI for financial crime (74%) and fraud detection (73%), there's no illusion that the battle is close to over. In fact, every single respondent in a 2024 global banking survey expects both financial crime and fraud activity to increase (BioCatch, 2024). Not plateau -- increase. Many of these attackers now operate with the sophistication of software startups. They use publicly available KYC flow maps to train their own generative models. Large language models (LLMs) are fed with financial onboarding prompts to generate coherent, dynamic customer personas -- complete with plausible biographies, payment behaviours, and even reaction times. Some systems simulate human error with uncanny precision: a mistyped zip code followed by a quick correction or a momentary pause before uploading a document. It's designed to look human -- because it's trained on how humans behave. Financial institutions are deploying defensive machine intelligence -- AI systems built not to predict risk from static data but to monitor and analyse real-time micro-behaviors to counter this. These systems measure thousands of signals per user session: typing cadence, pressure on the touchscreen, scroll velocity, navigation patterns, mouse jitter, device tilt, decision lag, and even tab-switching frequency. It's not just what users submit -- it's how they behave while submitting it. This is behavioural biometrics at an industrial scale. For example, a brief pause before entering a birthdate -- an action typically taking milliseconds for a legitimate user -- can be enough to escalate a session into a risk queue. But that kind of granularity cuts both ways. The tighter the net, the more it catches -- sometimes the wrong fish. False positives, especially for thin-file or neurodivergent users, can result in blocked applications or manual reviews. Meanwhile, false negatives allow hyper-personalised fraud attempts to slip through. For digital lenders, this razor-thin margin between blocking fraud and preserving access is no longer theoretical -- it's operational. And the cost of error is rising. This is where the Human-Machine Pact comes in: the best systems don't eliminate human involvement -- they enhance it strategically. AI acts as the velocity filter, flagging real-time anomalies and learning from resolution feedback. Human analysts handle edge cases: refugees without formal IDs, freelancers working from rotating IPs, Gen Z applicants with unconventional credit behaviour. The collaboration is becoming symbiotic. Human oversight provides ethical checks, training data refinement, and escalation logic. AI, in turn, ensures coverage at a scale and speed that is impossible for manual teams. Together, they form what smart lenders now call "dynamic trust infrastructure" -- a fusion of real-time data science and contextual decision-making. As fraud moves faster and deeper, this hybrid model will be the only way to stay ahead. In the age of algorithmic deception, it's not enough to detect patterns -- you must understand intent. Users may never see the fraud defence stack -- but they feel its consequences. A seamless onboarding flow that still catches bots? That's a product win. A false decline that blocks a real borrower mid-application? That's a reputational hit. Smart platforms have recognised this shift. They're embedding security not as friction but as an intelligent, adaptive experience. Take progressive disclosure -- based on user behaviour, where personal information is requested only as needed. This reduces front-end fatigue for real users while exposing hesitation patterns that signal risk. Modern digital platforms SHOULD treat every click, scroll, and pause as a signal -- not just of intent, but of authenticity. Contextual prompts -- such as dynamic tooltips, biometric fallback steps, and subtle voice-verification cues -- serve a dual purpose. They assist users through the flow while simultaneously probing behavioural consistency. When a person lingers on an ID upload field or switches tabs during verification, real-time AI interprets these signals and dynamically adjusts the journey. This adaptive approach introduces trust-building steps at just the right moment -- such as selfie verification, in-session behavioural checks, or a smart redirect for manual review. Each prompt feels native, yet each one strengthens security without raising barriers. Brought together, all these measures form an invisible shield. Instead of blocking suspicious activity outright, they reroute and reframe it. They slow down automated scripts, surface deeper analytics, and allow session-level intelligence to orchestrate risk across touchpoints. In this setting, users can experience a fluid, supportive journey. Meanwhile, fraud systems gain granular visibility without introducing friction. Security becomes seamless. Design becomes the first responder. Platforms achieve both trust and usability -- two goals that once pulled in opposite directions. In lending, where identity, intent, and financial behaviour intersect, that trust must be earned every second. Leading lenders are already investing in real-time trust engineering -- combining behavioural biometrics, passive signals, and UI decision trees to build flows that feel intuitive to humans but hostile to bots. These systems shape the experience so that legitimate users glide through while synthetic actors are caught in adaptive loops. Financial institutions and lenders face adversaries who operate with speed, precision, and creativity -- crafting synthetic identities, automating deepfake personas, and adapting attacks as fast as defences evolve. The rise of AI-powered fraud IS the next phase of digital finance. As onboarding becomes easier, as credit becomes more embedded, and as borders become less relevant, trust will be defined by one thing: resilience. Financial institutions that treat fraud prevention as a compliance checkbox will fall behind. The leaders will be those who build real-time, adaptive, and ethical AI systems that fight fire with fire -- without burning legitimate users in the process.

5 Myths About Fraud Prevention for Financial Services Firms | PYMNTS.com

AI systems that calculate fraud probabilities rather than binary "yes-no" decisions catch more fraud and minimize false positives. Fraud is getting more sophisticated, thanks to artificial intelligence (AI). Fraud can be perpetrated in the form of deepfake videos or voice, with AI producing a clone of a family relative supposedly in an emergency and needs a cash transfer immediately. AI can write more convincing phishing emails, removing telltale signs such as broken English. AI can also fake images like a driver's license to fool and scam people, according to an FBI report. "Fraud is only going to get worse with the creation of generative AI," said Mike de Vere, CEO of Zest AI, which leverages AI to help financial services firms make more informed lending decisions and mitigate fraud incidents. According to a March 2025 report from the U.S. Federal Trade Commission (FTC), the amount of losses due to fraud hit $12.5 billion in 2024, up 25% from the prior year. More people also reported they lost money due to fraud: 38% last year compared to 27% in 2023. Investment scams led people to lose the most money, totaling $5.7 billion, up 24% from the year before. The second highest were imposter scams, at $2.95 billion. However, imposter scams were the most commonly reported fraud, with online shopping fraud next. Notably, consumers lost more money to scams through bank transfers or cryptocurrency than all other payment methods combined, the FTC said. According to a PYMNTS Intelligence study in partnership with i2c, 28% of consumers have fallen victim to credit card fraud last year. Moreover, 37% said they were "very" or "extremely" worried about falling victim to such fraud, according to "Consumer Credit Economy: Credit Card Fraud." In an interview with PYMNTS, de Vere said fraud losses are projected to reach $40 billion by 2027. Fraud tools are becoming more accessible, he added, noting that for as little as $20, criminals can do things like create fake IDs and pay stubs. Read more: 37% of Consumers Highly Concerned About Credit Card Fraud Based on his experience working with banks and credit unions, de Vere shared his insights on five myths about fraud prevention that could leave organizations vulnerable. The first misconception is that fraudsters only target major financial institutions. In reality, 8 out of 10 banks and credit unions, including smaller ones, reported fraud losses exceeding $500,000 last year. "It disproportionately impacts smaller financial institutions," de Vere said. "A fraudster going up against Citi's IT team is probably going to be less successful than [targeting] a tiny credit union that outsources their IT." Many institutions believe that monitoring individual transactions provides adequate fraud prevention protection. For example, looking at a customer's credit card patterns to spot whether there's a fraudulent purchase. However, de Vere said this narrow approach misses the broader behavioral patterns that AI can detect. He shared this real-world example: A fraudster opened a credit card at a credit union, charging about $100 a month and paying it off regularly. By itself, this behavior doesn't raise red flags. However, this criminal was doing the same thing at several credit unions, de Vere said. The individual eventually applied for and received personal loans, maxed out the credit cards and disappeared with the money. The third myth revolves around the idea that to be secure, a financial institution has to put the customer through several hoops such as asking for the answer to a security question and the like. It creates friction in the customer experience. These binary fraud systems -- is it a fraud or not? Yes or no -- can create problems unnecessarily, de Vere said. He shared his personal experience of being flagged for ID fraud during an auto loan application simply because his last name was squished together. "An AI solution could have looked at my credit report and seen that ... two of my credit cards actually have my last name smashed together, so it's probably not likely that I'm a fraudster." Humans are supposed to be the gold standard when it comes to catching fraud, but de Vere argued that they are only as good as their experiences. Moreover, manual reviews are limited by the reviewer's experience within an institution. In contrast, an AI model can consume trillions of points of data to identify patterns of fraud. "It's so far beyond where a human can be," de Vere said. The final myth is that fraud prevention solutions are interchangeable. De Vere said that many available solutions are incomplete, creating blind spots in security coverage. He said a robust fraud prevention solution should offer probability scores rather than binary "fraud/no-fraud" decisions, be trained on comprehensive datasets and tailored to an organization's needs and geographic location. This approach lets organizations identify local fraud rings and deploy appropriate security measures. Advocatong for a collaborative approach to fighting fraud, de Vere said, "We need to be thinking less about it being a competitive issue and more about it being a collaborative issue." To that end, Zest AI has created a consortium to share fraud experiences, enabling AI models to learn from attacks on one institution to protect others in the same ecosystem.