By Rajat Deshpande, CEO & Co-Founder, FinBox
A Hong Kong employee receives a video call from her CFO. The voice is recognisable. The mannerisms and even the slight accent are pitch-perfect. She wires $25 million based on what she sees and hears. Only later does she discover that she was talking to pixels and algorithms.
This isn’t your usual scam email from a long-lost Nigerian prince. This is high-precision warfare executed by criminals who understand technology better than most Fortune 500 companies’ understanding of their own technology infrastructure.
The affected woman wasn’t naive. She was facing something that didn’t exist two years ago: fraud powered by the same artificial intelligence that runs our most sophisticated businesses. While we were debating whether machines could replace human creativity, cybercriminals were already using them to wipe out people’s bank accounts.
We’re asking the wrong question. It’s no longer whether AI will change financial crime. It already has. The right question is whether we’re building defenses that can match the speed of people who treat fraud like a technology startup.
Traditional fraud detection made sense when criminals used stolen credit cards and clumsy phone calls. Systems could flag unusually large transactions. Block payments from suspicious locations. Check if the person knows their mother’s maiden name.
But the old anti-fraud playbook is now dead.
Today, organised crime groups are running call centres staffed with human trafficking victims. These victims execute “romance baiting” schemes that combine emotional manipulation with investment fraud. The content they use? AI-generated. The payments they request? Routed through cryptocurrency networks that didn’t exist when most fraud detection systems were designed.
When cybercrime represents 0.8% of global GDP, we’re looking at an industrialised economy that is growing faster than most legitimate businesses. Fraud attempts rose significantly in a single quarter after COVID hit, and the traditional detection methods fell apart.
This is why modern fraud detection systems had to evolve. Now, these systems can analyse thousands of transactions per minute, assigning risk scores that update in real-time. There was no choice. Staying in the old regime of anti-fraud systems was no longer an option when static rules became obsolete almost overnight.
But despite the developments and enhancements, here’s what keeps fraud prevention experts awake at night: The tools to commit sophisticated fraud are now dirt cheap. What once required technical expertise and significant resources can now be pulled off using $20 AI tools bought on dark web marketplaces.
The same generative AI that helps companies with day-to-day tasks is crafting personalised phishing emails that slip past traditional detection. In 2023 alone, deepfake incidents in fintech jumped by 700%! Voice clones can now be created from a few seconds of audio. Photographs can be turned into lifelike videos that mimic facial expressions with uncanny precision.
When someone can impersonate your CEO with technology they bought for the price of a pizza, the entire foundation of identity verification needs rebuilding.
The real problem isn’t the technology itself. It’s the pace of adoption by bad actors. Stop Scams UK found something telling: While banks have limited evidence of large-scale AI fraud today, technology companies are already seeing fake AI-generated content and profiles flooding their platforms. The infrastructure for mass AI-enabled fraud is being built right now, even if it’s not fully deployed yet. We are watching the weapon being assembled while still debating if it’s dangerous.
But financial institutions haven’t been sitting idle. Machine learning models analyse billions of transactions to distinguish legitimate behaviour from fraud with increasing accuracy. And they are getting sharper, moving beyond flagging anomalies to learning how fraud behaves. This represents something bigger than incremental improvement. It’s a fundamental shift in how fraud detection works.
The most effective systems can now detect the undetectable. So, when organised crime groups shift from credit card fraud to romance scams, or from one-off attacks to coordinated campaigns, AI models keep up. They can detect the behavioural signatures of these new approaches without being explicitly programmed to look for them.
A human might notice that a transaction is unusual because of its size or location. AI notices that it’s unusual because of its size, location, timing, the device it came from, how quickly the person typed their password, whether they paused before clicking submit, and 100s of other variables that create a behavioural fingerprint.
But implementation remains uneven. And here’s the catch that matters – these systems are only as good as the data they’re trained on. Poor-quality data can create bias that makes systems actively harmful, flagging legitimate transactions from certain demographic groups while missing actual fraud.
When AI systems learn from historical data that reflects societal inequalities, they can perpetuate discrimination under the guise of objective analysis. Banks using biased training data have inadvertently created systems that disproportionately flag certain communities for additional scrutiny. This creates moral problems alongside operational and legal risks.
And then there’s privacy. Regulations like GDPR, DPDPA, and similar frameworks limit the data that AI systems can access, potentially hampering their effectiveness. The challenge becomes balancing
comprehensive fraud detection with legitimate privacy protections, especially when the most effective AI models often require extensive personal and behavioral data.
The most successful AI fraud prevention initiatives go beyond catching bad transactions. Machine learning tools that filter false positives allow human investigators to focus on genuinely suspicious activity rather than processing endless alerts. This lets expertise be applied where it matters most.
The most effective fraud prevention will happen when intelligence is shared across institutions and industries. When one bank’s AI system identifies a new fraud pattern, that knowledge needs to propagate quickly to prevent the same attack from succeeding elsewhere.
Because fraud isn’t slowing down at all, it is becoming more sophisticated, more automated, and more targeted.
The biggest leap in fraud prevention will come from not just building dynamic systems but also implementing them quickly enough, collaboratively enough, and thoughtfully enough.