AI and Payments Fraud: An Evolving Landscape

Payment fraud is shifting from a high volume, low sophistication style — think of mass phishing emails with typos and formatting errors to lower volume, higher impact attacks which are becoming more popular as criminals apply technology such as AI. For example, Gen AI can be used to create believable IDs, and clone faces and voices, enabling targeted business email compromise and CEO impersonation schemes that can defraud a single company out of large sums.  

So, over the next year or two, the number of payment fraud attempts may decline slightly or remain flat, while loss levels rise. Looking at the statistics, a substantial portion of payment fraud involves identity fraud — the use of identity data to commit fraud. Within identity fraud, the share of sophisticated cases has tripled in one year. In 2024, only about 10% of fraud attempts were advanced. In 2025, that share surged to 28%.¹  

At the same time, overall identity fraud attempts as a proportion of analyzed verifications worldwide fell from 2.6% in 2024 to 2.2% in 2025.² In another report, overall fraud losses for banking institutions were estimated to rise globally from $23 billion in 2025 to $58.3 billion in 2030, driven by a 153% boost in more sophisticated fraud types.³ A third report found a 1,210% surge in AI-enabled fraud, including deepfake and synthetic fraud, between January and December 2025, versus a 195% rise in traditional fraud.⁴ These difficult numbers are a call to action for the banking industry.

New and Emerging Types of Fraud

With the development of AI-enabled payments fraud comes a growing list of novel fraud types, including:

• Deepfakes: AI-generated audio and video convincingly impersonate real individuals on calls or virtual meetings to pressure victims into transferring money or revealing sensitive banking data. One 2024 survey found that deepfake fraud hit half of businesses, with average per-incident losses of $450,000.⁵ Deloitte’s Center for Financial Services predicts that the GenAI used in deepfakes could enable fraud losses to reach $40 billion in the United States by 2027, up from $12.3 billion in 2023, a compound annual growth rate of 32%.⁶
• Synthetic Identities:  Fraudsters use AI to create more convincing synthetic identities by blending elements of real personal data (e.g., an ID document number) with fabricated details like a name or address, to create an entirely fake person. AI enables the processing of large datasets by criminals to find useful data, and Gen AI can invent personal details and generate valid-looking documents such as passports and driver's licenses. According to one recent survey, 61% of the senior fraud and risk executives who responded said that synthetic identity fraud will be the fastest growing threat over the next 12 months.⁷ The Deloitte Center for Financial Services predicts that synthetic identity fraud is expected to generate at least $23 billion in losses by 2030 in the United States.⁸ 
• Bot Orchestration: Bots are used in a wide variety of ways to conduct payment fraud. For example, botnets perform credential-stuffing attacks, testing millions of stolen usernames and passwords against login portals, to gain access to accounts. Bots also rapidly create new consumer and merchant accounts using databases of stolen identities. The rise of AI has taken bot use to the next level by enabling them to more closely mimic human behavior, bypass CAPTCHAs and generate realistic fake identities. Some 42% of executives in one survey predict that buy-now-pay-later fraud, often driven by bots, will become an increasing threat over the coming months.⁹

These novel forms of AI-enabled payment fraud — and those that will be developed over the next few years — are a form of innovation that is breathtaking in its creativity. They are also extraordinarily damaging to businesses, individuals and the financial system.

Meeting the Challenge

As AI drives increasing sophistication and loss levels, organizations need to ensure that their own capacity to fight fraud is evolving through the use of AI, too. For example, AI is very effective when used for anomaly detection, and one survey shows that 60% of organizations have implemented this capability.¹⁰ BNY has AI-based anomaly detection in its own Payment Validation solution, including machine learning and advanced analytics. These technologies deliver real-time, continuous monitoring, detection and response to potential fraud, keeping organizations and their customers safer.  

AI is even more effective at detecting and preventing fraud when layered in with other strategies. These include account validation services and identity and transaction validation protocols such as multi-factor authentication (MFA). MFA requires users to provide two or more verification factors, enhancing the overall security of accounts. This can be strengthened further by the addition of biometric identity confirmation technologies. As well, training employees in fraud detection and prevention skills remains an extremely effective way to reduce fraud risk, too. For example, employee awareness training about deepfakes and how to spot a potential incident is the first line of defense, as it is for other types of business electronic communications, such as email. Employees who use AI themselves, at work and in their everyday lives, will be best equipped to identify AI fraud.

In short, AI is effective at identifying payment fraud, but to be at its most effective, it should be combined with additional anti-fraud approaches. Human intelligence and experience remain a vital weapon in the war against fraud. 

Changing the Rules of the Game

Digitalization is helping to limit the instances of payment fraud as older, less digital forms of payment are far more susceptible to fraud than newer, electronic methods.  For example, more than 63% of organizations based in the U.S. experienced check fraud and 21% encountered corporate/commercial card fraud in 2024. However, mobile wallets only had a 3% fraud rate in the same survey, and real-time payments just 2%.¹¹  Zelle, a U.S.-based account-to-account digital payment service, reports that today 99.95% of its transactions are completed without any report of scam or fraud, thanks to the use of authentication and enrollment controls, real-time transaction monitoring, and in-app alerts sent to users.¹² Zelle is seeking to reduce fraud rates even further by implementing payment tokenization. Payment tokenization is a process that replaces sensitive payment data, such as bank account numbers, with a unique, randomly generated string of characters known as a token. This token is then used to process transactions without exposing the actual card details — resulting in enhanced security. 

_{Source: 2025 AFP Payments Fraud and Control Survey Report, www.AFPonline.org}

Pay-by-Bank, which leverages open banking technology, also has lower levels of fraud than other forms of payment.¹³ Pay-by-Bank enables people to pay approved retailers, billers and brokerages directly from their bank accounts. Since it relies on open banking, it provides additional security because customers do not need to enter any payment details. Customers can also verify the transaction using a biometric ID through multifactor authentication, for greater protection. Open banking and AI help to proliferate innovative services like Guaranteed ACH and account tokenization, which are great tools that address various payments risks. Open banking data — much richer than many older payment forms — can also be used to develop advanced algorithms to detect fraud for real-time identification of suspicious transactions. 

In jurisdictions where open banking adoption is growing rapidly, the statistics highlight the lower levels of fraud. In the U.K., where there were 13.3 million open banking active users in March 2025,¹⁴  open banking-initiated payment fraud continues to be lower than the industry average for fraud in payments (January-June 2025), both in volumes (0.013% vs. 0.045%) and in value (0.020% vs. 0.027 %).¹⁵ While fraud patterns can vary by rail and region, the direction is clear: modern, digital methods often incorporate controls that lower risk exposure.

Overall, there is a wide range of ways that organizations can fight against the increasing sophistication of AI-enabled fraud — including AI-based technology, other technology solutions such as MFA, employee training and encouraging the shift to new payment rails. Building the right strategic mix should be an important priority to ensure the organization and the third parties it engages with, including customers, are kept safe.