For years, fraud teams have focused on familiar risks: suspicious transactions, account takeovers, mule activity, social engineering, merchant fraud and abnormal payment behaviour. Those risks have not gone away, but the way they are being carried out has changed significantly. AI has made these fraud vectors faster to execute, easier to scale and, in many cases, harder to detect.
Synthetic identities can now be built from more convincing combinations of real and fabricated information, making them harder to spot during onboarding or verification. Deepfakes and document manipulation are raising the credibility of false claims, whether that means altered bank statements, forged identity documents or cloned voices used to impersonate customers, executives or counterparties.
RESEARCH BACKS THE POINT
Recent research from KPMG underlines that shift. Among surveyed organisations that have experienced fraud in the past year, 81% said attacks were AI-powered. Moreover, 60% reported fraudulent email or chat using AI-generated content or agents, 39% experienced deepfake document fraud, and 24% reported voice clone attacks. In a remarkably short space of time, these threats have moved from a future concern to a present issue.
Likewise, scalable social engineering is changing the threat landscape by allowing fraudsters to produce persuasive, personalised messages at far greater volume, making scams feel more credible and more precisely targeted. Layer on top of that the fact that fraud is increasingly networked rather than isolated, and the picture becomes clearer: this is not simply more fraud, but a more coordinated, adaptive and harder-to-detect form of it.
MISALIGNED RESPONSE
Right now, many fraud controls have been built to combat an earlier era. Systems have been designed to catch known patterns, apply pre-set rules and escalate suspicious activity for review. That combination still has a role, but it is becoming less effective as fraud grows more adaptive, more synthetic and increasingly capable of mimicking legitimate behaviour. As a result, businesses are beginning to see fraud rates creep back up.
Take for example an area like payments, where fraud rarely happens as one clean, isolated event. What often looks like a handful of disconnected cases can in fact be part of a broader pattern involving shared devices, repeated identity elements, mule networks or coordinated merchant behaviour. If you only review events one by one, you often miss the structure behind the loss.
WHAT MODERN FRAUD DEFENCE NOW REQUIRES
That is why the role of AI in defence needs to be understood in practical terms, not rhetorical ones. The point is not to mirror the language of attackers or simply say that AI must fight AI. The point is that fraud has become too fast-moving, too convincing and too interconnected to be managed well through static controls alone. Rule-based systems are effective when fraud is obvious, or repetitive, but nowadays, that’s not what fraud looks like.
A practical response is to combine multiple layers of intelligence. Whether it’s using behavioural analysis to distinguish between normal and abnormal activity, anomaly detection to surface patterns that do not fit historical expectations, or network-level visibility to reveal connections that are invisible in siloed environments. Machine learning can help identify emerging threats faster than manually updated rule sets alone.
HUMANS REMAIN ESSENTIAL
Crucially, human oversight remains essential throughout this mix. However sophisticated silicon-based systems become, carbon-based judgments still matter. People remain critical to interpreting context, challenging outputs and making sound decisions where nuance, accountability and risk are involved. Still, these individuals must be supported with better tools, which elevate their capacity to detect threats.
KPMG’s findings suggest many organisations already recognise this. More than half of respondents said they are using AI-powered fraud defences, yet only 26% have a formal, comprehensive and tested fraud response plan that explicitly covers AI-powered attacks. This suggests awareness is rising faster than readiness. Given the rise of the threat, this gap can no longer be allowed to persist.
RESHAPING AND RESPONDING
Given the wider direction of travel, it seems inevitable that fraud will only continue to evolve down this path, becoming more synthetic, more adaptive and harder to catch through static checks alone. To get ahead of the issue, firms must first develop a clearer understanding of how the problem has changed, where legacy controls are losing effectiveness, and how intelligence-led systems can support real decision-making in live environments.
Amid an increasingly fast-moving threat landscape, and reinforced by research such as that from KPMG, the question for businesses is no longer whether AI should play a role in fraud prevention. It is whether organisations can realistically defend themselves against AI-enabled fraud without it. Right now, the answer appears to be no, and there is little reason to believe that will become any less true in the years ahead.
For more information about Fraudio, please visit: https://www.fraudio.com/