Generative AI Is reshaping financial fraud. Can security keep up?

In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies. With fraudsters using generative AI to launch sophisticated attacks, financial institutions must adopt adaptive AI solutions to stay ahead.

Xie points out the role of real-time data orchestration, machine learning, and integrated security platforms in balancing fraud prevention with a seamless user experience.

How are fraud tactics evolving with the rise of generative AI and automated attack tools?

Fighting financial fraud has always been an arms race between financial institutions and fraudsters, and AI has made it a much tighter race. As payments innovations continue, legacy fraud solutions can’t keep pace. Today, you need to be able to fight AI with AI to beat fraudsters at their own game.

With many fraudsters leveraging generative AI to launch attacks, fraud solutions can leverage generative AI to stay ahead in many areas. For example, generative AI has already been adopted to automate rule creation and tuning to provide better detection and save fraud teams time and money on trial-and-error methods.

Organizations need to have adaptive responses to be ready for new and evolving fraud and scam attacks. Sophisticated AI technologies and machine learning models can analyze large sets of data and signals in real-time to identify hidden patterns and correlations through usage patterns, device information, location information, network characteristics. These technologies are essential in identifying new and evolving threats, and they continuously improve over time, which is particularly crucial in combating deepfake threats.

Many organizations struggle with balancing fraud prevention and user experience. How should they navigate that tradeoff?

Balancing fraud protection and user friction is a delicate challenge that many organizations face. Achieving an effective equilibrium requires implementing strategies and technologies that enhance security without causing unnecessary inconvenience to users.

Having a unified platform that integrates and orchestrates different sources of disparate data into centralized intelligence allows for a holistic view and is the best way to ensure balance between fraud protection and customer experience.

Many organizations have had to piece together a multitude of fraud solutions to solve for and protect against all the various types of fraud, which creates challenges in providing a consistent, seamless experience for customers. That’s why real-time data orchestration must be paired with cutting-edge machine learning and AI technology to provide the best fraud protection while also reducing false positives.

How can organizations improve real-time fraud detection without generating excessive false positives?

Continuously enhancing our understanding of AI and acquiring the skills needed to effectively incorporate it into models is key to maximizing its effectiveness, which includes increasing real-time accuracy and reducing false positives while also enhancing operational efficiencies.

Here are a few examples of how to leverage different types of AI technologies:

• Supervised machine learning: Enhances detection accuracy and reduces false positives. It’s particularly effective when accurate fraud labels are available.
• Unsupervised machine learning: Excels at identifying evolving fraud patterns even when labeled data isn’t available.
• Generative AI: Tools powered by generative AI allow fraud teams to automatically create and fine-tune rules, write and debug feature scripts with AI assistance, and auto-generate rule descriptions. The implementation of a tool like this significantly enhances operational efficiency for fraud teams.

What are the key signals or data points organizations should monitor to detect coordinated fraud rings?

Today, fraudsters have access to the most up-to-date technology that makes it easier than ever to exploit gaps in fraud strategies. That’s why having a centralized intelligence hub is key to an effective fraud strategy. Integrating various data sources and efficiently managing the analysis and processing the information throughout the account lifecycle, business units and channels, it’s possible to achieve a comprehensive understanding of customer behavior. Using this approach makes it much easier to detect and prevent coordinated fraud rings and schemes.

For example, a fraud ring conducting large-scale coordinated attacks involving account takeover and mass registration could use different IPs and device IDs, IP addresses traced back to VPN or data centers, the recurrence of specific payee account numbers, etc. Individually, these subtle signals might not immediately raise concerns, but the true strength of data orchestration lies in its ability to put these scattered indicators together to construct a detailed picture of the fraud operation.

The more data at hand, the clearer the patterns become, allowing for detection and linking of multiple accounts involved in the ring. Data orchestration is essential in being able to aggregate large sets of information, which allows organizations to harness it in real-time to uncover and dismantle the sophisticated networks of fraud.

How should security, risk, and fraud teams collaborate to improve fraud prevention efforts?

The most effective way security, risk and fraud teams can collaborate to fight new and sophisticated fraud, is to aggregate all data and signals from all the different systems. This gives an organization a much more comprehensive and holistic view compared to traditional approaches that tend to be siloed and reactive, and therefore more vulnerable to fraud attacks. At the same time, organizations need to implement a flexible decision flow to allow dynamic actioning based on a wide range of signals.