Fingerprint has published its State of AI Fraud and Privacy Report, concluding that AI-driven attacks surge while privacy regulations limit traditional identification methods.
The company surveyed 300 fraud companies, 41% of which said that their organisations are facing AI-driven attacks. 99% of them also report fraud losses from AI-related attacks in the past year, with an average of USD 414,000 per organisation, while one-third of respondents reported annual losses of up to USD 1 million.
Key findings of the report
Beyond financial consequences, these increasingly sophisticated threats are creating operational problems. The report states that 93% of fraud teams see these impacts, with 38% of organisations citing higher costs from manual review and triage as a top business concern. The B2B SaaS industry is the most vulnerable, with 62% of organisations surveyed reporting increases in manual processes.
Privacy-first technologies are intensifying fraud detection issues. New solutions like Apple’s Intelligent Tracking Prevention are replacing the traditional fraud detection tools that teams used to rely on for user identification. 76% of participants in the survey report that privacy-focused browsers, VPNs, and customer privacy references impact detection capabilities, and 40% say that these technologies reduce identification accuracy.
The report also covers the gap between banks and fintechs, as the latter have more agility. Banks report a higher rate (54%) of AI-powered attacks, compared to 47% in fintech, and are slower to adapt and employ modern defences, making them the primary target for fraudsters. 33% of banks are evaluating AI-driven fraud tools, compared to 52% of fintechs surveyed, which makes them easier targets for criminals who take advantage of outdated systems. Attacks commonly involve account takeovers, synthetic fraud, and credential stuffing. Digital B2B SaaS platforms are also targeted due to higher user volumes and privacy-conscious customers, which makes it harder to spot fraud without disrupting legitimate user experiences. This leads to more automated attacks.
In response to these threats, 90% of institutions surveyed plan to adopt more persistent, privacy-compliant visitor identification methods within the next 12 months, with nearly 50% actively planning implementation. This highlights an alignment with broader industry efforts to implement simple security and passwordless authentication. As businesses remove passcodes and legacy solutions, they require tools such as device intelligence to actively identify legitimate users without adding friction that may disrupt their experience.
