The AI arms race: how financial services are fighting back against synthetic identity fraud

With synthetic identities on the rise, driven by deepfakes, fintechs are shifting from static checks to continuous identity verification to strengthen trust and AI-ready fraud defences.

The financial services industry is facing an unprecedented challenge: generative AI has fundamentally transformed the fraud landscape, turning what was once credential theft into sophisticated cognitive fraud. With fraud losses in US financial services projected to soar from USD 12.3 billion in 2023 to nearly USD 40 billion by 2027, and deepfake attempts occurring every five minutes, the industry is racing to adapt its defences against AI-powered threats.

In a recent webinar hosted by The Paypers and Microblink, industry experts from eToro, Electronic Merchant Systems, and Microblink gathered to discuss how AI has broken traditional trust systems and what forward-thinking companies are doing to fight back. Mirela Ciobanu, Lead Editor with The Paypers, shares more.

The shift from credential to cognitive fraud

According to Ambreen Khasru, Head of Compliance at eToro, the fraud landscape has undergone a dramatic transformation in just two to three years. ‘Two or three years ago, fraud was about stealing access’, she explained. ‘Fraudsters were getting hold of usernames, passwords, one-time codes through phishing campaigns and credential stuffing. Today, we've moved from stealing logins to actually creating those identities.’

This shift represents what Ambreen calls the move from ‘credential fraud’ to ‘cognitive fraud’ - fraud that mimics human behaviour, voice, and appearance through AI-generated content. Fraudsters no longer need to steal passwords; they can generate entirely believable synthetic personas that pass traditional verification checks.

The democratisation of fraud

Daniel Stanbridge, Chief Risk and Compliance Officer at Electronic Merchant Systems, highlighted how AI has lowered the barriers to entry for fraudsters. ‘Synthetic ID fraud has always existed in card processing’, he noted. ‘The difference now is that with AI being freely accessible to the mass market, the barriers to entry have been lowered and the ability to commit fraud is now at the fingertips of large parts of the population.’

Dan revealed that in the US SMB payment processing market, at least 20-30% of applications now show signs of synthetic fraud - a significant increase from just five to ten years ago when it was half that rate or lower. The scalability of AI-powered fraud attempts has created a daily battle for risk teams across the industry.

AI as a double-edged sword

While AI poses significant threats, it's also becoming essential for defence. Ambreen explained how eToro uses AI positively through their AI companion ‘Tori’, which assists investors with portfolio analysis, while also leveraging AI for customer support and fraud detection to handle thousands of transactions daily.

Dan shared how Electronic Merchant Systems transformed their underwriting process from a 15-day paper-based system to a 24-hour digital process using AI and technology, actually improving risk integrity while reducing friction. ‘We're using it to our advantage’, he said, ‘moving from voided checks to online bank verification in real-time, removing PDFs of digital IDs to real-time validation of selfies.’

The end of static KYC

Patrick Klima, Director of Platform Products at Microblink, emphasised that the industry is experiencing a step change. With deepfake attempts increasing by 3,000% from 2022 to 2023, and a further 1,100% globally over the past 12 months, static, one-time KYC verification is no longer sufficient.

‘The approach of just doing KYC once doesn't work anymore’, Ambreen stressed. ‘It has to be a combination of many different things. What we're checking for now is reality. Is this person real?’ The solution lies in what Patrick calls ‘continuous identity intelligence’. Continuous identity intelligence goes beyond initial onboarding or login - it’s about constantly assessing how much trust can be placed in a user at any given moment in their journey. In practice, this means that identity verification doesn’t stop once an account is created. The process begins with signals from the device being used to register or log in and continues with document and biometric verification to confirm that the identity is genuine. At this stage, systems also draw from third-party databases and canonical data sources to validate that the identity presented exists in the real world - a critical step in detecting synthetic identities, which can be entirely fabricated using AI or forged documents.

Each of these verifications generates new data points - creating a historical pattern that helps determine, during future interactions, whether a person is who they claim to be or if a new synthetic identity has been created.

Beyond onboarding, continuous identity intelligence helps detect account takeovers, phishing attempts, and other forms of compromise by analysing evolving device, behavioural, and biometric signals. It seeks to answer: Is this the same person we’ve verified before, using the same trusted signals?

Even later in the customer lifecycle - during account reactivation, transaction reviews, or fraud investigations - these same indicators and biometric references are used to re-verify the individual.

Building resilient defence systems

The experts agreed that combating AI-powered fraud requires a multi-layered, adaptive approach. Dan emphasised the importance of good data availability and layering different AI tools and technologies together. ‘AI is only as good as the data that you feed into it and only as good as the structure and governance that you build around it’, he cautioned. Electronic Merchant Systems has implemented AI-native tools that pull numerous data points to paint a picture of hidden ecosystems, allowing them to take proactive rather than reactive approaches to fraud. This includes detecting transaction laundering, where legitimate merchants process transactions for illegitimate secondary websites.

The human element remains critical

Despite AI's capabilities, all three experts stressed that human expertise remains vital. ‘AI needs prompts’, Ambreen pointed out. ‘At the end of the day, once you get the outputs, you need a human to interpret those outputs and make the necessary decisions.’

Dan agreed, noting that humans are essential for orchestrating AI systems, setting risk appetites, and providing the personal touch that's becoming increasingly important in merchant and customer interactions. The challenge is finding the right balance between automation and human review while maintaining scalability.

The future of identity trust

When asked about the future of identity trust and what companies need to do to build resilient fraud strategies, Patrick described what he sees as a new renaissance in identity verification - one accelerated by the growing sophistication of deepfake and synthetic identity attacks.

Over the next 18 months, Patrick expects three major shifts to shape the industry. First, the development of device intelligence networks, which aggregate data from devices interacting across ecosystems to identify and flag risk more accurately. Second, biometrics will evolve into a key authentication factor, used dynamically in high-risk moments when additional verification is needed based on other behavioural or device-based signals. And third, the emergence of electronic IDs (eIDs) will mark a fundamental shift in how individuals verify their identities online.

While many service providers have yet to fully prepare for eIDs, Patrick predicts that by 2026, adoption will accelerate as both users and businesses seek secure, compliant, and streamlined verification experiences. The challenge - and opportunity - for companies will be in integrating these new technologies to strengthen trust while maintaining a seamless user journey.

Collaboration in fraud prevention

When discussing what’s needed to strengthen trust in digital payments, the speakers emphasised one recurring theme - collaboration. Partnerships between banks, fintechs, payment processors, and technology providers are critical to effectively combat AI-driven fraud.

Ambreen noted that while collaboration would be transformative, data-sharing barriers such as GDPR make it challenging to act quickly against fraudsters. Today, many financial institutions operate in silos, sharing insights only after an incident has occurred - as seen with Suspicious Activity Reports in the UK - when it’s already too late to prevent losses. She highlighted the need for more proactive and real-time collaboration, which would require anonymisation and tokenisation of sensitive data.

Patrick agreed, adding that the real challenge lies in finding the right balance between privacy and cooperation, as well as in overcoming the hesitation among service providers to share even anonymised data. ‘Everyone wants to be part of a fraud consortium’, he said, ‘but fewer are willing to actively participate in one’.

The takeaway? Building resilient identity trust systems will require a new framework for secure, compliant data collaboration that keeps fraudsters out - without compromising user privacy.

Conclusion

The arms race between fraudsters and defenders will continue to escalate, but by combining advanced technology with human insight and moving toward continuous identity intelligence, financial services can stay ahead of the evolving threat landscape. The key is to act now – as Patrick warned, putting off these decisions or assuming current systems will suffice is one of the biggest mistakes organisations can make in this rapidly changing environment.

About author

Mirela Ciobanu is Lead Editor at The Paypers, specialising in the Banking and Fintech domain. With a keen eye for industry trends, she is constantly on the lookout for the latest developments in digital assets, regtech, payment innovation, and fraud prevention. Mirela is particularly passionate about crypto, blockchain, DeFi, and fincrime investigations, and is a strong advocate for online data privacy and protection. As a skilled writer, Mirela strives to deliver accurate and informative insights to her readers, always in pursuit of the most compelling version of the truth. Connect with Mirela on LinkedIn or reach out via email at mirelac@thepaypers.com.