Pedro Bizarro is the co-founder and Chief Science Officer at Feedzai. He has spent 15 years building AI fraud detection systems that banks use to make real-time decisions on billions of transactions.
Earlier this year, he attended the first global fraud summit organized by Interpol and the United Nations in Vienna. The numbers he brought back are not the kind that appear in most internal risk reports.
Financial fraud - scams, synthetic identities, deepfakes, AI-generated impersonations - has become one of the top criminal enterprises on earth. It now surpasses heroin, cocaine, and synthetic drugs. It is growing at 58% annually. It generates $440 billion in losses per year. This is more than $1 billion every single day.
That is the current threat environment, and most banks are fighting it with tools that were never designed to see the full picture. In an episode on the Banking Reinvented podcast, Pedro discusses banking fraud AI and responsible AI with host Tim Rutten.
Fraudsters have a structural advantage banks cannot match
The asymmetry between attacker and defender is not about technology alone, but also about structure.
Deloitte's Center for Financial Services projects that generative AI-enabled fraud could reach $40 billion in losses in the US alone by 2027, up from $12.3 billion in 2023 - a compound annual growth rate of 32%. Deepfake fraud in banking is no longer an edge case. In 2024, a deepfake attack occurred every five minutes according to Entrust. Synthetic identity fraud surged 311% between Q1 2024 and Q1 2025.Β
Fraudsters move so fast because they do not worry about failing. A fraudster who fails 99% of the time and succeeds once still profits. A bank that fails 1% of the time has a crisis. That dynamic means bad actors are always the first to adopt new tools - deepfakes, voice cloning, synthetic identities, synthetic identities, agentic browsers - with no regulatory constraints slowing them down and no reputational risk if an attack fails.
Pedro argues in the episode that the attacks themselves have evolved beyond what most detection frameworks do because a modern fraud campaign does not target a single institution. It moves across Instagram, WhatsApp, a telco, an online banking portal, and a fake contact center - crossing four or five companies, multiple geographies, and ending in a mule account created the day before at a different bank in a different country.Β
Each institution sees only its own small slice. None of them sees the full picture.
General-purpose AI cannot solve a banking-speed problem
When a card transaction happens, the bank has milliseconds to approve or decline it. General-purpose large language models - the ones generating most of the AI excitement - take seconds to respond and cost cents per inference call. That is roughly a thousand times too slow and a thousand times too expensive for real-time fraud detection at banking scale.
AI fraud detection in banking requires purpose-built models - trained on banking-specific data structures, designed for millisecond inference, built to handle the network complexity of payments data. The reason comes down to how financial data actually works.
A transaction is not a sentence. General-purpose LLMs were trained to predict the next word in a sequence. Financial data has no such structure. If you spend five euros at a coffee shop, there is no logical next transaction - it could be lunch next door, a hotel checkout, or nothing for two weeks. The data is a network of connected accounts, devices, merchants, and behaviors. Detecting anomalous movement of money across that web is a fundamentally different problem from predicting the next word. Language model architecture cannot do it reliably.
What Pedro sees in the market confirms this. Companies are announcing foundation models for banking that are not going to production. They exist as research assets. They cannot meet the latency and cost requirements of a live transaction environment. The banking fraud AI tools generating the most headlines are not the ones protecting customers in real time.
This is the gap Feedzaiβs RiskFM was built to close. Feedzai's foundation model was designed from scratch for the structure of financial data and the speed of live transactions - not adapted from language model architecture. It is cross-channel, ingesting data from cards, devices, home banking, and real-time payment rails like Brazil's PIX - channels that even large card networks do not always see together.Β
That breadth means it arrives at a new bank already performing at a high level, without requiring months of client-specific training data before it becomes useful. And because it was built for production inference from the start, it runs at millisecond latency at a fraction of the cost of general-purpose models.
AI agents have made the threat harder to see
For most of the past decade, the rule was simple: if it is automated, it is suspicious. Bots were fraud. Anything moving at machine speed through a banking interface got flagged.
That rule no longer holds.
Customers are now using AI agents to interact with their banking - checking balances, moving money, initiating purchases. Bizarro's team watched an agent order a pizza during a live demo. That same capability - an agent operating autonomously inside a financial interface - is what fraudsters are deploying too.
The agentic fraud detection problem has fundamentally changed. You cannot flag automation as fraud anymore. You have to distinguish between good agents and bad agents - and between bad agents and good agents making mistakes. A customer's agent that accidentally books the wrong transfer is not fraud. A fraudster's agent probing account limits at scale is. The signals that used to separate the two no longer apply in the same way.
In the episode, Pedro shared that Feedzai is already building fingerprinting techniques to detect agentic fraud - tracking how agents move through interfaces, what patterns suggest malicious intent versus legitimate use. But for most banks, the governance frameworks and detection models have not caught up with the reality that there are now three actors in the system, not two.
Fragmentation is the enemy of effective fraud defense
Here is where the structural problem comes into focus: Banks are not fighting fraud with one system.
Pedro explains that most large institutions have accumulated ten or more fraud solutions - one for cards, one for online banking, one for device intelligence, one for real-time payments, and more inherited through mergers and acquisitions. Each operates on its own data and rules, looking at its own channel. A zoo of solutions as he describes it, from different vendors that were never designed to talk to each other.
But the problem runs deeper. It starts in how the bank is built.
A bank whose customer data, transaction signals, device intelligence, and behavioral history live in disconnected systems cannot build the unified view that effective AI fraud detection requires. And it cannot respond to the new reality of agentic commerce, where the actor behind a transaction may be a customer, an employee, or an AI agent - each of whom needs to be understood in context, not in isolation.
That internal fragmentation is precisely what sophisticated fraud exploits first. A customer flagged on one channel is clean on another - because the systems inside the same bank do not share state. The zoo of disconnected tools does not produce a unified view. It produces gaps.
The Unified Frontline - the operating model where customers, employees, and AI agents work from a single source of truth across every channel and every operation - is not just a customer experience argument. It is a fraud defense argument. A bank that unifies its frontline does not just serve its customers better. It sees its threat landscape more clearly.
But the problem does not stop at the bank's own walls. A modern fraud campaign moves across four or five companies and multiple geographies. A mule account that received $50,000 yesterday is invisible to the bank processing an outbound transfer today - because the two institutions do not share signals. A fraud campaign crossing three countries is invisible to each individual institution - because everyone is blind to what happens outside their own software boundaries.
The answer Pedro argues for is cross-institution data sharing - anonymously, safely, but consistently. The technology to do this exists. What is missing is the will and the architecture to make it happen.
Responsible AI has to be built in from the start
Pedro started Feedzai's responsible AI group in 2016. At the time, the prevailing view was that safety and performance were a trade-off. A good model or a safe model. Pick one. He refused to accept it.
His analogy is: you cannot build a car and add the airbags at the end. Safety systems have to be designed into the architecture from the beginning - the sensors, the structural reinforcements, the decision logic that determines when an airbag deploys and when it does not. An airbag added after the fact is not an airbag. It is a decoration.
The same applies to AI in banking. Fairness, explainability, and accountability cannot be governance layers placed on top of a model that was built without them. They have to be embedded in how the model learns, what it optimizes for, and how it makes decisions. Feedzai proved this with FairGBM - a model that matches the accuracy of the industry standard while also optimizing for fairness across gender and age. The performance cost is negligible, but the governance benefit is not.
Only 25% of financial services companies feel confident in addressing synthetic identity fraud, according to Experian. Part of that uncertainty comes from deploying models that cannot explain their decisions to a regulator, cannot demonstrate consistent fairness, and cannot meet the latency requirements of a live transaction environment.
In a nutshell, responsible AI is an engineering discipline. It starts at the architecture level and cannot be retrofitted.
Fix the foundation first
Bizarro's parting advice to banking executives is to not chase every new model release. Do not restructure your AI strategy every quarter. Set a two to three year vision and use the pace of innovation to move toward it faster - not to run in circles.
That advice carries a condition.
A long-term vision only compounds if the foundation underneath it is unified. A bank still operating ten fraud systems that do not talk to each other will not get smarter over time. It will accumulate more blind spots. A bank that cannot share signals across its own channels, let alone with other institutions, will always be a step behind attackers who operate without boundaries.
The banks that will win the banking fraud AI battle in the AI era are not necessarily the ones with the biggest budgets or the most advanced models. They are the ones that have done the harder, less glamorous work of unifying their data, connecting their systems, and building AI fraud detection that was designed for production from the start.
FAQ
How do banks detect AI-powered fraud?Β
Effective AI fraud detection in banking requires purpose-built models trained on banking-specific data - not general-purpose LLMs. Banks need systems that ingest cross-channel signals from cards, devices, home banking, and real-time payments simultaneously, run inference at millisecond latency, and maintain a unified view of the customer across every channel. General-purpose AI tools are too slow, too expensive, and structurally mismatched to the network complexity of financial transaction data.
What is synthetic identity fraud and why is it growing?Β
Synthetic identity fraud combines real and fabricated personal data to create fake identities that pass standard verification checks. It is growing because generative AI has made it fast and cheap to produce convincing fake documents, identities, and biometric data at scale. According to Sumsub, synthetic identity document fraud surged 311% in North America between Q1 2024 and Q1 2025.
Why is fragmentation a fraud problem, not just an operational one?Β
When a bank's fraud signals live in ten disconnected systems, each system sees only its own slice of customer behavior. A customer flagged on one channel appears clean on another. A mule account receiving funds from another institution is invisible. Fragmentation does not just slow down detection - it creates the gaps that sophisticated fraud campaigns are specifically designed to exploit.
What is agentic fraud and how should banks prepare?Β
Agentic fraud refers to fraud carried out by AI agents rather than humans directly. As customers increasingly use AI agents to interact with banking interfaces, fraudsters are deploying the same technology maliciously. Banks can no longer treat automation as a fraud signal. They need fingerprinting and behavioral profiling techniques that distinguish legitimate agent behavior from malicious agent behavior - a detection capability most banks do not yet have.
