Skip to main content
AI in banking

The new fraud reality: how AI is reshaping financial crime

11 February 2026
5
mins read
By
Backbase

From deepfake impersonations to synthetic identities, see how behavioral biometrics fights AI-driven fraud.

A finance employee joins a video call with their CFO. Sees their colleagues on screen. Gets instructions to transfer $25 million, and does it. The entire call, however, was AI-generated. The CFO was in a different country the whole time.

This happened in Hong Kong in early 2024.

Over the past two years, the fraud landscape has fundamentally transformed. Financial fraud stopped being about stolen passwords and fake IDs. Now, it's about stolen faces, cloned voices, and AI-generated identities that pass every traditional verification test.

As financial institutions race to deliver smooth digital experiences, bad actors are weaponizing the same technologies to launch attacks that would have been unthinkable just a few years ago.

Deepfake impersonations, real-time social engineering, and coordinated malware campaigns now target every stage of the customer journey, from onboarding to payments.

Identity fraud and scams cost consumers $47 billion in 2024 alone. That's $4 billion more than the previous year. Deloitte estimates U.S. banking fraud losses could balloon from $12.3 billion in 2023 to $40 billion by 2027, driven largely by generative AI.

Meanwhile, most prevention frameworks haven't kept pace. They're reactive and siloed, lacking the comprehensive view of risk necessary to counter modern attacks. They typically alert institutions only at the point of transaction, when it's already too late.

When identity becomes a weapon

AI-powered impersonation is rewriting the rules of identity fraud. Fraud is no longer about stolen credentials. It's about real-time deception.

Voice clones, deepfakes, and synthetic identities are now nearly impossible to detect with traditional verification methods.

The scale of this shift is staggering. Financial services have experienced a 2,137% rise in deepfake fraud attempts since 2022, with each incident costing institutions up to $680,000. A

sia-Pacific saw a 244% year-over-year increase in digital ID forgery, driven by GenAI-powered manipulation of selfies and identity documents. Fraudsters are using deepfake selfies and injection attacks to bypass KYC processes, particularly in digital onboarding across banking and fintech sectors.

In early 2025, Hong Kong police disrupted a deepfake-driven ring that had opened accounts at scale by merging fraudsters' faces with stolen IDs to bypass facial recognition, resulting in $193 million in losses.

Fighting back with behavioral intelligence

To outpace today's fraudsters, banks must move beyond legacy controls. The answer isn't pure AI or pure rules. It's both.

Hybrid fraud defenses blend traditional rules with machine learning. AI analyzes behavioral and contextual signals at scale in real time. It makes faster and more accurate decisions while minimizing losses and response times.

The system builds a real-time risk profile using multiple layers of data. Behavioral biometrics examines how users type, move and interact with the banking app. Device intelligence analyses details such as device model, operating system and screen resolution to detect anomalies. Threat intelligence draws on data about malicious IPs, domains and known attack patterns to identify and block suspicious activity before damage occurs.

Behavioural biometrics sits at the core of this strategy. Every person interacts with their device in a unique way, and those patterns are extremely difficult to copy. The technology continuously analyses how users type, swipe and navigate. It compares typical behaviour with live sessions to detect even subtle deviations.

Legitimate users tend to show smooth data entry, clear navigation paths and consistent session lengths. When behaviour shifts, the system flags it in real time. It can detect signs of coercion, such as broken typing rhythm, unusually long sessions, erratic mouse movements that suggest hesitation, or phone sensor data showing the device is being held to the ear during a transaction.

The result: One European bank reported its maximum fraud detection rate jumped from 51% to 95% after deploying behavioral biometrics - a 44 basis point increase. Specialized models detect 50% more document fraud than generalized approaches.

Protection without friction

Traditional step-up authentication creates friction. Extra passwords, one-time codes, security questions - all of it interrupts legitimate customers and increases abandonment.

Behavioral systems take a different approach. They work quietly in the background, verifying users passively at every touchpoint without disrupting the experience. Instead of adding hurdles, they continuously build and validate a user’s digital identity behind the scenes.

This reframes the false trade-off between security and user experience. Protection becomes continuous rather than reactive.

Across the customer journey, the system monitors for risk in real time. At login, it checks whether the session matches the user’s established behavioral profile. During account updates, it flags anomalies such as unusual email changes or new device registrations. At payment, it assesses whether the transaction aligns with typical behavior.

Each interaction strengthens the profile. Threats are identified and stopped as they emerge - not after the damage is done.

Regulation is already moving

Increasingly, regulators are encouraging the adoption of advanced controls such as behavioral biometrics to combat the growing threat of AI-driven fraud.

The EU's PSD2 mandates Strong Customer Authentication, requiring multi-factor verification across knowledge, possession, and inherence factors. Behavioral biometrics - recognized by regulators as a valid inherence factor - has emerged as a critical defense against impersonation attacks, including AI-powered threats like deepfakes.

The U.S. Federal Financial Institutions Examination Council emphasizes layered security and risk-based authentication supported by continuous behavior monitoring. Behavioral analytics and biometrics are explicitly recognized as effective methods for continuous authentication throughout online sessions, providing the kind of passive, session-long verification that traditional credentials cannot.

In Asia-Pacific, regulatory responses are accelerating rapidly. Malaysia's central bank now requires behavioral biometrics for enhanced and continuous user authentication. Australia's Scam Safe Accord mandates biometric checks for new account openings.

The message is clear: fraud prevention is no longer a back-office concern. It's a board-level priority with regulatory teeth.

The road ahead

The fraud landscape is evolving fast, and the gap between sophisticated criminals and outdated technology is growing.

Since 2025, AI agents capable of running entire fraud schemes autonomously have emerged. They use generative AI, automation, and reinforcement learning to create synthetic identities, interact with verification systems in real time, and adapt based on outcomes. Analysts predict these autonomous fraud systems could become mainstream within 18 months.

Closing the gap requires more than small tweaks to legacy systems. Banks that treat fraud prevention as an add-on will always be behind. The institutions that succeed will integrate intelligence directly into the digital banking experience - anticipating threats, responding dynamically, and building trust that drives long-term customer loyalty.

About the author
Backbase
Backbase is on a mission to to put bankers back in the driver’s seat.

Backbase is on a mission to put bankers back in the driver’s seat - fully equipped to lead the AI revolution and unlock remarkable growth and efficiency. At the heart of this mission is the world’s first AI-powered Banking Platform, unifying all servicing and sales journeys into an integrated suite. With Backbase, banks modernize their operations across every line of business - from Retail and SME to Commercial, Private Banking, and Wealth Management.

Recognized as a category leader by Forrester, Gartner, Celent, and IDC, Backbase powers the digital and AI transformations of over 150 financial institutions worldwide. See some of their stories here.

Founded in 2003 in Amsterdam, Backbase is a global private fintech company with regional headquarters in Atlanta and Singapore, and offices across London, Sydney, Toronto, Dubai, Kraków, Cardiff, Hyderabad, and Mexico City.

Table of contents
Vietnam's AI moment is here
From digital access to the AI "factory"
The missing nervous system: data that can keep up with AI
CLV as the north star metric
Augmented, not automated: keeping humans in the loop
Insight
Subline
Subline
Blog
11 February 2026
Subline
Subline

Related

Fraud detection in banking in 2026: Fight AI with AI
Blog - Featured - Fraud detection in banking in 2026: Fight AI with AI - EN
AI in banking
10 February 2026
Subline
Subline
No items found.