Generative artificial intelligence (AI) is making everything easier, including scams.
Bloomberg reports that the world’s banking industry is “scrambling” to contain the risk of AI-generated criminal attacks.
And insiders have repeatedly told PYMNTS that AI could supercharge the capabilities of bad actors by providing turnkey and scalable cybertools, including AI-generated voice clones and other techniques straight out of the realm of science fiction or a “Mission Impossible” film, that can be used for nefarious purposes.
But as cyberthreats themselves become increasingly sophisticated, it is important to remember that every organization faces the same old challenges as before, such as a growing skill gap and resource constraints that hinder the operational efficiency of cyberdefenders.
After all, scams are as old as time itself and often rely on the same behaviorally driven social engineering tactics as earlier iterations, despite the newfangledness of AI technology.
Social engineering attacks like fake invoice schemes, account takeover (ATO) scams, and business email compromise (BEC) attacks tend to have the highest hit rates and provide some of the easiest wins for bad actors, making it crucial for organizations to protect against them.
In order to properly defend themselves against today’s fast-moving, digitally deployed fraud, firms need to strike the perfect balance of tech-first defenses that protect against tech-first attacks, while simultaneously addressing the evergreen behavioral elements still lying at the root of scams.
Crucially, enterprises themselves need to take advantage of new tools and innovations like AI to cover up their most sensitive attack vectors before they get taken advantage of by bad actors using the same technologies.
That’s because AI and machine learning (ML) defenses leverage contextual and behavioral clues to identify, flag and defang attacks from bad actors in a much more holistic way.
“The industry in fraud is shifting to real-time learnings because the fraudsters are now real-time. In cyberspace you have something called a zero-day attack, which basically means you’re going to get attacked on day zero, and you’re going to be attacked before you even know what the solution is. Because the bad actors are way ahead of you,” Shimon Steinmetz, chief financial officer at risk assessment and fraud prevention solution Vesta, told PYMNTS.
Fraudsters and bad actors like to target connectivity points when looking to breach an organization’s defenses, and as new devices and onramps enter the marketplace they create new vector vulnerabilities — underscoring the need for agile and real-time fraud protection.
And it is important to remember that 100% of cybercriminals are already using innovative solutions to probe enterprise defenses.
PYMNTS’ research finds that the average FinTech loses $51 million to fraud every year, representing around 1.7% of annual revenue, with many businesses losing even more than that to bad actors whose criminal tactics commonly result in data breaches, financial theft, fraud and extortion.
That’s because fraud is a near-universal problem. As PYMNTS has previously noted, there is a “greenfield opportunity for providers and platforms to help automate the verification of counterparties’ identities, payment details and accounts to help combat the rise of synthetic identities developed using AI that are increasingly changing the game in fraudsters’ favor.”
Nearly half of all FinTechs have been impacted by the use of fake documents and other forms of identity fraud.
“Fraudsters, as a general rule of thumb, tend to be very sophisticated and are always finding new ways to defraud individuals and businesses,” Doriel Abrahams, head of risk in the U.S. at fraud prevention provider Forter, told PYMNTS.
Keeping organizational walls secure requires an investment in modern solutions. PYMNTS’ research has found that companies relying on legacy reactive and manual digital identity verification solutions lose above-average shares of annual sales to fraud, at 4.5%. However, firms using proactive and automated solutions, such as those powered by AI and ML, reduce their share of lost sales to 2.3%.
And while modernizing outdated legacy processes and integrating digital innovations to protect company data and compute resources remain best practices, organizations can’t overlook the human element of cyberdefense.
A sound technical infrastructure is worthless unless it is paired with strong compliance and anti-fraud processes that are carried out by educated and skilled employees.
After all, fraudsters are primarily drawn to one thing and one thing only: an easy target. By establishing speedbumps and layers of proactive defense, firms can boost the chances that bad actors will give up on trying to crack their walls in the hopes of finding an easier mark.