Verification systems built for yesterday’s fraud no longer work in today’s threat landscape. While firms could once assume that criminals needed skill, capital and patience to mount sophisticated attacks on onboarding or identity systems, that old playbook has fallen out of sync with a world defined by generative imagery, deepfakes and hyper-scalable fraud automation.
Cheap artificial intelligence (AI) models now generate convincing synthetic identities. Automated agents can mimic human patterns. Entire fake businesses pop up with registries that pass muster under outdated verification models.
But it’s not all gloom and doom. To unpack the opportunities and explore how enterprises are responding, PYMNTS sat down with Zac Cohen, chief product officer at Trulioo, and William Fitzgerald, vice president of Global Fraud & Financial Crimes at WEX, to outline a new blueprint for digital trust.
“The sophisticated tooling to defraud a system … is now available to a much wider swath of bad actors,” Cohen said.
“The barrier to entry into becoming a fraudster at scale is essentially gone,” Fitzgerald added. “Anybody with … 20 bucks a month and an AI interface can get into the fraud market.”
Advertisement: Scroll to Continue
New research from PYMNTS Intelligence and Trulioo quantifies the cost of this evolving threat landscape. Identity gaps now drain more than 3% of revenue globally, equal to $95 billion a year. Compounding the problem, most firms misunderstand their own readiness. Ninety-six percent express confidence in spotting harmful bots, even as nearly 60% struggle to do so in practice.
This reality has forced enterprises to rethink not only their tooling but their entire operational cadence. Formerly, identity systems might undergo a review every year or two.
Now, Cohen said, “It feels like you have to review them every month. There’s a new attack vector, there’s a new fraud swarm … that you’re constantly needing to adapt and evolve to.”
New Playbook for Digital Risk
Fraud’s modernization has been breathtaking. In the era before generative AI, even amateur fraud attempts often gave themselves away — a misspelled name, a broken document, a mismatched font. Fraud analysts, even without specialized tools, could often “spot check” their way to a reasonably high signal.
Those days are over.
Across regulated industries, Cohen warned, “The documents and the gen-AI items that they’re looking at — you cannot tell the difference with the human eye anymore.” The shift has happened within “the last 12 to 18 months,” he added, dramatically expanding both the sophistication and accessibility of attack tools.
In WEX’s own live payments environment, Fitzgerald has witnessed the transition firsthand. He recalled an era “six months ago or eight months ago, not five years ago” when fraudsters still tried to pass off crude, sometimes laughable simulations. “We would see ID documents come through and it would be a cartoon avatar trying to emulate a face,” he said. Voice phishers would rustle papers in the background while scrambling to find answers.
Today’s adversaries sound fluent, look real and effortlessly aggregate personal data. Against this backdrop, Cohen argued that modern identity verification is “a revenue unlock,” not because it reduces fraud losses, but because it accelerates growth.
Better digital identity does four things at once: It improves user experience, automates more good-customer approvals, reduces false positives, and creates a safer ecosystem that customers trust. That combination increases conversion, lifetime usage, and market expansion. Firms that treat risk systems as static “good enough” utilities can be leaving material value on the table.
Fitzgerald has seen the revenue impact from the opposite direction: Poor identity flows depress growth in ways many organizations fail to quantify. Manual review may look cheap, he noted, but that narrow lens obscures cascading opportunity costs. A false positive or overly intrusive identity check can alienate a legitimate customer before they ever transact.
“Preventing fraud is not your fraud department’s problem,” he said. “It’s an enterprise problem.”
Fraud Prevention as a Mindset
The globalization of business identity has introduced a new set of structural challenges. Nearly two-thirds of companies say know-your-business (KYB) gaps limit expansion into new markets. The root problem: traditional KYB systems were designed for domestic registries and stable, paper-based corporate structures.
Even when enterprises recognize the need for modernization, their technical debt can be a drag.
Cohen emphasized that migration does not require ripping out legacy systems wholesale. Instead, modern identity tools can run in parallel, demonstrating measurable lift — often 20-30% improvements — across markets. Those gains help build internal momentum and justify further transformation.
The real challenge, he said, is designing systems that remain agile. Identity systems must be centrally governed but locally configurable, allowing global consistency without sacrificing regional specificity: “Exactly what we’re doing today is not what we’ll want to do a month from now,” Cohen said.
As Fitzgerald put it, “Keeping the bad guys out up front isn’t just about not losing fraud dollars. It’s about having a clean process after that’s not gunked up with a bunch of bad guys.”
The goal is a global “trust graph,” a unified view that synthesizes registry data, web presence, agent signals, behavioral patterns and risk indicators. With this view, enterprises can detect anomalies invisible to one-dimensional checks.
In a world where AI-generated identities can fool human eyes, trust must be engineered, not assumed. And the engineering has only just begun.
