It’s AI vs. AI in an Always-on Payments Fraud War

To catch a thief, you must think like one. As digital payments dominate global commerce, fraudsters aren't just following the money—they're engineering sophisticated attacks that exploit the very features making digital payments convenient. Here's what's actually happening in the shadows of our digital economy, backed by hard data.

A shade shy of a half-a-trillion US dollars has been lost to scams worldwide in the last 12 months, according to a report published by the Global Anti Scam Alliance.  India, is quite high on the vulnerable list with more than an quarter (27%) of Indians having been scammed in the last 12 months. Nearly US$48 billion has been stolen by scammers in India in the last year.

The imperative for convergence

An article published by Payments Industry Intelligence claims that real-time and instant payments are expected to represent nearly 28% of global electronic payments by 2027. And in Europe, as of 2023, it was estimated that instant payments represented around “15% of total real-time payments in Europe”, with adoption accelerating due to European Union (EU) regulations in 2025 mandating instant euro transfers.

While regulatory responses such as the Instant Payments Regulation and PSD3 with enhanced reimbursement obligations aim to mitigate risks associated with faster payments across Europe, the scale and speed at which fraud can be executed, and money laundered make the case for an integrated approach to address threats.

The Fraudster Mindset

The fraudster's mindset is simple: Find the path of least resistance, automate it, and adapt faster than defenses can respond. Merchants now spend up to 10% of total revenue on fraud prevention, reviews, and dispute management , but spending alone isn't enough.

Its AI vs. AI

The real game-changer is AI versus AI. Fraudsters now deploy GenAI models that craft phishing emails indistinguishable from legitimate correspondence, voice deepfakes that bypass call-center biometric checks, and adaptive malware that mutates to evade detection. More than 40 percent of fraud attempts are now fully automated. Your bank's machine learning model learns from yesterday's attacks. Their AI evolves in real-time, turning every defense into a training dataset for the next assault.

Fraud detectives are also upping their game using the same AI tools and technologies to fight back. Traditional rule-based systems can't keep pace. Machine learning algorithms analyzing 65 billion+ transactions in real-time can detect subtle anomalies: unusual transaction velocity, atypical geolocations, or behavioral deviations . Businesses using advanced ML have achieved 40% improvement in fraud detection accuracy.

The defense playbook is evolving

It starts with a deceptively simple principle: clean data. "Fraud prevention starts with clean, verified data," says Michael Cloherty, a risk expert at Trustpair. You can't catch ghosts with dirty data. Every vendor, every bank account, every identity element must be verified continuously—from onboarding to the final payment. This isn't sexy, but it's the foundation. Everything else fails without it.

Regulators are finally pulling their weight. Beyond Nacha's (National Automated Clearing House Association—the non-profit rule-maker that keeps America’s electronic money-moving machine in place) ACH (Automated Clearing House) crackdown, new rules are transforming compliance from a checkbox exercise into a strategic weapon. The burden is shifting from banks to the entire payment ecosystem. If you're touching money, you're responsible for securing it.

This is the new normal. Fraud isn't a bug in digital payments—it's a feature of the landscape. The average merchant now spends a tenth of their revenue on fraud prevention, reviews, and dispute management. But spending isn't strategy. Thinking like a fraudster is. They find the weakest link and pull.

Your job is to strengthen every link, monitor them in real-time, and assume one will break anyway. The ghost profiles are getting smarter. The deepfakes more convincing. The mule networks more sophisticated. Your defense is only as strong as your dirtiest data set, your slowest alert, your most tired analyst.