3 Big Questions on Scams, GenAI, and Fraud Solution Orchestration
Takeaways from Datos’ Financial Crime and Cybersecurity Forum
Earlier this month, I was at Datos’ Financial Crime and Cybersecurity Forum, where scams and genAI-powered fraud dominated the conference. NeuroID’s Nash Ali spoke about how genAI is creating a new challenge in stopping application fraud, and our colleague at Experian, SVP of Product Management, Identity & Fraud Chris Davey, talked about the importance of dynamic, multi-layered orchestration that balances speed and security.
We covered a wide range of topics throughout the week, but one particular attack —where a business lost millions after an employee was scammed via a hyper-sophisticated deepfake Zoom call—kept coming up. Even though we’re getting better at stopping modern fraud schemes, it’s clear that genAI-powered fraud and sophisticated scams are rightfully making fraud leaders question their solutions and strategies. Datos’ FCCF was a chance for those leaders to bring their questions to the table with their peers. Here are the biggest questions that drove the most insightful conversations:
Question #1: How should fraud teams’ orchestration strategies change as fraud evolves?
After years of relying on tried-and-true solutions, the genAI-powered fraud frenzy has forced businesses to rethink their fraud mitigation strategies. This comes at a time when balancing security and efficiency is more important than ever—today’s sophisticated fraudsters can bypass single-layer defenses with ease. But at the same time, creating a friction-filled series of fraud checks will turn customers away.
The big takeaway from speakers at Datos, including Chris, was that modern orchestration can’t be done with a one-size-fits-all approach. Businesses have to apply the right amount of friction only to customers who prompt it. If a user’s behavior appears genuine and exhibits no device and network red flags, there’s likely no need to make that user submit additional documents or call a support number. Not only does this approach stop fraudsters while streamlining processes for genuine users, but it also saves on unnecessary data calls and manual labor.
There’s a lot to balance: not just speed and security, but accessibility, too—if your primary demographic isn’t very tech-savvy, asking for voice recognition will be a tall order. Given all the factors involved in building a modern fraud stack, most experts at Datos agreed that it’s safer and easier to work with a platform like Experian’s CrossCore or Alloy than try to concoct the right mix in-house.
Question #2: Behavioral analytics is a must-have for stopping genAI-powered fraud. Why is that? Won’t fraudsters evolve to beat it, too?
Behavioral analytics was a hot topic all week, including in Chris’s session, where he discussed why Experian’s acquisition of NeuroID is so important in today’s fraud landscape. For many fraud leaders, it’s not necessarily that behavioral analytics is the end-all-be-all genAI answer; it’s that behavior adds a new layer of information that was previously non-existent in your fraud stack.
Businesses are leaning on behavior because it unmasks many fraudsters that other tools can’t. But if fraudsters have evolved to beat the other solutions that businesses have relied on, does that mean they’ll beat behavior, too?
Right now, the answer is no. Behavior is holding up admirably against fraudsters’ next-gen bots and sophisticated, genAI-generated synthetic identities. But the key is going to be continually advancing behavioral analytics faster than fraudsters can figure it out (at NeuroID, we recently updated our bot detection tech to do just that). Staying ahead of fraudsters is easier said than done, but all indications are that behavior is consistently a step ahead.
Question #3: Scam regulation in the U.S. is at a turning point. How large of a role should the government play in stopping scams?
In 2023, the UK adopted policies setting explicit scam prevention standards for FIs and making institutions that don’t meet those standards liable for losses. The U.S. has yet to adopt substantial regulations on scams (meaning FIs can set their own scam prevention standards and leave victims bearing the weight of their losses), but ever since the UK’s ruling, industry leaders have felt that a change in the U.S. is imminent.
There are two paths the U.S. can take:
- Follow the UK and EU in adopting robust universal security standards, or
- Explicitly deregulate and let banks continue to set their own policies, allowing consumers, at their own risk, to choose which institutions they do and don’t want to do business with.
The leaders we heard from at Datos were split on which direction to take. Those from larger institutions tended to push for more regulation and clearer guidelines, while smaller organizations advocated for lower barriers and more flexibility.
The division makes sense. The larger organizations frankly face bigger problems, with attacks being far more consequential in total losses (and much more likely to generate negative publicity). Those institutions benefit from clear-cut guidelines that, if followed, would minimize liability. On the other hand, smaller organizations are more agile and able to “get in the weeds” a bit more, manually reviewing transactions and paying closer attention to concerning activity. These organizations would benefit from a deregulated environment where their individualized, human-centric service would be attractive to consumers.
The consensus still seems to be that, at some point, we’ll end up in a regulatory environment similar to the UK and Europe. But for now, we’re in a transitional period, and it’s an opportunity for FIs to set themselves apart by committing to security and innovation.
Datos’ conversations gave us a taste of what to expect at trade shows this fall as businesses seek solutions to stop modern fraud threats. We’ll be on the road more over the coming weeks, first at Identity Week in D.C. from September 11-12 and later at Money 20/20 in Vegas from October 27-30. If you’ll be at either, let’s chat! Contact us to set up a meeting.