3 Hot Takes (and Big Questions) from Our Disrupting GenAI in Fraud Webinar
Generative AI (GenAI) has been at the forefront of fraud professionals’ minds for a while now, and its impact on has supercharged fraud attacks and caused billions in losses.
Last week, Kathleen Peters, Chief Innovation Officer at Experian, and Nash Ali, Head of Operational Strategy at NeuroID, sat down to talk about how GenAI has shaken up the fraud industry and the strategies to fighting back. Here are the hottest takes from our experts on GenAI fraud and the follow-up questions that dug deeper into this pervasive problem:
Hot Take #1: GenAI Can’t be Stopped – But It Can Be Contained
Fraudsters have fully embraced GenAI. It’s here to stay, and its capabilities are only growing more powerful. Fraud teams have sought out an end-all-be-all solution to stop GenAI-powered attacks, but, according to Kathleen, they may be searching for something that doesn’t exist.
“You probably noticed we did not title this webinar Stopping GenAI Fraud, because, frankly, that would be nearly impossible,” Katheleen said. “There’s not a single tool that can quickly stop GenAI fraud. It’s been invasively creeping into everything that we do, and we’re seeing the power of GenAI manifesting in all types of fraud.”
But that doesn’t mean the fight fight is futile. No single tool alone can stop these fraud attacks, but an adaptive, multi-layered strategy provides an effective defense against next-generation bots, GenAI-generated synthetic identity fraud and more.
“Dynamic orchestration is very critical in terms of optimization, customer experience and cost efficiency,” Nash said. “You’ve got to build your fraud stack with that in mind and understand the role of every piece of your stack. Without that knowledge, stopping attacks is going to be very, very difficult.”
The Audience Question: Is it easy to tell if an application is submitted by an AI-powered bot?
To the untrained eye? No. But the right tools can reliably separate real humans from human-like, AI-powered bots.
“We used to see bots that were simple scripts running headless browsers. They’d inject data instantly into a form at superhuman speeds. You could detect these bots by looking at those types of characteristics,” Nash answered during the webinar. “Those days, unfortunately, are behind us. Today’s bots look and behave like humans; they’re getting through current traditional controls and we’re seeing massive spikes in bot activity. At NeuroID, we look at bots under that microscope to see what their movement looks like and the ways in which they’re trying to emulate real humans’ erratic behavior.”
Hot Take #2: Full-Lifecycle Protection is a Necessity
Fraudsters are still making use of stolen and synthetic identities for new account opening fraud, but they’re also leveraging bot-led ATO attacks and GenAI-powered scams to exploit later stages in the user lifecycle. In the GenAI age of attacks, an effective fraud mitigation strategy encompasses every point of user interaction and every stage in the lifecycle where fraudulent activity could occur.
“We tend to think of fraud detection and scam prevention one-dimensionally,” Nash said. “When we look for anomalies, we’re not just talking about surface-level red flags. You also need to look at how people normally shop, how much they usually spend and who they typically send money too. All of those are equally important in detecting anomalies; you’ve got to look at it holistically.”
The Audience Question: Are One-Time Passcodes (OTPs) alone a secure way to prevent account takeover fraud and fraudulent transactions?
Not on their own, according to our experts. OTPs are helpful, but there are just too many vulnerabilities. OTPs need to be fortified by additional solutions as part of a dynamic, risk-based flow.
“Is there a role for OTPs? Of course. But it has to be risk-based,” Nash said. “When you see a higher level of risk, maybe you move away from OTPs to something stronger. You’ve got to tailor the approach based on the risk profile of the user and the particular session.”
Hot Take #3: Straightforward Approaches Are Often The Most Effective Way to Stop Sophisticated Fraudsters
Fraud teams tend to react to evolving attacks by adding a plethora of additional solutions to their stack. But this “kitchen sink” approach is ineffective, inefficient and expensive.
“As new fraud types arise, we’ve added more and more tools that are, by themselves, ineffective in stopping evolving attacks,” Nash said. “You have to understand the ROI of every single service in your fraud stack: how is a solution impacting your fraud detection rate, and what’s the trade off? Once you know that, you can get a sense of what solutions are effective and which aren’t.”
Disrupting GenAI fraud doesn’t require a complete overhaul of your fraud stack. Simply optimizing the order and location of your existing checks (or adding a friction-free, top-of-funnel fraud check) can increase fraud capture and reduce friction for users while also eliminating unnecessary data calls.
“We have to think about controlling attacks in a friction-free, adaptive way,” Kathleen said. “It’s not just the heavy-handed, complex checks. It’s the simple solutions that enable great experiences. They’re low-friction, yet very, very effective in stopping fraud.”
The Audience Question: GenAI is used by fraudsters to carry out attacks – how can fraud teams use it to fight back?
Fraud teams are drawn to GenAI for the same reason as fraudsters: it’s a useful tool to boost efficiency and execute tasks at scale. For fraud teams, this gives them the ability to evaluate large data sets to strengthen their solutions and fine tune their decisioning.
“We’ve been using machine learning for building fraud models and training them, learning as we go and adapting over time,” Kathleen said. “GenAI actually helps us take that a step further. Our engineers are able to be much more creative and quicker in exploring fraud scenarios and developing new solutions.”
For more expert insights on disrupting GenAI fraud, watch the full webinar replay and download the 2025 Fraud Defense Playbook.
(Some quotes have been edited for context and clarity.)