Preparing for 2025’s Fraud Frenzy: Your End-of-Year To-Do List
2024 marked the dawn of a new era of fraud. Bots grew more sophisticated, automated fraud tools became more common, and attacks got more advanced and aggressive by nearly every measure: in 2024, automated attacks rose 1760% and new account opening fraud over doubled. New fraud tools and attack strategies exploited the shortcomings of traditional fraud mitigation solutions and exposed the vulnerabilities in businesses’ fraud stacks.
If 2024 wasn’t a wake-up call for businesses to modernize their solutions, 2025 will be. There’s no end in sight to fraudsters’ advancement, and all signs indicate that this past year only laid the groundwork for a massive fraud surge in 2025. Here are a few must-dos before the new year to avoid being washed away by the 2025 fraud wave:
To-Do #1: Take note of what fraudsters can learn from your onboarding process
Why Now?: Your fraud stack is designed to protect your business and its customers from attacks, but it may be doing more harm than good. Tools like pre-fill exist to make life easier for genuine customers, but fraudsters are taking advantage of them; if they have enough information to trigger a pre-fill, they can scrape loads of verified data that can then be sold or used to create fraudulent accounts. With fraud bots, cybercriminals can launch large-scale attacks where they aren’t trying to open an account or gain access to any systems – they just want data, and your business may be held accountable if you let them have it.
On a broader level, fraudsters are constantly trying to learn how their targets’ fraud stacks are designed, including what triggers and bypasses step-ups or additional checks. This is why NeuroID specifically tracks probing attacks, where behavior markers show intention of a future attack based on testing step-ups rather than trying to break-through. If your flow is rigid and forces every user down the same route, it’s easy for fraudsters to find the path of least resistance and attack through it. A 2025-ready onboarding flow must be dynamic and constantly adapting to threats.
What to do before January 1: If your onboarding process has a pre-fill function (or similar feature that provides customer data without it being inputted), check to see how secure it is: how little information would fraudsters need to provide to gain access to loads of identity data? Look for indicators that you may have already been a victim of these attacks, like unusually high drop-off levels after pre-fill or high fraud volume that doesn’t attempt to complete an application (and if you don’t have visibility into this, start looking for a solution that provides it).
Next, revisit the rigidity of your fraud stack. Does it send every user through the same process? Are step-ups triggered by a single activity, or are they the result of a multi-layered risk analysis? If your stack is static and predictable, it opens the door for large-scale fraud attacks. If that’s the case, use the rest of 2024 to reevaluate your onboarding flow and consider adding a solution like behavioral analytics that can add a new layer of information, helping to weed out fraudsters early and inform downstream checks for all users.
To-Do #2: Find the limits of your fraud stack
Why Now?: GenAI has supercharged fraudsters’ evolution, enabling them to launch hyper-sophisticated attacks at scale. Fraudsters have always been taking steps forward, but this leap is particularly problematic because it completely upends traditional fraud detection strategies. Take GenAI-powered, next-generation fraud bots for example: these bots cycle through device and network information, input data naturally and move their cursors in random, human-like ways. They appear as normal humans and circumvent traditional bot detection solutions that look for repeated IP addresses or lightning-fast data entry. Next-generation bots are just one example where GenAI has enabled fraudsters to beat tried-and-true fraud defenses.
What to do before January 1: Identify the capabilities of your existing solutions and evaluate how they would fare against AI-generated synthetic identities, large-scale attacks using stolen identities and next-generation bots. Look for signs that your stack may be missing information that’s crucial in stopping modern fraud attacks, like SIF mitigation that relies only on KYC checks or bot detection that solely looks for device and network red flags.
Adjust your models accordingly, and research new solutions if needed. If your stack is over-relying on a particular signal (especially one that fraudsters have found their way around, like network-level bot detection), it likely won’t hold up against 2025’s attacks.
To-Do #3: Modernize your scam plan
Why Now?: The rise of real-time payments (RTP) has enabled a massive surge in Authorized Push Payment (APP) fraud. Through the first half of 2024, APP fraud trailed only identity theft as businesses’ most experienced type of fraud. In the UK, where RTP infrastructure is much more developed than the U.S., 40% of fraud incidents are attributed to real-time transactions. Expect a similar trend in the U.S.: as RTP adoption continues to grow, APP fraud will rise alongside it, and real-time fraud detection capabilities will become an even greater necessity.
Within the context of RTP’s growth, there are other trends that’ll define how businesses approach APP fraud in 2025. GenAI is the big one; fraudsters are using GenAI to create more sophisticated scams, meaning many of the tell-tale signs of a scam message – improper grammar, misspellings and awkward formatting – aren’t applicable to today’s schemes. Additionally, regulatory changes in the U.S. may be on the horizon. Many fraud experts expect the U.S. to gravitate towards the UK’s regulatory position (which requires banks to reimburse scam victims for their losses) in the near future.
What to do before January 1: If consumer education is your primary scam-stopping strategy, start by reviewing the relevance of your education materials. If they focus on the traditional scam giveaways I mentioned above, it’s time to modernize. Ensure that your education materials are updated to reflect the reality of today’s sophisticated scams.
Next, review your existing scam policies and see how they’d fare in an environment similar to the UK’s. Are you properly informing customers when sending money to risky recipients? Are you reimbursing victims in some situations? If your policies are out of line with the direction regulation is headed, start a conversation with relevant stakeholders to discuss modifying it.
Lastly, evaluate your solutions to see what scam-spotting capabilities they have. There are quite a few options available now that can help stop scams now, including some that can detect behaviors that may indicate coercion. If you’re one of the many fraud professionals who’ve conceded that scams are unbeatable, use the final weeks of 2024 to research the new innovations that may be able to help.
With 2025 just weeks away, now is the time to take action and evaluate ways to prepare your fraud stack for the year ahead. For more on what’s on the horizon next year, download our report, The 2025 Fraud Playbook: Industry Trends and Practical Tactics.
