Banking fraud is entering an AI-versus-AI phase. Criminal groups are using artificial intelligence to scale scams, personalize deception, imitate trusted voices, and move victims faster. Banks are responding with their own AI systems, network intelligence, behavioral analytics, and real-time payment controls.
The fight is no longer only about stolen passwords or suspicious transactions. It is about manipulated intent. A customer can log in from a known device, pass multifactor authentication, and still be following a scammer’s script. That is the central challenge for banks in 2026.
The pressure is growing because instant payments reduce the time available for review. FedNow, RTP, ACH credit-push flows, digital wallets, wires, and crypto off-ramps all reward speed. Fraud teams need to identify deception before money leaves, not after an investigator receives a case.
The FBI’s 2025 Internet Crime Report shows why the issue is urgent. The FBI reported more than 1 million complaints and nearly $21 billion in losses. It also highlighted AI-related complaints for the first time, with more than 22,000 complaints and nearly $893 million in reported losses. Cryptocurrency-related complaints accounted for more than $11 billion in losses.
The Federal Trade Commission reported similar pressure from the consumer side. Imposter scams remained the top reported scam category in 2025, with more than 1 million reports and $3.5 billion in reported losses. That category matters because AI makes impersonation cheaper, more convincing, and easier to repeat.
Key Takeaways
- Fraudsters are using AI to create better messages, fake identities, voice clones, synthetic documents, and scam scripts.
- Banks are using AI to detect abnormal behavior, risky receivers, account takeover, mule activity, and scam patterns.
- Instant payments raise the stakes because funds can settle before traditional review processes catch up.
- The most important risk is not only authentication failure. It is authorized payments made under manipulation.
- The winning defense is not one model. It is a layered real-time operating model with governance, customer warnings, case feedback, and network data.
The Attack Side: How Criminals Use AI
AI gives fraud groups scale. A scammer no longer needs to write every message by hand. Generative tools can help create emails, text messages, fake support chats, social media profiles, investment pitches, job offers, and romance scam scripts. The language can be polished, localized, and adjusted to a victim’s age, job, location, or financial interest.
That matters because many fraud controls were built for older signals. Misspelled messages, awkward grammar, obvious fake domains, and clumsy pressure tactics still exist. But criminals now have tools that can reduce those clues. A phishing message can sound professional. A fake fraud alert can imitate bank language. A fake recruiter can answer questions in real time.
Voice cloning creates another layer. The FBI’s 2025 report discusses AI-enabled synthetic content, including voice cloning in distress or grandparent-style scams. The FTC also warns that imposter scams often rely on urgency, secrecy, and instructions that keep victims from verifying the story. AI voice tools can strengthen those tactics by making the fake emergency sound personal.
AI also helps criminals manage volume. A fraud ring can test many versions of a message, keep the scripts that work, and discard the rest. It can create variants for bank impersonation, government impersonation, tech support, crypto investments, fake invoices, payroll diversion, and business email compromise. In effect, AI turns scam content into a product development process.
The result is a more adaptive attack surface. Fraudsters can use AI to find victims, persuade them, answer objections, create documents, and move the conversation across channels. A victim may begin on social media, continue through text, move to a phone call, and finish inside a bank app. Each step can look separate to a bank unless the institution can connect the signals.
The Defense Side: How Banks Use AI
Banks use AI for a different goal: pattern recognition under time pressure. A fraud model can compare a payment to a customer’s history, device behavior, session activity, payee history, transaction velocity, account age, and known fraud patterns. It can look for anomalies that a human investigator would not see quickly enough.
Modern bank fraud programs are also moving beyond simple rules. A rule might say, “flag all new payees above a certain amount.” That can help, but it also creates noise. AI models can score combinations of signals. A new payee may be low risk in one context and high risk in another.
For example, a payment might become high risk if it follows a password reset, a new device login, a changed phone number, a first-time receiver, and a customer session with unusual navigation. Another payment of the same size may be normal if it goes to an established business payee from a stable device and known customer behavior.
Behavioral analytics adds another layer. It can look at typing rhythm, mouse movement, device handling, session flow, copy-and-paste behavior, and hesitation. These signals can help detect account takeover. They can also help identify a customer who is being coached by a scammer, especially if the session looks different from normal customer behavior.
Network data is becoming more important too. FedNow’s 2026 network intelligence API gives participating institutions receiver account-level insights observed over the FedNow Service. The point is not to replace bank models. It is to help banks enrich their decision with receiver-side data before an instant payment is sent.
EDEconomy recently covered this shift in FedNow Network Intelligence API: Real-Time Fraud Risk in 2026. The core message applies here as well. AI defenses are strongest when they combine internal behavior, network intelligence, and operational response.
The Hardest Problem: Authorized Fraud
Authorized fraud is difficult because the victim participates in the transaction. The customer may believe they are protecting an account, helping a family member, paying a legitimate invoice, investing in a real opportunity, or following instructions from a trusted institution. From the bank’s system view, the customer may appear to be acting voluntarily.
This makes authorized push payment scams different from classic account takeover. In account takeover, the bank tries to determine whether the person controlling the session is the legitimate customer. In authorized fraud, the customer may truly be present. The question becomes whether the customer’s intent has been manipulated.
AI can help criminals manipulate that intent. It can make scams feel more relevant, more urgent, and more believable. It can also keep the victim engaged long enough to complete the payment. The fraudster’s goal is not always to bypass authentication. Sometimes the goal is to make the victim pass authentication for them.
This is why customer warnings matter. A bank can have strong login controls and still lose money if the customer is being coached. A generic warning is easy to ignore. A targeted warning can interrupt the scam. The warning should match the context: safe-account scam, crypto investment scam, government imposter, business email compromise, romance scam, job scam, or family emergency.
The FTC’s imposter scam guidance repeatedly emphasizes independent verification. Do not rely on the number, link, or caller provided in the message. Contact the person, company, or agency through a trusted channel. Banks can embed that principle directly into payment flows.
Instant Payments Change the Clock
Speed is the business case for instant payments. It is also the fraud challenge. Faster payments can improve cash flow, payroll, bill payment, emergency disbursement, and business operations. But fast settlement reduces the time available for review, investigation, and recovery.
That changes the job of the fraud model. A next-day alert is useful for investigation. A pre-payment alert can prevent loss. The difference is critical for scams where funds move quickly through mule accounts, crypto platforms, cash withdrawals, or additional transfers.
Nacha’s 2026 risk management rules show that this issue is not limited to FedNow. Nacha has phased in stronger fraud monitoring expectations for ACH participants, including rules around credit-push fraud monitoring. The broad direction is clear: payment participants are expected to detect suspicious activity earlier.
Instant payments also expose operational weaknesses. A bank may have a strong fraud model, but can it act fast enough? Can the bank call an API, score the payment, present a warning, route an exception, log the decision, and complete the customer experience within the payment flow? If not, the model may be smart but operationally late.
This is where event-driven architecture matters. EDEconomy has covered this in Event-Driven Fraud Detection: How Kafka and Real-Time Streaming Are Transforming Alerts. Fraud systems need to react while the event is happening. Batch reports are no longer enough for high-speed rails.
The AI Arms Race Is Really a Data Race
AI performance depends on data. Fraudsters use data to personalize deception. Banks use data to detect risk. The side with better signal, faster feedback, and stronger adaptation has the advantage.
Criminals may use breached credentials, leaked personal information, public social media, scraped business data, fake websites, and prior victim conversations. That data helps them create believable stories. It also helps them choose the right pressure tactic.
Banks have different data. They see account history, device patterns, transaction behavior, digital sessions, payee relationships, customer profiles, alerts, cases, returns, SAR-related activity, and confirmed fraud outcomes. When handled responsibly, that data can make AI defenses far more precise.
The challenge is that bank data is often fragmented. Digital banking, card fraud, ACH, wire, branch, call center, online account opening, disputes, AML, and case management may sit in different systems. A scammer sees one victim journey. A bank may see disconnected events.
The best fraud programs close that gap. They connect the customer’s journey across channels and rails. They also feed confirmed outcomes back into the model. Without feedback, a fraud system cannot learn which warnings worked, which holds were justified, and which cases were false positives.
Where AI Defenses Can Fail
AI can help banks, but it can also create new risks. A model can be too sensitive, creating customer friction and blocking legitimate payments. It can be too weak, allowing scams to pass. It can also drift over time as criminals change behavior.
False positives are not just an inconvenience. They affect customer trust, call center volume, business payment reliability, and product adoption. If a customer sees too many generic warnings, they may learn to ignore all warnings. If a business has too many legitimate payments delayed, it may avoid the payment channel.
False negatives are more obvious. The bank misses the scam. The customer loses money. The receiving account moves the funds. The bank then faces investigation, customer complaints, potential regulatory pressure, and reputational damage.
Explainability is another issue. A fraud analyst must understand why a payment was flagged. A front-line employee may need to explain a hold to a customer. A risk team may need to defend a decision during review. A black-box score is not enough when the bank must manage policy, compliance, and customer experience.
Model governance is therefore essential. The Federal Reserve’s SR 11-7 model risk management guidance remains a major reference for banking organizations. NIST’s AI Risk Management Framework also provides a useful structure for mapping, measuring, managing, and governing AI risk. Fraud teams do not need less AI. They need better controlled AI.
A Practical AI-vs-AI Fraud Stack
A mature fraud stack should start before login. Device reputation, bot detection, credential stuffing controls, session risk, and identity verification all matter. The FFIEC’s authentication and access guidance emphasizes risk management across customers, employees, third parties, applications, and devices. That broad view is useful because fraud does not enter through one door.
At login, the bank should evaluate user, device, location, session, and behavioral signals. A correct password should not be treated as proof of low risk. Credentials can be stolen. One-time passcodes can be phished. Customers can be coached.
At payment initiation, the bank should score the transaction in real time. Useful features include payment amount, payee history, receiver intelligence, account age, velocity, prior alerts, recent profile changes, device behavior, and customer journey signals. The system should also detect scam-specific patterns, not only unauthorized access.
At the customer-warning stage, the bank should use tailored language. If the transaction resembles a safe-account scam, say so. If it resembles a crypto investment scam, say so. If the receiver is new and the payment is urgent, tell the customer to verify independently before sending. Specific friction is more useful than generic friction.
At the operations layer, fraud teams need fast queues, clear escalation rules, strong case notes, and feedback loops. Every confirmed fraud case should improve future detection. Every false positive should also teach the model something. The goal is not only to stop more fraud. It is to stop the right fraud with less unnecessary friction.
Money Mules Are the Middle of the Fight
Most payment scams need a destination. That destination may be a mule account, a compromised account, a synthetic identity, a shell business, a crypto wallet, or another payment endpoint. FinCEN has long warned financial institutions about imposter scams and money mule schemes. Those warnings remain relevant in the AI era.
AI can help criminals recruit mules. Fake job posts, remote-work offers, social media outreach, romance scripts, and investment communities can all be generated at scale. A mule may knowingly move funds. They may also believe they are working a legitimate job or helping someone they trust.
Receiver-side analytics are therefore central. A sending bank sees the customer who is about to send money. A receiving bank sees the account that may be collecting funds. A network may see patterns that neither institution sees alone. This is why receiver intelligence and consortium-style data can matter so much for instant payments.
Graph analytics can also help. Mule networks often show relationships among accounts, devices, phone numbers, addresses, IP ranges, email domains, counterparties, and transaction flows. EDEconomy explored this in Graph Analytics ATO Fraud: From ATLAS Research to Systems. The same logic can support scam and mule detection.
The Customer Experience Layer
AI-versus-AI fraud defense is not only a data science problem. It is also a customer experience problem. A bank may detect risk but fail to communicate it. If the customer does not understand the warning, the scammer can regain control.
Customer warnings should be plain, specific, and timely. They should avoid vague legal language. The message should tell the customer what scam pattern the bank sees and what action to take. It should also tell the customer not to rely on contact details supplied by the person requesting payment.
For example, a warning for a possible bank imposter scam should not simply say “Fraud risk detected.” It should say that real bank employees will not ask the customer to move money to a safe account. It should instruct the customer to end the call and contact the bank using the number on the official website or card.
The best warning design uses behavioral science. It breaks urgency. It gives the customer permission to pause. It names the scam. It gives a safe next step. That combination can be more effective than a long disclaimer.
This is especially important for older adults and vulnerable customers. FinCEN’s elder financial exploitation advisory describes risks involving scams, impersonation, and mule activity. AI can make those risks worse by making deception more personal. Banks should design warnings and support processes with that reality in mind.
What Banks Should Measure
Banks should not judge AI fraud systems only by total fraud stopped. That number matters, but it is incomplete. A bank also needs to measure false positives, customer abandonment, scam-warning effectiveness, recovery rate, time to decision, analyst workload, and cross-rail displacement.
Cross-rail displacement is easy to miss. If an instant payment is blocked, the scammer may coach the victim to send a wire, use ACH, visit a branch, buy crypto, or move to another institution. A payment block is not always the end of the scam. It may be the beginning of the next attempt.
Useful metrics include the percentage of warned customers who abandon payment, the percentage who continue and later report fraud, the number of high-risk receivers reused across cases, the time between alert and action, and the rate of confirmed fraud by warning type. These measures help a bank improve both models and customer messaging.
Fraud teams should also measure model drift. Criminals adapt. A model that works today may weaken after scammers change scripts, payment paths, mule recruitment, or channel strategy. Regular testing and tuning are part of the control environment.
The Strategic Takeaway
The 2026 fraud fight is not humans versus machines. It is organized deception using AI against organized defense using AI. The criminal side uses AI to scale trust. The banking side uses AI to detect risk. Instant payments raise the stakes because every second matters.
The banks that win will not be the ones with the flashiest model. They will be the ones that combine data, governance, customer experience, and operations. They will know when to block, when to warn, when to escalate, and when to let legitimate payments move smoothly.
That is the real AI-versus-AI battle in banking fraud. It is not only about smarter algorithms. It is about building a real-time institution that can recognize manipulation before money moves.
Research Sources and Citations
- FBI Internet Crime Complaint Center, 2025 Internet Crime Report.
- FBI, Cryptocurrency and AI Scams Bilk Americans of Billions, April 2026.
- Federal Trade Commission, New trends in reports of imposter scams, May 2026.
- Federal Trade Commission, Imposter scam information and enforcement updates.
- Federal Reserve Financial Services, FedNow network intelligence API press release, April 2026.
- Federal Reserve Financial Services, Network Intelligence API now available, April 2026.
- Nacha, New Nacha Risk Management Rules Now in Effect, March 2026.
- Nacha, Risk Management Topics: Fraud Monitoring Phase 2.
- FFIEC, Authentication and Access to Financial Institution Services and Systems, August 2021.
- NIST, AI Risk Management Framework.
- Federal Reserve, SR 11-7 Model Risk Management guidance.
- FinCEN, Advisory on Imposter Scams and Money Mule Schemes.
- FinCEN, Advisory on Elder Financial Exploitation.
