Fraud 3.0: Are You Ready To Be Overwhelmed?
GenAI has enabled an explosion of fraud attacks, and these attacks are more realistic and personalised than ever before. The exponential increase in more sophisticated fraud — and specifically scam — attacks warrants the need for new solutions to fight fraud. We’ve made several bets in the space, but we still see gaps to address, most importantly, solutions for scams.
The fundamental approach to fighting fraud hasn’t changed in years: is it a person or a bot? Is it the right person? Is it a known device, or has this device tried to access other accounts? Do behavioural signals suggest this is a legitimate user? However, these approaches do not address situations where an individual is scammed and manipulated into performing a transaction.
”Good Enough is Good Enough” — So Why Now?
The feedback we’ve received from Tier 1 banks is that “this is our bread and butter — we’re good enough at it” — but numbers tell a different story. Fraud volumes in the US are up 3.7x in just 4 years, reaching all-time highs at $12.8B in 2024, up from $3.5B in 2020, and remain at £1.1–1.3B per year in the UK. We are still in the early innings of developing AI-generated chat, voice, and video, so we expect fraud losses to continue to soar as GenAI matures. The issue is that traditional fraud systems are not equipped to address these new attack vectors — deepfakes, synthetic identities, and AI-powered social engineering are all now powering fraud.
What is driving the fraud surge?
GenAI — reducing costs and amplifying scale: AI is making fraud cheaper and easier to perpetrate. GenAI tools are increasing the personalization and realism of fraudulent attacks — and enabling these attacks to be executed on a massive scale. Deepfake attacks have skyrocketed by 2,137% between 2021 and 2024, prompting our 2024 investment in Reality Defender. Meanwhile, with identity fraud occurring every 22 seconds, we invested in Terminal 3 in 2025 to help tackle this growing threat. These are just two of the innovations driving the surge in fraud, which includes scams.
- Scams are on the rise with Nasdaq and Verafin calculating $485.6B was lost to consumers and businesses from scams and schemes in 2024, though other estimates place the total figure at over $1T globally. A scam is a subset of fraud — fraud covers all deceitful transactions, whereas a scam is when an individual is manipulated into performing a transaction. Scams are not new, but GenAI has enabled realistic and personalized scams on an unprecedented scale.
Rise of “Fraud-as-a-Service”: Sophisticated fraud has traditionally been perpetrated by organized syndicates. These bad actors now have a new business model — offer the tools and infrastructure to enable others to commit fraud. You can now go on the dark web and purchase fraud-as-a-service, ransomware-as-a-service, and phishing-as-a-service. This is lowering barriers to entry and enabling novice bad actors to commit fraud.
Liability shifting to FIs and PSPs: The UK introduced the Authorized Push Payments (APP) fraud reimbursement scheme in late 2024, which splits responsibility for the reimbursement cost between sending and receiving payment service providers (PSPs). The UK is the first market to introduce this legislation, but other markets are moving in the same direction.
- Australia introduced the Scam-Safe Accord requiring enhanced security measures for APP transactions and investments in confirmation of payee systems;
- Singapore introduced the Shared Responsibility Framework outlining the duties both FIs and customers have to prevent scams and requiring the FI to absorb the loss so long as the customer has fulfilled their duties;
- The EU is updating regulations in PSD3 to include enhanced fraud monitoring and mandatory reimbursement for bank impersonation schemes;
- In the US, efforts to hold FIs accountable for fraudulent Zelle transactions have stalled, but Zelle does require reimbursements for imposter scams.
These technology advances and regulatory shifts are driving a massive increase in fraud — and we believe it will also drive a massive increase in spend on fraud solutions. Fraud losses are expected to explode, largely driven by GenAI. Even in the absence of formal regulation, we believe there will be a push for institutions to address these mounting losses rather individuals.
How are we fighting fraud today?
“Best of Breed” continues to dominate the landscape. Tier 1 banks are happy enough with their in-house solutions and the rest of the market has cobbled together different point solutions in a bid to create a web no fraudster can fall through.
Get Julie McCrimlisk’s stories in your inbox
Existing solutions work for all rails. The issue is where the fraudster gains access — not the medium where the fraud was perpetrated. We can leverage the same approach to fight fraud across payments, investments and crypto. Logging into a bank app is the same as logging into a Coinbase account.
“Best of Breed” solutions should continue to win as sophistication increases. The sophistication of attacks is increasing, which requires new, complex defenses. We believe best of breed solutions will continue to win as the complexity needed to address different vulnerabilities grows. One strategy gaining traction in the market is defense in depth (“DiD”) where institutions use multiple layers of controls to protect and mitigate against risks. This builds redundancy into the system, so if one layer of protection fails other layers are still in place to mitigate harm.
How do we prevent scams today?
Current fraud solutions are focused on the point of transaction — is this a real person, is this a known device, are behavioral patterns in line? Preventing scams starts earlier — a new set of startups have emerged to detect fraudulent phone calls, emails, text messages and URLs to stop users from being scammed.
Education and increasing awareness has not stopped scams. Approximately 1 in 3 Americans and 1 in 5 UK adults were scammed last year. Studies have shown the human hit rate for recognizing deepfakes is roughly equivalent to chance. Even the CEO of Reality Defender could not identify all of the AI generated videos in the The New York Times test published in June.
While we’ve already backed Reality Defender as we believe they are a leader in deepfake detection, there is also a new generation of companies emerging to parse scams sent to customers and identify scams at the point of transaction.
To address the elephant in the room…who is going to pay to solve this problem? Given somewhere between $0.5–1.0T was lost to scams last year — largely driven by GenAI — we believe FIs and PSPs will need to pay up for solutions. The liability shift is only one demand driver (and we believe the UK is just a first mover and other countries will follow suit). The volume of losses affecting consumers and businesses means the market is going to demand FIs and PSPs take responsibility. At a minimum, addressing these losses will be crucial to attract and retain customers.
What are the venture plays in fraud?
There is a large market — it’s not only incumbent FIs and PSPs battling fraud; there are also a whole host of new fintech players in need of fraud solutions. We have already invested in both deepfake detection and an identity solution, and we see scams as the next hole to plug.
Given the scope of fraud and the prevalence of point solutions, we are also interested in any companies aggregating solutions or building their own comprehensive “web” to capture fraudsters.
What problems are we less interested in? Data. One of the core issues is the market is limited data sharing between members of the ecosystem. This does need to be fixed to fight fraud as sharing data among FIs would enable participants to better-identify fraudulent players; this has only happened on a limited basis to date. We are excited by anyone who can solve this problem; however, we think it will be challenging to build a venture-scale business given data sharing lends itself to a consortium business model.
This is an open call to any other startup that thinks they’ve invented a solution for fraud. We would love to hear from you — please reach out to Julie McCrimlisk at jm@illuminatefinancial.com or Alexandra Gheorghe at ag@illuminatefinancial.com.