How has GenAI actually impacted fraud attacks?

Examining the reality behind the hype

Key takeaways:

• Since ChatGPT hit the mainstream in 2022, headlines have warned of AI's ability to power fraud rings, synthetic identity factories, and undetectable deepfake scams.
• And with tools like FraudGPT on the scene, GenAI, in particular, seems to be benefiting criminal groups. Today, fraud attack volume continues to increase at a steady pace, with 60% of financial institutions and fintechs reporting an increase in fraud attacks last year.
• While GenAI hasn’t yet caused a COVID-level spike in fraud volume, fraud success rates jumped 11% in 2024, suggesting that the technology is making fraudsters more effective.
• For fraudsters, GenAI’s effectiveness lies in its ability to generate convincing phishing emails, social engineering scripts, and fake identities faster than ever before.
• Meanwhile, 93% of financial institutions and fintechs believe that AI will revolutionize fraud detection, and 99% of financial organizations say they are already using AI in their fraud controls.
• In this accelerating game of cat and mouse, financial organizations need an agile, layered defense system to counter the systemic fraud efficiencies brought on by GenAI.

GenAI is making fraud cheaper and more accessible

Generative AI (GenAI) refers to artificial intelligence systems that can create new content — including text, images, audio, and video — based on patterns learned from existing data. These models can generate convincing but fraudulent content that's difficult to distinguish from legitimate human-made material.

David Maimon, Head of Fraud Insights at SentiLink, has chronicled fraudsters' attempts to use deepfake videos to circumvent liveness checks. They're not all convincing, but as the technology improves and fraudsters' skills improve along with it, it will become increasingly difficult to tell the difference between video of a real person and an AI-generated deepfake created by an identity thief using their victim's likeness. 

Before GenAI, creating convincing synthetic identities required expensive deepfake software, voice cloning demanded specialized audio equipment, and crafting effective phishing campaigns needed native-language expertise. Even basic fraud schemes required substantial investment in tools and skills to bypass security measures.

But the barrier to entry for effective fraud schemes has dropped significantly with the rise of GenAI. What previously required specialized skills and resources is now accessible to anyone with basic technical knowledge and internet access. Deepfake fraud, for example, has grown more than 2000% in three years, as financial criminals use publicly available images and voice cloning programs to create synthetic identities that bypass detection.

Gen AI is growing the pace and scale of fraud attempts

The FBI warns that GenAI has effectively democratized fraud capabilities by “reducing the time and effort criminals must expend to deceive their targets." 

This efficiency gain has opened the door for large criminal enterprises and smaller operators who previously lacked the resources to scale fraud schemes. Today, multiple areas of fraud can be sped up with GenAI, including:

• Generating batches of realistic fake identification documents
• Creating convincing social media profiles at scale
• Crafting personalized phishing messages without language errors
• Producing deepfake audio and video for impersonation scams

One concerning development is the "fraud-as-a-service" ecosystem, the accessibility and scalability of which are said to be major contributors to global fraud growth. These fraudsters operate in a business-like fashion and use ChatGPT and its dark internet counterparts as part of their toolkits. By harnessing jailbroken, guardrail-free AI models like WormGPT or FraudGPT, a single fraudster can automatically create customized phishing emails, synthetic identities, or fake documents in minutes — tasks that previously took days or weeks. And, they can publish the prompts that helped them do it, spreading the word to other criminals on internet forums and unregulated apps like Telegram. 

GenAI is improving fraudsters’ success rates

While the volume of fraud attempts is increasing at a steady pace, what's most concerning about GenAI’s impact is how it’s helping fraudsters target consumers and financial organizations more effectively. In 2024, the share of people losing money to scams increased by 11%. 

This trend is expected to continue, thanks in particular to GenAI’s role in creating deepfakes: Deloitte analysis reveals that GenAI could enable fraud losses to reach $40 billion in the United States by 2027, up from US$12.3 billion in 2023 — a compound annual growth rate of 32%.

While deepfakes aren’t an entirely new attack vector, this technology is fast-improving, leading to more realistic impersonations that make it harder for victims to distinguish legitimate communications from fraudulent ones.

What can fraud report data tell us about GenAI?

New data from the Federal Trade Commission (FTC) shows that consumers lost over $12.5 billion to fraud in 2024, a 25% increase from the year prior. 

According to the FTC’s data book, this number is not driven by an increase in fraud reports, which remained stable. Instead, the percentage of people who reported losing money to a fraud or scam increased by double digits.

This mirrors observations by decision-makers at financial organizations: 60% of respondents surveyed in Alloy’s State of Fraud Report witnessed a rise in fraud year over year, up 3% from the previous year. Financial institutions and fintechs also experienced more losses in 2024. Of organizations surveyed, 31% experienced over $1M in losses, up 6% from 2023. 

While the threat of GenAI persists, it's important to put its impact in perspective. The COVID-19 pandemic, for instance, triggered a far more dramatic surge in fraud attacks, with 91% of financial organizations reporting increased fraud volume in 2022. In comparison, the years following GenAI's mainstream emergence (2023-2024) show more modest year-over-year increases of 57% and 60%, respectively.

This pattern suggests that major socioeconomic disruptions — like a global pandemic that forced rapid digital transformation and created widespread financial vulnerability — still have a more immediate and dramatic effect on fraud volume than technological advances alone. While GenAI is likely making existing fraud schemes more efficient and successful, it hasn't yet caused the kind of dramatic spike in attack volume that we saw during COVID-19.

The steady but less dramatic increases we're seeing in recent years (57% in 2023, 60% in 2024) likely reflect a "new normal" where fraudsters are gradually incorporating GenAI into their existing operations rather than completely revolutionizing their approach. This matches what we're seeing in the FTC data, where the total number of fraud attempts remains relatively stable even as success rates improve.

What does the future of GenAI threats look like?

GenAI’s reach is still expanding. And as social media companies incorporate new GenAI tools, it will become easier for bad actors to create fraudulent content from the very platforms they use to find and defraud targets.

The most concerning evolution still won't be entirely new attack types, but rather existing fraud schemes becoming so convincing and efficient that even robust defenses struggle to distinguish legitimate from fraudulent activity. Financial institutions should prepare for increasingly sophisticated deepfakes, automated social engineering at scale, and multi-modal attacks that combine voice, text, and image manipulation simultaneously. 

How are financial institutions and fintechs future-proofing their defenses against GenAI?

To stop familiar attacks that have become more sophisticated through GenAI, financial organizations are applying strong fraud prevention fundamentals, machine learning, data orchestration, and actionable AI.

Strong fundamentals

Some of the best protections against GenAI are actually the non-AI tools many financial institutions and fintechs already have in their tech stack. Examples include:

• Biometric authentication — Unique characteristics like fingerprints, facial recognition, voice recognition, and retina scans may be used to enter an account. Although this type of authentication is still under-adopted, biometrics will be increasingly important in the fight against AI-driven attacks.
• Doc V / Selfie / Liveness tests — Document verification (Doc V) involves validating official identity documents. When combined with selfie matching (which compares a user's face to their ID photo) and liveness detection (which ensures the person is physically present, not a photo or deepfake), this fundamental authentication type becomes even more secure.
• Device authentication — Device authenticators like Prove bind users to real-world devices, so they can rely less on one-time passcodes.
• 2FA / MFA — Two-factor authentication (2FA) and multi-factor authentication (MFA) are specific implementations that require users to verify their identity using a combination of methods.
• Step-up authentication — A risk-based approach, step-up requires additional verification when suspicious activities are detected.

These foundational tools provide robust protection, but they're even more powerful when enhanced with advanced detection capabilities, like machine learning, data orchestration, and actionable AI tools. When applied as part of a layered approach, these tools take fraud prevention to the next level by identifying patterns invisible to traditional systems.

Machine learning

Machine learning models with strong computer vision capabilities can identify synthetic patterns in documents, selfies, and other visual media that humans miss. These systems excel at detecting the subtle irregularities present in AI-generated content by analyzing thousands of visual and data points simultaneously. Machine learning models also continuously improve through exposure to new fraud attempts, making them increasingly effective against evolving GenAI attacks. When deployed across multiple verification points, machine learning creates layered defenses that significantly raise the cost and complexity for fraudsters using GenAI tools.

Fraud orchestration

Fraud orchestration goes beyond simple data management by intelligently coordinating verification strategies across multiple fronts simultaneously. Financial organizations can dynamically route identity checks through various verification methods based on risk signals, creating a multi-layered defense that's particularly effective against GenAI attacks. 

Rather than relying on a single verification path that sophisticated fraudsters might circumvent, orchestration creates multiple parallel verification challenges. This approach triangulates identity verification across vendors that possess different strengths, allowing financial organizations to identify inconsistencies in real-time that signal fraud attempts. Even if GenAI helps criminals bypass one verification method, this orchestrated approach ensures other parallel checks will catch discrepancies, preventing even the most convincing synthetic identities from penetrating all defensive layers.

Actionable AI

Today, 93% of financial organizations believe AI will revolutionize fraud detection. It isn’t surprising, then, that the majority of financial organizations (99%) are already using AI as part of their fraud controls. 

But AI-powered fraud prevention systems have to do more than detect fraud: These solutions should trigger immediate defensive actions. When suspicious activity is detected, effective systems automatically initiate step-up authentication, freeze transactions, or restrict account features without manual intervention. These automated action pathways eliminate critical response delays that fraudsters exploit to maximize damage. The competitive advantage belongs to institutions implementing AI that seamlessly converts detection signals into preventative measures, stopping attacks mid-execution.

For example, Alloy’s Fraud Attack Radar (FAR) goes beyond suspicious activity alerts to provide quick response avenues. When an attack is detected, Alloy sends an alert that enables fraud teams to take immediate action within the platform. If a fraud attack is hitting multiple areas at once, financial institutions can enter a predefined “safe mode,” shifting the system into an alternate workflow to quickly contain threats across the origination funnel. This eliminates approval bottlenecks and improves time-to-response during critical moments.

Counter GenAI fraud with Alloy's identity and fraud prevention platform

As GenAI makes fraud more sophisticated and efficient, financial institutions need comprehensive defense capabilities. Alloy is uniquely positioned to offer access to both proprietary and third-party machine learning models, creating a robust ecosystem of fraud detection tools. This combination is particularly powerful against GenAI threats, as different providers within Alloy’s network use varying techniques and model off of distinct authoritative datasets, making it harder for fraudsters to circumvent detection.

Beyond model diversity, Alloy's platform orchestrates these tools dynamically. Our risk-based routing ensures that verification checks adapt to emerging threat patterns, while our extensive data partner network provides the deep intelligence needed to spot synthetic identities and stop coordinated fraud attacks. This approach is especially critical as GenAI makes fraud attempts more convincing and harder to detect using single-source solutions.

Alloy also helps financial institutions and fintechs coordinate multiple layers of defense — from document verification to behavioral analysis — creating a sophisticated shield against the multi-modal attacks that GenAI enables. And with Alloy’s Fraud Attack Radar and its automated response capabilities, financial organizations can move from detection to action faster than ever. This is necessary for containing the rapid-fire attacks that GenAI makes possible.