Mitigating Sophisticated Fraud Takes a Village

Originally published on American Banker

When I entered the fraud prevention space back in 2018, a typical fraud attack could take months to unfold. Now, it is not uncommon to see successful fraud schemes executed in just days. This acceleration not only challenges our existing risk strategies but also demands a new approach to fraud prevention altogether.

A few years ago, a typical strategy involved fraudsters trying to reverse-engineer a company's risk defenses. They would start slowly, probing different product features with a variety of stolen personally identifiable information, or PII, and payment data, testing the system for weaknesses. Once they identified a blind spot, they would gradually scale up the attack, allowing it to bleed into lagging metrics: materialized losses.

Although reverse engineering is still very much present, successful large-scale attacks now seem to be coming out of nowhere. Fraudsters are bypassing the experimentation phase altogether, moving straight into large-scale, highly sophisticated exploitation in mere days.

How are fraudsters able to act so quickly?

While the rise of generative AI for creating convincing text and images has certainly played a role, there is another more fundamental problem at play: information asymmetry.

Unlike financial institutions, which must navigate a maze of regulations and confidentiality concerns, fraudsters operate without boundaries — sharing techniques and stolen data across dark web forums and encrypted channels. You would be surprised (or perhaps not) how easy it is to find fraud guidance on major communication apps (though I do not recommend trying). They learn in real time, refining their tactics with every failed or successful attempt, and this intelligence is quickly distributed globally.

Bound by complex regulations and concerns about competitive advantage, financial institutions rarely exchange actionable intelligence on emerging fraud vectors. Even though the financial industry is armed with an abundance of sophisticated risk tools, they are often narrow in scope. These point solutions, while effective in tackling specific types of fraud, are not built for the kind of rapid, multi-vector assaults we are seeing today. Simply upgrading a risk stack to the latest and greatest vendor is not enough.

Fraud today is no longer a single-vector attack — it is an orchestrated, multipronged strategy that leverages information and weak points across different financial institutions. The key to combating this growing threat is collaboration.

A new approach is needed

Financial institutions must move beyond siloed approaches and begin sharing intelligence in real time. If fraud attempts, suspicious patterns and new techniques were shared across institutions and industries as soon as they are detected, fraudsters would face a much more unified and formidable defense.

Consider how valuable it would be if, after one institution identified a new synthetic identity scam, that information could instantly be shared across a network of banks, payment processors and fintechs. By the time a fraudster attempted the same tactic elsewhere, the defenses would already be in place. Collaborative fraud databases, like the Financial Services Information Sharing and Analysis Center, or FS-ISAC, offer a model for how collective intelligence can shift the balance of power.

The threat posed by information asymmetry is real and time is not on our side. But by working together, leveraging real-time intelligence and sharing defenses across the industry, we can flip the script and put fraudsters on the defensive.

Building Community-Driven Defenses

At Canonical, we believe in the power of community-driven defense mechanisms. We have helped fintechs build:

• Real-time threat intelligence sharing
• Collaborative pattern analysis
• Cross-organization fraud prevention networks

Looking Ahead

The future of fraud prevention lies in our ability to work together. By building strong partnerships and sharing insights, we can create a more resilient financial ecosystem that better serves and protects all participants. If you feel the same way, please reach out to us. We would love to chat.