However, alongside these benefits comes a new wave of challenges. Fraudsters are leveraging AI to orchestrate sophisticated scams at an unprecedented scale, putting businesses at risk. In the last year, Forter has seen a 202% increase in fraud driven by automation, with fraudsters using AI to carry out large-scale attacks like card testing, exploiting refund policies, and using social engineering tactics.

Our latest enhancements are built to keep you ahead of the curve. As threats and market shifts accelerate, businesses can’t afford to miss critical agentic signals or manually translate complex data into decisions. To keep pace, your AI tools need to do that work for you. 

Enter the launch of Forter Prism — an innovative, AI-powered copilot designed to empower e-commerce teams with faster, deeper insights to navigate the complexities of our evolving commerce landscape.

Introducing Forter Prism: Your New AI Copilot

Forter Prism is a game-changing addition to the Forter Trust Platform, enabling you to instantly access actionable insights without complex analyses or custom dashboards. The new innovation includes:

• Instant answers: Forter Prism acts like a conversational AI copilot, instantly providing answers to your data questions. Need to know why certain transactions were declined? Or how your revenue breaks down by country? Just ask and receive a response immediately — empowering your team to make faster, more informed decisions.
• Transactional investigation: Automatically analyze transaction data with Forter Prism, including user activity, device patterns, and past behaviors, to generate comprehensive transaction reports. You’ll be able to converse with Forter Prism to ask follow-up questions or request additional details, reducing review times and improving decision-making accuracy, helping you stay agile as e-commerce fraud evolves.

With these capabilities, Forter Prism equips your team to make decisions with confidence — whether you’re managing risk or optimizing operations. Over time, Forter Prism will continue to expand, incorporating more data, insights, and intelligence across the platform, enabling you to do more, faster.

“Every retailer, merchant, and direct-to-consumer brand is looking to find ways to be more efficient – not just for the sake of cost savings, but to keep pace with the speed of evolving consumer behavior and expectations. Forter stands out in how they put retailers and brands at the heart of their solutions. With Forter Prism, they are delivering yet another major innovation to support the balance of revenue generation and consumer satisfaction.” — Rachel Levy, COO, Brooklinen

Understanding Agentic Activity with Network Benchmarks

Additionally, we’ve enhanced our Agentic Activity dashboard to help you understand how many AI agents are referring traffic or purchasing from your business.

Most merchants lack visibility into agentic traffic, often being unaware if agents are referring users, making purchases on their sites, or being used to commit fraud. This missing insight makes it difficult to navigate new commerce channels strategically.

Today, we’re excited to share that we’ve enhanced your dashboard with network benchmarks. Now you can see exactly how your business compares to the rest of the Forter network. Are you seeing more referrals via ChatGPT than others? Is Gemini a weak spot for your traffic compared to the network average? With this feature, you can get additional context to know how you are performing.

There’s More: Forter Enhancements

In addition to the above, we’re also announcing updates to our core solutions based on customer feedback.

• Expanded decision reasons: Decision reasons will include 3x more explanations for declined transactions, highlighting specific fraud-related scenarios Forter has identified. With this greater visibility and transparency, merchants are better able to identify trends and patterns behind specific transactions to understand Forter decisions.
• Dispute management updates: Our dispute management capabilities will receive enhancements to make it better than ever. These changes allow our merchants to more easily manage all of their disputes and chargebacks, hassle-free, and directly with Forter.

Navigate AI with Forter

With AI transforming both opportunities and threats in digital commerce, it’s crucial to have the right tools at your disposal. Forter offers businesses the ability to make quicker, more confident decisions that drive growth and reduce fraud risk. Whether you’re looking to make your operations more efficient or future-proof for agentic commerce, Forter is designed to help you stay ahead.

Ready to unlock the full potential of AI in your business? Learn more about Forter today.

The post New at Forter: Introducing Forter Prism appeared first on Forter.

Naturally, agentic commerce was the hottest topic at the National Retail Federation’s recent Big Show, where Google announced Universal Commerce Protocol (UCP), which Forter now supports. UCP will power a new checkout feature on eligible Google product listings in AI Mode and the Gemini app. Shoppers can securely make purchases as they’re researching.

That’s great news for merchants that work with Google, who retain control over the customer experience. It’s also great news for merchants that work with Forter. Read on to learn why.

The Agentic Future Is Now the Agentic Present

Unlike rule-based bots or simple scripts, agentic AI can act independently. With AI-assisted shopping, agents browse and compare products, but stop short of purchasing. Humans must complete the transaction. Fully autonomous AI agents can browse and buy, functioning as a proxy for a human user — examples include Perplexity Pro and OpenAI’s Instant Checkout.

That’s great for customers, who can interact with brands the way they want to. It’s been more of a mixed bag for merchants, who have lacked visibility and control of the customer experience.

At a media lunch we hosted in October, Brooklinen COO Rachel Levy pointed out that AI referral traffic lacks context. “[Did the customer search] ‘the Internet’s favorite sheets? We don’t know, and we probably need to do some consumer research to say, ‘Why did you start your journey here?’ to understand,” she said.

When shoppers make purchases with UCP, the retailers remain the merchants of record. They preserve the customer relationship with full visibility into transaction data, loyalty programs, and post-purchase support, such as returns and exchanges. That puts control back in their hands.

Agentic Commerce Ushers in a New Kind of Fraud

Agentic referrals are visits to a merchant’s site from platforms like ChatGPT, Gemini, Claude, or Perplexity. And they’ve exploded in recent months. During Cyber Month, we saw a 40% increase in AI referrals. These visits were most prevalent in beauty, fast fashion, tickets, and travel. We also saw a 23% increase in AI referral conversions, nearly half of which were driven by first-time users.

However, this spike in agentic traffic doesn’t just mean more sales — it also ushers in a new, different kind of fraud. Fraudulent agentic transactions increased by 970% in the last six months alone.

Some merchants’ kneejerk reaction may be to place a blanket ban on bot traffic. Others have long had such a ban in place. It wasn’t long ago that bot traffic was universally considered bad news. That legacy approach won’t work in the agentic future.

Most of the bot traffic we saw during Cyber Month was malicious, designed to stack promo codes, steal data, or commit return fraud. But 10% of that traffic came from legitimate customers. Had merchants blocked all bot traffic, those sales wouldn’t have happened. False declines also have a downstream effect of alienating good, and possibly loyal, customers.

Without identity intelligence, merchants can’t distinguish the two. If they can’t tell the difference between a good and a bad bot, they’ll forever be playing catch up with a technology they can never out run.

Getting Your Brand Ready for Agentic Commerce

Getting your brand agentic commerce-ready starts with some questions. The answers will help assess your readiness, while uncovering any gaps.

• Are our risk systems built for agentic behavior? Legacy fraud models are based on human behavior. AI agents complete tasks far more quickly, and they scroll and enter data differently, which makes it easy for them to be misclassified as fraud.
• Can we distinguish helpful automation from abuse? Without advanced identity intelligence, AI agents and malicious bots may look identical. Identity also creates a holistic customer view, which allows you to recognize an AI agent purchasing from three different sites as the same account. 

• Are teams aligned on how automation shows up across the journey? Fraud, payments, and digital are often dispersed among three separate teams. Agentic AI doesn’t fit cleanly in just one of those buckets. For example, the fraud team may remove a CAPTCHA to improve approvals for AI-led orders. The digital team can reintroduce it for “security.” Those blurry lines make frictionless flows, which agents need to function properly, impossible.
• Is personalization logic tied to verified identity or vulnerable to spoofing? This is another area where identity is crucial. Spoofed agent profiles may trigger VIP discounts they’re not actually entitled to receive.

Steps Merchants Can Take to Prepare for Agentic Commerce

Once you’re clear on the answers, there are steps to take across data, operations, technology, and the customer experience.

Data readiness:

• Product data enrichment: Ensure all product data (descriptions, specifications, images) is complete, accurate, and structured. This includes detailed metadata for features and attributes. AI doesn’t reason the way humans do, so wrong data results in confidently wrong actions.
• Structured data and schema markup: Implement and validate up-to-date schema.org markup (Product, Offer, Review) on all product pages. This makes data machine-readable.
• Inventory and pricing feeds: Maintain real-time, high-fidelity feeds for inventory levels and dynamic pricing. Agents require immediate and trustworthy information.

Operational readiness:

• Fulfillment and logistics: Establish clearly defined Service Level Agreements for shipping and returns, making them readily accessible to agents. Automated processes for shipping and returns should be implemented as well. AI agents prioritize merchants with minimal friction.
• Agent-optimized communication: Develop communication pathways specifically designed for agent interaction rather than human customer service. This includes dedicated APIs for status checks, order modifications, and basic inquiries such as “Where is my order?” You should also have a machine-readable knowledge base (using JSON-LD or similar) containing answers to common agent queries.

Tech readiness:

• API ecosystem development: Build robust, well-documented, and secure APIs for all transactional touchpoints: search, checkout, order management.

• Scalability Testing: Stress-test systems to handle potential surges in transaction volume driven by agents.

• Security and Trust: Implement strong authentication protocols, such as OAuth 2.0, and data security measures, as agents are programmed to assess security profiles.
• Platform integration audit: Review compatibility with major agent platforms, ensuring seamless data exchange and checkout flows.

Customer experience readiness:

• Review and rating visibility: Ensure product and merchant reviews are easy to parse and highly visible in structured data. Agents will compare star ratings and review volume.

• Policy clarity: Clearly articulate all consumer-facing policies, such as shipping costs, guarantees, environmental impact data.
• Agent-specific offers: Ensure promotions and offers are targeted toward the logic of purchasing agents. This includes machine-discoverable dynamic bundles based on purchase history or pre-approved decision trees that allow AI agents to engage in pre-defined minor negotiations on price or shipping speed.

How Forter Helps Merchants Be “Agentic Commerce Ready”

AI has always been the center of Forter’s fraud prevention. As it’s become enmeshed in the customer journey, we’ve introduced new capabilities to our platform, designed to help merchants thrive in the agentic era.

Our solutions are powered by the world’s most powerful identity network, comprising more than 2 billion unique online identities. Each identity includes 6,000 behavioral and hard data attributes. This allows us to precisely identify browsing and shopping behaviors, and link them to the person behind the bot. And it allows you to block malicious agentic traffic without adding friction for legitimate customers.

Our Trusted Agentic Commerce Protocol is also designed to solve the data and trust challenges that make merchants wary of agentic commerce. An open standard, the protocol allows both merchants and agent developers to authenticate each other, maintain rich customer data, and prevent fraud, while putting the customer first.

Interested in learning more? Request a demo.

The post Agentic Commerce Is Here. Can You Spot the Fraud? appeared first on Forter.

NEW YORK – January 27, 2026 – Today, Forter, the Trust Platform for digital commerce, announced a global partnership with McDonald’s to deliver fraud prevention and identity solutions across the quick service restaurant (QSR) leader’s digital ecosystem.

In the fast-paced QSR industry, speed and convenience are mission-critical. By leveraging Forter’s advanced fraud prevention and identity solutions, the global restaurant brand will advance its capabilities to defend against emerging threats and deliver seamless, secure experiences to its digital customers worldwide.

Forter’s capabilities will enable the food retailer to make smarter, real-time trust decisions across McDonald’s digital ecosystem, including online orders, payment flows, and its loyalty program.

“The McDonald’s experience is known and loved by hundreds of millions of consumers around the world,” said Ozge Ozcan, Chief Revenue Officer, Forter. “We’re excited to work together to strengthen and secure the McDonald’s digital experience, ensuring trust remains a competitive advantage.”

“Our customers expect speed and convenience, so digital commerce is essential,” said Helen Jorski, Vice President & Treasurer, McDonald’s Corporation. “As our digital ecosystem grows and evolves, we also invest in solutions that protect our restaurants and Franchisees from new fraud risks. Forter helps us deliver on both fronts, verifying legitimate transactions with confidence and instantly delivering customers the McDonald’s experience they love.”

Forter’s best-in-class platform is powered by a global network of over 400,000 online businesses and more than two billion shoppers. This collective intelligence ensures seamless experiences for McDonald’s digital customers.

For more information about Forter’s work with other market-leading companies, visit: www.forter.com/customers.

About Forter
Forter is the Trust Platform for digital commerce. Built on advanced AI, we provide the most accurate, instant assessments of trustworthiness across every step of the buying journey. We give businesses the confidence and insight to securely embrace new innovations, like agentic commerce, without the fear of fraud. Our ability to isolate fraud and protect consumers is why 400,000 businesses, including Adobe, ASOS, eBay, Instacart, Priceline and Nordstrom, have trusted us to decision more than $2 trillion in transactions. Forter helps businesses prevent fraud, maximize revenue, and deliver superior experiences for their consumers. Learn more at www.forter.com

The post Forter Partners with Global QSR Leader to Advance Digital Fraud Prevention appeared first on Forter.

At the same time, familiar pressures have not disappeared. Returns abuse continues to erode margins. Loyalty fraud remains difficult to detect. And many fraud systems were built for a version of commerce that assumed every interaction was human.

At NRF 2026, Scott Buell of Forter joined Rajashree Rane of Amazon Web Services (AWS) and Andrew Linn of PwC for a candid conversation on how agentic commerce is reshaping the trust equation and how retailers can grow without compromising experience or profitability.

Why Retailers Still Have Time

Much of the conversation around AI shopping agents focuses on transactions. In reality, the impact retailers are seeing today is concentrated in discovery.

Consumers are increasingly using AI agents to discover products, compare options, and narrow choices. Worldwide Retail and Consumer Goods Business Development at AWS Rajashree Rane mentioned, “According to new data from Adobe, traffic from generative AI-powered shopping links to retail websites surged 4,700% year over year in July 2025, with shoppers spending more time engaging and bouncing less when guided by AI retail assistants.”

Agent-mediated purchasing, however, remains limited in volume.

Across the Forter network, which represented roughly $500 billion in GMV in 2025, agentic transactions are still relatively small in number. 

“There’s a perception that retailers are already behind,” said General Counsel and SVP of Corporate Strategy at Forter Scott Buell. “But when you look at the data, we’re still in the early days. Agentic commerce will be disruptive, but retailers have time to set a strategy and build the right trust foundations before it scales.”

Discovery has historically shifted before purchasing behavior followed, and agentic commerce is no different. Retailers who recognize this moment can modernize their trust and decisioning infrastructure now, before agent-mediated transactions scale.

The Trust Gap

Agentic interactions change who, or what, is interacting with a brand.

In traditional commerce, retailers rely on behavioral signals such as browsing patterns, session data, and device context to assess intent. In agentic channels, many of those signals are reduced or disappear entirely.

“We used to trust clicks, behavior, and patterns because they helped us understand where the customer was in their journey,” said AWS’ Rajashree Rane. “With agentic channels, it becomes much harder to understand who is behind the agent. That is the trust gap retailers are trying to solve.”

With less visibility, risk accumulates across the entire customer journey, from checkout and promotions to returns and loyalty. According to an NRF report, return fraud contributed $101 billion in overall losses for retailers in 2023. Moreover, for every $100 in returned merchandise, retailers will lose $13.70 to return fraud. Thinner signals only increase exposure.

Blocking vs. Building

When trust signals thin out, the instinct is to reduce exposure fast.

During the discussion, retailers in the audience voiced familiar concerns: uncertainty around liability, loss of control when agents mediate interactions, and hesitation to approve transactions they cannot fully see. For regulated categories and high-risk products, the stakes feel even higher.

Complicating matters further, the liability model has not yet evolved. Merchants still carry the risk even when transactions are initiated by third-party agents. Until accountability shifts, caution is understandable.

But broad restrictions come with tradeoffs. Blocking agent-driven traffic can prevent legitimate customers from discovering products, especially when agents are used for accessibility or convenience. And over time, it can quietly redirect demand elsewhere.

Blocking is a control. It is not a long-term strategy.

Identity Behind Every Interaction

What matters now is not how or where a shopper shows up, but whether retailers can recognize who is behind the interaction.

A loyal shopper using a new interface should not be treated as a first-time visitor. Without identity-based trust, many retailers have no reliable way to distinguish between them.

When agents sit between the customer and the retailer, trust shifts away from interface-based signals and toward identity, intent, and authority. Retailers must understand who is behind the interaction and whether the agent is acting within the permissions granted by the human it represents.

“As agentic commerce scales, trust cannot sit in one place,” said Rane. “Cloud infrastructure provides the foundation, but retailers need partners like Forter to help resolve identity and make real-time trust decisions when signals are thinner. That coordination across the ecosystem is what allows innovation to move forward safely.”

Identity-based decisioning replaces guesswork with continuity across interactions, channels, and tools. It enables more precise fraud prevention, stronger loyalty recognition, and consistent decisioning as new channels emerge.

Prepare Now, or Pay Later

Agentic commerce will not replace human shopping. It will sit alongside it as another channel, growing in influence as adoption increases.

Retailers do not need perfect answers today, but they do need foundations that can adapt as agentic commerce moves from experimentation to everyday reality.

That preparation starts with building a single view of the customer across human and agent-mediated interactions. And it means aligning fraud, product, and growth teams around identity-based decisioning rather than blanket restriction.

“Retailers need to shift from behavior-based fraud detection to identity-based trust frameworks now, before this gap becomes a major security vulnerability,” says Rane.

Many of the controls that worked even a year ago are already becoming constraints. The goal is not to loosen defenses indiscriminately, but to rebalance them, enabling discovery and access while tightening protection where it matters most.

“As commerce becomes more automated, fraud and abuse scale with it,” said Forter’s Scott Buell. “Decisions are made faster and with fewer traditional signals, which is exactly why retailers need identity-based decisioning that can approve good customers and stop abuse in real time.”

What Comes Next

Agentic commerce is still evolving, but its direction is clear. Discovery will continue to change first — transactions will follow — and systems built for yesterday’s signals will struggle to keep up.

Forter works alongside partners like AWS and PwC to help retailers build a trust infrastructure that evolves with commerce, linking identity, authority, and intent across the entire customer lifecycle.

The retailers that succeed will not be the ones that block change, but the ones that use this moment to prepare deliberately, building systems that can approve good intent, stop fraud, and scale with confidence as agentic commerce grows.

The post The New Trust Equation: Agents, Abuse, and the Future of Retail appeared first on Forter.

Throughout NRF 2026, Forter partnered with AWS, PwC, and Salesforce, across executive roundtables, live demos, and private leadership gatherings, from the AWS booth to conversations hosted at iconic retail landmarks like Café Louis Vuitton and the Ralph Lauren Polo Bar.

The importance of trust surfaced again and again.

Speed vs. Risk

Speed has become the defining expectation of commerce. Checkout, delivery, and refunds are now expected to be instant. That convenience, however, has put real pressure on margins, operations, and trust.

At Forter’s #AWSTechTalk, retailers discussed how fraud and abuse are scaling alongside the rise of faster commerce. Small, coordinated groups are now using AI to mimic legitimate customer behavior at scale, from AI-generated damage photos to coordinated item-not-received claims and refund abuse.

During this talk, a prominent retail analyst shared that their item-not-received claims had grown to represent roughly 1% of total sales volume, with internal rules providing only temporary relief as attackers adapted.

The retailer trusted Forter to make a shift.

The New Trust Equation

One of the clearest takeaways from NRF was how quickly AI shopping agents have moved beyond experimentation to influence real retail outcomes.

At Forter’s panel with AWS and PwC, General Counsel and SVP of Corporate Strategy at Forter Scott Buell, Worldwide Retail and Consumer Goods BD at AWS Rajashree Rane, and Managing Director of the AWS Alliance at PwC Andrew Linn discussed the decision now facing retailers —  whether to restrict agent-driven interactions out of caution or design trust systems that can support them safely.

Many commerce systems were built for direct, human interactions. Agents optimize for certainty, speed, and value, avoiding friction and inconsistency. When agents sit between the customer and the retailer, many of the behavioral cues traditionally used to assess intent disappear, concentrating risk in high-impact moments such as checkout, promotions, returns, and loyalty redemptions.

The challenge now is whether retailers are equipped to support agentic commerce and confidently understand who is behind each interaction.

The Pressure on Loyalty

As commerce becomes more automated, loyalty has become both a growth driver and a growing target for fraud and abuse.

During Forter’s loyalty roundtable with Salesforce and Google Wallet, leaders highlighted how fraud and abuse erode loyalty value in ways that often appear legitimate. 

• 5 to 10% of total loyalty program value is lost to fraud and abuse
• 12% of new accounts are fake or duplicated
• 10% of in-account activity is fraudulent

As AI shopping agents increasingly influence where demand flows, loyalty plays an even bigger role. Agents route transactions toward programs that are predictable, clearly valued, and consistently recognized. Programs that are not agent-friendly, overly rigid, or unsafe quietly lose share.

The key question is, where to invest?

Retailers need to invest in trust layers that sit above existing loyalty and commerce systems, enabling them to recognize trusted behavior and protect value in real time.

Building for What Comes Next

In an era where AI is reshaping how people and agents shop, NRF 2026 reinforced the growing importance of trust across retail.

Forter works alongside partners like AWS, PwC, and Salesforce to align identity, infrastructure, and customer experience so retailers can move faster with greater confidence.

As retail continues to evolve, Forter remains committed to collaborating with our partners to help retailers stay ahead of emerging risk, support new forms of commerce, and deliver seamless experiences for their customers.

We’re excited to continue building the future of trusted commerce together.

The post NRF 2026: Trust in an Agentic Retail Economy appeared first on Forter.

Agentic commerce represents a massive opportunity to unlock a new revenue channel that a fast-growing number of consumers are using to discover, browse, and shop autonomously.  According to Morgan Stanley, AI agents could reach between $190 billion to $385 billion of U.S. ecommerce spending by 2030, translating to an estimated 10-20% of market share. 

However, there’s a catch. Despite its early days, the agentic ecosystem is already fragmented, making it incredibly resource-intensive and complicated for merchants to begin testing and then fully support. The complexity of the ecosystem will only increase: Google’s Universal Commerce Protocol (UCP) and OpenAI’s Agentic Commerce Protocol (ACP) offer two different approaches to agentic commerce, and new agentic platforms and protocols continue to hit the market. 

Today, Forter is unlocking the agentic world for its merchants with Agentic Orchestration, a new solution designed to simplify the technical complexity of agentic commerce, allowing merchants to securely accept transactions from any AI agent. With a single integration, merchants can connect agentic protocols to their established retail processes for catalog management, loyalty, fraud and abuse prevention, checkout, payments, refunds and disputes, and customer data management. Forter already serves as the fraud, abuse and payment solution behind many of the world’s leading brands. Agentic Orchestration extends our proven approach to this new agent-led world. 

Agentic Orchestration Simplifies the Complexity

Forter’s Agentic Orchestration simplifies the technical complexity required to support agentic commerce. Our orchestration layer handles protocol requirements, payments connectivity, and ecosystem nuances – so that merchants can easily accept transactions initiated by AI agents through a single Forter integration. The solution is designed to align with emerging agentic commerce standards and broader payments ecosystem frameworks that prioritize transparency, verification, and trust without needing merchants to re-architect their existing commerce or payments infrastructure. 

What’s more, the solution is agnostic so that merchants can continue to work with any payment processor, agentic platforms or protocols. Its modular design provides merchants with the necessary flexibility to connect product catalogs directly, via existing commerce platform partners or have Forter orchestrate the entire journey. This adaptable offering is enterprise-ready and fits with merchants’ unique tech stack now and in the future.

Key capabilities include:

• Agentic Checkout: Support for the full checkout journey, from cart creation and fulfillment to post-purchase updates
• Product Feed Management: Ingesting merchant feeds to provide AI agents with dynamic updates on stock availability and promotions
• PSP-Agnostic Infrastructure: Enabling agentic transactions across payment processors and payment types, while supporting network-level frameworks
• Embedded Fraud & Risk Management: Delivering real-time, identity-based decisions to approve or decline agentic transactions before they impact your bottom line

A Global Network of Agentic Identities 

The ability to connect an agent to a known identity instantly will ultimately determine who succeeds in the agentic era. In this new world, trust is the deciding factor; merchants need to know who they’re really doing business with, even when an AI agent is acting on the shopper’s behalf. Yet agent-initiated transactions often arrive with fewer traditional signals, making it harder for risk teams to assess intent and authenticity without introducing unnecessary friction. 

Forter’s identity intelligence closes the agentic trust gap by connecting agent-driven transactions to an underlying consumer identity and evaluating risk in real-time. Powered by a global network of over 2 billion consumers and over half a million businesses, Forter can identify the human shopper behind each agent transaction and evaluate the risk within fractions of a second, even when traditional signals are limited. We then reconcile data across all AI platforms and agentic protocols to unlock a unified customer profile across web, mobile, in-store and agentic so that merchants always know who to trust. 

Building the Future of Agentic Commerce

Leading brands across industries, such as luxury, travel and retail, including Mejuri and PacSun, are already working with Forter to prepare their businesses for the future of commerce.

“Every technology leader is exploring testing their way into agentic commerce with both speed and scale,” said Rohit Nathany, Chief Product, Technology, and Marketing Officer at Mejuri. “The space is complex and moving quickly, and most do not yet know which agentic platforms their specific consumers will actually prefer. This makes investing in agentic commerce tough because it requires plugging into so many different systems and retail processes.

“The agentic ecosystem will only continue to evolve and become more complex. Forter’s Agentic Orchestration will let merchants spend their time on what really sets them apart, instead of building and managing integrations. Forter consistently prioritizes both merchants and customers, and their approach to agentic commerce underscores how unique a partner they are for retail and commerce organizations.”

Additionally, Forter is working alongside global technology leaders across payments, agent platforms, and commerce infrastructure to establish trust in the agentic commerce ecosystem. From partnering on emerging protocols like Google’s AP2 to align with network-level frameworks like Mastercard Agent Pay to releasing our Trusted Agentic Commerce Protocol (TACP), we’re collaborating with key partners across payments, ecommerce and technology platforms to ensure that merchants can securely navigate this frontier. 

As the agentic commerce ecosystem continues to take shape, payment networks play a critical role in establishing shared foundations for trust, transparency, and secure interoperability.

“Agentic commerce will only scale at the speed of trust. As this ecosystem evolves, ensuring transparency, verification, and secure interoperability becomes even more critical. Mastercard is committed to building that trust layer so every participant in the agent‑driven journey can move with confidence,” said Pablo Fourez, Chief Digital Officer at Mastercard. “As technology partners like Forter innovate in this space and merchants begin engaging with agentic platforms, we’re committed to providing the permissioned, transparent foundation they can rely on. That’s why we’ve built Mastercard Agent Pay and the Agent Pay Acceptance Framework to deliver the validation, security, and clarity merchants need to engage with AI agents responsibly — while unlocking the benefits of a new, fast‑growing channel of digital commerce.”

Ready for the Next Era of Commerce?

Our goal is to securely unlock agentic commerce for businesses everywhere. With Forter’s Agentic Orchestration, merchants can support agentic commerce while minimizing upfront and ongoing engineering effort, protecting incremental revenue from fraud, and engaging their most loyal customers via a revolutionary automated shopping experience.

Ready to unlock the full opportunity with agentic commerce? Talk to Forter and read our technical documentation today. 

The post Unlocking Agentic Commerce for Enterprise Merchants with Forter appeared first on Forter.

Agentic commerce is no longer theoretical. AI-powered agents are already researching products, comparing prices, and completing transactions on behalf of consumers. For merchants, this shift is bigger than just a new channel. It fundamentally changes how identity, intent and risk are established and managed.

Merchants need a secure, intelligent trust layer that connects identity, risk and payments across both human and agent interactions, without exposing sensitive data or losing decisioning control. Just as importantly, merchants must be able to confidently distinguish legitimate AI agents acting on behalf of customers from malicious bots attempting to bypass safeguards. That is why Forter and Very Good Security (VGS) are expanding their partnership to evaluate trust in real-time and secure payments across agent interactions.

Agentic commerce is reshaping trust. By 2030, AI agents could represent up to $385 billion of U.S. ecommerce spending. This creates a massive new revenue channel for merchants but it also introduces new challenges:

• Identity is no longer anchored to checkout. AI agents can initiate and manage commerce interactions well before a merchant ever sees a payment credential for the transaction.
• Sensitive data flows across platforms and wallets. Card data can move between agent platforms, wallets, and processors, often beyond the boundaries of traditional merchant-controlled environments.
• Risk signals are fragmented and more limited. Agent-initiated transactions often arrive with fewer traditional signals, making it harder for risk teams to assess intent and authenticity. Agentic protocols are largely assertion-based today: they assert trustworthiness via an agent registry certificate or purchase mandate. Risk signals available during the Customer-to-Agent interaction are not always passed to the merchant during the Agent-to-Merchant interaction, limiting merchants’ ability to assess risk.

Together, Forter and VGS are designing trusted agentic commerce credentials by combining:

• Forter’s real-time identity intelligence, associated with the payment token at the point of provisioning. This ensures that when an agent shares a token with a merchant, the trust assessment data travels with it, keeping transactions secure from start to finish.
• VGS’s neutral tokenization infrastructure enables agents and merchants to use secure payment credentials at checkout while protecting cardholder data and supporting multi-PSP agentic transactions.

“Together, we’re ensuring that the risk signals captured during the Customer-to-Agent interaction persist downstream to the merchant,” said Forter’s Director of AI, Adam Davies. “By leveraging Forter’s identity intelligence alongside VGS tokenization at the point of provisioning, we’re reducing the data leakage that occurs when an agent acts on behalf of a customer, empowering merchants to make accurate risk decisions and unlocking a seamless, secure experience for trusted customers while keeping malicious actors out.”

This partnership expansion follows Forter’s recent launch of Agentic Orchestration, which helps merchants simplify the technical complexity required to support agentic commerce through a single integration.

“As commerce evolves toward agent-driven experiences, tokenization becomes a framework to ensure trust and data security evolves alongside it,” said Howard Xiao, Head of Partnerships at VGS. “Our expanded partnership with Forter brings together their real-time identity intelligence and VGS’s secure, neutral token infrastructure to give AI Platforms and merchants access to agentic payment credentials enriched with real-time risk insights. And we have a shared vision to ensure merchants can confidently accept legitimate agentic transactions while blocking malicious actors.”

Looking ahead, Forter and VGS see agentic commerce as the start of a broader shift where identity and payments work together to create loyalty-driven, permission-based experiences. As agents become more embedded in consumer shopping, trust will increasingly be defined by intelligence and infrastructure working in concert, not by point solutions.

To learn more about how Forter & VGS can work for you, visit forter.com/partners/vgs.

The post Forter and VGS Expand Partnership to Power Trusted Agentic Commerce appeared first on Forter.

Your time is too valuable to spend on busywork — chasing down insights, waiting on reports, or watching an integration drag on for months. 

Here’s what’s new at Forter, built to help you move faster, with less friction and more confidence.

AI Integrations to Go Live Faster

Integrations are expensive — not just in dollars, but in time. Engineering teams get pulled off work, timelines slip, and the value you expected from a new solution keeps getting pushed further out. For too long, “going live” has meant months of back-and-forth before you see any results.

That’s exactly what the Forter AI Coding Kit was built to solve.

The AI Coding Kit eliminates manual effort and helps you go live with Forter in days, not weeks. It analyzes your codebase and implements Forter’s services automatically, without your engineers writing a line of integration code from scratch. Instead of spending months reading documentation and building manually, the coding kit builds the integration for you — with fewer errors and less back-and-forth.

The kit works with the tools your engineers already use: Cursor, VS Code with GitHub Copilot, Claude Code, Windsurf, and other AI-enabled development environments. And it runs entirely within your own infrastructure, so your code never leaves your environment.

On top of the AI Coding Kit, we’ve also built the Prism Integration Agent: an always-on integration expert that builds a structured integration plan, answers your questions, and troubleshoots and validates your integration, so it’s flawless from day one

Whether you’re building a new integration or confirming you’re production-ready, you’ll be able to move faster, with fewer engineering resources. 

More from Forter Prism

For many brands, having data isn’t the hard part. Knowing what it means — and what to do about it — is. Most teams are drowning in dashboards but starved for clarity, waiting on reports, and manually working through chargeback queues that never seem to shrink.

You may already know Forter Prism as the AI copilot built into your Forter portal, helping you get better insights faster and spend less time on manual work.

Here’s what it can do for you now.

Summarize Dashboards  

Stop digging through dashboards to figure out what changed and why. Prism now automatically surfaces the most important shifts in your data, their underlying drivers, and the recommended next actions — so your team spends less time interpreting and more time acting.

Build Policies

Crafting abuse policies no longer requires technical expertise or lengthy back-and-forth. Just describe what you need in plain language, and Prism automatically builds your policy — while ensuring your business maintains control.

Analyze Chargebacks

Get a clear picture of your chargeback trends, understand where performance is slipping, and take immediate action — all in one place. Whether you’re bulk disputing chargebacks, assigning cases to an analyst, or generating reports, Prism turns a time-consuming process into a streamlined workflow.

Every feature is built around a simple belief: your team’s time is too valuable to spend on busywork. Whether you’re integrating for the first time or looking to get more from Forter every day, these tools are designed to help you move faster, with less friction and more confidence.

The post New at Forter: Go Live in Days, Not Months appeared first on Forter.

In this article we’ll explore what’s changing, the direct impact on merchants, and some food for thought about the best ways to adapt. The payment landscape changes fast, so we’ll be updating this post whenever it’s relevant to keep it fresh as things shift over time. 

Last updated: March 25th, 2026

VAMP explained 

Visa brought in VAMP to replace their earlier programs, the VFMP (Visa Fraud Monitoring Program) and VDMP (Visa Dispute Monitoring Program). 

It fills the same conceptual “space” in the fraud and payments ecosystem as these programs combined, but with some significant differences:

• Unified metric. VAMP unifies disputes, fraud chargebacks and non-fraud chargebacks into a single metric. From April 2026, that’s 1.5% / 150 basis points, referred to as the VAMP ratio. You can see the calculation at the bottom of these bullet points.
• Tighter thresholds. Before VAMP, the thresholds were 0.9% in both programs, for a combined 1.8%. In the initial rollout, the VAMP program threshold was 2.2%, although even this higher number caused difficulties for some merchants struggling with the double counting challenge (see the Fine Print section below). From April 2026, the threshold will be 1.5%.
• Acquirers are front and center. VAMP adds a bit more distance between merchants and Visa, as Visa’s relationship shifted towards an emphasis on acquirers (that’s the “A” in VAMP – which wasn’t present in either of the earlier programs). More on this below.
• Automated attacks are a metric of their own. VAMP targets automated attacks like card testing as well as chargebacks, introducing an Enumeration Ratio of 20%. So bot attacks on your site need to stay below 20% of your total transactions. 
• No grace period except for first-time offenders. VAMP fines are relevant for any month in which a merchant exceeds their thresholds for disputes or enumeration. There’s no grace period when you’re alerted to the problem and given time to fix it before being fined. On the other hand, you also don’t need to stay “clean” for any period before being removed from VAMP. It’s just relevant for any month when you’re not in compliance.
  • There is a grace period of three months for any merchant who has been out of the VAMP program for at least 12 months (calculated on a rolling basis).
• Exemption for small merchants. For a merchant to qualify for VAMP assessment, they need to have a minimum settled transaction count of 1,500, meaning smaller merchants may fall outside the scope of the program. 

Here’s the calculation:

(Fraud Disputes (TC40)  + All Disputes (TC15)) 

———————————————————————–

                 Total Settled Transactions (TC05)

VAMP has been rolled out in staggered fashion, with different geographies hitting different thresholds at different times. From April 1st 2026, it will be much more standardized, with the only exceptions being Central and Eastern Europe, Middle East, Africa (CEMEA). Merchants there will have the 2.2% or 220 basis points threshold, though with a different, lower monthly fraud count.

New Thresholds for the Updated VAMP Ratio

For other regions – US, Canada, LATAM, EU, APAC – regardless of how their rollout period looked, the key details from April 1st 2026 are that:

• Merchants need to stay below 1.5% or 150 basis points VAMP ratio
• Merchants need to stay below 20% Enumeration Ratio
• Merchants pay $8 for every violation in a month in which they’re over threshold

The VAMP fine print

The VAMP rollout has seen a lot of confusion across the payment ecosystem, and there are some aspects that many merchants don’t discover until they’re hit by fines that they struggle to understand.

Here are some points you need to know that might have flown under your radar:

• A single dispute can count twice. VAMP combines TC40s (fraud alerts) and TC15s (chargebacks) into one ratio. If a fraud alert is issued and you don’t refund it fast enough to prevent a chargeback both of those can count towards your ratio separately. Also, if you’re above threshold and a TC40 resulted in a TC15, you can be charged $16 in fines for the single transaction. 
• Resolving pre-chargeback doesn’t necessarily make it disappear. Previously, if you resolved a dispute pre-chargeback, you may find that none of this interaction counted towards your dispute ratio. Now, the TC40 still has an impact. However, resolving through Visa’s Compelling Evidence 3.0 program (CE3.0) does remove a transaction from your VAMP ratio.
• Visa’s programs grant exclusion – but only within the right month. Visa’s CE3.0 for TC40 disputes, and Visa’s RDR and CDRN for TC15 disputes can help you resolve a dispute so that it doesn’t count for your VAMP ratio. However, both resolution and dispute need to fall within the same month for the exclusion to be effective, because VAMP looks at each month in isolation. 
• When Visa says “April” they mean March. Visa brought fines for VAMP in October 2025 — for transactions in September 2025. So the shift to 1.5% will be on your March transactions. 
• Chargebacks for which you’re not liable still count for VAMP. Counterfeit cards, or account takeover on the issuing bank side, can result in chargebacks. You don’t have to pay them. But they do count for your VAMP metrics, at least for now. 
• Fines are on all transactions, in a month when you’ve gone past the thresholds. They’re not for only transactions beyond the threshold. 

Why you need to understand the acquirer aspect

Visa’s shift to seeing disputes through the lens of acquirers sounds like a technical update in the payments landscape. In fact, it’s crucial that merchants understand what’s happening from the acquirers’ perspective, because it directly impacts merchants’ experience and bottom line.

If you thought the new 1.5% threshold sounded like a challenge, particularly with the double counting and so on, take a moment to imagine how acquirers have engaged with VAMP given that they now have a portfolio limit of 0.5% to 0.7%.

Acquirers used to offset having some high-risk merchants in their portfolio with other low-risk merchants. They had considerable flexibility to find the right balance to match their risk appetite. With the new threshold from VAMP, that’s not really the case anymore. Acquirers have to stay under 0.7% for their entire portfolio. Anything above, and they’re designated Excessive. Even if they fall within the 0.5% to 0.7% region, they’re designated Above Standard, facing $4 fines rather than $8 ones. It’s not insignificant.

Direct impact for merchants: Your acquirer might not be able to afford you if you’re too much above 0.7%, no matter how safely below 1.5% you are.

For an acquirer to stay under their 0.5% limit, they have to offset high-risk merchants with thousands of ultra-low-risk merchants. They’ll have to pick their merchants carefully. There are already reports of merchants who were unlucky enough not to make the cut. 

What it means for merchants 

Protect pre-checkout. If you’re still thinking about fraud largely in terms of chargebacks, you need to leave that model behind. Stopping fraud at checkout is no longer enough to keep your business safe from fines, a monitoring program, or difficulties with your acquirer.

Detect and block bots early. Visa monitors transaction attempts, not just success. Even if your system blocks a bot from actually placing an order, the very act of the bot hitting your payment gateway with thousands of different card numbers is what triggers the Enumeration Ratio. That will land you in VAMP just as surely as high chargebacks will. To be agentic ready but VAMP compliant, you’ll need to follow the Visa Trusted Agent Protocol.

Be aware of your context. At the same time, the acquirer limit means you have to consider your business in the context of your industry and other industries as well. Operating in a silo and ticking all the boxes you’re supposed to tick for your business by itself is no longer enough for safety. 

Practical steps for merchants to consider:

• Prepare. Make sure you’re ready for the change from 2.2% to 1.5%, if you haven’t already. Ideally with some room to spare. If you’re not sure where your ratio stands today, or whether your current fraud and dispute workflows are built to handle these changes, Forter’s platform is designed to address both sides of the equation — automated CE3.0 qualification, upstream fraud prevention, and access to cross-merchant identity data that becomes newly eligible evidence in Q4 2026.
• Precision. Deal with the challenge by increasing precision and accuracy, not by simply becoming more conservative. Losing a lot of business to false positives is just loss from another direction.
• Ensure you are capturing the right data on every transaction. CE3.0 only works if you have Device ID and IP Address on file — and the clock is already running. The two qualifying prior transactions must be at least 120 days old at the time of the dispute. If Device ID and IP Address aren’t being consistently recorded on every transaction right now, the historical footprint you’ll need simply won’t exist when you need it. Forter is able to do this for you.
• Velocity. Make sure your site is sensitive to velocity regardless of whether money is involved. 
• Bots. Protect your site from malicious bots, before they check out. Declining the transaction isn’t enough, you need to detect and block earlier now. 
• Agentic-ready. At the same time, if you’re tweaking your bot protection mechanisms, make sure you’re adapted to identify agentic activity and respond positively to it. Make sure you’re asking your acquirer for your monthly VAAI (Visa Account Attack Intelligence) report to ensure agentic activity isn’t being counted as malicious.
• Auth-only risk. Watch out for auth-only type transactions. They’re not “no risk” anymore.
• Business risk profile. Consider VAMP in the context of your industry and the risk level of your business. A subscription model is particularly vulnerable to these changes, for example, since customers sometimes use chargebacks as a way of canceling. If this is the case, work with the product department to try to minimize this behavior. 
• Acquirer alignment. Descriptors are important in how VAMP ratios are calculated, so it’s important to proactively engage your acquirer to review how your descriptors are registered and reported. A multi-PSP approach may be an advantage for strategizing on how to group descriptors and acquirers to potentially spread risk.
• Acquirer visibility. Work with your acquirer to achieve visibility into how they’re handling the changes. If you’re at an enterprise company, consider this as a possible point of negotiation in the future. 
• Personalize. Tailor your customer journey according to trust level. Known customers can breeze through. If there are suspicious signals, restrict privileges such as guest checkout. Lean on a network effect to increase your knowledge of identities. 

VAMP is the new reality in the payments, fraud and disputes world. Change can feel overwhelming when there’s so much else going on — which there always is in the world of online fraud.

Many of the best ways for merchants to adapt to VAMP are changes that are good for the long-term health of the business and its fraud strategy. VAMP adds some pressure, but it’s also a valuable opportunity to ensure that your fraud and payments systems and priorities are well-positioned for the challenges of today’s digital economy.

October 24, 2026: CE3.0 Expands

While April 2026 is an enforcement deadline, the October change is an opportunity.

On or after October 24, 2026, Visa is significantly expanding CE3.0’s scope in two key ways:

1. Cross-merchant qualifying transactions

Under current CE3.0 rules, the two qualifying prior transactions must come from the same merchant. Starting October 24, 2026, Visa is updating this to allow qualifying transactions processed at different merchants — provided that related credentials (additional tokens linked to the same card) were used and the required data elements match.

This change acknowledges how cardholders actually shop: across multiple merchants, using related payment credentials. A merchant that can demonstrate a cardholder’s consistent, undisputed behavior across several different merchants has a stronger, more credible historical footprint.

2. Expanded credentials

The update also allows transactions on all credentials related to the same underlying card (additional tokens) to qualify — not just transactions on the identical card or token used in the disputed transaction.

Source: AI16011 — Updates to Remedy Rule (CE3.0) for Dispute Condition 10.4, Visa Business News, January 29, 2026

One important caveat: While Visa is allowing cross-merchant evidence in principle, an acquirer can only submit transaction data that was accepted and processed by that same acquirer. The cross-merchant benefit is therefore only realizable in practice if a merchant or their fraud platform can compile qualifying cross-merchant transaction data and route it appropriately through the acquirer chain.

Why Forter is uniquely positioned for this change

This is where network matters.

Forter’s identity platform operates across thousands of merchants globally. When a transaction comes through any merchant using Forter, we capture and link identity signals (Device ID, IP address, behavioral patterns) at the time of the transaction. Rather than looking backward through one merchant’s transaction history, we can identify qualifying prior transactions across the broader Forter merchant network.

This is a structural advantage. In practice, it means:

• A disputed transaction at Merchant A may be supported by two qualifying undisputed transactions from Merchants B and C — both processed by Forter — that share the same device fingerprint and IP address.
• Forter can surface those cross-merchant qualifying transactions instantly, building the historical footprint the October 2026 rules enable.
• Merchants who couldn’t previously satisfy CE3.0 criteria because they lacked sufficient transaction history with a given customer now have a much richer dataset to draw from.

There’s another layer to this that goes beyond CE3.0 qualification. Not every dispute is an honest mistake. A meaningful share of friendly fraud comes from cardholders who have a pattern of disputing legitimate purchases across multiple merchants. Because Forter’s identity graph operates across thousands of merchants, we can identify these serial claimers even when they’ve never disputed a transaction with your business specifically. 

The post Visa’s Updated VAMP Program: What Merchants Need to Know appeared first on Forter.

But beneath the AI narrative, one question kept surfacing — who is actually behind each retail interaction?

Across a week of sessions and curated conversations, Forter explored that challenge alongside partners including Glossier, Salesforce, ESW, SCAYLE, Airwallex, Vercel, Listrak, Ekyam.ai, Aries Solutions — here’s what we took away.

The New Rules of Refunds and CX for the AI Era

Refunds abuse have become one of the most consequential pressure points in modern retail, where margin leakage, customer experience, and abuse all collide.

As AI accelerates how people shop, it’s also reshaping how returns are handled. New channels like TikTok Shop are introducing entirely different risk dynamics, limiting visibility into customer behavior while increasing return abuse attempts. AI is lowering the barrier further, from generating convincing “damaged product” claims to probing policies for weaknesses at scale.

In a session with Glossier, Kaitlyn Johns, Sr. Director of Digital Product and Engineering, spoke to the growing tension between maintaining a trust-first customer experience and adapting to increasingly sophisticated abuse. As fraud evolves, brands need more precision behind the scenes, with decisions informed by a broader view of customer behavior rather than isolated signals.

The answer isn’t to tighten returns across the board. It’s to know your customer and channels well enough to tell the difference. Leading brands are moving away from one-size-fits-all policies toward more adaptive approaches, keeping returns seamless for trusted customers while applying greater scrutiny where the signals warrant it. That requires a view of identity that extends beyond your own four walls.

To learn more about identifying, quantifying, and eliminating returns abuse head here.

Commerce x AI Agents

The identity challenge doesn’t stop at returns. It gets structurally harder as AI agents enter the picture.

At an executive experience hosted with Vercel and Salesforce inside the Coach store, Forter’s Kerry Hudson, SVP of Global Sales and Alliances, joined Mandeep Bhatia, VP of Global Digital Product and Omnichannel Innovation at Tapestry, and Caleb Bryant, Commerce GTM at Salesforce, to discuss what building for the AI era actually demands.

AI agents are not yet a primary driver of transactions, but they are beginning to shape how products are discovered, evaluated, and purchased. Commerce systems built for direct, human interaction now need to account for interactions that are mediated, accelerated, and less visible. As agents sit between the customer and the transaction, many of the signals retailers have historically relied on become less reliable, concentrating risk at key moments across the journey.

The takeaway is not to rebuild everything at once, but to prepare for a model that looks fundamentally different. Preparing for that shift requires more than new tools. It requires alignment across partners, platforms, and teams, as well as a clearer understanding of how these interactions are changing in practice.

Forter’s Agentic Commerce Collective was built for exactly that, bringing together commerce leaders to work through what agentic commerce actually requires, and how to support it with confidence. For leaders looking to stay ahead of this shift, join the Agentic Commerce Collective here.

The Main Takeaways

Across every conversation at Shoptalk, from the main stage to the Coach store, the Commerce Cabana, dinner at Beauty & Essex, and a private evening at Sphere, one theme kept surfacing — AI is accelerating every layer of commerce, and with it, every layer of risk.

In the age of AI, knowing who is behind each interaction is the foundation on which everything else is built. Getting it right is what separates retailers who grow with confidence from those absorbing the cost of getting it wrong.

Forter works alongside partners like Salesforce, ESW, SCAYLE, Airwallex, Vercel, Listrak, Ekyam.ai, and Aries Solutions to help retailers do exactly that — know who is behind every interaction and use that intelligence to deliver seamless experiences while making smarter, faster decisions across the entire commerce journey.

The post Shoptalk 2026: Retail in the Age of AI appeared first on Forter.

Fraud risk assessment is alleged to be an essential part of protecting a company, but is it just an academic exercise?

This will be the summer of challenging our profession’s guidance on fraud risk assessment. As you know, last month we raised the question of whether fraud risk assessment is simply an academic process to meet a standard. 

In the beginning of my career, someone once told me, "People commit fraud, not internal controls." So, if we are to perform a proper analysis of fraud risk, then we need first to assess people. No, I do not mean a psychological profile. To me, it means the opportunity the person has by virtue of the position in the business cycle. Or by their sophistication to conceal the fraud scheme. Or, by understanding the natural vulnerabilities that exist within their business system.

The new IIA (Institute of Internal Auditors) Global Internal Audit Standards place a significant emphasis on internal auditors actively assessing and mitigating fraud risk within an organization, requiring them to take a more proactive approach to fraud detection and incorporate a deeper understanding of potential fraud schemes into their audit planning and execution.

Where is the beef?

If that phrase doesn’t instantly resonate, take a look at this video. This was an iconic video from the 80s, and people are still asking the question today. (I hope you get my sense of humor.)

The fundamental concepts of creating a fraud risk assessment document are well known and widely published. I have no intention of reiterating the process. But, in a recent project, I was engaged to help the company respond to an internal audit recommendation. The request led me to an exploration and reconsideration of the common approach.

This year, I have focused on the fraud risk assessment process as both a management tool and an audit tool. The common theme of my blogs is, “Do you understand fraud risk?” I have raised a number of issues that I hope were helpful within your career as an auditor, investigator, risk manager, or senior leader. In this blog, we’re diving into what having a deeper understanding looks like.

As we have discussed in previous blogs, the new fraud auditing standards require you to bring a “deeper understanding of potential fraud schemes into their audit planning and execution.”         

The new fraud auditing standards require you to bring a “deeper understanding” of potential fraud schemes into audit planning and execution. The last two months we focused on what this means in when considering asset misappropriation. Over the next few months, we will focus on financial reporting.

  Financial Statement Fraud Audit Planning: From Risk to Detection  

This year, we are focused on the fraud risk assessment process as both a management tool and an audit tool. The common theme of my blogs is, “Do you understand fraud risk?” I have raised a number of issues that I hope were helpful within your career as an auditor, investigator, risk manager, or senior leader.

Consumer scams continue to evolve in sophistication and scale — to the tune of $43.6B annually across the globe. The rule changes are part of a growing emphasis from payment processors and governments to engage financial institutions in the fight against these egregious crimes. 

Why Early Compliance with Nacha Rules Matters 

Nacha’s new rules address the challenges of detecting fraudulent transactions authorized through social engineering and other typologies that target ACH payments. The updates require Receiving Depository Financial Institutions (RDFIs) and Originating Depository Financial Institutions (ODFIs) to more rigorously assess both sides of an ACH payment. This includes analyzing all 17 monetary Standard Entry Class (SEC) codes — strengthening ACH fraud detection across the transaction lifecycle.  

Meeting these requirements effectively and accurately will take time: from performing a gap assessment, to updating systems and internal policies. Early preparation will better-position you to protect customers sooner, and avoid potential fines and penalties associated with non-compliance.   

Your Checklist for Nacha Rules Compliance

The first step for institutions in scope of Nacha’s new rules is to review them to understand what’s changing in March 2026. This will enable you to evaluate current ACH fraud monitoring controls and identify gaps that need attention. If your institution sends and receives payments, you must be ready for process changes to both incoming and outgoing ACH payments.  

The following steps can help you identify the best path to compliance for your institution. 

RDFI Monitoring 

• Implement risk-based monitoring to flag suspicious incoming ACH credit entries. 
• Collaborate with receivers and ODFIs to align on risk and recovery strategies. 
• Review and update policies as part of your annual ACH audit. 

ODFI Monitoring 

• Establish or refine processes for monitoring suspicious ACH credit and debit entries. 
• Work with originators and RDFIs to ensure consistent ACH fraud detection and recovery. 
• Audit and update procedures regularly to stay aligned with Nacha’s expectations. 

Completing these steps in time for the March 20 deadline is a major task. However, the ongoing risk-based monitoring requirements will increase the amount of time you spend reviewing alerts in an ongoing capacity — unless you have a technology solution that mitigates false alerts while identifying high-risk payments. 

Strengthening ACH Fraud Defenses

The upcoming changes emphasize a comprehensive approach to ACH fraud detection across the entire transaction lifecycle. Institutions need to monitor transaction conditions such as SEC code alignment, unusual dollar amounts, suspicious payees and account age.  

While these requirements will help reduce the risk of Business Email Compromise (BEC) and other sophisticated authorized push payment frauds, meeting them will be difficult for institutions to do without a third-party technology solution. 

Consortium data, paired with cross-channel intelligence, will help you quickly get ready for the new Nacha rules, allowing you to align Standard Entry Class (SEC) codes with expected transaction types, and analyze behavioral data for a complete view of both payor and payee sides of ACH transactions. This will also help mitigate the inevitable increase in false positive volume.  

Nasdaq Verafin offers an ACH solution powered by analytics from 2,600 customer partners and over 725 million counterparties. Visit our website to learn more about how we will quickly help you meet the new Nacha requirements. 

The post ACH Fraud: Time is Running Out to Meet the New Nacha Rules appeared first on About Fraud.

Despite their omnipresence, very few understand the underlying insidious criminal machinery and global scale behind scams. Modern fraudsters aren’t just lone hackers in dark basements. Scams are driven by multinational criminal syndicates, fueled by human trafficking, modern slavery, and government corruption and failure. Scam centers- where trafficking victims are coerced to operate online scams that trick victims into giving away money or personal information- are at the heart of a brutal and evil network orchestrated to steal your savings.

Despite this, relative to issues like drug trafficking, scams remain largely overlooked by U.S. public advocacy and media and remain astonishingly absent in national policy. Successful scams must be isolated incidents then, right? Think again. In fact, these criminal systems are one of the most dangerous threats to the U.S. and global economy today.

Magnitude: The Global Scam Economy and American Costs

Due to its covert nature, it is hard to estimate the true size of the international scam economy. The Federal Bureau of Investigation (FBI)’s Internet Crime Report details that Americans’ reported losses exceeded $16 billion in 2024.1 Due to vast underreporting of incidents, the actual number is undoubtedly much larger. The Global Anti-Scam Alliance (GASA) estimates that $1.03 trillion was stolen in scams globally in 2024, with American victims bearing the largest impact per victim.

Alone, scams would account for the 20th largest national economy in the world, larger than sizable economies like Switzerland, Argentina, and Ireland. In 2024, estimated digital scam thefts were 60% larger than the revenue of the world’s largest company–Walmart.

The FBI’s $16 billion in reported U.S. losses figure rivals the entire 2024 budget of the U.S. Department of State and is approximately 100 times larger than the 2024 budget for the Department of Labor.

Scams and the international economy they have created are an immensely costly problem for Americans. Every day, an estimated 57,000 people in the U.S. fall victim to scams. These daily victims alone are enough to fill a Major League Baseball (MLB) stadium.

Beyond financial hardships, victims also experience extreme psychological damage.

Tragically, some victims have died by suicide as a result of such crimes. Sextortion, blackmailing using intimate images gained by pretending to be someone else through an online platform, claims adolescent lives each year. The FBI has reported that at least 30 teenage boys have died by suicide due to their victimhood in sextortion scams.

The financial and emotional toll of the scam economy has devastated victims across the U.S. and around the world. To stop this growing crisis, we must first understand how it began and why it continues to thrive.

Criminal Industrialization: How Scam Centers Operate

Origination

Many Americans’ perception of cyber scams derives from their low-tech origination alongside the internet decades ago. “Nigerian Princes” crafted poorly written mass email campaigns promising millions of dollars to entrusted strangers that were willing to pay urgent advanced fees. Victims felt ashamed; a feeling that continues to be the groundwork for scammers’ success. The U.S. Department of Justice (DOJ) estimates that only 15% of scam victims ever report the crime.

Unfortunately, scammers have evolved as quickly as the internet itself with the COVID-19 pandemic only supercharging digital scams evolution. During shutdowns, infrastructure from failing businesses like casinos were converted into scam centers. These operations thrive where governments fail–countries with widespread corruption, weak governance, and a lack of legitimate economic opportunity.

However, just like legitimate corporations, criminal groups leverage access to basic infrastructure like roads, office buildings, and internet. Because many scam centers are often located in rural areas in developing countries, internet is generally procured from satellite companies including regional providers and global providers like the American-based Starlink and Intelsat and the European-based Eutelsat.

In Southeast Asia, scam economies have prospered where traditional businesses have not. With their stolen earnings, criminal syndicates funded the construction of brand-new compounds in otherwise barren and impoverished regions.  In war-torn Myanmar, the Chinese mafia operates ruthless scam compounds in isolation from governance and with protection from armed rebel groups. In Cambodia, pervasive government corruption protects organized criminal syndicates like the Bamboo Mafia and their nefarious scam centers.

While business models and scam types differ, similar conditions protect and enable scam operations in West African countries such as Nigeria and Ghana (romance scams), India (tech support and phishing scams), and Russia (ransomware) among others.

Human Trafficking and Modern Slavery

Businesses require labor to operate and grow. While many Americans encounter labor in the form of paid employees or consenting volunteers, Southeast Asian criminal syndicates often scale their scam businesses through human trafficking and enslavement.

Human trafficking into scam centers is not a rare occurrence. The United States Institute of Peace (USIP) estimates that roughly “305,000 individuals are trapped in scam centers…” across Cambodia, Myanmar, and Laos alone. Scam-related human trafficking and enslavement is not exclusive to Southeast Asia. INTERPOL found that “evidence that the MO is being replicated in other regions such as West Africa, where cyber-enabled financial crime is already prevalent.” Victims originate from at least 66 countries across the world. 8

Matthew Friedman, CEO of the non-profit The Mekong Club designed to combat modern slavery, explains, “There are job recruiters for these syndicates that conduct seemingly official job interviews over Zoom.” While not interviewing for an authentic job, “recruiters are in fact interviewing individuals whose skills would best fit for their operations.” Ultimately, victims are driven or boated across borders, stripped of their personal belongings, and held against their will in scam centers.

In 2025, Amnesty International gathered information from 423 victims of Cambodian scam compounds. They gathered testimony of victims living in confined prison-like conditions where “almost all 53 scamming compounds identified…had physical and organizational security features” like cameras, barbed wire, electric fences, and guarded gates with security personnel that also perpetrated abuses.

Victims that refuse to participate in scamming activities or fail to meet daily quotas are subject to heinous crimes, including beatings, starvation, torture, and rape. Electric shock batons are used routinely. In one instance, a survivor reported to Amnesty International “having a plastic bag placed over his head before being threatened with a knife placed between his legs…” and threats of “gang-raping his wife, who was also being held at the compound.”

Roles

Like legitimate companies, scam centers have specialized roles. While some administrative jobs loosely mirror lawful occupations, other roles are alarmingly brutal. Alongside recruiters, human traffickers, torturers, and security, other roles include:

• Data Gatherers: Acquiring personally identifiable information (PII) like social security numbers, passports, email addresses, IP addresses, or health information. Information is purchased illegally via the dark web from other data breaches or phishing, acquired through public records and social media.

• Social Engineers: Each scam involves a different degree of emotional manipulation. Scammers specialize in manipulating victims into trusting them as legitimate–whether it be an email impersonating a bank to lure a victim into clicking on a malicious link, or slowly constructing a fictitious online relationship for financial exploitation. Some create transcripts and instructions for trafficked victims to recite during scam attempts.

• Money Mules: In these international criminal schemes, money mules receive and transfer stolen funds to launder money and hide its origin. These individuals are based across several borders, including many in the U.S. who use fake or stolen identities to open bank accounts, transfer money across, or convert funds into cryptocurrencies to evade detection.

Unfortunately, even rescues for enslaved victims in scam compounds factor into the industry’s profit model. LING LI, a modern slavery field researcher in Cambodia, assists in facilitating victim rescues. In one case, despite collecting evidence and submitting requisite documentation to Cambodian officials, perpetrators called the victim’s family and made them listen as the victim was beaten (for seeking help). “The criminals also provided a phone number to negotiate a ransom with the family. But this was not just any number. Criminals claimed it belonged to a “rescue team” and insisted they would only “work” with that team.” By hijacking even the rescue process itself, legitimate rescue organizations consider successful rescue missions nearly impossible.

Minimizing costs through slave labor, criminal syndicate kingpins also known as “scam bosses” receive an immense concentration of the stolen fortunes with corrupt government officials, enforcers, militia groups, and other operational managers receiving small shares.

The Slowest Gazelle: An American Problem

Of the largest developed national economies, the United States is the clear prey of choice for scammers. Li finds that over half of Cambodian scam center rescues report that the U.S. was their primary target for scams. These scam centers target Americans with a wide array of scams from pig butchering- online scams using fake personas to coerce victims into fraudulent investments- and romance scams to fake classes (e.g. how to become an influencer).

Governmental Ambiguity

While the U.S. is the world’s largest economy, it is also among the least prepared of its peer countries. Would you know which government agency to contact after falling victim to a scam? This murkiness exists due to the lack of a unified government body dedicated to combatting fraud. In its current state, there is no strategic coordination across government bodies. In fact, there is not even an established goal to curb scams.

While lacking established goals and structure, the United States efforts to fight scamming, still demonstrate powerful moments of justice. In early 2025, a Nigerian man was extradited for his role in the sextortion-induced suicide of South Carolina teen Gavin Guffey.14 In August 2025, the U.S. extradited high-ranking officials of an international criminal group from Ghana for romance scams that resulted in over $100 million in stolen money from Americans.15 Unfortunately, these cases represent a small fraction of cases of an estimated 57,000 Americans that are scammed daily.

The U.S. Government Accountability Office (GAO) states, “There is no government-wide estimate of the money lost to scams, no common definition of scams, and no national strategy for combatting them.” The GAO identified 13 separate federal agencies that have made some efforts to counter scams. These agencies are “largely pursuing independent activities related to countering scams…these efforts are not coordinated across all the agencies we identified on a formal, government-wide basis.”16 Scammers capitalize on U.S. government mandate overlaps, limited enforcement, and an overwhelmed consumer protection system.

Tech Regulation

Moreover, the U.S. opts for a particularly hands-off approach to regulating tech companies that resemble public transportation for scams.

While many of its peers have implemented legislation and enforcement mechanisms to hold social media platforms like Facebook accountable for scams perpetrated on their platforms, the U.S. largely relies on voluntary compliance and self-regulation by tech giants. For instance, the U.K. and E.U. enacted legislation like the Online Safety Bill and Digital Services Act that respectively require tech companies to monitor and remove scam content and implement safeguards against fraudulent activities.

New Tools: The New Evolution of Scams

While U.S. government agencies, financial institutions, and consumers try to keep pace against their criminal adversaries, scammers continue to evolve.

Cryptocurrency

Cryptocurrency has provided scammers with a borderless and nearly anonymous payment mechanism that makes detection much more difficult. Its decentralized nature enables rapid global transfers without traditional intermediaries. With increasing regularity, scammers are requesting their scam victims to send payments via cryptocurrency.

Unfortunately, this trend coincides with the growing ease of converting U.S. Dollars into cryptocurrency. There are nearly 31,000 crypto ATMs sitting in grocery stores, smoke shops, convenience stores, and gas stations across the country.17 Banks and card issuers are also increasing their involvement in cryptocurrency.

Notably, the largest U.S. card provider, Chase, announced their partnership with Coinbase to allow Chase’s 85 million consumers direct bank linking to crypto exchanges. Erin West, a former prosecutor of crypto criminals and founder of the scam awareness-raising non-profit Operation Shamrock, responds “Our consumers are not ready for this. We’re not onboarding the people …into the future of finance–we’re sending them into a minefield without a map.”

Artificial Intelligence

AI in unlocking previously unthinkable opportunities for automation. However, scammers are benefiting from these newfound enhancements as well- making scams even harder to detect.

While legitimate contact centers are taking advantage of AI voice modulation (accent modification) tools to help offshore agents communicate with American customers, these capabilities offer wonderful opportunities for international scammers to further disguise themselves on calls with potential victims.

AI assists scammers in creating seemingly authentic websites and emails that impersonate legitimate businesses. Scammers can aggregate massive databases of public information to automate personalized scam efforts, impersonating your real contacts and patroned businesses. In some cases, they can even imitate you from public images and videos to bypass authentication systems.

While still nascent, quantum computing and its immense processing power holds the potential to even more profoundly disrupt cybersecurity and fraud prevention.

Stopping the Madness: What We Can Do

Destigmatize Victims

As scams evolve, so must our daily conversations. Scam victims are not naïve; the scam economy did not exceed $1 trillion due to gullibility. Victims are targets of a ruthless and sophisticated criminal network specifically designed to steal their money.

When scam victims can openly discuss their experiences, families and friends learn what to avoid and our financial institutions and government agencies can more accurately understand the scale of the issue. Open dialogue can only occur when social shame is eliminated.

Spread Awareness

If you were unaware of the wickedness and global scale of the scam economy, your family and friends are likely not aware either. Whether outraged by financial losses, scam victim suicides, or the massive global scale of human trafficking and modern slavery, shared awareness is required to douse the vile flames of the scam economy.

As one of the world’s most underreported, pressing, and insidious crises, Americans must decide that the scam economy is worth the attention of our friends, family, colleagues, and elected officials.

Advocate for Policy

The scam crisis merits enacting an Executive Order that acknowledges the severity of the problem, designating a government body to lead implementation, and coordinating across agencies for education, research, legislation, investigation, and prosecution.

Americans can also advocate for accountability from U.S. satellite companies that provide documented scam centers with internet access, search engines that neglect to assess and remove dangerous websites, and social media companies that allow scammers to operate on their platforms.

Change will not occur without action. If you want to contribute to the end of the scam economy, one of the most impactful actions is sharing your concerns with your Representative.

Become a Human Crime Specialist

One of the most impactful steps you can take is to become a Human Crime Specialist (HCS). This program equips you with the expertise to understand and disrupt the global machinery behind scams, human trafficking, and exploitation. By joining, you help build the coordinated response that governments and industries have yet to create, standing on the front lines of protecting people and economies from one of the most insidious criminal enterprises of our time. The next cohort launches April 2026. Enroll now at HCSProgram.com.

The post International Scam-onomics: How Scammers Target You, Enslave Others, and Operate a $1 Trillion Global Business appeared first on About Fraud.

Q3 has wrapped up! It’s time for our quarterly investment update. Explore the latest funding rounds and acquisitions in the world of fraud and risk mitigation!

Funding

Descope

Descope has announced the extension and closing of its seed round with an additional US $35 million in new funding, bringing its total funding to US $88 million.
The round was offered to existing investors including Notable Capital, Lightspeed Venture Partners, Dell Technologies Capital, Unusual Ventures, Cerca Partners and Triventures.
In addition, Descope announced the formation of a new advisory board, which includes executives from major customer and partner organizations such as GoFundMe, Databricks, GoodRx, and MongoDB.

Seon

SEON, a fraud-prevention and AML compliance platform based in Austin, Texas and Budapest, Hungary, has raised US$80 million in a Series C funding round led by Sixth Street Growth, with participation from existing backers including IVP, Creandum and Firebolt, plus new investor Hearst Ventures.
The company uses a unified API-driven platform combining fraud detection and AML workflows, powered by 900+ real-time data signals, to serve thousands of customers including major digital brands such as Revolut, Plaid, Nubank, Afterpay and Spotify.

Feedzai

Feedzai secured $75 million in fresh funding, which has propelled its valuation to over US $2 billion. The company, which focuses on AI-driven financial crime prevention (fraud, AML, etc.), also announced a key role with the European Central Bank (ECB) for providing fraud detection for the digital euro. This milestone underscores the growing investor confidence in fintech/RegTech firms that leverage AI for highly regulated, high-stakes environments.

IVIX

The New York-based startup IVIX, which uses artificial intelligence to help governments and law-enforcement agencies detect complex financial crimes, has raised US $60 million in a Series B funding round. The round was led by O.G. Venture Partners, with participation from investors including Insight Partners, Citi Ventures, Team8, Disruptive AI, Cardumen Capital and Cerca Partners. With this investment the company’s total funding since founding in 2020 rises to about US $85 million. IVIX says its software leverages large-language models, graph-analytics and publicly-available data to uncover illicit offshore assets, layered money-laundering schemes, cryptocurrency networks and other forms of financial fraud that are challenging for traditional investigative methods.

1Kosmos

1Kosmos, a digital identity and passwordless authentication platform, has raised US $57 million in a Series B funding round led by Forgepoint Capital and Oquirrh Ventures, with participation from NextEra Energy Ventures, Gula Tech Adventures, and others, bringing its total funding to over US $72 million. The company will use the capital to accelerate global expansion across North America, EMEA, and APAC; enhance integrations with IAM, CIAM, PAM, and zero-trust platforms; and advance its AI-driven identity verification, biometric authentication, and blockchain-based identity proofing technologies. Positioned as a leader in “identity-first security,” 1Kosmos aims to help enterprises combat fraud, impersonation, and account takeover by combining verified digital identities with secure, frictionless authentication.

Adaptive

Adaptive Security announced a US $43 million Series A funding round, co-led by Andreessen Horowitz (a16z) and the OpenAI Startup Fund (marking OpenAI’s first investment in a cybersecurity company). The startup specialises in protecting organisations from AI-driven social engineering attacks — including deepfakes, vishing and smishing — by using AI-powered simulations, real-time risk scoring and tailored training. The fresh capital will be used to scale R&D, expand its engineering team, and evolve its platform ahead of increasingly sophisticated AI-powered threats.

Workfusion

WorkFusion has raised US $45 million in a funding round led by Georgian, with participation from investors including Serengeti Asset Management, Nokia Growth Partners, and others. The company, which pivoted in 2022 to focus on “agentic AI” specifically for financial crime compliance (AML, KYC, sanctions screening, transaction monitoring), says its AI Agents are deployed at 10 of the top 20 global banks and process over 1 million alert-hits daily; the new funding will support scaling these tools, expanding market reach and accelerating development for the roughly US $155 billion compliance operations market.

Casap

Casap has secured US$25 million in a Series A funding round led by Emergence Capital, with participation from Lightspeed Venture Partners, Primary Ventures, and the fintech arm of SoFi, bringing its total funding to about US$33.5 million. Casap aims to transform the payments-disputes process and tackle first-party fraud by using AI to automate the lifecycle of disputes—from intake through chargeback filing—delivering faster resolutions, cutting fraud losses by more than half, and improving the customer experience.

Vouched

Vouched has raised US $17 million in a Series A funding round led by Spring Rock Ventures. The investment will fuel the expansion of its “Know Your Agent” (KYA) platform, aimed at verifying and continuously monitoring both human and AI-agent identities, supporting open frameworks like the Model Context Protocol (MCP). Vouched positions the funding as an opportunity to scale globally, deepen product development, and set new standards of trust and compliance in environments where autonomous agents are increasingly active.

Contactable

Contactable, a South African digital identity and eKYC platform founded in 2012, has raised US $13.5 million in funding to scale its onboarding, identity verification, fraud-prevention and compliance solutions across Africa. The round was led by Venture Capitalworks, with participation from co-investors including Fireball Capital, Ke Nako Capital and Mavovo. The funding will support expansion into new African markets and fuel product development in areas such as ultimate beneficial ownership (UBO) verification, AI-powered risk signalling, self-sovereign identity (SSI) models and payments integration.

Yal.ai

YAL.ai, a UAE-based startup focused on secure digital communication, has raised $12 million to advance its mission of making scam-free online interactions the global standard. Founded in response to the rise of digital scams and impersonation threats, the company has developed an on-device AI platform that proactively detects and blocks fraud attempts before they reach users—without storing data externally. Positioned as more than just a fraud detector, YAL.ai aims to rebuild digital trust by offering privacy-first, real-time protection that prevents scams before they happen and empowers safer, more authentic online conversations.

CAF

CAF, a Brazilian startup specializing in digital identity and anti-fraud intelligence, has secured an investment of R$ 50 million in a funding round led by L4 Venture Builder (a fund backed by B3). The funding will support CAF’s growth strategy in Brazil and across Latin America, including the development of new AI-powered fraud-detection tools like “Deepfake Detector”, “Image Similarity Check” and “VerifAI Docs”. This marks L4’s first published investment in 2025, reinforcing its security-technology thesis and expanding its portfolio into digital-onboarding security.

Revel8

Revel8, a Berlin-based cybersecurity startup founded in 2024 that builds an AI-native platform to simulate deepfakes, phishing, vishing, and multi-channel attacks for enterprise employee training, has raised a €5.7 million seed funding round (bringing the company’s total funding to €7 million) led by Peak with participation from Fortino Capital, Merantix Capital and several business-angels.
The new capital will be used to expand its product development, scale its enterprise features, grow internationally, and help organizations build resilience in the face of increasingly sophisticated AI-powered social engineering attacks.

Acquisition

Incode

Incode has acquired AuthenticID, uniting two major players in digital identity verification to create what they call a global AI-first identity leader. The merger combines Incode’s advanced AI technologies—such as real-time personhood verification, deepfake detection, and multimodal fraud analysis—with AuthenticID’s strong enterprise implementation expertise in regulated industries. Together, they aim to strengthen defenses against emerging threats like synthetic identities, AI-powered fraud, and deepfakes, while expanding their global trust network to better distinguish genuine users from bots. The companies collectively processed over 4.1 billion identity checks in 2024 and serve most of the top U.S. banks, positioning them to capitalize on the identity verification market projected to reach $116 billion by 2027. The acquisition underscores growing demand for secure, scalable identity infrastructure in an era of increasingly sophisticated digital fraud.

The post Funding Investment, Acquisitions & IPO’s – Q3 2025 appeared first on About Fraud.

Social manipulation now drives the majority of fraud losses globally. In 2024, Europe saw a 156% increase in cases, while the U.S. recorded its highest-ever annual fraud losses. Today, scams account for more than 70% of total fraud losses globally.

The common thread? These scams don’t bypass security systems; they bypass people. In cases like authorized push payment (APP) scams, it’s the banking customer who initiates the payment, authorizes it, and often insists on completing it. The fraud works not because the system fails, but because the person is convinced they’re doing the right thing.

Why Education Alone Isn’t Enough

Banks have invested heavily in customer education. That’s important, but it has limits.

That’s because scams don’t just misinform. They override judgment. In the middle of a scam, fear, urgency, and trust are all being manipulated. Few people will recall a static awareness campaign under that kind of pressure.

KPMG’s Global Banking Scam Survey reflected this frustration. Many fraud professionals are skeptical about whether traditional awareness campaigns actually help when it matters. The conclusion is clear: the missing piece is timing. 

The Importance of Timing 

If education comes too early, it’s forgotten. If it comes too late, the damage is done. The critical moment is during the scam attempt—when the individual is unsure, hesitating, or looking for validation.Intervention needs to happen while the scam is still unfolding. Not with a delay, and not from a disconnected channel, but from within the banking environment itself, right as the customer is hesitating, second-guessing, or uncertain.

That’s the point of maximum impact. And in most fraud stacks, it’s still a blind spot.

Scam Expert Inside the Banking App

At ThreatMark, we’ve been exploring how to bring real-time decision support closer to the customer. One outcome of that work is ScamFlag, a tool embedded inside the digital banking app that helps users assess suspicious messages in real-time.

When something feels off, users can upload a screenshot, whether it’s an SMS, WhatsApp message, email, or web link. ScamFlag uses fraud-trained AI to assess content instantly, detecting signs of phishing, impersonation, urgency manipulation, or fake payment instructions.

The result is a straightforward verdict, with a plain-language explanation of why.

This doesn’t just protect. It informs, in context. It transforms a high-risk moment into a learning opportunity.

Supporting Banks as Well as Customers

This intervention doesn’t just benefit the user. For banks, it addresses several blind spots in today’s fraud operations:

• Underreported scams: ScamFlag surfaces threats that never result in a claim but still indicate risk
• Workload reduction: It allows users to self-assess and avoid unnecessary contact center interactions
• Scam intelligence: It feeds frontline insights into how fraudsters are adapting their tactics
• Reimbursement clarity: Each event is timestamped and logged, supporting fair and fast decisions
• Improved customer trust and fewer escalations

The Critical Step in Scam Defense

There’s a behavioral component worth noting. Research into automation bias shows that users sometimes respond more seriously to a warning from a trusted system than they would to a person, even a bank employee. The reason is simple: it feels neutral. 

Behavioral detection will always be a cornerstone of scam prevention. But once a customer is convinced, it’s not always enough. Helping them recognize manipulation in the moment—and giving them a reason to stop—requires a different approach.

ScamFlag doesn’t replace education or detection. It fills the gap between the two.

For banks, that means fewer losses, better visibility, and greater trust. For customers, it means one more chance to avoid becoming a victim.

Learn how ScamFlag supports smarter scam prevention at https://www.threatmark.com/scamflag/ 

The post How Banks Can Empower Customers to Fight Back Against Fraudsters appeared first on About Fraud.

We’ll start by answering these simple questions:

• Is your existing fraud management program a fragmented mess?
• Is your head on fire because of escalating fraud rates and losses?
• Are you at risk of losing your payment partners and processors?
• Are you facing the challenge of dealing with fraud for a new or existing product?
• Have you just joined a new organization in a role that must improve or implement a fraud management program in place?
• Are you looking to buy or build a new fraud management solution?

If the answer to any of the above questions is yes, then this article is for you.

Building and running an Enterprise Fraud Management program is not an easy task. Unfortunately, it takes a lot of time and effort. There are also a great many ways to get wrong. 

Here is my 8 step guide, distilled by personal experience over the last 19 years, where my journey in the world of fraud prevention began…

My step-by-step guide on ‘how to build an EFM program  from scratch’

Each of the 8 steps should be treated as an area that has to be carefully reviewed, studied and understood. Try not to take shortcuts or rely on someone else’s conclusions and analysis, your view is imperative to the success.

1. Study in detail  how your product works – whether you are a new joiner to the organization or have been there forever, or you are about to launch a brand new product or work on a legacy one that is your ‘must do’, starting exercise. You have to make sure you are 100% clear that the financial product you are about to solve fraud for works. 

Ask yourself:

1. Is it an account based, stored value product or not?
2. How are user accounts, of any type and nature, created?
3. What are all financial flows in, out, p2p, etc. I.e. How does money move, no matter fiat, crypto, APMs?
4. Who are your payment partners? 
5. What is their risk appetite and how important is your business to them?
6. What, if any, are the product level controls that are available – limits, velocities, any internal product level switch that may exist – make sure you find and understand how it works?

Important Point: Banking, payment and liquidity partners and providers are the lifeblood of any payments or fintech business. Safeguarding and managing these relationships is of paramount importance.

What can go wrong? Jumping into assessment, design or solution mode without deep understanding of your organization’s product is usually a recipe for disaster. Do not approach this with the ’been there, done that’ attitude, even if it is all the same on the surface. This is especially true if you are switching roles in the same industry niche.

Expert Tip: Don’t underestimate the importance of product level controls. These will be your safety net, when that century storm comes. Not all fraud problems should be solved with external solutions.

2. Identify your exposure angles and risks – Identify and list all risks and elements of your exposure, look beyond the surface of just fraud losses.

Take a look at the following:

1. Start with fraud loses ( make sure you capture fraud related fees too!)
2. Look at lost revenue due to your fraud prevention effort
3. Look at the overall cost of fraud – people, tech, customer tickets – it is a very broad plethora of items that must be factored in here.
4. Partnerships with banking and payment vendors – these are critical. What happens if you lose one or more?
5. Have you considered reputational damage in the cost?
6. Of course – regulators and ombudsman should be kept happy too.

Important Point: Try to capture all risks and areas where things can go wrong that will damage your business when these occur. Fraud losses are just the tip of the iceberg.

What can go wrong? Focus only on the tip of the iceberg and neglect some equally if not more important risks, that may not be as immediate as financial losses.

Expert Tip: Even if you are in a low risk environment, don’t completely drop some risks that may seem far fetched. Just make sure, these are accurately assessed.

3. Assess risks – yeah, that is not the most exciting thing to do but it is yet another must have. Try to grade the likelihood and impact of all risks that you have identified. Not all risks will be easily measurable and for some you wont be able to produce an entirely informed figure for the financial impact. 

Regardless of this, when doing a risk assessment you should always apply common sense and align expected impacts to the size of your organization and your growth plans. Risk assessment is just the start, periodical update of these is also necessary and that is not just for audit purposes… Risk assessments are something you should communicate with all of your internal stakeholders, not to demonstrate how much work your function has done but to educate them about the anti-fraud measures that are being applied and the scale of the problems you are combating.

Important Point: Don’t get into paralysis through analysis. You should pick a certain risk assessment framework that you will follow but don’t do so blindly. So risk assessment aspects will require adaptation.

What can go wrong: Neglecting or exaggerating the impact of certain risks just to draw attention to the problem is never a good strategy. Sooner or later this will put the quality and integrity of your risk assessments under doubt.

Expert Tip: A good risk assessment should be easy to understand from any internal stakeholder. Don’t overcomplicate the RAs, these are your tools for internal education and fostering cooperation, as fraud prevention is a complex process that requires a team effort too.

4. Determine what fraud looks like and what are you missing – you should take this literally and not ;). Now that you are proficient in how your organization’s product works, all risks are identified,  and assessed, it is time to understand what fraud looks like and measure it.

You should do the following:

1. Make sure you capture and study as many as possible of the fraud patterns that you are experiencing. 
2. Don’t just look at aggregate numbers, charts and reports. Look at fraud cases, fraud accounts, fraud reports, look at your transactions, sign-ins, sign-ups. Fully understanding a pattern can be only done this way. A fraud pattern usually has many aspects and tell-tell signs. No AI will do the work for here.
3. Make sure your fraud reporting is accurate.
4. Try to forecast fraud performance for upcoming months, so you don’t get surprised and end up in a constant fire fighting mode.
5. Work closely with functions like finance and reconciliation to constantly double check your numbers.
6. Ensure monitoring for fraud alerts, chargebacks, notifications, anything that speaks of fraud, is under close monitoring – DAILY!
7. Always look at your full cost of fraud.

Important Point: Scrutinize closely your reporting of fraud figures, KPIs and metrics. It must be accurate.

What can go wrong? When setting up a new product, payment rail, banking partner, etc. do not forget to connect the dots on fraud and complaints reporting. Follow up on any missing reports or data feeds.

Expert Tip: Reports on fraud metrics and some KPIs should be shared internally to qualified audiences. Being transparent helps cooperation and build trust. Being a black box of a fraud organization does the opposite. That’s from where the term – Business prevention department comes from.

5. Evaluate objectively your resources, experience and capacity – here is one that may fall victim of simple human subjectivity and ego. Before you put together your roadmap for the implementation of EFM program your organization needs, ask yourself the following questions:

1. Do we have the necessary knowledge and experience to tackle not just the existing fraud problems but also the future ones?
2. Is the inhouse human resource sufficient? Are we experts or just venturing into this field?
3. How much investment is needed? Over how long?
4. What level of investment will be justified? In fraud prevention you should always have a proper business case. 

Important Point: There is no shame in looking for external support and advice. FInding the right source for that is a whole different conversation.

What can go wrong? Skipping this consideration and jumping into solution mode with a ‘ we know it all ‘ attitude.

Expert Tip: Don’t just build a fraud organization for the sake of empire building. An efficient EFM and fraud prevention organization is one that enables the business to reach its objectives and has a positive ROI. Fraud prevention is not AML compliance.

6. Develop a roadmap to mitigate risks – in simple terms: you must have a robust plan. Even if you are in a house on fire situation, a good plan is the key to success. This is even more true if you start from scratch – a new product launch, or fraud vendor replacement and-or implementation. 

You should consider the following:

1. Develop a roadmap that is informed by your risk assessments.
2. Prioritize based on impact and likelihood.
3. Work closely with tech and product stakeholders – you will need them for almost anything.
4. Try to stay ahead of new product launches and features, perform timely risk assessment and share it with the business. 
5. Avoid building products and features that are not core for your organization. This on its own is a lengthy and complex conversation.
6. Architect a multilayered setup that combines product level controls and external transaction monitoring solutions and vendors.

Important Point: When it comes to implementing third party solutions, a lot of the future success depends on the implementation stage. Don’t cut corners even if under pressure for resources and time.

What can go wrong? Shift in organisations priorities often slashes fraud related projects, especially in BAU circumstances. If third party solution integrators are involved, expect delays due to their own prioritization and resourcing.

Expert Tip: Often, during the selection process of external vendors and solutions, a lot of their shortcomings and deficiencies are hidden by their sales teams during the deal process. Most of these start to surface during implementation, so be quick to address that.

7. Implement in a phased approach – even with a planned roadmap, informed by careful risk assessment and prioritization, you should not tackle multiple fraud use cases simultaneously. This only increases the risk of non completion due to priorities shift. Engaging with multiple back end teams is not an easy task for any fraud team. Taking small but frequent steps allows you to evaluate more frequently what has been achieved and if the commissioned external solutions are living up to their product expectations. This approach also shortens the time to results and ROI, that you will be under pressure to deliver.

The best approach:

1. Define clear success criteria for each item on your roadmap for EFM deployment.
2. try to incorporate convenience clauses with external vendors that can give you leverage in a situation of underperformance.
3. Are there any more to fit with the length of the others?

Important Point: This approach might not be always applicable, especially if you are in a high fraud situation. 

What can go wrong? Reducing scope under pressure by tech and back end teams. Don’t take ‘No’ for an answer. Back end teams will often have their own view about how the implementation of an external vendor should be done. Rather frequently they will try to descope certain data elements just because these require some development effort for internal collection. Working with a qualified product manager or having it in your fraud team, will make a difference.

Expert Tip: Do not underestimate the importance of getting the buy from your technical teams. Sharing what is the problem you are trying to solve, how important it is to your company and its success will help you get that tech buy in.

8. Operate, measure, improve – fraud never sleeps or falls behind, so should you too. Any change in your product’s features and offering will be exploited. Whether your team will be prepared for this depends on selling your risk assessment to the business. This is the harsh reality. Oftentimes the decision of the business will be to do nothing and accept the cost. 

Also often this is not a long term solution as when fraud is left untreated, it will escalate. Don’t get too comfortable with your metrics and KPIs being all in the green zone for some time, there is always an incident waiting to happen. It is not a matter of IF but of WHEN. Keep your running shoes handy and exercise regularly :).

Important Point: Breaches of your own infrastructure, vendor downtimes and internal fraud are some of the incidents you can not predict in terms of WHEN. Regardless of that, plan for handling these emergencies – start with basic plans on who does what and look into having internal safety net, product level controls. 

What can go wrong? Anything. From the most mundane issues like missing fraud reports to major incidents. So running a fraud team is a 24/7 job, like it or not.

Expert Tip: Fraud teams have a central role in almost any organization. This really increases the number of your internal stakeholders – customer service, product, tech, reconciliation, finance, compliance and more. Keep an open door policy, this will make your life much easier.

Building a Strong EFM Program Takes Vision and Grit

Building an Enterprise Fraud Management (EFM) program isn’t about tools or quick fixes — it’s about strategy, precision, and relentless execution.

Here’s what truly matters:

• Know your product inside out. You can’t stop what you don’t understand.
  
• Uncover every risk. Fraud losses are only the beginning.
  
• Trust your data. Inaccurate reporting kills good decisions.
  
• Be realistic about your capabilities. Get expert help when needed.
  
• Plan smart, act in phases. Small, steady wins build strong defenses.
  
• Stay alert. Fraud never rests — neither can you.
  

The best EFM programs balance prevention with customer experience, control with agility, and tech with human intuition.

If you’re ready to turn that mission into a competitive advantage, partner with NOTO – 360 Fraud and Compliance — we help organizations worldwide build scalable, data-driven fraud defenses that last.

The post How do you build an EFM program? appeared first on About Fraud.

Q4 has wrapped up! It’s time for our quarterly investment update. Explore the latest funding rounds and acquisitions in the world of fraud and risk mitigation!

Funding

Feedzai

$75M Funding Feedzai has secured a $75 million investment, boosting its valuation to over $2 billion. The round included participation from Lince Capital, Iberis Capital, and Explorer Investments, alongside existing backers. The company specializes in using AI to combat financial crime and plans to use the capital to expand its market reach and further develop its fraud prevention technology.

Doppel

$70M Series C Doppel has raised $70 million in a Series C funding round led by Bessemer Venture Partners, valuing the company at over $600 million. New investors include CrowdStrike CEO George Kurtz and NTT DOCOMO Ventures. The startup focuses on AI-native social engineering defense to protect organizations from impersonation and phishing attacks.

TMT ID

€34M Investment TMT ID, a mobile data and identity intelligence company, has received a €34 million investment from BGF. This funding will support the company’s international expansion and product development. TMT ID uses mobile insights to verify user identities and prevent fraud, aiming to bolster digital trust for its global client base.

Chargeflow

$35M Series A Chargeflow has successfully raised $35 million in a Series A round led by Viola Growth. The company automates chargeback management and combats friendly fraud for e-commerce merchants. The funds will be used to scale its AI-driven platform and launch new tools for post-purchase protection.

Imper.ai

$28M Funding Imper.ai has launched with $28 million in funding co-led by Redpoint Ventures and Battery Ventures. The startup provides real-time protection against AI-powered impersonation attacks, including deepfakes and voice clones. Its agentless platform integrates with tools like Zoom and Slack to verify identities during digital interactions.

Resistant AI

$25M Series B Resistant AI has secured $25 million in Series B funding led by DTCP, with participation from GV and others. The company develops AI models to detect document fraud and money laundering, specifically targeting threats from generative AI. The investment will accelerate its expansion into new markets and enhance its threat intelligence capabilities.

AiPrise

$12.5M Series A AiPrise has raised $12.5 million in a Series A round led by Headline to streamline global compliance. The company offers a platform that orchestrates Know Your Customer (KYC) and Know Your Business (KYB) processes across over 150 countries. The funding will enable AiPrise to expand its team and enhance its automated fraud detection solutions.

Condukt

$10M Seed Condukt has emerged from stealth with $10 million in seed funding led by Lightspeed Venture Partners and MMC Ventures. The startup focuses on “Know Your Business” (KYB) compliance, offering real-time data monitoring to help financial institutions manage risk. The capital will support its product development and commercial expansion.

Falkin

$2M Pre-Seed Falkin has raised $2 million in pre-seed funding led by TriplePoint Ventures. The London-based startup uses AI to detect and prevent scams in real-time before payments are made, integrating directly into banking apps. The funds will be used for hiring and further product development to protect consumers from sophisticated fraud.

ThreatFabric

Strategic Investment OneSpan has made a strategic investment in ThreatFabric, a provider of mobile threat intelligence and fraud detection. While the specific amount wasn’t disclosed, the partnership aims to integrate ThreatFabric’s malware defense capabilities with OneSpan’s security solutions. This move strengthens their joint ability to combat authorized push payment fraud and other digital threats.

Acquisition

NoFraud

NoFraud has acquired Yofi.ai to combat the growing issue of return fraud, which costs retailers over $100 billion annually. By integrating Yofi’s policy abuse detection capabilities, NoFraud expands its platform to cover the entire customer journey. The move targets complex threats like promo abuse, reseller schemes, and wardrobing. This unification aims to protect merchant margins while preserving a seamless shopping experience for legitimate customers.

Themis

Themis has acquired Pasabi, an Edinburgh-based fraud monitoring firm, to strengthen its fight against financial crime. The deal integrates Pasabi’s “agentic AI” technology, which detects fake accounts, scams, and counterfeit goods, into Themis’s existing compliance ecosystem. This strategic move accelerates Themis’s product roadmap, allowing it to offer real-time behavioral analytics and social media monitoring. The combined entity aims to provide a more holistic defense against sophisticated financial threats

Ping Identity

Ping Identity has completed the acquisition of Keyless to advance its privacy-preserving biometric authentication capabilities. Keyless’s “Zero-Knowledge Biometrics” technology allows for secure, device-independent verification without storing sensitive user data. The integration enhances Ping’s platform by offering protection against deepfakes and account takeovers while eliminating the need for passwords. This move supports global adoption of secure, frictionless identity management for enterprises.

The post Funding Investment, Acquisitions & IPO’s – Q4 2025 appeared first on About Fraud.

Our teller started asking follow-up questions. What kind of work was the contractor doing? What’s the contractor’s name? The member became evasive, then defensive. The teller called our fraud team. We asked more questions. The member grew more defensive, so we told her directly: We think you’re getting scammed, and we can’t let you make this withdrawal.

She left and returned the next day, this time claiming she was buying a vehicle. Our team recognized her from the day before and asked for details, but she wouldn’t share them.

She came back a third time and told us the truth: Someone claiming to be from PayPal had contacted her about a supposed refund. They made it look like they’d deposited $30,000 by mistake and asked her to refund it, but told her she couldn’t tell her financial institution, or she’d get in trouble.

Those were uncomfortable conversations, but they ultimately protected the member from a $30,000 fraud loss. When we helped her navigate the scenario, she went from defensive to grateful.

How fraud has evolved

Fraud is no longer just Nigerian prince emails or requests for a few thousand dollars. We’re seeing pig butchering scams where fraudsters spend weeks or months building relationships with victims. They’re convincing people to move six-figure sums into cryptocurrency, at which point the money is nearly impossible to recover.

We’re also seeing an uptick in tech support scams, where fraudsters convince victims they’re there to help and gain remote access to devices. And this isn’t just an issue for older members. It’s everyone. Fraudsters are getting more and more savvy in making themselves appear legitimate and using the channels younger generations are used to using.

That’s why we recently held our second annual Fight Fraud with PSECU Seminar at our headquarters in Harrisburg. More than 150 people attended in person or virtually, and members asked questions, engaged with our fraud prevention team and partners from AARP and USPIS, and shared their own stories.

We’re passionate about member education, and feedback from the event confirmed that members want this information. But the real defense happens in daily interactions when someone pauses and asks the right questions.

How we actually stop fraud

At PSECU, everyone is trained to spot fraud — call center representatives, loan underwriters, and branch tellers. They learn the red flags. They know which questions to ask. They understand that a defensive reaction or evasive answers can signal that something’s wrong.

There’s always a risk that a member feels interrogated when they have a legitimate reason for a transaction. But the alternative — letting someone send $30,000 to a fraudster — is worse.

We also invest in monitoring tools on the back end. We watch for unusual patterns. If something doesn’t look right, we reach out. Most people appreciate knowing we’re paying attention and looking out for them.

The challenge is that fraud prevention success is often invisible. We spend our time and resources on victims — helping them recover losses, filing reports, and dealing with the aftermath. But what about all the times a member called us first to verify something that sounded suspicious? What about the times our monitoring caught something before money moved? Those are wins.

One member called us after receiving a spoofed call that appeared to be from PSECU. She told us: “I didn’t give out any information because I remembered seeing something on your website about these types of calls.” That kind of feedback reminds us that education is working, even if we can’t measure its full impact.

Fighting fraud together

One of the most valuable parts of my role is the information sharing that happens across the financial services industry. We’re not competitors when it comes to fraud prevention. When one institution sees a new scam tactic emerge, leadership shares the learnings. A month later, when that same tactic shows up with our members, we’re prepared.

Fraudsters are organized and collaborative. They run call centers. They share scripts. They test tactics and refine what works. Financial institutions need to be equally collaborative.

At PSECU, our goal is to provide lifelong value to our members. That means being there when they have questions, even if those questions sound unusual. It means training our staff to recognize when something doesn’t look right. And it means being part of an industry that works together to stay ahead of people who are constantly finding new ways to exploit trust.

If you’re ever unsure about a phone call, an email, a text message, or someone asking you to move money quickly, reach out to your financial institution. The best defense is asking questions before you act. Check out our fraud prevention page for more tips on safeguarding your accounts.

The post How PSECU Trains Every Employee to Stop Fraud Before It Happens appeared first on About Fraud.

In the last decade, consortium data has become the cornerstone of financial crime prevention. Large high-quality datasets are now essential for our industry to confront and stem the $3.1 trillion scourge of illicit activity threatening the global financial system. Information is fundamental to ensuring confidence, continuity, and resilience in the face of this ever-evolving threat.  

Nasdaq Verafin has led this transformation since launching our cloud platform in 2012 — spearheading consortium data with a network that has grown to more than 2700 financial institutions and 800 million counterparties strong. Tim Light, Principal Data Scientist at Nasdaq Verafin, joined us recently to share his insights from a decade of experience fueling this innovation that changed financial crime management forever. 

Manifesting Consortium Clarity

Scaling across continents, borders and leading banks, Nasdaq Verafin’s consortium is on an impressive growth journey. But behind the scenes, our cutting-edge processes normalize and harmonize vast volumes of disparate data, turning immense quantities of raw inputs into quality, structured, analytic-ready intelligence. This rigor sets Nasdaq Verafin apart in the industry, and Tim sees it as critical to driving valuable outputs and alerts for our customers. 

“Data quality is paramount. Poor entity resolution or weak labeling strategies can turn valuable information into noise. As the amount of data grows, flaws in architecture or data quality become increasingly evident in the performance of analytics. We excel at our ability to separate out meaningful signals and ensuring our architecture supports high-quality, actionable insights.” 

This leadership mindset is what positions Nasdaq Verafin for success. In an era defined by consortium data, leading the industry means responsible development and stewardship — with a strong emphasis on privacy, security, and innovation. 

As Tim explained, “extracting insights is important, and so is pushing boundaries to uncover deeper, more complex patterns — without sacrificing explainability. Our customers trust us to maintain data privacy and security. They also look to us for innovation and agility. We must enable financial institutions to use our technologies and the new capabilities that come with them while maintaining transparency and accountability, both for them and for regulators.”

A New Lens on Risk

As criminals have evolved, the efficacy of spreadsheets and isolated datasets in the fight against financial crime has weakened. Complex networks of money mules, cross-border payments fraud, surging AI-enabled scams and brazen cooperation between bad actors are now commonplace. Insights from a vast consortium network have the power to expose these distributed crimes to investigators.  

For Tim, seeing was believing. “I remember working to detect crime rings. These are groups of the most heinous people you can imagine actively evading detection. The first time we used our consortium to look at that problem holistically, I was awestruck — we’d see the same entity appear in alerts across different institutions. The siloes were gone, all the data points needed to catch them were right there. That’s the power that consortium technology brings to the table.” 

This strength in numbers has become a driving force for innovation at Nasdaq Verafin. From improving analytic performance, to fueling artificial intelligence and providing an unparalleled view of financial crime, consortium data is inherent in what we do. It’s an irrefutable advantage for financial institutions that Tim says is here to stay. “That’s the value of consortium data — a holistic view of risk. It’s that lens which will be table stakes for financial crime management very soon — if not already. The benefits of analyzing big data to investigations and analytic performance are genuinely massive.

Leading the Shift: AI and Consortium Data

AI and consortium data are rapidly converging, reshaping how financial networks are understood and protected. As data quality and labeling improve, analysis is shifting from isolated transactions to a broader, interconnected view of financial activity. That’s where Tim sees a step change in motion. 

“Today, we already visualize account behavior and embedding AI unlocks deeper, more predictive insights. We’re taking that further by having alerts and insights originate from the network itself, proactively identifying risk before it manifests.” 

This evolution is seeing investigations start from the consortium context, with alerts generating pre-emptively based on a network-level view of risk, rather than reactively based solely on transaction triggers. And at Nasdaq Verafin it’s already underway, driving a proactive approach to money mule detection. 

“Using our consortium, we can see that outgoing payments intended for an account were rejected by the sending institution. Based on that, we can prevent that account from receiving future fraudulent transactions, even before funds arrive,” said Tim. “The industry should expect a lot more of this in the next 5 years, if not sooner. It’s a shift toward truly proactive financial crime management, powered by the strength of AI and consortium data.” 

A Bold Future for Financial Crime Management 

What’s next for the consortium? Tim has some bold predictions. By 2030, perhaps even sooner, Tim expects that alerts originating from the network will drive more fraud prevention than transaction monitoring. What’s more, these alerts will be more accurate than transaction monitoring alone. This network view will drive most fraud investigations and allow financial institutions to understand every entity’s risk of fraud across the entire industry — far beyond what they can see within their own institution.

Tim also envisions a near future where AI is used to run network-level simulations of transaction activity, revealing how fraud might evolve next. “These simulations will predict when and where fraud might happen and help us get ahead of emerging threats and typologies we haven’t seen before,” he explained. They could also be used as a source of training data, allowing analytics to be strengthened against new scams without real fraud events occurring. The result? Financial institutions fighting fraud before it ever happens.

Embracing the Consortium Data Advantage

As financial crime continues to evolve, the industry’s ability to collaborate through consortium data stands as a defining advantage. The journey ahead promises not only deeper insights and proactive risk detection, but also a shift toward investigations that originate from the broader financial ecosystem — empowering institutions to prevent crime before it occurs. By embracing innovation, transparency, and a commitment to data stewardship, Nasdaq Verafin is paving the way for a more resilient financial system. 

For more insights from Tim Light, watch our recent webinar Advanced AI and Consortium Technologies: Innovating to Outpace Financial Crime.

The post The Power of the Consortium in Financial Crime Management appeared first on About Fraud.

The days when fraud revealed itself through noisy spikes and easily recognized breaches are receding. Today’s fraud landscape is defined by interactions that look “normal,” that blend into the fabric of commerce and engagement, and that do not announce themselves through outliers alone. Synthetic consumers are an archetype of this subtlety: identities composed of real, fabricated, or recycled data that persist across time and context. They behave in ways that fundamentally challenge the assumptions underpinning conventional fraud systems.

Consider the scale. Synthetic identities now account for a substantial share of fraud cases, with one industry analysis noting that up to 80% of new account fraud originates from synthetic profiles, and that these personas are involved in roughly 21% of first-party fraud incidents. Traditional onboarding and static checks struggle to distinguish these constructed identities from real ones, leaving vast swaths of risk unexamined until it surfaces elsewhere. 

This is not the background noise of yesterday’s fraud. It is a structural complexity, quietly shifting the baseline upon which detection models and risk scores are built. When the majority of new accounts could be synthetic, but possibly never transact, then the problem is no longer simply catching fraud, but understanding whether the engagement we observe truly reflects real human intent.

Artificial Agents in the Marketplace

Agentic AI is simultaneously a boon and a disruption to digital ecosystems. On the one hand, AI assistants help consumers complete tasks, discover products, and navigate services more efficiently than ever before. These agents accelerate growth and broaden accessibility. On the other hand, the very capabilities that make AI useful—adaptivity, contextual awareness, proficiency in task completion—are indistinguishable from the behavior of automated attacks at the surface level.

Fraud specialists today face a paradox of automated behaviors that were once clear markers of malicious bots now resembling legitimate interaction. Agents making purchases, filling carts, or submitting forms can be doing so either to facilitate commerce or to probe weaknesses. According to a forward-looking threat forecast, 75% of fraud professionals surveyed expect fraud to become increasingly AI-driven, reflective of a broad shift in tactics and velocity. 

Beyond this, recent industry projections warn that the acceleration of machine-to-machine interactions may soon trigger conversations about liability and accountability, illustrating that the challenge is not merely detection, but interpretation of intent and ownership. 

Trust Distortion Through Data

Synthetic identities and adaptive automation distort the very signals fraud detection systems rely on. Machine learning models, for all their sophistication, are fundamentally pattern recognizers. They infer what is typical based on historical examples. When data is infused with synthetic behavior that mimics real activity, the models adapt. They begin to treat that activity as legitimate. Over time, this shift leads to model drift: a slow recalibration of “normal” that includes the very behaviors we hope to catch.

Real world evidence unfortunately supports this. In 2024 and 2025, synthetic and AI-assisted fraud contributed to a measurable increase in identity fraud rates, even as surface metrics like overall fraud didn’t reflect this. In one identity fraud report encompassing hundreds of millions of transactions, the global fraud rate rose to 2.1% of transactions, with synthetic profiles and AI-generated deepfakes representing a significant portion of those incidents. 

The implications extend well beyond fraud teams. Marketing attribution, customer lifetime value models, and demand forecasting all rely on the integrity of data. When foundational signals lose clarity, every downstream decision inherits that uncertainty. The real risk is not simply that fraud occurs. It is that we begin to make strategic decisions based on data that is partly synthetic, partly automated, and increasingly ambiguous in its meaning.

When Detection Is Not Enough

Conventional fraud defenses focus on bad actors that behave differently from good actors. But modern fraud blurs that distinction. Automated agents and synthetic consumers can behave in ways that are statistically indistinguishable from genuine users, especially when velocity and interaction patterns alone are used to judge risk. Recent analysis of AI-optimized attacks found that malicious agents are systematically exploiting promotions and identity loops in ways that evade legacy indicators and confound detection systems built on old assumptions. 

What is required instead is a shift in perspective: from detecting observable anomalies to interpreting intent within context. That means systems and teams must integrate richer signals that persist across time and channels, and that ground interactions in stable identity references rather than ephemeral point-in-time checks. Only by anchoring insights in continuity can subtle distinctions become visible.

Continuity as a Lens

The organizations that navigate this environment effectively treat identity not as a momentary credential, but as a longitudinal signal. Context rooted in historical patterns, cross-channel linkage, and observed behavior enables teams to see beyond the superficial, revealing when a sequence of actions reflects enduring intent or simply transient noise. This approach reframes risk assessment from reactive blocking to proactive interpretation.

Importantly, this perspective aligns fraud mitigation with broader business goals. Marketing, customer experience, and product analytics all benefit from clearer understanding of who is genuinely contributing value versus who is merely inflating metrics. When a segment appears to engage but its underlying identities carry synthetic or automated traits, interpretation of that data changes. Decision-makers can respond with nuance rather than blunt force.

A Question of Intent

In practice, distinguishing intent requires rigor and precision. It requires systems that can weave historical signals together, understand adaptive behaviors, and integrate insights across disparate sources. It also requires cultural adaptation within organizations, where fraud teams are not isolated sentries but interpreters of risk and trust.

Collaborative efforts have shown the benefits of shared signal networks and contextual exchanges. Financial institutions that participated in data consortia significantly boosted detection capability, sometimes by more than an order of magnitude, illustrating the value of shared insight over isolated observation. 

This shift toward interpretation over detection reflects a broader understanding: fraud is not merely about isolating bad events. It is about understanding the arc of behavior and the meaning embedded within it. Synthetic activity and agentic AI make this task more complex, but also more revealing. The challenge ahead is to sharpen our view, not just widen our nets.

Clarity in a Blurred Landscape

Fraud teams have long been defined by their ability to identify and respond to risk. That expertise is still necessary, but it is no longer sufficient. As synthetic consumers and AI agents become pervasive, the central question transforms. It is not who is acting outside the rules. It is what each action signifies.

Understanding intent in a world where human behavior, automation, and synthetic constructs coexist demands that we rethink both measurement and interpretation. It requires anchoring to persistent identity signals, integrating cross-temporal context, and elevating insight over alert fatigue. Those who succeed will be the teams that make sense of complexity, rather than merely cataloging it.

The future of fraud management is about more than catching the bad actors. It is about understanding every intent and preserving trust in the signals upon which all informed decision-making depends.

Where to Deepen Insight

This evolution in fraud management challenges every organization to rethink what meaningful signals look like. AtData is identifying the implications of synthetic identity, agentic automation, and trust distortion across sectors. For professionals seeking to deepen their understanding and stay ahead of emerging threats with evidence-based strategies, AtData can provide valuable perspective grounded in real-world behavioral data.

Explore AtData.com/Fraud-Prevention and continue the conversation about how to better interpret intent in an increasingly complex identity landscape.

The post Agentic AI, Synthetic Consumers, and Trust Dilution appeared first on About Fraud.

That premise is gone.

Across technology roadmaps from companies such as OpenAI, Google, and Microsoft, a new model of interaction is emerging. AI systems are being built to act independently on behalf of users. These systems can search, communicate, transact, and coordinate tasks without a human present at the moment of execution.

The vision is efficiency. Software that manages routine digital activity the way assistants once managed calendars and travel.

For fraud teams, the implications are more complicated.

When an autonomous system begins interacting with businesses at scale, the traditional model of evaluating a “user” becomes less reliable. The entity initiating an action may not be a person at all. It may be a software agent operating under delegated authority.

The fraud problem evolves dramatically.

When Automation Looks Like Fraud

Fraud models are built on patterns observed over time. Certain behaviors correlate with elevated risk. Rapid account creation. High-velocity transactions. Repeated credential use across multiple services. Sudden bursts of activity from a single identity.

Fraud professionals have spent years tuning systems to identify those signals quickly. Now consider what happens when autonomous agents begin executing tasks for legitimate users.

An AI assistant comparing financial products might query multiple platforms simultaneously. A travel automation tool could evaluate dozens of booking options in seconds. A purchasing agent might create accounts with several retailers in order to access price comparisons or loyalty incentives.

From the perspective of a risk model trained on human behavior, those signals may resemble scripted attacks or account farming.

Nothing malicious is occurring. The activity is simply no longer human paced.

This is one of the early tensions emerging around agentic systems. The behaviors that historically indicated automation are becoming normal for legitimate software acting on behalf of customers.

The question for fraud teams is how to evaluate risk when automation itself is legitimate.

Risk No Longer Lives in One Place

For most of the modern internet, fraud evaluation has been able to effectively anchor around the moment of transaction. An identity performs an action. Systems evaluate the risk of that action.

Autonomous agents introduce a layered model of risk that is far more complex.

The first layer is still the underlying identity. Who is the consumer delegating authority to the agent, and what signals exist about the credibility of that identity over time.

The second layer is the software itself. Not all agents will be trustworthy. Some will inevitably be developed with the explicit goal of exploiting services. Distinguishing between legitimate automation and adversarial automation becomes a separate problem.

The third layer involves the agent’s behavior on behalf of the user. Even legitimate systems can behave unpredictably. Configuration errors, faulty logic, or unintended feedback loops can generate activity patterns that look indistinguishable from abuse.

The final layer remains the transaction in front of the system. Even when the identity and the agent appear legitimate, the transaction itself may be compromised through credential theft or account takeover.

These layers interact in ways that traditional models have not had to consider. Evaluating a transaction in isolation becomes less effective when the entity performing the action may be a piece of software operating independently of the human identity behind it.

Synthetic Identities Are Learning Patience

At the same time automation is evolving on the legitimate side of the ecosystem, fraud operations are adjusting their own timelines.

Synthetic identity fraud has existed for decades. The mechanics are familiar to fraud teams. Fragments of real and fabricated information are combined to create a new identity that can pass basic verification checks.

What has changed is how long these identities remain dormant before exploitation.

Fraud rings increasingly allow synthetic identities to age. Accounts are opened gradually. Small transactions occur over time. Digital signals accumulate across multiple platforms. By the time an identity is used for fraud, it often carries the appearance of legitimate history.

Financial institutions have already seen evidence of this strategy in credit and lending environments, where synthetic identities can build credit files over extended periods before executing larger fraud events.

The same concept is spreading into other digital ecosystems. The longer an identity exists without triggering risk controls, the more credible it appears to systems that rely heavily on transactional signals.

Fraud becomes less about a single suspicious event and more about the long-term credibility of an identity.

Why Identity Signals Are Becoming More Important

Fraud professionals are already aware that individual signals are becoming less reliable.

Device intelligence is increasingly constrained by privacy controls. Network signals fluctuate as consumers move between mobile networks, VPNs, and cloud infrastructure. Behavioral biometrics are powerful but require stable baselines that may not exist when automation enters the picture.

These limitations shift the emphasis of fraud detection.

The most durable indicator of legitimacy tends to be the long-term behavior of an identity across the digital ecosystem. Real consumers leave consistent traces of activity over time. Their identifiers appear in authentication systems, transactions, subscriptions, and communication networks in ways that synthetic identities still struggle to replicate.

Understanding those patterns requires visibility beyond a single organization’s dataset.

That is where identity intelligence networks matter. When signals are aggregated across large activity ecosystems, it becomes easier to determine whether an identity behaves like a real participant in the digital economy or simply appears credible within a single environment.

Preparing for a Different Kind of Adversary

Fraud prevention is entering a period where the boundaries between legitimate automation and malicious activity are becoming less distinct.

Autonomous agents will increasingly perform actions that resemble historical fraud patterns. Synthetic identities will continue evolving to build credibility over longer periods. Both trends push fraud detection away from purely transactional analysis.

The organizations that adapt fastest will focus less on isolated events and more on the underlying credibility of digital identities over time. That perspective changes how risk is evaluated. Instead of asking whether a transaction looks suspicious, systems begin asking a deeper question.

Does the identity behind this interaction behave like a real participant in the digital ecosystem?

Answering that question consistently is becoming one of the most important capabilities in modern fraud prevention.

In an era where non-human consumers may soon represent a meaningful share of digital activity, understanding the difference between authentic identity and manufactured credibility will determine which organizations stay ahead of the next generation of fraud.

See how AtData uses global email activity intelligence to understand identity risk: atdata.com/fraud-prevention

The post Entering the Era of Non-Human Consumers appeared first on About Fraud.

A Wisconsin-based medical clinic owner has been charged for orchestrating a wide-ranging healthcare fraud scheme that targeted Medicaid and private insurers by billing for services that were never provided. According to the U.S. Attorney’s Office for the Eastern District of Wisconsin and the Wisconsin Department of Justice, the defendant submitted thousands of false claims for […]

The post Care That Never Came appeared first on Fraud Of The Day.

A Maryland man has been charged for orchestrating an elder financial exploitation scheme that targeted vulnerable seniors through impersonation and coercive payment demands. According to the Maryland Attorney General’s Office and local prosecutors, the defendant posed as a trusted authority figure to convince elderly victims that their finances were at risk. Investigators say the fraudster […]

The post Trust Betrayed appeared first on Fraud Of The Day.

An Arizona resident has been sentenced for running a large‑scale unemployment insurance (UI) fraud scheme that exploited pandemic‑era benefit programs by filing dozens of false claims using stolen and synthetic identities. According to the Arizona Attorney General’s Office and the Arizona Department of Economic Security (DES), the defendant collected more than $1.2 million in fraudulent […]

The post Benefits Without Jobs appeared first on Fraud Of The Day.

A Nebraska tax preparer has been charged for orchestrating a multi‑year income tax fraud scheme that generated hundreds of thousands of dollars in fraudulent refunds by manipulating client filings and fabricating deductions. According to the U.S. Attorney’s Office for the District of Nebraska and the Nebraska Department of Revenue, the defendant submitted false federal and […]

The post Refunds on Repeat appeared first on Fraud Of The Day.

An Ohio construction worker has been charged for defrauding the state’s workers’ compensation system after allegedly collecting disability benefits while secretly operating a private contracting business. According to the Ohio Bureau of Workers’ Compensation (BWC) and the Ohio Attorney General’s Office, the individual claimed he was unable to work due to a severe back injury […]

The post Injured on Paper Only appeared first on Fraud Of The Day.

A South Dakota man has been sentenced for orchestrating a multi‑year identity fraud scheme that exploited state and federal benefit programs using stolen and synthetic identities. According to the South Dakota Attorney General’s Office and the U.S. Department of Justice, the defendant used personal information taken from data breaches and public records to create dozens […]

The post Stolen Identities, Real Benefits appeared first on Fraud Of The Day.

A Texas healthcare provider has agreed to a multimillion‑dollar settlement following allegations that it submitted fraudulent claims to Medicaid for services that were never rendered. According to the Texas Office of the Attorney General and the U.S. Department of Health and Human Services Office of Inspector General (HHS‑OIG), the provider billed for high‑volume patient visits, […]

The post Billing for Care That Never Happened appeared first on Fraud Of The Day.

Arizona officials have uncovered a large‑scale income tax fraud scheme that leveraged stolen identities, falsified employment records, and sophisticated digital filing tactics to divert millions in fraudulent refunds. According to the Arizona Department of Revenue (ADOR) and the IRS Criminal Investigation Division (IRS‑CI), the defendants submitted thousands of false state income tax returns over multiple […]

The post Refunds Routed the Wrong Way appeared first on Fraud Of The Day.

Pennsylvania authorities have charged multiple individuals in a Supplemental Nutrition Assistance Program (SNAP) fraud scheme that used falsified household information and identity manipulation to obtain benefits for ineligible recipients. According to the Pennsylvania Attorney General’s Office and the U.S. Department of Agriculture Office of Inspector General (USDA‑OIG), the defendants submitted fraudulent SNAP applications across several […]

The post Benefits Built on False Households appeared first on Fraud Of The Day.