We think we understand fraud. We study it, legislate against it, invest billions fighting it. And yet losses keep climbing, attacks keep evolving, and the criminals keep winning. In this part of our fraud series, we examine the structural reasons why the industry continues to fall behind and why catching up requires more than better tools.
Throughout the fraud series, we’ve exposed the scale of industrial fraud operations: billion-dollar compounds staffed by hundreds of thousands of trafficked workers, corporate-style hierarchies with R&D departments developing AI-powered attacks, and sophisticated Fraud-as-a-Service platforms democratizing cybercrime. We’ve shown you the machinery. Now comes the harder question: why hasn’t the society stopped it?
The honest answer is that fraud is faster, cheaper, more scalable and more collaborative than the industry’s response. Fraud syndicates don’t wait for the next regulatory cycle. They don’t operate in silos. They iterate in real time, share intelligence freely and exploit every gap (technical, institutional and human) the moment it opens. And while businesses scramble to respond to the last attack, fraudsters have already moved on to the next one.
One thing must be said clearly: fraud will never be eliminated. It has always existed long before the internet and long before digital identity. Bad actors will always seek to game the system for gain, but the goal here isn’t eradication. It’s making fraud harder, costlier and less scalable than the alternative. To do that, we need to understand exactly why the industry keeps losing.
The $1 trillion bill: A crisis of scale
The financial toll of fraud is immense. Global losses from fraud exceeded $1 trillion in 2024, with banks projected to lose more than $45 billion every year. Investigating a single fraud incident costs institutions an average of $4.3 million and includes investigation, recovery and regulatory fines. Worldwide, annual anti-fraud spending surpasses $12.6 billion.
But the cost goes far beyond institutional balance sheets. While many banks can absorb fraud losses, for victims, recovery is rare. Only 4% ever get their money back. In cryptocurrency fraud cases, the average loss per victim was $12,400 in 2024, often representing entire life savings that were wiped out in minutes.
By the time a victim reports a scam, funds have already moved through multiple jurisdictions, been converted to cryptocurrency, layered through shell companies and disappeared into wallets controlled by syndicates operating from compounds protected by corrupt officials. So how does a criminal operation of this scale continue to thrive, largely unchecked?
Cracks in the system: Why fraud thrives
1. The industrialisation of AI
The most significant shift in the fraud landscape over the past two years isn’t regulatory or economic, it’s technological. Fraud syndicates have industrialised AI and the results are devastating.
Generative AI now enables the mass production of synthetic identities: realistic faces, fabricated documents, spoofed biometrics and deepfake videos that can fool verification systems trained on yesterday’s threat models. Voice cloning allows fraudsters to impersonate customers, executives and even family members in real time. Large language models power hyper-personalised phishing scripts at scale – gone are the days of broken English and obvious tells that gave scams away.
This is no longer the domain of sophisticated nation-state actors. AI tools are commercially available, cheap and increasingly accessible through Fraud-as-a-Service platforms. Recently we described how fraud syndicates operate like technology companies with R&D functions, product iteration cycles and quality assurance. Every time defenders update their models, attackers update theirs first.
The industry’s awareness of AI as a threat has not kept pace with the speed at which fraudsters are weaponizing it.
Before examining why defences are failing, it is worth distinguishing two distinct attack vectors that AI has turbocharged in very different ways. Technical fraud targets systems; synthetic identities, deepfakes, injection attacks and credential theft all attempt to defeat verification and authentication controls. Social engineering targets people; phishing, vishing, impersonation and authorised push payment fraud manipulate victims into authorising transactions themselves. AI has turbocharged both: it makes technical attacks harder to detect and social engineering attacks harder to recognise. Defences against each require fundamentally different approaches.
2. Fragmented, siloed defences
Fraud is a global, networked, collaborative criminal enterprise, but the defences built to stop it are not.
The core problem is structural: the typical anti-fraud stack is a collection of disconnected tools, each operating in its own data silo. IDV, fraud scoring, transaction monitoring, authentication, they each do their job in isolation, but they rarely talk to each other. A risk signal spotted at onboarding never reaches the transaction monitoring system. A suspicious login pattern never informs the next identity check. Fraudsters exploit these blind spots deliberately, behaving cleanly at one touchpoint while acting fraudulently at another.
The authentication gap is particularly dangerous. In a fragmented stack, the person authenticated at login has no verified connection to the identity established at onboarding. Authentication becomes a separate credential (a password, an OTP) that could belong to anyone. Account takeover exploits exactly this gap. The fraudster doesn’t need to defeat the original KYC check, they just need to defeat the much weaker authentication layer that has no memory of it.
Regulators across jurisdictions operate without standardised reporting frameworks. Law enforcement agencies lack real-time access to transaction data. Technology providers build fraud detection tools in isolation, often solving parts of the same problem without ever connecting the dots.
The result is a profound asymmetry: fraud syndicates share victim databases, coordinate attacks across regions, pool resources and learn from each other’s successes. Defenders, by contrast, operate without shared intelligence, and criminals exploit every gap between them.
3. Friction vs. security: The conversion trap
One of the most underappreciated reasons fraud is winning has nothing to do with criminals but has to do with the choices businesses make when designing their customer journeys.
Faced with a trade-off between conversion rates and security friction, too many businesses choose conversion – onboarding flows are deliberately kept short, verification steps are minimised to reduce drop-off, and risk signals are deprioritised when they threaten user experience metrics. The result is a set of defences calibrated not to stop fraud, but to be just good enough that fraud isn’t immediately obvious.
Fraudsters are rational actors. They target the path of least resistance. Businesses that optimise for speed and ease of onboarding become, by design, the easiest targets. The low-hanging fruit always gets picked first.
At its core, this is a strategic failure, not a technological one. Fraud prevention is often treated as a cost centre rather than a competitive advantage, funded reactively and resourced defensively. Until that calculus changes, fraudsters will continue to exploit the gap between what businesses say about security and what they actually invest in it.
4. Reactive systems in a proactive world
Fraud detection has historically been rule-based: define what a known attack looks like, write a rule to catch it, deploy the rule. The problem is that by the time a rule is written, tested and deployed, the attack it was designed to catch has already evolved.
Fraudsters are very fast and they don’t let you know their next move. They probe systems, identify weaknesses, execute attacks and iterate, often within hours. Fraud is usually detected only after the fact, once the damage has already been done, and by the time updated rules are implemented, the attack pattern has already changed again.
That is precisely why a reactive approach will never work. It is based on the assumption that the threat landscape is stable enough to be defined and codified, which is simply not true. The key difference lies in speed: fraud occurs in real time, while most systems designed to stop it react with a delay of several weeks or months. We need to shift from a reactive to a proactive approach: from systems that detect known fraud only after it has occurred to systems that detect anomalies, identify risk signals, and flag suspicious behaviour even before an attack takes place, even in the case of a previously unknown attack pattern.
5. Regulatory and cross-border complexity
Unlike regulation and law enforcement, fraud is borderless. A scammer in Myanmar targets a victim in Norway using infrastructure hosted in Eastern Europe, launders funds through cryptocurrency exchanges across multiple jurisdictions and cashes out through money mules in the UK, often belonging to unwitting victims recruited through their own social engineering campaigns. Each step crosses a legal boundary. Each boundary slows the response.
Fraud syndicates deliberately locate their operations in jurisdictions where regulation is fragmented, enforcement is underfunded and international cooperation is slow. Pursuing criminals across borders requires evidence-sharing protocols, extradition treaties and multilateral coordination that can take months to navigate. By the time international cooperation is secured, the trail has gone cold and the money has vanished.
Regulatory frameworks also vary significantly in their requirements for identity verification, transaction monitoring and fraud reporting, creating gaps that sophisticated criminal networks are expert at identifying and exploiting. Until regulation catches up with the borderless reality of fraud, jurisdictional complexity will remain one of the most reliable tools in the fraudster’s arsenal.
Fighting back: A coordinated response begins to emerge
Despite these obstacles, the tide is beginning to turn. Countries are harmonizing regulations through frameworks like the EU’s Anti-Money Laundering Regulation (AMLR). Multi-stakeholder ecosystems are forming to enable real-time intelligence sharing between banks, regulators and law enforcement. Advanced technologies – from AI-driven fraud detection to blockchain or behavioural analytics – are closing gaps that criminals have long exploited.
Perhaps the most important shift is conceptual: moving away from the idea that identity verification is a one-time event. Fraud doesn’t only happen at onboarding, so the checks shouldn’t stop there either. What’s needed instead is a unified view of the customer across the entire lifecycle, one that continuously updates, flags anomalies and treats trust not as a gate to pass through, but as a signal to be maintained.
IDnow’s Trust Platform is built precisely for this new reality. Where legacy systems relied on a single signal (a document check or a biometric scan), IDnow aggregates and cross-references multiple signals simultaneously: documents, biometrics, device data, behavioural patterns and contextual indicators. This includes 360 Signals capability, which detects repeat offenders by identifying suspicious reuse of faces, document templates and devices across sessions, even when individual signals appear legitimate on their own. Capabilities such as real-time risk scoring, block lists and identity graph visualisation give financial institutions not just a snapshot of who someone claims to be, but a continuously updated picture of whether they can be trusted – at onboarding and throughout the entire customer lifecycle. “That continuous picture is what changes the game because trust isn’t established once, it has to be maintained and verified at every step,” says Christophe Chaput, Principal Product Manager at IDnow.
Technology and regulation alone won’t win this war. Fraud is winning because it is faster, cheaper, more scalable and more collaborative than the industry’s response. The answer isn’t to do more of the same. It’s to fundamentally change the model: from reactive, siloed defences to proactive, AI-powered, joined-up protection, covering identity verification, authentication and continuous end-to-end trust monitoring across the entire customer lifecycle, built to move at the speed of the threat.
Discover how IDnow’s Trust Platform gives you a continuously updated picture of identity, from onboarding to the entire customer lifecycle.
Want to read more on this topic? Explore:
The True Face of Fraud #1: The masterminds behind the $1 trillion crime industry. Uncover who is behind the fastest-growing fraud schemes, where the main scam compound hubs are located, and what financial organisations need to understand about the threat actors they are up against.
The True Face of Fraud #2: The Industrialisation of Crime – How crime syndicates run $1 trillion scam empires. Discover how criminal networks are structuring themselves as fully-fledged enterprises, leveraging AI and the Fraud-as-a-Service (FaaS) model to industrialise fraud at scale.
The True Face of Fraud #3: The workforce behind fraud empires and how banks can fight back. Uncover the dark human reality behind industrialised fraud: hundreds of thousands of trafficked workers enslaved in scam compounds — and what banks can do to disrupt these criminal networks.
Author

Nikita Rybová
Customer & Product Marketing Manager at IDnow
Connect with Nikita on LinkedIn






