AI fraudsters break identity systems built yesterday

Authentication systems built for yesterday's fraud no longer work in today's threat environment. although The company can once Assume criminals require skill, capital and patience to launch sophisticated attacks on logins or identities systemthat old playbook is out of sync with a world defined by generated images, deepfakes and Ultra-scalable fraud automation.

Inexpensive artificial intelligence (AI) models can now generate convincing synthetic identities. Automated agents can mimic human patterns. The entire registration of the fake business passed the requirements of an outdated verification model.

But it's not all gloom and doom. To uncover opportunities and explore how companies are responding, PYMNTS teamed up with Zach Cohen, chief product officer in Trullio, and william fitzgerald, Vice President WEX’s global fraud and financial crime unit, outlines a new blueprint for digital trust.

“Sophisticated tools to defraud the system … are now available to more bad actors,” Cohen said.

“The barriers to becoming a fraudster at scale have essentially disappeared,” Fitzgerald added. “Anyone with … $20 a month and an AI interface can enter the fraud market.”

New research from PYMNTS Intelligence and Trulioo quantifies the costs of this evolving threat landscape. Identity gap now consumes more than 3% of resources global revenue, equal to $95 billion one year. Compounding the problem, most companies misunderstand their preparedness. 96% expressed confidence in detecting harmful bots, although nearly 60% found it difficult to do so in practice.

This reality is forcing businesses to rethink not just their tools, but their entire operational rhythm. Previously, identity systems might be reviewed every two years.

Now, Cohen said, “it feels like you have to review them every month. There's a new attack vector, there's a new group of frauds … you need to constantly adapt and evolve.”

New strategies for digital risk

The modernization of fraud is astonishing. In the days before generative AI, even amateur attempts at fraud often revealed their weaknesses—misspelled names, corrupted documents, mismatched fonts. Even without specialized tools, fraud analysts can often “Spot check” their way to get a pretty high signal.

Those days are over.

Cohen warned that in regulated industries, “the documents they're looking at and the AI ​​projects — you can't tell the difference with the naked eye anymore.” He added that this shift, which occurred “in the last 12 to 18 months,” has greatly increased the sophistication and accessibility of attack tools.

Fitzgerald has seen this transformation firsthand in WEX’s own real-time payments environment. He recalled a time “six months ago or eight months ago, not five years ago” when fraudsters were still trying to pass off crude and sometimes laughable imitations. “We’ll see ID coming through and “It will be a cartoon avatar trying to imitate a face,” he said. The voice phisher will rustle paper in the background while busy looking for answers.

Today's opponent sounds fluent, looks very real and effortlessly total Personal Data. Against this backdrop, Cohen sees modern identity verification as a “revenue unlocker,” not because it reduces fraud losses but because it accelerates growth.

better Digital identity can do four things at once: improve user experience, automatically get more quality customer approvals, reduce false positives, and create a more secure ecosystem that customers trust. This combination can increase conversion rates, lifetime usage, and market expansion. Companies that view risk systems as static “good enough” utilities may be left with material value.

Fitzgerald sees the revenue impact in the opposite direction: Poor status mobility can stifle growth in ways that many organizations can't quantify. Manual review possible looks cheapBut this narrow perspective masks cascading opportunity costs, he noted. False positives or overly intrusive identity checks can alienate legitimate customers before they can transact.

“Preventing fraud is not the fraud department's problem,” he said. “This is a corporate issue.”

Fraud prevention is a mindset

The globalization of business identities brings a new set of structural challenges. Nearly two-thirds of companies stated Know-your business (KYB) clearance limit expansion Enter new markets. The fundamental problem: Traditional KYB systems are designed for domestic registries and stable paper company structures.

Even if companies recognize the need to modernize, their technical debt can become a drag.

Cohen emphasized that migration does not require a wholesale teardown of legacy systems. Instead, modern identity tools can work in parallel, demonstrating measurable improvements across the market—typically 20-30% improvements. These results help build internal momentum and justify further transformation.

The real challenge, he said, is designing systems that remain agile. Identity systems must be managed centrally but can be configured locally to achieve global consistency without sacrificing regional specificity: “What we are doing today is not what we want to be doing a month from now,” Cohen said.

As Fitzgerald said, “Keeping the bad guys out of the way is not just about not losing fraudulent funds. It's about having a clean process after that and not being lumped in with a bunch of bad guys.”

The goal is to build a global “trust graph,” a unified view that integrates registration data, network presence, agent signals, behavioral patterns and risk indicators. With this view, companies can detect anomalies that cannot be seen with one-dimensional inspection.

In a world where AI-generated identities can deceive the human eye, trust must be designed, not assumed. And the project has just begun.