Adobe Stock

When I entered the fraud prevention In 2018, a typical fraud attack could take months to deploy. Now it is not uncommon to see successful fraud schemes executed in just a few days. This acceleration not only does this challenge our existing risk strategies, but also requires a new holistic approach to fraud prevention.

A few years ago, a typical strategy involved fraudsters trying to reverse engineer a company’s risk defenses. They would start slowly, probing different product features with a variety of personally identifiable information, or PII, and payment data, thereby testing the system for weaknesses. Once they identified a blind spot, they would gradually escalate the attack, allowing it to trickle down to lagging indicators: materialized losses.

Although reverse engineering is still very prevalent, successful large-scale attacks now seem to come out of nowhere. Fraudsters bypass the experimentation phase entirely and move straight to large-scale, highly sophisticated exploitation in just a few days.

How can they act so quickly? While the rise of generative AI to create compelling text and images has certainly played a role, another, more fundamental problem is at play: information asymmetry.

Unlike financial institutions, which must navigate a maze of regulations and privacy concerns, fraudsters operate without borders: sharing stolen techniques and data on dark web forums and encrypted channels. You’d be surprised (or maybe not) how easy it is to find fraud advice on major communications apps (although I don’t recommend trying). They learn in real time, refining their tactics with each failed or successful attempt, and this intelligence is quickly disseminated globally.

Bound by complex regulations and concerns about competitive advantage, financial institutions rarely exchange actionable intelligence on emerging fraud vectors. Although the financial sector has a multitude of sophisticated risk management tools, their scope is often limited. These point solutions, while effective in combating specific types of fraud, are not designed for the type of rapid, multi-vector attacks we are seeing today. It’s not enough to simply upgrade a risk stack to the latest and greatest provider.

Today, fraud is no longer a single-vector attack: it is an orchestrated, multi-pronged strategy that exploits information and weaknesses across different financial institutions. The key to combating this growing threat is collaboration.

Financial institutions must move beyond siled approaches and start sharing information in real time. If fraud attempts, suspicious schemes and new techniques were shared across institutions and sectors as soon as they are detected, fraudsters would face a much more unified and formidable defense.

Imagine how valuable it would be if, after an institution identified a new synthetic identity scam, that information could be instantly shared across a network of banks, payment processors, and fintechs. By the time a fraudster attempted the same tactic elsewhere, the defenses would already be in place. Collaborative fraud databases, like the Financial Services Information Sharing and Analysis Center, or FS-ISAC, offer a model for how collective intelligence can shift the balance of power.

The threat posed by information asymmetry is real and time is not on our side. But by working together, leveraging real-time intelligence and sharing defenses across the industry, we can turn the tide and put fraudsters on the defensive.