Fraud is evolving faster than ever, with AI-powered scams, deepfake-enabled identity theft, and a surge in account takeovers putting financial institutions on high alert and accountholders at risk. As the most visible safeguard of the past few decades, the humble password is coming under increasing scrutiny.
In a PaymentsJournal podcast, Dr. Adam Lowe, Chief Product and Innovation Officer at CompoSecure and Arculus, and Suzanne Sando, Lead Analyst of Fraud Management at Javelin Strategy & Research, explored the rising fraud challenges facing financial institutions and how some of the latest solutions may be inspired by innovations in retail.
Emulating Retailers
Without much fanfare, two of the most successful online retail sites have been moving beyond passwords. eBay has embraced passkeys for years, while Amazon has announced plans to go entirely password-less by 2030. For banks, adopting similar approaches could reduce account takeovers and streamline customer access without compromising security.
“In the same way that they think about completed carts when you’re buying your favorite collectible on eBay, a bank or financial institution should think about completed user journeys,” said Lowe. “Whether I’m trying to send a wire, ACH, get a mortgage, whatever, I’m trying to complete a journey. If we can look at these tech leaders, take what they’ve learned, and apply those learnings to FIs and banks, we’ll be in a great spot.”
Fraud on the Rise
It’s clear that urgent action is needed to combat the rising instances of financial fraud. Around 60% of financial institutions have reported an increase in fraud over the past year—a figure number that climbs to nearly 70% among enterprise banks.
Javelin’s research revealed a 90% increase in losses suffered by consumers targeted by identity fraud between 2023 and 2024. Meanwhile, the incidence of traditional identity fraud has also been rising year over year, though at a slower pace.
These losses are not just financial—they demand significant time, operational effort, and resource allocation to detect and resolve identity fraud issues.
We have entered the AI era, accelerating both the volume and speed of attacks. Many financial institutions are struggling to counter these sophisticated threats while relying on aging legacy systems. Banks that fail to act now risk finding themselves even further underwater.
“A lot of those losses are attributable to account takeover and new account fraud, where criminals are relying on AI to increase the legitimacy of their phishing attacks,” said Sando. “They’re finding ways that bypass authentication and ID verification. Nine in 10 consumers in our annual survey report that they fear AI will be used against them to commit identity fraud.”
Even some biometrics can be faked. Any scenario in which a consumer can be tricked into giving a code can expose biometric templates, and weaker biometrics, such as voice, are increasingly easy to replicate.
Beyond the Password
Many in the industry recognize that operating from a purely defensive position is no longer sufficient. With the rise of artificial intelligence, a proactive approach to blocking fraud—through stronger authentication methods—is key.
Financial institutions need to recognize that the passwords consumers are comfortable using are not enough. These credentials are frequently reused across multiple accounts, both financial and non-financial, fueling the proliferation of account takeover incidents.
“It’s a habit that is unfortunately being reinforced by banks at this point to encourage the use of a username and password,” said Sando. “Stronger and more advanced authentication is removing those weaknesses, and it also instills confidence in the validity of the identity of the user on the other end of the interaction.”
Financial institutions and consumers alike are seeking credentials that are resistant to spoofing and don’t impose penalties for legitimate use. That’s where passkeys provide a solution. Similar to signing a check, a passkey allows users to digitally authenticate into a banking app or card using a unique key that proves identity in a zero-trust manner. Trust doesn’t need to be assumed or guessed; cryptographic verification ensures authentication in a secure and reliable way.”
“Technology like our Arculus tech—where a passkey is built into the card when you need to have a user step up or authenticate it—goes back to those easy-to-use but zero-trust methods that allow banks and FIs to protect their consumers,” said Lowe. “I was in Las Vegas for work and I got locked out of my banking account because I didn’t get to a text message that got delayed fast enough.
“Here you could have a user seamlessly prove who they are with something that’s in their pocket every day. And you don’t lose that customer relationship, you don’t lose that revenue, and you don’t get that false decline.”
Doing Fraud Prevention Right
Passkeys are poised to become a cornerstone of the next generation of fraud-fighting tools. While there is often too much reliance on consumer education to detect and prevent fraud, education still plays an important role in helping customers understand why this step is necessary and how it protects them.
What’s needed is to show consumers real, concrete examples of how easy it is to crack or bypass traditional authentication methods such as passwords and OTPs—and the true scale of fraud losses that result. There’s plenty of industry chatter and data on this topic, but far less understanding of the real-world impact of fraud on consumers themselves.
“Consumers want to know how their bank is protecting them from identity fraud and how they are securing their accounts,” Sando said. “They don’t want to just bury their heads in the sand and hope for the best. Consumers look to their bank and their financial institutions as the experts in protecting their identities and their accounts. And as consumers, we want to take the necessary steps and actions to protect our accounts.”
Customer buy-in is essential to the success of any fraud prevention program. It cannot succeed unless users actually adopt it, find it easy to use, and clearly see its value.
“When banks and financial institutions get fraud prevention correct, it’s a better user experience, it’s better brand loyalty, and they are actually reclaiming revenue at the top line as well,” Lowe said.
