The digital security landscape has undergone a fundamental transformation in the past year. Data from recent market analysis, including a report by Pindrop, points to a phenomenon whose scale escapes previous interpretive frameworks. A year-on-year increase of 1210% in the number of attacks means that traditional methods of capital protection are no longer fit for purpose. An ‘automated supply chain’ is being born in the world of economic crime, where generative artificial intelligence has become the main operational engine.
The industrial scale of micro fraud
For decades, anti-fraud systems in the banking and retail sectors were based on a hierarchy of risk. The principle was simple: the higher the amount of the transaction or return, the denser the verification screen. This strategy, while effective in the era of manual phishing attempts, is becoming a critical flashpoint in the clash with bots equipped with sophisticated scripts.
Fraudsters have abandoned the pursuit of spectacular, individual thefts in favour of the masses. Using GenAI tools, they are able to generate thousands of requests for refunds that deliberately oscillate around amounts that are considered insignificant by the systems. These ‘safe amounts’, usually remaining below the threshold of automatic blocking or manual manager control, add up to losses running into billions of dollars. In the US sector alone, these losses have been estimated at $1 billion in just twelve months. This phenomenon demonstrates that today’s security system must evolve towards the analysis of patterns and not just nominal values.
Democratisation of falsehoods and erosion of the barrier to entry
A key driver of this trend is the dramatic reduction in operational costs on the part of attackers. In the past, carrying out a sophisticated deception required specific linguistic and technical skills and time. Today, these barriers no longer exist. LLM algorithms allow grammatically and content-perfect messages to be created in any language, eliminating errors that previously allowed contact centre staff to identify phishing attempts.
Moreover, the process of creating synthetic identities has become fully automated. Criminals create thousands of digital avatars that build their credibility in CRM systems through a history of small, legitimate purchases in order to launch a massive attack on refund procedures at the right moment. This is a quiet, scalable process and extremely difficult to capture in real-time, where payout decisions are made.
Retail sector: Convenience architecture as a loophole
The retail industry, with its focus on a superior User Experience, has systematically simplified complaints and returns processes. Customer convenience is a priority, which in the current wave of automation is proving to be a double-edged weapon. Bots infiltrating retail sites are able to find loopholes in terms and conditions with surgical precision and automatically initiate refund processes, exploiting gaps in API processes.
This phenomenon does not only generate direct financial losses. It also causes operational paralysis for customer service departments, which have to deal with a deluge of false reports. A side effect is an increase in the number of so-called false positives – situations in which prevention systems, in a desperate attempt to combat bots, block the accounts of honest users. This in turn hits brand image and long-term consumer loyalty, which in the world of e-commerce is a loss that is almost irrecoverable.
Litigation paresis: Why is business lagging behind?
Artificial intelligence has raised the risk baseline, while internal processes in most organisations are stuck in the previous decade. As many as 47% of financial leaders admit that AI-generated fraud is now one of their biggest challenges. The problem lies in a lack of flexibility.
Most companies base their security on static rules. Meanwhile, the threat environment is dynamic. If attackers are using machine learning models to optimise their campaigns, defence must rely on equally sophisticated mechanisms. Relying on employee intuition or simple keyword filters in the age of video and audio deepfakes is a strategy doomed to failure. In contact centres, humans are no longer a sufficient safety net.
The new verification standard: Directions for adaptation
Surviving the new reality requires management to revise its approach to risk management. It may be useful to implement several key elements:
1 Behavioural rather than quantitative analysis: Systems learn to recognise how the user interacts with the interface. Bots, despite their perfection, move in ways that are different from humans. Detecting these anomalies in milliseconds is becoming the foundation of modern antifraud.
2 Biometrics and ‘liveness’ detection: Identity verification is moving beyond static documents and one-time codes. Liveness detection (detecting whether a video or voice image is synthesised in real time) is becoming the standard for verification in high-risk processes.
3. Redefining internal trust: Authorisation procedures within companies, especially those for urgent payments or access to sensitive data, should be strengthened with multi-level authentication that does not rely solely on voice or email channels.
The race for digital credibility
The shift from artisanal attacks to the industrial scale of extortion is forcing organisations not only to invest in technology, but above all to change their security philosophy. Credibility will become the most valuable currency. The companies that are quickest to adapt to the reality that every voice and image can be a fabrication will build a sustainable competitive advantage based on customer trust.
