As soon as the payments industry develops systems, processes and tools for thwarting one type of payments fraud, a new scheme emerges. The rapid evolution of cybercrime puts banks and other institutions in a constant trend of catching up, particularly as fraudsters exploit emerging technology to create increasingly sophisticated approaches.
The Fraudscape 2026 analysis of filings by members of Cifas (Credit Industry Fraud Avoidance System) to the UK National Fraud Database (NFD) reveals the rising trend of fraud. A total of 444,000 cases were recorded in 2025, the highest number of cases in a single year and a 6% increase on 2024. One example is misuse of facility, a tactic that has seen a 43% increase compared to 2024. This long-play con works by tricking or coercing a banking customer into initiating a series of small, legitimate looking payments over time. In the process, traditional fraud models are taught to recognise transactions as customary, allowing later fraud to pass through undetected.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
However, criminals are developing more than patience in their game of fraud. Tactics are also changing, as scammers devise increasingly sophisticated tricks for defrauding victims. Even tried and true Account takeover (ATO) schemes are getting a new façade, as criminals evolve approaches to gain control of bank accounts and initiate large scale payments. The Cifas report recorded 78,000 ATO cases during 2025.
One factor encouraging the escalation in fraud is the scammer’s growing mastery of technology. Generative AI is now being used to create natural sounding emails in foreign languages, creating ever more convincing ATO schemes. AI has also been implicated in deepfake tactics, where the voice of a known executive is impersonated to con employees into making fraudulent payments.
Technology isn’t the only trick in the new playbook, though. One of the most pernicious tricks fraudsters have developed is to turn the customer into an accomplice. Open banking frameworks are designed to let regulated third parties, such as accounting platforms or payment services, initiate transactions through secure APIs. The only caveat is that they need customer consent to do so, and this is where scammers now strike. Using highly convincing social engineering tactics, often disguised as customer or fraud protection measures, scammers coax account holders into authorising transactions without realising they’re being defrauded.
In one example, the customer receives a convincing text or email from their bank, alerting them to fraud on their account. They’re encouraged to secure their financial assets by following a link or calling a number. When they do, they’re directed to their bank and led through what appears to be a routine security step. Instead, they are approving a fraudulent payment request, that appears valid to both the customer and bank risk management processes.
As fraudsters continue to innovate – and regulations shift liability for losses onto banks – there is growing pressure to respond with smarter, more forward-thinking detection approaches.
Behavioural analysis is the key to fraud control in the modern age
Traditional fraud controls, such as device identification and multi-factor authentication, remail valid defense layers when combatting emerging fraud schemes, but on their own, are no longer sufficient to identify and prevent criminal scams. Behavioral analysis is now essential to identifying and stopping new and emerging fraud deviations.
Behavioral models look beyond single transactions to see how activity unfolds over time. While a payment initiated from a new device might raise a red flag with traditional fraud models, behavioral analysis can help mitigate the concern, by recognizing other familiar signals. These are based on typical user behavior, such as the routine nature of a payment made regularly to the same vendor. In contrast, fraudulent payments reveal themselves through inconsistencies – unusual timing, unfamiliar recipients or atypical urgency, such as a request for rapid funding.
To enhance the efficacy of behavioural analysis, AI-supported biometrics detect more granular details about customer behavior and habits, including touchscreen pressure, typing rhythm, mouse movement, and navigation speed. Subtle deviations, such as slower input of information or stronger tapping on a touchscreen, can identify unauthorised users and help stop fraud before it occurs.
Today, the most effective fraud strategies augment traditional fraud-busting tactics with behavioural analysis to establish intent. A multi-layered defence is crucial in today’s world.
Stephanie Mitchell, Director of Product Management, FMM, Finastra
