Are global fraud losses rising?
In the United States alone, reported fraud losses reached approximately EUR 11.6 billion in 2024[2]. Europe shows the same upward trend: according to the European Banking Authority (EBA) and the European Central Bank (ECB), payment fraud losses across the European Economic Area reached EUR 2.0 billion in the first half of 2023[3].
On a global level, the numbers are even more alarming. In 2024, consumers across 42 countries lost the equivalent of EUR 411 billion to fraud, according to the Global Anti-Scam Alliance[4]. When including unreported cases, total global fraud losses are estimated to approach EUR 1 trillion, highlighting just how widespread and urgent the threat has become.
BankingHub-Newsletter
Analyses, articles and interviews about trends & innovation in banking delivered right to your inbox every 2-3 weeks
Why are digital payments convenient yet vulnerable?
Digital payments have become the standard for how money moves. Online transfers, card payments, mobile wallets and instant payments define everyday transactions. But the same system that enables speed and convenience also enables fraud at scale.
With generative AI, payment scams have become easier, cheaper, and faster. Fake identities for account openings, AI-generated phishing messages, forged KYC documents or synthetic voices to authorize transactions can now be produced within minutes – making it easier than ever for criminals to deceive both individuals and financial institutions.
“Due to increasing regulatory and legal liability risks, banks need to invest in fraud intelligence capabilities to defend ex-ante against new criminal fraud patterns, which is nearly impossible without AI. “
Günther Blaha, Senior Manager, zeb
Why are legacy control mechanisms being outpaced by fraud in a real-time payment world?
Banks still monitor fraud using traditional rule-based systems, fixed thresholds, manual alert reviews and investigations that happen after transactions are completed. This approach was built for a slower payment world, where transfers could be checked or stopped before settlement. While attacks now happen in seconds and often at scale, many detection processes still take hours or even days. Fraud teams investigate alerts one by one, often after the payment has already been cleared. This creates a structural imbalance: automation on the attack side; manual intervention on the defense side.
Fraud patterns also differ by payment rail: cards and card-not-present (CNP), A2A and instant payments as well as wallets or P2P each show their own typologies and latency requirements. This increases the pressure for rail-specific control mechanisms. Modern defense systems therefore need E2E AI: supervised models for known fraud patterns, anomaly detection for emerging behavior and graph analytics to detect coordinated networks. At the same time, attackers leverage deepfakes and synthetic identities, raising the bar for real-time, in-flow decisioning.
Figure 1: Fraud prevention gapThis gap has created a structural imbalance between attackers and defenders. Fraudsters operate with automation, scale, and AI using deepfakes, synthetic identities, and large-scale social engineering to bypass controls. Meanwhile, the defense side remains reactive and manual. This systemic gap exposes the payment infrastructure to significant risk.
“The payments ecosystem still relies on post-transaction detection, identifying fraud only after it occurs, while AI is driving a shift towards real-time, predictive prevention.”
Samed Ulu, Consultant, zeb
How can AI be used to prevent fraudulent activities powered by AI?
The transition to real-time, AI-enabled fraud has made it clear that each fraud scenario requires its own defense strategy. While PSD3 and the Payment Services Regulation (PSR) strengthen the overall framework for security, liability and data access, they were designed around traditional risk models and therefore do not yet fully align with AI-driven prevention methods. As a result, institutions must deploy targeted measures and specialized analytics to close this gap and ensure that their controls remain effective across all fraud types.
The following table illustrates how typical fraud scenarios unfold in practice and which AI-supported countermeasures are required to contain them:
Figure 2: Catalog of fraud types and matching countermeasures“Fraud today is multi-faceted – identity theft, account takeovers, push payment scams and mule networks all exploit speed and complexity – only predictive intelligence can keep pace.”
Jan Gesing, Senior Consultant, zeb
What is our conclusion?
If banks want to stay ahead, they must fight fraud with AI
Addressing the accelerating fraud threat in payments requires more than isolated AI initiatives. Banks need a modern foundation that aligns technology, the operating model and governance. Real-time detection depends on streaming data, unified customer profiles and AI capabilities such as behavioral biometrics, anomaly detection and graph analytics embedded directly into payment flows. At the same time, operating models must support continuous 24/7 decisioning with specialized roles and closer collaboration between operations, governance and IT.
Our project experience across the industry shows that many institutions underestimate how closely these dimensions are interconnected. Yet effectiveness in fraud prevention requires all three to evolve together. We support institutions in building the organizational, technological and regulatory foundations needed for sustainable AI adoption in a highly regulated environment, including alignment with PSD3/PSR, the Instant Payments Regulation (IPR), the EU AI Act, the GDPR and EBA model risk guidelines, covering everything from IT architecture and data management to compliance and governance.
How financial institutions can deploy AI-driven, data-centric fraud capabilities effectively
zeb supports financial institutions in navigating the rising complexity of AI-driven fraud, the shift to real-time payments and the tightening regulatory landscape. Building on our experience across PSD2, PSD3/PSR and the Instant Payments Regulation (IPR), we strengthen fraud-prevention capabilities end-to-end.
By combining industry expertise in payments and financial services, modern data architecture and advanced analytics, we help banks move from reactive detection to real-time, AI-enabled defense.
