Financial institutions are under siege from a new class of AI-powered fraud that traditional defenses cannot stop alone. The threat has evolved from isolated incidents to systemic exposures, with AI-enabled frauds projected to reach $40 billion by 2027 in the United States alone. The problem is not just the sophistication of the attacks, but that most organizations are structured to fight them in silos, missing the connections that reveal the true scope of the threat.

What Types of AI-Powered Fraud Are Targeting Banks Right Now?

Fraudsters are using artificial intelligence to execute attacks that were previously impossible at scale. These include synthetic identities designed to bypass know-your-customer (KYC) controls, deepfake videos used to impersonate executives, and AI-generated content that makes romance scams and phishing attempts far more convincing. Government analysis has already documented cases where criminals successfully opened bank accounts using AI-generated passport photos and falsified documents.

The sophistication is striking. In one well-known case, Arup Engineering lost $25 million in 2024 when a fraudster impersonated the company's chief financial officer using deepfake video technology. The attacker even included AI-generated versions of the target's colleagues in a video conference call to add credibility. North Korean individuals have also successfully infiltrated American companies as remote IT workers by using AI-generated face-swapping technology combined with false identity documents, generating an estimated $800 million annually for the regime.

Industry estimates suggest that almost 43% of detected fraud attempts on financial institutions now use AI, and of those, 29% are successful. Synthetic identities alone are estimated to have been used to open as many as 3% of US bank accounts, representing millions of fraudulent accounts used for money laundering and other crimes.

How Can Organizations Detect AI Fraud Before It Spreads?

The key insight from security experts is that AI-enabled fraud rarely appears as a single incident. Instead, it manifests across multiple departments in ways that each team interprets independently. A credit team might see a defaulted loan and write it off as a legitimate customer loss. An HR department might hire what appears to be a qualified remote worker. A compliance team might flag a suspicious account opening. None of these events, viewed in isolation, reveals the larger attack.

Breaking down these silos requires financial institutions to implement unified responses that bring together departments that traditionally do not work closely together. The solution involves connecting knowledge and coordinating action across multiple functions:

• Fraud and Financial Crime Teams: These units must share findings with credit risk, cybersecurity, and human resources to identify patterns that span multiple account types and employee hiring processes.
• Know-Your-Customer and Customer Due Diligence Teams: KYC/CDD professionals can identify when accounts share suspicious customer data points or transactional patterns that suggest a network of synthetic identities rather than isolated defaults.
• Cybersecurity and Human Resources: Cybersecurity teams can train HR staff to recognize deepfake indicators during video interviews, while HR can alert security teams when hired employees later show signs of being state-sponsored actors.
• Credit Risk and Compliance: These teams must coordinate to distinguish between legitimate credit losses and accounts opened with synthetic identities as part of money-laundering schemes.

Financial institutions already possess the tools to respond effectively. They hold extensive datasets of KYC records, transactional history, and behavioral information that, when analyzed together, can reveal fraud networks. The barrier is not technology but organizational structure.

What Steps Should Organizations Take to Strengthen Their Defense?

Experts recommend a multi-layered approach that goes beyond traditional fraud detection. Organizations should prioritize employee training using real-life case studies and near-miss scenarios drawn from across the institution and industry. Staff in senior positions or departments with financial authority are the most vulnerable to deepfake fraud and CEO impersonation attacks, making targeted training essential.

Financial institutions should also take proactive measures to inform and protect their customers. By leveraging their access to customer data and behavioral patterns, banks can identify indicators of fraud targeting their account holders and alert them before significant losses occur. This approach enhances customer relationships while meeting regulatory requirements.

The broader implication is clear: AI has accelerated fraud and crime, but it has also created new opportunities for detection. By connecting the knowledge distributed across cybersecurity, human resources, credit risk, financial crime compliance, and KYC teams, institutions can position themselves to protect both their operations and their customers from increasingly sophisticated attacks.

The window for action is narrow. As AI tools become more accessible to criminal networks and state-sponsored actors, the speed and scale of attacks will only increase. Organizations that break down their internal silos now will be far better positioned to detect and respond to threats that span multiple departments and business functions.