In the ever-evolving world of financial crime, fraudsters continue to outpace traditional defences with increasing sophistication. According to Carl Eastwood, Risk, Fraud and Financial Crime Solutions Principal at SAS, while the types of fraud may not have dramatically changed over the last decade, the methods used to carry them out and the tools required to combat them have evolved rapidly.

Drawing from his extensive experience in fraud and risk management, Carl highlighted the fraud trends shaping the banking landscape and the data-driven strategies that are proving critical in the fight against financial crime.

Enduring Fraud Threats: Same Goals, New Tactics

At first glance, the types of fraud targeting banks haven’t shifted drastically. Card Not Present (CNP) fraud remains a constant, as do fraudulent credit applications and payment fraud. What has changed, Carl explains, is how these frauds are perpetrated.

“While the ability to spend online or make payments hasn’t changed dramatically, the way in which fraudsters access genuine customer information has evolved significantly,” he says.

This includes everything from identity theft and phishing to complex scams like Authorised Push Payment (APP) fraud, where customers are duped into making payments to fraudsters. These scams are particularly difficult to detect because the customer initiates the payment, often believing it to be legitimate.

APP Fraud: A Growing Challenge

APP fraud has become a major issue for banks, regulators, and even industries outside financial services. “It’s such a problem that it’s no longer just the banks involved in tackling it. The telcos and ISPs are under pressure to intervene, too,” Carl noted.

Despite industry collaboration and regulatory involvement, APP fraud presents unique challenges. Unlike other fraud types where the criminal impersonates the customer, APP fraud involves the actual customer, making it harder to detect at the authentication stage. As a result, banks must rely more heavily on transaction-stage data and behavioural analytics to identify suspicious activity.

Balancing Friction and Fraud Prevention

A recurring challenge for banks is managing the fine line between fraud prevention and customer experience. With legitimate transactions often being flagged, customers can face unnecessary delays, friction and frustration.

Carl acknowledges this dilemma: “In APP fraud, because the real customer is authenticating, you lose the chance to stop the fraud at the gate. Detection then hinges on the transaction data and understanding customer behaviour in real-time.”

This is where behavioural analytics comes into play. By analysing patterns across a customer’s historical behaviour and comparing them to peer groups and past interactions with specific payees, banks can better assess whether a transaction is typical or potentially fraudulent.

The Data Advantage

The success of behavioural analytics depends on access to large volumes of diverse data. Real-time integration with multiple data sources, such as device information, historical transactions, and peer behaviour, is crucial. Despite the stories, the incidence of fraud is still relatively low considering the ever increasing volumes of genuine digital transactions.

To address this, Carl describes that, in addition to standardised options such as down sampling, the known frauds can be boosted using AI to either generate synthetic data or to use novel target variable inference techniques to identify the unknown/unreported frauds using methods such as link analysis. These approaches enhance the capability of machine learning models to detect rare fraud types by improving the statistical foundation on which they are built.

"Building machine learning models with strong predictive power, that are stable over time, relies heavily on having access to a diverse set of input data, but crucially a balanced dataset that has accurate separation between the frauds and non-frauds."

Synthetic Identities and AI Abuse

Fraudsters are also harnessing AI to their advantage, particularly in generating synthetic identities: fictitious personas created using a blend of real and fabricated information. These are often used to fraudulently acquire credit or loans.

While more prevalent in countries like the US, where identity verification processes have exploitable weaknesses, synthetic ID fraud is a growing concern globally. Carl notes that traditional identity verification methods often fall short, and the real detection power lies in data beyond the personal information provided.

“Fraudsters might get through the identity verification step, but link analysis, looking at shared addresses, devices, or emails, can uncover connections that indicate organised fraud networks,” he says.

SAS leverages machine learning and network analysis to detect these complex fraud rings, where seemingly isolated incidents are often linked through common data points. This layered approach enhances fraud detection without overwhelming legitimate customers with friction.

Cross-Industry Collaboration: The Next Step?

One area with significant potential for improving fraud detection is greater industry-wide data sharing. While initiatives like Confirmation of Payee checks are a start, Carl believes more could be done to enable cross-bank analysis.

“There are already success stories around sharing data for identity theft and credit application fraud,” he says, referencing UK-based platforms like CIFAS, SIRA, and National Hunter. Expanding such collaboration to include real-time payment data could offer a powerful line of defence, provided regulatory frameworks adapt to support it.

He also highlighted the role telcos are starting to play, particularly through 3rd party data API services that allow banks to determine whether a SIM swap has recently occurred, which are often a precursor to bank account takeover fraud. “This is one example of where data sharing is increasing with other examples like device identity data providers being another. Furthermore, credit bureau data can be used to detect fraud and we are starting to see a greater use of open banking data”

The Rise of Enterprise Decisioning

With fraud methods diversifying and data requirements increasing, banks are struggling with fragmented technology ecosystems. Over time, many have layered point solutions to tackle specific fraud types, leading to complex and siloed infrastructures.

SAS is addressing this through its modernised Viya platform, a unified, cloud-native solution that integrates fraud, risk, financial crime, and marketing solutions to improve collaboration and data sharing between departments. According to Carl, Viya is designed not only to support best-in-class AI and machine learning but also to streamline AI decisioning across the enterprise.

“Our customers want best-of-breed solutions, but also need simplification. Viya offers both: shared tools for machine learning, decisioning, and investigation that can be scaled across fraud, financial crime, credit risk, and marketing,” he says.

This platform consolidation reflects a broader industry trend toward enterprise customer decisioning, where banks aim to manage risk, compliance, and customer interaction from a unified system. For SAS, it’s about ensuring consistent tooling and strategy across multiple lines of defence.

A Future Built on Data

The battle against fraud is relentless, with no silver bullet in sight. But what is clear, Carl Eastwood emphasises, is the power of data, and not just more of it, but better use of it.

From behavioural analytics and synthetic data to real-time integration and cross-industry collaboration, data sits at the very heart of modern fraud prevention. Banks that can harness and orchestrate this information effectively will be best positioned to stay ahead of increasingly sophisticated criminals.

(Join us at The Banking Scene Conference Brussels on May 22, where you can hear Anselmo Marmonti, Vice President Risk, Fraud & Compliance Solutions, deliver a presentation on “Risk Transformation in Banking: The Future of Integrated Analytics” and meet the SAS team at Booth 5 to ask further questions.)