Elastic: Banks Battle Fraud With AI as Regulations Shift

The democratisation of AI has fundamentally altered the threat landscape. 

The financial services sector faces an unprecedented challenge as AI transforms both fraud tactics and defence mechanisms. 

Traditional approaches to security are no longer sufficient in an era where fraudsters harness the same advanced technologies that banks deploy to protect customers.

Bad actors now employ sophisticated tools that were once the preserve of well-resourced criminal organisations, whilst defenders scramble to keep pace with evolving attack methods.

Sam Abadir, Research Director, Risk, Financial Crime, and Compliance at IDC, describes the current fraud prevention sector as "definitely an arms race".

However, he emphasises that success depends less on acquiring cutting-edge tools than on establishing robust governance frameworks.

"It's not necessarily about having the latest and greatest tools, it's about having the right governance and the right tool set inside to be able to basically observe everything that's going on and react to it the right way," Sam explains.

The convergence of fraud prevention and cybersecurity has created new vulnerabilities that institutions must address. System outages present particular risks, as fraudsters exploit these windows of opportunity when defensive tools may not function optimally.

Sam reveals that many banks fail to examine historical data after systems recover. "When systems come back up, there's a lot of banks out there that do not look backwards in history to look for those fraud events," he says. "It really is an open door for that."

Joe Murin, Solutions Architect, Cybersecurity at Elastic, notes that organisations frequently ask whether they can detect when log sources stop transmitting data. 

This concern reflects a fundamental weakness in many institutions' monitoring capabilities.

"I feel like the biggest pain point I encounter is when the team is concerned about missing a specific set of logs, not necessarily the entire platform going down," Joe explains.

Modern platforms can identify gaps automatically and retroactively apply detection rules to previously unscanned data. 

This capability proves essential for maintaining continuous security coverage during disruptions.

Regulatory frameworks drive organisational change

The Digital Operational Resilience Act (DORA) represents a significant shift in how European financial institutions approach security and fraud prevention. 

The regulation mandates comprehensive visibility across infrastructure and faster reporting of operational incidents.

For years, data security, information security, fraud prevention and cybersecurity teams operated independently within banks. 

Sam says this siloed approach is no longer viable under modern regulatory frameworks.

"Schemes like DORA are really bringing that together," Sam continues. "The banks that are going to succeed, whether they're regulated by DORA or not, are going to be the ones that actually unify this and look at events across every part of their organisation."

Joe emphasises that unified platforms help institutions demonstrate compliance more effectively.

When all data resides in a single location with consistent normalisation, organisations can respond to queries and generate reports more efficiently.

"If you have a single platform that can do that for you, that's already helping you prove your compliance use case," Joe says.

The talent shortage affecting both fraud prevention and cybersecurity teams compounds the challenge. 

Sam notes that combining these functions under shared tools creates operational efficiencies whilst addressing staffing constraints.

Synthetic identities pose a growing threat

Among emerging fraud tactics, synthetic identities present particular difficulties for financial institutions. 

These fabricated personas often incorporate elements of real identities, making them harder to detect than entirely fictitious accounts.

Sam explains that synthetic identities prove more challenging than AI-generated document forgeries. "Synthetic identities often are made of partially real identities, so they have a lot of different places to come in and make that attack from," he says.

Document forgeries, whilst sophisticated, typically get caught in structured workflow processes. 

The optimal approach involves combining detection efforts rather than treating these threats separately.

"If you're just looking at the synthetic ID over here and then you're looking at the document over here without combining that intelligence, there's a very good chance you're going to be missing something," Sam reveals.

Joe describes behavioural analytics as one essential detection technique for identifying coordinated attacks involving small transactions across multiple accounts. 

Unsupervised machine learning can flag anomalous patterns, and along with other indicators over time, generative AI helps analysts connect disparate indicators into coherent fraud campaigns.

"We would essentially throw transactions per account number at machine learning and say, 'tell me when this person exfiltrates less money than they normally do'," Joe explains. 

"While unsupervised machine learning is of course a subset of the greater AI umbrella, we would then use Gen AI to chew through all those individual indicators, stitch them together into a greater fraud campaign that's playing out."