The hidden risks in modern payments

The increase in rate of crime is an unfortunate reality we have come to face along with the varying ways our lives changed in the last few decades.   Species are supposed to better itself over time as part of the natural evolution, but in the case of humans , the criminal minds are evolving faster than the rest. Would that cause decrease in our survival potential or even the eventual demise, only time could say.

 

According to the recent Crime Survey for England and Wales (CSEW) released in July 2025, while the overall crime rate increased by 7% ,  the increase in fraud was a whopping 31% for the year ending March 2025.

There are signposts to the factors helping this increase.  In the last decade, the global payments landscape has transformed beyond recognition. Contactless cards, real-time transfers, digital wallets, QR payments, embedded finance, open banking, AI-powered credit decisions are some of the few. Consumers have never had more convenience or more choice. But behind the sleek interfaces and frictionless experiences lies a fast-moving threat: financial fraud is evolving at a speed regulators struggle to match.

 

 

The key ingredients

The acceleration of digital payments created unprecedented efficiency, but it also increased the attack surface. Every new API, real-time rail, or fintech partnership introduces another potential vulnerability.

Three factors have combined to create a perfect storm:

 

1.     Payments are faster, fraud is instant

Real-time payments have become standard across Europe, the UK, India, and much of the world. But while consumers celebrate faster access to their money, criminals celebrate something else: faster access to stolen funds. In card fraud, banks have seconds to analyse a transaction. In authorised push payment (APP) scams, they often have just milliseconds.

 

2.     Attackers use the same tools as fin-techs

Criminals have adopted AI more quickly than financial institutions have been allowed to. Fraudsters today deploy:

• Generative AI voice cloning
• Deepfake video KYC
• Automated social-engineering bots
• Data from large-scale breaches

3.     Consumers are the new target

The rise of APP fraud has shifted responsibility from technology to psychology. Victims are manipulated into acting against their own interests, often through highly tailored and credible messages. I have seen it spike in India exponentially where there was a sudden shift from traditional cash payments to online/UPI payments, even the street vendors accepting QR code payments but minimum safety awareness for consumers resulting in large scale frauds. Fraud is no longer a technical hack, it’s a behavioural one.

 

 

Regulatory response

Regulators worldwide are working to improve accountability, transparency, and reimbursement frameworks. But innovation cycles in fintech move in months, while regulatory cycles move in years.

 

For example – The latest regulation in the UK - The Economic Crime and Corporate Transparency Act (ECCT)  was introduced in  2023 that came to effect in September 2025. From the time the details were discussed and debated in Parliament to its effective time, the industry already gone through a paradigm shift with technology advancement.

 

Most of these new regulations target large organizations to make them accountable if they perform fraud (including their employee, agent, or subsidiary), it fails to recognise businesses themselves are overwhelmingly the victims of fraud perpetrated by external actors. As per the National crime agency, it is estimated that 67% of fraud reported in the UK is cyber-enabled. And these attacks can originate from anywhere in the world. International payments move beyond any single jurisdiction’s control, but fraudsters don’t respect borders. Their operations like payment mules, synthetic IDs and crypto layering thrive in regulatory blind spots.

 

New frameworks like PSD3 in the EU, FSMA and Open-Banking in the UK aim to strengthen security, improve liability sharing, and force better industry collaboration. Yet, by the time rules become enforceable, fraud vectors have already migrated, for example crime focus shifted to consumer through social engineering to approve fraudulent payment requests.

 

 

Industry pain points

Every bank, fintech, payment processor, and wallet provider relies on its own infrastructure, machine-learning models, and risk rules. This fragmentation creates inconsistent defences. A fraudster only needs one weak link. This lack of unified intelligence means:

• Fraud patterns seen by one provider may not reach others
• Response times vary
• Reimbursement rules differ
• Liability disputes delay customer protection

Consumers experience friction in the wrong places; account openings slowed by KYC checks while fraudsters exploit the cracks in between.

 

 

What more is needed?

A shift in mindset from compliance to resilience is needed, is already happening at most of the corporate world. Payments companies need to become proactively resilient, adopting approaches traditionally reserved for cybersecurity to neutralise the sophisticated attacks.  Payment companies need better end to end, data driven tools , AI fraud detection and real  time monitoring to counter the fraudsters, and need to implement it faster and integrated across the network than the fraudsters themselves.

  

1.     Zero-trust payments

Every payment (domestic, international, card, or wallet ) evaluated as potentially malicious until proven safe.

 

2.     Dynamic identity

Identity verified continuously, not once at onboarding. This transforms identity from a static credential into a behavioural pattern. Not a one-time KYC, but dynamic refreshes.

 

3.     End-to-end monitoring

Lifecycle-based intelligence that tracks risk from account creation to transaction completion, including the social-engineering stage.

 

4.     Fraud detection with the use of AI

We are entering an era where fraud detection will increasingly depend on counter-AI. Banks and fin-techs are investing in Real-time behavioural biometrics, Network-level anomaly detection, Federated machine learning that protects privacy, and Generative AI risk scoring for unstructured data. It is imperative that we must detect fraud faster than it adapts.

 

5.     Industry-level collaboration

Fraud cannot be defeated by individual organisations; it requires interoperable data sharing like global threat-intelligence networks. This needs to be done in collaboration with financial companies, governments and the global law enforcement agencies, all working together to take out the malicious factors out of operation wherever they are located, and prosecute them to deter others. Fraud is no longer merely a technical problem. It is a societal problem with economic consequences. There needs to be wider education for the consumers to be beware of frauds in the same vigour as that of corporates training its staff to detect fraud at every level of interactions.

 

The organisations that will win the next decade are those that invest not only in speed and convenience, but in trust as a competitive advantage. Because in the new world of digital payments, innovation attracts customers, but trust keep them.

 

---

 

Therese Pal is a Director at American Express and the author of the crime thriller Survival of the Fittest: Genesis, a gripping crime thriller on identity, love, loss and resilience published by openleafmedia

 

Main image courtesy of iStockPhoto.com and MTStock Studio