Guest Blog by Peter Davey, PaymentsJedi Advisory
Last month, I stood in front of a room full of payments professionals at EPCOR Payments Conference – Spring 2026, AKA Paymentspalooza, in Indianapolis and asked a simple question: How many of you would describe your institution's fraud function as a back-office cost center? Nearly every hand in the room went up.
|
|
I wasn't surprised. I'd suspected it. But seeing it, a room of experienced payments practitioners, risk leaders and banking executives, almost unanimously raising their hands, made the problem concrete in a way that a survey statistic never quite does.
These weren't people who didn't care about fraud. They cared deeply; they'd built programs, invested in tools and hired talented teams. But somewhere along the way, through budget cycles, organizational chart decisions and the relentless pressure to reduce loss rates, fraud had been framed as a cost to manage rather than a capability to build.
|
That framing, I'd argue, is one of the most expensive mistakes in financial services right now. My keynote at Paymentspalooza was titled Future of Payments: Fast Money, Smart Defense. The fast money part of that equation is well understood; real-time payments are accelerating, the FedNow® Service and RTP® Network are live and Zelle volumes continue to grow. The rails are faster than they've ever been, and they're only getting faster. The smart defense is where I think the industry has real work to do — not because the people aren't smart, but because the strategic frame is wrong.
Let me explain what I mean.
The Gap Nobody Is Talking About Honestly
There's a structural gap at the center of most fraud strategies. On one side: onboarding and a one-time check optimized for compliance. On the other: real-time payments that are instant, irreversible and increasingly targeted by sophisticated actors. In between? A fragile, inconsistently maintained understanding of who the client actually is.
Only 33% of financial organizations detect fraud at onboarding. The other 67% catch it at the transaction stage after the account is open, the identity established and the pattern embedded. At that point, you're not preventing fraud, you're managing its consequences.
This is the onboarding blind spot, and it's not accidental. It's structural. Most onboarding processes were designed to answer one question at one moment in time: Is this person who they claim to be right now? Once that box is checked, the identity is assumed, the account is opened and the fraud function inherits whatever risk that decision introduced.
In an era of AI-generated personas, deepfake documents and fabricated credentials, that model is showing its limits. Synthetic identity document fraud surged 311% in North America between Q1 2024 and Q1 2025 alone. 62% of financial institutions already identify digital onboarding as their highest risk point for synthetic identity fraud. These aren't emerging threats. They're current ones, and they're outpacing the controls that were built to catch them.
We're Asking the Wrong Question
The deeper problem isn't technological, it's philosophical. The industry has spent years and significant capital optimizing around a single question: “Is this transaction valid?”
It's the wrong question.
When a client is manipulated into authorizing a payment to a fraudster, the transaction is valid. Authentication passed. The fraud model cleared it. The system said yes, and the client lost everything. This is the reality of authorized push payment scams, and they are no longer edge cases. Authorized push payment (APP) fraud losses in the U.S. stood at $2.16 billion in 2023 and are projected to reach $3.08 billion by 2028. Via real-time payment rails specifically, that number is expected to grow from $865 million to over $2 billion in the same period. Deloitte estimates total U.S. APP fraud losses could surge to nearly $15 billion by 2028.
The U.K. is already living this future. APP fraud losses rose 12% year-over-year in the first half of 2025, reaching £257.5 million, while unauthorized fraud actually fell 3% in the same period. The fraud profile is shifting, and financial institutions optimized for the old model are carrying the exposure.
The right question isn't “Is this transaction valid?” It's “Does this look like our client?”
Those are fundamentally different questions. The first is answered by credentials and authentication. The second requires something deeper — a durable, continuously maintained understanding of who the client actually is, how they behave, what their patterns look like and when something deviates from those patterns in ways that matter.
I call this durable identity; it’s not a snapshot taken at account opening, but an ongoing understanding built from behavioral signals, contextual data, payment relationships and changes over time. It's the difference between knowing someone passed a test once and actually knowing them.
Fraud is not fundamentally a transaction problem. It's an identity problem that shows up in payments.
The Trust Dimension Nobody Is Measuring
After the first show of hands in Indianapolis, I asked a follow-up question: How many of you measure fraud performance primarily through loss rates and case volume?
Again, most hands.
I understand why. Those are the metrics that have historically been demanded by CFOs, boards and regulators. But they're measuring the wrong thing, which is producing the wrong organizational behavior.
Consider what clients are actually telling us.
97% of clients say fraud prevention and security are the most important factors when choosing where to bank. 73% would feel more positive about their financial institution if it intervened to stop a detected scam transaction. 50% rank better fraud detection as the top action they want from their bank. 13% would change financial institutions if unhappy with how their current institution handled a scam.
That's not compliance data. That's competitive intelligence.
The financial institutions measuring fraud purely as a loss rate are answering a question their clients stopped asking. Their clients are asking: Do you actually know me well enough to protect me? And when the answer is no — when someone loses $3,000 to an impersonation scam, and their financial institution tells them the transaction was authorized — the relationship doesn't just sustain damage. Sometimes it ends.
Nearly 4 in 10 U.S. households have been victimized by scams in the past five years. In 81% of successful cases, criminals impersonated a trusted authority. Nearly two-thirds of victims made the payment within 24 hours of first contact. The emotional and financial toll is significant. The trust erosion is compounding. And the institutions that handle it well — the ones that catch it, intervene, communicate proactively and stand behind their clients — are building something that loss-rate metrics will never fully capture.
Consumer identity fraud losses reached $27.2 billion in 2024, a 19% increase year-over-year. U.S. lenders faced $3.3 billion in exposure to synthetic identities in newly opened accounts. The scale is significant. But the competitive stakes — the question of which financial institutions clients trust to protect them — may be larger still.
From Cost Center to Strategic Asset: Four Actions
In the room at Paymentspalooza, I made the case that the most important shift in fraud strategy isn't a technology decision. It's a leadership decision about where fraud sits in the organization and how its success gets measured.
Here's how I see that playing out practically:
First: Redesign onboarding as the start of an identity lifecycle, not a compliance checkpoint. Every Know-Your-Customer (KYC) decision made at account opening becomes the baseline for every fraud decision that follows. If that foundation is weak — if it captured credentials but not behavioral signal, if it checked boxes but didn't build understanding — the fraud function spends the rest of the relationship compensating for it. Ask honestly: Does your onboarding process capture enough to anchor a durable understanding of the client? For most financial institutions, the honest answer is no.
Second: Build continuous identity — behavioral and contextual, not static. Move beyond credentials and device fingerprints. Invest in the signals that tell you whether a transaction fits the client’s actual pattern: time of day, payment relationships, communication cadence and behavioral baseline. The goal is not more friction, it's better signal. The financial institutions that get this right will reduce friction for legitimate clients while catching manipulation that static controls miss entirely.
Third: Shift fraud intervention upstream before payment execution. In a real-time payments environment, post-authorization review is not a fraud strategy, it's a loss accounting process. The intervention has to move earlier: to session behavior, pre-authorization signals and the moment something looks inconsistent with the client you know. The U.K.'s mandatory reimbursement regime, effective October 2024, combined with the regulatory pressure building in the U.S. both point the same direction: financial institutions will bear responsibility for outcomes, not just process compliance.
Fourth, and most important: Give fraud a seat at the strategy table and change how you measure it. This is the action that makes the other three possible. Fraud teams called in after product decisions are made will always be retrofitting controls onto systems that weren't designed to carry them. Fraud leaders who sit at the onboarding design table, the payments architecture review, the channel strategy conversation — those institutions build protection in from the start.
And stop measuring fraud purely as a loss rate. The full cost of a fraud failure includes client churn, lifetime value erosion, reputational damage and regulatory risk. The full benefit of fraud prevention includes retention lift, trust-based loyalty, reduced friction for good clients and competitive differentiation. CFOs and CEOs who see fraud through the loss-rate lens alone are managing a cost center. The ones who measure fraud capability against client retention, lifetime value and market trust are managing a strategic asset.
The Question That Matters
I ended my keynote in Indianapolis with a question I'd encourage every leadership team to sit with. Not “What is our fraud loss rate?” But, “Are our clients choosing us — and staying — because they trust us to protect them?”
Fraud will rise. Scams will get more sophisticated. Real-time rails will spread and the attack surface will grow with them. None of that is in question.
What's in question is the organizational decision about what kind of financial institution you want to be when it does. The ones that treat fraud prevention as a back-office cost center will keep chasing losses. The ones that treat it as a trust strategy will build the kind of client relationships that fraud can't break.
The gap between those two groups is already opening.
That room in Indianapolis gave me real confidence that the people in this industry understand the problem. The show of hands told me something important: awareness is high. The harder work — changing the frame, reorienting the metrics and earning fraud a seat at the strategy table — that's what's next.
Peter Davey is the founder of PaymentsJedi Advisory, focused on working with financial institutions and Fintechs on payments and banking strategy, fraud and the future of financial services.
|
|
Secure your virtual seat and register for our Virtual Fraud Symposium, happening August 5–6! Join EPCOR and UMACHA for two days of fraud education focused on emerging trends, prevention strategies and real-world insights. Get your ticket and bring additional team members along for half price when registered together! |