TrustSphere
 

AI voice agents are now answering calls, making outbound enquiries and even negotiating on behalf of customers. The same underlying capability is being weaponised against retail and corporate banking, and the inbound voice channel — long considered a high-friction defensive moat — is becoming a soft target. Banks and fraud teams need to start treating synthetic-voice traffic as a first-class threat.

Network tokenisation has crossed the threshold from optional optimisation to default infrastructure for card payments. With network tokens now provisioned automatically across major issuer portfolios in the UK, EU and US, fraud teams that built their detection logic around primary account numbers are discovering that the signals they relied on for years no longer behave the way they did. Risk models, dispute workflows, and step-up rules all need recalibration — quietly, but q

Agentic commerce, where autonomous AI agents browse, negotiate, and pay on behalf of consumers and businesses, is moving from research demos into live deployments. For payments, fraud, and financial crime teams, this is a structural change in who initiates a transaction. Existing authentication, identity, and liability frameworks were designed around a human in front of a device. When the buyer is a bot, every layer of that stack needs revisiting.

Authorised Push Payment fraud has moved from the fringes of fraud reporting to the centre of regulatory attention. With the UK's Payment Systems Regulator now enforcing 50-50 liability sharing between sending and receiving payment service providers, and similar consumer-protection proposals under active consideration in the EU and across Asia-Pacific, financial institutions face a structural shift in how fraud losses are allocated. Controls built for an era of caveat-emptor p

Reimbursement reform has changed the economics of Authorised Push Payment fraud, but it has not changed the underlying scam. With sending and receiving banks now sharing liability across an expanding set of jurisdictions, the strategic question for fraud leaders is no longer whether to reimburse — it is how to disrupt scams in real time before the money moves.

The collapse of NFT trading volumes from their 2021 peak has produced the mistaken impression that NFTs are no longer a material AML concern. In reality, the typology has matured, diversified into gaming platforms and in-app economies, and continues to attract criminal proceeds at meaningful scale. Regulatory frameworks in most jurisdictions lag the sophistication of these laundering techniques. For compliance teams at financial institutions, platforms and regulators, the gap

Banking-as-a-Service has transformed how fintechs, retailers, and gig-economy platforms deliver financial products. The model has also exposed a recurring structural weakness. The sponsor bank holds the licence and the regulatory accountability, while the customer experience, onboarding decisions and monitoring rules sit largely with the platform partner. When fraud or money laundering controls fail in this model, the consequences land squarely with the bank. Recent enforceme

First-party fraud, where a customer genuinely and knowingly defrauds their lender, has long been one of the most under-acknowledged loss categories in consumer banking. Industry estimates place annual global losses from first-party fraud well above USD 100 billion, with credit card, personal loan, and buy-now-pay-later portfolios taking the heaviest impact. Because traditional fraud controls are oriented around third-party imposters, and traditional credit controls are orient

Elder financial exploitation is now one of the fastest growing categories of consumer fraud in developed economies, yet it remains substantially under-detected by the controls banks have historically deployed. The victims are often long-standing, profitable customers with steady income, low charge-back exposure and clean KYC profiles — precisely the characteristics that traditional monitoring rewards rather than interrogates. In the United States alone, reported losses by con

In an era dominated by real-time payments, instant P2P apps and cross-border stablecoins, check fraud should by rights be a dying typology. Instead, US banks reported more than two million check fraud cases in 2025 and losses have continued to climb. Across parts of Europe and Asia, check-equivalent instruments have seen similar criminal resurgence. The paradox is that the same digital modernisation that was supposed to kill the check has in fact given criminals easier access

Business Email Compromise has persisted as the most financially damaging category of cyber-enabled fraud for most of the past decade, and 2026 has provided no reason to expect that pattern will change. Losses reported to law enforcement worldwide are approaching USD 60 billion cumulatively, with individual events routinely exceeding seven figures. What has changed is the operational sophistication of the attackers. Generative AI, voice cloning and adversary-in-the-middle phis

For two decades, cyber and fraud have lived in adjacent but separate operational silos, with different leadership, tooling, and metrics. That separation has become indefensible. Modern attacks rarely respect the boundary between credential theft, account takeover, social engineering, and downstream payment fraud. Tier-1 banks need a single operational picture across cyber and fraud, with shared telemetry, casework, and accountability.

Ransomware has long been treated as a cyber problem with a financial crime tail. That framing is no longer tenable. With ransom payments increasingly routed through regulated financial institutions, sanctions exposures embedded in the threat-actor ecosystem, and disclosure rules tightening on both sides of the Atlantic, ransomware now sits squarely on the AML and sanctions risk register.

Real-time payment rails have become the default in major economies, and authorised push payment scam losses have followed them upward. When funds settle in seconds, the window for traditional rules-based monitoring collapses, and the receiving bank's ability to identify mule behaviour at first deposit becomes the most important control in the chain. The control stack must move at the speed of settlement.

Generative AI has moved from novelty to weapons-grade in less than three years. Voice cloning that requires fewer than fifteen seconds of source audio, deepfake video that survives liveness checks, and large-language-model-generated phishing prose that is grammatically flawless in any language have collectively dismantled the heuristic defences on which most consumer fraud detection has historically relied.

Generative AI has done for fraud what cloud computing did for legitimate business: it has industrialised what used to be artisanal. Voice cloning, synthetic video, LLM-driven phishing and persona-as-a-service offerings are now stitched together into end-to-end attack stacks that no individual fraud control was designed to detect.

Chargeback volumes are climbing again across card-not-present commerce, and the dominant driver is no longer organised criminal fraud but first-party misuse — customers disputing legitimate purchases for convenience or buyer's remorse. The frictionless refund era is ending; the next phase will reward institutions that can tell genuine fraud, friendly fraud, and merchant error apart at speed.

Synthetic identity fraud has crossed the threshold from niche typology to systemic risk in 2026. Generative AI has industrialised every step of the synthetic identity supply chain — from inventing plausible biographies to producing photorealistic ID documents and animated liveness footage — and the cost of producing a 'good' synthetic now sits well below the value of a single approved retail credit line.

Visa Compelling Evidence 3.0 was the most consequential change to the card-not-present dispute regime in a decade. A year on, the rebalancing of issuer and acquirer liability is producing a clear pattern of winners and losers — and quietly reshaping how merchants, processors and banks invest in dispute defence.

The 2024 Hong Kong incident, in which a finance employee was tricked into wiring USD 25 million after a fully synthetic video conference with what appeared to be the CFO and several senior colleagues, was treated at the time as a cautionary one-off. Two years later it looks more like an opening shot. Generative AI has industrialised the production cost of executive impersonation, and treasury and accounts-payable functions are now squarely in the crosshairs. Regulators have n