TrustSphere
 

The quantum-computing community has stopped arguing about whether a cryptographically relevant quantum computer is possible and has moved on to arguing about when. Conservative estimates put cryptanalytically useful quantum capability at the early 2030s. Less conservative ones put it sooner. Either way, the half-life of payment messages, card cryptograms and TLS-protected session keys means the harvest-now-decrypt-later attack model already applies to any sensitive material m

The 2024–2025 wave of relationship-led investment scams — the so-called "pig-butchering" typology — was built on a labour-intensive playbook: a lon...

The periodic customer review — the calendar-driven exercise in which a financial institution refreshes KYC and risk data on a low, medium or high c...

The 2025 rollout of the Visa Acquirer Monitoring Programme — VAMP — was treated initially as a tidying-up exercise that consolidated the old Visa D...

The first quarter of 2026 has cemented something fraud teams have argued for years — that money mules are recruited, not born. Recent PSR and HM Treasury consultation papers, alongside live enforcement under the Online Safety Act, have moved the conversation from "make banks find the mules" to "make recruitment platforms stop creating them in the first place." Ofcom's late-2025 priority direction on illegal financial harms, combined with the FCA's January 2026 Dear CEO letter

The Scattered Spider playbook — confidently calling a help desk, impersonating an internal employee or a high-value customer, and talking the agent...

Anti-money-laundering programmes have spent two decades filing suspicious activity reports about transactions that have already moved. The next generation of AML platforms is being designed around a fundamentally different premise — predicting the typology before the payment leaves the bank, and intervening with the same evidentiary rigour required for a SAR.

First-party misuse, often described as friendly fraud, has become the largest single category of card-not-present chargebacks for many merchants. Unlike third-party fraud, where a stranger uses stolen credentials, first-party misuse is committed by the legitimate cardholder who later disputes a transaction they authorised. The result is a slow, structural drain on merchant margins that traditional fraud controls cannot detect.

Network tokenisation has crossed the threshold from optional optimisation to default infrastructure for card payments. With network tokens now provisioned automatically across major issuer portfolios in the UK, EU and US, fraud teams that built their detection logic around primary account numbers are discovering that the signals they relied on for years no longer behave the way they did. Risk models, dispute workflows, and step-up rules all need recalibration — quietly, but q

Quantexa has established itself as one of the most influential financial crime technology vendors of the past decade. Its contextual decision intelligence platform is used by some of the world's largest banks, government agencies and insurance groups, and it anchors a category that combines entity resolution, network analytics and machine learning at enterprise scale. In this Vendor Spotlight, we examine what Quantexa actually does, where it adds distinctive value, and the co

Generative AI has moved from novelty to weapons-grade in less than three years. Voice cloning that requires fewer than fifteen seconds of source audio, deepfake video that survives liveness checks, and large-language-model-generated phishing prose that is grammatically flawless in any language have collectively dismantled the heuristic defences on which most consumer fraud detection has historically relied.

Chargeback volumes are climbing again across card-not-present commerce, and the dominant driver is no longer organised criminal fraud but first-party misuse — customers disputing legitimate purchases for convenience or buyer's remorse. The frictionless refund era is ending; the next phase will reward institutions that can tell genuine fraud, friendly fraud, and merchant error apart at speed.

Synthetic identity fraud has crossed the threshold from niche typology to systemic risk in 2026. Generative AI has industrialised every step of the synthetic identity supply chain — from inventing plausible biographies to producing photorealistic ID documents and animated liveness footage — and the cost of producing a 'good' synthetic now sits well below the value of a single approved retail credit line.

Visa Compelling Evidence 3.0 was the most consequential change to the card-not-present dispute regime in a decade. A year on, the rebalancing of issuer and acquirer liability is producing a clear pattern of winners and losers — and quietly reshaping how merchants, processors and banks invest in dispute defence.

The 2024 Hong Kong incident, in which a finance employee was tricked into wiring USD 25 million after a fully synthetic video conference with what appeared to be the CFO and several senior colleagues, was treated at the time as a cautionary one-off. Two years later it looks more like an opening shot. Generative AI has industrialised the production cost of executive impersonation, and treasury and accounts-payable functions are now squarely in the crosshairs. Regulators have n

Chargeback volumes have outpaced card spend growth for three consecutive years, and what was once treated as a back-office dispute workflow is now a strategic loss line for issuers and merchants. The growth is no longer driven by classical card-not-present fraud — it is being driven by first-party misuse, where the legitimate cardholder disputes a transaction they recognise. This shift is forcing a fundamental rethink of evidence, liability and dispute economics.

Agentic commerce has moved past the demonstration phase. AI agents now research products, negotiate terms, and complete checkout on behalf of human principals at meaningful daily volumes. The fraud and identity controls built for human-driven e-commerce assume a single, attentive customer in front of every transaction. That assumption no longer holds, and the implications for issuers, merchants, and payment networks are still being worked out.

Romance fraud has been the quietest billion-dollar problem in financial services for a decade. In 2026 it has stopped being quiet. The combination of cheap multimodal generative AI, off-the-shelf "persona farms" sold openly in dark-web marketplaces and the maturation of pig-butchering playbooks has industrialised a crime category that used to be artisan. The FBI's 2025 IC3 report logged $4.3bn in confirmed romance and investment-impersonation losses in the United States alone

Quishing — phishing via malicious QR code — has graduated from a niche social-engineering technique to a mainstream payments attack. The combination of post-pandemic QR ubiquity, account-to-account payment rails activated by camera scan and the ease with which a printed sticker can overlay a legitimate code has produced a year-on-year growth rate that few internal fraud teams budgeted for. The UK's Action Fraud reported a 587% rise in QR-code phishing reports between 2023 and

Agentic commerce — where AI agents browse, compare, and complete purchases on behalf of their human principal — is moving from research demonstration to live deployment. Major platforms and payment providers are publishing protocols, identity frameworks, and merchant onboarding specifications designed to let autonomous agents transact at scale.