top of page
Search

When Scammers Get Smart: How Generative AI Is Industrialising Voice, Video and Identity Fraud

  • Writer: TrustSphere Network
    TrustSphere Network
  • May 14
  • 5 min read

Generative AI has moved from novelty to weapons-grade in less than three years. Voice cloning that requires fewer than fifteen seconds of source audio, deepfake video that survives many liveness checks, and large-language-model-generated phishing prose that is grammatically flawless in any language have collectively dismantled the heuristic defences on which most consumer fraud detection has historically relied. The same tools that allow legitimate businesses to scale customer engagement now allow scammers to operate at industrial volume with minimal incremental cost.


The shift is not theoretical. Europol's 2025 IOCTA report flags AI-augmented social engineering as the fastest-growing organised crime methodology in Europe, and the FBI's IC3 has highlighted a marked increase in business email compromise and impersonation losses driven by AI-generated content. The United Kingdom's National Crime Agency, FinCEN, and the Australian AUSTRAC have all issued typology alerts during 2025 and early 2026 covering voice-clone CEO fraud, deepfake video account takeover, and synthetic identity creation at scale.


For banks, fintechs, and payment platforms, this represents a genuine inflection. The economics of fraud have changed; the marginal cost of producing a convincing scam has collapsed, while the friction cost for the victim of falling for one has barely moved. Detection strategies that were proportionate in 2022 are now structurally outpaced, and institutions need to plan for an environment where AI-augmented attacks become the baseline rather than the exception.


Regulatory and Enforcement Context


Regulators are responding on multiple fronts. The European Union AI Act, which entered into force in 2024 and is being progressively implemented through 2026, places obligations on AI providers that include traceability and provenance for synthetic content. The UK's Online Safety Act and the proposed Fraud Strategy refresh push platforms and telcos to take greater responsibility for the distribution channels that scams ride on. The US Federal Trade Commission has issued enforcement actions against impersonation enabled by voice cloning, signalling that consumer-protection law is being applied to the AI fraud ecosystem.


From a financial-crime perspective, FATF's 2025 update on emerging risks and the Wolfsberg Group's 2026 statement on AI-enabled financial crime both reinforce that banks must integrate AI-fraud typologies into their enterprise-wide risk assessment. Examiners in the United States, United Kingdom, Singapore and Australia are increasingly asking firms how they detect synthetic media, manage non-human identity risk, and ensure their own AI controls cannot be exploited by adversaries — a quiet but important shift in supervisory expectation.


What the Data Is Showing


Vendor data from across the identity, authentication, and anti-fraud space tells a consistent story. Sumsub's 2025 Identity Fraud Report shows a tenfold increase year-on-year in deepfake-related identity-document attacks. Pindrop and other voice-biometrics vendors report that voice-clone attempts now represent a meaningful share of contact-centre fraud attempts at major retail banks, with success rates against legacy voiceprint systems materially higher than against modern multi-factor approaches. Meanwhile, phishing email volumes have surged in both quantity and quality, with click-through rates increasing measurably where AI-tuned content is used.


Behind the headline numbers sits a more troubling pattern: AI is not just being used to generate the deceptive content, it is also being used to choreograph the entire scam — selecting targets, scripting the conversation, adapting in real time to victim responses, and orchestrating the laundering steps that follow the loss. This end-to-end automation is why the unit economics of fraud have shifted, and why isolated control improvements have limited impact unless paired with detection that explicitly assumes AI-augmented attackers.


Implications for Financial Institutions


Defence has to evolve in three directions at once. First, identity proofing at onboarding must be uplifted to assume that documents, selfies and short video samples may be AI-synthesised; this means moving from passive checks to interactive challenges, embedded liveness, and cross-checking against negative-data utilities and behavioural baselines. Second, customer-channel authentication needs to assume voice and video can be cloned; banks should accelerate the deprecation of voice-only authentication and supplement biometrics with device, behavioural and contextual signals.


Third, internal controls must be hardened against AI-enabled social engineering of staff. Business email compromise has not gone away; it has become more convincing. Treasury, payments, and supplier-onboarding teams need procedural defences — call-back verification, dual control, and out-of-band confirmation — that do not rely on the recipient detecting an AI-generated artefact. Investment in employee awareness, supplier-risk monitoring and finance-process controls is now as material as customer-channel investment.


Conclusion


Generative AI has changed the cost curve of fraud and the texture of social engineering simultaneously. The institutions best positioned for the next two to three years are those treating AI-enabled fraud as a strategic risk rather than a vendor-procurement question, and those willing to redesign authentication, identity proofing, and internal-control journeys around the assumption that the adversary now has industrial-grade synthesis at their disposal.


Suggested Next Steps


  • Conduct a synthetic-media red-team exercise across your customer onboarding, authentication and contact-centre journeys — measuring not just bypass rates but the time-to-detect when synthetic content is presented.

  • Inventory and risk-rate every internal process where a single human verification step is the dominant control against impersonation; introduce dual control and out-of-band verification for high-value or high-risk transactions.

  • Re-baseline your phishing and BEC training programmes to reflect AI-generated content, and increase the frequency of simulated attacks to reflect the reduced cost of attacker iteration.

  • Engage with industry forums — Wolfsberg, EBA, FS-ISAC, the AI Standards Hub — and contribute typology data on AI-enabled attacks so the sector as a whole can build a shared early-warning capability.


Sources: Europol IOCTA 2025; FBI IC3 Annual Report 2025; FATF Emerging Risks Update 2025; Wolfsberg Group AI and Financial Crime Statement 2026; Sumsub Identity Fraud Report 2025; UK National Crime Agency Strategic Assessment 2025; European Union AI Act Implementation Timeline.


TrustSphere Risk Index — Vendor Spotlight


The TrustSphere Risk Index is our independent assessment of the global fraud, financial crime and identity vendor landscape. The March 2026 edition covers 221 vendors across eight functional categories — Risk Orchestration, Enterprise FRAML & Decisioning, Identity / eKYC / KYB Onboarding, Behavioural & Device Intelligence, AML Data, Screening & Regulatory Intelligence, FRAML Technology Stack, Deepfake Detection, and adjacent specialist categories — each scored across eleven capability dimensions including fraud detection, transaction monitoring, identity verification, watchlist screening, and regulatory intelligence.


This week's vendor spotlight is Jumio, which scored 65% on the TrustSphere Risk Index — one of the strongest results in the Identity, eKYC, KYB & Onboarding Platforms category. Jumio combines AI-driven document authentication, biometric liveness and ongoing identity-risk signals to address exactly the threat surface generative AI has reshaped: deepfake-resistant onboarding, synthetic-identity detection, and continuous re-verification. For banks, fintechs and crypto platforms repositioning identity proofing for an environment where attackers can synthesise documents and faces at scale, Jumio is one of the most defensible upstream controls in the market.


If you would like a comprehensive vendor suitability assessment for your institution — mapped to your specific use cases, regulatory footprint, and target architecture — please contact TrustSphere directly. The full Risk Index, peer benchmarks and tailored shortlist work is available on request.


TrustSphere helps financial institutions design and deploy intelligent fraud and financial crime detection solutions. Visit www.trustsphere.ai

Comments

Recommended by TrustSphere

Atfinity


 

Izengard


 

Trefis


 

Noto360



 

Thetaray


 


Regulation Asia


 


FCC Analytics

 

Futurum



 



Darwinium


 

Arkose Labs


 

SumSub



 

FinanceX



 

FullArmor



 

Clari5



 

© 2024 TrustSphere.ai. All Rights Reserved.

hello@trustsphere.ai

  • LinkedIn

AML Watcher


 

Relevance.ai



 

LevelFive



 

Disclaimer for TRUSTSPHERE.AI

The content provided on the TRUSTSPHEREAI website is intended for informational purposes only. While we strive to provide accurate and up-to-date information, the data and insights presented are generated from a contributory network and consolidated largely through artificial intelligence. As such, the information may not be comprehensive, and we do not guarantee the accuracy, reliability, or completeness of any content.  Users are advised that important decisions should not be made based solely on the information provided on this website. We encourage users to seek professional advice and conduct their own research prior to making any significant decisions.  TruststSphere Partners is a consulting business. For a comprehensive review, analysis, or support on Technology Assessment, Strategy, or go-to-market strategies, please contact us to discuss a customized engagement project.   TRUSTSPHERE.AI, its affiliates, and contributors shall not be liable for any loss or damage arising from the use of or reliance on the information provided on this website. By using this site, you acknowledge and accept these terms.   If you have further questions,  require clarifications, or requests for removal or content or changes please feel free to reach out to us directly.  we can be reached at hello@trustsphere.ai

bottom of page