All posts by Julie.JLee@experian.com
Ask the Expert: A Closer Look at Modern Lending with Jeff Hops and Erin Haselkorn
Financial ServicesIn this first episode of Ask the Expert, Experian's Jeff Hops, Senior Director of Data Platform and Product, and Erin Haselkorn, Senior Director of Analyst Relations, explore how broader data and new signals can help lenders better understand today’s consumers, while maintaining responsible decisioning. Lending is changing Interest rates, regulation, embedded finance and AI are reshaping the lending landscape. Consumer behavior is evolving just as quickly. But the core job hasn’t changed. Lenders are still making decisions about people they don’t fully know, and that makes data more important than ever. "There are periods where nothing changes, and periods where it seems like everything changes. We’re in the latter … but the core premise hasn’t changed. You’re still trying to lend to somebody you don’t know."Jeff Hops, Senior Director of Data Platform and Product To make those decisions with confidence, lenders need a strong foundation of identity, history and reliable signals. In a period of rapid change, the quality and completeness of that data become even more critical. A more complex view of today’s consumer What has changed is the consumer. Traditional credit data is foundational but can be further enhanced with visibility on how people earn, manage and move money. Income may come from multiple sources, and financial activity often spans bank accounts, applications (apps) and digital channels. Cash flow data, for example, can provide a clearer view of what’s actually coming into a consumer’s account, beyond what traditional records may show.These additional signals can help lenders better understand: Income variability across multiple earning sources Current financial behavior through cash flow activity Digital and identity-linked activity across channels These signals don’t replace traditional data; they expand it. The result is a more complete and current view of the consumer. From exploration to real-world application The conversation around broader data signals has moved beyond theory. Lenders are no longer just asking whether these signals are useful. They’re asking where, how and under what governance they can be applied across the lending lifecycle. Lenders are actively researching, testing and implementing new data sources across the lending lifecycle. What was once experimental is now operational. Institutions are progressing through a clear path: Research Understanding available signals and use cases Testing Evaluating performance in controlled environments Implementation Applying insights in production Today, alternative data is being used in areas like analytics, channel scoring and decisioning, often within governed environments that allow for safe testing and validation. AI may accelerate this shift by helping institutions identify patterns at scale, but its value depends on the strength of the underlying data: quality, governance, context and clear business use cases. More signal, more responsibility As data availability expands, lenders have access to more granular insights than ever before. That creates opportunity, but also responsibility. The institutions that lead won’t be the ones that use the most data. They’ll be the ones that know which signals to use, how to validate them and how to apply them in ways that are fair, explainable and aligned to consumer outcomes. “Institutions can unlock more granular and powerful decisions, but they have to do it responsibly.”Erin Haselkorn, Senior Director, Analyst Relations The future of lending will be shaped not just by how much data is available, but by how thoughtfully it’s applied. Keeping the consumer at the center of decisioning is essential to building trust and long-term success. Explore alternative data with us A more complete understanding of today’s consumers starts with better data. We help lenders responsibly incorporate broader data signals and advanced analytics into decisioning strategies, enhancing visibility into today’s consumers while strengthening risk assessment and expanding access to credit. Let’s work together to build more confident, more responsible lending decisions. Learn more Contact us About our experts Jeff Hops Senior Director, Data Platform and Product, Experian Jeff Hops is a Senior Director in Experian’s Financial Services and Data business with over eight years of experience driving innovation in credit and data solutions. He has led product development for Experian’s Credit Report and played a key role in launching Ascend Identity Platform™, a leading identity resolution platform. Erin Haselkorn Senior Director, Analyst Relations, Experian Erin Haselkorn is responsible for analyst relations for Experian. She has developed an understanding of key marketing trends across a broad range of verticals. Her market research around data strategy, AI, fraud, identity and data management, paired with her broad Experian product knowledge, gives her a unique understanding of business automation and data trends. Erin is a frequent spokesperson and guest blogger.
For lenders, the job has never been more complex. You’re expected to protect portfolio performance, meet regulatory expectations, and support growth, all while fraud tactics evolve faster than many traditional risk frameworks were designed to handle. One of the biggest challenges of the job? The line between credit loss and fraud loss is increasingly blurred, and misclassified losses can quietly distort portfolio performance. First-party fraud can look like standard credit risk on the surface and synthetic identity fraud can be difficult to identify, allowing both to quietly slip through decisioning models and distort portfolio performance. That’s where fraud risk scores come into play. Used correctly, they don’t replace credit models; they strengthen them. And for credit risk teams under pressure to approve more genuine customers without absorbing unnecessary losses, understanding how fraud risk scores fit into modern decisioning has become essential. What is a fraud risk score (and what isn’t it) At its core, a fraud risk score is designed to assess the likelihood that an applicant or account is associated with fraudulent behavior, not simply whether they can repay credit. That distinction matters. Traditional credit scores evaluate ability to repay based on historical financial behavior. Fraud risk scores focus on intent and risk signals, patterns that suggest an individual may never intend to repay, may be manipulating identity data, or may be building toward coordinated abuse. Fraud risk scores are not: A replacement for credit scoring A blunt tool designed to decline more applicants A one-time checkpoint limited to account opening Instead, they provide an additional lens that helps credit risk teams separate true credit risk from fraud that merely looks like credit loss. How fraud scores augment decisioning Credit models were never built to detect fraud masquerading as legitimate borrowing behavior. Consider common fraud scenarios facing lenders today: First-payment default, where an applicant appears creditworthy but never intends to make an initial payment Bust-out fraud, where an individual builds a strong credit profile over time, then rapidly maxes out available credit before disappearing Synthetic identity fraud, where criminals blend real and fabricated data to create identities that mature slowly and evade traditional checks In all three cases, the applicant may meet credit criteria at the point of decision. Losses can get classified as charge-offs rather than fraud, masking the real source of portfolio degradation. When credit risk teams rely solely on traditional models, the result is often an overly conservative response: tighter credit standards, fewer approvals, and missed growth opportunities. How fraud risk scores complement traditional credit decisioning Fraud risk scores work best when they augment credit decisioning. For credit risk officers, the value lies in precision. Fraud risk scores help identify applicants or accounts where behavior, velocity or identity signals indicate elevated fraud risk — even when credit attributes appear acceptable. When integrated into decisioning strategies, fraud risk scores can: Improve confidence in approvals by isolating high-risk intent early Enable adverse-actionable decisions for first-party fraud, supporting compliance requirements Reduce misclassified credit losses by clearly identifying fraud-driven outcomes Support differentiated treatment strategies rather than blanket declines The goal isn’t to approve fewer customers. It’s to approve the right customers and to decline or treat risk where intent doesn’t align with genuine borrowing behavior. Fraud risk across the credit lifecycle One of the most important shifts for credit risk teams is recognizing that fraud risk is not static. Fraud risk scores can deliver value at multiple stages of the credit lifecycle: Marketing and prescreen: Fraud risk insights help suppress high-risk identities before offers are extended, ensuring marketing dollars are maximized by targeting low risk consumers. Account opening and originations: Real-time fraud risk scoring supports early detection of first-party fraud, synthetic identities, and identity misuse — before losses are booked. Prequalification and instant decisioning: Fraud risk scores can be used to exclude high-risk applicants from offers while maintaining speed and customer experience. Account management and portfolio review: Fraud risk doesn’t end after onboarding. Scores applied in batch or review processes help identify accounts trending toward bust-out behavior or coordinated abuse, informing credit line management and treatment strategies. This lifecycle approach reflects a broader shift: fraud prevention is no longer confined to front-end controls — it’s a continuous risk discipline. What credit risk officers should look for in a fraud risk score Not all fraud risk scores are created equal. When evaluating or deploying them, credit risk officers should prioritize: Lifecycle availability, so fraud risk can be assessed beyond originations Clear distinction between intent and ability to repay, especially for first-party fraud Adverse-action readiness, including explainability and reason codes Regulatory alignment, supporting fair lending and compliance requirements Seamless integration alongside existing credit and decisioning frameworks Increasingly, credit risk teams also value platforms that reduce operational complexity by enabling fraud and credit risk assessment through unified workflows rather than fragmented point solutions. A more strategic approach to fraud and credit risk The most effective credit risk strategies today are not more conservative, they’re more precise. Fraud risk scores give credit risk officers the ability to stop fraud earlier, classify losses accurately and protect portfolio performance without tightening credit across the board. When fraud and credit insights work together, teams can gain a clearer view of risk, stronger decision confidence and more flexibility to support growth. As fraud tactics continue to evolve, the organizations that succeed will be those that can effectively separate fraud from credit loss. Fraud risk scores are no longer a nice-to-have. They’re a foundational tool for modern credit risk strategies. How credit risk teams can operationalize fraud risk scores For credit risk officers, the challenge isn’t just understanding fraud risk, it’s operationalizing it across the credit lifecycle without adding friction, complexity or compliance risk. Rather than treating fraud as a point-in-time decision, credit risk teams should assess fraud risk where it matters most, from acquisition through portfolio management. Fraud risk scores are designed to complement credit decisioning by focusing on intent to repay, helping teams distinguish fraud-driven behavior from traditional credit risk. Key ways Experian supports credit risk teams include: Lifecycle coverage: Experian award-winning fraud risk scores are available across marketing, originations, prequalification, instant decisioning and ongoing account review. This allows organizations to apply consistent fraud strategies beyond account opening. First-party and synthetic identity fraud intelligence: Experian’s fraud risk scoring addresses first-payment default, bust-out behavior and synthetic identity fraud, which are scenarios that often bypass traditional credit models because they initially appear creditworthy. Converged fraud and credit decisioning: By delivering fraud and credit insights together, often through a single integration, Experian can help reduce operational complexity. Credit risk teams can assess fraud and credit risk simultaneously rather than managing disconnected tools and workflows. Precision over conservatism: The emphasis is not on declining more applicants, but on approving more genuine customers by isolating high-risk intent earlier. This precision helps protect portfolio performance without sacrificing growth. For lenders navigating increasing fraud pressure, Experian’s approach reflects a broader shift in the industry: fraud prevention and credit risk management are no longer separate disciplines; they are most effective when aligned. Explore our fraud solutions Contact us
Learn how offering modern employee benefits around financial wellness helps with retention and new hiring.
In today’s digital lending landscape, fraudsters are more sophisticated, coordinated, and relentless than ever. For companies like Terrace Finance — a specialty finance platform connecting over 5,000 merchants, consumers, and lenders — effectively staying ahead of these threats is a major competitive advantage. That is why Terrace Finance partnered with NeuroID, a part of Experian, to bring behavioral analytics into their fraud prevention strategy. It has given Terrace’s team a proactive, real-time defense that is transforming how they detect and respond to attacks — potentially stopping fraud before it ever reaches their lending partners. The challenge: Sophisticated fraud in a high-stakes ecosystem Terrace Finance operates in a complex environment, offering financing across a wide range of industries and credit profiles. With applications flowing in from countless channels, the risk of fraud is ever-present. A single fraudulent transaction can damage lender relationships or even cut off financing access for entire merchant groups. According to CEO Andy Hopkins, protecting its partners is a top priority for Terrace:“We know that each individual fraud attack can be very costly for merchants, and some merchants will get shut off from their lending partners because fraud was let through ... It is necessary in this business to keep fraud at a tolerable level, with the ultimate goal to eliminate it entirely.” Prior to NeuroID, Terrace was confident in its ability to validate submitted data. But with concerns about GenAI-powered fraud growing, including the threat of next-generation fraud bots, Terrace sought out a solution that could provide visibility into how data was being entered and detect risk before applications are submitted. The solution: Behavioral analytics from NeuroID via Experian After integrating NeuroID through Experian’s orchestration platform, Terrace gained access to real-time behavioral signals that detected fraud before data was even submitted. Just hours after Terrace turned NeuroID on, behavioral signals revealed a major attack in progress — NeuroID enabled Terrace to respond faster than ever and reduce risk immediately. “Going live was my most nerve-wracking day. We knew we would see data that we have never seen before and sure enough, we were right in the middle of an attack,” Hopkins said. “We thought the fraud was a little more generic and a little more spread out. What we found was much more coordinated activities, but this also meant we could bring more surgical solutions to the problem instead of broad strokes.” Terrace has seen significant results with NeuroID in place, including: Together, NeuroID and Experian enabled Terrace to build a layered, intelligent fraud defense that adapts in real time. A partnership built on innovation Terrace Finance’s success is a testament to what is possible when forward-thinking companies partner with innovative technology providers. With Experian’s fraud analytics and NeuroID’s behavioral intelligence, they have built a fraud prevention strategy that is proactive, precise, and scalable. And they are not stopping there. Terrace is now working with Experian to explore additional tools and insights across the ecosystem, continuing to refine their fraud defenses and deliver the best possible experience for genuine users. “We use the analogy of a stream,” Hopkins explained. “Rocks block the flow, and as you remove them, it flows better. But that means smaller rocks are now exposed. We can repeat these improvements until the water flows smoothly.” Learn more about Terrace Finance and NeuroID Want more of the story? Read the full case study to explore how behavioral analytics provided immediate and long-term value to Terrace Finance’s innovative fraud prevention strategy. Read case study
Data breaches continue to be a reality for organizations across industries, and the complexity of responding to them is only increasing. From AI-driven fraud to third-party exposures, the risk landscape is shifting fast. Having a modern and tested response plan is essential to containing the damage, protecting your customers, and preserving your organization’s reputation when a breach occurs. Experian’s eleventh annual Data Breach Response Guide draws on decades of breach support experience. It offers practical strategies and insights for navigating the moments that matter most: the first hours after a breach and the days that follow. The 2025–2026 guide explores: How AI is shaping new breach and fraud patterns Where organizations are most vulnerable, including third-party and supply chain weak points Consumer expectations and how they influence crisis response How prepared organizations are reducing impact and protecting trust What is required to build a modern, effective breach response plan Organizations with a tested plan can potentially reduce the cost, impact, and long-term consequences of a breach. From real-world case insights to crisis communication templates, this guide is designed to help teams act quickly and confidently. Download the 2025–2026 Data Breach Response Guide to learn how you can strengthen your breach preparedness, reduce risk exposure, and build resilience against the next wave of cybersecurity threats. Download guide
Now in its tenth year, Experian’s U.S. Identity and Fraud Report continues to uncover the shifting tides of fraud threats and how consumers and businesses are adapting. Our latest edition sheds light on a decade of change and unveils what remains consistent: trust is still the cornerstone of digital interactions. This year’s report draws on insights from over 2,000 U.S. consumers and 200 businesses to explore how identity, fraud and trust are evolving in a world increasingly shaped by generative artificial intelligence (GenAI) and other emerging technologies. Highlights: Over a third of companies are using AI, including generative AI, to combat fraud. 72% of business leaders anticipate AI-generated fraud and deepfakes as major challenges by 2026. Nearly 60% of companies report rising fraud losses, with identity theft and payment fraud as top concerns. Digital anxiety persists with 57% of consumers worried about doing things online. Ready to go deeper? Explore the full findings and discover how your organization can lead with confidence in an evolving fraud landscape. Download report Watch on-demand webinar Read press release
An OTP bot is an automated tool designed to trick users into revealing their one-time password, a temporary code used in MFA.
Meet the Maker: Behind the Scenes with the Experts Fighting E-Commerce Fraud
Fraud & Identity ManagementLearn how behavioral analytics, device and network intelligence, and credit card owner verification can help e-commerce merchants combat key fraud threats.
What is Click Fraud? Understanding, Detecting, and Preventing Click Bots
Fraud & Identity ManagementClick fraud is a costly, often overlooked threat affecting digital businesses. Learn more about how behavioral analytics can help stop it.
Fake IDs have been around for decades, but today’s fraudsters aren’t just printing counterfeit driver’s licenses — they’re using artificial intelligence (AI) to create synthetic identities. These AI fake IDs bypass traditional security checks, making it harder for businesses to distinguish real customers from fraudsters. To stay ahead, organizations need to rethink their fraud prevention solutions and invest in advanced tools to stop bad actors before they gain access. The growing threat of AI Fake IDs AI-generated IDs aren’t just a problem for bars and nightclubs; they’re a serious risk across industries. Fraudsters use AI to generate high-quality fake government-issued IDs, complete with real-looking holograms and barcodes. These fake IDs can be used to commit financial fraud, apply for loans or even launder money. Emerging services like OnlyFake are making AI-generated fake IDs accessible. For $15, users can generate realistic government-issued IDs that can bypass identity verification checks, including Know Your Customer (KYC) processes on major cryptocurrency exchanges.1 Who’s at risk? AI-driven identity fraud is a growing problem for: Financial services – Fraudsters use AI-generated IDs to open bank accounts, apply for loans and commit credit card fraud. Without strong identity verification and fraud detection, banks may unknowingly approve fraudulent applications. E-commerce and retail – Fake accounts enable fraudsters to make unauthorized purchases, exploit return policies and commit chargeback fraud. Businesses relying on outdated identity verification methods are especially vulnerable. Healthcare and insurance – Fraudsters use fake identities to access medical services, prescription drugs or insurance benefits, creating both financial and compliance risks. The rise of synthetic ID fraud Fraudsters don’t just stop at creating fake IDs — they take it a step further by combining real and fake information to create entirely new identities. This is known as synthetic ID fraud, a rapidly growing threat in the digital economy. Unlike traditional identity theft, where a criminal steals an existing person’s information, synthetic identity fraud involves fabricating an identity that has no real-world counterpart. This makes detection more difficult, as there’s no individual to report fraudulent activity. Without strong synthetic fraud detection measures in place, businesses may unknowingly approve loans, credit cards or accounts for these fake identities. The deepfake threat AI-powered fraud isn’t limited to generating fake physical IDs. Fraudsters are also using deepfake technology to impersonate real people. With advanced AI, they can create hyper-realistic photos, videos and voice recordings to bypass facial recognition and biometric verification. For businesses relying on ID document scans and video verification, this can be a serious problem. Fraudsters can: Use AI-generated faces to create entirely fake identities that appear legitimate Manipulate real customer videos to pass live identity checks Clone voices to trick call centers and voice authentication systems As deepfake technology improves, businesses need fraud prevention solutions that go beyond traditional ID verification. AI-powered synthetic fraud detection can analyze biometric inconsistencies, detect signs of image manipulation and flag suspicious behavior. How businesses can combat AI fake ID fraud Stopping AI-powered fraud requires more than just traditional ID checks. Businesses need to upgrade their fraud defenses with identity solutions that use multidimensional data, advanced analytics and machine learning to verify identities in real time. Here’s how: Leverage AI-powered fraud detection – The same AI capabilities that fraudsters use can also be used against them. Identity verification systems powered by machine learning can detect anomalies in ID documents, biometrics and user behavior. Implement robust KYC solutions – KYC protocols help businesses verify customer identities more accurately. Enhanced KYC solutions use multi-layered authentication methods to detect fraudulent applications before they’re approved. Adopt real-time fraud prevention solutions – Businesses should invest in fraud prevention solutions that analyze transaction patterns and device intelligence to flag suspicious activity. Strengthen synthetic identity fraud detection – Detecting synthetic identities requires a combination of behavioral analytics, document verification and cross-industry data matching. Advanced synthetic fraud detection tools can help businesses identify and block synthetic identities. Stay ahead of AI fraudsters AI-generated fake IDs and synthetic identities are evolving, but businesses don’t have to be caught off guard. By investing in identity solutions that leverage AI-driven fraud detection, businesses can protect themselves from costly fraud schemes while ensuring a seamless experience for legitimate customers. At Experian, we combine cutting-edge fraud prevention, KYC and authentication solutions to help businesses detect and prevent AI-generated fake ID and synthetic ID fraud before they cause damage. Our advanced analytics, machine learning models and real-time data insights provide the intelligence businesses need to outsmart fraudsters. Learn more *This article includes content created by an AI language model and is intended to provide general information. 1 https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/
Fraud rings cause an estimated $5 trillion in financial damages every year, making them one of the most dangerous threats facing today’s businesses. They’re organized, sophisticated and only growing more powerful with the advent of Generative AI (GenAI). Armed with advanced tools and an array of tried-and-true attack strategies, fraud rings have perfected the art of flying under the radar and circumventing traditional fraud detection tools. Their ability to adapt and innovate means they can identify and exploit vulnerabilities in businesses' fraud stacks; if you don’t know how fraud rings work and the right signs to look for, you may not be able to catch a fraud ring attack until it’s too late. What is a fraud ring? A fraud ring is an organized group of cybercriminals who collaborate to execute large-scale, coordinated attacks on one or more targets. These highly sophisticated groups leverage advanced techniques and technologies to breach fraud defenses and exploit vulnerabilities. In the past, they were primarily humans working scripts at scale; but with GenAI they’re increasingly mobilizing highly sophisticated bots as part of (or the entirety of) the attack. Fraud ring attacks are rarely isolated incidents. Typically, these groups will target the same victim multiple times, leveraging insights gained from previous attack attempts to refine and enhance their strategies. This iterative approach enables them to adapt to new controls and increase their impact with each subsequent attack. The impacts of fraud ring attacks far exceed those of an individual fraudster, incurring significant financial losses, interrupting operations and compromising sensitive data. Understanding the keys to spotting fraud rings is crucial for crafting effective defenses to stop them. Uncovering fraud rings There’s no single tell-tale sign of a fraud ring. These groups are too agile and adaptive to be defined by one trait. However, all fraud rings — whether it be an identity fraud ring, coordinated scam effort, or large-scale ATO fraud scheme — share common traits that produce warning signs of imminent attacks. First and foremost, fraud rings are focused on efficiency. They work quickly, aiming to cause as much damage as possible. If the fraud ring’s goal is to open fraudulent accounts, you won’t see a fraud ring member taking their time to input stolen data on an application; instead, they’ll likely copy and paste data from a spreadsheet or rely on fraud bots to execute the task. Typically, the larger the fraud ring attack, the more complex it is. The biggest fraud rings leverage a variety of tools and strategies to keep fraud teams on their heels and bypass traditional fraud defenses. Fraud rings often test strategies before launching a full-scale attack. This can look like a small “probe” preceding a larger attack, or a mass drop-off after fraudsters have gathered the information they needed from their testing phase. Fraud ring detection with behavioral analytics Behavioral analytics in fraud detection uncovers third-party fraud, from large-scale fraud ring operations and sophisticated bot attacks to individualized scams. By analyzing user behavior, organizations can effectively detect and mitigate these threats. With behavioral analytics, businesses have a new layer of fraud ring detection that doesn’t exist elsewhere in their fraud stack. At a crowd level, behavioral analytics reveals spikes in risky behavior, including fraud ring testing probes, that may indicate a forthcoming fraud ring attack, but would typically be hidden by sheer volume or disregarded as normal traffic. Behavioral analytics also identifies the high-efficiency techniques that fraud rings use, including copy/paste or “chunking” behaviors, or the use of advanced fraud bots designed to mimic human behavior. Learn more about our behavioral analytics solutions and their fraud ring detection capabilities. Learn more
Fraud never sleeps, and neither do the experts working to stop it. That’s why we’re thrilled to introduce Meet the Maker, our new video series spotlighting the brilliant minds behind Experian’s cutting-edge fraud solutions. In our first episode, Matt Ehrlich, Senior Director of Identity and Fraud Product Management, and Andrea Nighswander, Senior Director of Global Solution Strategy, share how they use data, advanced analytics, and deep industry expertise to stay ahead of fraudsters. With 35+ years of combined experience, these fraud-fighting veterans know exactly what it takes to keep bad actors at bay. Watch now for an exclusive look at the minds shaping the future of fraud prevention. Stay tuned for more episodes featuring the visionaries driving fraud innovation.
Why Credit Risk, Fraud, and Compliance Are Converging — and Why It Matters for Your Risk Strategy
Fraud & Identity ManagementThe days of managing credit risk, fraud prevention, and compliance in silos are over. As fraud threats evolve, regulatory scrutiny increases, and economic uncertainty persists, businesses need a more unified risk strategy to stay ahead. Our latest e-book, Navigating the intersection of credit, fraud, and compliance, explores why 94% of forward-looking companies expect credit, fraud, and compliance to converge within the next three years — and what that means for your business.1 Key insights include: The line between fraud and credit risk is blurring. Many organizations classify first-party fraud losses as credit losses, distorting the true risk picture. Fear of fraud is costing businesses growth. 68% of organizations say they’re denying too many good customers due to fraud concerns. A unified approach is the future. Integrating risk decisioning across credit, fraud, and compliance leads to stronger fraud detection, smarter credit risk assessments, and improved compliance. Read the full e-book to explore how an integrated risk approach can protect your business and fuel growth. Download e-book 1Research conducted by InsightAvenue on behalf of Experian
A spoofing attack occurs when a threat actor impersonates a trusted source to gain access to sensitive information, disrupt operations or manipulate systems.
Bots have been a consistent thorn in fraud teams’ side for years. But since the advent of generative AI (genAI), what used to be just one more fraud type has become a fraud tsunami. This surge in fraud bot attacks has brought with it: A 108% year-over-year increase in credential stuffing to take over accounts1 A 134% year-over-year increase in carding attacks, where stolen cards are tested1 New account opening fraud at more than 25% of businesses in the first quarter of 2024 While fraud professionals rush to fight back the onslaught, they’re also reckoning with the ever-evolving threat of genAI. A large factor in fraud bots’ new scalability and strength, genAI was the #1 stress point identified by fraud teams in 2024, and 70% expect it to be a challenge moving forward, according to Experian’s U.S. Identity and Fraud Report. This fear is well-founded. Fraudsters are wasting no time incorporating genAI into their attack arsenal. GenAI has created a new generation of fraud bot tools that make bot development more accessible and sophisticated. These bots reverse-engineer fraud stacks, testing the limits of their targets’ defenses to find triggers for step-ups and checks, then adapt to avoid setting them off. How do bot detection solutions fare against this next generation of bots? The evolution of fraud bots The earliest fraud bots, which first appeared in the 1990s2 , were simple scripts with limited capabilities. Fraudsters soon began using these scripts to execute basic tasks on their behalf — mainly form spam and light data scraping. Fraud teams responded, implementing bot detection solutions that continued to evolve as the threats became more sophisticated. The evolution of fraud bots was steady — and mostly balanced against fraud-fighting tools — until genAI supercharged it. Today, fraudsters are leveraging genAI’s core ability (analyzing datasets and identifying patterns, then using those patterns to generate solutions) to create bots capable of large-scale attacks with unprecedented sophistication. These genAI-powered fraud bots can analyze onboarding flows to identify step-up triggers, automate attacks at high-volume times, and even conduct “behavior hijacking,” where bots record and replicate the behaviors of real users. How next-generation fraud bots beat fraud stacks For years, a tried-and-true tool for fraud bot detection was to look for the non-human giveaways: lightning-fast transition speeds, eerily consistent keystrokes, nonexistent mouse movements, and/or repeated device and network data were all tell-tale signs of a bot. Fraud teams could base their bot detection strategies off of these behavioral red flags. Stopping today’s next-generation fraud bots isn’t quite as straightforward. Because they were specifically built to mimic human behavior and cycle through device IDs and IP addresses, today’s bots often appear to be normal, human applicants and circumvent many of the barriers that blocked their predecessors. The data the bots are providing is better, too3, fraudsters are using genAI to streamline and scale the creation of synthetic identities.4 By equipping their human-like bots with a bank of high-quality synthetic identities, fraudsters have their most potent, advanced attack avenue to date. Skirting traditional bot detection with their human-like capabilities, next-generation fraud bots can bombard their targets with massive, often undetected, attacks. In one attack analyzed by NeuroID, a part of Experian, fraud bots made up 31% of a business's onboarding volume on a single day. That’s nearly one-third of the business’s volume comprised of bots attempting to commit fraud. If the business hadn’t had the right tools in place to separate these bots from genuine users, they wouldn’t have been able to stop the attack until it was too late. Beating fraud bots with behavioral analytics: The next-generation approach Next-generation fraud bots pose a unique threat to digital businesses: their data appears legitimate, and they look like a human when they’re interacting with a form. So how do fraud teams differentiate fraud bots from an actual human user? NeuroID’s product development teams discovered key nuances that separate next-generation bots from humans, and we’ve updated our industry-leading bot detection capabilities to account for them. A big one is mousing patterns: random, erratic cursor movements are part of what makes next-generation bots so eerily human-like, but their movements are still noticeably smoother than a real human’s. Other bot detection solutions (including our V1 signal) wouldn’t flag these advanced cursor movements as bot behavior, but our new signal is designed to identify even the most granular giveaways of a next-generation fraud bot. Fraud bots will continue to evolve. But so will we. For example, behavioral analytics can identify repeated actions — down to the pixel a cursor lands on — during a bot attack and block out users exhibiting those behaviors. Our behavior was built specifically to combat next-gen challenges with scalable, real-time solutions. This proactive protection against advanced bot behaviors is crucial to preventing larger attacks. For more on fraud bots’ evolution, download our Emerging Trends in Fraud: Understanding and Combating Next-Gen Bots report. Learn more Sources 1 HUMAN Enterprise Bot Fraud Benchmark Report 2 Abusix 3 NeuroID 4 Biometric Update
