As the celebrated physicist Niels Bohr famously joked, "Prediction is very difficult, especially if it's about the future." Here’s one we can make confidently: 2025 is lining up to be a banner year for bad actors perpetrating payment fraud.
Whether it’s low-tech approaches typically associated with paper check scams, or new forms of digital fraud involving generative artificial intelligence (Gen AI), fraud fighters will have their hands full. And while professional fraudsters have turned up the heat with deep fakes, synthetic identities, and illicit use of Gen AI, fraud fighters are steadily gaining ground.
Here, we examine three of the top fraud trends that will keep security teams busy in 2025, with suggestions for getting a jump on thieves. We’ve outlined potential and likely impacts of these emergent fraud vectors, and actions that can help combat these threats.
Exploiting Weaknesses in Open Banking Frameworks
Open Banking, promoted across Europe under the PSD2 directive, has introduced new channels for innovation, but also created vulnerabilities in the payments landscape. Fraudsters are exploiting these API-based ecosystems by targeting third-party providers (TPPs) with phishing attacks, social engineering scams, and sophisticated credential-stealing techniques.
Impact: Payment fraud, particularly unauthorized access to accounts through Open Banking, could lead to significant financial losses for both individuals and businesses. This poses a growing challenge as fraudsters target security weaknesses in the data-sharing frameworks between TPPs and financial institutions (FIs).
Action: Reports from the European Banking Authority (EBA) and UK Finance show rising cases of payment fraud linked to Open Banking. FIs must strengthen authentication processes for Open Banking access, ensuring that robust multi-factor authentication (MFA) and real-time transaction monitoring are in place. While PSD2 mandates Strong Customer Authentication (SCA) for certain transactions, ongoing refinement of these rules (potentially under PSD3) will likely be required as fraud tactics continue to evolve.
The Rise of Account Takeover (ATO)
Account Takeover (ATO) fraud will likely escalate in 2025 as digital payment platforms and peer-to-peer payment systems grow in popularity. Fraudsters will increasingly exploit weak authentication methods to gain unauthorized access to accounts, either through phishing, social engineering, or credential stuffing attacks. ATO fraud is often driven by data breaches and compromised personal information, enabling fraudsters to take control of accounts and initiate unauthorized payments.
Impact: ATO fraud typically stems from data breaches where large volumes of personal information are compromised, providing fraudsters with the details needed to take over accounts. Once fraudsters gain control, they can transfer funds, make purchases, or use the account for other fraudulent activities such as money laundering, posing major risks to both individuals and organizations. UK Finance has documented rising ATO cases, noting that compromised credentials from data breaches are a key factor facilitating these attacks.
Action: Enhancing multi-factor authentication (MFA) and biometric verification systems will be vital. Payment service providers and FIs should also deploy payment fraud analytics to detect abnormal transaction patterns that could signal ATO attempts.
AI-Powered Insider Threats and Payment Fraud
As AI becomes more widely accessible, it will not only aid businesses in detecting fraud but also empower fraudsters to carry out more sophisticated and difficult-to-detect attacks. Insider fraudsters may leverage AI to automate and scale their illicit activities, making their attacks more targeted and precise. Additionally, payment fraud is likely to rise with the use of AI-generated deepfakes (BEC, APP) and synthetic identities.
Impact: AI-driven fraud will be faster, more precise, and significantly harder to detect. Traditional security systems, reliant on static rules, will struggle to keep up with AI-enabled attacks that can adapt in real-time. In payment fraud, AI could be used to forge highly convincing impersonations leading to BEC or APP fraud. The potential financial losses and reputational damage could be severe.
Action: FIs should invest in advanced AI-based fraud detection tools to counteract evolving threats, focusing on anomaly detection and machine learning algorithms capable of analyzing large volumes of data in real-time. Education on the responsible use of AI will be critical.