ChatGPT & Identity TheftRisk Services Executive Warns of “Steroid Pill” for Fintech Fraud

June 16, 2023 | 8 min read

This image was created by artificial intelligence using the following prompts:

Image used as a reference. Someone using Ai software to commit cyber fraud. Pops of red and teal. (logo icon added to image)

ChatGPT & Identity Theft

In a Nutshell

New AI tools like ChatGPT have been like a “steroid pill” for bad actors looking to commit digital identity fraud. But, that threat may be offset by better data management, as well as effective use of AI on behalf of merchants to counter the fraudster's use of the technology.

Scammers Are Leveraging ChatGPT to Commit Identity Theft: Is Better Data the Solution?

Financial fraud isn’t just surging: it’s booming.

The world is steadily becoming more digitized. The identities of both consumers and companies, along with the authentication protocols protecting them, are becoming increasingly digital. This digital shift offers fraudsters a plethora of opportunities.

Scammers are now able to blend legitimate, purloined credentials with manufactured but personally identifiable information to forge new identities, all aimed at executing financial fraud. For instance, The Federal Trade Commission received numerous new fraud complaints throughout 2022; of these, 21.5% were related to identity theft.

The situation necessitates an intelligent approach to protection for modern businesses. The onus is on organizations to continuously adapt and fortify their protective measures. They need to incorporate a powerful blend of next-gen technology, data analysis, and best-practice education as part of their strategy to fend off incoming threats.

Boosting the Efficiency of Risk Management Systems

AI-enabled tools are helping payment methods evolve to be quicker and more seamless. As recently reported, Invezz is currently exploring AI-enabled cloud computing technologies aimed at “analyzing and selecting securities tailored to customer needs.”

At the same time, though, cyber criminals are also stepping up their traditional tactics. Notably, they’re integrating cutting-edge technologies like generative artificial intelligence (AI) to devise new assault strategies.

ACI Worldwide Head of Risk Services Erika Dietrich characterized novel AI utilities like ChatGPT as a “steroid pill” for fraudsters navigating the digital payments ecosystem during a recent conversation with PYMNTS. “Firstly, people can construct artificial email accounts and employ a range of AI-driven techniques and resources to not only extract data but also generate partial and fabricated identity characteristics,” she explained. “Secondly, these AI utilities simplify and exponentially enhance the capacity for criminals to generate bots for their attacks.”

Dietrich also highlighted the necessity of maintaining “adequate digital cleanliness” for consumers. She stressed the significance of businesses implementing multi-tiered solutions to verify and authenticate any information being inserted into their systems.

Dietrich added that, in light of this turbulent fraud landscape, it is essential that retailers and bill issuers clarify their mode of interaction with customers. They must clearly state, “This is our mode of engagement with you, and this is not.”

Balancing Security & Friction in Data-Intensive Settings

There’s a lot of wisdom in Dietrich’s warning about AI. But, there’s also the fact that multilayer fraud detection — itself backed by AI — can help eliminate fraud. 

As a merchant, you must calculate risk while maintaining a seamless customer experience and keeping operational costs in check. This demands proficient coordination of data components, data sources, profiling techniques, and data association methods. It also required contemporary technologies like predictive AI and machine learning. These must be used wisely and at opportune moments.

Better protection against fraud and chargebacks without increased friction. Find out how.REQUEST A DEMO

It’s key that businesses strike a balance between authentication and friction. They need to distinguish necessary points of resistance, and only introduce friction in the consumer journey when there's a valid identity concern. This approach ensures a frictionless customer journey, while still establishing trust.

This is partly an analytical methodology, and partly an art. Striking the right balance is crucial because businesses employing a multilayered solution should also adopt a layered approach to their fraud prevention and risk control mechanisms.

The key lies in creating an accurate profile of buyers by leveraging past data. This insight should then be incorporated into a strategy based on factors like location, payment preferences, and device used. Accounts should be carefully monitored using artificial intelligence, then escalated for human decision as needed.

Human oversight will continue to play a role in data coordination and response management mechanisms. As Dietrich asserts, “There will always be a human in the loop.”

Four Key Takeaways for Meeting the Challenges of AI-Enabled Fraud

So, what can we take from this discussion?

The top-line point here is that, with every new technological advancement intended to simplify commerce and improve security measures, we can expect an equal response from fraudsters seeking to exploit these advancements for their own gain. A few other critical insights and points to note regarding “weaponized” AI in the financial sector include:

#1 Increasing Sophistication of Fraud

With the evolution and integration of technologies such as AI in payment systems, fraudsters are also leveraging these tools to create more sophisticated strategies. This includes the creation of synthetic identities and automated bots for large-scale attacks.

#2 Balancing Security & User Experience

Businesses need to strike a delicate balance between securing their systems and ensuring a frictionless customer experience. Intrusive security measures may deter potential customers, whereas lax measures may expose customers — and as a result, the business — to fraud.

#3 The Role of Multilayered Solutions

A multilayered approach to anti-fraud and risk controls is needed. This involves using historical data to profile a customer and then tailoring a strategy based on factors like payment method, location, and the device or account used.

#4 The Irreplaceable Human Element

Despite the increasing role of digital tools and AI in managing fraud risks, the human element remains essential, serving as a guide and coach in overseeing data coordination and response management.

Merchants Should Prepare

While Dietrich’s concerns are certainly warranted and timely, you should proceed with a note of careful optimism. With a little preparation, you can be well-placed to meet these incoming threats and improve their business practices.

Of course, it’s still wise to get ahead of the issue before it becomes a problem. Thankfully, there are several things you can do to insulate your business against new digital threats. Some best practices to consider here include:

Adopting AI and Machine Learning

As fraudsters are using AI, you should also leverage AI and machine learning to detect and prevent fraud. These technologies can identify patterns and anomalies in large datasets quickly and more accurately than humans.

Employ Multifactor Authentication

You should employ multifactor authentication processes to ensure the legitimacy of transactions. This adds an extra layer of security, making it more difficult for fraudsters to gain access to accounts.

Continuous Monitoring & Adaptation

You should continuously monitor systems for any signs of fraudulent activity and adapt security measures accordingly. This could include staying updated with the latest fraud trends, updating systems to guard against these tactics, and more.

Educating Customers

As the fraud landscape continues to evolve, it's crucial to keep customers informed about safe online practices. This includes advising customers on how to spot potential scams and providing clear communication on how you will interact with them.

Collaborating With Authorities

Working closely with law enforcement, regulators, and payment networks can help facilitate better data sharing. Sharing information about emerging threats will help ensure that all parties are aligned with best practices for fraud prevention.

Data Encryption & Tokenization

You should employ robust encryption strategies to protect sensitive customer data. Tokenization can be used to replace sensitive data with unique identification symbols (or “tokens”) that retain all the essential information about the data without compromising its security.

Behavioral Analytics

By analyzing and understanding the behavior of typical customers, you can more readily identify suspicious activities that deviate from the norm. AI can be instrumental in studying and understanding this behavior at scale, hence providing valuable insights into potential fraudulent activities.

Invest in Cybersecurity Insurance

As a preventive measure, investing in cybersecurity insurance can help businesses manage the financial implications of a potential security breach. This doesn't directly stop fraud. However, it serves as a safety net in case of financial loss due to fraudulent activities.

Regularly Update Security Protocols

Cybersecurity does not have any “one-time” solutions. It demands consistent updates and revisions because, as technologies evolve, so do methods of fraud. Regularly updating security measures ensures that you stay one step ahead of fraudsters.

Develop a Response Strategy

One of the most important defenses against a security breach is having a thorough emergency response strategy in place. This strategy should detail the immediate steps to take in order to contain the incident, assess its extent and impact, communicate with those affected, and investigate the origin of the breach. Implementing an effective response strategy can drastically shorten recovery times and reduce associated costs. 

Additionally, taking lessons from these incidents can help improve the company's preventive actions and overall cybersecurity framework. This active and forward-thinking approach ensures that the company maintains its resilience against potential future threats.

The threat of AI-driven fraud is real and growing. However, by leveraging a blend of technology, well-devised strategies, and robust security measures, you can safeguard your businesses and customers against these threats.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
triangle shape background particle triangle shape background particle triangle shape background particle
Please share a few details and we'll connect with you!
Revenue Recovery icon
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form