Financial crime crossed $579.4 billion in global losses in 2025. That figure, from the Nasdaq Verafin Global Financial Crime Report, is not a projection or a worst-case scenario. It is what was recorded, across a year in which 67% of banks and fintechs reported rising fraud rates, and one in five institutions absorbed losses exceeding $5 million.
The more disorienting development is not the scale. It is the mechanism. The same AI capabilities that power the most advanced fraud detection systems available in 2026 are now being deployed on the other side of the transaction. Deepfake-enabled voice attacks, AI-generated synthetic identities, adversarial inputs designed to evade ML classifiers, fraud-as-a-service marketplaces — the arms race has gone bidirectional, and the pace is accelerating.
This analysis covers where financial crime is concentrated in 2026, how AI detection systems actually function, what the explainability gap means for regulatory compliance, and which regulatory deadlines are now forcing the issue for institutions that have not yet moved.
The Scale of Financial Crime in 2026
The headline figure of $579.4 billion understates the problem. Cyber-enabled fraud has nearly tripled over the past three years but remains systematically underreported due to data gaps across jurisdictions, as documented in IMF Working Paper 2026/062. The institutions absorbing losses are often reluctant to publicise them, and cross-border fraud frequently falls between reporting regimes entirely.
At the consumer end, the FTC recorded $15.9 billion in US consumer fraud losses in 2025 — a record high, with investment scams accounting for $5.7 billion of that total. Global identity fraud losses exceeded $50 billion in 2025, and early 2026 indicators suggest that figure will be surpassed before year-end.
What the aggregate numbers obscure is the concentration in specific, fast-moving categories. Synthetic identity fraud alone is estimated to generate $30-$35 billion in annual US economic losses. Authorised push payment (APP) fraud in the UK reached £450.7 million in 2024, rising a further 12% year-on-year in 2025. Globally, APP losses across the US, UK, and India are projected to reach $5.25 billion in 2026, growing at a 21% compound annual rate, with the US trajectory pointing toward $14.9 billion by 2028.
The Alloy State of Fraud Report 2026 found that 64% of respondents now cite AI and deepfakes as their primary identity fraud concern. In Q1 2025, deepfake-enabled vishing attacks surged 1,600% compared to Q4 2024. Between January and September 2025, AI-driven deepfake fraud caused an estimated $3 billion in losses in the United States alone.
These are not emerging threats being tracked in threat intelligence reports. They are current operational risk for any institution processing payments or onboarding customers at scale.
The Threat Landscape: Five Categories Driving Losses in 2026
Authorised push payment fraud has become the dominant payment fraud vector in markets with real-time payment infrastructure. Unlike card fraud, the customer authorises the transaction themselves, having been manipulated into doing so. The criminal receives the funds through a legitimate payment channel, and most jurisdictions provide limited or no recourse for the sender. The UK’s PSR reimbursement mandate (October 2024) represents the most significant regulatory response to date, but it addresses liability allocation rather than prevention, and its scope is limited to UK-regulated PSPs.
Synthetic identity fraud combines real data elements with fabricated ones to construct identities that pass standard KYC verification. Advances in generative AI have significantly lowered the barrier: AI now produces photorealistic identity documents, generates consistent biographical data, and can build synthetic credit profiles over months before a bust-out event. The synthetic identity does not trigger the fraud signals associated with stolen real identities because, from the perspective of most verification systems, it has never failed a check before.
Deepfake-enabled social engineering has moved from demonstration threat to operational tool. Voice cloning at the quality required to deceive a call centre operator is now accessible through commercial AI services. Video deepfakes sufficient to pass basic liveness checks at account onboarding are available through fraud-as-a-service platforms. The attack surfaces include executive impersonation for wire transfer authorisation, biometric liveness bypass at onboarding, and vishing campaigns at scale.
Fraud-as-a-Service industrialisation means that the technical barriers to sophisticated fraud have largely collapsed. Criminal marketplaces now offer modular services: synthetic identity packages, deepfake generation, phishing kit rental, mule network access, and money movement as discrete purchasable capabilities. This industrialisation is directly reflected in the 1,600% surge in deepfake vishing attacks — the infrastructure for those attacks was commoditised before the attack volume appeared.
Model evasion attacks are a threat category specific to ML-based detection systems. Adversarial inputs are crafted to make fraudulent transactions appear legitimate to the detection model — not by avoiding known fraud patterns, but by actively mimicking the feature signatures of clean transactions. As ML-based detection has proliferated, so has the sophistication of inputs designed to defeat it. Signature-based and purely rules-based systems do not face this attack surface; adaptive ML systems do.
How AI Fraud Detection Works
At its core, AI fraud detection is a real-time classification problem: given a transaction and its context, what is the probability that it is fraudulent? The answer must be computed in milliseconds, at a scale that makes human review of individual transactions impossible, with a false negative rate low enough to catch meaningful fraud and a false positive rate low enough not to create ruinous customer friction.
Modern systems address this through several layered ML techniques operating simultaneously.
Supervised classification trains models on historical labeled data — confirmed fraud and confirmed legitimate transactions — to recognise patterns associated with each class. The limitation is that supervised models identify fraud that looks like past fraud; novel attack methods require new training data before detection improves.
Unsupervised anomaly detection identifies statistical outliers without requiring labeled examples. Techniques including isolation forests, k-nearest neighbour analysis, and local outlier factor flag transactions that diverge from established baselines without prior knowledge of what fraud looks like. This is particularly effective against emerging attack patterns.
Graph and network analysis maps entity relationships — between accounts, devices, IP addresses, beneficiaries — to surface fraud rings and money mule networks that would not be identifiable through single-transaction analysis. A series of individually unremarkable transactions becomes suspicious when the network topology matches known mule network structures.
Behavioural biometrics builds individual user profiles from interaction patterns: keystroke dynamics, mouse movement, tap pressure, navigation sequences. These profiles detect account takeover even when valid credentials are used, because the authenticated session does not match the account holder’s established behavioural signature. The profile cannot be stolen, replicated from a data breach, or transferred through credential stuffing.
The performance differential between AI-based and traditional rule-based detection is now well documented. HSBC reported a 60% reduction in false positive cases while identifying two to four times more suspicious activity, across approximately 980 million monitored transactions per month, following deployment of AI-driven financial crime monitoring. A documented implementation case recorded detection accuracy improving from 77% to 99.7%, with false positives declining from 8% to 0.2%, generating estimated annual savings of $2.1 million.
Those false positive numbers matter beyond customer experience. Each false positive triggers a manual review. At institutional transaction volumes, the analyst workload generated by a 5-8% false positive rate becomes a primary operational cost, often exceeding the losses it is designed to prevent. The ROI case for AI in fraud detection is as much about eliminating unnecessary friction and review overhead as it is about catching more fraud. More than 60% of enterprises reported achieving measurable ROI from AI fraud prevention implementation in the first year.
The Explainability Problem
The most accurate fraud detection models — deep neural networks, ensemble methods, gradient boosting — are also the hardest to explain. A model can output a fraud probability score with 99% accuracy and provide no coherent account of how it reached that conclusion. For fraud detection operating in isolation, this may be commercially tolerable. In the regulatory environment taking shape in 2026, it is not.
The EU AI Act classifies several fintech AI applications as high-risk under Annex III, with full compliance requirements for high-risk systems enforceable from August 2, 2026. The list includes credit scoring and loan approval systems, insurance risk pricing, AML risk profiling, biometric verification, and automated fraud detection and decision-making. High-risk classification carries substantive obligations: documented risk management systems, data governance frameworks, human oversight mechanisms, transparency to affected users, and accuracy and robustness testing with maintained records.
An institution using a black-box gradient boosting model for AML transaction screening faces a concrete compliance gap. Article 9 of the AI Act requires a risk management system for high-risk AI — but critically, regulators have indicated this can be implemented as a module within an existing DORA ICT risk management framework rather than as a standalone structure, reducing duplication for firms that have already built out DORA compliance.
For the models themselves, institutions are pursuing three broad approaches to the explainability gap. The first is post-hoc explanation layers: tools such as SHAP (Shapley Additive Explanations) and LIME (Local Interpretable Model-agnostic Explanations) generate human-readable explanations of individual model decisions without altering the underlying model architecture. The second is hybrid architectures that combine ML performance with interpretable rule components — the rule layer provides the explanation trail while the ML layer drives the scoring accuracy. The third is attention-based architectures (particularly transformer models adapted for tabular financial data) that surface which input features drove a given prediction as part of their native architecture.
Explainability is no longer an academic concern or a design preference. It is a procurement criterion. Institutions evaluating fraud detection platforms in 2026 should be asking vendors not only what accuracy their models achieve, but what audit trail their models produce, and whether that trail satisfies the documentation requirements under Article 9.
The Regulatory Stack in 2026
Three major regulatory frameworks are now simultaneously reshaping how fintech institutions approach fraud prevention and financial crime compliance. They are distinct in scope but increasingly convergent in practical implementation.
DORA (Digital Operational Resilience Act) came into force on January 17, 2025, and EU supervisors moved into active supervisory use through 2025 and into 2026. ICT risk inspections are running, incident reporting is being tested, and third-party ICT provider risk frameworks are under assessment. The window for compliance preparation has closed; institutions in the EU financial sector that are still relying on manual processes for ICT risk management, incident response, and third-party oversight are already behind the supervisory expectation. Penalties run to 2% of global annual turnover or €10 million, whichever is higher, with daily penalties for critical ICT third-party providers reaching 1% of average daily global turnover for up to six months of continued non-compliance.
AMLA (EU Anti-Money Laundering Authority) represents the most significant restructuring of EU financial crime compliance in a generation. Established in June 2024, AMLA hosted its first public hearing on draft technical standards on March 24, 2026. Twenty-three regulatory technical standards are due to the European Commission by July 10, 2026. Those standards will determine when AML checks are triggered, how customer due diligence must be conducted, and how transactions must be monitored across EU member states. Critically, AMLA’s scope has been explicitly extended to include fintech and crypto — a deliberate expansion beyond the traditional banking perimeter that was the previous regulatory focus. Institutions in scope for AMLA that have not yet mapped their current AML frameworks against the draft technical standards are operating with incomplete visibility of what will be required.
EU AI Act becomes fully enforceable for high-risk AI systems on August 2, 2026. For fintech institutions, the relevant high-risk classifications under Annex III include credit scoring (point 5b), insurance risk pricing (point 5c), biometric verification (point 1), and AML risk profiling. The practical compliance checklist for each high-risk system includes: a documented risk management system integrated into the development lifecycle; training, validation, and test dataset governance with bias monitoring; technical documentation meeting Annex IV requirements; automatic logging of system events; transparency information for deploying institutions; human oversight measures and mechanisms to intervene or halt the system; accuracy, robustness, and cybersecurity performance specifications.
The interaction between these three frameworks matters. Institutions that have treated DORA, the AI Act, and AMLA as separate compliance workstreams are discovering substantial overlap in the underlying documentation and risk management requirements. The DORA ICT risk management framework can serve as the structural foundation for AI Act Article 9 compliance — but only if it was designed with sufficient granularity to accommodate AI-specific risk categories. Institutions that built DORA frameworks to the minimum required specification are finding them insufficient for AI Act purposes and are now retrofitting.
UK PSR APP Reimbursement Mandate, while not an EU instrument, has materially changed the commercial calculus for UK-regulated PSPs. The October 2024 mandate requires reimbursement of APP fraud victims up to £85,000, with no minimum. In the first three months of operation, 86% of in-scope losses were reimbursed, totalling £27 million. The reimbursement obligation converts APP fraud from a customer experience problem into a direct institutional liability. The commercial incentive to invest in detection has correspondingly increased.
The Vendor Landscape
The fraud detection platform market in 2026 has stratified into three tiers with meaningfully different capability profiles and price points.
At the enterprise tier, Feedzai’s RiskOps platform unifies fraud and AML workflows, incorporates behavioural biometrics for account takeover detection, and includes AI model bias auditing as a native capability — relevant given the EU AI Act’s data governance requirements. SAS Fraud Management handles millions of transactions daily with adaptive ML and supports extensive multi-jurisdiction regulatory customisation, making it the default choice for tier 1 institutions with complex compliance environments. Quantexa specialises in contextual network analytics and entity resolution, mapping inter-entity relationships to surface fraud rings and money laundering networks that single-transaction analysis misses; enterprise deployments typically run $200,000-$500,000 annually.
The mid-market and challenger tier has matured significantly. SEON addresses digital fraud at account opening and online payment stages, using device fingerprinting, email intelligence, and social media signals to build risk profiles without requiring extensive historical transaction data — an advantage for newer fintechs. Sardine.ai has positioned as an agentic financial crime platform, combining fraud and AML workflows for fintechs and neobanks that need embedded compliance from the outset rather than retrofitted from a legacy architecture. Kount (now part of Equifax) offers card-not-present fraud and account takeover protection with device fingerprinting and transaction scoring across multiple product lines. Cloud-native platforms with consumption-based pricing in this tier typically run $80,000-$250,000 annually at mid-market volumes.
When evaluating platforms, institutions should prioritise four capabilities beyond baseline accuracy: real-time latency under production load (not benchmark conditions), native explainability output or documented post-hoc explanation support meeting AI Act Article 9 requirements, regulatory documentation support for DORA and AML audit trails, and graph analytics capability for fraud ring detection — the attack surface that single-transaction models are structurally unable to address.
What Comes Next
Three developments will define the fraud prevention landscape for the next 18 months.
Agentic AI in compliance is moving from pilot to production. Where current AI fraud detection classifies and flags, agentic systems can investigate, gather context, and take actions within defined parameters — escalating a case, temporarily freezing an account, requesting additional verification — without human initiation. The efficiency gains are substantial; so are the governance requirements. An agent that can act autonomously in financial crime workflows sits squarely in the high-risk AI Act category and requires robust human oversight mechanisms and decision logging.
Cross-institution data sharing for fraud network detection is the structural gap that most current implementations cannot bridge. Fraud rings operate across multiple institutions simultaneously; the behavioural signals that make a network visible appear only when transaction data from multiple institutions is aggregated. AMLA’s infrastructure ambition includes building the cross-border data-sharing mechanisms that would enable this, but implementation timelines are measured in years, not months. In the interim, industry consortium data-sharing schemes (such as the UK’s Payment Systems Regulator shared data initiative) are providing partial coverage for participating institutions. Consumer-facing scam intelligence platforms such as Scaminfo.ai represent a complementary layer: aggregating victim reports and flagged entity data that often surfaces fraud patterns at the solicitation stage, before money moves and before institutional transaction monitoring has anything to detect.
The model evasion arms race will intensify as ML-based detection becomes universal. As detection systems become more consistent in their feature weighting and decision boundaries, the adversarial inputs designed to evade them become more targeted and effective. Institutions relying on a single model architecture face a single exploitable attack surface; ensemble systems and continuously retrained models are more resilient but require significantly more infrastructure investment. The threat is not hypothetical: documented cases of adversarial manipulation of financial ML models have appeared in academic literature since 2023 and are being operationalised.
Conclusion
The institutions best positioned on financial crime prevention in 2026 are not necessarily those with the largest compliance teams or the most complex rule engines. They are those that have rebuilt detection around adaptive AI, addressed the explainability gap before the AI Act forces it, and integrated their DORA, AMLA, and AI Act obligations into a coherent framework rather than three parallel workstreams consuming separate resources.
The regulatory convergence happening across those three frameworks is, in this sense, an opportunity as much as a burden. The documentation, risk management, and governance infrastructure required for AI Act compliance at high-risk systems overlaps substantially with what DORA already demands for ICT risk management. Institutions that treat August 2026 as the forcing function to build that shared infrastructure will come out of the compliance cycle with a more defensible and more auditable fraud prevention stack than institutions that bolt on AI Act requirements to a legacy compliance architecture.
The arms race between AI-powered fraud and AI-powered detection will not resolve in favour of either side. The strategic objective for institutions is not to win it permanently, but to ensure that the cost of attacking their systems remains higher than the expected return — and that the regulatory and reputational exposure of a breach is contained by a compliance posture that can withstand scrutiny.
