Bankers intensify anti-fraud efforts as concerns grow

In the fight against fraud, financial institutions are making concerted efforts to weed out vulnerabilities in their customer verification processes. But not all banks and credit unions are wholly confident in their defenses against emerging threats, according to a new report.

American Banker polled 121 executives across the bank, credit union and payments industries as part of its 2025 Frictionless Fraud survey. Around 37% of respondents work for institutions with $100 billion of assets or more, while 31% are with organizations that have less than $10 billion of assets.

Top findings from the report

• Not all verification methods work as effectively across different customer channels.
• Larger financial institutions were more confident in their tools against new fraudsters.
• Banks and credit unions are seeking new tech and counter-fraud tools over the next 12 months.
• Process automation and fraud prevention were identified top improvement areas for customer experiences.

Results from the report are highlighted below using interactive charts. Mouse over each section for more detail, and click on the chart labels to show or hide sections.

Different channels, different tools

When it comes to proving an account holder is who they say they are, banks and credit unions have a host of tools at their disposal, ranging from physical identity document reviews by staff to facial recognition and other biometrics. Surveyed professionals say each channel requires a different approach.

Roughly 74% of respondents from banks with more than $100 billion of assets use human review of identification documents for in-branch customer verification, making it the top method for that asset class and across all others polled. Close behind were personal identification numbers and passwords (70%) and one-time passcodes (56%).

For online channels, digital ID verification is in use at 79% of banks surveyed and at 82% of credit unions and payment firms. That class of respondents also opted for PINs and passwords as well as insights derived from personally identifiable information, creating a three-way tie with digital IDs for the top method.

Asked about authenticating customers in their call centers, 47% of bankers said they rely on knowledge-based authentication, which involves security questions or pass phrases that theoretically are only known by the correct individual. Surprisingly, more than 70% of credit union and payments respondents still opted for PINs and passwords to confirm callers' identities.

For Suzanne Sando, lead analyst for Javelin Strategy & Research's fraud and security practice, "the ease and familiarity" of using traditional usernames and passwords has created a growing security concern for consumers and institutions alike.

These credentials are "incredibly easy for cybercriminals to crack through data breaches, phishing and brute-force attacks," Sando said. "Consumers look to their financial institution as the expert in account security and protection from fraud and cybersecurity threats, so FIs should lean into this and guide consumers towards more secure account authentication methods, such as passkeys and biometrics."

Artificial intelligence is helping many institutions close the gap between their safety measures and fraudsters.

"Banks have an outdated attitude towards fraud, rooted in history. When they say 'fight' fraud, they're thinking about 'catching it,' rather than 'preventing it'," said Joshua McKenty, chief executive and co-founder of Polyguard. "But AI, particularly the more reliable and less sexy form of AI that's used in identity verification, is one of the best tools we have in fraud prevention."

Confident or not?

More than 60% of national banking respondents reported they were confident about their ability to deter fraud. By contrast, only 31% of regional banking professionals felt the same.

Experts from banks with less than $10 billion of assets were on the whole confident, save for 13% who said they were not assured at all that their methods could keep up with the latest technology. That share grew to 18% among credit unions and payments firms.

At the $9 billion-asset Pennsylvania State Employees' Credit Union in Harrisburg, data security leaders are adopting a multilayered approach to both meet the members where they are and bolster security measures.

"[This includes] passwords, text messages, authentication apps, biometrics or even behavioral patterns," said Scott Lenker, PSECU's information security operations manager. "We also look at real-time data like transaction history, location, and device information. All of that helps us validate the member's identity without adding too much friction, no matter what channel they're using."

Tech on the horizon

Keeping up with the fraud threats posed by emerging technology often means bringing some of it in house to strengthen defenses.

Roughly 65% of large bank respondents and 66% of regional bank professionals said their institutions planned to allocate funding toward investments in advanced analytics or AI-based fraud detection tools over the next 12-24 months. Also a high priority for large banks were investments in a centralized fraud hub that would house various tools and partnerships.

Among community bankers, 44% said their top fraud management approach is deepening current usages of nuanced products such as dedicated tools for card fraud and account takeovers. Among credit unions, 45% cited deeper usage of existing tools and 45% said joining industry data-sharing groups was a priority.

Dan Pinto, chief executive and co-founder of digital identify verification firm Fingerprint, said that modern fraudsters using "bots, virtual machines and residential proxies to look and act like legitimate users" is a growing threat that many financial institutions aren't as well prepared for as they would like to think.

Training AI models to better understand customer spending patterns "enables real-time decisioning that stops fraud in its tracks while letting genuine customers move friction-free access to their accounts," Pinto said.

"[FIs need]solutions that can not only detect bots and agents, but also differentiate between a legitimate user, a helpful AI agent completing transactions on behalf of a user and a malicious AI agent attempting an account takeover," he said.

What will it take to improve the customer experience?

Over the next 12 months, banks, credit unions and payments firms of all sizes will be rethinking their approaches to the customer experience and how to integrate more counter-fraud measures.

Improving fraud prevention/mitigation efforts was the top CX priority for 63% of national banks and at 69% of community banks. Midsize and regional banks were focused on improving product onboarding and delivering a low-friction experience.

More than 70% of credit union and payments respondents identified improving process automation efforts for simplifying the user experience.

"We live in a world where technology makes it relatively seamless to introduce smart friction into the banking experience," said Lindsay Hooks, director for Cornerstone Advisors' payments and contract negotiations practice. "Passive tools that detect VPN use, analyze geolocation and distinguish human behavior from bot activity are critical for both digital account opening and ongoing account access."

Hooks also highlighted biometric technology as another avenue for FIs to explore. "[The technology is evolving], from simple selfies to more robust forms of active liveness detection that are harder to spoof with deepfakes, videos or photos."