Banks aren't ready for AI agents moving money, experts warn

• Key insight: Banks built their fraud and identity defenses for humans, not for AI agents transacting with a customer's own credentials, the panelists warned.
• Supporting data: U.S. consumers reported losing $12.5 billion to fraud in 2024, up 25%, with investment scams the largest category at $5.7 billion (FTC); the FBI put total losses above $16.6 billion.
• Forward look: Robinhood's agentic accounts already isolate funds, set limits and include a kill switch while putting the risk on the customer; Athinathan urged banks to route agents through a controlled "choke point" until regulators set rules.

Overview bullets generated by AI with editorial review.

Banks have spent years teaching customers that, to stop a scam, when someone calls claiming to be your bank, you hang up and dial the number on the back of your card.

A new identity problem for banks runs the other way. The party logging in to move money might not be the customer at all; it might be the customer's own AI agent, and the bank has to decide whether to trust it.

Two industry leaders made that case Tuesday on a panel about how banks are keeping up with security threats at American Banker's Digital Banking conference in Orlando.

Software agents that shop, pay and trade for their owners are not hypothetical; Robinhood launched agentic trading and an agentic credit card in May, and Mastercard's Agent Pay lets approved agents make card transactions.

The problem, the panelists said, is that banks built their defenses for humans, which does not match the new threat: Software using a customer's credentials.

Banks now face two major open questions: How can a bank confirm an agent is authorized to act? Who absorbs the loss when an agent gets it wrong?

An asymmetric war

Banks are already straining to keep up with fraud aimed directly at their customers. Chris Ward, head of enterprise payments at Truist, said during the panel that the fight is an asymmetric war.

"We have to stop every transaction that is fraudulent getting through," Ward said. "The fraudsters just have to get one through."

The losses keep climbing despite heavy spending on defense.

U.S. consumers reported losing $12.5 billion to fraud in 2024 (a 25% increase from the year before) with investment scams the largest category at $5.7 billion, according to the Federal Trade Commission's Consumer Sentinel Data Book.

The FBI's Internet Crime Complaint Center put total 2024 losses above $16.6 billion. Much of that comes from impersonation and from scams that trick customers into approving payments themselves.

Aging systems, specifically identity checks done only at login and rules that limit how freely banks can share fraud signals with one another, are holding back banks, according to Meena Athinathan, who leads banking at the consulting firm Cognizant and spoke on the panel.

The required response to these challenges, she said, includes breaking down internal silos, pooling intelligence across the industry and adding AI-driven monitoring that weighs probabilities on top of the rigid, yes-or-no checks banks use now.

Know-your-agent

AI agents make detection problems harder. When the party making a payment is software using the customer's phone, internet address and login, it looks to the bank like the customer.

Ward said he had recently built working agents in about ten minutes and that he doubted his own bank's systems would flag the activity as anything but him.

Athinathan invoked the idea of "know-your-agent" identity checks, a counterpart to know-your-customer due diligence.

Banks need to confirm four things, she said: That it is the right human, that the right agent is acting on that human's behalf, that the agent has permission to act, and that the customer actually meant for the agent to do what it did.

Some of the groundwork exists, Ward said. Corporate treasury systems already give software limited, logged authority to move money through direct connections, and consumer agents will need the same kind of permissions and bank-set limits.

"It's not going to be a 'just let the agents rip' kind of thing," he said.

Who pays when it's wrong

The hardest question is who pays when an agent gets it wrong.

"What if the agent comes back to me and says, 'I bought the plane ticket you wanted,' but that's a hallucination?" asked Chana Schoenberger, American Banker's editor-in-chief, who moderated the panel. "I get to the airport. There's no ticket. Whose fault is that?"

One answer is already on the market. Robinhood's new agentic accounts keep the money in a separate account, let customers set hard spending limits, and include a one-tap button to shut the agent off.

Robinhood also puts the risk squarely on the user, who assumes "all risk for orders placed by your AI agent," per the company's terms.

Athinathan praised Robinhood for these measures but said there is a missing piece outside of the company's control: agreement among regulators about who is responsible when an agent enables fraud or simply fails.

Ward expects the rules will get written the hard way; new regulation will come, he said, through "a new set of accidents."

The session wrapped with a question to the two about what poses the biggest security threat to banks over the next year: AI-enabled fraud, internal systems that can't talk to one another or unclear rules and regulations.

"AI is absolutely the biggest," Ward said. Athinathan also chose AI.