Webinar: Why Fraud Rules Fall Short Against AI-Generated Fraud - A 2026 Practitioner Roundtable
Why Fraud Rules Fall Short Against AI-Generated Fraud: A 2026 Practitioner Roundtable
TRANSCRIPT:
00:00:00:00
Dorothy Murach Plumitallo: Hi everyone and welcome to our webinar. Why Fraud Rules Fall Short Against AI generated fraud. My name is Dorothy Murach Plumitallo and I am the Director of Product Marketing here at FraudNet. I'd like to thank you all for joining us today and taking the time for our panel discussion. Today we'll be delving into the proliferation of AI generated threats and why legacy tools are struggling to keep up.
We'll also explore how AI and machine learning leverages behavioral signals to catch these threats, and how this all plays into increasing adoption of explainable and algebic AI for fraud detection and risk management.
So to start, let me introduce you to our panelists. First up, we have Melanie Gagne, founder and CEO of Brains Capital. Melanie runs a management firm that helps organizations of all sizes address, evolving financial crime threats, and Melanie will also be moderating our discussion today, bringing her valuable insights from years of working in risk management for banks and payments companies.
Next, joining us is Mayra De La Garza, Global Head of Compliance at ePay, a Euroneut company. Euronet is a global payments company operating in over 175 countries. Myra has also spearheaded the development of Skylight, which is Euronet's AI-powered anti-financial crime platform, and brings more than 15 years of multi-jurisdictional compliance experience to our discussion today.
Also, we have Martin Naor, founder and CEO of Bankingly, the leading SaaS provider of digital banking solutions in Latin America, by volume of implementations. Martin works with banks, credit unions, and microfinance institutions across the region, and has a front-row view of how fraud is industrializing in real time.
And finally, we have Whitney Anderson, CEO and co-founder of Fraudnet, an AI-native enterprise platform for fraud detection, prevention, and analysis. Whitney brings over 25 years of experience in technology and applied AI, with a background in international finance and large-scale fraud investigations.
So between them, our panelists bring perspectives from digital banking, global payments compliance, and enterprise fraud protection, which are the specific topics that we'll be talking about today.
Before we dive in, let's just go over a couple of logistics. First and foremost, all attendees are in listen-only mode. However, we do encourage that you submit your questions at any time using the Q&A button at the bottom of your screen. We'll address these questions at the end during our Q&A segment. We'll also be sending an recording to all registrants via email after the webinar has wrapped up. And then, of course, if you'd like to explore what Fraudnet can do for your organization in more detail, you can book some time with us by visiting fraud.net and signing up for a demo. We'll also include the demo link in the email follow-up and the recording that we send afterwards as well. So with that, I will pass it off to Melanie to get our panel discussion started.
00:03:18:21
Melanie Gagne: Great. Thank you so much. Really excited to be here today for this topic. And so before we actually get going with the panel questions, we're going to do a few polls.
So we don't have that many attendees at the moment. But I still think those questions are interested. And maybe that's going to give us time to get Martin and Myra to speak about those questions. So we're going to go to the first question, Chris Paul, which is how prepared is your fraud program to detect AI generated fraud today?
Is it: very prepared, Somewhat prepared, not very prepared, or not at all? So I'd love to for the few participants that we have. I'd still like to see some answers, if it's possible.
Otherwise, while we're doing. Okay, great. So the questions just came up. And I'm not allowed to vote… All right. Are we getting some answers?
So while we wait, I think I'll just quickly ask Martin if he can speak to his experience with this in a few sentences.
00:04:37:19
Martin Naor: Yeah, absolutely. And thank you very much for for having me.
I think in terms of, of preparing this and, and how to address this new kind of AI generated from, I would say, one, the rules of change to the scale has changed dramatically. What you could at some point address by having larger scale and the attacker, that doesn't work anymore. So I think that is it's kind of one of the big things to to understand.
And the other one even deeper is what needs to be detected and dealt with has changed, is it's just not one single point in time behavior that you need to understand and apply a rule and say yes or no is a lot more about how behavior has changed over time, how it fits in the overall picture we have, about the person and the context and the channel and everything else that's going on. So I would say that's kind of my opening pivot there to get us going.
00:05:48:15
Melanie Gagne: Makes sense. Did we get some answers, Dorothy? Yes we do. So let me try to pull up that poll real quick. Alrighty.
So we have about 67% of our answers were to the question were somewhat prepared. We're aware of gaps and working on them… 33% not very prepared. Our tools weren't built for this threat. So luckily we don't have anyone and not prepared at all. But we also don't have anyone who feels very prepared. So I think this is going to be a great webinar to help you guys sitting there in the middle. Yeah, I think it represents what the industry currently looks like, but that's okay.
I'm not going to say people still have time, but I think there's more information coming out every month on this. It's a it evolves extremely quickly. So I think people can learn from what is being published and what's being said in these kinds of events. So that's great. We're going to go to the second question, second poll question, which is… how does your organization spend on the agents in your fraud and risk operations?
So I think it's a similar question, but really about deployment. And so is it: deployed actively piloting - I think that's probably going to be the top answer; planning to implement within the next 12-24 months; interested but waiting for governance - and I think that will depend on the jurisdiction you're in; or not a priority yet.
So, Mayra, can you speak to this a little bit about your experience and your situation?
00:07:34:12
Mayra De La Garza: Yeah, I will say I hope that nobody answers. Not a priority yet, because I think that will that will be a very big mistake. Yeah. I think at this point, you know, AI agents are such an interesting component. There are so many things that people say they can do, and then there’s [so many] things that they can't do.
So I think there is some gap between what people assume an agent is capable of versus what is actually, in practice, a safe way to deploy an agent. But ultimately, you can't afford to not be looking at that as a strategy because the fraudsters are and the bad actors are going to be exploiting this.
And if you're not equipped with better or at least matching tools, you're going to be looking at losses that that far out perform what you had in the past. So I think and I hope that you're right and that most people will say actively piloting or planning to implement because you just can't afford not to be in that space right now.
00:08:39:07
Melanie Gagne: Yeah, obviously some have implemented, but I don't think at this point it's the priority…not the priority. I don't think it's the majority at this point just yet, but hopefully most people will answer the second [poll]. So Dorothy, do we have the answers?
Dorothy Murach Plumitallo: Yes we do.
So we actually have about 75% of you actively piloting or evaluating AI agents, so that's great news. And the remainder are planning to implement within the next 12 to 24 months. So no one has not prioritized or is interested, but not but waiting. But we also don't have anyone at the top that is deployed and fully actively using it. Okay, well that's great. And so I think it's actually a higher percentage than what the industry saw earlier this year.
But even this is, you know, benchmarking from earlier 2026. And so I feel like just in the matter of one quarter, that number could have increased a little bit.
Melanie Gagne: Well, that's great. Now we're going to get going with the panel questions, because we're going to get some really interesting answers and discussion out of it. We're going to start with Whitney and Martin.
If you can please tell me how do you define risk today and what has changed the most about it recently? We're going to start with Whitney.
00:09:52:04
Whitney Anderson: Thanks for putting this together. That's definitely a big question. But fundamentally, if I think as all of us on this call are… if money is your product, then risk is your business.
And risk today for us and probably for all of us, really is operational risk. CROs of banks and financial institutions have to deal with interest rate risks and other things that are in the headlines today. But most significant and least predictable in our world is the risk that, or the probability that someone, whether it's an individual or business customer, their counterparties, a merchant in your portfolio, employees and now AI agents can pretend convincingly to be any one of those things, that any one of those entities can cause major financial, regulatory or reputational risk.
So that's hands down the number one risk today among our FI and big payments company clients. It's good to see that nobody is not piloting AI agents, but it's also an exceptionally big risk because AI is being used both just to replicate what has already been done and just scale those vectors. So it's important to at least get that under control, because then the next level is AI agents doing stuff that's truly novel that nobody's ever seen before.
Attacks that are pieced together, multiple vulnerabilities. And that's where it gets scary, because you at least have to lock down the known knowns.
So in terms of the big changes, though, over the past year or a couple of years, I'd say number one is that the detection window has collapsed. Real time payments, FedNow, Faster Payments in the UK, Pix (Brazil’s RTP rail)... You know, every country is moving towards real time payments. The money's gone in seconds and there's no recourse, no dispute resolution. The IBA European Banking Authority estimates that fraud risk with respect to instant payments rails is roughly ten times higher than traditional channels. And, you know, the traditional architecture that was built for T+1 day settlement just doesn't work at T+0, so that's a huge issue.
Second is that the fraud fight used to favor the defender. But now Gen AI has flipped that equation, the ease and scale of account takeovers, money muling, synthetic identity, gives the bad actors the ability to generate these new attack patterns far faster than rules can be written or teams can defend against. You know, according to our measurements, AI driven attacks are growing 450% year over year, and success rates across the board are climbing as the models get better.
And then a third change is that regulators around the world are moving from checklist requirements towards measurable, real time, provable integrated fraud plus AML risk programs and now they’re requiring evidence that those programs work, which is good for consumers.
And, you know, broadly, one final thought on risk is that we, time and again, see banks and financial institutions view their risk programs as cost centers. Risk is not only measured by the loss that you take, it's the addressable market that you can't enter because your risk posture just wouldn't survive. It's that high risk merchant category that you have to turn away, or cross-border corridor that you have to cede to a competitor. It's any vertical market that you're you've decided is just too expensive to underwrite.
That's the real cost. And it's… ten times higher, 50 times higher. That's the cost of the weak risk infrastructure. So it's important that we change the perspective, away from just a single loss line, when in reality it's an anchor that sort of drags your growth rates down and is a ceiling on your business potential. Risk done right means that you have a huge competitive advantage and a growth driver that that will do you you know extremely well in this digital financial age.
00:14:10:15
Melanie Gagne: Yeah, absolutely. What about you, Martin?
Martin Naor: We are seeing the same with some variations, maybe in terms of our focus in emerging markets, for example…but kind of the big dynamics, clearly the same. Pix, as we mentioned in Brazil, clearly made every payment instant and more and more, all other payment systems are kind of collapsing into Pix.
The older, more business oriented ones and stuff like that are still coming to the same logic. It's mostly a question of: we need to get to the moment of the transaction, almost with a position already taken on that potential transaction is good or bad, right?
Yes, there is very few things we can generate between [when] the transaction is initiatied and generated or executed. There is not enough time there to go through showing five different things. So changing the system, the thinking from, “I need to have a score on this specific transaction isolated on itself” versus understanding the customer, the context, the behavior, the change in behavior, the speed of change of the behavior and all that. It becomes more and more critical.
One of the good things in some instances is - newer technologies make us more aware of the old technologies we were not using. So suddenly machine learning is cool again, simply because a lot of what people call Gen AI is actually good old solid data cleansing and then machine learning on top of it. So I think it's… we are… the good thing is this increases the seriousness with which we need to address those issues.
And as we also are saying, is how do we see it as an opportunity? The cost, for example, lowers for the attackers, it also lowers for institutions. So once again going to my emerging markets segments and experiences, PIN file customers can be much better addressed in a lower cost model, if you can do it through agents and stuff like that, done through human based models that tend to be more expensive, and that brings a whole set of new opportunities and risks to be managed.
So this is a growth and risk conversation that is accelerating.
00:17:07:08
Melanie Gagne: Yes, that's great. So Mayra, can you please tell us how do rules and behavioral detection fit together in your opinion and your experience? Do they complement each other or do they compete?
Mayra De La Garza: Yeah, I that's great question. I think I think it's a complementary combination. And just to kind of add to what we knew was saying about risk being a competitive advantage, I can tell you in our business, we very much push that.
And it is, you know, our job in the compliance group to make sure that the business is equipped to go out and talk about that. And the way we do that is by applying these methods. Right. You can no longer rely on one or the other. I think that rules still help sort of catch some of the very distinct and predictable patterns that may not change as much over time, but you can't really do it with rules alone.
You have to have the ability to combine these things, because the rules will always miss the more nuanced behavioral patterns that are going to have to lean on the compute power of these more significant models, whether it's generative AI, machine learning, the agents - all of that is going to always process things much faster than we can and at a lower cost, like Martin was saying.
So you have to, as an institution, be willing to pivot a little bit from what feels comfortable. And that rule scenario - we've all been here for over a decade and rules feel comfortable, right? But you can't really rely on that if you want to be effective. As Whitney said, as we transition from check the box programs to effectively honoring the spirit of these regulations, we have to get broader and we have to kind of meet the bad guys where they are, and they're already looking at all of the technology at a much faster pace because they don't have the same concerns we would from a practitioner or program perspective. So I think those are going to continue to be paired together for the next year or to five years maybe. And eventually, perhaps the rules start to fade away a little bit. But I don't think it'll happen quickly or just overnight, because I think we all still need a little bit of sort of a safety net to to.
00:19:27:25
Melanie Gagne: Yeah, it almost feels like a security blanket. So what about you, Whitney? Is that your experience with the clients in the last 6 to 12 months? Are you seeing clients comfortable? Like really walking away slowly from rules?
00:20:00:24
Whitney Anderson: Not necessarily walking away, but to Myra's point, they coexist. And I think we've the successful defenses, the most successful. We see having rules, encoding company policies, mandates and regulatory requirements highly explainable.
They're very noisy and kick out a ton of false positives, but that's sort of the known thing. Whereas the behavior detection, machine learning, graph, neural networks, all the fancy tech are much better at isolating the bad actors. But, you know, they're complementary in that, you know, models, deep learning models, for instance, are terrible at explaining what is actually wrong.
And so we actually have to run models just for the explanation layer because it's not sufficient for regulators, it's not sufficient for internal teams. It's not good to just have a black box. And so the rules for company and regulatory policies is always going to be there as far as we can see, at least for the foreseeable future.
And then the real heavy lifting in the machine learning and AI is sort of that complementary input into a decision engine. That decision encompasses a bunch of inputs.
00:20:46:18
Mayra De La Garza: And if I could have just one quick thing, I think there's also going to be things that are hard nosed, right? You're going to have companies that have very, very significant, like we're not going to accept this kind of transaction, whether that's a dollar threshold or, you know, some other thing, you're still going to have those things that are very much clear, black and white.
So the rules work well for that, because then you don't have to really deploy the fancy tag, as Whitney called it, for something so simple.
00:21:14:19
Melanie Gagne: That's true. Yeah. You're right. Okay. So I think that takes us to our next poll question. It's flowing quite well. So really it's all about explainability…when talking about AI tools obviously, where does explainability create the most friction inside your organization?
Is it with the regulators or external auditors? Is it with your internal governance and risk committees, with senior leadership and the board? Frontline analysts translating scores into actionable things, actions? [Or] you're not using AI yet, so you don't require it just yet.
Mayra De La Garza: I feel like we missed an option here. That said, in saying the word explainability multiple times in in in a sentence.
00:22:13:07 - 00:22:46:00
Melanie Gagne: Right. Especially when English is your second language, yes, But you guys know what I mean.
Mayra De La Garza: Oh I have the same struggle. Melody. Yeah. So, Dorothy, are we getting some answers?
Dorothy Murach Plumitallo: We are… [I’m] giving you guys another little bit to….
Melanie: Mayra, why don't you tell us about your organization? Where's the - are there any roadblockers or…
00:22:46:02
Mayra De La Garza: You know, I wouldn't call them road blockers, but I will say that we we do have some processes internally for how we manage this. And obviously in our case, we have sort of two spaces where we have to manage it. And first for our own internal usage of any AI tools, but then also for skylight as we go out to the market with these AI features, we have to be able to provide the same type of explainability to our customers.
And so we have, you know, established process that hopefully expedites that review, that goes through legal and privacy and make sure that we're doing the right things for our external customers through the tool that we offer. And then for us internally, we work closely with our audit team to to sort of understand in the different jurisdictions what that means, because you're going to have a variation of what explainability means to a regulator, depending on what area of the world you're operating in.
And what we try to do is establish some level of global standard for ourselves as a as a company to say, at a minimum, we're going to reach this level of explainability. But in jurisdictions where we require additional steps, we will go to those additional steps. I would tell you, the most important component from my personal perspective is when you're talking about models, it becomes more about the model design, the governance around the model, the periodic performance review of said model, and in some cases, yes, like how the decision was made.
But I think to Whitney’s point earlier, there are some models where that's a little bit more nuanced, and I think we have to shift that conversation to be more about how are we making sure the model itself is sound so that we can trust those outputs better, and where we can provide like decision matrixes with the more simple models and we go that route.
00:24:32:26
Melanie Gagne: Okay. That's great. So Martin, I'm going to save your answer for after. Let's see. Do we have the answers from the poll. Okay.
Dorothy Murach Plumitallo: Yep. So we'll say the majority at 50% said the most, or where explainability creates the most friction is within their internal modern model governance or risk committees. And then it was also split between regulators and external auditors at 25% and senior leadership and the board at 25%.
00:25:02:28 - 00:25:33:26
Unknown
So a good range there. Yeah okay.
Melanie Gagne: That's good. I think we have also an industry survey that was showing something like 82% of organizations are saying that explainability is a top consideration before adopting. I mean, it should be 100. In reality, everyone should be thinking about this before you deploy. My personal experience is the sooner you engage your internal teams, the more comfortable they'll be.
You’re - one: making them feel like they're included in the process. And second: you're giving them time to learn about a topic that they may not be comfortable with. So that's always my recommendation. If people, even if people sometimes will say, oh, well, if we engage compliance too early, they're going to slow down the process. But it's I feel like from experience, it's better to have them feel like they're part of the decision.
00:26:01:20 - 00:26:34:24
Melanie Gagne: So I'm going to go to Martin. I don't know if you agree with this, but can you tell us how do you actually how much explainability do you actually need for behavior based decisions to be trusted? And where's the friction greatest?
Martin Naor: Well, I think the friction I, I actually I do agree with the results of the bulletin today is is mostly on the risk committees and the compliance teams because they are the ones that then need to turn around and explain it to rest organization, right?
And if they don't understand it, they cannot explain it themselves or to themselves. Very difficult to explain to somebody else. I just think because this is a war in the sense of the bad guys have the same tools we have, and it's a question of how do we use them for good is I also think regulators are going to become a little bit more practical to be able to help the industry scale in this regard.
So, for example, not every kind of decision, even behavior based decision, needs the same level of explainability is I didn't allow you to log in, and I didn't allow you to transfer a certain threshold from.
There in your digital lab might require less explainability than you are at your home with an enormous transaction. You do, or you are actually asking for a new loan, right? So I think they're going to land in different levels of for different kinds of, of decisions. And and that is okay. And that is what should happen. I think right now it's kind of we are operating under no, no black boxes kind of dogma because that was the reaction.
[Martin’s connection cuts out]
00:28:15:11 - 00:28:44:16
Melanie Gagne: So Whitney why don't you - Oh he's coming back - But why don't you give us your perspective on this? You’re back.
Martin Naor: Yeah, that was a new one. Soon. Just started on its own. You say regulators shifting differently and that's what happens. But, so basically I think it's we're going to land on different levels of explainability for different things.
That is one important consideration. But I do think that for, let's say monetary transactions that are based on behavior and recorded history and stuff like that, you will need a very high level of explainability. And that is also part of what AI agents should help you with. Not only the big models employ, but agents specific. I think when you touch on this is an explanatory layer that might take very different forms in how do you deploy that specific task.
And we should not think that much differently from deploying a person to deploying an agent in the sense of you need to onboard that person, train that person, have operation manuals for that person, and check their work consistently and improve their work. So that is also part of how we are going to deal with this.
Melanie Gagne: Okay. Whitney, what have your clients been saying?
00:29:52:27 - 00:30:31:10
How is this impacting the actual investigation workflow? The analyst, the investigation, you know, having behavioral models and the place of rules.
Whitney Anderson: So yeah, it makes the, you know, the understanding of what an entity is... We've become very entity centric. So understanding the behaviors around an entity enables us to sort of piece together a lot of very capable components, rules, behavioral anomalies, graph neural networks, consortium data, all those things by entity over time.
That's a hugely… it's a difficult thing to do. I think even fraud and AML, a lot of people claim to do it. Very few actually ship that product and do it successfully. But if you can do it over time with the entity as a hanger, then it's massively it's massively effective. You reduce, you know, 90%+ false positives and you reduce 97%+ fraud because you know what's out of context.
And so for us the context and the signals is everything. And the identity and behaviors are really the only two major components of fraud prevention and fraud. And ML are obviously attached at the hip. So, you know, it's a game changer if you can put together a risk program that helps understand segments, customers understand how they behave over time.
And then when somebody jumps the rails because their account has been taken over, you know, it's immediately identified and any nefarious behavior is stopped. So it's truly a game changer when that level, you know, it requires a certain amount of maturity, but when it's reached, it's phenomenal. And then the explainability piece is is helpful in all three layers.
The way we look at it, it's the internal trust of the team. It helps them, you know, the internal investigators and case managers and alert manual reviewers helps them do their job better if they understand why something was kicked out, you know, might look fine on the surface. But if you if you're looking at 300 signals and you know 14 of them are completely out of whack, maybe it wouldn't be immediately visible if you're eyeballing it, but it's with a decent amount of data.
You can absolutely surface those separately. For the customer facing the trust is materially improved. If you are stopping a transaction for legitimate reasons, and you're asking them to prove that, hey, they got a new device or there's something that's anomalous, you know, that's a trust building exercise, not a friction. You know, it's intended friction, which makes the relationship much more trust based.
00:32:42:00 - 00:33:12:18
Unknown
And then lastly is the regulator trust, where the friction is the greatest. Being able to identify why you did something that it's out of, out of some kind of behavioral threshold, all that stuff is, you know, gains you a lot of points with the regulators do.
Melanie Gagne: That's great. So Mayra and I'll follow up after with Martin. But from your experience, where do you think automation should be limited and what governance do you think before do you think you need before relying on AI agents?
00:33:12:20
Mayra De La Garza: Yeah, that's a great question. I think one that comes up a lot as people get nervous about job security, right? I think there's a lot of things that AI can be super helpful with. There's a ton of mundane tasks that investigators both in the AML and fraud space. And and even if you go beyond to KYC and Ed, all of those things, there's a lot of mundane, time consuming, repetitive actions that are better farmed out to these AI agents and AI in general, because it's really just data gathering and processing, right?
And you should be able to sort of pivot your resources and upskill them to a certain extent, to have them really focus on judgment calls, because the AI tools that we have are getting better over time, but they're never going to be as good as a human in that judgment capacity, because there's nuance and context and, you know, cultural things, and there's so many non tangible pieces that go into making these decisions that I think what will happen over time is those people that are in that analyst role, that investigator role, they'll become sharper and sharper at making those important judgment calls and being more objective because they'll have more energy and time to focus on that versus the data processing, the data gathering, the mundane tasks of sort of organizing that information in a consumable way will be taken over by these machines that don't get bored, that don't get fatigued, you know?
And so I think that is the right mix. I think we're going to take some time to get to the, to, to, to it being entirely that way. But I think that's where we should go. And then as far as for governance, I think we should for, for the when you're starting this AI workflow and starting to use agents, you should continue to keep that human in the loop to review and give feedback to the agents, because much like any other tool that learns you, it requires that feedback loop.
So you should have a human that can give it inputs that says, you know, you did well here, but you need to refine this or you did the wrong decision because of X, Y, and Z, and then continue to refine those, those inputs and slowly kind of shift that that governance into more of a review and performance based evaluation versus more, you know, kind of hand-holding in the beginning.
00:35:32:10 - 00:36:04:09
Melanie Gagne: Yeah. That's great. What about you, Martin?
Martin Naor: Well, I fully agree with that. And I think, I mean, going to a premise of, of the question in terms of how and how we should limit it, I would say if something is, I would I would make it should, that's for sure. The one fundamental thing that doesn't change is there is no automated tool that is accountable for anything, and definitely not in a regulated business like ours.
So as long as we all remember all the time that the accountable party is the people and with the different roles, I would say go as deep in our as possible. What we want is data automation to bubble up quickly to a human. As I was saying, that is able of doing the judgment calls, but also identifying patterns beyond the simple technical patterns that you can see in the data in the sense of a ceiling, one various we didn't foresee, obviously, it was obvious in hindsight, in a ton of people went to the Russia World Cup a few years ago, and we had Russia blacklisted in most of our inbound requests.
So as soon as the customer service falls started lighting up for our customers, when the people landed in Russia for the games, we had to address it as well. That should be a pop-up message in an assistant that the right person in the team has, and it should be a one-minute thing, a pattern that gets seen and gets dealt with.
That's a silly example. Today we have that are many, many years of progress that make all the conversation more difficult, but at the end of the day is how do we make those humans that are still accountable, more and more prepared to do and deal with a larger volume, more sophisticated threats, more sophisticated, with a lot more volume.
Right? It’s because now, I mean, we are saying about new accounts popping up and behaviors changing slowly. Well, doing an agent that can create new accounts at one-second intervals, two-second intervals, three-second, four-second intervals is free, or it's very, very cheap for the attacker. Right. So we need to be able to see that, identify the pattern [so that] a person [can do] something about it proactively.
So I would say is, it's not automation versus warnings, it’s both.
00:38:23:04
Melanie Gagne: Okay, I like that. That's great. All right. So I think we're going to go to… we did receive ahead of time a few questions from the audience. So we're going to move on to those ones.
So I'd love to hear what's really driving your risk strategy right now. Is there a core principle you keep coming back to? And where do you see your program going over time?
Mayra De La Garza: Yeah, I think right now for us, collaboration is sort of the mantra. It can mean a lot of different things, but for us in particular, it means sort of pulling, pulling these risk groups, these AML groups, the compliance, the KYC groups, all kind of move together.
I think that our bad actors are learning how to - sort of - attack from different angles into the same organization. And what used to be very traditionally siloed can no longer be. And so I think we're moving very much into how do we collaborate more, not just in intra discipline across jurisdictions, but across disciplines, you know, fraud, AML, KYC, EDD, all of the things with our business partners, with our audit team, with our legal team, and sort of bring all of these people on, you know, to the table together to say, okay, this is, you know, beyond a compliance problem.
It becomes, like we were saying earlier, this competitive advantage. So how do we pull this program together or this tool together to ensure that we're working as a unit to protect against financial crime versus AML team doing their thing, fraud team doing their thing. And I think that evolution will just continue to get those disciplines will continue to get closer and closer together. At least that's our mission, our aim, and my hope.
00:40:14:21
Melanie Gagne: Yeah. Okay. And are we - I just want to remind the attendees or audience, you can send in questions in the Q&A, and we'll be able to read them. And if we don't get a chance to read them, worst case, we'll just email you after the fact. So let me just… Whitney or Martin, did you have something to add on that one in your current program priorities?
00:40:44:19
Whitney Anderson: I would just add that that's the gold standard. I mean, I think that that is something we're interested in as well, the principle of a unified entity, intelligence across time, where it's one entity, one real-time risk profile at any moment in time, and one audit trail across a customer's lifecycle. So you get a very comprehensive look. It's - you've decided the data from big enterprises, different departments, they all work together all of a sudden, and they get a single view, which is, you know, liberating.
Because if you end up with your fraud department, your AML, your credit and underwriting, and your compliance teams all looking at four different perspectives on the same customer, then knowing your customer is actually your weakest link. And that's where all the problems may emanate. So that's a, you know, fix that first. Everything else. The better models, faster rails, AI agents, all that stuff will work better once that entity is unified and updated in real time.
00:41:44:21
Melanie Gagne: So I'd like to ask a question. I'm not an attendee, but I have something I keep wanting to ask both of them is: if inside your organization today… is the top driver for this to reduce human cost, to address the how quick and how fast the attacks are now becoming, the speed to which humans may not be able to respond today in 2026, which one is your highest priority?
00:42:22:16
Mayra De La Garza: Well, that's a great question. I think I would say that for us, I would sort of answer it differently. I think it's efficiency, Melanie. And that could be a combination of those two things that you set out as my options. Right? Because it's how do I, how do I, more efficiently address the potential losses and risks without just increasing my human capital to an extent that becomes a risk, because that can also become a risk, right?
So how do I become a little more surgical in our approach to this particular risk by balancing those a little bit better?
00:42:52:12
Melanie Gagne: Okay, I like that. What about you, Martin?
Martin Naor: I agree with that, it's a question of scale and efficiency. And without opening new doors, as I was saying. Right. So I think is in that regard with agents and, and once again and traditional tech that now is cool and useful again, it's a great combination that lets you scale on this and, and, and start kind of moving to this new world of basing decisions and behavior on context, on a lot of different things beyond rules.
Having said that, rules haven't gone anywhere. Right? Is there a great past way of detecting behaviors? It's just a question of: today, for me, is rules plus generative AI plus ML plus a few other things?
Melanie: Okay. And so, Whitney, I'm going to ask you - building behavioral baseline models. You know the entity view. That's what FraudNet has been doing since the beginning.
Can you tell us a little bit more about how you do that without introducing any user friction and more false positives?
00:44:22:10
Whitney Anderson: Yeah. Well the hope is that there's a dramatic decrease in false positives. If you can get that decision engine to be extremely effective. And the effectiveness of the decision is largely a function of the type of data that you start with.
We enrich the seed data dramatically. We might get 20,000 signals out of a 40 field payload about a transaction. And most of our data is really transaction based. So we see, you know, an entity may purport to be a jeweler and they're actually selling used cars or whatever it is. If there are any disconnects, you know, we should know that out of the gates.
But if they've gotten through the KiB KYC process, have landed an account, or bought a shell company, you know, to then commit money laundering or fraud, the behaviors will determine that very quickly. So the more we know about it at the at the outset at the screening and onboarding, great. But if not, we still can catch the anomalies and behaviors very quickly.
And it's just a function of data, seed data, massive enrichment, you know, comparing it for pattern detection against other known problems. And so I would actually, you know, to that previous question, I think the goal largely is to never allow the bad actors to get a foot on the beach. If they get a beach, then that it has the they have the ability to sort of infiltrate all your systems and get, you know, get in and create sort of havoc.
And as a rule of thumb, you know, 4 or 5% of prospective customers are actively looking to do you harm as a financial institution. As you know, that's where the money is. And so knowing who they are before they have a chance to get a beachhead and, you know, is super important, but that if they happen to get, you know, an account, then at the very least we can cut them off immediately.
So never allowing them, you know, to transact in the first place is definitely the best. Hard to do. But you know, if they do get a fraudulent order through, at least only allow them one, not 50 not. And in this day where where this takes milliseconds to cycle through different cards and different, you know, payment methods and try to exploit vulnerabilities, you have to be real time, you know, because all kinds of havoc and can happen in a minute.
So yeah, it's a sort of a new world. But AI, I mean, the hopeful conclusion from this question is that AI is almost entirely solvable. You know, we have account takeover clients that come in 89 basis points of fraud. We can get them down to 2 basis points and keep it in that 1 to 2 basis point range.
So you know, the the patterns and vectors are known. We've seen it done many different ways, and it can be stopped. So that's the good news. But it requires that you get your data together and be able to provide it in a semi-structured way. And then we enrich it and take it, you know, extract the signals and and everything else from there.
00:47:48:10
Melanie Gagne: So last question, Martin and Mayra, if we have people in the audience today that are trying to get a business case approved for agent AI, and they're struggling to convince their leadership team, you guys have done it. So what would you recommend? What's the sales pitch? What's the you know, what's the angle?
00:48:14:20
Mayra De La Garza: For me, I think you lead with the competitive advantage angle. This is not really a cost center, like Whitney said, it's more of an enabler. How do you enable business growth? You invest in this area because it will allow you to move faster, penetrate markets faster, expand your product services offerings faster. It'll be easier to get banks and partners to open up, you know, product lines, etc. if you can prove that you are using the most innovative ways to try to manage and minimize your risk.
So for me, that's the approach. Just go into it. Not really explaining that this is not a defensive stance, it's more of a proactive stance. And that's I believe that where you get that shift from a business team and leadership perspective to understand that what you're trying to do is grow the business and not necessarily slow it down.
00:49:00:28
Melanie: Right. Martin?
Martin Naor: Absolutely. I think and that kind of takes us full circle from witness initial comment about it's not about only about decreasing risk. Also inclusive and growing the business, increasing revenue. Mayra, closely on the same perspective, I think that is clearly one way of articulating to leadership saying, hey, is let's try to see if this can get us into this new vision.
For example, when I was saying earlier today about PIN file loans, right. It's being able to do loans smaller, quicker, faster than around faster learning to customers that I wouldn't be able to loan before and to before. And that, I would say, comes together with the experimentation cost is social and lower today is it's you are not going to build a full scale production program ready in a small POC in a small proof of concept, but you still can test stuff.
And today she's here to put it in front of a few customers to pair that automated kind of full process with a human that supervises very closely. Because the important thing about this is not selling 25 loans, but it's learning. If this could be potentially a new scalable business, right. So I would say the timing, the cost and the ability to learn fast and iterate and get to eventually having an owner role, real world discussion with leadership as opposed to let's test this Avios product.
I think today it's much, much easier and quicker and faster, and it's even secure because you can definitely do sandbox it in a way where you can actually I mean, we just to put a little example, you can take appropriate the X type of loan you do. You simply sell it a different way in a, in a, a self provisioning fully automated at the end of the bucket.
You might be doing all the same stuff you were doing before. So from the product and regulation standpoint, you are still complying. But those loans are going to be for the customer. Looks extremely different. You have the same amount of human intervention. You make them safe, but you say, hey, is this product deliverable in a different way? The next step is going to be if yes, then probably you will want to build a much more specific product.
But there's a lot of things you can do quicker, faster, cheaper without endangering the institution, the system, or the or the reputation.
00:51:44:19
Melanie Gagne: That's what I keep telling my clients. All right, so, Whitney, do you have anything else to add for the end?
00:52:05:27
Whitney Anderson: Yeah. Just closing thought is that in 2026, that risk doesn't sit at the onboarding in the transaction or the compliance stage anymore. It's at sort of at the entity and is a real time needs to be a real time, like true, real time, subsecond analysis of everything that has happened before. Similar cohorts, just a massive analysis so that we can stop this AI wave, which is which is happening.
So, you know, we're you know, we like to avoid having clients and big banks. You know, we don't want them being on the beach, you know, looking out at the tsunami. We'd like to help them prepare, you know, earlier because this is going to be a massive problem. And if you're still running a program that's only rules based, looking only at transactions and separate silos, then that's you're solving for a 2018 2018 problem, not a 2026 problem.
So just get prepared and prepared. You know, do the preparation that you can against at least known problems, so that this new set of vectors and problems can be isolated and solved for separately.
Melanie Gagne: Great. Well thank you.
Dorothy Murach Plumitallo: Thank you everyone so much. I think we have used up all of our time for questions, but if we do have any others from the audience that you haven't been able to submit yet, you can email us directly at hello@fraud.net and we'll be able to follow up with you directly, or if there were any in the Q&A that we didn't get to, we will also reach out personally to each person. So thank you again for all of our attendees who submitted questions and of course our panelists as well. So again, just want to give a genuine thank you to everyone who is on our webinar today, Martin, Mayra and Whitney.
Your perspectives are incredibly valuable and of course, special. Thank you to Melanie as well for moderating our discussion. And then to everyone else who's joined us today. Thank you for making time for our panel. I think it's been really, really valuable and timely topic given the speed and complexity of the AI generated threats that are coming and of course, the increasing, increasing need that we discussed for organizations to take action quickly, but in a scalable way.
A future proof way, as Whitney said, can't be fighting 2018 problems. We really have to look to the future. So thank you again to everyone. Now for just some final housekeeping. A reminder we will send a recording of today's session to all of our registrants. You'll see that in your email inbox shortly. And of course, we'd like to be able to connect you with any of the organizations that were represented on our panel today.
00:55:01:20
So you can reach out to Brain's capital, which is Melanie. Feel free to email them at info@brainscap.net if you'd like to reach out to Bankingly, that was Martin, you can reach their team directly at sales@bankingly.com and to connect with your Euronet and the skylight team, which is Mayra, you can book a demo at euronet-skylight.com/book-a-demo, so you have the links right there.
And of course to explore what Fraud Net can do for you can visit Fraud Net right on our website at the top right hand corner, a little demo button. You can submit the form there, or reach out directly to our sales team at sale@fraud.net. So lots of contact options for you today based on where your needs may sit.
So again, a final thank you to all of our panelists and Melanie, our moderator, and of course, to all of our attendees. Have a great rest of your week and we'll see you on the next one. Thank you everyone.
[END]
Together, We Are Stronger
Join this elite group to protect against fraud that you haven’t even seen yet. Your colleagues will think you can see around corners – and they’ll be right. Don’t’ fight fraud alone.