In This Story
As the banking sector continues to funnel resources into building up its artificial intelligence capabilities and offerings, scammers are leveraging the same technology to carry out fraud.
U.S. banking losses from fraud could total $40 billion by 2027, up from $12.3 billion in 2023 — a massive sum enabled by widespread scams powered by generative AI, Deloitte said in its 2024 Financial Services Industry Predictions published Thursday. Generative AI uses data to create original content, like text, images, music, audio, and videos.
Using the technology, bad actors can carry out mass fraud ranging from email and phone “phishing” scams, to using AI deepfake audios and videos to impersonate both clients and banks. The Deloitte Center for Financial Services estimated that generative AI email fraud losses alone could total approximately $11.5 billion in just four years in the case of “aggressive” adoption.
One of the biggest risk factors is the potential for criminals to get their hands on advanced technologies for cheap, according to Deloitte, which found that sites on the so-called dark web are selling scamming software for as little as $20. This “democratization” of malicious software gives any bad actor the basic tools to carry out fraud, and is already making existing fraud-prevention tactics less effective, the report said.
“The way in which gen AI has grown so rapidly over the last few years, and even tools that might have detected this three, four months ago, tend to be obsolete right now,” said Satish Lalchand, a principal in Deloitte’s transactions and business analytics unit. “So it’s a rapid catch up process that’s taking place.”
AI enables scammers to do things like replicate the code of an entire bank’s website relatively quickly (a process that would have taken someone with coding knowledge hours, if not days), write more convincing emails, and mimic local accents to gain people’s trust, Lalchand said. These things can be done at scale, giving fraudsters the ability to easily and quickly send thousands of emails and make thousands of phone calls — if not more.
These predictions echo concerns voiced by Berkshire Hathaway CEO Warren Buffett earlier this month. Buffett said he’s worried that generative AI could open the floodgates for scammers, calling it “the growth industry of all time” after seeing an AI-generated deepfake video of himself “delivering a message that in no way” came from him.
Some banks have already begun using the technology to try to detect and counter fraud. JPMorgan Chase, for example, uses a large language model to detect email compromises. A recent U.S. Treasury Department report found, however, that existing risk management frameworks that some banks have already put in place may not be adequate to deal with emerging AI technologies, like generative AI.
Earlier this month, the Treasury rolled out Project Fortress, a public-private alliance with the nation’s largest banks to strengthen the security and resilience of the financial services sector amid rising threats from cyber criminals and other bad actors.
The banking sector is a prime target for fraud and cybercrime — and not just in the U.S. In early 2021, the International Monetary Fund warned that malicious actors “pose a growing threat to the global financial system, financial stability, and confidence in the integrity of the system,” given the increasingly digitized global financial system.
Financial institutions worldwide saw the second-highest number of reports of data breaches last year, according to cybersecurity firm SentinelOne. The rate of ransomware attacks on financial services rose to 64% in 2023, nearly double the 34% reported in 2021.
Banks will have to make “expensive and difficult” investments into anti-fraud technology at a time when bank leaders are looking to rein in costs, the report said. To remain one step ahead of fraudsters, banks need to prioritize extensive training to help workers spot and prevent AI scams, and focus on developing new fraud detection software, Deloitte recommended.
“Future-proofing banks against fraud will also require banks to redesign their strategies, governance, and resources,” the report said.
Many of these innovations will start at bigger banks, and will be shared with smaller and mid-size banks who may not have the resources to tackle these issues immediately or at the scale that’s required, Lalchand said.
“Nobody wants to keep this [technology] just to protect themselves,” Lalchand said, “they want to protect the industry and protect the customers.”