Fighting Fraud on All Fronts
Fraud continues to rise and spread, driven in part by AI-powered scams that have become more sophisticated, convincing and easier to scale.
Our 2026 survey captures how these evolving threats are affecting institutions today and how confident respondents feel in stopping them.
Common Types of Fraud
Card fraud and check fraud remain the most frequently encountered forms of fraud, but several other types are affecting community banks and credit unions as well:
Over four in ten respondents encounter card fraud (46%) and check fraud (42%) the most at their financial institutions.
Closely behind were phishing (32%), wire transfer fraud (31%), P2P fraud (27%) and fraudulent account opening (26%).
About two in 10 respondents reported loan fraud (23%), ACH fraud (23%), account takeovers (22%) and synthetic ID fraud (21%) as primary concerns.
Rounding out the list were elder financial fraud (15%), insider threats (13%) and social engineering of staff (13%).
Synthetic Fraud on the Rise An emerging type of identity fraud where a fraudster creates an entirely new persona by mixing real information with invented details. Often, a valid Social Security number is combined with a fabricated name, birth date or address. This mix of genuine and false data makes the identity look legitimate and helps it slip through verification checks.
Fraud Prevention Effectiveness
While respondents expressed concern about fraud, a majority feel their prevention measures are very or highly effective for all 13 types of fraud evaluated.
AI & Automation in Fraud Detection To use AI effectively in fraud detection, institutions need clean, consistent and well-integrated data. These systems rely on well-defined red flags to identify fraudulent activity. A solid fraud program is essential before automating detection—without it, even advanced technologies can miss critical signals.
Leaders must also understand the security protocols and potential data usage associated with AI tools from third-party vendors, before committing to their adoption.
Read more in the Bank Director Intelligence Report, The Fraud Menace, sponsored by CSI.
Card and Check Fraud
Card and check fraud remain the most common types of fraud institutions face, and respondents express strong confidence in their ability to prevent them. Over eight in 10 feel their prevention measures for card and check fraud are highly or very effective.
Card Fraud Prevention Measures
Highly Effective
Very Effective
Moderately Effective
Slightly Effective
Not Effective
Check Fraud Prevention Measures
Highly Effective
Very Effective
Moderately Effective
Slightly Effective
Not Effective
AI and machine learning play an increasingly important role in card fraud prevention across the industry, enabling faster pattern recognition and risk scoring than traditional rules-based systems. These models can analyze large volumes of transaction data in real time to flag suspicious activity, while human oversight remains critical to account for nuance, avoid bias and ensure accuracy.
Check fraud has grown in recent years, even as check usage has declined overall. The Department of Treasury notes that paper checks remain easy targets because they display sensitive personal information and offer very little built-in security.21
ACH Fraud
Respondents ranked ACH as their third-strongest area of fraud prevention confidence.
ACH Fraud Prevention Measures
Highly Effective
Very Effective
Moderately Effective
Slightly Effective
Not Applicable
Even with strong confidence in stopping ACH fraud, the system itself still poses risks. Most ACH payments settle the next day, and same-day ACH has transaction limits, giving fraudsters time to act before alerts go off. Because ACH is designed for efficiency and trust and not real-time security, delayed processing and limited oversight allow this type of fraud to persist.
Phishing
Phishing ranked as a top concern but near the bottom in prevention confidence, reflecting how difficult it is to stop attacks that target customers and employees through channels outside the institution’s direct control.
Phishing Prevention Measures
Highly Effective
Very Effective
Moderately Effective
Slightly Effective
Not Effective
Not Applicable
Phishing remains the most-reported cybercrime, contributing to massive losses, but AI significantly increases the danger. Microsoft’s 2025 Digital Defense Report found that AI-generated phishing emails have a 54% click-through rate, compared to just 12% for traditional phishing scams. According to Microsoft’s analysis, this could make phishing up to 50× more profitable, as well as much more costly for financial institutions.22
Account Takeover Fraud
Though respondents feel fairly confident in preventing account takeovers, Suspicious Activity Reports tied to this fraud have tripled in the last five years, indicating a growing threat.23 Online marketplaces now sell phishing kits and stolen bank account credentials, making it easy for even low-skill criminals to launch attacks and profit at scale.
Account Takeover Prevention Measures
Highly Effective
Very Effective
Moderately Effective
Slightly Effective
Not Applicable
Industry Insight
More convenient banking also means more opportunities for fraud. Tap-to-pay, embedded payments and one-click checkouts make transactions faster and more frictionless, but just as they remove barriers for customers, they remove barriers for fraudsters as well. Though adding some friction to digital processes may slow down the experience, it's crucial for protecting consumers and reducing fraud. If you aren’t hearing complaints, you may not have enough safeguards in place.
Now, AI is raising the stakes. Tools like FraudGPT, BlackmailerV3 and ElevenLabs allow criminals to create believable, large-scale scams without the ethical limits of public AI systems. As fraud becomes easier to automate, financial institutions face growing pressure to balance speed, convenience and security without adding more risk for their account holders.
Expert Perspective
AI is making every type of fraud easier. To stay secure, financial institutions need tighter data integration, clearer insight into their vendor tools and to truly know their account holders.
Siloed data is a significant concern. When systems can’t “talk” to each other, it’s harder to spot patterns across channels and stop fraud quickly. Synthetic ID fraud is also growing as criminals blend real and fake personal details to create “new” account holders that slip through weak identity checks.
Regulatory uncertainty is another concern. With multiple AML Act components paused or rolled back, including the IA AML Rule, financial institutions still need to stay alert as most fraud ultimately flows through weak AML controls.24 Participating in the FinCEN 314(b) communications network can strengthen AML efforts and potentially help avoid losses tied to suspicious transactions.
And as always, financial institutions that proactively educate account holders about scams can mitigate risk while building trust and loyalty.
Experts also noted that high self-reported confidence in fraud prevention often reflects perception rather than preparation. Several described a pattern of “wishful thinking,” where institutions feel effective despite rising fraud losses and increasingly sophisticated attacks. This gap reinforces the need for deeper assessment, stronger controls and more integrated data across channels.