How fraudsters use AI fraud techniques, putting merchants at risk

The rise of AI is bringing a new complexity and sophistication to digital fraud, making it harder than ever for businesses to detect.1 Organizations should consider that traditional methods of rules-based fraud prevention may no longer be sufficient to safeguard them, and that falling victim to AI scams could lead to irreparable financial and reputational damage.

This article explores how fraudsters are changing the threat landscape with more sophisticated, AI-driven fraud techniques, how these attacks can lead to financial loss for enterprises, and the measures businesses can take to strengthen their security posture.

How are fraudsters using AI?

Fraudsters are exploiting AI for malicious purposes to multiply the scale of their attacks, uncover vulnerabilities, and manipulate images, text, and voice to bypass fraud controls.2 Furthermore, with the democratization of fraud tools for the masses, fraudsters often do not even have to be experienced technologists to cause significant damage.

Some AI fraud techniques include:

Deepfakes

AI fraudsters are using deep learning algorithms to create highly realistic fake audio, video, text, and image content. These AI-generated media can be used to depict individuals saying or doing things that they didn’t actually say or do.

Generative Adversarial Networks (GANs) and autoencoders are utilized to create and authenticate fake media to be used for malicious purposes. AI can be used to mimic the writing style, communication patterns, or voice of a trusted customer or business for deceptive purposes.

Social engineering

Social engineering is an AI-driven fraud technique that uses psychological manipulation to trick individuals into sharing confidential information or performing actions that could compromise security. Examples of social engineering include:

  • Phishing: Bad actors may use AI to create emails, text messages, or websites that look trustworthy in an attempt to obtain sensitive information from their targets. This could include usernames, passwords, credit card, or bank details.
  • Pretexting: This involves creating a fake scenario or pretext to get the information they want. Fraudsters may act as a co-worker or vendor to deceive individuals into sharing confidential and sensitive information. Using AI to create deepfakes can make this type of attack seem like an authentic request.

Automated attacks

Attackers can leverage AI and machine learning algorithms to automate malicious attacks at speed and scale. Some examples of automated attacks include:

  • Credential stuffing: Automated tools can use leaked usernames and passwords to gain unauthorized access to multiple accounts. AI can efficiently match credentials with online accounts, making fraudulent attacks quicker and easier.
  • Bot attacks: AI-powered bots pose as humans to click links, fill out forms, or interact with websites to perform fraudulent activities. Bot attacks can also be used for quick fake account creation.

By using these techniques, fraudsters can use AI to bypass security measures and verification processes to gain access to sensitive data. This poses a significant challenge for enterprises that have a responsibility (and legal obligation) to protect their customers and their data. As AI tools continue to develop and better data feeds their models, the threat of AI fraud will continue to grow.

The impact of AI-driven fraud on merchants

For businesses, successful AI fraud attempts can result in significant financial losses. Direct losses can occur due to the cost of stolen goods and the costs associate with investigating and mitigating fraud.

Beyond transaction losses, enterprises often face chargeback fees and lost revenue from reversed transactions. All of this can add up to a hefty financial impact.

Aside from profit erosion, businesses can also face reputational damage and a loss of customer trust, which can bring immeasurable financial repercussions. Reputational damage is difficult to recover from and can deter future potential customers from ever engaging with a “risky” business.

There are also the legal and regulatory repercussions of falling victim to AI fraud. Organizations may have to pay regulatory fines for non-compliance with data protection regulations, data breach notification laws, and security regulations. Customers who suffer financial losses might also choose to pursue legal action against merchants to recover their losses and seek remuneration for related damages.

How are businesses responding?

While AI may pose new threats to businesses, it can also be leveraged to combat fraud. Businesses are adopting AI-powered tools that can help identify suspicious patterns, abnormal behavior, and perform identity checks to prevent fraud that may otherwise go undetected by traditional fraud prevention methods.3

The good news is technological solutions are getting better than ever at detecting and preventing AI-based fraud.

The first line of defense in fraud prevention is detecting abnormal behavior, including sudden large or unusual purchases, or even an increase in purchasing frequency. This is where machine learning excels in identifying unusual behavior in real time. These technological tools continuously learn from the data they receive and recognize patterns and trends almost instantaneously. These innovative technologies can compare the real-time data they receive with historical data to map behavior and trigger warnings for anomalous activity that could mean fraud. As the data models continuously learn and adapt, they become more accurate and effective over time.

A key benefit of AI-powered fraud protection is its ability to detect sophisticated fraud attempts that involve multiple accounts, devices, and locations. AI and ML can even be used to detect fraud that is dispersed across multiple channels (in-person and online), markets, and businesses to highlight unusual patterns.

How can PayPal help?

As traditional fraud protection methods may no longer be enough to meet the escalating threat AI poses, it is imperative that organizations take a proactive approach to AI fraud risk management.

Only 61% of respondents in the 2022 True Cost of Online Fraud Global Study reported AI as the most frequently used technology essential to detect online fraud.4 Organizations should consider the actions they can take to strengthen their fraud security posture before they’re compromised.

Key strategies enterprises should implement to protect against AI-powered fraud include:

  • The use of robust multi-factor authentication and access control systems
  • Raising awareness and education of AI fraud and social engineering techniques among employees
  • Employing AI-driven fraud detection tools and analytics platforms to “fight fire with fire”

PayPal can help enterprises combat fraud and protect their businesses. PayPal is likely to have cardholder history (93% of the time, PayPal has already seen a card in use)5 which, combined with its risk models, can help businesses filter out bad traffic.

Our vast global network is comprised of 400 million consumers and 38 million enterprises,5 and PayPal can recognize 97% of buyers.6

PayPal’s Fraud Protection Advanced can help merchants conduct useful fraud analysis to protect their organization from evolving threats. An adaptive, customizable enterprise fraud management solution, it provides powerful risk scores and allows businesses to manually hold, approve, or decline transactions.

Because of PayPal’s global data coverage, more than 20 years of industry risk expertise, rules and filters created by the enterprises can operate efficiently. And because PayPal uses strict quality control measures to help solutions work in real-world scenarios, the same benefit allows PayPal to make a helpful risk analysis on behalf of businesses who are enrolled in Chargeback Protection.

Chargeback Protection7 is an integrated solution that provides enrolled enterprises with quick risk decisions on eligible transactions. With Chargeback Protection, eligible approved orders that end up as chargeback for fraud, unauthorized, or item not received will be protected (reimbursed) against financial loss by PayPal. This tool helps to protect against financial losses, reduce internal resource expenditure on fraud management, and make chargeback costs more predictable.

The future of AI fraud prevention

Online payment fraud in e-commerce was anticipated to have reached $48 billion globally in 2023,7 representing a $7B increase from 2022.8 As AI technologies continue to evolve, so will the sophistication of attacks.

Without the appropriate security measures in place, more enterprises could potentially fall victim to AI fraud. It is crucial that businesses remain vigilant and continuously adapt their security measures to overcome new AI fraud techniques.

Explore PayPal Enterprise Solutions and our fraud and risk management tools to help stay ahead of AI fraud trends and maintain a confident security posture.

Was this content helpful?

Related content

Connect with our sales team

Let's talk about how PayPal can power your growth.

Tell us a little about your business so we can connect you with the right people

*All fields are required

Want to speak with an account specialist right away?

Call 1-855-787-1009

Need help with your existing account?

Visit our Help Center  

If you accept cookies, we’ll use them to improve and customize your experience and enable our partners to show you personalized PayPal ads when you visit other sites. Manage cookies and learn more