Mitigating Fraud in the Digital Age: It’s Not the Tools but How You Organize

Fraud losses are rising. Banks do not lack technology, but fraud has industrialized faster than institutions have adapted how they manage the risk. The gap is now about more than detection capability. It is about fraud culture, ownership, and whether organizations are structured to act on clear signals before the money moves.

Fraud losses continue to rise. According to the Federal Trade Commission’s (FTC) Consumer Sentinel Network Data Book 2024, US consumers reported losing more than $12.5 billion to fraud in 2024, up 25% year over year. In FTC testimony to Congress in March 2026, the agency stated that consumers reported $15.9 billion in fraud losses in 2025. Cybercrime losses are even higher: the FBI’s Internet Crime Complaint Center reported almost $20.9 billion in losses in 2025.

In 2026, fraud operates like an industry: it is organized, scalable, fast, and increasingly supported by artificial intelligence (AI). Global illicit financial activity has risen to an estimated $4.4 trillion, and 90% of financial institutions are seeing more AI-driven attacks, reinforcing that fraud operates on a coordinated, industrialized model.

The shift toward more industrialized and continuous fraud is showing up inside bank balance sheets. In March 2026, the chief executive officer of the Bank of Lincoln County (Tennessee) testified before Congress that fraud losses at the bank exceed loan losses despite significant prevention efforts and anti-fraud investments. For many banks, that comparison is more plausible than it sounds. Credit losses have remained low in recent years, while payments fraud has grown steadily and is a persistent source of loss. Industry data shows fraud is no longer episodic but instead continuous and increasingly expensive to manage.[1] 

More Technology Is Not Closing the Gap

The growth and persistence of fraud losses help explain why so many banks feel like they are working harder and spending more but still losing ground. The industry has no shortage of technology—and advanced tools are essential in today’s environment—but technology on its own is not a complete solution. Its effectiveness depends on how well it is integrated, governed, and aligned within the broader fraud program.

A bank can invest heavily in detection and still underperform if it lacks the culture and ownership to act on what its data and people are already showing. The issue is whether anyone sees risk in full and with context. In most institutions, that view does not exist in real time. The fraud department sees one pattern, cyber another, and operations a customer issue, while anti-money laundering (AML) often flags concerns only after funds have moved. Each function operates from a partial view; activity that appears reasonable in isolation may look inconsistent across the full customer relationship and activity. Scams often fall into a gray zone between fraud, AML, and consumer protection, diffusing ownership and delaying action. 

That fragmentation is not just operational but economic. The business may already price a level of fraud loss into products and fees, while the fraud program separately consumes resources to reduce those losses. Without alignment, institutions are using resources to mitigate losses already accepted and absorbed into the profit and loss (P&L). This stands in contrast to credit risk, where losses are modeled, priced, and governed as a single discipline. As fraud losses begin to rival loan losses, managing that risk in fragments becomes untenable, resulting in a program that appears sophisticated but is not optimized. 

AI and Crypto Compound the Problem

AI has lowered the cost of deception and raised the speed, scale, and credibility of fraud campaigns. In April 2026, the FBI reported that cyber-enabled crimes defrauded Americans of nearly $21 billion in 2025, with cryptocurrency- and AI-related complaints among the costliest categories. The Financial Crimes Enforcement Network (FinCEN) has warned that generative AI is being used to create fabricated identity documents, synthetic content, and more designed to defeat verification and authentication controls. In other words, AI is industrializing traditional fraud. 

Crypto-based products compound the problem in a different way. If AI improves the front end of the scam, cryptocurrency improves the back end. It gives criminals a payment rail that is fast, borderless, difficult to recover, and highly effective once a victim has been persuaded to move funds voluntarily. The FBI has identified cryptocurrency investment fraud as a prevalent and damaging scheme, often beginning with socially engineered trust and evolving into repeated, high-value transfers.  

The combined impact of AI and cryptocurrency exposes weaknesses many institutions already have. AI makes bad actors more believable, while crypto makes fraud proceeds easier to move and harder to recover. Together, they compress decision time and allow suspicious activity to appear legitimate long enough for bad actors to succeed. Banks are not being outgunned by better technology; rather, their operating models are not built to support timely judgment, escalation, and cross-functional visibility.  

The Prevention Gap

Even as these pressures intensify, the industry understates the importance of prevention. Many institutions operate as if customer education, internal training, and increasingly sophisticated identity verification tools represent the practical limit of what can be done. In reality, fraud programs focus on what happens after the event, measuring losses, case volumes, recovery rates, and model performance. Far less attention is given to a more fundamental question: how many fraud attempts are actually stopped? When prevention is not measured, it is not managed, and programs default to explaining fraud after it occurs rather than stopping it before the customer becomes a victim. 

That gap is an organizational issue. Fraud related to real-time payments makes the weakness clear. The customer may be authenticated, the device familiar, and the payment technically authorized, yet the bank still loses because the customer has been manipulated into acting normally on the bank’s rails. The same pattern appears in cyber-enabled scams and crypto ATM schemes, which often begin with a traditional banking interaction before shifting into faster, harder-to-recover channels. The California Department of Financial Protection and Innovation warns that payments through crypto ATMs or kiosks are “quick and immediate” and that such transactions “cannot be reversed and are often untraceable.” 

Even where funds ultimately move through a crypto channel, the initial compromise and last realistic opportunity to intervene often occur within the banking relationship. That creates risk for institutions in terms of not only customer harm but also regulatory, reputational, and potential litigation exposure if warning signs are missed. The issue is not whether credentials were verified or warnings delivered but whether the organization is structured to recognize when activity does not make sense and act before the money moves. 

Organizational Execution and What Effective Programs Do Differently

Effective fraud programs do not win because they buy better tools but because they organize information, ownership, and decision-making to act before the money moves. Most institutions already have the data needed to identify risk but often lack a structure that connects those signals in time to intervene—especially when fraud, cyber, AML, operations, and the business each sees part of the problem, but no one owns the full response. 

The firms getting this right share these characteristics: 

• Prevention is treated as a primary operating objective. 

• Customer, transaction, channel, and behavioral data are used together.   

• Ownership and escalation paths are clear before a payment becomes irreversible.  

• The right kind of customer friction is accepted when the facts do not make sense.  

• Fraud controls are aligned with risk appetite, product economics, and consumer protection. 

An example of this type of program at work is Operation Level Up, an FBI initiative launched in 2024 to identify and contact victims of cryptocurrency investment fraud. Agents have intervened while some individuals were still liquidating retirement accounts, selling homes, or seeking sizeable loans to fund the scam. As of December 2025, the FBI had notified 8,103 victims and likely saved more than $511 million. In many cases, events began within a traditional banking relationship where customers were still moving funds, taking on new obligations, or changing behavior in ways that could have been identified before the money left the bank. 

It is not poor service to interrupt an out-of-pattern payment, question a sudden change in behavior, or escalate when a customer appears coached or under pressure. Regulators increasingly treat authentication, identity, fraud, and information security as connected risk decisions, with prevention responsibility sitting with senior management and the board. Again, effective programs are defined not by tools but by whether the institution can act before the money is gone. 

Conclusion

Fraud is no longer a marginal or episodic loss. For many institutions, it is becoming comparable to traditional credit risk but is still managed in fragments across functions, systems, and incentives. That mismatch is not sustainable.

Institutions that close that mismatch will treat fraud as an enterprise discipline, align ownership across the organization, and build a culture that is willing to act early on risk signals. The rest will continue to detect more, explain more, and lose more.

How BRG Can Help

BRG helps financial institutions strengthen fraud programs by aligning culture, governance, and operating models with today’s threat environment. We focus on whether organizations are structured to prevent fraud, not just detect it, including alignment across fraud, cyber, AML, operations, and the business. 

Our work includes improving the use of enterprise data to identify out-of-pattern activity, enhancing management reporting to drive action, and developing practical implementation roadmaps tailored to each institution. The objective is not more controls but a program and organizational culture designed to act on risk early and consistently. 

[1] CSBS, 2025 Annual Survey of Community Banks. https://www.csbs.org/sites/default/files/other-files/2025CBSurvey_web_CSBS.pdf; Federal Reserve Financial Services, Key Findings From the 2024 Federal Reserve Financial Services Survey of Risk Officers. https://www.frbservices.org/news/fed360/issues/040125/risk-management-survey-top-concerns-2024