How CISOs can regain ground in the AI fraud war

Fraudsters are winning the AI arms race, first-party fraud is rising, and siloed systems are holding back defenses, according to DataVisor. Their 2025 Fraud & AML Executive Report, based on surveys of banks, fintechs, credit unions, and digital platforms, outlines clear signals for CISOs trying to build resilient, forward-looking strategies.

Fraudsters have the upper hand

The most urgent issue? Criminals are using AI better than most organizations. Three in four respondents said fraudsters currently have the edge with generative AI, using it for deepfake scams, synthetic identities, and coordinated phishing. Only 12.5% of participants believe legitimate organizations benefit more than bad actors right now.

But that might not last. By 2027, over 80% expect the balance to shift in favor of defenders — assuming they move fast. One-third of surveyed institutions have already started using generative AI in their fraud workflows, and another 37.5% plan to do so in the next two years.

For CISOs, this isn’t just about chasing the next tool. It’s about building a governance framework that ensures AI is used responsibly, explains its decisions, and avoids creating new risks. The report underscores the need for transparent oversight as AI systems expand their reach into detection, investigation, and decision-making.

“AI has become a double-edged sword in fraud prevention,” said Yinglian Xie, CEO of DataVisor. “Fraudsters are innovating without regulation or legacy constraints, while organizations are still working to scale AI defensively. The institutions that move first—building AI governance, linking systems, and reducing manual effort—will define the new standard for fraud resilience.”

First-party fraud is everyone’s problem

Beyond AI, first-party fraud (FPF) is now the second-biggest concern among decision-makers. This type of fraud is becoming harder to detect and more expensive to stop. Rising consumer debt and changing attitudes toward digital dishonesty are fueling the problem. According to the report, even high-income Gen Z and Millennial users admit to falsely disputing charges or misrepresenting online transactions.

For CISOs, this points to a gap in traditional fraud strategies. Identity verification is no longer enough. Stopping FPF requires behavioral analytics, risk modeling, and better use of third-party data. It also means monitoring changes in user patterns over time — not just at login or account opening.

Identity is still a battleground

Synthetic identity fraud and account takeover remain high on the worry list. What’s changed is the sophistication. Fraudsters are now using AI to mass-produce fake identities and manipulate real ones in ways that outpace legacy detection systems. Even with two-factor authentication and strong KYC, respondents say they’re still vulnerable.

Interestingly, credit card fraud didn’t top the charts this year. Many see it as largely under control, thanks to chip-and-PIN and real-time monitoring. But the report warns against complacency. As criminals shift focus to more complex identity plays, institutions need to keep investing in adaptive risk models and machine learning systems that evolve quickly.

Silos are slowing everything down

If there’s one self-inflicted wound the report highlights, it’s operational silos. Seventy-five percent of respondents cited fragmented systems as a top challenge in AML operations, and more than half said false positives are overwhelming their teams. In fraud prevention, the impact is the same — disjointed data and manual handoffs lead to missed threats and wasted resources.

DataVisor pushes for a FRAML approach — combining fraud and AML functions to create a unified defense. While adoption is still low (only 13.3% have already implemented FRAML), interest is growing. CISOs exploring convergence should focus on shared data platforms and collaborative workflows, while preserving the regulatory nuances of each function.

Balancing fraud control with customer experience

One of the biggest tensions in fraud prevention is reducing losses without driving away users. Eighty-eight percent of survey participants say fraud-related financial losses are a top concern. But 81% are equally worried about customer friction caused by false positives or clunky verification.

This is especially true for fintechs, where speed and experience are competitive advantages. The report encourages investing in real-time analytics, document validation, and low-latency risk scoring. It also recommends tighter collaboration between fraud and marketing teams to ensure that detection doesn’t undermine acquisition.