Last week, Wind River’s Chief Information Security Officer, Doug Buan organized the IAFCI (International Association of Financial Crimes Investigators) 2025 Cyber Fraud Summit in Charlotte, NC. Buan also happens to be the co-chair of the IAFCI’s Cyber Fraud Industry Group. Over the course of the summit, the topic of AI became a consistent discussion point, specifically around how AI has the potential to be both a powerful ally and a serious threat to the future of cybersecurity.
We hear a lot about how AI will reshape various industries as the technology continues to evolve, and the payments industry is no different, particularly when it comes to cybersecurity. Cybersecurity and the prevention of fraud is serious business. According to IBM, the average cost of a data breach in 2024 was $4.88 million globally. And if that seems like too large of a number to grapple with, then take this one for example. According to the 2025 Verizon Data Breaches report, the median amount paid by small to medium-sized business during a ransomware attack was $115,000.
With that in mind, the battle against cybercrime wages on, and AI is a true double-edged sword in the fight. It has the capacity to both better arm cybersecurity teams in combatting fraudulent activity as well as allow cyber criminals to create more efficient attacks.
AI: A Payment Industry Ally
The biggest boon that AI provides the payments industry is through its ability to detect and prevent fraud, streamline compliance, automate operations, and improve customer experience.
1. Fraud Detection and Prevention
AI can provide real-time monitoring of millions of transactions and watch for suspicious patterns such as sudden changes in purchase location or frequency of purchases. These changes typically indicate fraud. Additionally, payment security teams can use AI to create adaptive risk scoring that changes as customer behavior evolves, allowing merchants to more confidently recognize the difference between a legitimate or fraudulent transaction.
2. Reducing Risk and Improving PCI Compliance
AI-enhanced document verification can cross reference social security numbers or employer identification numbers against national databases, such as LexisNexis. These databases allow payment processors to flag any data that doesn’t match. AI can also be used to continuously monitor a business for PCI compliance.
3. Operational Efficiency
Payment processors will be able to implement AI to assist with automated chargeback detection and management. This will be able to significantly reduce manual workloads on their payment security teams. On top of that, through predictive analytics, processors will be able forecast transaction volumes and optimize payment routing for speed and cost. Both of these abilities will be able minimize the burden of processing costs for merchants.
4. Customer Experience
Merchants will be able to create personalized fraud alerts via AI that will help avoid disruption to legitimate customers. What’s more is that businesses will be able to implement dynamic authentication methods that will protect both them and their customers from fraudulent transactions.
AI: A Threat to Payment Security
While AI can help improve the defense against cyberattacks, it also allows cyber criminals to leverage the same technology, thus creating much more efficient and deadly attacks. Some of these threats include:
1. AI-Driven Fraud
Automated phishing campaigns can mimic legitimate payment notifications or merchant communications. These sophisticated attacks can be extremely deceptive and lead to recipients providing sensitive information. AI is also being used to create deepfake voice and video to aid criminals in bypassing security checks. In some instances, cybercriminals don’t even need to steal personal information. AI-generated identities can be used to open fraudulent accounts instead.
2. Evasion and Manipulation
One of the things that makes AI so useful is its ability to learn, and cybercriminals can use this to enhance their attacks by quickly learning from previously failed attempts. These same tools can also be used to manipulate friendly AI to misclassify transactions as legitimate.
3. Scalability of Attacks
Stolen credit card testing is something most ecommerce businesses need to be alert for, but that task becomes even more challenging when bad actors utilize AI bots to test cards at scale that avoid triggering traditional fraud filters. Furthermore, AI’s ability to learn that was mentioned above can be used to quickly pinpoint successful tactics and quickly replicate them against multiple merchants.
Navigating an AI-Dominated Future
As AI continues to evolve, both processors and merchants will need to proactively adapt to secure transactions and maintain trust. Moving forward, if you want to maintain a successful cybersecurity solution that can manage AI-guided threats in the future, there are several things you can do:
- Educate Yourself – AI is more than just asking a question and getting a response. Even the most tech-savvy individuals could benefit from learning more deeply how AI works, how to compose better and more effective questions and prompts, or how to use AI to conduct analysis and forecasts. There are both free and paid courses out there, but we suggest this course through Coursera as a starting point. You can audit the modules for free or opt for the paid version to get a completion certificate.
- Leverage AI Anti-Fraud Tools – If you want to “fight fire with fire,” there are existing tools you can implement today. Both Signifyd and Kount are solid choices. Signifyd is generally easier to implement and is well-suited for merchants looking for a straightforward solution while Kount provides more customization and is great for businesses needing tailored fraud prevention.
- Verify, Verify, Verify – One particularly deceptive use of AI is through the use of deepfake video and audio. This is often used to impersonate senior leadership at a company in order to get employees to divulge sensitive customer or financial information or to transfer funds. Even if it sounds like you’re getting a call from the boss, it needs to be double checked. In these scenarios, it is critical that businesses have policies in place that require additional verification through alternative channels to determine authenticity of such requests. This could mean giving the person a direct call or even dropping by their office.
- Go to the Experts – If you don’t have the time, capacity or manpower to dedicate to understanding and implementing AI tools yourself, there are many cybersecurity vendors out there that can take on the task for you. Wind River has an internal security team that does just that for our customers. You could also research the Better Business Bureau for your area or contact your local Chamber of Commerce for vendor suggestions.
If there’s one key takeaway from all of this, it’s that the best tool to combat AI is AI itself. AI is very good at detecting patterns and anomalies, which is key to sniffing out fraud. If you want to know more about how AI can help fight payment fraud and cyberattacks, give us a call!
"*" indicates required fields