For years, fraud strategy assumed a familiar adversary. A stolen card. A bot testing BINs. A compromised account. Those threats still exist — but they now sit at the bottom of a much larger and more sophisticated stack.
Synthetic Identity: The Fastest-Growing Threat
Synthetic identity fraud — the creation of fictitious identities from a blend of real and fabricated data — is now the fastest-growing enterprise fraud category in North America. Because synthetics behave like real customers for months or years before "busting out," they routinely defeat controls designed to catch anomalies in a single transaction.
Synthetic identities don't look like fraud. They look like customers. Until they don't.
Generative AI Has Rewritten the Attack Playbook
Attackers now use generative models to produce convincing documents, images, voice samples and written communications. What used to require a skilled operator can now be produced in seconds by anyone.
What has become cheap
- — Photo-realistic identity documents
- — Voice cloning for account takeover
- — Convincing dispute narratives
- — Automated social engineering at scale
- — High-quality phishing content in any language
Organized Networks, Not Lone Actors
The majority of high-value fraud losses now trace back to coordinated networks that operate across merchants, geographies and product lines. These groups share infrastructure, refine techniques and target defenders systematically.
Isolated fraud investigations rarely reveal the true scope. Cross-portfolio and consortium-level intelligence is essential to see the pattern.
Friendly Fraud Is Not Friendly
First-party abuse — legitimate customers disputing legitimate purchases — has become a structural cost of doing business. Some is intentional. Much is confusion, forgotten subscriptions or family members. All of it is expensive.
The organizations managing this well don't treat every dispute as fraud. They invest in clear billing descriptors, proactive customer communication and representment evidence that reflects the actual customer relationship.
What Defenders Should Do Now
- Invest in identity — not just transaction-level controls.
- Combine signals across the customer lifecycle, not moment-in-time.
- Build cross-functional response between fraud, disputes and customer service.
- Use consortium data to see what you cannot see alone.
- Assume the attacker has the same AI tools you do.

