MerchantGo Intelligence

Research Report R-002

Emerging Fraud Trends Executive Report

How fraud is becoming faster, more organized and harder to detect

Emerging ThreatsPublished July 202612 Min Read

Executive Summary

Fraud has professionalized. What used to look like opportunistic individual behaviour now behaves like a small industry — with tooling, division of labour, service marketplaces and clear performance metrics.

The single biggest change is speed. Attack methods now iterate faster than most enterprise change-management cycles, meaning static rule frameworks lose accuracy inside weeks rather than quarters.

The controls surviving this shift share a common design principle: they are engineered to update decisions quickly, not to be perfect on day one.

Key Findings

What the research shows.

  1. 01

    Attack cycles have compressed from months to days.

    New attack patterns move from first observation to widespread deployment in a fraction of the time seen even 18 months ago, driven by shared tooling and generative content.

  2. 02

    Generative AI is no longer optional infrastructure for attackers.

    From identity documents to voice, chat and social engineering scripts, generative tooling is now embedded across the attack lifecycle.

  3. 03

    Fraud rings behave like distributed operating businesses.

    Specialization across access, identity, cash-out and laundering is the norm, making single-vendor detection strategies structurally insufficient.

  4. 04

    Defender advantage is shifting from data volume to decision speed.

    The most resilient programs are those that reduce the time between signal and action — not those that collect the largest signal set.

Data Snapshot

Time From Attack Emergence to Mainstream Deployment

days (median)

2022148
202396
202461
202534
2026 YTD19

Illustrative executive-model data based on qualitative case reviews. Directional only.

MerchantGo Perspective

The uncomfortable truth is that most enterprise fraud programs were designed for a slower adversary. The design principles that made them effective in 2019 — deep models, long training windows, quarterly reviews — are now sources of latency rather than accuracy.

Programs built for 2026 look different. They assume signal will decay quickly, that operators must be able to intervene without a release cycle, and that experienced human judgment sits inside the loop rather than downstream of it.

Recommended Actions

What executives should do next.

  • Audit the time between a new attack being observed and a control change being deployed. Treat that number as a top-line executive metric.
  • Assume generative content in every high-risk identity workflow and rebuild verification accordingly.
  • Separate signal from decisions in the architecture so that either can be replaced without rebuilding the other.
  • Invest in experienced human operators with the tooling to intervene in near real time.

How MerchantGo Can Help

Bringing the research inside your organization.

  • Threat surface reviews focused on decision latency, not just detection coverage.

  • Redesign of fraud operating models around speed of decision and speed of change.

  • Executive briefings tailored to boards and executive committees navigating emerging risk.

Work with the team behind the research.