AI and fraud at Money20/20: trust is becoming the control plane

At a glance

What this is: A Sumsub podcast episode on how AI is reshaping fraud, AML, and compliance in fast payments and platform risk.

Why it matters: It matters because practitioners need controls that can handle AI-enabled deception, payment velocity, and identity assurance across both human and non-human workflows.

👉 Read Sumsub's podcast episode on AI, fraud, and trust at Money20/20

Context

Fast payments compress the time available to validate identity, intent, and transaction legitimacy. When AI is used to generate deepfakes, synthetic documents, or other deceptive signals, the gap is not only technical. It becomes a governance problem for fraud, AML, and compliance teams trying to decide what should be trusted, when, and by whom.

This episode treats trust as an operational issue rather than a policy slogan. That framing matters for identity programmes because the same pressure shows up across customer onboarding, account recovery, payment authorisation, and machine-assisted decisioning, where weak assurance can be exploited faster than manual review can respond.

Key questions

Q: How should fraud teams handle AI-generated identity evidence in onboarding flows?

A: Fraud teams should treat AI-generated evidence as potentially convincing but not independently trustworthy. Use layered verification that combines document checks, device intelligence, behavioural signals, and source validation. The goal is not to block all automation. It is to ensure no single artefact can determine trust when synthetic content can be produced at scale.

Q: Why do fast payment systems make AI fraud harder to contain?

A: Fast payment systems compress the time available for review, escalation, and intervention. AI increases attacker speed and lowers the cost of generating convincing identities or transaction narratives. When the operational path is faster than the control path, fraud can move from detection to completion before human review has a chance to intervene.

Q: What do security and risk teams get wrong about trust in AI-enabled workflows?

A: They often assume trust is a one-time decision made at onboarding or first use. In AI-enabled workflows, trust has to be revalidated as context changes, because the same actor, channel, or evidence stream can be manipulated mid-process. Teams need to think in terms of ongoing assurance, not static approval.

Q: How can organisations govern agentic AI in fraud and compliance operations?

A: Organisations should define which AI-driven actions are allowed, who owns them, what evidence they can touch, and how they are audited. Agentic workflows need clear approval boundaries and traceability because they can shape decisions without a human in the loop. Without that governance, accountability becomes difficult to reconstruct after an incident.

Technical breakdown

AI-enabled deception in payment and onboarding flows

AI changes fraud operations by making identity evidence cheaper to produce and harder to distinguish from legitimate submissions. Deepfakes, synthetic documents, and automated impersonation can all pass through controls that were designed around static, human-paced review. In payments, the risk is amplified because onboarding, credential recovery, and transaction approval often share the same trust signals. If those signals can be generated or altered at machine speed, the control point moves from document review to evidence provenance and behavioural correlation.

Practical implication: move from single-signal verification to layered checks that combine document integrity, device, and behavioural context.

Cross-border payments and the trust latency problem

Cross-border payment workflows often cross multiple risk domains in one transaction path: identity verification, sanctions screening, fraud scoring, and AML review. AI reduces the time attackers need to pivot between those domains, while operational handoffs create latency for defenders. The technical issue is not just volume. It is the mismatch between the speed of automated deception and the slower pace of escalation, review, and exception handling in distributed financial operations.

Practical implication: redesign escalation paths so high-risk payment decisions can be contained before downstream settlement or release.

Agentic AI and the expanding identity surface

Agentic AI introduces a new problem when systems can choose actions, tools, and timing with limited human intervention. In that model, identity is not only about a person or customer account. It also includes software actors making decisions that affect verification, payment routing, or case handling. That expands the trust surface because governance must now account for who initiated the action, which data the actor touched, and whether the decision was reviewable after the fact.

Practical implication: define ownership and auditability for AI-driven workflows before they are allowed to influence fraud or compliance decisions.

NHI Mgmt Group analysis

AI-driven fraud is turning trust into a runtime governance issue. The article’s central signal is that fraud teams can no longer treat verification as a one-time checkpoint. AI-generated identity artefacts, synthetic personas, and accelerated attack cycles mean the trust decision is now continuously contested. The implication is that assurance must be designed as an operating model, not a static control list.

Fast payments expose the identity latency gap in current controls. Payment systems can move value faster than risk teams can validate evidence, escalate anomalies, and apply manual judgement. That gap becomes visible when AI compresses attacker effort to minutes while governance still runs on slower review cadences. Practitioners should recognise that latency itself has become a control weakness.

Agentic AI widens the trust boundary beyond human identity. When software can initiate, route, and adapt actions inside financial workflows, the programme must account for machine-mediated decisions as part of fraud governance. That does not replace human accountability, but it does mean identity assurance now spans people, bots, and AI-driven services. Practitioners need a governance model that treats all three as part of the same decision chain.

Operational trust is now a cross-functional control domain. Fraud, AML, compliance, and product teams are being pulled into the same control conversation because AI abuse cuts across their traditional boundaries. That makes isolated controls less effective than shared evidence models, common escalation rules, and a single view of trust signals. Practitioners should align ownership before AI-enabled fraud creates organisational blind spots.

From our research:

• 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
• For operational guidance on lifecycle and governance controls, see NHI Lifecycle Management Guide and extend it to AI-influenced workflows.

What this signals

Trust governance is converging across fraud, IAM, and AI oversight. As AI-enabled deception enters onboarding and payment journeys, identity teams will be asked to justify not just who was verified, but why the evidence was trustworthy at the moment of decision. That is a different operating model from simple KYC or IAM enforcement, and it requires shared signals across teams.

Identity latency is becoming an exposure metric. The practical question is no longer whether a control exists, but whether it can act before a payment or account action is irreversible. Teams that measure only detection coverage will miss the real failure mode, which is delay between suspicion and containment.

For teams already managing machine identity, the lesson is to extend governance patterns into AI-influenced business workflows rather than treating them as a separate risk island. The same discipline that applies to service account ownership, access boundaries, and review trails can be adapted to fraud operations where AI is now shaping the decision path.

For practitioners

• Rebuild verification around evidence provenance Treat submitted identity artefacts as untrusted until their source, capture path, and consistency across channels have been checked. Use multiple corroborating signals instead of one document or one selfie to reduce AI-generated deception risk.
• Shorten the fraud escalation path Create a containment path for high-risk payment and onboarding cases that can halt release before settlement, account activation, or irreversible downstream actions. The goal is to remove delay where AI-driven fraud benefits most.
• Map AI-influenced decisions to named owners Document which fraud, AML, and compliance decisions are assisted or influenced by AI systems, then assign accountable business and control owners for each step. Keep the audit trail clear enough to reconstruct the decision chain after an incident.
• Treat trust signals as shared control data Align fraud, risk, and compliance teams on a common set of trust signals so they are not making conflicting decisions from separate views. Reconcile onboarding evidence, behavioural anomalies, and payment context in one operating model.

Key takeaways

• AI is changing fraud from a verification problem into a runtime trust problem that spans onboarding, payments, and compliance.
• The main operational gap is latency, because fast payments and AI-generated deception can outrun manual review and exception handling.
• Practitioners need shared evidence models, clearer ownership, and auditable AI-influenced workflows before trust failures become irreversible losses.

Key terms

• Evidence Provenance: Evidence provenance is the ability to trace an identity signal or document back to its original source and capture path. In fraud and compliance workflows, provenance helps determine whether a signal is authentic, manipulated, or contextually misleading before it is used for a decision.
• Identity Latency: Identity latency is the time gap between a risk signal appearing and a control being able to act on it. In fast payment and AI-assisted workflows, that delay can determine whether a suspicious action is contained or allowed to complete.
• Agentic Workflow: An agentic workflow is a process in which software can choose actions, tools, and execution timing with limited human intervention. In identity governance, that matters because decisions, evidence access, and escalation steps may be initiated by the system rather than a person.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by Sumsub: Fast Payments, Hard Trust: AI and Fraud at Money20/20 Part 1. Read the original.