TL;DR: Fintech leaders at Money20/20 Europe say borderless fraud now demands early control design, continuous cross-team coordination, and AI-driven risk governance to preserve customer experience, according to SumSub. The governance gap is no longer detection alone, but whether fraud controls are embedded early enough to keep pace with partner risk and evolving attack patterns.
At a glance
What this is: This episode examines how fintech leaders are responding to increasingly sophisticated, borderless fraud with earlier controls, better collaboration, and AI-informed governance.
Why it matters: It matters because identity and fraud programmes now have to span customer, partner, and machine-driven decision paths without breaking trust or slowing legitimate access.
👉 Read SumSub's What the Fraud? episode on borderless fraud governance
Context
Borderless fraud is a governance problem as much as a detection problem. When attacks move across partners, products, and payment flows, late-stage controls are too slow to contain harm and too blunt to protect customer experience.
For IAM and fraud teams, the key question is how early identity, risk, and monitoring decisions are made in the lifecycle. The article points to cross-team operating models, AI-informed detection, and trust-based partner controls as the practical levers.
Key questions
Q: How should fintech teams embed fraud controls without creating too much customer friction?
A: They should move from blanket friction to contextual control. Use identity, device, transaction, and partner-risk signals together so only higher-risk journeys trigger added checks. The goal is not fewer controls, but better-timed controls that intervene earlier and more selectively.
Q: Why do borderless fraud tactics require cross-team governance?
A: Because attackers exploit seams between product, fraud, security, compliance, and partner operations. If alerts, thresholds, and response ownership sit in separate silos, the organisation reacts too slowly. Shared escalation rules and joint decision-making are what make controls operationally useful.
Q: How do teams know if AI-driven fraud detection is actually helping?
A: Look for reduced false positives, faster review times, and measurable improvement in stopping high-risk activity before authorisation. If AI only adds complexity or shifts work into manual review queues, it is not improving governance. Effective programmes can explain decisions and tune models over time.
Q: Who should own fraud governance when partner ecosystems are involved?
A: Ownership should be shared across fraud, risk, security, compliance, and the business teams that manage the partner relationship. External dependencies change the control surface, so no single function can govern borderless fraud alone. Clear accountability for partner-risk signals is essential.
Technical breakdown
Why early fraud controls matter in identity and payments flows
Embedding fraud controls early means risk signals are evaluated before a transaction or access decision reaches the point of irreversible impact. In payments and fintech, that usually means combining identity checks, behavioural signals, device trust, and transaction context rather than relying on one control layer. The operational mistake is treating fraud as a downstream exception process instead of a design input. Once that happens, response becomes slower, investigations become noisier, and legitimate users face more friction.
Practical implication: move fraud decisioning upstream into onboarding, authentication, and transaction approval points, not just post-event review.
AI-driven risk management in fraud detection
AI in fraud detection is most useful when it helps correlate signals at runtime, especially where fraud patterns are distributed across channels or partners. But AI does not remove the need for governance. Teams still need clear thresholds, review paths, escalation rules, and model monitoring so that the system does not become a black box that shifts risk rather than reduces it. The article’s emphasis is on balancing speed with control, not automating judgment away entirely.
Practical implication: govern AI-assisted fraud models as decision systems, with clear oversight, auditability, and exception handling.
Cross-team collaboration as a fraud control
Fraud resilience in fintech depends on shared operating models across product, risk, compliance, security, and partner management. Borderless fraud exploits organisational seams, so control effectiveness depends on whether teams share signals, escalation criteria, and ownership for action. Isolated tooling cannot compensate for fragmented accountability. The strongest programmes treat fraud as a cross-functional lifecycle issue, not a single-team responsibility.
Practical implication: formalise shared response paths and escalation criteria across fraud, IAM, security, and partner teams.
Breaches seen in the wild
- DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
- Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Fraud governance now sits at the intersection of identity, data, and partner trust. The article shows that the fraud problem is no longer confined to one channel or one control stack. When attackers move across borders, partners, and payment journeys, the real weakness is fragmented governance rather than a single missing tool. Practitioners should treat fraud as a distributed identity problem that crosses organisational boundaries.
Embedding controls early is a lifecycle issue, not just a detection issue. Fraud prevention that starts after the transaction has already been authorised is structurally late. The better pattern is to align risk controls with onboarding, access establishment, and transaction approval so that suspicious behaviour is intercepted before trust is extended. Teams should re-evaluate where in the lifecycle they still rely on retrospective controls.
AI governance is becoming part of fraud governance, not a separate conversation. The article’s references to real-time detection and AI-driven risk management point to a broader shift: fraud teams are increasingly asking machines to help make or shape decisions under time pressure. That raises questions about transparency, tuning, and accountability. Practitioners should govern AI fraud systems with the same rigor they apply to other high-impact decision workflows.
Borderless fraud exposes the limits of single-team operating models. The strongest signal in the discussion is the need for ongoing collaboration across business, risk, and technical teams. Fraud control breaks down when each group owns only a fragment of the decision path. Practitioners should expect the governance model to matter as much as the control itself.
From our research:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- 45% of organisations cite lack of credential rotation as the top cause of NHI-related attacks, ahead of inadequate monitoring and logging at 37%.
- For the lifecycle angle, see Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs for governance patterns that help close the gap.
What this signals
Identity risk is becoming inseparable from fraud governance. As fraud tactics move across partners and channels, the control problem looks less like a single detection challenge and more like a lifecycle governance issue. Teams that still separate identity, fraud, and partner risk will keep finding gaps at the handoff points.
AI-assisted decisioning needs governance before it needs scale. The practical question for most programmes is not whether AI can improve detection, but whether the decision path remains understandable when AI influences triage, scoring, or intervention. That is where auditability, exception handling, and tuning discipline matter most.
With 1 in 4 organisations already investing in dedicated NHI security capabilities, per The State of Non-Human Identity Security, the market is signalling that identity governance is moving deeper into machine-to-machine and partner-connected risk. Fraud teams should expect more convergence between IAM controls, risk operations, and data-driven detection.
For practitioners
- Move fraud controls upstream Place risk checks at onboarding, authentication, and transaction-authorisation points so suspicious activity is stopped before value moves. Review where post-event detection still substitutes for preventive control.
- Define shared escalation paths Create one operating model for fraud, IAM, security, compliance, and partner management so alerts, thresholds, and response ownership are not fragmented across teams.
- Govern AI-assisted fraud decisions Document model thresholds, review rules, exception handling, and audit requirements for AI-supported fraud detection so automated recommendations remain explainable and challengeable.
- Map partner risk into identity controls Assess external partner dependencies as part of fraud and access governance, especially where trust-based integrations can expand the blast radius of compromise or misuse.
Key takeaways
- Borderless fraud is now a governance problem that spans identity, partners, and payment decisions.
- Early controls and AI-assisted detection only work when teams share ownership for thresholds, escalation, and review.
- Fraud programmes that ignore lifecycle design will keep reacting after trust has already been extended.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Access control decisions must reflect fraud and partner risk in payment flows. |
| NIST AI RMF | AI is used for real-time fraud detection and needs governance. | |
| NIST Zero Trust (SP 800-207) | PR.AC | Borderless fraud exploits weak trust boundaries across partner-connected systems. |
Align fraud controls with identity and access decisions at onboarding and authorisation points.
Key terms
- Fraud governance: Fraud governance is the set of decision rights, controls, and accountability structures used to prevent, detect, and respond to fraud. In practice, it links business, risk, security, and compliance so that fraud controls are designed, owned, and measured consistently across channels and partners.
- Partner risk: Partner risk is the exposure introduced when an organisation relies on external platforms, vendors, or local partners to deliver services. In identity and fraud programmes, it extends the control surface beyond direct systems and makes trust decisions dependent on offboarding, monitoring, and shared response.
- AI-assisted decisioning: AI-assisted decisioning is the use of machine learning or generative models to inform or automate risk judgments. For fraud programmes, the key issue is not whether AI is used, but whether its outputs are explainable, tunable, and governed with clear escalation paths when the model is wrong.
Deepen your knowledge
Fraud governance, lifecycle control, and partner-risk visibility are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are aligning fraud operations with identity governance, it is worth exploring.
This post draws on content published by SumSub: What the Fraud? episode 2 from Money20/20 Europe in Amsterdam. Read the original.
Published by the NHIMG editorial team on 2026-06-08.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
