Notifications
Clear all
Topic starter
12/06/2026 10:03 pm
TL;DR: Nearly half of fraud attacks are now AI-driven, creating heavier manual workloads and sharper financial losses for fraud teams as privacy rules tighten, according to Fingerprint. Device intelligence can help reduce false declines, but it does not remove the governance problem of deciding what trust signals remain reliable at scale.
NHIMG editorial — based on content published by Fingerprint: AI fraud and privacy regulations are rewriting the rules
Questions worth separating out
Q: How should security teams use device intelligence without over-trusting it?
A: Security teams should treat device intelligence as a risk input, not a proof of identity.
Q: Why do privacy updates make fraud detection harder?
A: Privacy updates make fraud detection harder because they reduce the stability and availability of identifiers that older models depended on.
Q: What do teams get wrong about fingerprint-based fraud controls?
A: Teams often assume a device fingerprint is a durable identity marker when it is really a probabilistic signal.
Practitioner guidance
- Map device intelligence into identity risk decisions Place device and session signals inside the same risk workflow used for login, step-up checks, account recovery, and high-risk transactions so fraud teams and IAM teams act on one shared view.
- Test how privacy changes degrade detection quality Re-run fraud model evaluations after browser and operating-system privacy updates to measure false positives, false negatives, and signal loss before attackers exploit the blind spots.
- Reduce dependence on single persistent identifiers Use layered controls such as behavioural analytics, velocity checks, and transaction context so one weakened identifier does not collapse the whole detection stack.
What's in the full article
Fingerprint's full report covers the operational detail this post intentionally leaves for the source:
- Practical examples of how device intelligence is applied to fraud scoring and trust decisions.
- More detail on the interplay between privacy updates, signal quality, and detection accuracy.
- Operational considerations for teams comparing build and buy options for fraud tooling.
- Specific product and workflow detail on how Fingerprint positions device intelligence in payment-fraud environments.
👉 Read Fingerprint's full analysis of AI fraud and privacy regulation →
AI fraud, device trust, and the governance gap teams are missing?
Explore further
13/06/2026 12:33 am
AI fraud is no longer just an application-security problem, it is an identity-trust problem. The article’s core signal is that fraud prevention now depends on how well organisations can distinguish trustworthy sessions from automated abuse under changing privacy constraints. That pushes the issue into IAM, risk, and customer access governance, not just payment operations. Practitioners should treat device intelligence as part of the identity control plane.
A few things that frame the scale:
- From our research: The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: Who should own fraud controls when identity and payments overlap?
A: Ownership should be shared across fraud, IAM, and security governance, because the control affects access, trust, and financial loss at the same time. If only one team owns the problem, signals and response thresholds usually drift apart. A shared operating model creates clearer accountability for how trust decisions are made and reviewed.
👉 Read our full editorial: AI fraud and privacy regulations are reshaping device trust
