Fraud detection and zero trust identity: what teams need now

TL;DR: Fraud detection is under pressure as AI-driven attacks, deepfakes, and social engineering increase the speed and scale of compromise, while Ivy League breaches at Penn, Princeton, Harvard, Columbia, and NYU show how exposed databases and identity data can fuel downstream fraud, according to 1Kosmos. The real issue is that detection cannot compensate for weak identity proofing, over-trust, and poor access governance.

NHIMG editorial — based on content published by 1Kosmos: fraud detection, AI-driven threats, and identity assurance

Questions worth separating out

Q: How should security teams reduce fraud risk in identity-heavy workflows?

A: Focus on the points where identity trust is most vulnerable: enrolment, account recovery, profile changes, and payout or transfer approval.

Q: Why do exposed identity records increase fraud risk?

A: Exposed records give attackers the context they need to impersonate people convincingly.

Q: What breaks when fraud detection relies on login success alone?

A: Login success proves only that a credential or factor was accepted, not that the caller is trustworthy.

Practitioner guidance

• Strengthen identity proofing at enrolment and recovery Require higher-assurance verification for account creation, password resets, MFA rebinds, and beneficiary changes.
• Apply step-up checks to high-risk transactions Add friction to payments, profile changes, and data export requests when behaviour, device context, or session history looks unusual.
• Treat exposed identity data as fraud-enablement material When personal, donor, or alumni data is exposed, assume it can be reused for impersonation and spear phishing.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

• Specific fraud detection components, including data analytics, machine learning, real-time alerts, biometrics, and zero-trust identification
• The university breach examples with more detail on how donor and alumni systems became fraud targets
• Implementation features such as SIM binding, identity proofing, private blockchain storage, and API and SDK integration options

👉 Read 1Kosmos's analysis of fraud detection and identity assurance →

Fraud detection and zero trust identity: what teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →