AI vs. AI: Understanding the new arms race in payment security

Artificial intelligence (AI) is amplifying the game of cat-and-mouse that cybersecurity experts and criminals have been playing since the 1970s, when researchers created the very first computer virus, Creeper, and developed the Reaper tool to fight it. The introduction of new security tools has long meant that criminal innovation quickly follows.

Now, generative AI is accelerating the cycles: AI is transforming crime just as much as it is commerce. Payment security is entering a new arms race where trust depends on whose algorithms — fraudsters or defenders — learn faster. Here’s a closer look at how AI is shaping next-generation fraud and cybersecurity threats and how new payment security innovations are helping merchants fight back.

Understanding the state of AI-enabled financial fraud

The headlines are full of cases where criminals use AI for everything from creating deepfake videos to developing malicious code injections that drive fraud. The Deloitte Center for Financial Services estimates that generative AI could drive up to $40 billion annually in fraud losses for banks and customers in the US by 2027. The Global Anti-Scam Alliance estimates that across all scams and fraud types, AI helped enable over $1 trillion in losses in 2024 alone.

That rate is not slowing down. Gen, the holding company behind several antivirus software solutions, found that in Q1 of 2025, data breaches of personal data increased 186% and phishing attempts increased 466%. They’ve identified a major driver of the increases as AI-powered cybercrime tools. Overall research from the 2025 AI Trends in Fraud and Financial Crime Prevention report estimates that 50% of fraud today is AI-enabled.

Organizations from banks to payment processors are fighting back, however, with 90% of institutions implementing AI to detect fraud, according to the same AI Trends in Fraud report. These investments pay off: Nvidia notes that organizations with robust AI fraud detection tools see up to a 40% increase in detection accuracy. One study found that AI-enabled fraud detection is expected to reduce losses by as much as 20% in 2025 alone. Investments are only going to scale, with KPMG noting that AI fraud prevention and detection solutions were the top-cited use case for generative AI by 76% of financial institution leaders.

How criminals are using AI in payment fraud today

For criminals, AI is making traditional forms of payment fraud more efficient and scalable, as well as introducing new attack vectors. As Microsoft recently noted, AI allows criminals to scale their attacks with greater precision, better targeting, and strategic timing. Deepfakes — creating images or videos that look real — have been used in fake, sophisticated, multi-person conference calls to trick employees into making large fraudulent transfers. Voice cloning has turned a simple voice recording into a tool that can be used for everything from system authentication to hack accounts to impersonating authority figures. In the same vein, deepfakes images have been used for visual account authentication, even tricking state-of-the-art features such as aliveness checks with realistic animations.

Criminals are using generative AI to blend real data and fake data to create synthetic identities. These can be used to open accounts and create consistent identity narratives that are hard to recognize as fake. In addition, generative AI can help criminals quickly gather information on targets and develop sophisticated social engineering that appeals to a specific personality or mimics an executive well enough to confuse employees. Layered along with increasingly sophisticated malware and code-based attacks, the threat level of AI-powered fraud is constantly in the red zone.

How payment processors are fighting back

Financial institutions and payment processors are on the forefront of anti-fraud adoption. Effective, intelligent anti-fraud solutions that are powered by AI and machine learning are multilayered and work at all levels of the payment processing world. Some innovations to be aware of include:

Payment devices

The terminal or point of sale system itself must be secured. Hardware can be fitted with anti-tampering features, like the ability to power down or alert employees after tampering attempts happen to stop skimming, malware, and related threats. In situations where merchants are embracing software points of service, SoftPOS solutions focus on hardened software that runs effectively on every device.

Network management

Network and perimeter security remain critical, using strategic approaches to data segmentation, access management, and real-time tools that are constantly scanning for threats.

Real-time machine learning scoring and authentication

Risk scoring and authentication is complex. Integrating machine learning allows payment networks to look at behavioral analytics, payment patterns, digital identity, and dozens of other factors in record time to dissuade fraud and offer fast, accurate approvals for customers.

Encryption and enhanced cryptography

The best solutions ensure that data is encrypted from end to end throughout the transaction, using validated point-to-point encryption (P2PE). When data is never in a cleartext format throughout the process, there’s nothing to intercept and little that criminals can do with the data. Advanced cryptography models that enhance key management also make it harder for criminals to meaningfully access compromised data.

Tokenization

Tokenization lets you replace sensitive data like a credit card number with a stand-in so that activities such as reporting or back-end management don’t create security gaps. When this approach is adopted, research from Visa found fraud can decrease up to 60%.

Authentication and verification

Introducing advanced identity verification methods such as the use of passkeys, biometric identification data, and multi-factor authentication, along with other emerging technologies, helps vendors accurately identify who is a customer and who is a criminal.

Secure infrastructure: Every layer of payment infrastructure can add greater security or introduce a potential fraud risk vector. It’s important to choose partners that embrace high security standards at every level and are constantly using testing to identify and close gaps.

Who should be at your side in this arms race?

In the AI vs. AI arms race that’s developing in real time, organizations need to choose the right partners. Security, anti-fraud protection, and a proactive stance that’s constantly integrating artificial intelligence and machine learning to provide greater accuracy and security are essential in a payments partner. Developing the right plan and finding partners means focusing on a few key factors.

Understand your baseline and set targets: What’s measured gets managed. Take the time to assess your current KPIs related to fraud detection. Identify gaps, room for improvement, rising threats, and opportunities to improve customer experience and security. Translate that into a clear plan so that you can measure the success of your investments.

Invest with knowledgeable partners: The Merchant Risk Council found the average respondent to a survey was juggling five tools to try to catch fraud. Disconnected solutions lead to unnecessary cost and complexity. Instead of trying to pull together disparate solutions, invest strategically with knowledgeable partners that can help you map your needs and provide integrated solutions that work seamlessly across your business.

Evaluate potential providers: When you’re choosing a partner, start by evaluating the different layers of their multilayered approach. Take the time to discuss their approach. How is each layer secured? How do they go beyond basic compliance into proactive detection? How is AI and machine learning enhancing their offerings? What does their roadmap look like? Determine not only the ability of today’s technology to deliver on your needs, but make sure the long-term vision is proactively positioned to meet emerging threats.

Next steps: Preparing for future security threats

While generative AI holds tremendous potential for organizations to increase productivity and develop innovative products, it introduces new risks into an already complicated cybersecurity and compliance reality. However, even as criminals are finding new ways to perpetrate fraud, payment security leaders are at the forefront of understanding emerging threats, deploying real-time tools to combat them, and developing multilayered approaches to security that protect the payment ecosystem from terminal to back office.

Best practices for in-store payment security

Get a primer on Verifone's multi-layered approach to payment security by reading our infographic.