Contact
More about DataExpert

News

The Algorithm Blindspot: Are we heading toward a "Flash Fraud" event?

By Pepijn Slappendel, Busines Unit Manager DetACT

Remember the 2010 Flash Crash? In minutes, the stock market plunged nearly 10% when algorithms reacted to each other in a cascading effect, only to recover shortly after. Nothing fundamentally changed, the algorithms simply went haywire. And the most alarming part? It only took one person who understood the system to help trigger this massive market disruption.

What keeps me up at night is seeing the same pattern emerging in banking fraud prevention.

Banks are increasingly relying on AI algorithms to detect and prevent fraud. While these systems work well to spot known patterns, they share the same weakness as those stock market algorithms: they can miss new and unexpected threats. To be clear, AI systems remain powerful tools in fraud prevention; the goal is to implement a more robust anti-fraud strategy that addresses both known and unknown threats.

The Dangerous Parallel

In both scenarios:

  • Systems rely on past data to make predictions
  • Algorithm outcomes provide feedback that attackers can exploit
  • New attack methods can go undetected By the time patterns become clear, significant damage may be done

Fraudsters understand this weakness. They're constantly adapting, testing limits, and creating techniques designed to slip past algorithmic defenses. When they find a gap, now they can leverage generative AI to launch large-scale attacks faster than ever before.

Take Authorized Push Payment (APP) fraud as a perfect example. APP fraud continues to rise across markets with the most advanced detection technology. Why? Because these scams appear completely legitimate to algorithms: the payments are authorized by the actual customer, just under false pretenses. Simple adjustments to social engineering scripts can be enough to bypass AI systems trained on previous patterns, and by the time banks identify these new tactics, significant losses have already occurred.

The Threat of "Flash Fraud"

Now imagine this scenario at scale: a new fraud technique follows a pattern that AI hasn't seen before. Fraudsters can use generative AI to maximize their reach, creating attacks personalized at a scale previously impossible, all exploiting the same vulnerability. Before detection systems can gather enough data, analyze patterns, and implement countermeasures, millions could be lost across multiple banks at once: a "Flash Fraud" event.

Building Resilience Against the Unknown

The most effective fraud prevention strategies recognize a fundamental truth: we must build systems that can respond to what we haven't yet encountered.

Rather than viewing this as a limitation of AI, we should see it as an opportunity to develop complementary approaches that leverage both machine intelligence and human insight. This means building a multi-layered approach:

  • AI for known patterns, flexibility for unknown threats: Complement algorithmic detection with adaptive systems designed to identify emerging attack vectors that traditional AI might miss
  • Human-in-the-loop: Integrate expert judgment with automated systems to catch sophisticated tactics that pure technology solutions can overlook
  • Omni-channel visibility: Monitor customer activity across all banking channels to prevent exploitation of detection gaps between different anti-fraud systems
  • Session-based investigation capabilities: Analyze actual customer sessions to provide evidence-based verification, reduce false positives, and improve detection accuracy
  • Adaptive real-time intervention: Implement agile response mechanisms that can rapidly adapt intervention strategies as fraud tactics evolve

This multi-layered approach doesn't just improve fraud detection, it creates systemic resilience against the potential for rapid, widespread 'Flash Fraud' events. The future of fraud prevention isn't just better algorithms; it's smarter systems that combine AI efficiency with human judgment and adaptability. Most importantly, it requires a dedicated approach to handle threats that fall into AI's blind spots. By thoughtfully combining the strengths of AI with strategic human oversight, we can create fraud prevention systems more powerful than either approach could achieve alone. This integrated strategy offers not just better protection, but a more sustainable approach to the ever-evolving fraud landscape.

How are you preparing for the threats that don't exist yet?