Payment fraud: How a layered defense can protect payment platforms in 2025

In early 2025, Cash App’s parent company, Block, agreed to pay up to $255 million to settle claims that weak anti-fraud controls let criminals misuse its platform for money laundering and scams.

Cases like this are all too common among payment and account platforms… 

Payment fraud is a structural problem. It starts with onboarding. Document fraud, identity abuse, and synthetic account creation allow bad actors to access your platform under false pretenses. Once inside, they move money fast, route it through mule networks, and exploit platform features built for speed and ease.

And once it starts, it spreads. 

It infects your transaction systems, leading to the need for anomaly detection, behavior analysis and other transaction fraud detection technology to stop criminals before the problem gets worse. 

Payment platforms need a layered defensive strategy to catch and prevent fraud on payment platforms.  That means secure onboarding, document fraud detection, and transaction screening and monitoring working together. Not in silos. 

Read on to learn how payment service providers are being exploited. Learn what it takes to stop fraud at the source.

What is payment fraud?

Payment fraud isn’t just a stolen account or a suspicious charge. It’s a system-level breach. It attacks payment service providers at two critical moments: onboarding and transactions.

Disclaimer: While we use the term “fraud” throughout this piece, we fully recognize the distinction between fraud and financial crime (fincrime). Historically, fraud referred to deceptive tactics for financial gain, while fincrime encompassed broader illegal activities like money laundering, terrorist financing, or sanctions evasion. But in today’s ecosystem, these categories are merging fast.

Take Authorized Push Payment (APP) fraud, for example—on the surface, it’s a social engineering scam. But underneath, it often relies on money mule networks, fake businesses, and laundering structures typically classified as fincrime. In other words, most of today’s fraud has fincrime infrastructure behind it—and much of today’s fincrime relies on fraud to function.

For simplicity, we’ll be using the term “fraud” throughout this blog. But we acknowledge that financial crime extends well beyond what fraud alone can describe.

Onboarding payment fraud

Fraud starts with access. Scammers exploit weaknesses in account creation to sneak fake users into legitimate platforms. They use document fraud and stolen information to create synthetic identities, money mule accounts, and shell companies. Sometimes they even scam your real customers, gaining access to legitimate profiles. 

If criminals learn how to bypass your KYC (know your customer) and KYB (know your business) checks the consequences can be dire. How dire? Seemingly valid accounts will have carte blanche to commit fraud on your platform.

Not securing your onboarding procedures leaves you wide open to these threats. Verifying names and dates isn’t enough. You need to verify the legitimacy of the application and the documents they contain. Some key definitions to keep in mind:

• Document verification. Process of checking the authenticity and integrity of a document to confirm that it hasn’t been forged, altered, or misrepresented.
• Synthetic identity. A fake identity created by combining real (often stolen), fictitious, or AI-generated information to form a new, fraudulent persona.
• KYC (know your customer). A regulatory process used to verify the identity of individuals during account creation and assess the risk they pose to your platform and adequate controls.
• KYB (know your business). The commercial counterpart to KYC, KYB validates the legitimacy of businesses and their ownership structures.

Transactional payment fraud

Once criminals pass your onboarding procedures or get illegitimate access to legitimate accounts (account takeover) they can begin to execute transactional payment fraud. They use the synthetic identities, stolen credentials, or mule networks to execute high-velocity, criminal transactions across your infrastructure. 

Their intent is to steal your money, moving it to one account and then another for withdrawal. They're also laundering money, evading taxes, funding terrorism (financial crime) and exploiting the very ease-of-use features that make your platform attractive to legitimate users.

AI-powered transaction monitoring may be the only way to keep up, providing flexible behavior monitoring which can adapt to fraud tactics faster (and cheaper) than rigid rules-based systems. When it comes to seemingly legitimate transactions passed through money mules acquired in phishing and e-mail schemes — it’s one of the few reliable giveaways. 

AI is not the answer to everything, but it does help you achieve more with less at a faster pace, allowing you to focus the time and effort of your experienced team on complex investigations.

Learn more about the limitations of legacy transaction monitoring systems in our “New Financial Crime Typologies: What Legacy Systems Miss” webinar that we did with Lucinity. 

Still, the best way to stop transactional payment fraud is by keeping the fraudsters off the platform to begin with.

Some definitions to keep in mind: 

• Money mule. A person who transfers or moves illegally acquired money on behalf of others, knowingly or not.
• Synthetic money mule. A money mule created using a synthetic identity. 

Industry context: What does fraud look like in the payment industry

What does fraud look like on payment platforms? 

Today’s payment platform fraudsters can be lone hackers, organized criminal networks, or even amateurs in basements using the latest Gen AI software. They’re part of a fraud industry enabled by the democratization of advanced tools, operating with playbooks, automation, and AI tools of their own.

They look like gig workers, resellers, vendors, even local businesses. They show up with convincing documents that can bypass basic fraud checks and realistic looking accounts with stolen information.

Some are professional money mules, wilfully committing fraudulent transactions. Others are victims themselves (falling for scams like this one). Coerced, conned, or incentivized to become conduits. 

These threats are currently costing payment platforms millions.

The goal is always the same: get in fast, move funds faster, leave a difficult trail to follow, and disappear before anyone notices.

P2P payment apps like Cash App, Venmo, and Zelle supercharge the damage. Built for instant, low-friction transfers between individuals, they give fraudsters a perfect tool for laundering and withdrawing stolen funds. With minimal identity checks and real-time movement, these platforms leave almost no window for recovery.

Because of this, platforms that are the most accessible and easiest to use (usually a market advantage) are shouldering a lot of the blame for the uptick in crime. However, that’s not entirely the case. According to a Sunday times expose, Neobanks have a disproportionate amount of fraudulent accounts compared to larger institutions, holding 25% despite only owning 8% of the market share. 

However, these numbers could have a lot more to do with these platforms being relatively new than being less secure. New platforms need to onboard more new users than existing institutions, leaving more opportunity for fraudulent account creation. 

For example, Lloyds Bank (an institution that has been around for 250+ years) didn’t see much changes in its customer base of 26 million between 2021 and 2022. While Revolut, a payment platform started in 2015, added 9 million new users in 2022 alone.

When you look at the range of frozen accounts in the report, it's relatively the same for new and old institutions alike, they just seem more stable because they have a large number of accounts overall. So, it’s not that these platforms are less secure or more attractive to fraudsters, they’re just exposed to a lot more onboarding — making even the tiniest gaps in security incredibly damaging. 

And the problem isn’t always your own onboarding. Other platform procedures might not be as thorough — and your customers will end up paying the price. 

So how are platforms handling the fraud?

Most payment processors in 2025 still rely heavily on manual review or rigid rule-based systems. By the time a fraud case is flagged, the funds are long gone. And so is the trail. Criminals move illegal funds through sometimes dozens of shell accounts. They evade law enforcement behind jurisdictional boundaries, switching accounts in minutes that take weeks or months to track. 

Rigid rules are also creating friction for legitimate customers, adding further pressure on the industry while not resolving the initial problem.

As you can imagine, all of this leads to pretty significant financial implications… 

Fraud’s impact on the payment platform industry

Payment fraud is an escalating crisis with billions in losses. From 2023 to 2028, payment fraud could cost businesses over $362 billion globally, with digital payment platforms seeing some of the sharpest increases. Peer-to-peer payment (P2P) fraud is already growing rapidly, jumping up to $1.7 billion in 2022, up 90% from 2021. In 2023, the FTC reported 65,000 consumer complaints about P2P, suffering around $210 million in losses.

The rise of authorized push payment (APP) fraud, synthetic identity abuse, and mule networks has accelerated these losses. APP fraud now accounts for 75% of all digital banking fraud losses and is still growing. And that’s only for reported fraud. Recent estimates in the U.K. show that 50-75% of APP fraud isn’t even reported. 

Still, the number of digital transactions isn’t slowing down. It reached $1.4 trillion in total value in 2023 and is expected to hit $2.3 trillion by 2026. 

With 8% of customers claiming they’ve been victimized by fraud… The opportunities for financial loss are staggering

These numbers are only expected to grow in 2025.

And your platform could be the one to pick up the bill. As of October 7, 2024, the UK introduced mandatory reimbursement requirements for victims of Authorized push payment (APP) fraud  It won’t be long before other nations follow suit. (more on this below). Similar provisions are included in the EU’s PSD3. 

But fraud doesn’t just hit the balance sheet. It also hits how institutions operate. Platforms are being forced to rethink onboarding pipelines, overhaul fraud playbooks, and dedicate more resources to compliance. 

Entire fraud teams are being spun up to review documents, trace anomalies, and investigate behavior. Many are stuck in reactive mode — burning hours and budgets on case management rather than fraud prevention.

This shift from scalable onboarding to defensive triage creates friction for legitimate users, higher costs for compliance, and downstream churn as customer experience suffers.

It’s not just about what’s being stolen. It’s about what’s being lost: speed, trust, and credibility.

And if regulators or partners believe your platform can’t control fraud, they’ll find someone else who can.

Types of payment fraud

Payment fraud on payment platforms like Cashapp and Zelle isn’t a singular issue. Different schemes exploit different weaknesses — from document abuse during onboarding to manipulation of your refund systems — and each one demands its own prevention strategy.

1. Authorized push payment (APP) fraud

APP fraud occurs when fraudsters trick users into authorizing payments to accounts controlled by criminals, stealing their funds usually through impersonation or social engineering. It’s one of the fastest-growing threats in real-time payment systems.

Prevention: Train users to recognize social engineering tactics and implement behavioral flags for risky transactions. Both on outbound payments from potential victims, and from inbound payments to perpetrators on your platform.

In the news: UK Finance reported that APP fraud cost British users over £459 million in 2023, with most scams involving impersonated banks, government officials, or service providers.

2. Money mule scams

Money mule scams involve individuals moving criminal funds on behalf of others, either knowingly or after being misled into “job offers,” phishing, e-mail, or romance scams. These accounts make it harder for authorities to trace fraud and allow criminals to clean and transfer stolen money.

Prevention: Use AI to detect suspicious transaction chains and vet new accounts for behavioral red flags.

In the news: A DOJ crackdown in 2024 charged 3000+ money mules across the US for operating accounts sending prosecutions for punishment and warning letters to those who’d been misled.

3. Identity theft & stolen information

Fraudsters use stolen identity data to open fake accounts, pass onboarding, or take over real ones. This enables everything from account abuse to large-scale money laundering through “legitimate-looking” users.

Prevention: Use document fraud detection and biometric verification at onboarding to catch fake identities.

In the news: In 2022, U.S. authorities shut down the “SSNDOB” marketplace, a dark web marketplace with 20 million+ social security numbers for sale.

4. Chargeback fraud

Chargeback fraud, or “friendly fraud,” happens when users dispute legitimate transactions to claw back funds, often claiming the charge was unauthorized. This costs platforms and merchants billions and undermines trust in dispute systems.

Prevention: Combine transaction metadata with AI-powered user behavior tracking to flag likely abuse and reduce false claims.

In the news: In 2025, Mastercard reported global chargeback fraud could exceed $15 billion, with e-commerce and payment apps being the primary targets of customers exploiting refund systems.

5. Account takeover (ATO)

Account takeover occurs when a fraudster gains unauthorized access to a user’s account (often through phishing, credential stuffing, or social engineering) and uses it to make transactions,  change details, or steal data. Once inside, attackers can impersonate legitimate users to commit further fraud undetected.

Prevention: Deploy multi-factor authentication, monitor for unusual login patterns, and use AI-based anomaly detection to identify unauthorized access before damage occurs.

In the news: In 2024, two Revolut customers had their account drained by scammers who passed the money firm’s ‘selfie’ security checks. 

Compliance in the payment platform industry

This isn’t just a financial risk. It’s a compliance minefield. Under AML laws and counter-terrorism financing regulations (like the Bank Secrecy Act, PSD2, and the EU’s AMLD), payment service providers are legally responsible for knowing whom they’re onboarding and how their platform is being used. Miss the signals, and you’re exposed to fines, restrictions, or worse.

The UK’s Mandatory Reimbursement Bill & it’s impact

The UK's Financial Conduct Authority (FCA) issued two "Dear CEO" letters on 7 October 2024, coinciding with the implementation of new mandatory reimbursement requirements for Authorised Push Payment (APP) fraud. 

These letters were addressed to banks, building societies, payment institutions, and e-money institutions. They outline the FCA's expectations regarding the reimbursement of APP fraud victims, emphasizing the importance of robust anti-fraud systems and controls, effective governance, and adherence to the Consumer Duty.

This led to the Mandatory Reimbursement Bill regulation, enforced by the Payment Systems Regulator (PSR), obligating payment service providers (PSPs) to reimburse eligible victims for losses incurred through APP scams. 

The big, systemic change here is the imposition of this liability on the receiving institutions. Voluntary as well as mandated schemes for reimbursement of victims existed before, but the burden was mainly carried by the sending institution for not having sufficient protections in place. 

Now, “both parties in the payment journey (the sending PSP and the receiving PSP) share the cost of reimbursing victims”. This has posed a significant challenge to the industry, as many institutions did not even have the technical ability to stop inbound payments from being processed (and, therefore, prevent dirty money from landing in their accounts).   

Key requirements:

• Scope: Applies to payments made via the Faster Payments System (FPS) and the Clearing House Automated Payment System (CHAPS) within the UK.
• Eligibility: Covers consumers, micro-enterprises, and charities.
• Reimbursement Cap: Up to £85,000 per claim.
• Cost Sharing: Reimbursement costs are split 50/50 between the sending and receiving PSPs.
• Excess Fee: PSPs may impose an excess of up to £100 per claim, though some FIs have chosen to waive this fee.
• Exceptions: Reimbursement can be denied if the customer is found to have acted with gross negligence or is complicit in the fraud. However, this does not apply to vulnerable customers. 
  
  
  • Moreover, “gross negligence” is something yet to be defined and reputational implications of endless news articles usually mean FIs choose to go down the reimbursement route.

As we said, other nations are already beginning to consider similar legislation: 

• Australia: Consumer advocacy groups have called for mandatory reimbursement provisions in the draft Scams Prevention Framework. 
• United States: There is currently no federal mandate for reimbursement of scam victims. Some states (like Connecticut and Florida) have implemented measures to protect seniors from scams.
• European Union: The EU is working on the Payment Services Directive 3 (PSD3), which aims to enhance consumer protection. Specific provisions for mandatory reimbursement are currently under discussion and should relate to banker impersonation scams.

Reputational risk

Fighting fraud on payment processors isn’t just about preventing theft. It’s about protecting the integrity of your infrastructure. You must prove to regulators, partners, and users that your platform isn’t a liability and/or a threat to the consumer trust in the financial system.

Reputational damage can be costly. When fraud slips through, platforms face customer churn, lost business partnerships, and damaging press that can take years to undo. 

In severe cases, bad press will prevent you from obtaining licenses in new jurisdictions or securing existentially important partnerships with banking and card providers in the complex payment ecosystem. Trust doesn’t come back easily. In an industry built on facilitating other people’s transactions, being seen as unsafe is a dealbreaker.

We see many banks actually block certain payment platforms outright as a recipient counterparty on the basis of fraud risk. If your platform is frequently misused by fraudsters, many other conservative institutions will choose to err on the side of caution and assume that even your legitimate customers are fraudulent.

Lucie Novotná

AML Solution Engineer Resistant AI

How criminals use fake documents to commit payment fraud

Payment platforms rely on KYC and KYB processes to verify the identities of individuals and businesses during onboarding. These processes involve collecting and validating documents such as IDs, utility bills, bank statements, and business registration certificates to ensure compliance with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations.

However, fraudsters exploit these verification steps by submitting forged or manipulated documents to create fake accounts, launder money, or commit other financial crimes. Understanding the types of document fraud is crucial for detecting and preventing such activities.

Common types of document fraud:

Here's a list of the most common types of document fraud and examples of how they can be applied in the payment industry. 

• Document forgery. Creating entirely fake documents from scratch, like creating a fake often using graphic design software to mimic official documents.

  • For example: Using Photoshop to make a fake passport to sign up for Revolut.

• Document alteration. Modifying genuine documents by changing details like names, dates, or amounts to misrepresent information.

  • For example: Purchasing a stolen driver’s license pdf online then replacing the name with a new one.
    
    

• Identity theft or stolen documents. Using someone else's legitimate documents, obtained through theft or data breaches, to impersonate them.

  • For example: Stealing someone’s social security number to create a Revolut account in their name.

• Synthetic identities. Combining real and fake information to create a new, fictitious identity that appears legitimate.

  • For example: Using online leaked information, image editors, and generative AI to create a fake ID selfie video.

• Template fraud. Utilizing publicly available templates of official documents to produce convincing forgeries.

  • For example: Visiting a template farm like DocJuicer and downloading a fake certificate of incorporation to submit as a part of a KYB check.

• Pre-digital document modification. Altering physical documents before scanning them for digital submission, making detection more challenging.

  • For example: Using whiteout to change details on a printed bank statement, then rescanning it to submit as a part of the onboarding process.
    
    

• Generated document fraud. Employing AI tools to generate realistic-looking fake documents that can deceive traditional verification methods.

  • For example: Prompting ChatGPT to make a fake utility bill to use as a part of the CashApp account creation process.
    
    

• Serial fraud. Submitting multiple fraudulent documents across different platforms or services, often using slight variations to avoid detection.

  • For example: One fraudsters using automation and AI tools to open hundreds of payment platform accounts at once. 

Common documents used in payment fraud

Stopping fraud at the door means understanding how to spot fraud in the documents your platform processes. Some of the most common documents in payment platforms application processes are: 

KYC

Here's a list of documents involved in payment fraud during the KYC process:

• Government-issued IDs: Passports, driver's licenses, and national ID cards are often counterfeited or altered.
• Proof of address: Utility bills and bank statements can be fabricated to establish a false residence.
• Selfies with ID. Used in liveness checks, these can be manipulated using deepfake technology.
• Tax identification documents. Such as Social Security numbers, which can be stolen or fabricated.
• Employment verification letters. Falsified to support fraudulent financial applications.
• Source of funds. Bank statements, payroll slips, or transaction histories can be doctored to conceal the true origin of incoming money.
• Source of wealth. Investment portfolios, inheritance documents, or asset ownership records may be fabricated to falsely legitimize large financial holdings.

KYB

Here's a list of documents involved in payment fraud during the KYB process:  

• Certificates of incorporation. Fake or altered documents to establish shell companies.

• Business licenses. Counterfeit licenses to feign legitimacy.

• Articles of association. Manipulated to misrepresent company structures.

• Proof of business address. Falsified utility bills or lease agreements.

• UBO identification documents. Fake IDs to conceal true ownership.

• Bank account statements. Altered to misrepresent financial stability.

To combat these sophisticated fraud techniques, payment platforms are increasingly adopting AI-powered document verification solutions. 

However, that's just one (very important) layer to a more sophisticated defense… 

How to prevent payment fraud

Stopping fraud means more than reacting. It means building systems that can catch deception before it can cost you.

The third step, "build a layered defense," is actually just a combination of the first two solutions. 

1. Secure onboarding

Your first line of defense is also your most important. Strengthen KYC and KYB workflows with document fraud detection that catches fake users before they get inside. Many payment platforms think the answer here is to scale up friction at onboarding, but that’s not necessarily the case. 

Instead of increasing friction, upscale your fraud detection to better address the threats. Pre-onboarding behaviors, submission characteristics, and forensic documents can all be done better with AI-powered software and it won’t slow down potential customers with extra legwork. 

2. AI-powered transaction monitoring

Rigid rules and manual thresholds can’t keep up with fraudsters who leverage the newest technology. Traditional systems look for singular risk signals. AI allows you to turn signals into context. That is a necessity. Especially in the context of APP fraud where the actual scamming happens outside of what is visible to your transaction monitoring (on email, on a marketplace, via text, etc.).  

AI can connect seemingly unrelated dots and weak signals to prevent fraud with high precision. Machine learning then ensures your models are evolving with the nature of your customer’s behaviour, risk appetite, and threat evolution. 

3. Build a layered defense (combine 1 & 2) 

Fraud doesn’t stick to one surface. A layered approach combines onboarding security, transactional intelligence, and cross-document analysis to catch more fraud while preserving platform speed and user experience. Use the cohesion of these layers to make them learn from one another, recording anomalies and unusual behavior patterns at every stage of the journey, and using that data to build better defenses. 

Benefits of payment fraud prevention

Preventing fraud means big wins for security and your business. The earlier you catch it, the cheaper, faster, and cleaner your entire operation becomes.

• Faster resolution. Fraud caught during onboarding is easier to deal with than fraud discovered after transactions have already moved through your system.
• Lower cost. It's far more cost-effective to block a fraudulent user at the point of entry than to unravel complex laundering trails, refund victims, or repair downstream damage.
• Fewer downstream issues. Preventing bad actors from getting in means you avoid reputational fallout, regulator scrutiny, and the risk of infecting payment partners or banking rails.
• Less manual review. A strong prevention layer reduces the burden on fraud teams, allowing you to scale operations without scaling headcount.
• Better customer experience. By keeping fraud off the platform, you protect real users from scams, minimize false flags, and maintain fast, seamless onboarding for good customers.
• More trust, fewer chargebacks. Platforms that prevent fraud early see lower rates of chargebacks, account abuse, and disputes, keeping partners happy and revenue intact.

Case study: Payoneer

Payoneer implemented Resistant AI’s document fraud detection software to protect against onboarding abuse at scale. By integrating document forensics and pre-onboarding behavioral analysis, they were able to reduce manual reviews by up to 90% and catch fraud attempts before accounts were fully active.

This approach prevented synthetic identity-based mule accounts, blocked serial document forgeries, and allowed Payoneer to maintain low-friction onboarding without compromising security. 

How payment fraud is evolving

Fraud on payment platforms has evolved from opportunistic one-offs into industrialized operations. What used to be a stolen credit card and a lucky guess is now a coordinated system of fake documents, automated account creation, and synthetic mule networks operating across multiple platforms.

• Modern fraud rings operate like startups. Fast, iterative, and scalable. They reuse templates, automate onboarding flows, and rotate through stolen and synthetic identities to find weak entry points. One fraudster doesn’t create one account. They create fifty. If one gets blocked, the rest keep going.
• Serial fraud is now the norm. Criminals run the same scam across platforms, tweaking only names or dates, testing different payment apps, and probing for defenses. When one ring gets exposed, another takes its place — often with the same tools and playbooks.
• Generative AI. The fakes are only getting better. Tools like GPT can generate realistic-looking documents to pass basic KYC checks. What used to require Photoshop now takes a prompt and 10 seconds. With 1 Billion+ users, fraud could be taking on a whole new volume and identity in the coming years. 

This kind of fraud doesn’t just evolve… it compounds. Exponentially. The only way to keep up is with tools that evolve just as fast.

So, now, we turn to the only realistic solution: AI.

AI payment fraud prevention

We already touched on the importance of AI in payment fraud prevention above. However, it has become such an important element of prevention, we’d like to cover some of the specific benefits that AI provides to payment platform defense in contrast to legacy systems.

Sure, it needs to be explainable and compliant, but, once implemented, you’ll be able to leverage all available data to stop fraud. KYC, KYB, digital footprints, transaction data, all of these paint a valuable behavioral profile to detect anomalies and stop fraud in real time.

Specific benefits of AI in spotting payment platform scams:

• Detects structural and behavioral anomalies invisible to manual review both within the onboarding process and throughout your transactions systems.
• Flags generated or altered documents with <1% false positive rate.
• Monitors user transaction behavior over time to spot evolving threat patterns.
• Connects signals across onboarding, transactions, and historical context.
• Scales automatically with the size of your platform and attack surface.

Using AI to fight AI is the only reliable way to match the speed and scale of modern fraud. Anything less just gives criminals a head start.

Payment fraud: Industry challenges

I’m sure you’re eager to get started with eliminating payment fraud from your platform. However, please consider the following challenges before getting started. 

1. Onboarding & identity verification

Onboarding and identity verification are prime targets for abuse, as fraudsters exploit weak document checks and rushed KYC/KYB flows to slip through undetected.

• Low-friction onboarding. Platforms streamline KYC/KYB for growth, lessening friction and making it easier for fraud to slip through.
• Lack of consistent identity signals. Without a unified view of users, cross-account fraud patterns slip through.
• Manual fraud review bottlenecks. Human teams can’t keep up with volume, slowing approvals and missing edge cases.

2. Transactions & behavioral abuse

Fraudsters exploit real-time transactions, mimic legitimate behavior, and weaponize the very features that make payment platforms fast and user-friendly.

• Instant payments, instant consequences. Once money moves, it’s gone. Real-time systems allow zero margin for delay.
• Promotion and referral abuse. Fake accounts exploit sign-up bonuses, cashbacks, and reward loops.
• Scam awareness. Users are unaware of and fall victim to scams, leading to APP fraud and other crimes.

3. Scale & automation 

With automation, bots, and GenAI tools, fraudsters can launch thousands of attacks across platforms in seconds, overwhelming defenses not built for volume or speed.

• High-volume serial fraud. The same fraud scheme runs across multiple platforms with slight tweaks, creating hundreds of attempts that all need to be caught and addressed.
• Scaling attacks through automation. Bots and scripts flood platforms with credential tests, onboarding attempts, and illegal transactions.
• Poor fraud signal sharing across the ecosystem. When one platform flags a scam, others remain blind.

4. Infrastructure & platform design

Gaps in visibility, third-party integrations, and cross-border flows all create weaknesses that fraudsters are quick to exploit

• Platform as a Service (PaaS) vulnerability. Third-party integrations can create blind spots in fraud visibility.
• Cross-border laundering. Payment networks often extend across jurisdictions, creating loopholes in monitoring and enforcement.

5. Regulatory & business risk

Missed red flags can lead to regulatory penalties, forced reimbursements, and brand damage that undermines user trust and long-term growth.

• Compliance exposure. Weak controls lead to violations of AML, CTF, and data protection laws.
• Reimbursement obligations. Regulations increasingly force platforms to refund fraud victims (regardless of fault).
• Brand and trust erosion. One fraud incident can unravel years of growth and credibility.

Conclusion

Fraud is no longer a singular problem — it’s a full-system threat. From onboarding abuse to transactional scams, to document forgery, to synthetic identities, payment platforms are under constant attack from increasingly sophisticated networks. And no single tool can stop it all.

Except one.

Resistant AI is the only fraud detection solution built to provide true defense in depth.

Our technology analyzes documents, behavior, and cross-platform context to catch fraud before it starts. 

We help payment platforms secure their onboarding, detect fake documents, monitor transactions, and connect fraud patterns that others miss. No other provider offers this level of layered, platform-specific protection.

Whether you’re scaling fast, battling serial fraud, or tightening your compliance posture, Resistant AI adapts to your risk and stops the threats before they cost you.

Scroll down to book a demo.

Key takeaways for payment fraud experts

Too much information about payment fraud to skim? Here’s a concise breakdown of the key points in the article:

• Payment fraud starts with onboarding. It leverages weak applicant screening, synthetic identities, and rapid transactions, resulting in massive financial and reputational harm to platforms.
• Fraud methods are evolving rapidly. Fraudsters use sophisticated tactics such as AI-generated fake documents, automated mule networks, and serial fraud.
• Legacy systems can't keep up. Rigid, manual, or rules-based systems create friction for users and fail to adapt to evolving threats, highlighting the need for AI-driven solutions.
• Regulatory pressure is intensifying. New mandates like the UK's mandatory APP fraud reimbursement will impose greater responsibility on payment platforms globally, increasing the urgency of upgrading anti-fraud defenses.
• A layered defense strategy is essential. Effective fraud prevention requires combining strong onboarding controls, AI-powered document verification, and real-time transaction monitoring to catch fraud before it spreads.

Frequently asked questions FAQ

Hungry for more payment fraud content? Here are some of the most frequently asked questions about payment fraud from around the web. 

What is user verification vs. document verification?

User verification confirms that the person accessing or creating an account is who they claim to be, often using biometric or behavioral checks. 

Document verification validates the authenticity of the documents they’re submitting to prove not just identity, but proof of address, income, and other crucial onboarding check boxes.

How do you get your money back from payment fraud?

To recover money lost to payment fraud, report it immediately to the platform and your bank. Some platforms offer limited refunds, but success depends on how the fraud occurred, how quickly it’s flagged, and local legislation on the issue.

What can individuals do to prevent payment fraud?

Use strong, unique passwords, enable two-factor authentication, and never share sensitive info with unverified contacts. Always double-check requests before sending money online. Learn about phishing, smishing, spoofing, fake websites, social engineering, romance, investment, job, and giveaway scams, to spot the tactics and stop them in their tracks

What can businesses do to prevent payment fraud?

Implement fraud detection tools, secure onboarding workflows, and monitor user behavior in real time. Regularly audit transactions, use AI-powered fraud detection, and educate teams on red flags.

What type of payment fraud is most dangerous?

Authorized Push Payment (APP) fraud is especially dangerous because users willingly transfer funds under false pretenses, making it harder to spot, reverse, or dispute.

How to tell if a payment platform is safe from fraud?

Look for platforms that use document verification, transaction monitoring, and strong KYC/KYB policies. Transparency about fraud prevention tools and refund policies is also a good sign.

Do payment platforms refund fraud money?

Some do, especially in cases of unauthorized transactions or APP fraud, or in jurisdictions that have already implemented anti-scam legislation. But policies vary. Users must report issues quickly to have the best chance of recovery.

Is there software that can detect payment fraud?

Yes. Document fraud detection software like Resistant AI can identify forged documents, fake identities, and suspicious patterns before fraud reaches your platform. Their transaction monitoring can spot bizarre or anomalous behaviors. Defense in depth combines both approaches to address both fraud detection and prevention. 

Citations: 

• Aladhal, Emad. (2024, October 7). Dear CEO letter: Expectations on APP fraud Reimbursement. Financial Conduct Authority. Retrieved from https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-expectations-app-fraud-reimbursement-banks-building-societies.pdf
• APPG Fair Banking. (2025, March). Authorized Push Payment Fraud: Who Bares the Burden. Retrieved from https://static1.squarespace.com/static/6593eab94313f005693f93c4/t/67eab314e5e71324336df577/1743434532040/APP+Fraud+report+2025.pdf
• Australian Government Treasury. (2025, February 28). Scams Prevention Framework – Protecting Australians from scams. Retrieved from https://treasury.gov.au/publication/p2025-623966
• Cavaglieri, C. (2024, March 4). Which? issues Revolut bank account takeover fraud warning. Which?. Retrieved from https://www.which.co.uk/news/article/which-issues-revolut-bank-account-takeover-fraud-warning-aaVYH9H3aDlg
• Cetera, M., & Whiteman, D. (2024, Apr 22). Peer-to-peer fraud statistics in 2025. Forbes. Retrieved from https://www.forbes.com/advisor/money-transfer/peer-to-peer-fraud-statistics-in-year/
• Connecticut General Assembly. (2023). Public Act No. 23-161: An act concerning financial exploitation of senior citizens. Retrieved from https://www.cga.ct.gov/2023/SUM/PDF/2023SUM00161-R02SB-01088-SUM.PDF
• Florida Senate Banking and Insurance Committee. (2024). Bill summary: CS/CS/SB 556 — Protection of Specified Adults. Retrieved from https://www.flsenate.gov/Committees/billsummaries/2024/html/3506
• Jeffrey, I., & Llewellyn, T. (2024, November 12). APP fraud update – the new Payment Systems Regulator rules. Ashfords. Retrieved from https://www.ashfords.co.uk/insights/articles/app-fraud-update-the-new-payment-systems-regulator-rules
• Malone, Cara. (2023, June). Losses from Online Payment Fraud to Exceed $362 Billion Globally Over Next 5 Years. Juniper Research. Retrieved from https://www.juniperresearch.com/press/losses-online-payment-fraud-exceed-362-billion/
• Muncaster, Phil. (2022, September 22). Authorized push payments account for 75% of fraud losses. Infosecurity Magazine. Retrieved from https://www.infosecurity-magazine.com/news/authorized-push-payments-75/
• Payment Services Directive 3. (n.d.). Payment Services Directive 3 information portal. Retrieved from https://www.payment-services-directive-3.com/
• Payment Systems Regulator. (2025, May 15). The story so far: A snapshot of what we've seen since our APP scams reimbursement requirement went live. Retrieved from https://www.psr.org.uk/news-and-updates/thought-pieces/thought-pieces/the-story-so-far-a-snapshot-of-what-we-ve-seen-since-our-app-scams-reimbursement-requirement-went-live/
• PCBB. (2024, September 5). P2P payment fraud is on the rise: How to combat it. Retrieved from https://www.pcbb.com/bid/2024-09-05-p2p-payment-fraud-is-on-the-rise-how-to-combat-it
• Udinmwen, E. (2025, May 3). Businesses globally are set to lose $15 billion in 2025 because of fraudulent chargebacks, says Mastercard: Here’s how it impacts you, me and everyone. TechRadar. Retrieved from https://www.techradar.com/pro/businesses-globally-set-to-lose-usd15-billion-in-2025-because-of-fraudulent-chargebacks-says-mastercard-heres-how-it-impacts-you-me-and-everyone
• UK Finance. (2023). Authorised push payment fraud information. Retrieved from https://www.ukfinance.org.uk/news-and-insight/press-release/authorised-push-payment-fraud-information
• U.S. Department of Justice. (2022, June 7). SSNDOB marketplace, a series of websites that listed more than 20 million Social Security numbers for sale, seized and dismantled in international operation. Retrieved from https://www.justice.gov/usao-mdfl/pr/ssndob-marketplace-series-websites-listed-more-20-million-social-security-numbers-sale
• U.S. Department of Justice. (2024, May 10). U.S. law enforcement takes action against more than 3,000 money mules in initiative to disrupt transnational fraud schemes. Retrieved from https://www.justice.gov/archives/opa/pr/us-law-enforcement-takes-action-against-more-3000-money-mules-initiative-disrupt
• Vaziri, A. (2025, January 17). Popular payment app agrees to pay up to $255 million over fraud allegations. San Francisco Chronicle. Retrieved from https://www.sfchronicle.com/tech/article/block-cash-app-fraud-settlement-20040745.php