A New Fraud Arms Race
The United States has entered a full-blown fraud arms race, one driven by artificial intelligence and costing both the private and public sectors billions of dollars annually. Despite years of countermeasures, the traditional approaches to deterring fraud have demonstrably failed to keep pace. According to Mike Cook, head of fraud insights at Socure, the identity and risk platform for the AI age, what is needed now is an entirely new playbook—one that begins with a clear-eyed understanding of how fraudsters actually operate, demands continuous evolution of defenses, and shifts organizations from reactive detection to proactive threat hunting.
In the AI era, treating fraud as a "front-door problem"—something to be caught at the moment of application—is no longer sufficient. Cook argues that industry, government, and consumers must collaborate, break down information silos, and share real-time intelligence. The objective is to understand the full lifecycle of a fraud threat, from its formation through its spread, so intervention can occur before a fraudulent identity or operation establishes any foothold.
The Old Assumption That Has Failed Us
For decades, fraud was handled as a sequence of isolated incidents, each investigated and resolved on its own terms. This assumption has underpinned nearly every major anti-fraud initiative, and nearly every one of those initiatives has missed the mark. The advent of the Trump Administration's Cyber Strategy for America and its accompanying executive order makes it all the more urgent to reckon honestly with the modern fraud landscape—particularly the central role that digital identity exploitation now plays within it.
New research published by Socure makes the scale of the transformation impossible to ignore. Fraud has become industrialized, with organized crime syndicates running operations that are global, systemic, automated, and fully powered by AI. No sector is immune: fraudsters target government benefit programs, banks, fintech platforms, and telecom companies simultaneously, deliberately blurring the boundaries between public-sector fraud, financial crime, and cybercrime.
How Detection Patterns Are Becoming Obsolete
Historically, fraud analysts could spot bad actors by identifying the reuse of identity elements across multiple applications—the same email address, device fingerprint, phone number, or IP address appearing in suspicious clusters. That detection method is rapidly losing its effectiveness.
Socure's research shows that today's sophisticated fraudsters are deliberately engineering their attacks to sidestep these traditional patterns. The data projects that emails will be completely unique within fraud populations as soon as 2027, meaning email-based pattern recognition will become essentially worthless as a detection signal within just a few years.
Speed and Scale: Defining Features of Modern Identity Fraud
Speed has become another hallmark of modern identity fraud. Fraudsters leverage AI to manufacture clean, durable, synthetic, and stolen identities at scale. In one observed campaign documented by Socure researchers, 24,148 synthetic identities were built and launched in under a month, with many individual attacks executing within a 48-hour window. Operations that once required weeks or months can now be completed in days.
Compounding the problem is the rapid rise of so-called identity farms. These operations, run by organized crime rings, systematically create synthetic or stolen identities over extended periods of time, carefully nurturing them to closely resemble legitimate individuals. Once matured, these identities are deployed to:
- Open bank, credit, and money-movement accounts
- Siphon government benefit payments
- Launder illicit funds
- Infiltrate financial and telecommunications systems
Because identity farms prioritize durability, the resulting fraudulent profiles are specifically designed to bypass conventional identity verification controls—making them far more dangerous than opportunistic, low-sophistication fraud attempts.
Going on Offense: What a Proactive Strategy Looks Like
Cook's prescription is direct: organizations must go on offense. Simply put, the industry must stop waiting for fraud to arrive at the application window and instead begin hunting it in its earlier stages of formation. This requires a significant shift in both mindset and technical capability.
Key elements of a proactive fraud-hunting strategy include:
- Treating identity as critical infrastructure — implementing strategies that track how identities were created well before the moment of application.
- Expanding signals monitoring — incorporating signals beyond traditional identity elements to include residential proxies, ISP behavior, and domain registration activity.
- Real-time velocity and orchestration evaluation — assessing not just who is applying but how, how fast, and in what coordinated patterns.
- Continuous measurement and rapid model iteration — treating fraud models as living systems that must be retrained and updated continuously rather than periodically.
- Cross-industry intelligence sharing — making the exchange of threat intelligence a core institutional capability rather than an afterthought.
The Ecosystem View: Humans vs. Machines
Beyond identity signals, Cook emphasizes the need for analysis of the complete fraud ecosystem, including dynamic factors such as device information, digital footprints, and behavioral biometrics. These layered signals enable organizations to more effectively distinguish genuine human users from automated machines or orchestrated bot networks.
This interconnected, multi-layer approach substantially raises the cost and complexity for malicious actors attempting to recreate or steal identities at scale. No single signal is sufficient on its own; the power lies in their combination and in the speed with which that combination can be evaluated.
Fraud as a Coordinated Global Enterprise
The core conclusion of Cook's analysis is unambiguous: fraud is no longer a collection of isolated acts. It is a coordinated, global enterprise built on the systematic exploitation of identity. As long as the industry's countermeasures fail to reflect that reality, organizations will continue fighting an imminent and ongoing threat using outdated tools—and falling further behind with each passing quarter.
The moment for a strategic shift is now. Only by moving from a defensive crouch to an active hunting posture can institutions hope to put fraudsters genuinely on the defensive.
Mike Cook serves as head of fraud insights at Socure, the identity and risk platform for the AI age.
Source: CyberScoop