Banks Need Fewer Identity Silos and Faster Decisions

Watch more: What’s Next in Payments With i2c’s Matthew Pearce

Fraud is no longer limited to stolen credentials or isolated account takeovers. It’s now shaped and aided by systems that can replicate human behavior, forcing financial institutions to reconsider how identity is established and trusted across digital channels.

In a recent “What’s Next in Payments” discussion, Matthew Pearce, vice president of fraud risk management and dispute operations at i2c, described how artificial intelligence (AI) is compromising identity at the precise moments when trust must be established without physical presence.

“What we’re seeing right now is AI breaking identity at remote trust moments,” he said, pointing to onboarding, account access and call center interactions in which institutions must verify users they never meet.

Those vulnerabilities are expanding quickly. Pearce noted that deep fake fraud attempts in financial services have increased more than 2000% globally, while “AI-generated selfies get through weaker liveness checks” and cloned voices are “convincing enough to pass knowledge-based authentication.”

The scale of the problem is reflected in broader loss figures, as the Federal Trade Commission (FTC) reported that in 2024, fraud in the U.S. topped $12.5 billion, up 25% year over year.

Traditional defenses are under pressure, not because a single control has failed, but because identity systems remain disjointed.

“What’s really breaking through isn’t a specific control … It’s fragmented identity systems,” Pearce told PYMNTS. When fraud scoring and authorization operate separately, there’s a delay that gives attackers an opening to exploit.

The nature of fraud itself is also changing. The most concerning development, Pearce said, is not simply synthetic identities but behavior that appears ordinary. “What’s really keeping me up is that ‘fake normal behavior,’” he said, describing AI systems that “navigate the process flow and look and feel human.”

That shift reduces the effectiveness of checkpoint-based detection and forces institutions to evaluate behavior across the full customer journey rather than at isolated moments.

That raises a familiar tension between security and customer experience. Institutions must prevent fraud without alienating legitimate users. “You’re walking this tightrope between friction … and fraud,” Pearce said, noting that both can drive customers away. The objective is therefore not to block as much as possible, but to act with precision.

Addressing that balance requires a shift away from standalone authentication tools. One-time passcodes and biometric checks remain useful, but “none of them really can stand alone anymore,” according to Pearce.

Instead, Pearce pointed to layered decisioning built on multiple signals including device integrity, session behavior and cross-channel activity. The emphasis moves from passing discrete checkpoints to evaluating confidence continuously.

That model depends on real-time processing embedded directly within transaction flows, where fraud scoring and authorization work together to eliminate exploitable gaps.

The emergence of agentic commerce introduces additional complexity. As AI systems begin to transact on behalf of consumers, identity must account for delegated authority. Agentic AI “really becomes about delegated authority,” Pearce said, noting projections that AI-driven assistants could influence trillions in consumer spending.

In those cases, identity must assess not only who is acting, but whether that action is permitted within a defined context.

Tokenization plays a supporting role in limiting exposure. By reducing the circulation of raw credentials, it constrains the data available for misuse. “The less raw identity data that you circulate, the less AI can weaponize it,” Pearce said, adding that tokenized transactions represent a growing share of global eCommerce activity.

However, tokenization doesn’t eliminate risk if attackers gain control of accounts or systems. It reduces exposure, but doesn’t replace the need for stronger, always-on identity evaluation.

The broader implication is that identity can no longer be treated as a single event. It must function as an ongoing assessment tied to each step of the transaction lifecycle. Pearce framed that shift in direct terms: “It would be to move from events-based authentication to continuous identity confidence embedded in the transaction lifecycle.”

He added a final point that reflects the pace of change across the ecosystem. “Fraud operates at machine speed … and identity has to operate at machine speed also,” he told PYMNTS.

The post Banks Need Fewer Identity Silos and Faster Decisions appeared first on PYMNTS.com.