Ever since artificial intelligence took over the business world two years ago, there has been plenty of discussion about what it means for the cybersecurity landscape. On the one hand, of course, it is a revelation.
Not only can AI help with automating cybersecurity tasks – thus cutting costs and allowing companies to focus on the business at hand – but it can also enhance the ability to respond swiftly to emerging cyber threats, ensuring businesses can deal with any attacks before they become a problem.
But while AI is undoubtedly beneficial for cybersecurity, is it not also beneficial for cybercriminals? The benefits just mentioned, for instance, can also be benefits for cyberattackers, as they have the ability to automate their own attacks and make them more efficient and harder to detect. In the realm of payment fraud, specifically, this could be particularly dangerous, as AI can enable cybercriminals to carry out automated payment attacks on a massive scale, bypassing traditional security measures and targeting customers in a far more intelligent way.
This is a problem considering the increase in payment fraud over the last five years. Just take a look at this chart:
Between 2020 and 2023, instances of payment fraud grew by a massive 174%, and the rate of attacks isn’t showing any signs of slowing down. As cybercriminals get a better hand on AI – and the technology itself continues to improve – just how far could the problem go?
AI Making Payment Fraud More Effective
To get a hand on what the future looks like for payment fraud, it’s first important to consider just how AI is making the malicious practice more effective. One of the ways in which it is doing this is through empowering cybercriminals to create more convincing phishing attacks, leveraging machine learning software to analyze patterns in communication, and better mimic businesses or individuals.
These AI systems can scrape anything from social media to emails, to websites, all to better understand the tone, language, and behavior of their targets. With this information, they can then craft personalized emails or SMS messages that are virtually indistinguishable from genuine communications. In 2025, of course, phishing attacks are still one of the number one tactics used by fraudsters, but by and large, they are recognizable. Whether it’s due to poor grammar or suspicious URLs, users have the ability to spot a phishing attack and avoid the message before it becomes a problem.
As AI becomes more utilized, however, these phishing messages have more chance of tricking victims into divulging sensitive payment information, with cybercriminals also able to launch hundreds or thousands of targeted attacks in a fraction of the time.
In addition, AI is helping cybercriminals conduct automated account takeovers, using advanced botnets to analyze user behavior and replicate it with great accuracy. For example, AI can mimic the buying habits of a genuine user – such as purchasing items at similar times, using the same devices, or entering the same shipping details – and make it far more difficult for fraud detection systems to tell the difference. It can also be used to automate the process of cracking passwords or bypassing MFA, testing millions of combinations per second while exploiting any weak spots in security protocols.
The Future of AI in Payment Fraud
These are just two of the ways AI is benefitting payment fraudsters, but there are many more. One of the most concerning things, for instance, is that AI is making it easier for cybercriminals to evolve self-learning malware, enabling more stealthy and persistent attacks that are designed to overcome new defenses.
With the business world growing evermore digital, this is particularly dangerous for startup companies who might be relying on outdated cybersecurity practices due to their cheaper cost.
There are two sides to the story, however. As mentioned previously, AI is still hugely beneficial for legitimate businesses trying to protect their systems. While the same technology may be helping attackers to perfect their phishing, ATO, and malware techniques, so too is it helping businesses defend against them, working to automate threat detection, identify vulnerabilities – before the attackers do – and respond to attacks more quickly and efficiently.
By analyzing data from previous attacks, AI can also help businesses to forecast any potential vulnerabilities, offering proactive recommendations to mitigate the risks and stay one step ahead. The important thing, in this case, is that every business does all that they can to instigate these defenses and choose the best new tools available to them.
