New SAS analysis finds five critical weak points in banks’ defenses against AI-scaled schemes
CARY, N.C., Nov. 25, 2025 /PRNewswire/ — Scam losses worldwide surpassed US$1.03 trillion in 2024, according to the Global Anti-Scam Alliance (GASA). The organization also found that nearly half of consumers encounter scam attempts at least weekly – and among those who fall victim, only 4% fully recover their money. As scams escalate in volume and complexity, the message to the banking industry is clear: Stronger safeguards cannot wait.
New analysis from SAS – drawing on data from GASA, INTERPOL, the US Federal Bureau of Investigation and Deloitte – points to a widening gap between the scale of scam activity and financial institutions’ ability to fight the rising deluge. The report, AI-Powered Solutions for a Trillion-Dollar Problem, finds that many banks remain dependent on systems and controls designed for outdated threat patterns, unable to reliably detect scams where the customer is manipulated into initiating the transaction.
“Scams have matured into a global trust crisis,” said Stu Bradley, Senior Vice President of Risk, Fraud and Compliance Solutions at SAS. “Criminals are using the same advanced technologies that institutions rely on, while also exploiting psychological levers like urgency, fear and false authority to compel victims to act. The challenge isn’t to predict the next scam but to build the agility and adaptability to respond to fast-changing risks in real time.”
Complementing the report, SAS will host the webinar Scam Season: Real Stories, Smarter Defenses, livestreaming on Tuesday, Dec. 2, at 10 a.m. ET, and available later on demand.
Five vulnerabilities, five modernization imperatives
To help financial leaders worldwide assess their scam readiness, the SAS analysis outlines five urgent vulnerabilities that make banks, credit unions and other financial institutions increasingly susceptible to fast-moving, AI-enabled threats – and the modernization actions they can take to close gaps.
1. Fragmented risk data creates blind spots across channels.
Most institutions still operate with disconnected risk, fraud and financial crime systems, leaving them without a unified view of customer activity. As scams unfold across apps, devices, sessions and channels, no single system captures and assembles the disparate signals. The resulting fragmentation often allows social engineering events to pass undetected – a problem only worsened by all-too-common data quality issues, which limit how effectively models can learn from scam behavior.
Industry imperative: Build integrated data ecosystems with consistent scam taxonomies, cross-channel telemetry and shared behavioral signals to improve visibility and accelerate detection.
2. Legacy rules cannot detect behavior shaped by social engineering.
Yesterday’s rules-based systems were designed to spot transactional anomalies, not behavioral ones. The problem? Modern-day scams target the person, not the payment. When a victim follows a scammer’s instructions, or when criminals use stolen or synthetic identities, the activity often looks entirely routine. That’s why older detection models, built to spot traditional fraud patterns, frequently fail to detect risk until after the scam succeeds.
Industry imperative: Shift toward fraud solutions that embed behavioral analytics, dynamic profiling and intent modeling that identify deviations in customer patterns, not just deviations in transactions.
3. Migration to instant payments requires real-time intervention – not after-the-fact review.
The global adoption of instant payments has been a boon to criminals worldwide, compressing the available intervention time from hours to mere seconds. Even so, many institutions still depend on batch scoring, manual case queues or static thresholds that activate only after funds leave the account, when recovery is already unlikely.
Industry imperative: Embed real-time scoring and automated interdiction into payment flows. Apply adaptive friction, including enhanced authentication, customer prompts and session reviews to create space and time to disrupt scams before money moves out of reach.
4. Rising false positives overwhelm analysts and erode customer trust.
Financial institutions attempting to tighten controls often experience surging alert volumes, frequently due to issues in the quality and structure of the underlying data. Poorly tuned models, outdated features and rigid thresholds generate noise that buries risk signals, slows investigations and ultimately frustrates legitimate customers.
Industry imperative: Modernize detection with stronger data foundations, ensemble models, continuous model refresh cycles and explainable scoring frameworks. These steps help reduce false positives while improving true detection rates.
5. Scam response and victim support remain inconsistent and siloed.
Even when a bank or credit union detects a scam, internal case handling is often fragmented across the institution’s fraud, anti-money laundering and customer support teams. As a result, victims receive inconsistent guidance and little transparency – factors that undermine trust at the very moment customers need clear, coordinated intervention.
Industry imperative: Strengthen case triage, standardize end-to-end response workflows and align teams around unified protocols. Deliver proactive support communications and post-incident guidance to protect and retain customers.
A call for stronger, real-time defenses
Addressing these vulnerabilities starts with the basics. Effective scam detection relies on high-quality, diverse and well-labeled data that feeds fraud models the necessary context. There is no shortcut for disciplined data management and governance.
Firms must also adopt a more integrated approach to scam detection – one that blends unified data, behavioral intelligence, real-time decisioning and human-centered protections. That includes stronger identity and digital fraud analytics, since many scams begin with compromised, synthetic or manipulated credentials.
Institutions with these foundations, supported by continuous model updates and cross-channel visibility, are better positioned to catch scams earlier and reduce their losses. These outcomes also reinforce trust and strengthen customer relationships.
“Just as AI is helping criminals deceive people with unprecedented speed and precision, it has raised the bar for financial institutions,” said Diana Rothfuss, Global Solutions Strategy Director for Risk, Fraud and Compliance at SAS, who will co-host the Scam Season webinar. “Consumers still expect their bank to recognize when something is wrong and step in. Protecting that trust means detecting and responding to the subtle signs of manipulation, not just the obvious signs of fraud.”
About SAS
SAS is a global leader in data and AI. With SAS software and industry-specific solutions, organizations transform data into trusted decisions. SAS gives you THE POWER TO KNOW®.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright © 2025 SAS Institute Inc. All rights reserved.
Editorial Contact:
Danielle Bates
[email protected]
919-531-1959
sas.com/news
SOURCE SAS
