Not long ago, fraud teams could keep pace by reviewing incidents one by one. That era is ending. Armed with artificial intelligence and cloud-scale infrastructure, today’s cybercriminals operate faster, more broadly, and with far greater sophistication than ever before.

The rise of agentic commerce will only intensify these challenges, in part because it upends a longstanding assumption in fraud prevention: that bot traffic is inherently suspicious. In a world where legitimate transactions may be initiated by AI agents, that distinction becomes far less clear.

In a recent PaymentsJournal podcast, AtData’s Diarmuid Thoma, Head of Fraud and Data Strategy, and Brandt Hoffman, Sales Director, Fraud Services, along with Jennifer Pitt, Senior Fraud Management Analyst at Javelin Strategy & Research, discussed how these shifts are dramatically impacting payments risk.

At the center of this transformation is a simple but growing imperative—organizations must know, with confidence, who (or what) is on the other end of every transaction. Achieving this now requires systems capable of analyzing and contextualizing vast, dynamic data streams in real time.

Historically, many fraud attacks were treated as isolated events, leading financial institutions to adopt a reactive, situational approach. However, there are often patterns that emerge when these incidents are viewed collectively. Recognizing and operationalizing those patterns is critical.

“From a law enforcement perspective, I remember a mail theft case that I investigated,” Pitt said. “We conducted a search warrant on the suspect’s home and found bags of open and unopened mail. We also found stacks of paper that contained full personally identifiable information—name, date of birth, Social Security number, next of kin, last known addresses—you name it, he had it.”

“We searched his phone and his computer, and we were able to see that he was connected with several other suspects that we were already investigating,” she said. “What we uncovered was this hierarchical organized crime ring where there ended up being more sophisticated identity theft and other crimes. If we were just looking at one of those players or incidents, we wouldn’t have seen this whole organized crime ring.”

While traditional vectors like mail fraud persist, the digital landscape has allowed bad actors to expand their reach exponentially. Technologies such as AI and cloud computing have supercharged criminal capabilities faster than most organizations can evolve their defenses.

Beyond just deploying generative AI to create more convincing impostor sites and deepfakes, bad actors can now deploy AI agents to autonomously carry out widescale fraud campaigns. For example, agentic AI has been used in a technique where email addresses are rapidly and sequentially created for use in fraudulent activities.

“We see thousands and thousands of them every day, where we see sequential types of emails created and they’re not necessarily in one client,’” Thoma said. “Somebody’s using an email over here to create a bank account and going and buying a pair of sneakers over there.”

“Individually, it looks fine; there’s nothing wrong there,” he said. “At a platform level, we see the cumulative effect. It’s a simplistic example, but that type of behavior is a direct output of the scalability of fraud.”

Given agentic AI’s potential to amplify fraud across every channel, the emergence of agentic commerce presents unique challenges for fraud prevention teams.

Many of the open questions around agentic transactions center on authorization. In the conventional e-commerce model, the shopper selects items, completes verification, and explicitly authorizes the purchase. When an AI agent acts as the consumer’s proxy, however, new gray areas emerge.

“What happens in a chargeback scenario?” Thoma said. “The industry hasn’t got all the answers on that. It’ll slowly emerge, but one of the things that won’t change is history. It’s still you buying it. Especially for physical goods, it’s going to your physical location, it’s going to your name, and it’s probably using your e-mail address to confirm all the details. There’s still a lot of information, even in the agentic world, that’s going to be coming through.”

This means that one of the most important considerations for fraud prevention will be the user’s history. Fortunately, this data is already present for many consumers. For example, the organization can confirm the age of an email address, whether it has been actively used, and if there are any red flags associated with it.

This historical data becomes a critical point of continuity as organizations design fraud strategies for agentic commerce.

“It was always, ‘Let’s look at the negative aspects of what this transaction could present,’” Hoffman said. “Now, we have to be cognizant to bring in those positive signals. What are the good signals that we can lean on? What allows us to interpret or infer more quickly? How do we start to identify what it means to be a positive bot, or to be a good transaction along the line?”

To act on these signals effectively, teams must start from an accurate baseline. A core lesson from AI is that models are only as strong as the data that feeds them. Just as importantly, that data must remain current, especially as consumers’ digital footprints continue to expand.

“Many still look at data like it’s a credit report, where it’s a static thing that you see in a piece of paper and that’s it,” Thoma said. “It’s not. It’s a timeline event. If you think about when you were 20 to now, you’ve had different addresses, you’ve had different IPs and different devices. Your name may have changed for different reasons, and your email probably changed one or two times.”

“Your profile naturally evolves, so the importance of the data quality and the skill in the overlaying models is to know when that change is abnormal versus normal,” he said.

A practical way to evaluate changes in a user profile is through percentage-based shifts. Significant or rapid deviations across key attributes may indicate potential account compromise.

Similarly, the repeated use of a single element across multiple account creation attempts can signal synthetic identity activity, where bad actors combine real and fabricated information.

“We commonly see that, and its behavior that is distinctly different from somebody who’s just moved addresses,” Thoma said. “Yes, they’ve moved addresses, but a lot of the time when people move, they only move a couple of blocks down. There’s continuity in that profile, where we can still say that even though the profile has changed, it’s still fine.”

“That’s a broad example of how important it is to have that data quality,” he said. “Because if you don’t have fresh data to reference, the timeline to reference back further, you can’t say, ‘This is normal behavior for them or not.’ That’s how important it is.”

The growing emphasis on identity verification is driving a widescale shift in how financial institutions approach fraud prevention. Yet opportunities remain to break down data siloes and improve visibility across systems.

“We are seeing some evolution in the ability for payments teams and fraud teams to come together quicker,” Hoffman said. “Payments teams are very focused on the transaction and what it means to bring that revenue in. There still is some hesitation for the fraud teams and the payments teams to merge together.”

“In the most advanced organizations that I work with, those two functions are working hand-in-hand,” he said. “They know exactly what’s going on from a payments perspective and how that affects the flow of fraud.”

The pace and complexity of the threat landscape demand more sophisticated infrastructure. Modern fraud prevention solutions rely on graph-based methods to map relationships between entities—sometimes referred to as fraud topology or halos.

These topology-aware systems can enhance detection accuracy while reducing costly false positives. They also enable organizations to apply the right level of friction within the customer journey, including step-up authentication when warranted.

While designed for fraud prevention, the benefits of these capabilities often extend well beyond risk teams, strengthening decision-making and operational efficiency across the entire organization.

“The data is customer data; it has huge amounts of value,” Thoma said. “You’re seeing their geolocation, behavior, age demographics—all that stuff is extremely important for the business, not just for the fraud team. Everybody thinks that’s a lot of money for fraud prevention, but it becomes very cheap because you’re splitting that into multiple budgets.”

“The marketing team can use it for targeted products, and you can increase conversions,” he said. “It doesn’t have to be fraud data, it’s company data for all divisions of that business to use.”

International wires have long been the default for B2B payments—an entrenched system that works, but few would describe as optimal, given multi-day settlement timelines and high fees. But as stablecoins gain traction in cross-border transactions, businesses are starting to ask a more fundamental question: Can we replace wires altogether?

In a PaymentsJournal Podcast, Avinash Chidambaram, Founder and CEO of Cybrid, and James Wester, Co-Head of Payments at Javelin Strategy & Research, discussed what would need to happen for stablecoins to become the default mechanism for B2B payments. What’s exciting as well is the possibility of even more use cases across payments, treasury, and remittance. “There are all sorts of things you can do better that you don’t consider to be a problem,” Wester said. “But maybe with new technology, we can do things that you didn’t even know were possible.”

Wires work well enough—they move money from sender to recipient, which meets the core need. What most enterprises don’t see, though, is the complex web of systems and intermediaries behind these transactions; they simply build their processes around bank-based payments.

Over time, layers of intermediaries have made these systems deeply entrenched and difficult to replace. In the past, this made sense. Moving money across borders and oceans was a treacherous game, and paying a little extra for trust and security was a value-add rather than a painful cost. Now, however, times (and money movement) have changed. Organizations have access to tools that enable simpler, more streamlined alternatives with built-in trust.

“The inefficiency isn’t just technological, it’s structural,” said Chidambaram. “Whether it’s correspondent banks, clearing houses, processors, [or] compliance, these experiences that are happening in the background between banks cost both complexity and time, and are hugely inefficient.”

Alongside new technology came new expectations of transparency; companies want to track their payment from the second it leaves their account to the moment it lands in a recipient account. However, this is simply not possible with wire transfers. Stablecoins, on the other hand, offer complete traceability—and enterprises are taking note. They can verify, often in near real time, that funds have been received. This visibility is driving growing interest as businesses see clear operational benefits.

“Most enterprises are focused on their core business and then they say, ‘OK, well, can I improve some of my operations and finance as a separate thing?’” said Chidambaram. “Now a customer can go into our platform and say I want to make a payment to this invoice and upload that invoice. We can automatically pull the funds from a customer’s account to fund the payment transaction, convert that to stablecoins automatically and then send stablecoin to the recipient’s wallet.”

“That can improve B2B payments from two contexts,” he continued. “First, it’s just faster. Secondly, you can see that it’s settled—that [your recipient] actually received the funds.”

For the longest time, a major barrier to broader digital asset adoption, including stablecoins,  has been poor user experience—complex interfaces and high stakes for errors.

Firms like Cybrid are beginning to address these challenges across retail, commercial, and enterprise payments. The experience now goes beyond accessing a wallet to include greater visibility into transaction status and fees.

The secret sauce is in programmability. Stablecoins by nature can be programmed—a payments team member can set up rules or triggers, which then guide how payments operate. For instance, payment terms. For instance, if you have to pay a supplier every month, you can create a programmable rule that ensures money lands on time, avoiding late fees or penalties and ensuring business continuity. But the use cases go beyond pre-determined rules and can become dynamic as well.“We’re starting to see people adopting ERP tools that have intelligence built into them,” said Chidambaram, “Where they can say, ‘Hey, your inventory is running low. Or you need to make these payments. Here are all the payables that you have.’ And over time, we’re finding that people are actually wanting to wait as late as possible to make those payments.”

Accounts payables and receivable teams already operate within established workflows in fiat currencies like the US dollar or Euro—for payroll, invoicing, and more—and are unlikely to overhaul them entirely. The good news, though, is that stablecoins operate in the background. When you make a payment, the recipient receives their local currency automatically (or stablecoins if they choose, but it’s not required). All the while, the business sending those payments benefits from speed, cost efficiency, and transparency.

“You’re going to have an organization that says: ‘This is how I do payroll for my local employees, but I need to do this other thing for my contractors overseas and this other thing for my suppliers,’” said Chidambaram. “Some of them might have taken only wires then, but are now accepting stablecoins. They have the ability to pick which rail makes the most sense to solve the problem.”

These benefits are especially relevant given the growing complexity of payroll, including irregular schedules and cross-border payments. Stablecoins could play a key role here. For example, enabling early wage access models that allow workers or suppliers to receive funds ahead of traditional pay cycles.

“You get paid every two weeks because, in our brains, that’s how you get paid,” said Wester. “That goes back to direct deposit, which goes back to you had to have a check, and that goes back to all sorts of things that go into the processes. Same thing with AR/AP and so many of our payment processes at the corporate level. Now we can rethink a lot of those things.”

For the foreseeable future, stablecoins will coexist with traditional payment rails. Both are necessary to support the trillions of dollars moving through global systems today. But as enterprises, suppliers, and payers grow more comfortable, a larger share of that volume is likely to shift toward stablecoins.

“Many people think digital assets and stablecoins are a solution in search of a problem,” Wester said. “I’ll say, well, you know, what you’re doing now is slow, costly, and inefficient, with layers that you can’t see. You don’t think of this as a problem, but maybe that’s because you didn’t know there was anything better.”

A key remaining hurdle is integration. Stablecoin payments are not yet embedded in most enterprise software platforms, where traditional methods like wires are still the default. But as vendors evolve and enable easier integration, stablecoins will become more accessible—unlocking even broader use cases.

“Banks, PSPS, enterprises, large and small, every one of them have been thinking about stablecoins,” said Chidambaram. “How do I go in my take advantage of this? What are the capabilities I need? Then that starts to unlock people’s minds: What else can I solve with this new payment rail?”

When a shopper is tricked into making a fraudulent purchase, they expect recourse from their financial services provider. These guardrails are one of the reasons credit cards have become predominant in the U.S.—not only can consumers dispute charges after the fact, but many issuers proactively alert users when suspicious activity occurs.

Similar protections exist for ACH payments, but they are largely a function of the lag between payment initiation and settlement. With real-time payments, such as those facilitated by FedNow and the RTP network, this buffer disappears.

As both systems gain traction, particularly in B2B use cases, fraud prevention strategies must evolve to address payments that are instant and irreversible.

In a recent PaymentsJournal podcast, Darren Beyer, Chief Product Officer at Qolo, and Suzanne Sando, Lead Fraud Management Analyst at Javelin Strategy & Research, discussed how the convergence of faster payments and increasingly sophisticated fraud is fueling a full-scale redesign of fraud prevention architecture. It has also placed a demanding onus on financial institutions to implement highly precise risk controls while preserving the customer experience.

As faster payments erode the traditional safety net around transactions, institutions must shift fraud detection to earlier stages of the payment process. In the past, organizations benefited from extended review periods, during which funds could be reversed if necessary. That capability is quickly becoming a thing of the past.

“In the world of instant payments, specifically around RTP and FedNow, you’ve got an instantaneous movement and settlement of money. And that’s where the problem lies, because there’s no longer time to pull this stuff back,” Beyer said. “There’s no window where you have an ability to say, ‘I really didn’t mean to send it’ or ‘I fat-fingered this particular account number.’”

“With that gone, it’s less of an opportunity for the people sending payments to fix problems, and that opens the window for fraudsters,” he said.

In this environment, striking the right balance between strong fraud prevention and a seamless customer experience is difficult, especially given the high expectations shaped by card and ACH transactions.

These challenges are accelerating the need for real-time decisioning, where firms analyze multiple data points to assess payment risk before processing. However, achieving high decision accuracy will likely require introducing some level of friction. While this may feel new in the context of real-time payments, methods like multi-factor authentication are already familiar to both banks and customers.

“Every time I log into YouTube, I get a six-digit one-time passcode,” Beyer said. “If I have to do that for YouTube, why is my financial institution not making me do that? They do when I log in, but if I’m doing a big payment out, shouldn’t the same thing be happening? Isn’t the ‘friction’ of getting a one-time passcode worth the extra two or three seconds it takes to put that into the website? I think the answer is yes.”

The challenge lies in applying the right amount of friction in an emerging payments model. This is where step-up authentication plays a key role. It allows institutions to adjust controls, enabling low-risk payments to proceed smoothly while subjecting higher-risk transactions to greater scrutiny.

Even so, introducing any friction into the customer journey can raise concerns for financial institutions.

“There has been an assumption that strong security will ruin the customer experience, but Javelin has found that good security can improve trust and adoption of certain payment channels and methods and new technologies,” Sando said. “Consumers and businesses want to know that their accounts and their money is protected and that they can trust the institution and the organizations that they choose to do business with.”

Implementing safeguards that remain invisible to legitimate users yet highly effective against bad actors is no small feat, but the tools to optimize this balance are rapidly improving.

Artificial intelligence has been instrumental in advancing these capabilities, as it has across nearly every sector. However, many financial institutions have lagged in adopting these technologies.

“This is a scenario where it’s so rapidly changing the industry but the traditional players—processors and banks who are operating under a regulatory environment and are operating under an environment where you can’t inhibit people from getting access to their money—they have all these constraints,” Beyer said. “Fraudsters don’t, and they can just start playing with all these great new AI tools.”

“There’s always been a gap,” he said. “Fraudsters have always been ahead of the financial institutions and the processors, and the reason for that is they’re more nimble; they’re able to get things done quicker. If you didn’t have that gap, you wouldn’t have fraud.”

Unfortunately, this gap is not only persistent but widening. Rapid advancements in generative AI and the emergence of AI agents have enabled cybercriminals to scale both the speed and scope of their attacks.

“Bad actors can adopt those technologies quickly, and they’re incredibly creative. I don’t want to give them applause for that, but they’re incredibly inventive in the way that they take risks to use new technology,” Sando said. “It’s difficult for FIs to keep pace when it comes to the adoption of any innovation.”

“It’s no surprise that AI is a problem for criminal manipulation,” she said. “But we also know that it’s a huge asset for financial services that they could make great use of in terms of automating certain aspects of the customer experience. Or even the employee experience, for things that maybe used to be a manual review of transactions, or typical tasks that were completed during fraud investigations.”

AI has quickly become central to modern fraud defenses, given its ability to detect anomalies across massive datasets. However, the rise of real-time payments is fueling the demand for intelligent infrastructure that can function as an authentication layer within the payment flow.

This is especially critical in commercial environments, where overly restrictive controls can lead to false declines or delays—issues that can quickly escalate into serious operational and reputational damage.

Ultimately, faster payments are not just driving the need for better technology, they are forcing financial institutions to rethink their entire approach to fraud prevention.

“The organizations that are succeeding in instant payments are going to be the ones that can make the competent decisions on risk just as quickly as that money is moving in that real-time setting,” Sando said. “Fraud detection isn’t just this back-office function anymore, that just happens in the background without real knowledge of it. You have to highlight fraud detection because it’s now a critical piece of the payment experience.”

This shift in mindset is essential. The fraud threat is not going away, but institutions can take advantage of one constant: the pursuit of easy money often leads criminals down the path of least resistance.

“Fraudsters are always going to find a way, but they are fundamentally no different than anybody else in business,” Beyer said. “They have an ROI, their time is valuable, and they’re going to go where they can make the most out of their time. If your bank or your processor is tougher to get through than your neighbor’s bank or processor, they’re going to go to your neighbor.”

“Make your buttress, your fortress, your castle gate—all the armor that you’re going to put around your system. Make that better than your competition and they’re going to go to your competition,” he said. “You’re never going to get a 100% fraud-proof system. Fraudsters will always be ahead, but if you can make yourself better than the people around you, then you’re not going to be the target, they are.”

Last year, the treasurer’s office in Warren County, New York sent $3.3 million to what it believed was the county’s roadwork and maintenance contractor. It was not—the payments were instead routed to a fraudulent account. Because the county had recently switched from paper checks to ACH, the treasurer’s office had no account verification policies in place to prevent what turned out to be a textbook case of fraud.

While the damage in Warren County represents the upper end of the spectrum, this incident is far from an outlier. It underscores the importance of implementing ACH protections, which many organizations already have in place. Too often, however, these measures are treated as a set-it-and-forget-it solution or merely a compliance checkbox.

In a recent PaymentsJournal podcast, John Gordon, CEO of ValidiFI, and Suzanne Sando, Lead Fraud Management Analyst at Javelin Strategy & Research, discussed how robust ACH fraud monitoring controls can do more than satisfy regulatory obligations—they can act as a proactive risk prevention mechanism. This is essential to combat the growing prevalence and complexity of fraud.

The compliance aspect of ACH fraud monitoring is partly driven by the latest version of the WEB debit rule, instituted by Nacha—the organization that governs the ACH network. Nacha’s enhanced fraud monitoring requirements raise expectations for all participants in the ACH ecosystem.

“It increases the bar to say that we’re not just checking the validity of the account, but we’re also doing fraud checks,” Gordon said. “It creates an opportunity for financial service providers to identify fraud and to look at the potential risk associated with a consumer.”

“It moves beyond compliance for compliance’s sake, which creates a lot of opportunities for financial service providers to not only identify and reduce fraud, but to put consumers in the right products that create mutually beneficial paths for them,” he said.

Finding the right fit with customers has become more challenging in the digital era, where consumers have more options than ever and increasingly expect efficiency in every interaction. As a result, consumers often choose the path of least resistance when selecting a financial institution.

These factors place institutions in a precarious position: they must balance security with customer expectations, both of which significantly impact retention.

“The importance of consumer trust cannot be overstated,” Sando said. “We’re finding that when consumers have experiences with fraud or scams on a particular account—whether it’s a traditional financial account like your checking or savings or a merchant account—if they’ve experienced any sort of suspicious activity or fraud and scams, they’re much more likely these days to close an account where the fraud occurred and move somewhere else.”

Given the risk of attrition, account onboarding and authentication have become critical stages in the customer experience. One key challenge arises from misapplied friction, where every user is forced to undergo the same verification process regardless of risk profile.

“Our belief is there’s enough value in customer data that it can be managed through step-up authentication, that you are injecting friction where friction is warranted based on the risk signals that consumers have in concert with their profiles—whether that be their bank account, their payment transactions, or their credit scores,” Gordon said.

“There are a number of different ways to end up at the right answer so that you’re facilitating a flow where the consumers stay in the process and you are fast tracking your low-risk consumers and putting obstacles in place where they should be,” he said.

This process can be optimized by leveraging the richer data available in a validated account. Institutions can go further by authenticating the account, confirming that the applicant’s name matches the account owner’s—allowing for a more targeted, efficient approach.

Implementing these measures early in the process is critical for fraud prevention and enables a customized experience, reducing the verification burden on the institution.

For example, if a consumer opts out during onboarding due to friction triggered by their financial profile, the institution avoids a potentially difficult credit decision. Conversely, highly qualified consumers can be fast-tracked, improving both the experience and conversion rates.

Although authentication is vital, it is increasingly challenging under the current credit scoring system. Last year, traditional scoring methodologies eliminated medical debt—a significant portion of consumer credit—from scores. While this change reshapes scoring, it does not remove the underlying debt burden.

Additionally, consumers now maintain more financial relationships than ever, including accounts at traditional banks, digital-first banks, and fintechs. Many of these relationships are undisclosed, complicating accurate assessments of creditworthiness.

“It becomes incumbent upon financial service providers to look at alternative data in a way that they can derive value out of it,” Gordon said. “We believe the consumers’ bank behavior, their payment success rates, and the velocity with which their PII elements change are all clues that will lead you to have a more accurate picture of that consumer—what they can afford and their creditworthiness.”

“When we factor in the way that consumers acquire credit today versus the way they did in 1989 when the FICO score was created, they’re wildly different,” he said. “The traditional scoring methodologies haven’t kept pace with the way consumers are acquiring credit now. We see scenarios where consumers apply with a clean bank account only to subsequently change to a neobank account or some other bank account that they’re utilizing to enact what equates to first party fraud.”

These challenges have driven the emergence of data-driven treatment strategies, where financial service providers leverage shared industry data. This intelligence provides critical insights into connections between consumers, accounts, identities, and performance metrics.

Such knowledge enhances underwriting, creating a scenario where a consumer’s application experience is guided by both their inputs and industry knowledge of past activity. However, these strategies must always be aligned with the institution’s broader objectives.

“We have a client that we work with that does account-to-account payments tied to loyalty cards,” Gordon said. “Their exposure in that scenario is fairly limited, they want as much acceptance as they can possibly get. Conversely, we have some clients who are doing large dollar distributions, and it is not too much to ask for someone to credential into a bank account and we’re talking about the potential for five- and six-figure disbursements.”

“It’s difficult to ensure that you’re keeping down the cost of doing business, the fraud losses, and ultimately the cost of credit,” he said. “When you marry the authentication process to the use case, you end up with a lot better solution that’s more palatable to all parties.”

Developing strategies and implementing fraud management measures is imperative, as new and potent fraud variant emerge daily. The most effective defense is sharing information and leveraging a risk intelligence provider to help chart the way forward.

“It’s finding a solutions provider that is flexible and can adjust and be agile in the same way that we find fraudsters are agile with technology and how they can use it against consumers,” Sando said. “It’s also about recognizing the fact that consumers are not all the same, it’s not one-size-fits-all. It’s about having that solution provider that can help you figure out how we navigate each individual case to make sure that it’s optimized for every single customer that comes through the system.”

These solutions help organizations stay ahead of escalating fraud threats and maintain compliance with regulations like Nacha’s rule enhancements. But that’s just the beginning.

“There is a lot of opportunity beyond compliance in account verification and authentication,” Gordon said. “What we see is that not only will more of your payments clear, but there are certain attributes and thresholds that , when crossed, significantly improve performance. Meaning, you’ve verified the account, the account has a certain history, and it doesn’t indicate any of the negative attribution that we often see compounded by a name match. You have the ability to operate confidently and compliantly in a way that you probably aren’t enjoying at present.”

As financial fraud continues to accelerate, its impact on victims goes far beyond monetary loss. The emotional and behavioral effects are long-lasting, shaping future decisions and sometimes undermining trust in their financial institutions.

Substantial progress has been made in strengthening fraud detection and prevention, but much work remains—especially in the age of AI. In a PaymentsJournal podcast, Dal Sahota, Global Director of Trusted Payments at LSEG Risk Intelligence, and Suzanne Sando, Lead Analyst of Fraud Management at Javelin Strategy & Research, discussed how fraud affects different generations and what banks can do to stay ahead of the problem.

It’s hard to go a single day without encountering a scam attempt or hearing about someone who has been targeted. This constant exposure underscores how sophisticated and pervasive fraudsters have become.

LSEG’s latest global research shows that most consumers believe scams are on the rise. As more aspects of life move online—opening new avenues for fraud—it is clear that everyone is at risk.

“This morning, I got an email from a car rental company about a supposed upcoming trip from Orland Park, Illinois,” said Sando. “As someone who lives in Milwaukee, about an hour and a half outside of Orland Park, I’m not picking up a rental car there. But you stop and think, ‘hey, I do find myself randomly researching trips. Could this have been something that I looked up and maybe I’m getting a prompt from their website?’ That’s how people end up clicking on phishing links or providing details they didn’t intend to reveal to a fraudster.”

Because scammers have become highly skilled in targeting, each generation experiences fraud differently. Scams exploit areas where specific groups are more vulnerable. Older generations expressed the highest concern about fraud in the LSEG study, while younger groups reported greater exposure to emerging threats such as deepfakes and “quishing” attacks.

Reactions also vary by age. Some 97% of victims reported changing their behavior after being scammed, becoming more cautious online, sharing fewer financial details, and avoiding certain channels. Some may feel so insecure about certain payment types that they abandon them  entirely. Older adults, however, tend to experience the greatest loss of trust compared with other groups.

“There are deep levels of distrust in any and all communication, which can be really devastating when you’re trying to maintain a relationship with your financial institution,” said Sando. “If you don’t even know that you can believe what’s being sent to you from your bank, what can you believe? Once that security feels like it’s just an afterthought and that trust has been violated, it’s really hard to go back to business as usual.”

The effects of scams extend beyond individual victims—they ripple throughout the financial services ecosystem.

“That really comes out in the research, how that’s impacting consumers and the lack of trust when they’re interacting in digital channels,” said Sahota. “We found that 32% of respondents reference shame as an emotional impact. And this is very devastating in the market.”

A significant information gap exists regarding accessibility and the warning signs of potential fraud. Less than a quarter of LSEG’s survey respondents described themselves as well-informed  in this area. Separate data from Javelin indicates that many consumers are unaware of the educational resources their financial institutions offers, even when these resources are available online or via mobile apps. These programs are only effective if consumers can locate and act on them.

“We can think about this in terms of vulnerabilities that they’re under and how those are targeted,” said Sahota. “Don’t assume that the consumer’s first language is English, for example. Those are nuances to work within, but the fraudsters really take advantage of those exposed vulnerabilities.”

Sando added: “A lot of financial institutions post really text-heavy articles. Frankly, you’re seeking out education when you need it the most. You’re not sitting around on your couch on the weekend reading education on your bank’s website. You’re going to it in that moment. So it has to be hitting the consumer right at the part where it’s most critical.”

Financial institutions could benefit from delivering a more personalized experience, tailoring education based on demographics and customer behavior. Understanding what resonates—by geographic location, generation, or product ownership—helps identify who is most vulnerable to specific scams and how to reach them.

“You’re not going to hit older generations with a lot of pop-up notifications on their phone,” said Sando. “That’s not the typical way that they consume information.”

Once someone has fallen victim to a scam, they often struggle to focus on available resources or their rights. This is when financial institutions must guide them through the recovery process.

“A scam victim shouldn’t have to be the most well-informed person on the process of reimbursement and resolution for your scam,” said Sando. “You want to have a highly trained investigator or case worker from your financial institution that’s there to walk you through because you’re already having to bear the burden of the financial loss.”

With money moving faster than ever, applying the right level of friction to the right type of payment reassure consumers. A small verification step can provide certainty that the beneficiary is legitimate. Friction that ensures validation is not a barrier—it’s a protective measure.

Too many institutions wait until validation occurs too late. In the era of real-time payments, once a transaction is submitted, the money is gone. Prevention must come before the payment, not after.

“We are focusing earlier on in building a full picture of ‘Who is this person I’m paying? What’s their historical account information?’” said Sahota. “Building a full picture and using the data that we have access to as financial services can make the difference in detecting suspicious activity before it’s too late. There are a number of vulnerabilities that the fraudsters and the scammers are exploiting. They continuously evolve. The leveraging of AI in that regard has really scaled the scams up. We need continuous risk assessment of all the aspects across the value chain.”

“We continue to play from behind,” he said. “We’re always on defense, we’re never on offense. We’re always being reactive when we should be proactive.”

To explore the full breadth of consumer insights referenced in this discussion you can review the complete survey findings in LSEG’s After the Scam research.

Many credit unions are grappling with the differences between cryptocurrency, stablecoins and tokenized deposits—and whether these innovations fit into their business model. It’s important to take a step back and allow strategic evaluation, rather than urgency, to drive decisions around digital assets.

Velera and its Digital Asset Lab are helping credit unions overcome the “fear of missing out” that often accompanies emerging technologies like crypto. In a PaymentsJournal Podcast, Velera’s Vlad Jovanovic, Vice President of Innovation, and Nathan Meyer, Senior Innovation Strategist, as well as James Wester, Director of Cryptocurrency at Javelin Strategy & Research, discussed what credit unions are doing—and should be doing—in the digital assets space.

The concept of digital assets now encompasses stablecoins, tokenized deposits and a range of cryptocurrencies such as Bitcoin, Ethereum and Solana. Cryptocurrency itself has evolved into a speculative asset class that consumers can buy, sell, trade and hold. Its volatility makes it risky, but people are using it to grow wealth, diversify portfolios and explore the broader digital assets landscape.

Regulatory guidance on crypto is still incomplete. The CLARITY Act, which aims to provide a clear regulatory framework for digital assets, is still progressing through Congress. For these reasons, most credit unions are approaching crypto cautiously.

“Do you want to create a connection point that allows your members to be able to transact with Bitcoin or Ethereum or Solana?” said Meyer. “That creates more risk exposure for the member, as well as concerns around what type and level of trading you’re allowing them to do. Because there is volatility, it can have significant impacts on them—both positive and negative.”

Stablecoins function primarily as a payment instrument, designed to provide liquidity and trading within the crypto market. They are typically backed by secure assets, most often U.S. dollar-backed assets, such as short-term Treasurys.

Stablecoins can be thought of as a new payment rail—just as FedNow and RTP provide speed for real-time payments, stablecoins offer similar capabilities. The first step for a credit union considering stablecoins is to assess whether member demand exists. Without demand, creating additional infrastructure is unnecessary. But for organizations with members engaged in remittance, stablecoins can move money more efficiently and at lower cost than traditional wires.

Another important type of digital asset is tokenized deposits. This infrastructure enables credit unions and banks to tokenize existing balance sheets and bring them into the digital realm. Tokenized deposits can remain internal to a credit union’s ecosystem, but some institutions are exploring them for intraday settlement or liquidity pools.

“We’ve seen a lot of VC dollars enter the space and a lot of start-ups are creating hype around their technology,” said Jovanovic. “That in itself is going to create a bit of a FOMO effect within the credit union industry. Am I doing enough? Should I be doing more?”

Rules governing digital assets are still evolving. The GENIUS Act, passed in July 2025, provides a framework for exploring use cases and applications of this technology. NCUA has issued proposals outlining constraints related to crypto, which credit unions should review carefully before moving forward.

Credit unions should also monitor the CLARITY Act as it moves through Congress to inform decisions around partnerships and exposure to digital assets. One immediate opportunity is engaging with regulators to help them understand credit unions’ needs—shaping regulations in a way that benefits both institutions and their members.

“Stablecoins and crypto to some extent have been wrapped up politically in ways I haven’t seen with other technology,” said Meyer. “I never had to worry about thinking through cloud migrations and worrying that as soon as an administration changed, the dynamic around that technology was going to deflate or inflate. There is a lot related to crypto that has tie-ins politically, and that is feeding some of this movement versus the actual problem it solves or demand.”

“It’s important for credit unions to understand both the CLARITY and GENIUS Act, but also understand if you get out over your skis in this space and a different administration comes in, regardless if it’s Republican or Democrat, you could see a very different perspective on privatization of stablecoins and money in general,” he said.

For most credit unions, the first step is education—learning both the technology and the regulatory landscape of stablecoins. Bringing in digital assets experts, participating in industry consortiums, and collaborating with peers can accelerate this process.

Ultimately, the most important questions revolve around members’ needs and the organization’s strategic objectives.

“One of the best ways to cut through hype is to ask why,” said Wester. “How does that support the mission of my bank, my credit union, my product? That’s a really important question, because if you have somebody coming to you from either the vendor side or the crypto and digital asset space, it feels like hype.”

Meyer added: “If you truly know who you are and what role you play in the community for your members, it allows you to avoid false signals. You can point to that strategic structure of who you are and very clearly articulate where this fits within that umbrella.”

In the past, banks and businesses could build rapport by delighting customers over several interactions. That window has largely disappeared amid the impersonal nature of today’s digital ecosystem—and the growing sophistication of fraud.

The surge in fraud and money laundering has prompted many experts to advocate for a return to a zero-trust framework, where every party must be verified before a transaction proceeds. That mandate will only grow more complex as agentic commerce gains traction and AI agents—and their intentions—must also be validated.

In a recent PaymentsJournal podcast, FinScan’s Chris Ostrowski, Head of Product Management, and Kieran Holland, Global Head of Solutions Engineering, along with Christopher Miller, Lead Emerging Payments Analyst at Javelin Strategy & Research, discussed how these factors have placed a premium on trust.

There are tangible ways organizations can build trust in a real-time, agentic environment. Increasingly, however, those efforts must take place long before a transaction is ever executed.

Many artificial intelligence enhancements have been implemented behind the scenes, from workflow optimization to cybersecurity. While customer-facing tools like chatbots have been successful, asking consumers to entrust shopping and payments to AI agents requires a far greater leap of faith.

That leap comes at a time when many consumers are experiencing a crisis of confidence. Fraud attempts have become both relentless and highly convincing—and too many individuals have fallen victim.

“I always give the example of what I would say to any member of my family who says, ‘I’ve received an e-mail offering me this deal or a massive bargain,’” Holland said. “If someone came up to you in the street and said, ‘I’m a Nigerian prince who wants to give you $5,000 if you could cash that for me,’ would you trust them?”

“There’s still that social change needed, because when something is not face-to-face, I have to have certain controls and mechanisms to make me feel confident,” he said. “Maybe that change will eventually become ingrained; maybe it just won’t. Maybe us humans need a certain amount of confidence that we used to get from face-to-face interactions.”

To rebuild confidence in a digital-first environment, organizations must establish effective risk controls around payments. That task has grown more complicated amid the rapid expansion of payment types, now spanning cards, crypto, and real-time payment rails.

This proliferation has elevated payments orchestration platforms to the forefront. These platforms not only operate across multiple payments rails, but also enable businesses to intelligently route transactions to optimize authorization rates, timing, and cost.

Such optimization is no longer just a matter of efficiency. It’s foundational to establishing trust before a transaction ever occurs. It’s also a prerequisite for agentic commerce to scale meaningfully.

“With those true agentic payments, you’re trusting that individual to act on your behalf with that vendor, potentially for the first time, or even a network of vendors,” Ostrowski said.

“You have to trust through interaction, but also within access and being able to facilitate enabling the right credentialing and set of controls within it. So you don’t have your agentic AI go out and buy you 10,000 rolls of toilet paper because it was more efficient to do it that way,” he said. “You’re having to put a lot of that trust up front.”

Given the potential volume and velocity of agent-driven transactions, trust must rest on a firm foundation. Achieving that will require broad industry alignment—a necessary, though potentially challenging, step.

“One of the interesting things here is that trust means something different for each participant in a transaction like this,” Miller said. “There is what a merchant needs to trust, there’s what an issuer needs to trust, there’s what a processor needs to trust, and there’s what consumers need to trust. There’s just a lot here to think about in terms of how we can get all the participants to agree to do the transaction.”

This industry-wide agreement between merchants and financial services firms will be paramount because the roles and responsibilities within agentic transactions remain fluid.

“You’re setting conditions around more of an event-driven architecture,” Holland said. “When something happens on this system, then do something else for me without me having to initiate it. But who defines what the criteria for that is? Who designs the guardrails around that and who—I suppose legally and philosophically—holds the responsibility for saying, ‘I want this?’ And now the AI has translated that into a set of conditions that it’s going to use.”

“It’s the same concept in fraud prevention as in retail banking,” he said. “We don’t expect the end consumer to be the perfect guardian of their own financial health. We accept a certain level of responsibility across the injury to help them in that regard. I think the same is going to be true of agentic AI.”

Like modern payments infrastructure, agentic commerce will likely include baseline controls. However, banks will still need to implement their own safeguards, policies, and compliance frameworks to protect customers and their institutions.

Larger financial institutions may need to take the lead, gradually introducing customers to agentic commerce through limited, well-defined use cases that build familiarity and confidence over time.

“You’ll probably see something similar to the use of Zelle in the U.S. where you have banks coming together and putting those safeguards around it at a common level,” Ostrowski said. “It can drive the growth of agentic AI usage within various financial services, within payments, and within retail itself.”

“You’re also going to continue to see the growth of trust registries, where you go through verification processes to be placed on the registry to show that I have proven my ability to be trusted, and that information can follow along with the agents,” he said, “especially within the blockchain space of being able to cryptographically assign transactions and agents with certain rights. All of that can be facilitated at these larger institutions that are already learning it in other areas, to help drive this next generation of e-commerce.”

A consortium-driven approach to agentic commerce will hinge on clear, standardized communication. Although the ISO 20022 messaging protocol was not developed specifically with agentic commerce in mind, its rich, structured data model is well suited to this paradigm.

“ISO 20022 has been designed deliberately so that much clearer information is available about what this transaction is and who’s involved,” Holland said. “Whether you need to identify the name and location of the ultimate debtor, the ultimate creditor intermediaries and so on, that new standard was designed from the ground up to do that.”

“It’s important because when you look at how AI within compliance is starting to take off, data is the foundation to that,” he said. “If you haven’t got good foundational, reliable data about who’s involved and who the counterparties are, making a good, accurate, and certainly more automated decision comes with significant risk.”

A common messaging standard becomes even more critical as transactions accelerate towards real time. For example, stablecoins and agentic commerce share significant synergy: both are real-time, highly efficient, and capable of leveraging ISO 20022’s enhanced data capabilities.

For stablecoins to integrate fully into mainstream financial systems, however, transactions must embed sufficient data to distinguish them from other cryptocurrency transfers. They must also incorporate compliance-related information, including support for travel rule requirements.

“That whole sphere comes back to the standard ISO 20022 fields and that consistency we’re starting to get to be able to go forward in these various ways,” Ostrowski said.

More advanced communication standards, efficient infrastructure, and stronger safeguards are all critical to fostering trust in an agentic commerce ecosystem. Yet none of these solutions can replace distinctly human qualities—creativity, empathy, curiosity, and judgment.

“It’s a true saying that if you design a very fixed, very structured, automated system, us humans will always find a new scenario, a new circumstance that is all of a sudden going to break it,” Holland said. “Introducing humans into it is that creativity buffer where I can see that Chris has bought 10,000 rolls of toilet paper, I can see that it meets his preferences, but I as a human know that’s unlikely.”

“That curiosity whereby humans can still intervene and say 99.9% of the time this might be right, but with my insightfulness, with my creativity, I can introduce that human factor back into this overall very tightly structured process,” he said. “I become that level of flexibility that’s not going to break the system.”

The human element won’t disappear, because AI agents are ultimately designed to act on behalf of individuals. Preferences differ widely and evolve constantly.

An AI agent may learn a consumer’s favorite restaurants, events, or airlines. But human priorities shift. Tastes change. Context matters.

In the end, even in an agent-driven economy, trust will remain deeply human.

“Maybe that day you feel like a window seat instead of an aisle seat, and your agent would say, ‘No, that’s not your typical pattern, you normally do this,’” Ostrowski said. “There’s still that level of independence that the human wants and over time the agent will try to mimic that, but you’re still never going to completely replace that.”

“It’s similar to what we’re seeing within the regulatory environment, where regulators aren’t ready to hand off agentic decisions for risk evaluation or compliance approvals to agents entirely,” he said. “They still want to see a human reviewing the cases, making decisions on whether I should onboard or reject a type of transaction. I want to be the one approving it; I want to be making that final decision. It’s doing 90% of the work for me, but I want that last 10% to stay with me.”

High-profile data breaches at major retailers exposed thousands of consumers’ personal account numbers (PANs), spurring the adoption of tokenization—a solution that replaces sensitive account data with surrogate values, protecting both consumers and merchants.

As tokenization scaled, its benefits proved to extend well beyond fraud prevention. Merchants often saw meaningful lifts in authorization rates. But the rise of competing token types, the emergence of agentic commerce, and evolving policies from industry leaders have made tokenization strategy more complex than ever.

In a recent PaymentsJournal podcast, Kiel Cook, Principal Product Manager at IXOPAY, and Don Apgar, Director of Merchant Payments at Javelin Strategy & Research, explored tokenization’s performance advantages—and why the next phase of change represents an opportunity for merchants to take the reins of their payments destiny.

As demand for tokenization increased, card networks introduced network tokens, payment service providers (PSPs) issued proprietary tokens, and third parties developed universal tokens to bridge ecosystems. For a time, the industry speculated about which format would ultimately prevail.

“The different forms of tokenization were pitted against each other as a this-or-that scenario in the beginning,” Cook said. “But over time, especially in 2025, what I realized was these are actually a better-together play. Ultimately, when we’re talking about payment credentials, we’re talking about authorization rates. Network tokens are a trusted source and typically increase the likelihood of avoiding soft declines.”

“But there are still scenarios where the network token may fail or may not be the most apt payment credential to use,” he said. “Those who are positioned to pivot back to the PAN when needed are the ones that are going to win. The more avenues you have to obtain authorization rates, the better.”

Beyond security and authorization benefits, tokens are persistent. They stay current even when underlying cards expire or are replaced. This reduces unnecessary declines in card-on-file and recurring payment scenarios.

Tokens can also serve as a common denominator across P2Ps, acquirers, and regions. When paired with payments orchestration platforms, they unlock operational flexibility and significant efficiency gains.

Together, these advantages make tokenization foundational to modern payments infrastructure. Yet rapid adoption has also surfaced new pain points for merchants.

“As the merchant landscape and consumer shopping started to evolve into omnichannel and then mobile, merchants would go with best-of-breed providers and sometimes wind up with multiple tokenization stacks,” Apgar said. “When you now want to change PSPs or you want to make a change to a sales channel or bolt on another vendor, it becomes a real issue if you don’t have control over the token.”

For small businesses just getting off the ground, token ownership is rarely top of mind. Payments services are often lumped into the broader cost of doing business.

“It’s usually not until an issue arises with their PSP, such as downtime or some new technology gets launched into the market and their PSP doesn’t have that,” Cook said. “Then they’re looking to move and they realize they don’t have the authority to make those decisions; they need the permission of their provider in order to take their data and put it somewhere else.”

“In that moment, the question is, ‘Do you own your data? Do you have control? Can you do what you need to do to drive efficiency, to increase your bottom line with your customers, to increase your brand recognition, to have a robust payment connectivity layer?’” He said.

That calculus changes as merchants expand and integrate multiple PSPs. At that stage, token ownership directly impacts portability, routing flexibility, and negotiating leverage. In short, whoever controls the token controls critical aspects of the payment relationship.  

“How much autonomy would you like to have in your payments decision?” Cook said. “That’s going to help you understand how important ownership of your own data is going to be for you. Those who own their payment credentials own their own destiny.”

Payment credentials remain incredibly powerful and increasingly difficult to safeguard amid rising fraud sophistication. To strengthen protections, Mastercard has committed to tokenizing all e-commerce transactions by 2030.

While many support the spirit of this mandate, merchants are struggling with its practical implications. Credit cards will still be widely used in 2030, and issuers will continue to provide PANs to consumers.

However, PANs will likely play a diminished role in the transaction lifecycle. That shift makes universal, merchant-driven tokenization essential—not only for protecting customers, but also for maintaining PCI compliance.

“The 2030 mandate is more of a requirement to convert a PAN to a network token because I don’t see PANs being completely removed from the ecosystem by then,” Cook said. “Digital wallets will continue to expand because merchants will start to receive more network tokens through avenues or rails that are out of their control.”

“But there will still be times where someone who’s on the other side of the digital divide that hasn’t adopted a digital wallet and is still coming in trying to process with their PAN,” he said. “The onus will be on the merchant in those scenarios to have the avenues to convert PANs, when they do receive them, to network tokens.”

A more proactive tokenization strategy is becoming critical as the payment ecosystem approaches another inflection point: the rise of agentic AI. These autonomous agents are poised to become a mainstream shopping interface.

“We’re going from one payment credential—historically the PAN—to now a proliferation of payment credentials and line of sight to where these are coming from,” Cook said. “How do you know what to trust and what not to trust? How do you know the difference between an agentic agent that has permission versus a bot hitting your website?”

“One of the big things is making sure that you as a merchant have your data stored in a way so that the agent can pick it up and share it with the consumer on the other side of that search,” he said. “Not having your data in the correct format or being able to be picked up in a certain way is going to be a big challenge for your company to maintain line of sight to your consumer, as they have a new middle layer managing the interaction.”

This highlights a new core challenge—trust. Merchants must verify not only the consumer, but also the AI agent acting on their behalf, along with permissions and intent behind each transaction. Meeting this need will require new infrastructure capable of assessing and managing agentic risk.

Tokens can play a pivotal role by creating guardrails around agent-driven activity. Merchants should begin preparing now to support agentic-ready token frameworks.

“Keep in mind, it’s just a different version of a network token, which are just payment credentials,” Cook said. “Universal tokenization should be looked at as, ‘I’m about to get bombarded with payment credentials that are scheme-persisted. I don’t control the usage; I don’t control the relationship; these things weren’t built with me in mind. What was built with me in mind? What is my tool to anchor myself?’ That’s universal tokenization.”

“That’s the playbook that I would put out there for merchants to leverage to protect themselves,” he said. “It’s making sure that they have line of sight to who is who and having something that they can drop directly into their ecosystem without having to re-architect their entire payment stack in order to be relevant in the agentic commerce world.”

The rapid evolution of payments—especially the acceleration of generative and agentic AI—has created urgency for many merchants to modernize. While adopting new technologies is important, strategy must remain grounded.

“If you go back 10 years ago, we were in the same place with tokenization and everybody rushed to tokenize as a stopgap security measure—only to find out down the road that I now need a more holistic strategy around how I use tokens and what benefits they give me beyond security,” Apgar said.

“That’s where we are with AI, too,” he said. “My advice to merchants would be slow down the conversation and understand what AI means for your business, for your customers and your data security—and try to put a strategy around all of this.”

At its core, any tokenization roadmap should be a natural extension of a company’s broader mission: protecting customers, optimizing performance, and maintaining control in a dynamic ecosystem.

“We’re talking about consumers making a purchase and merchants receiving a payment credential and maintaining line-of-sight to their customer for loyalty plays, security plays and so on,” Cook said. “This is what we’ve always been doing; the tactics are just changing. This is change management. Are you paying attention to the things that are changing? Do you see the incremental adjustments that are occurring and are you adjusting as you go?”

“If you have a rigid approach to your processing stack, that’s when things will become detrimental,” he said. “At the end of the day, no one can see what’s on the other side of the 2030 line. The best thing that you can do is put yourself in a flexible, future-proof payment stack so you’re prepared for whatever payment credential that comes on the other side.”

For many small business owners, the workday doesn’t end when customers leave. It continues late into the evening—logging into multiple dashboards, exporting spreadsheets, reconciling transactions, and trying to make sense of scattered financial data.

In the absence of a centralized solution, many have been forced to stitch together a patchwork of banks, fintech apps, payment processors, and accounting tools just to keep their business running. Reconciling these fragmented systems has become a drain on merchants who are already stretched thin.

This growing complexity has implications beyond the merchants themselves. As small businesses expand their financial relationships across multiple providers—and as physical banking touchpoints become less frequent—financial institutions are finding it harder to cultivate meaningful connections with this segment. What was once a relationship-driven business risks becoming transactional.

In a recent PaymentsJournal podcast, Eleanor Bontrager, VP of Product Management at Fiserv, and Don Apgar, Director of Merchant Payments at Javelin Strategy & Research, discussed how banks still hold an advantage in small business financial services. However, many financial institutions will need to shift their strategies to become the centralized financial hub that SMBs increasingly expect.

While financial management is critical to any business, it is only one facet of running an organization. The more time business owners devote to managing finances, the less time they can spend on other key tasks.

As digital payments have evolved, merchants have adopted a growing array of tools to deliver the payment experiences and financial services customers expect. As a result, small business owners often cobble together fragmented solutions that were never designed to work in concert.

“They’re having to look at the disparate data that comes from those tools and try to imagine what their cash flow position might be,” Bontrager said. “Many aren’t even really using tools; they’re using Excel spreadsheets. They’re literally sitting down with a pen and paper trying to figure out what money they expect to be coming in and what money they expect to be going out and trying to figure out what that means for their business.”

Amid these challenges, merchants don’t want more tools to bolt on. Instead, they are seeking a streamlined solution that enables seamless, transparent transactions and provides a holistic view of their cash flow.

Cost remains an important consideration. Yet many merchants would willingly invest in a unified platform that reduces administrative burden and minimizes the errors common in manual processes.

“We’ve seen research recently where small businesses will spend an average of 25 hours per week just trying to manage data between various financial applications,” Apgar said. “They’re not doing that when the store is open, that time is family time—after hours and on weekends—where people are constructing spreadsheets and poring over paper statements.”

“The data from their point of sale has to be reconciled back to their bank statement,” he said. “You have payroll to manage, vendors have to get paid, and those invoices have to get reconciled to inventory. There are so many moving parts.”

These variables have led SMBs to increasingly seek a single financial home. Ironically, this desire often stems from the complexity created by maintaining multiple financial relationships—business owners now need a centralized cash flow hub that aggregates their various accounts and functions.

While such a solution may not eliminate every external relationship, it provides merchants with a critical anchor. Once engaged on a centralized platform, banks are well positioned to differentiate themselves and deepen relationships with their SMB clients.

“All in all, money moves faster within the financial institution environment, so the FIs have a clear advantage here,” Bontrager said. “That’s what small businesses want and need, to be able to make those payments easily and quickly. They’re also looking to have that secure, trusted relationship. Within the bank environment, those fraud and risk protections are very much built into that experience.”

“As we think about the ideal solution, it’s taking some aspects of the fintech solution and making those available in the FI channel,” she said. “For example, many small businesses have a strong preference for putting all of their spends on a credit card. Being able to make that available within a payment application and not just relying on DDA accounts. That can be important to package all of that up together, just for the convenience of the small business.”

Consolidating banking and fintech relationships into a single hub may seem counterintuitive, given the adage warning against putting all one’s eggs in one basket. However, diversifying an investment portfolio to mitigate risk is fundamentally different from streamlining a small business’s banking infrastructure for efficiency and clarity.

“When we say having all their eggs in one basket, it not suggesting that the way for FIs to win in small business is to be a one-stop shop and provide every single financial service that a business could want,” Apgar said. “It’s really about having all the financial data in one basket to the extent that data can be exchanged.”

“Even if businesses are using some fintech services, API architecture that’s common today facilitates that kind of data exchange, so the FI can come to the forefront with a complete snapshot of the small business’s financial health and cash flow—and really become the primary partner,” he said.

Data has become central to modern financial services because it helps organizations personalize their offerings in a digital environment.

“There can be so much data; it’s being able to take that data and translate that into timely, accurate advisory nudges to the small business that help them anticipate when they’re at risk or see that there’s an opportunity,” Bontrager said. “That’s becoming more of an expectation. It’s, “Hey, you might go cash flow negative next week’ or ‘Looks like your revenues are increasing, are you looking to open a second location? Can we help you with that?’”

Yet solutions that deliver these types of actionable insights to small businesses have been limited. Historically, many financial institutions didn’t treat the SMB segment as a strategic priority. Smaller merchants were often funneled into consumer products or served by commercial and treasury solutions built for much larger enterprises.

The traditional small business strategy—such as it was—centered largely on branch-based relationship building and small business lending.

“There’s so much more that they can be doing,” Bontrager said. “Being able to meet small businesses where they are and provide solutions that allow them to make payments, receive payments, reconciliation, automated workflows. Providing those solutions is key to being able to continue having the small business relationships that they have today.”

“That relationship aspect is always going to be super important, but you need to be able to have an excellent digital solution from a payments and receivables perspective in order to keep fostering that relationship,” she said. “As they do that, they’re going to have more data about that small business and that’s going to help them better serve their small business customers.”

While holistic SMB platforms are quickly becoming a market expectation, many financial institutions lack the infrastructure or resources to build and deliver them in-house.

This moment represents a tipping point. To stand out in a crowded market, banks must rethink and modernize their small business banking strategies.

“The reality is that the customers are already filling in those gaps on their own today,” Apgar said. “Rather than wait until you can build everything internally to provide 100% of your customer needs, it makes sense to embrace relationships strategically with the right partners to be able to create that end-to-end digital solution—both from service delivery and also from a data perspective—to deliver those key insights that businesses are looking for.”

The first step is simple: listen. By engaging small business customers and understanding their pain points, banks will uncover common themes—such as the need for intuitive workflows that simplify payments, receivables, and cash flow management.

The ultimate objective is to provide a solution that helps small business owners focus on growing their business rather than managing its financial complexity. For many banks, achieving this vision will require strategic partnerships and external support.

“Think about where those partnerships can come from that will help them be able to deliver a solution like that and have some speed to market that will allow them to quickly meet the needs of small businesses,” Bontrager said. “In doing so, if they’re able to provide the key insights that the small business is looking for, the upside for the financial institution is they have that data, and they can also benefit from those insights and make better risk or underwriting decisions.”

“There’s a lot of potential in the solutions that are available,” she said. “It comes down to evaluating the problem, figuring out who their small business customers are and what their needs are, and then being able to provide them with solutions that meet their needs.”

With the advent of faster payments, many financial organizations have prioritized speed over fraud detection. Consumers expect instant transactions, but banks must still protect themselves and their customers from fraud. Running fraud detection in the background—analyzing contextual signals and historical data—helps strike the right balance between speed and security.

In a PaymentsJournal Podcast, Diarmuid Thoma, Head of Fraud & Data Strategy at AtData, and Jennifer Pitt, Senior Analyst of Fraud Management at Javelin Strategy & Research, discussed how traditional fraud detection methods have fallen short in the era of real-time payments. The key today is to stop fraud before it occurs.

For customers, speed is paramount—but that speed is only required at the transaction or decision phase. Banks can conduct much of the pre-authorization and risk assessment before a transaction ever happens, without the pressure of real-time execution. By the time a customer reaches the transaction stage, the bank should not be scrambling to complete all fraud checks instantly.

Many institutions focus on where the financial loss occurs. When a transaction results in a chargeback, they look to fix the transaction itself. In most cases, however, that wasn’t the customer’s first interaction. The initial touchpoint often occurred much earlier, well upstream of the chargeback.

“With account takeover, you can see a lot of behavioral signs before payments even happen,” said Pitt. “If the information is changed in something like an account profile, that’s a clue. Logins from different areas at different times can be a clue. If that is flagged first, then essentially the suspicious payment doesn’t happen, and there’s no loss to either the consumer or the financial institution.”

In the traditional brick-and-mortar world, banks might have asked for a driver’s license or passport to open an account, perhaps along with a utility bill to verify an address. While those documents could be forged, such cases were relatively uncommon.

Today, verification relies on digital identity. Devices, IP addresses, and email accounts form the foundation of an identity profile. That profile extends across consortium networks containing prior transaction data, creating a clearer picture of how a consumer behaves. For example, is this person likely to buy $1,000 sneakers?

“It’s building an identity,” said Thoma. “Even in the physical world, who we are is defined by liking a certain bar, or shopping at a certain store. All of those together, that’s you. All we’re doing now is taking that and translating it into a digital concept. From a fraud perspective, that builds consistency. The nice thing about good people, from a fraud profiling point of view, is they’re very consistent.”

Modern fraud professionals build dynamic profiles rather than relying on static identifiers. They can construct timelines spanning five or 10 years—whatever data is available—representing a big leap forward from traditional methods.

“When I was in the banking world, part of my role was to evaluate investigations to see if the investigations were done correctly,” said Pitt. “I would frequently listen to different calls from customer service reps and call centers. Several times I listened to calls where the fraudster themself was trying to make a wire transfer.

“The call center rep just asked for basic information like name, date of birth, normal knowledge base questions. Information that you can get pretty much anywhere, from leaked data breaches to background check websites,” she said. “That wire was able to go through. And when the customers called in to say there’s fraud, the customer service representative said, well, no, you verified the information.”

Many financial institutions still conduct manual reviews one transaction at a time. This approach yields insight only into those specific transactions and fails to reveal broader fraud patterns or emerging tactics.

“I still see small financial institutions operating as if there were no internet,” said Pitt. “They’re essentially verifying physical documents, especially in branches with human detection only. That is not good enough anymore with the AI tools that are out there for fraudsters. It is so easy to fake or forge some of these documents. You can’t rely on a human detection for that.”

Compounding the issue, criminals understand reporting thresholds. They deliberately stay below those limits, spreading activity across multiple accounts and institutions. That is why consortium data-sharing is essential for identifying coordinated patterns that would otherwise go undetected.

In the early days of social media, companies could look up a profile to confirm a person’s existence. Today, AI can easily generate convincing social profiles across multiple contexts and geographies. Fabricating digital footprints isn’t only simple, it’s scalable. The challenge for banks is no longer finding data, but finding data that can’t be easily manipulated.

“Ideally, the best quality data is immune to automated generation,” Thoma said. “Sources that are unconnected to each other are independent of each other. An email is unrelated to a device from a data perspective. When you take in all this data from unconnected data sources—if they all agree that something’s good—generally you have better decision quality.”

Investing in advanced fraud prevention tools may seem costly upfront, but the expense is inevitable. Institutions will either pay on the front end by strengthening their defenses—or on the back end through fines, consent orders, reputational damage, and customer attrition.

“We have to stop looking at payments fraud from the point of the transaction,” said Pitt. “That’s the last possible point to prevent fraud. We talk about defense in depth and a layered approach where if some security measure does not catch the fraud, then another one will. We still need to look at the payment itself, but we also need to look at everything before that so that we can catch the fraud earlier.”