Critical Infrastructure Security, Breach

The financial sector: Too many silos, too little security

Portrait of a financial consultant conducting a video conference

COMMENTARY: Moving into the 2026 budget cycle, banks face a great challenge: How can they protect customers from fraud while maintaining trust, transparency, and operational efficiency?   

This year, we’ve witnessed several major bank fraud issues revealing vulnerabilities in both traditional and digital banking systems. Organized crime rings have targeted enterprise banks with sophisticated schemes, including synthetic identity fraud and account takeovers, which exploit weaknesses and fragmented risk management across multiple institutions.   

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Advancements in generative AI let fraudsters make deepfakes far more quickly and convincingly, leading to a spike in highly-effective social engineering attacks and account takeover fraud. Sophisticated groups such as Scattered Spider have targeted financial institutions directly, demonstrating how organized and persistent today’s threat actors have become.  

Against this backdrop, integrated intelligence has become the foundation of modern fraud defense. Without it, financial institutions are left with outdated verification tools and fragmented vendor ecosystems that cannot keep pace with today’s criminals. The old approach, stacking one specialized vendor on top of another, has created a patchwork of defenses riddled with blind spots. Fraudsters exploit these gaps, taking advantage of disconnected systems that fail to connect the dots between signals.  

Banks must streamline vendor relationships, invest in smarter monitoring, and put integrated intelligence at the core of their strategy. They need to deliver defenses that adapt quickly and catch threats where criminals least expect it. 

Why today’s systems fall short  

For more than a decade, banks and credit unions have invested heavily in identity verification vendors and fraud prevention point solutions. Yet the results have not kept pace with the threats. Fraudsters are adapting, using stolen data, deepfakes, and increasingly realistic fabricated identities to slip past defenses.  

When banks rely on too many standalone verification vendors, they create silos of risk data that often don’t connect, creating fragmentation. For example, if a company uses one vendor for its expertise in phone verification, but it also doesn’t know if that phone connects with the name, address and/or email address of the individuals they interact with, then the company hasn’t fully connected the dots and a fraudster will easily exploit the business.   

Vendor oversight presents a critical vulnerability as visibility and reporting functions vary dramatically between providers. While some use advanced machine learning, others rely on rules-based approaches. Organized groups exploit inconsistencies, finding the weakest vendor link to gain access through persistent, coordinated attacks that outmaneuver siloed systems.  

 The growth of synthetic identity fraud  

Synthetic identity fraud ranks among banking's fastest-growing threats, with fraudsters bypassing traditional verification at unprecedented rates. An estimated 80% of new account fraud stems from synthetic identities, a figure likely underreported due to detection challenges.   

These fabricated identities combine real personally identifiable information (PIIS) like Social Security numbers, addresses, and birthdates from multiple sources, or blend authentic details with fake data to create convincing personas. Fraudsters use these synthetic identities to open accounts, secure loans, and obtain credit cards without triggering fraud alerts if integrated intelligence isn’t leveraged.  

Criminals using synthetic identities do not stop once a single account looks legitimate. After building on-time payments and low balances to create a strong credit profile, they reuse that reputation to apply at other banks, fintechs, and specialty lenders that rely on bureau data or weak identity checks. They submit parallel applications, open multiple lines of credit, and funnel funds through mule accounts or shell businesses. Because onboarding controls vary by institution, the same synthetic identity can pass automated checks at several places before anyone notices. Before detection finally occurs, the attackers have already borrowed or charged large sums and “busted out” by moving assets out of reach. 

The cost of not having the proper controls is dramatic, not just in dollar terms, but in customer trust, regulatory scrutiny, and brand reputation, not to mention the time and resources it takes to find and purge these accounts. And with forecasters estimating tens of billions in losses by the end of the decade, now’s the time to rethink strategy.  

A 2026 roadmap for smarter fraud defense  

While financial institutions plan 2026 budgets, leaders must abandon outdated approaches and adopt four essential strategies to combat sophisticated modern fraud threats:   

  • Consolidate to a trusted set of holistic partners willing to work together: Rather than adding more vendors to the stack, banks should evaluate where consolidation makes sense. Work with fewer, but more collaborative partners. This can ensure intelligence will flow across channels and customer journeys. It also reduces operational drag, minimizes conflicting policies, and strengthens overall oversight. Consolidation doesn’t just cut costs: it eliminates the weak links fraudsters actively exploit.  
  • Fight AI with AI: Deploy AI-driven intelligence platforms. Modern fraudsters operate with speed and adaptability. Banks must do the same. AI-powered platforms capable of analyzing large volumes of cross-channel and behavioral data in real time are essential. These tools go beyond static checks, recognizing subtle behavioral patterns that distinguish legitimate customers from synthetic ones. Importantly, they can adapt quickly as new threats emerge, shrinking the window of opportunity for fraudsters. 
  • Move toward continuous, unified monitoring: Identity verification is not a one-time event at onboarding. Teams need continuous monitoring to detect fraud that may only appear months down the road. Unified monitoring ensures that intelligence from mobile, online, call centers, branch interactions and data breaches contribute to a holistic risk picture, giving banks the agility to respond to emerging fraud with confidence.
  • Tap the most current, comprehensive fraud data: Ensure the team’s verifications tools draw on a large pool of existing data. Companies that do this rely on billions of datapoints from a vast array of industry sources, including the most recent breach incident data. Anything less means you’re working with outdated information.   

 The fight against fraud in 2026 will not go away any time soon. Fraud keeps exploding, adversaries are persistent, and static tools anchored to outdated models and fragmented intelligence are not enough. The vendor stacks of the past decade are liabilities that banks and their customers can’t afford.  

Instead, leaders must prioritize consolidation, collaboration, AI-driven platforms, continuous monitoring and dynamic intelligence as cornerstones of their strategy. Doing so will help curb synthetic identity fraud and blunt the efforts of attackers, and also position banks for a future where security, customer trust, and operational efficiency advance together.  

Chris Harrison, chief executive officer, Fideo Intelligence

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Attack Vector

You can skip this ad in 5 seconds