Fraud Prevention Trends in the US: Scam Networks, Identity Theft, and ML
- 01 How serious is the fraud problem facing US financial institutions?
- 02 How are transnational scam networks operating in the US?
- 03 What is synthetic identity fraud and how does it affect US credit markets?
- 04 How is machine learning transforming fraud detection systems in the US?
- 05 How does Shufti help US financial institutions manage fraud risk?
TL;DR
- US fraud losses hit $20.877B in 2025 (IC3), up 26% YoY, the steepest jump in a decade.
- Southeast Asian scam compounds are running pig-butchering and romance-baiting schemes, prompting the DOJ Scam Center Strike Force and FinCEN’s Huione Group designation.
- Synthetic identity fraud builds credit history for months before executing a bust-out.
- Account takeover attacks now bypass credential-only checks entirely.
- Generative AI is accelerating all three threats: deepfakes defeat call-center authentication, and Deloitte projects AI-enabled fraud could reach $40B.
- Rule-based detection can’t keep pace, pushing institutions toward ML-driven transaction monitoring and behavioral biometrics.
- The real gap sits at onboarding, where synthetic and first-party fraud still slip through document and biometric checks.
- Shufti closes that gap with document verification and liveness detection at account creation, plus AML screening on the same API.
The FBI’s Internet Crime Complaint Center (IC3) documented $20.877 billion in cybercrime losses in 2025, a 26% jump from 2024 and the steepest single-year increase in a decade. For financial institutions across the US, three forces are driving that number upward simultaneously: industrial-scale scam networks operating from overseas compounds, synthetic identities that accumulate credit history over months before executing bust-out fraud, and account takeover attacks that credentials alone can no longer stop. This article maps each threat, traces the federal response, and examines where machine learning fits as both a primary defense layer and a growing tool available to fraudsters.
How serious is the fraud problem facing US financial institutions?
Fraud prevention trends in the US for 2025 and 2026 are defined by a trajectory that federal reporting data makes difficult to dispute. US consumers reported $12.5 billion in fraud losses in 2024, a 25% increase over 2023, according to the Federal Trade Commission (FTC) Consumer Sentinel Network. Financial fraud prevention in the USA is absorbing losses at a pace that legacy detection tools were not built to handle.
Investment scams and impersonation fraud
Cryptocurrency Investment fraud accounted for $7.2 billion in 2025. Impersonation scams represent the second-largest loss category, with government impersonation complaints nearly doubling year-over-year and reaching $797.9 million. Each category grew independently, pointing to a broader criminal infrastructure behind multiple fraud types rather than a single surge.
Why are losses accelerating?
The primary driver is generative AI. Deloitte’s Center for Financial Services projects that AI-enabled fraud could reach $40 billion in the US based on current trajectory data. Deepfake audio and video now allow fraudsters to bypass call-center authentication, and AI-generated phishing runs at volumes that manual review cannot match. The share of fraud reporters who said they actually lost money rose from 27% in 2023 to 38% in 2024. Awareness programs are not closing the gap as fast as losses are growing.

How are transnational scam networks operating in the US?
Southeast Asian scam compounds, operating primarily from Myanmar, Cambodia, and Laos, are the infrastructure behind the largest share of US investment fraud losses in 2025. Effective fraud risk management in the US now requires a working model of how these networks function, not just a list of transaction flags to block.
These operations follow a consistent multi-stage model. Trafficked workers contact US targets through social media, dating apps, or messaging platforms, building trust over weeks or months. Victims are introduced to fake investment platforms showing fabricated returns, then blocked from withdrawals when losses are maximised. The DOJ Scam Center Strike Force, launched in November 2025, indicted Cambodia’s Prince Group and its chairman on wire fraud and money laundering charges tied to at least ten scam compounds. The US Treasury’s Financial Crimes Enforcement Network (FinCEN) designated the Huione Group as a primary money laundering concern after tracing more than $4 billion in proceeds linked to “romance-baiting” operations and North Korean cyberattacks.
What does this mean for compliance teams?
FinCEN’s designation of Huione Group under the Bank Secrecy Act (BSA) elevated due diligence expectations on cross-border payment flows involving Southeast Asian correspondent banks and crypto-adjacent accounts. Institutions receiving transfers from high-risk jurisdictions named in the Treasury action face heightened scrutiny on both the originating account and the beneficiary profile. Compliance teams that treated these fraud types as law enforcement problems, rather than identity and onboarding problems, are revisiting that framing in 2026.
What is synthetic identity fraud and how does it affect US credit markets?
Synthetic identity fraud is the fastest-growing form of financial crime in the United States, with generative AI expanding the construction tools available to fraudsters. Unlike traditional identity theft, synthetic fraud does not target a real victim’s existing accounts. It builds entirely new financial identities that look legitimate over time. For background on how these profiles are used in broader identity fraud patterns, see how synthetic identity fraud develops through credit-building phases.
How are synthetic identities built?
A synthetic identity typically combines a real Social Security number (SSN), often belonging to a child, elderly person, or someone inactive in the credit system, with a fabricated name, address, and contact details. The fraudster spends months establishing a credit history on the profile by becoming an authorised user on existing accounts or opening small credit lines. When the profile is strong enough, the fraudster executes a bust-out: maxing every available credit line and disappearing. Many institutions record the resulting loss as a credit default rather than a fraud event, which means financial fraud prevention in the USA systematically underestimates synthetic identity exposure.
First-party fraud and where detection diverges
First-party fraud, where a real person deliberately misrepresents their own identity or financial situation to obtain credit, requires a different detection model than synthetic identity fraud. First-party fraud signals are behavioural: application velocity, income inconsistency, and rapid credit utilisation after account opening. Separating first-party patterns from synthetic identity patterns at onboarding is one of the sharper challenges in fraud risk management in the US today, because both categories can pass document and biometric checks when the underlying credentials are technically real.
How is machine learning transforming fraud detection systems in the US?
Machine learning is now the dominant architecture behind US fraud detection trends in 2026, replacing rule-based systems for high-volume transaction monitoring and onboarding screening. The shift addresses a structural weakness that fraud risk managers know well. Rule engines update slowly, while fraud patterns adapt within days. Fraud detection systems in the USA that rely on static rules face an asymmetric innovation gap that widened sharply as AI tools became commercially available on both sides. For a closer look at how AI at the document layer supports the detection pipeline, see how AI document verification closes identity fraud gaps at onboarding.
ML models and behavioral biometrics
Modern fraud detection deployments combine supervised learning models, trained on labelled fraud patterns, with unsupervised anomaly detection for novel attack signatures. Behavioral biometrics adds a continuous authentication layer by analysing typing rhythm, swipe pressure, device angle, and scroll patterns to build a per-user baseline. When a session deviates from that baseline, the system flags a probable account takeover even when the credentials are correct. ML features that predict synthetic identity fraud specifically include SSN issuance-date mismatches against the applicant’s stated age, device fingerprint clustering across multiple applications, and velocity of credit line requests in a short window.
Where does the detection gap persist?
The gap sits at onboarding, not in post-transaction monitoring. ML models trained on transactional behaviour carry no signal during a first customer interaction. Effective financial fraud prevention in the US depends on identity-layer controls at account opening, including document verification, biometric liveness detection, and database cross-reference, to give the ML scoring layer enough signal to rate a new applicant before credit is extended.

How does Shufti help US financial institutions manage fraud risk?
Fraud and compliance teams at US banks and fintechs often describe the same structural gap. Transaction monitoring flags losses after an account has been opened and credit extended, and the synthetic profile that spent six months building a clean record bypassed onboarding controls entirely. The problem sits at the identity layer at account creation, not at the monitoring layer downstream.
Shufti’s fraud prevention platform runs document verification and biometric liveness detection at the point of onboarding, flagging SSN-pattern anomalies and device clustering signals that indicate synthetic identity construction before an account is approved. A 99.3% true detection rate for confirmed fraud attempts means liveness checks catch presentation attacks that would otherwise pass call-center review. For institutions that need both identity checks and AML screening in one workflow, both run from the same API, keeping the compliance audit trail consolidated rather than split across separate vendor stacks.
Frequently Asked Questions
What are the biggest fraud threats to US financial institutions in 2026?
Investment fraud via pig-butchering crypto schemes ($7.2B in 2025 losses), synthetic identity bust-outs, and account takeover attacks are the three leading threats. AI-generated deepfakes are accelerating all three by bypassing authentication controls not designed for synthetic media.
What is the current regulatory landscape for fraud in the US?
Active US enforcement as of 2025 includes FinCEN's Huione Group BSA designation, the DOJ Scam Center Strike Force, and the CFPB's lawsuit against major banks over Zelle fraud losses exceeding $870 million. Institutions face heightened due diligence expectations on cross-border payments and real-time transfers.
What is first-party fraud and how is it detected?
First-party fraud occurs when a real person misrepresents their own identity or finances to obtain credit. Detection relies on behavioural signals, including application velocity, income inconsistency, and rapid credit utilisation, rather than identity mismatch alone. Machine learning models trained on first-party patterns outperform static rule engines for distinguishing it from synthetic identity fraud.
How do US banks use behavioral biometrics for account takeover detection?
Behavioral biometrics builds a per-user baseline from typing rhythm, scroll patterns, and device interaction. Deviations from that baseline during a live session, even with correct credentials, trigger an account takeover alert. Banks deploying this layer report up to 66% fewer ATO incidents, according to Deloitte Center for Financial Services data.
