AI and fraud detection: 2026 state of the art

Artificial intelligence (AI) has, within just a few years, become the unavoidable analytical layer of fraud prevention. Machine learning on transaction anomalies, real-time behavioral models, mule-network mapping, deepfake detection: no serious financial institution can do without it anymore. But AI alone has its limits. Drifting toward an "all-model" approach leads to setups that are vulnerable to synthetic identities, learning biases and to the explainability requirements of the AI Act (the EU regulation on AI). The 2026 state of the art no longer pits AI against real data: it combines them.

AI in fraud prevention: an operational necessity

Three forces have pushed artificial intelligence to the heart of KYC (Know Your Customer — customer identity verification) and eIDV (electronic identity verification) setups.

Volume pressure. An online bank now handles hundreds of thousands of events per day: log-ins, transfers, profile changes, data access, product openings. No human team can analyze this stream. Machine learning (ML) becomes the only filter capable of pushing anomalies up to an analyst's attention. Per consolidated 2025 figures, 52% of organizations report using AI anti-fraud defenses, and 67% are increasing their prevention budgets by +1 to +7% for 2026 vs 2025.

Attack sophistication. Fraudsters themselves have adopted AI. Sumsub measures that 39% of organizations fell victim to deepfake-based document fraud in 2025-2026, 24% to voice-cloning attacks, and 2% of fake documents detected in online KYC in 2025 are produced by generative AI. A defense relying solely on expert rules can no longer keep pace.

Compliance pressure. The new wave of regulation — AMLD6 (the 6th EU Anti-Money Laundering Directive), the AI Act, EBA Guidelines 2026 — requires both traceability of decisions and real-time responsiveness. Well-supervised machine learning models can hold this twofold requirement where manual procedures fail.

The 4 main families of AI in KYC/eIDV

Supervised learning is the historical building block. From labeled data (transactions confirmed as fraudulent or legitimate), statistical models learn to classify incoming transactions. The measured gains come through reduced false positives (typical move from 5-8% down to 1-2% with a well-calibrated model) and a higher detection rate (85-95% on known fraud patterns).

Structural limit: supervised learning sees only what it has been taught. By design, it misses new fraud patterns, synthetic identities outside historical distributions, and attacks by newly recruited mules.

Unsupervised learning looks for anomalies without prior labels. It detects atypical behaviors without requiring confirmed fraud cases. According to the DGFiP (the French tax authority), 56% of targeted tax audits in 2023 used data exploration and AI, with industrial roll-out for new fraud patterns in 2025-2026.

Advantage: new attacks are detected. Limit: the anomaly/non-fraud noise remains high, and the false-positive rate calls for a layer of real-data enrichment before alerting an analyst.

Behavioral models score every action in real time: log-in, transfer, change of beneficiary IBAN. They rely on dynamic indicators (time, geolocation, device, typing speed, comparison with the customer's history). This is the layer that detects a legitimate compromised account: the user's behavior suddenly changes.

This family is especially useful for continuous monitoring after onboarding, where the initial KYC is far behind and transactional signals take over.

Graph analysis maps the links between accounts: who transfers to whom, who shares a device, an IP address, an IBAN, a mobile number. This technology identifies mule networks, clustered synthetic identities, and layered laundering schemes. It complements supervised learning: what the model misses on a single account, the graph captures in aggregate.

Several European financial institutions are already using this layer to map SEPA mandate fraud, banking mule schemes, and suspicious crypto-to-fiat connections under the Travel Rule.

The limits of pure AI models

AI is not a silver bullet. Four structural limits hold back all-AI approaches.

A model trained on past data knows yesterday's fraud well. It poorly knows tomorrow's. On the synthetic identities generated by AI in 2025-2026, models trained in 2023 see detection rates collapse as soon as a new wave appears. Overfitting also shows up on atypical legitimate customer profiles (newcomers, expatriates, young people with no history), who get unjustifiably rejected.

Every model reflects its training data. If history carries a bias (over-representation of a geographic area, under-representation of an age bracket, gender imbalance), the model amplifies it. The consequence: very uneven false-positive rates across profiles, with a regulatory risk (GDPR article 22 on automated decisions — the EU's personal data law; AI Act on high-risk systems in financial services).

The AI Act labels customer scoring systems in financial services as high-risk systems. This imposes traceability of decisions, explainability of the model, and human oversight. Complex models (deep learning, deep tree ensembles) struggle to provide these guarantees. Regulators (the EBA at the European level, the ACPR in France) now require decomposing the criteria that contributed to a rejection decision.

This is the most subtle trap. A model trained to recognize genuine profiles can hallucinate the legitimacy of a well-built synthetic identity. If the identity document looks correct, if the selfie passes the anti-spoofing check, if the IP looks consistent: the model can auto-approve fraud that a simple query against a transactional database would have immediately rejected (no trace of life for that person).

::: callout-info The all-AI trap

  • A model hallucinates existence when the input is plausible but fictional
  • A transactional database does not lie: either the trace exists, or it does not
  • As we often say at Euroleads: "everything can be forged, except real life and what people actually buy"
  • The best 2026 setups use AI to prioritize but real data to decide

:::

The hybrid approach: real data + AI

The EBA, FATF (Financial Action Task Force) and ENISA (the EU cybersecurity agency) have been converging since 2025 on the same recommendation: AI must be framed by real data, not the other way around. The hybrid approach combines:

1. Real data as the foundation: transactional, government, telecom and tax sources, cross-referenced for convergence 2. AI as an analytical accelerator: machine learning to detect anomalies, graph analysis to map networks, behavioral models for real-time monitoring 3. Humans as supervisors: compliance analyst on high-stakes cases, audit of decisions, governance of models

This architecture outperforms pure AI on four dimensions:

DimensionPure AIHybrid approach
Resilience to new fraudLow (learning from history)High (real data does not lie)
Explainability (AI Act)Difficult on deep modelsNatural (data is traced)
EBA / ACPR complianceRequires traceability effortDocumented by design
Total costHigh (data science team)Moderate (data + light ML)

The EBA Guidelines 2026 estimate that by 2030, 70% of anti-money-laundering cases will be automated through hybrid approaches, with human oversight targeted at the 20% of complex alerts.

Sector case studies

On 60,000 annual onboardings modeled at one of our online-banking customers, eIDV through transactional data was used as a front-line layer, combined with a supervised learning model as a second pass. Result: customer drop-off reduced from 25% to 5%, measured ROI of 220:1, and a significant reduction in real fraud rates confirmed by Tracfin (the French financial intelligence unit) declarations over 12 months.

A consumer-credit fintech processes hundreds of thousands of monthly applications. The mix retained: graph analysis on the links between cases (mule detection), supervised learning on post-onboarding transactions, eIDV through data for initial validation. Detection of clustered synthetic fraud increased significantly, with no drop in completion rate.

Crypto-Asset Service Providers combine identity fraud (deepfakes) and post-onboarding fraud (mules for laundering, suspicious fiat-to-crypto on-ramps). The hybrid approach combines eIDV through data and certified biometrics at onboarding, then transactional machine learning and on-chain analyses (Chainalysis, TRM Labs) for continuous monitoring. The MiCA regulation (Markets in Crypto-Assets) and the Travel Rule make this setup mandatory.

The iGaming sector (online gambling) shows the 2024 peak in deepfake fraud (+1,520% per Sumsub). The winning mix: certified biometrics + document verification + eIDV through data + behavioral learning on gameplay patterns (anti-multi-account, anti-bonus abuse). The ANJ (Autorité nationale des jeux, the French gambling authority) has been tightening its controls since 2024.

Insurance mainly uses machine learning for fraudulent claim detection, but eIDV through data is taking a growing role at underwriting to validate wealth and history consistency. Life insurance contracts in particular (ACPR anti-money-laundering rules) require this dual perspective.

Regulatory framework to factor in from 2026

Three texts shape the design of an AI + data setup in KYC:

  • AI Act (EU 2024/1689): labels customer scoring systems as high-risk. Imposes traceability, transparency, human oversight, logging, and regular audits.
  • AMLD6 (the 6th EU Anti-Money Laundering Directive): requires documenting the reliability of the verification and scoring methods used. Models must be validated by the compliance function, not just by data science.
  • EBA Guidelines 2026: encourage hybrid approaches, frame the delegation to third-party providers, and require a map of the data feeding the models.

The ACPR published several supervisory reports in 2025-2026 flagging insufficiently documented machine learning models, especially in the insurance brokerage sector. A well-designed hybrid approach reduces this regulatory risk.

::: callout-info Target architecture 2026: summary 1. Multi-source real data as the foundation (transactional + government + telecom) 2. Supervised learning on post-onboarding transactions (reduced false positives) 3. Unsupervised learning on anomalies (detection of new fraud) 4. Graph analysis on mule networks and synthetic identities 5. Behavioral models in real time (compromise signals) 6. Targeted human oversight + AI Act traceability :::

Key takeaways

::: callout-info Remember

  • 52% of organizations use AI in anti-fraud defense, 67% are increasing their budgets in 2026
  • Pure AI suffers from overfitting, bias, and explainability issues under the AI Act
  • 39% of organizations were victims of document deepfakes in 2025-2026
  • The hybrid data + AI approach is recommended by the EBA, FATF, and ENISA
  • A well-designed hybrid setup can reach 220:1 ROI in online banking
  • By 2030, 70% of anti-money-laundering cases will be automated through hybrid setups with targeted human oversight

:::

To dive deeper into the data foundations, read Transactional data sources: why they change the game. On resilience against generative AI, see Deepfakes and identity: how to detect them in 2026. On complementary methods, eIDV / biometrics / document verification comparison. For sector foundations, consult Banking KYC and Fintech KYC. On regulation, see the KYC/eIDV regulation France pillar.

::: cta Assess your AI + data anti-fraud strategy with our experts? Discuss your project :::