Secure Financial World

Anti-Fraud Resilience in 2026

Plus TI Marketing Season 7 Episode 2

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 29:44
SPEAKER_00

The nature of risk is constantly evolving while fraudulent activities continue to innovate, and therefore our security measures simply cannot afford to be left behind. You're listening to Mundo Financiero Seguro, your essential podcast covering crucial topics like cybersecurity, fraud prevention, AML compliance, thin check innovations, and comprehensive risk management. In every single episode, we bring you clear insights, real-world trends, and key strategic tools designed to effectively protect the entire financial ecosystem. Join us and let's collaboratively transform every challenge into a valuable opportunity. Welcome to Secure Financial World, the podcast from PlusT. I'm Juan José Rios, and in today's episode, we're going to explore six crucial questions, not just to discuss tools, but to truly understand what is currently changing, what we might be underestimating, and how anti-fraud resilience actually looks in practice. For this important conversation, I'm joined by two voices with extensive experience in the industry. From Spain, we have Julio San Jose, Director of Digital Transformation and Cybersecurity at Alvarez and Marsal. And from Colombia, Marta Leuro, Vice President of Customer Success and Consulting at PlusTee. Thank you both so much for joining us today. A very warm welcome.

SPEAKER_01

Well, I'm truly very grateful to Plasti, and it's a genuine pleasure to be back with all of you on this podcast.

SPEAKER_03

Hello and a very good morning to you all. A huge thank you also to Julio for participating with us. He is an influential voice throughout Europe and Latin America. Juan Jose, it's also a great pleasure to be with you all today. Thank you very much.

SPEAKER_00

Thank you both very much. Well, if you agree, let's dive into the context. When we talk about fraud, many organizations still tend to think of the same old attacks. However, there are clear indications that the problem is now shifting to a different place, driven by new forms of deception and increasing automation. And this is where our first question comes in, Marta. What underestimated typologies today, and it's important to mention, will have a systematic impact in 2026 due to the use of artificial intelligence, generative AI, and criminal automation?

SPEAKER_02

Thank you, Juan Jose. I truly believe that it's not that we're going to experience more fraud in 2026, but instead the fraud will be much more organized, it will be far more believable, and it will occur in a much more agile, much more rapid manner.

SPEAKER_03

And for that very reason, we are discussing these underestimated types of fraud. It's not that we're going to encounter more new fraud typologies, it's that the ones we're already familiar with, the ones that are already in existence, will become far more believable and convincing. We've actually seen fraud from technical failures, either due to a lack of onboarding or no prior process. But today I believe fraud will increasingly stem from the violation or betrayal of people's trust. And with that, I'd say the first underestimated category is impersonation. Actually, identity impersonation today is already hyper-realistic. Today, we're talking about emails that aren't just poorly written but are in fact absolutely perfect. Or we're discussing suspicious phone calls where quite genuinely the voice we hear on the other end is exactly like that of the advisor from our financial institution or that of our boss or even that of a family member or someone very close to us. But in addition to the voice being being identical, the context it has makes me clearly, as a user of the financial sector of the financial ecosystem, believe that the one on the other side really is who they say they are. So I would say that here the first thing is a hyper-realistic impersonation. The second point, we could also discuss a little bit about what we used to refer to as synthetic identity. Today is truly a very well-constructed identity where I believe we can confidently state that it's not just precise. It's not just that he invented an identity, but he used digital documents, no longer forged, but real, created ones that pass absolutely all types of control. Attackers who are just the documents, who put them through countless tests to be able to commit fraud, to deceive. And the third point, truly, I believe, is that it's no longer just a lone criminal uh looking for someone to ensnare, but rather organized networks of deception that create a truly elaborate chain of fraud. They are no longer isolated individuals, as I mentioned earlier, but rather sophisticated structures that actively target and ensnare their victims, manipulate them, and then manage all the money movements from the very beginning to the very end. This is this is somewhat the core idea behind what we are now recognizing as the underestimated types of fraud. They are not entirely new typologies. Rather, they are improved versions where deception will definitely emerge as the normal decision a client makes before carrying out any transaction.

SPEAKER_00

Therefore, Marta, what you've mentioned completely changes the entry point of risk, as we are not just speaking of technical vulnerabilities, but rather human and organizational vulnerabilities. Now, if fraud is no longer an isolated incident but a continuous problem, the next logical question becomes quite inevitable. Why do some organizations manage to resist better than others? Julio.

SPEAKER_01

Secondly, they make a rapid decision, always with the full context in mind. They have layered controls that combine technical signals, behavioral patterns, and they know exactly when to block, when to issue a challenge, and when to simply let it pass. It doesn't paralyze a legitimate customer, which is the ideal for everyone, nor does it let the fraudster pass, because it has very clear decision thresholds, and as we all know, these decision thresholds are very complicated to achieve. And finally, and thirdly, but certainly not least important, is the immediate learning. The moment a fraud takes place, a truly resilient organization immediately reacts. Some of these organizations are even reacting within mere minutes. It promptly updates its controls and its messaging and then effectively coordinates across all relevant departments and areas. Onwarding, transactional, customer services, compliance, all of these areas communicate with each other. They have abolished the silos of fraud. Fraud can no longer hide itself within the internal silos. The biggest problem or the most uncomfortable aspect of major internal transformations is that they often remain just technology purchases. There's a look very good in the reports, but fraud continues just the same, remaining solely the fraud department's problem. In summary, a reactive organization learns too late, improvises, and then repeats the same problems. The resilient person or resilience itself anticipates, decides, learns, and recovers before fraud. Let's remember that the word resilient or resilience is it has two approaches: an engineering capacity and a human capacity, which is how human beings recompose ourselves and rebuild ourselves after a blow. A moral blow or even a physical one.

SPEAKER_00

That's where the organization needs to improve. Therefore, not every organization deals with fraud in the same way. That's what we understand. The business model also changes the risk profile. Along those lines, Julio, what types of fraud evolve more rapidly in fintech and digital payments than in traditional banking? And I'd like to add the question, why?

SPEAKER_01

Well, in a fintech environment and with digital payments, everything moves at a much faster pace. I mean it's incredibly rapid. Assuming it's fraudulent. All of this is accelerated by three causes account opening fraud, admission fraud, and accounts created specifically to move money. Scams happen through instant transfers. The money is gone in mere seconds. We are capable of placing in eight, ten, twenty, or thirty seconds at most money on the other side of the world. And the use of recruited bridge accounts, that is the third method. This is simply the inherent cost of growth. All of this collectively represents the uncomfortable aspect of the situation. These three distinct elements, when united, coupled with the relative youth of these specific sectors, we must always remember that traditional banking institutions have been operating for many, many years. I truly believe we could confidently say, practically since the very dawn of time, they've been actively fighting against fraud. And when it comes to fintech and digital payments, many people, when they are developing, don't conceive of this as an end-to-end solution as fraud prevention from every single point, from every single point of the entire process. To summarize, in the world of fintech and digital payments, everything becomes easier, but of course it also becomes easier for those, those I refer to as the bad guys, the cybercriminals.

SPEAKER_00

Thank you, Julio. Well, what's most important in relation to what you have just finished sharing with us is that this level of complexity and even the very way that we classify fraud is beginning to fall significantly short. So, Marta, I'm with you on this. How should our defenses be reevaluated and redefined by the year 2026 so that they continue to be truly useful, especially when we are confronted with the hybrid and chained fraud?

SPEAKER_03

We've already discussed what to expect regarding the various types of fraud, what truly differentiates a reactive entity from one that is genuinely resilient, and the specific kinds of fraud that target each entity, depending on its place within the broader financial ecosystem. Our traditional defenses will no longer be enough to deal with fraud as we do today, really. How are we looking at fraud today? As an isolated incident, a wire transfer fraud, a credit card fraud, a digital fraud, when in reality fraud is occurring as a chain. It's not a single isolated incident. By 2026, fraud defenses truly need to move beyond isolated controls and should evolve into a comprehensive system that tracks the entire fraud chain. Something I've learned from Julio is that fraud isn't broken at the end, it breaks in a chain. This is key. There's no fraud without signals, no fraud without movements, no concealment of money. So note the chain we need to be reviewing. Therefore, a useful defense truly begins before the transaction occurs. It's not merely about blocking, which I believe Julio also brought up. The finalization of the transaction is not about the sheer number of transactions I've blocked or the accesses I've prevented, but rather about observing what early warning signs I'm validating, what shifts in behavior I'm scrutinizing, if there are any urgent situations or unusual occurrences, if there are decisions that deviate from established patterns. If these signals truly exist and I attack and manage to create an option there, then I will most certainly be able to genuinely anticipate. The second layer I'd say is to act during the money transfer. The goal is no longer to detect a suspicious transaction, but to break the pattern of fraud, how many times the same client falls into the same trap. And the third layer, which is crucial, is learning this thing. We cannot fail to identify if this client has already been a target or if we've encountered this pattern before. What changes after each attempt? What adjustments we should make, if alerts were modified, if limits were adjusted, or if any process was altered. I mean, if a fraud occurred and everything remains exactly the same, then our defense truly failed because we didn't learn from the very case that is currently happening to us.

SPEAKER_00

It's worth noting that this changes the way fraud is investigated, prevented, and above all, how we learn from it. All this leads us to a question that is less, if you will, less technological, but equally crucial. And which ones are not yet sufficiently developed at the very start of this 2026?

SPEAKER_01

Well, look, uh Juan Jose, I believe that uh at least five, at least five human capabilities will truly make all the difference. The first crucial aspect we need to consider is what we refer to as applicable adversarial thinking. And it's true, we really start to think like criminals, but not in some abstract way, but rather very specifically. How exactly would fraud potentially exploit my processes, my customer messages, and my blind spots? We must begin to consider how they might attack us right from the outset, from the initial design phase of both the system and the product itself. The second point is the interpretation of weak signals, learning what criminologists refer to as low-level criminology or crime. You see, sophisticated fraud doesn't scream out loud, it always whispers. Detecting those scattered patterns across many different areas and connecting points, as Martha was just saying a few moments ago. Points that don't seem to be related, uh that is uh that is truly the most important thing. An odd comment in customer service, an unusual or rare pattern in onboarding, a strange trend on social media. All of that should form part of a system, or more specifically, an early warning system, because no model can see it alone. It is only a human being who possesses the unique capacity for synthesis. Another crucial capability would be the ability to make very cautious and carefully calibrated decisions, especially when operating under conditions of significant uncertainty. Yes, I think when you only have 75% or 80% of the data is when you need to work, because waiting for a 100% means you'll be late. But also knowing when a quick decision creates more harm than benefit. You have to contain the impulse, the saving impulse to block, and it is, let's say, an educated intuition, not improvisation or paralysis. It's educated intuition. Communication, the fourth would be effective communication during emotional crisis. Let's not forget when we are serving clients, they are scared, they are furious, they are ashamed to pay. I have served clients in my past lives, and the most important thing is to have empathy while you reduce the damage. And very importantly, you obtain a lot of useful information. This translates into technical patterns, into narratives that help legal, product, and a board to improve. Fraud is fought with coalitions, by building compelling stories. Ultimately, human beings learn by reading and playing. With the arrival of AI, we also need the governance of AI with ethical criteria. All our systems now have assistance and reason through AIs. But we must know when to place our full trust in these models. We must identify biases that can unfairly discriminate and we must balance friction with security. Making fair decisions under pressure because shortcuts in the name of efficiency can irreversibly damage our company. The most critical aspect of everything I've mentioned is that these capabilities are not learned in an online course. Adversarial thinking is developed by doing red teaming, by analyzing real-world fraud, and by learning directly from attackers. All of the weak signals require a significant amount of mentorship and exposure to many different domains. And making decisions under conditions of uncertainty requires, as with everything, more training. In the year 26, uh the crucial distinction will be between organizations that merely treat these characteristics as soft skills and those that truly transform them into fundamental core competencies through structured developmental programs and through carefully planned intentional rotations.

SPEAKER_00

Well, it's very clear to us, Gullio, that technology is no longer the central focus, but rather an enabler. And well, ultimately, we understand that a leader needs to know if they are truly on the right path. That brings me to my next question, Marta, if you'll allow me. I'd really like to know to understand this more clearly. What key indicators should a leader be monitoring to determine if they'll remain resilient over the next two or even three years?

SPEAKER_03

I believe that a leader will be resilient in the coming years, not just by the amount of fraud they report or even by how much fraud they prevent. A resilient leader is not merely defined by avoiding fraud, but also because they truly understand and manage the entire fraud chain from the very first signs to the movement and the concealment of money. There, we can truly say that such a leader is demonstrating resilience and is genuinely capable of effective measurement. If we accept today that fraud is no longer merely the actual movement of money, but rather it originates much earlier from the very first warning signals, then we are truly capitalizing on that insight. Therefore, the primary focus should be on the indicator of how they manage to recruit or entice the individual to understand when or how, from the moment the signals restart, to be able to grasp how visible those signals truly were, how much reached the organization, what I was able to do, I was able to validate its context, I was able to validate any abnormal query and the one Julio also mentioned, right? Something unusual that happened in that context before, for example, sudden changes in the client's behavior, strange patterns of contact, the urgency with which at a given moment they are repeating their inquiries or deviating from the way they normally operate. These signals, if I were to capitalize on that information, I could really think about having that indicator of how they managed to ensnare the individual before the fraud was actually committed. So the real question here is whether there was fraud or not. What we really need to be focusing on here is how many signals I was able to identify, how many frauds I was able to stop, for example, right from the onboarding or from the very first consultation that would have been carried out. The second is indicators of manipulation and control. We really need to start focusing on those in indicators, and here the leader must truly monitor how quickly these unusual behaviors are identified. So when one is truly performing a chain analysis, not just that the transaction originated from account one, from bank one, or from fintech one, or from cooperative one, four five or four seven, but rather what signals were truly present beforehand so that we can begin to identify those anomalous behaviors. And really be able to generate by using those controls. It's not just about merely detecting something unusual, but rather how much time elapses between when I first detect something I miss and when I actually intervene, isn't it? Because normally one might say, oh, I'll handle it. Of course, I often detect something strange only after I've already completed the analysis of the fraud. The whole idea is that I should be able to intervene or send out my alert at the very moment it's happening when it truly occurs. The third perhaps would be an indicator of how money is actually moving. Once the money begins to circulate, the focus needs to be on whether the organization differentiates between unauthorized fraud and payments that are authorized but obtained through deception. And that's very important and sometimes it causes quite a bit of confusion among us. I mean, what exactly do we mean by unauthorized fraud versus payments authorized through deception? When it comes down to it, it's all fraud. It's one thing for a fraud to have been committed. For example, this applies very well to credit cards where the card was cloned and a payment was processed, right? So either information was taken, stolen from somewhere, and the transaction was carried out, that is an unauthorized fraud, and another is when the fraud was committed, but I was deceived, the customer was deceived. I handed over the credentials, I handed over all the information, believing that the person on the other side was who they claim to be. Note that there are some quite important differences there because here, when I'm talking about unauthorized fraud, it's simply a matter of Of seeing if the cards or the card numbers are on list somewhere, if they've been shared, or if we need to try and clean up that information. But in payment in Naomi, as some payments are authorized under false pretenses, the decision I have to make to prevent this is exactly what Julio mentioned: client education. How to prevent it, how to spot if you're being tricked, how to recognize those signs. So you see, the actions are really different. Then if I don't have an indicator of how money moves to identify that unauthorized fraud is different from payments made under deception, then I really won't know where to focus my efforts. So, what I would say here is that a resilient leader must answer for how much money was lost because the client was deceived, how much was recovered, and then how much was definitively lost between the two forms, as we just mentioned. The fourth indicator is about how money is hidden and distributed, and there's been a lot of talk about fraud land, right? That is to have an integrated view of fraud and money laundering, which entities are increasingly starting to adopt in Europe. Julia won't let me lie. That's practically a given, but we here in Latin America are still debating if we should really have that kind of synergy, you know. And truly, if I can exert some measure of control over the bridge accounts, over the Mule accounts, or over those specific networks, then I am genuinely able to make significant progress. And the fifth indicator, which is perhaps the most revealing for us, is recidivism, something we have already been discussing throughout this podcast. It's about how many times the client falls victim to a scam once more. And here, I would say we're reopening something we've always talked about. It's the within my own organization, it would be quite simple for me to implement that control. Because if a client has already complained once and is now complaining a second time, well then they're a repeat offender. But we really should be looking at the broader financial ecosystem. Therefore, once again, that aspect of being able to communicate with the financial ecosystem in order to receive valuable information and gain a much broader perspective would certainly be a significant matter. It's quite important for what we're going to be facing today. To sum it up, I believe we need to have indicators based on time signals, how long it takes, who is involved in the process, how the money is moving, and whether or not it is a recent transaction. These indicators truly help me recognize the entire fraud chain, which is precisely what we are discussing today. It is no longer enough to simply identify the type of fraud, we must identify the entire chain.

SPEAKER_00

We're reaching the moment when I'm going to ask you to highlight these very important points. I'm going to invite you to share your conclusions and above all the recommendations from the experts who are with us today. Marta, if you'd like, let's start with you.

SPEAKER_03

Thank you, Juan Jose. Well, I believe I'll conclude by saying that in 2026, fraud will no longer grow just by volume. I mean it won't grow by the sheer number of frauds, no, but it will grow because of its organization, because of how it's organized, because of how it's industrialized. We will increasingly see fewer improvised attacks and many more deceptions that are very well designed, very well thought out, very well coordinated, and of course, extremely difficult or complicated to detect. Truly, in 2026, measuring resilience will mean measuring whether or not we are able to see the signals, whether or not we are reacting in a timely manner. And if we manage to break the entire chain of fraud, that's when we'll truly be able to say that we have a comprehensive final overview and we'll be able to arrive on time. Simple examples. A person receives a call, says they pause a fraudulent one, and they trust it, right? Pause, they authorize the transfer. Pause. The money passes through several accounts, pause, and then it completely disappears. Pause pause. That's what we traditionally see. It came as I think am I doing? I am only reporting the transfer fraud, and that's how I complete the cycle. So honestly, I didn't understand anything at all. If I keep doing that, I've lost the chance to see the pattern to prevent the next case and truly to protect our clients. And here I want to conclude with a question for those listening. How are you currently managing or feeding back fraud signals? Or are we just classifying typologies? Thank you very much, Juan Jose and Julio, for this truly beautiful, truly lovely opportunity to allow me to participate in this podcast.

SPEAKER_00

On the contrary, Marta, thank you so much for all that valuable information. All right now, Julio, based on your extensive and valuable expertise, I really need to ask you to please give us some advice, a key suggestion at this crucial moment for recommendations and final conclusions.

SPEAKER_01

Well, thank you very much, Juan Jose. I believe that in this 2026 uh we find ourselves facing a great paradox because the more digital and automated our businesses become, our fraud prevention systems have to be more they must be more human. It's not that technology is useless. In fact, I'm an engineer. I couldn't possibly say that, but rather because advanced fraud precisely exploits the trust, emotions, and blind spots within our organizations. No model as of today is able to detect that. The organizations that win this battle, because this is a struggle, and that is one of the first points that must be understood, this is a war with multiple battles, will be those that understand that anti-fraud resilience is not merely a technological project. That is not enough to simply buy a technology, and in some cases, even just to put it, even just to put it into operation. It needs to be complemented by a human component and a strong organizational capacity, requiring a significant transformation within the organization itself to intelligently leverage that technology. My primary recommendation for this upcoming year, 26th, is that we continue to become increasingly digital while simultaneously remaining more human. Well, I'd like to thank uh Marta, you, and Monitor Plus for having me today. It's an honor and a pleasure to be with you all.

SPEAKER_00

Thank you very much to both of you. Well, if there's one thing that has become abundantly clear to us after this entire conversation, is that fraud is no longer just an isolated incident, nor even merely a specific one-off problem. Today, fraud is an organized capability that not only learns, it constantly adapts and scales up. Now, the crucial question is no longer whether organizations will be attacked, but whether they are learning simultaneously at the same rate that deception evolves. Furthermore, if they are able to anticipate, make timely decisions, and transform each incident into valuable knowledge. Anti-fraud resilience is not built solely with technology. That's clear to us. It's built with judgment, coordination, and continuous learning. Many thanks to Julio and also to Marta for their valuable contributions and for helping us to examine this challenge with greater insight. And of course, our sincere thanks go out to all of you for joining us in this particular episode of the PLOS Team Podcast. I'm Juan Joser Rios. Thank you for listening.