By André Ferraz, co-founder and CEO at Incognia
GenAI has turned fraud into a relentless arms race for payments companies, making attacks faster, cheaper and far more sophisticated. Authorized Push Payment fraud alone could surge to nearly $15 billion by 2028, underscoring how convincingly attackers can impersonate trusted contacts to pressure users into sending money. In parallel, GenAI is fueling synthetic identities and fake sites that evade traditional detection, widening the gap between how fraud is committed and defended.
Legacy point-in-time fraud controls — single login snapshots, static device checks or transaction velocity rules — still catch obvious anomalies, but they are poorly suited to adversaries who can spin up deepfakes, cloned apps and scripted “good” behavior on demand. In real-time payments, that gap hurts most after the money moves. Platforms authorize millions of sub‑second transactions where disputes and chargebacks surface later, eroding margins and trust. Stolen credentials get tested and reused within hours. Synthetic applicants pass onboarding with AI‑generated documents; “clean” accounts get handed to bad actors post-KYC.
To keep pace, payments leaders are shifting from one‑off checks to continuous journey analysis — tracking device, location and behavior across sessions — so they can spot the moment an apparently good customer’s story stops adding up.
Why One-Time Checks Keep Failing
Most fraud programs focus on high‑stakes moments like onboarding, login and transactions. At each of these points, systems make narrow decisions based on visible data — credentials, device, channel, basic account history. This model made sense when attacks were slower and more linear, but it breaks down against today’s bad actors, who rotate devices and IPs, rehearse benign behavior and weaponize automation to slip through these isolated gates.
Weaknesses tend to emerge in two directions at once. On one side, subtle, slow‑burn schemes — normal-looking accounts that push into high‑risk activity weeks later — slide through because no single event is extreme enough to trigger an alert. On the other side, legitimate customers are punished for ordinary life changes, such as a new phone, an unexpected trip or a late-night purchase. Point-in-time models excel at spotting spikes or outliers, but they miss the broader narrative that would show these are just routine variations, not malicious intent.
That’s why the internal conversation at many payments and banking organizations is evolving away from “Did this one event look okay?” to “Does this event still make sense in the context of everything we’ve seen from this customer so far?” Individual tools — identity proofing, login controls, transaction monitoring — are still essential, but their outputs need to feed a living assessment instead of a stack of disconnected yes/no decisions. Once teams start evaluating risk as an ongoing journey rather than a set of snapshots, it becomes much easier to detect when a previously consistent account starts behaving like someone else entirely.
Building Trust Through Consistency
Continuous journey analysis flips the fraud equation by focusing on identity continuity. Legitimate customers tend to exhibit stable, repeatable patterns across dozens or hundreds of interactions, even as their lives evolve. Payments platforms can map behavioral fingerprints, such as the sequence of devices used over months, the logical progression of locations (home → office → gym → home) and cadence of activity, reflecting real human routines to create a living reference profile unique to each user.
Within these profiles, sophisticated fraud exposes itself through pattern fractures. Synthetic identities struggle to sustain realistic device aging or coherent location histories. Account takeovers often trigger abrupt departures from established norms: the customer who reliably transacts on Tuesday mornings from a familiar suburb suddenly initiates a high-value transfer in the middle of the night from a different continent. That’s not variation — it’s discontinuity. Attackers may be excellent at staging a single convincing moment, but maintaining that illusion consistently across multiple signals over time is far more difficult.
Because each customer effectively becomes their own benchmark, the system scales naturally with volume. Early sessions are used to passively establish baselines, while subsequent interactions refine those profiles and sharpen the signal-to-noise ratio. Over time, platforms gain cleaner, more contextual risk signals feeding their decisioning engines. That allows them to accelerate approvals for well-understood, low-risk behavior and reserve manual attention for cases where patterns truly diverge, stopping abuse before it turns into material losses.
Frictionless Signals at Scale
A key advantage of continuous journey analysis is that it can operate almost entirely in the background. Rather than relying on frequent step-up challenges, one-time passwords or intrusive checks that frustrate users and depress conversion, payments companies can embed passive signals directly into their existing flows. Device characteristics, location coherence, network attributes and subtle behavioral cues can be evaluated in real time without adding friction at the front end.
When implemented well, these layers support sub-second risk assessments that preserve the speed customers expect from real-time payments. High-risk sessions can trigger targeted mitigations — velocity caps, temporary holds, adaptive limits or prioritized human review — while low-risk activity glides through with no visible interruption. Early adopters report that such approaches can significantly increase fraud detection while reducing operational overhead, demonstrating that seamless signals scale better than increasingly complex rule sets and hard authentication walls.
Framed this way, fraud defenses stop being a pure cost of doing business and become an enabler of growth. If platforms can confidently approve good customers most of the time, with fewer false declines and fewer post-transaction surprises, fraud controls start to look less like a brake and more like a performance tuning system.
Continuous Risk is an Executive Imperative
AI-driven fraud has outpaced point-in-time controls, rendering one-off checks at onboarding, login or authorization obsolete against synthetic identities, rapid account takeovers and real-time social engineering. Continuous journey analysis is now the essential operating model for payments executives — enabling platforms to verify if a customer’s actions still align with their established history at every interaction.
For executive teams, this shift delivers measurable impact across key metrics: higher approval rates for legitimate transactions reduce false declines and boost revenue; streamlined operations cut dispute volumes and manual reviews; explainable signals — rooted in location anomalies, device shifts or behavioral breaks — ensure regulatory compliance without black-box risks.
Payments leaders must prioritize unified lifecycle risk views, demand traceable decision chains and track outcomes like trusted volume growth and friction reduction. Those who integrate continuous monitoring into core strategy can unlock speed, scale and customer trust, three vital components of payments business today.
