The only way to beat criminals who use AI to commit fraud is to mount a defense that uses AI more strategically.

Card industry fraud fighters have had success in using AI to bend the curve on fraud as measured by the percentage of total volume (purchases combined with cash). In 2024, fraud losses dipped to 6.4¢ per $100 in 2024, down from 6.6¢ in 2023. It is expected that, when figures are available for 2025, the downward trend in basis points lost to fraud will have continued.

However, a new factor—cardholder use of generative AI to create autonomous buying agents using protocols from Visa, Mastercard, PayPal and other companies—has provided an environment for criminals to commit fraud at banks, ecommerce sites (including marketplaces and gambling businesses) and reward platforms (including airlines, online gambling and online travel agents).

Generative AI technology enables criminals to sidestep the digital identity verification and authentication capabilities of legacy AI fraud fighting technology at scale. Bot detection defenses that worked a year ago are no longer sufficient.

GenAI is so powerful that it has spawned a new tactic—forcing a defender to combat thousands of fake transactions simultaneously, which serves to exhaust a defender’s fraud fighting budget. The tactic identifies the defender’s weak spots. Criminals initiate a second, targeted attack to enter the system.

The problem for defenders is that accommodation of valid agentic commerce agents requires that they no longer turn away every bot that wants to enter their system. Fraud fighting and security teams now need to focus on correctly identifying the intent of all AI agents—is it friend or foe? Fraud fighters believe that more than 40% of fraud attempts are now tied to AI.

Darwinium, formed by the founders of ThreatMetrix (now part of LexisNexis Risk Solutions), was created to address threats facing the payment card industry in this new era.

Based on knowledge gained from the 250 million transactions it reviews monthly, Darwinium knows that malicious AI agents act differently than AI agents deployed by valid buyers. The company helps its customers identify bots bent on fraud by discerning the subtle differences between valid users and criminals.

Darwinium’s technology, which is deployed at the perimeter of a customer’s network, watches APIs, web, mobile and content delivery systems. It is not siloed in applications, across channels or limited to individual touchpoints in a digital transaction, which is the typical deployment strategy for fraud fighting technology.

The company designed its fraud prevention technology to continuously profile the entire customer journey. It was also built to adapt at AI speed to new threats. This means that no new time-consuming engineering or code changes are required by a customer to meet those threats when they appear.

A customer’s red team, the security experts that simulate the fraud attempts by criminals who seek weaknesses in their own company’s processes, technology or personnel, use Darwinium’s Beagle service to test detection and mitigation strategies.

Darwinium’s cyber fraud prevention platform also supports Copilot, which customers use to optimize fraud fighting decisions and handle remediations—the actions taken after fraud is detected.

The company has customers in the US, the UK, Australia and Southeast Asia. It will deploy its technology for prospects to compare the results of its fraud fighting efforts versus their legacy systems. If the prospect doesn’t become a customer, they can keep information learned about the vulnerabilities discovered.

Darwinium touts 30% improvement in bot detections, nearly complete elimination of SMS phishing attacks, identification of human click farm abuse that exploits bonuses offered by online gambling operators and identification of mule accounts used in A2A scams. Fraud losses are reduced by half and operational costs are reduced by 40%.

It delivers these results while recognizing 99.95% of returning customers. Darwinium customers pay a 12-month subscription fee to deploy the cyber fraud technology platform.