Can You Fight Fraud and Improve Customer Experience at the Same Time?
This episode features a replay of a Q2 webinar exploring how financial institutions can turn fraud strategy into a competitive edge by using connected fraud intelligence to spot risk earlier, move faster than attackers, protect account holders in real time, and actually improve the digital experience along the way.
Listen
Subscribe
Related Links
[On-Demand Webinar] Building Trust, Not Friction: The Future of Fraud Prevention
Transcript
Cheryl Brown
Welcome to The Purposeful Banker, the podcast brought to you by Q2, where we discuss the big topics on the minds of today’s best bankers. I’m Cheryl Brown. Welcome to the show.
I always say we discuss the topics that are top of mind for the best bankers, and fraud is definitely leading that list. Fraud prevention isn’t just about stopping bad transactions anymore. It’s about protecting something far more valuable, and that is trust.
In this replay of a recent webinar, Ben Cash and Jeff Scott from the Q2 Fraud Intelligence team dig into how banks and credit unions can fight fraud without turning digital banking into an obstacle course for their account holders. They’ll discuss what’s really driving today’s fraud pressure, including AI-enabled attackers and mobile channel exposure to burnout in fraud operations teams. And they’ll discuss why traditional, siloed controls can’t keep up. They’ll also offer some tangible solutions.
If you’re wrestling with account takeover, payment fraud, social engineering scams, or just the rising cost and complexity of fraud, this conversation will give you a new way to think about the problem—and a practical sense of where the industry is headed next. So listen in.
Ben Cash
All right. Welcome everyone, and thanks for joining us today for our webinar. We're excited to spend the next hour discussing how we can approach fraud prevention differently—not as a barrier, but as a bridge to a stronger trust and better experiences. The theme is build trust, not friction. So that really captures where we are, as an industry, heading as we explore how financial institutions can fight fraud more intelligently.
I'm Ben Cash and I lead the team of product folks focused on digital banking fraud solutions. And I'll be serving as your host today. And I'm joined here today with Jeff Scott, our VP of Fraud Intelligence across Q2. So Jeff, why don't you take a moment to introduce yourself?
Jeff Scott
Yeah, thanks, Ben. Yeah, I'm Jeff. I run the Fraud Intelligence business at Q2. Been with Q2 since 2017. Prior to that, most of my experience was with a regional financial institution running commercial digital, commercial card, and some corporate strategy work. So thanks, Ben.
Ben Cash
Yeah. Thanks, Jeff. So together we'll kind of walk you through things like the current fraud landscape, share some practical strategies, and look ahead at how we're building toward a more connected future.
So with that, when we talk about fraud, the conversations often center around losses, dollars, percentages, or fraud rates. But the truth is it's not about money all the time. It's about trust, because when you lose trust, you lose relationship, reputation, and long-term value. And those can be far harder to recover than funds oftentimes. And what we're really trying to balance is digital trust, ensuring your users feel protected and confident in your brand without adding unnecessary friction to their experience. Every extra challenge, every failed login, every false positive, it chips away at the confidence people have or customers have in your institution.
So our job is to deliver a security that feels invisible, protection that's intelligent, not intrusive. So we have to stop asking what friction points do we need because even though that slows down the fraudster, it also gets the way of genuine users. Instead, what we should be asking is, what intelligence do we need to tell the difference between a fraudster and a true user? And that's how we build trust without compromise. That shift from adding friction to building trust through intelligence is how we are looking to reshape the fraud landscape.
So we just talked about how fraud is really about trust. So we went through the trust and friction, but we can't also ignore the financial reality of some of these pieces. Fraud still hurts, and that hurt is growing. For every single of dollar lost to fraud, financial institutions in the U.S. now incur about $5.75 in total cost, according to LexisNexis. That's everything from investigation, recovery, and claims management, to customer support, technology overhead, and very importantly, reputational damage. That number was just $4 a few years ago, so the trajectory is quite steep.
Not only that, but fraud used to be seen as a security problem. Now, it's a business problem. Two-thirds of institutions say fraud touches at least four major areas of their organization. It's hitting brand reputation and customer trust. Those are the two hardest things and often are hard to rebuild. Not only is this eating into direct losses, but it's also burning out internal teams who are chasing false positives, reconciling claims, and explaining to customers why their transactions were blocked.
So the ripple effects are starting to feel everywhere. And what we're also seeing is the fight is moving to mobile, to different channels. About 66% of U.S. FIs say that mobile fraud increased by double digits last year. And mobile is where your customers live, which means it's also where fraudsters are focusing their energy. This channel shift raises a new challenge. How do we protect mobile experiences without turning them into security marathons?
That's where intelligence becomes a differentiator. So Jeff, I'd love to turn it over to you and have you jump in here. You spend so much time with financial institutions and in the market that are living this every day. What are you hearing from them and how are these costs and channel shifts are showing up in the real world?
Jeff Scott
Yeah, thanks, Ben. I did have a really interesting opportunity last week to sit down and do a panel with one of the largest financial institutions in the U.S. So then one of our customers that was a mid-sized financial institution, and they talked about the same harrowing story. You sort of called it out there in terms of burnout, that their fraud operations teams couldn't keep up the pace. And so no matter the difference of the size of the financial institution, it's just different scale. They have the exact same problem.
And I think what we're seeing is a confluence of new AI-driven fraud capabilities, new payment channels, and both of those things emerging at the same time that we're fighting legacy fraud and we're sort of stuck in between our old model of fighting fraud and trying to advance to the new. And in between there, we're just catching our fraud operations teams in that sort of crossover because we just can't throw enough bodies at this problem.
Ben Cash
Yeah, that makes sense. Thanks, Jeff. That's a great market perspective and the voice of our customers and our FIs. So we've talked about the cost of fraud, and Jeff alluded to some of the things he's seeing in the market and hearing directly from customers like you all. But now, let's talk about the complexity that financial institutions are up against.
It seems we're in the middle of this dramatic shift toward digital servicing, and like you said, Jeff, real-time payments. These channels move faster, serve more users, and carry higher expectations, but they also create new opportunities for fraudsters to exploit timing and speed. At the same time, we seem to be dealing with more sophisticated threats than ever before. Attackers aren't just brute forcing credentials. They're using automation, social engineering, and AI, like you said, to mimic trusted user behavior in convincing ways. Add to that, increasingly competitive focus on customer experience.
Everyone wants to deliver speed and simplicity, and fraud controls can't come at the cost of conversion and satisfaction. There's this compression of resources. Teams are being asked to do far more with far less: fewer analysts, more alerts, and pressure to automate decisioning wherever possible. And of course, the end customer remains the weakest link. Fraudsters know that people are the most exploitable surface in the ecosystem, whether that's through engineering, scams, or just account takeover attempts.
The irony is while all this is happening, technology is racing forward. We now have to access advanced analytics and machine learning and AI, but most FIs are still figuring out how to apply those tools effectively within their fraud programs. So Jeff, when you look across, say, our customer base or FIs or just the market at large, how do you see these forces playing out in kind of real life?
Jeff Scott
Yeah, I mean, you sort of nailed it. When you look at digital acceleration, even over the last 15 years, and then you get to really sort of pre-COVID, we saw that uptick. And then, of course, with COVID, there was just a massive rise of digital adoption. And so you take all those forces coming together at once and then fraudsters with what they're doing with AI, they have no boundaries. They don't have data silos like we do. They don't have process or bureaucracy. They are free to use the best technology as fast as they desire and in ways that are highly innovative. And so it's very organized. It's not the same fraudster that we were dealing with even several years ago. These are companies. They've got tools at their disposal. They've got data breaches that they've been sitting on and compiling data about a person or buying and selling it on a black market and getting synthetic IDs put together. And then they've found the weakest link, to your point.
And then right now, because I think our technology has started to fight fire with fire to the best of our ability as we go from legacy fraud models to more modern fraud mitigation stacks, they're going to the weakest link, which is the customer. And that's why you're seeing the uptick of account takeover and all the sort of new modern threats that we're dealing with.
And then at the same time, we talked about the fraud operations teams being under pressure. They're trying to keep up. And at the same time, they're dealing with all the legacy threat vectors. So check fraud is still the No. 1 threat vector in the United States and the highest dollar value of fraud loss. And so you're dealing with all the things that you were dealing with before plus all these new threat vectors.
And then when you look out into the future, we just think there'll be names for types of fraud in three years that we're just not talking about yet. It will just continue to evolve that quickly. So it's a lot of pressure all sort of colliding at the same time.
Ben Cash
Yeah, no, that's well said. I know FIs are feeling it, we're seeing it, so there's a lot of challenge here. I think that that perfectly dovetails into this next section of ... I've known you for a while, and you talk about Fraud Intelligence. I think it's what you say almost every day these days. And so far, we've talked about the pressure financial institutions are under, rising costs, evolving threats, limited resources, and higher customer expectation. And so the natural question is how do we respond to that? And I think this is where the concept of Fraud Intelligence starts to come in. It's the foundation of where Q2 is heading and how our clients are rethinking their approach to fraud prevention. So I'd love to turn it over to you to have you unpack what we really mean when we say Fraud Intelligence and how it's different from traditional detection and scoring and some of those pieces.
Jeff Scott
Yeah, I'd love to do that. With the Fraud Intelligence platform, what we're really trying to do is lead a movement. So we're helping financial institutions see fraud, stop fraud, and then in the case that there is fraud, which inevitably there will be, how do we solve it?
And so if you unpack each of those statements and we'll flow through them a little bit more deeply, you need to be able to surface threats the moment they emerge. So you've got to have that visibility, that single pane of glass. You have to see what you're dealing with across your entire ecosystem and inside the financial institution.
Then you have to be able to act in real time with automated dynamic control. So long gone are the days where we have time to wait for a batched transaction or queues that we can go manually review ACH files. We've got to be able to know who are the users that have logged in based on their behavior and in real time, within 30 seconds from the time they logged in, which is all it takes for someone to do something we don't want them to do inside the platform, be able to automatically risk decision them and interdict and stop them from changing PII or stop them from getting to an SSO out into P2P or RTP or stop a generated transaction right inside the workflows.
And then lastly, we have to close cases faster. We have to ease the operational burden for these back-office teams and for the financial institution, and we have to give the end customers confidence that their financial institution has their back. And so we have to be able to have the tools and the visibility across that entire ecosystem.
So if we sort of unpack the “see it” and we're talking about signals and behavioral analytics, it's really about data-driven insights consolidating every risk signal. So device, behavior, transaction, identity into a common view. And that's going to allow the financial institution to see patterns across the customer life cycle, not just within a single product or a single application.
Then when you get to the interdiction and prevention layer, that automation means acting on those insights immediately. So once a risk is detected, the system should be able to hold the transaction, step up off, alert the customer in real time. Manual review still has a role, but we think it can't be the first line of defense anymore, which is where we still sort of are operating. Manual review would be something that the financial institution would decide and say, “These are the things that we want to be able to take the last mile that the system couldn't automatically deal with and the things that the system's automatically dealing with.” The financial institution has to make a decision on how they want those routed or at what level they want those to be taken action.
And then it's really about intelligent case management at the very end. Integration is probably what makes this all work together. We have to connect fraud controls across systems, lines of business, or even partner solutions so that the financial institution is operating with a single fraud posture instead of dozens of disconnected ones. So when we talk about Fraud Intelligence, we're really talking about moving from a collection of tools to a connected system of intelligence, one that brings together the signals, the prevention, case resolution into that single continuum. And so the signals in behavioral analytics, highly critical. The interdiction and prevention layers have to be real time. It has to be right inside the workflows.
And then, of course, we have to be able to do something about it. We have to be able to talk to other parts of the organization in a very simple way, no more clunky emails being passed around or going to disparate certain silos of data, trying to figure out and piece together an investigation, which is where that $5.75 you talked about is really coming to bear for the financial institution. And so together, these three layers, the signals, interdiction, intelligent case management, that really defines what we mean by the Fraud Intelligence platform. So it's about connecting the insight to action and action to improvement in one continuous loop.
Ben Cash
Awesome. Jeff, that was great. Appreciate you opining on that.
Jeff Scott
Yeah, you bet.
Ben Cash
So all right. So now that we've defined what Fraud Intelligence means, let's start to make it real for folks or attempt to make it real for folks. So we want to spend probably the next few minutes grounding this in kind of everyday realities our financial institutions are facing when they walk through kind of practical strategies that can help reduce both risk and friction. And to start that, we're going to look at a few of the top fraud types we continue to see trending.
Jeff, you alluded to some of these pieces like check fraud and some of these other ones. And so let's dig into that a little bit and talk about it. So these four fraud types are examples of what we see most often across the industry. There's probably more to this, but this starts to capture largely what's going on with folks as we think about some of the use cases they face all the time and what's top of mind. And they can span everything from direct compromise to deception and manipulation. And together they illustrate why a connected intelligence driven approach is pretty essential to counteract some of these pieces.
And so let's start with account takeover. This is the root of many fraud incidents. Once a criminal gains control of a legitimate account, they effectively bypass your front door. Credential stuffing, phishing, and session hijacking are driving most of this activity. But the real challenge isn't just about spotting a login. It's distinguishing authentic behavior from anomalous behavior. That's where behavior analytics, device intelligence, and continuous authentications can make all the difference. Identify who's behind this session, not just where it came from.
Next is business email compromise or BEC that we often refer to it. A persistent threat that continues to evolve. These are highly targeted attacks that prey on trust between people and systems often aimed at commercial and business clients. Fraudsters infiltrate legitimate email threads, mimic internal tone and process, and trigger unauthorized payments that appear routine. It's not about just detecting a single bad email. It's about understanding context, timing, and the transactional relationship that makes something feel normal when it's not.
Then we have payment fraud. This category has expanded well beyond checks, but like Jeff alluded, that's still a threat vector that's highly rampant is checks. But we're seeing sophisticated attacks across ACH, wire, now with real-time payments being more adopted, mobile transfers. So the challenge here seems to be speed. Payments are moving faster than manual review can keep up with, and fraudsters seem to know about it more than ever. Institutions are turning to automation, risk scoring, and layered verification to detect anomalies in real time because prevention has to happen before settlement, not after. That's what we hear. This is also where linking behavioral data and transaction data becomes crucial, connecting what's happening in the moment to what you know about the user or business outside the moment.
And finally, social engineering scams. These attacks are built on manipulation, not malware—convincing your end users to authorize the fraud themselves. Whether it's the bank calling you to protect you or the IRS demanding payment, the end customer becomes unwitting accomplice in this. The rise of instant payments have made this worse because once the transfer is gone, recovery is nearly impossible. So combating this requires both intelligence and education, smarter detection that identifies unusual intent combined with communication strategies that help customers pause and question what is happening in real time.
So that's a survey of the land of these different types. Now, Jeff, you spent a lot of time working with our clients in the market. I'd love for you to share what you're hearing and your thoughts on some of these pieces.
Jeff Scott
Yeah. I mean, every single one of these, even the payment fraud, because we're talking about new rails, which presumably we're talking about real-time payments or RTP. This all sort of alludes to sort of what you have here underneath account takeover, that identity is the new perimeter. And the only way to understand is this really Jeff inside the session doing things that he should be allowed to do is with behavioral intelligence and the ingestion of that behavioral intelligence in a 30-second timeframe? So some of the industry will call that moving left of the boom, where the changing PII and transactions is the boom, and we've got to be sooner in the process. We can't wait to the time of transaction or the time of payment.
I think there's some stat that something like 70% of fraud is caught at the time of transaction or after, which is clearly too late. And even catching at the time of transaction, while good, we want to be able to catch it much sooner. And so every single one of these are plaguing the customers that I'm talking with, some more than others. Maybe account takeover is larger at one institution or business email compromise is larger at another, but they're all dealing with these. And the only way we think that you can really fight fire with fire here is with the sophisticated sort of system that we're talking about.
Ben Cash
Yeah. Could you dig in a little deeper why you think something like a Fraud Intelligence system could serve some of these different fraud types based on what you're seeing?
Jeff Scott
Yeah. I mean, I think, like we sort of talked about earlier, you've got to set yourself up for the future and you've got to set yourself up to deal with new and emerging fraud types. But if you just take the fraud scene today and these four use cases, which I would venture to guess are dominating lots of the fraud cases of the financial institutions represented on this call, you can't do it with people and you can't do it with manual review. And so you've got to have a system that is built really as an ecosystem.
So are there new and better signals we could ingest, say, next year because now there's a new flavor of a threat vector that's the No. 5 on this list that we don't know about yet, but there's a really amazing signal somewhere from a partner that we could ingest right into the interdiction layer of the platform that would allow us to deal with it? And the only way you're going to be able to act fast on something like that is if you've got the system already set up.
And so somebody asked a question in the chat about two Q2 native products, Patrol and Sentinel. Patrol is protecting actions in the platform. So not letting someone change PII. Sentinel is our transaction monitoring product that's been in the market for decades. And how did those interact with Fraud Intelligence? And so the way that I would explain it is Patrol and Sentinel are applications, those sit on top of a shared data layer that is the Fraud Intelligence platform. Patrol and Sentinel can both publish signals down into that platform, and they can consume signals back. We can take signals from a new third-party partner-driven feed into the platform that both of those applications could also consume. And over time, the idea would be that we could share signals across financial institutions.
So if there's a mule ring or a mule account at a financial institution in Ohio and that same mule ring shows up in a workflow in Texas, we should be able to provide that signal to the financial institution in real time such that they can do something with it. And so the applications of Patrol and Sentinel will still be the applications that do something about it. They'll still block the transaction, they'll still block PII or do step-up off or trigger some level of interdiction inside the platform, but the Fraud Intelligence layer is what lets us do all of that with speed.
Ben Cash
Yeah, that makes a lot of sense. I loved how you spoke to that and you pulled that question in from the chat, because you're right, the intelligence is the collection of signals. I've heard you often refer to it as the brokering of signals. How do you bring all those pieces together? It's one cohesive platform to make individual applications better, but also the network of applications perform at higher speeds to fight some of the stuff that's happening in real time.
There's also another question in the chat that I find interesting that we can take a moment to answer here because I think I've heard you talk about this often is like, you have to build today for the future that you anticipate. And you alluded to that of like, there's probably a fraud type on here that we don't know yet, like what's coming in the next kind of ... Instead of years, it's quarter by quarter. And someone asks, "What about new accounts when patterns haven't been developed yet?" Is there a way that intelligence platform can start to shape our ability to counteract some of those pieces that we don't yet have some of the information? Any thoughts there?
Jeff Scott
Yeah, I think a lot of our customers have been plagued with this for a long time where they have a new set of customers. So let's say they're less than 90 days old and what they'll do is they'll put them in a special group that has very specific limits and those limits might be much less than what they otherwise would have. What we're contemplating or what we're building right now rather with the platform is an interdiction layer called restricted entitlements. And what that will do is within each group, it will allow three different levels of entitlements to be possible based on the risk score.
So you ingest signals in a fast fashion, you produce a risk score about Jeff. And based on that risk score, I can dynamically be put into a level of entitlement that maybe there's one where the risk score is so bad, there's no money movement whatsoever, there's no other actions inside the platform that can be taken. You can look at the screen and that's about it. And then there's of course something in between and then there's the ... You have all entitlements for that group. And so what's neat about that, and this was really built by our customers, is you could take somebody that is brand new, doesn't have any history, and you could have them in a more risky tier, they have very limited capabilities, and they sort of earn their right to then do more. And that really sort of gets at the essence of what we're trying to do strategically as well.
And you sort of talked about it particularly at the beginning, which is build trust, not friction. And a lot of times we talk about fraud as friction, like how do we get the speed bumps that we need in order to feel safe? And what we want to do is flip the script. We want to have a risk score that's so dynamic that you could do more for your customers. You can finally fulfill the digital brand promise that you set out to fulfill and give them the experiences that they deserve without catching your good customers that have bad fraud trap. And the only way we think you can do that is with the ingestion of signals into a dynamic environment, and then you've got an interdiction layer that's equally as dynamic.
Ben Cash
Yeah, I love that. That's a really good answer. I like how you touched on a few things. Just to summarize some of the pieces back to ... I love how you said that we build a lot of our things by the voice of our customers, so bring in some of the restricted entitlement pieces. I love also how you said that friction is much more dynamic if you choose to deploy it rather than static and restricted entitlement kind of gets at that for based on what you said. So if you don't have a lot of information upfront based on that end user or that account, you could dynamically put them in a position where over time as you get more information, you learn better behaviors around like, is this an actual fraudulent event? Also, it starts to get them out of that restrictive state, because for lack of better words, they're earning good behavior.
I also like, you've talked about this before, which I've heard you say this, is the ability to create a true fraud database where you start to, like, as you understand and you start to bring all these signals together into one platform, you create this ability to understand what is true fraud and start to label that better. So even if you have a cold start with a customer or they're very new, you might have information about like-minded customers or similar customers that you can start to detect behavior because you have a true fraud database. Would you say that's true based on some of the things you've said before?
Jeff Scott
Yeah. I think having a true fraud database is the holy grail where we can have information about fraud events or about fraud rings. We can have information from each of the applications from across financial institutions. I mean, really think about who Q2 serves. We've got 1,300 financial institutions across the United States and 27 million end users. I mean, that rivals a top five financial institution in terms of just reach and millions of businesses on the platform. And so you think about all the transactions that we do every day. We move trillions of dollars of money a year. And we've got one of the largest check databases for commercial checks in the United States. So you start thinking about all those pieces coupled with dispute management platform, our ACH risk and monitoring platform, our transaction monitoring platform, all the customers that we have on the digital channel as well as check pay, positive pay, and you start to think about ingesting signals from partners and you've got 1,300 financial institutions.
We just believe that we should be able to provide signals to each financial institution individually about their specific customers, but also signals from the external network of Q2. Because like we said earlier, if I have been proven to not be trustworthy and I show up at another financial institution, you ought to be able to know that as a signal into your fraud-fighting ecosystem. And so the true fraud database really is the foundation of what we're considering as the Fraud Intelligence platform.
So I started thinking about it as two data models. I sort of oversimplify it, but you have a data model for each financial institution. The applications that you're using are smarter because they sit on top of it. If the financial institution wants to do something with that data, they want to build their own model or they want to build their own process because they know it better than anybody else, they should be able to do that. And then the consortium effect across should also be able to help them. So it's sort of like two sort of loosely coupled hybrid databases, if you will.
Ben Cash
Yeah, that's great. True fraud database, the holy grail. I love that you're choosing not to look at that as a myth, but actually take it square on and do some of this stuff. So that's awesome. Appreciate that response.
So we've got more questions, but we'll get back to them throughout. We'll save some time at the end. But just to move us forward a little bit, we've spent some time unpacking the challenges of the major fraud types that we see shaping today's environment. And so I want to start to close this section as we move into the next section and focusing on what's working. And what we've done is we've said, OK, there's five steps we see forfinancial institutions. There could be more, there likely are more, taking to move from reactive defense to proactive intelligence.
So what we'll probably do is we'll do some sort of combo deal here, Jeff, where I'll walk through each one quickly, but I'll start to get you to jump in, see what you're seeing across the industry to shape some of these pieces.
So the first one is understand your vulnerability. So the first step is awareness, right? Knowing where your weak spots really are, fraud, what we hear, often hides in the seams between systems and teams. When you can map out where data silos exists or where manual steps still drive decisions, that's where you'll find the greatest opportunity for improvement. So Jeff, what are your thoughts on understanding your vulnerabilities or that? Yeah.
Jeff Scott
Yeah, there's probably two pieces of this. One, what we see is a lot of institutions do have strong controls. They're just fragmented. So they've solved for a specific use case really well somewhere, but they don't talk to each other. They're not connected. So we think Fraud Intelligence starts by connecting those dots. I think what this also is saying is understand your threat vectors. Where is it really coming from? And don't just look at the dollars lost, look at the operational burden.
Ben Cash
Awesome. So we talked a lot about trust versus friction. And I think what that alludes to is how do you define what a great customer experience looks like. So before you start adding controls or layers of friction, we need to define what a great experience should feel like for our customers, your customers, customers in general. And so the clarity lets you make smarter trade-offs, knowing where friction is acceptable and where it's a deal breaker. Jeff, I'd be curious to love your thoughts on some of these pieces as a proactive step that institutions can take.
Jeff Scott
Yeah. I mean, I think what you said is spot on. The best broad programs work hand-in-hand with the digital teams, the customer experience teams. They're designing protection to be invisible so users feel secure without even realizing all the intelligence working behind the scenes. And I think new generations of customers and existing generations of customers really expect this next-level digital experience. And so they know what bad friction looks like. They know what multiple step-ups look like. The way I feel like I've heard people explain it that I think is interesting is everybody expects to be screened at the TSA line, but you're not going to go through it again to get a coffee. So it's got to be the right level of experience for the right level of risk.
Ben Cash
Yeah. I'm glad there's not TSA lines when I go get coffee because that's my first stop when I get into the airport. So that's a great analogy. I love that. Well, I think that the third one is invest in training and empowering your staff. So step three is all about people, right? Even the best technology fails without informed and confident staff behind it. So training teams to recognize patterns, understand escalation paths, and think critically about risk is key to scaling intelligent. So Jeff, do you agree here and some thoughts there?
Jeff Scott
Yeah. Yeah. I mean, you want your staff to feel empowered. They're really the first true line of defense and they can spot subtle patterns that automation might miss. And if they're supported by really great tools, I think if you've started to use something like a ChatGPT, you can understand this. It's like you have a job to do every day. And if there is something that can make it better where you can be more hyper-strategic, more preventative, it's going to make their job and their day so much more enjoyable and better, but it's also going to get you better outcomes.
Ben Cash
Yeah. No, I love that. Bringing AI to the conversation around education and training and leveraging tools like ChatGPT, that's a great point of view. All right. So step four is bring ... And it's not only about just the staff, but it's also about your customers. How do we bring your customers into the process? Given that social engineering and scams thrive on lack of awareness, when customers understand what normal looks like and where risk hides, they make better decisions and theoretically trust your institution even more. So Jeff, what are your thoughts on customer education based on your experience?
Jeff Scott
Yeah. It doesn't mean long campaigns and these static emails. I think we've all been a receiver of a credit card alert or something, a text on your phone. It's about real-time messaging and contextual guidance, nudges that happen in the moment and customers can sort of self-cure and can understand where they are on the journey. I think that's really the way that you train the customer.
Ben Cash
Yeah, that's a good point. I like your point about contextual guidance because you've said this before about positive pay. The average business user doesn't really know what that is and it can feel like insurance a lot of times. So if you contextualize the education to understand, meet them where they are, then it makes a lot of sense. So that's a good point. All right. And finally, this last step, leverage your technology scale. So how do you scale through intelligence? Fraud operations can't just grow linearly with volume. They have to scale through smarter automation, orchestration, and machine learning. So Jeff, what would you add to this point as a proactive step?
Jeff Scott
Yeah, the FIs leading this shift, we've already said it, are connecting behavioral analytics, decisioning engines, and automation layers into one ecosystem. And that lets them respond faster and they're working smarter, not harder.
Ben Cash
Awesome. Well, in the spirit of looking ahead, let's shift to this next section as we think about it's not just the threat vectors today, but it's the future. So as we look ahead, this isn't a story about doom and gloom. It's about one of opportunity, I think. Even as fraud evolves, financial institutions are becoming more connected, more intelligent, and more confident. And here at Q2, what you've said before is we believe that future is right because the combination of people, processes, and technology is stronger than it's ever been. And we have the right tools, the right insights, and the right partnerships to stay ahead of a lot of these pieces.
And that leads perfectly into our last topic, the next frontier. And Jeff, you're out there talking with financial institutions and listening to the market every day. So we're going to move to this next slide. I'd love for you to tell everyone what you think this future starts to look like from your vantage point and what you're seeing every day.
Jeff Scott
Yeah. Love this slide. AI on offense, I mean, the first frontier is AI. We've spent years using AI defensively to detect patterns, score risk, automate reviews, machine learning models are not new. We've been doing it inside our transaction monitoring product for over a decade, but we're now seeing AI being used proactively, anticipating fraud before it happens, adapting controls dynamically, and even learning from trusted behaviors to make systems smarter. And so the key here is AI for good, using it responsibly to enhance trust rather than just add complexity. So it's about putting intelligence into every layer of the customer journey. So I think that's sort of number one. We have got to be thinking how AI can fight fire with fire, because fraudsters, like I said, they are not waiting, they're not waiting for model governance, they don't care about jurisdictions, they don't care about data layers, they don't care about data governance. They are using these tools now.
The second is getting to the right level of orchestration. So bringing all your fraud controls together in a cohesive, intelligent way, which is easier said than done. Most institutions have all the ingredients. They have the data, they have detection tools, they have a case management system, they have scoring models, but orchestration is what ties them together. It ensures that the right signal goes to the right system at the right time, and that'll help reduce false positives, it'll streamline decisioning. Overall, it'll improve the ROI of the fraud mitigation system. And I feel like this is the one where automation meets strategy, moving from reactive alerts to real-time decisioning. And then the last is just the sheer amount of change in the financial services ecosystem, and we're labeling it here as payments evolution, but the shift toward faster real-time payments is creating incredible opportunities, but it's also introducing massive new risk vectors we've never seen before.
And I just left a national conference in New York wherein full financial institutions were talking about the Genius Act and Stablecoin and talking about commercial RTP, digital wallets. And the question becomes, is this really your customer initiating the transaction? And so just requires a more sophisticated set of identity signals, understanding intent, behavior, and device context to validate a user in seconds.
And so I think we'll see the rise of what others are calling agentic commerce, systems acting on behalf of the user to securely execute payments or actions inside an LLM. That's going to change the very definition of trust, in my opinion, in digital interactions. And so the ecosystem that you're designing right now, it has to be malleable and it has to be built on a fabric that's going to allow us to change our minds about how we're going to attack fraud because there are so many unknowns. And being in a room full of leaders, like I said, a couple of weeks ago, those are pretty big paradigm shifts in the industry. And so you've got to have the right partners at the table.
Cheryl Brown
And that’s it for another episode of The Purposeful Banker. In fact, it’s the last episode of 2025. We’ll be taking a little break over the holidays, and we’ll be back in mid-January with a preview of the 2026 State of Commercial Banking report. Until then, happy holidays everyone, and here’s to a fruitful 2026 for all of us.