Trust, Verified

Abstract: In this panel on AI, identity, fraud prevention, and trust in financial services, Chris Pornaras (Special Advisor, Fortiro) moderated a discussion with Jose Israel Castro (Senior Manager, Facephi), Colin Smith (VP, Risk & Decision Science, Wealthsimple), and Kristin Milchanowski (Chief AI and Quantum Officer, BMO) on how fraud is shifting from breaking systems to exploiting people and eroding trust. The panel explored how AI is accelerating attack velocity, making scams more targeted, and forcing financial institutions to rethink friction, KYC, client education, digital identity, and ongoing monitoring. Across digital banking, identity verification, risk science, and AI leadership perspectives, the message was clear: trust is now the core product, and protecting it will require stronger data infrastructure, behavioural intelligence, entity resolution, responsible AI, and a more continuous view of customers, accounts, agents, and transactions.

👉 Check out the full VIDEO here.

Chris Pornaras: Today we are going to talk about what fraud is doing with AI. We are seeing that fraud has gone from trying to break systems, to exploiting people, to eroding trust in our system. The advancements in AI have made this much more challenging.

Kristin, I am going to start with you. Who is winning? Are the good guys winning? Are the bad guys winning? Where are we today with AI and fraud?

Kristin Milchanowski: I think there is still a balance in the ecosystem. You have the bad guys penetrating, and you have the good guys still making money in our businesses. So net-net, I would say the good guys are winning.

What has really changed is the velocity at which all of this is moving. That is the really new part. The bad guys can attack faster, so we all have to pick up our pace too.

Chris Pornaras: Colin, from a digital-first perspective, what is your point of view?

Colin Smith: I definitely agree. We are seeing AI driving faster cycles of attacks and making it much more difficult for clients to discern the real from the fake.

Whether it is a phishing email, a phone call, or even AI-generated media, everything is getting to the point where it is almost impossible to tell what is real and what is fake. That is eroding trust between clients and their financial institutions, and that is a place we are very focused at Wealthsimple.

For example, we recently rolled out a feature that sounds simple on the surface: if you are on the phone and you are on our app, we warn you about the things we will never ask you to do on the phone. We are finding ways to insert ourselves where customers are today, and that is becoming much more important.

Kristin Milchanowski: Everyone is used to phishing attacks, but what is happening now is spear phishing. Attacks are getting really targeted and hyper-focused on senior executives and people who have systems access. Fraudsters are going after the mimicking of those individuals. I would encourage everyone in the room to amplify their programs around those spear phishing attacks.

Chris Pornaras: Jose, we heard from Sardine just before this session, which threw some terror into how agentic AI is operating. From a digital identity perspective, what is your point of view?

Jose Israel Castro: From our side, we agree with both points of view. AI has given us enough tools to fight AI with AI.

For instance, with AI, we are now able to detect a fake document based on patterns, holograms, and different capacities online in 60 seconds. We can detect if the document has been manipulated or if someone is taking a photo of it.

AI has also given us the ability to determine pre-fraud signals. Before you have fraud, you have signals: login from a remote location, geolocation changes, account takeover signals, device footprint changes, and behaviour that is outside of normal patterns.

Using AI, we are able to define alerts and notify our customers, users, and banks before fraud happens. We are also able to detect money mule accounts based on patterns.

Chris Pornaras: Colin, when we were preparing, you talked about the shift away from attacking systems to attacking the end user, the client. Is the client now the weak link in this equation?

Colin Smith: I would push back a little bit on calling clients the weakest link, but they are becoming an incredibly important partner in the fight against financial crime.

Many of the most damaging attacks we see today never touch our systems. The actual damage is being done on a phone call, in a WhatsApp group, or on social media. Those are things traditional fraud controls cannot pick up.

At Wealthsimple, we have been thinking about how to shift our approach, particularly by leveraging AI and new technologies to bring signals from outside the walls of our systems into our fraud defences.

A specific example is how we protect clients from pump-and-dump stock scams. These are scams where bad actors get a position in a stock, promote it on social media as the next big thing, attract clients into a WhatsApp group, and then pull the rug, leaving people with nothing.

All of that is happening outside the walls of Wealthsimple. So we built an LLM-based system that scans news about a particular security, scans social media posts, compares that to price movements, and puts warnings in front of customers in real time before they buy into one of those stocks.

That is the type of thing that would have been impossible to do without AI. We would have thousands of securities to monitor in real time. It is also a good example of meeting clients where they are, in the moment of a transaction, with the context they need to protect themselves.

Chris Pornaras: Kristin, can AI help protect people from themselves, or is that too much oversight or too paternalistic?

Kristin Milchanowski: There are good things we can do in life to protect ourselves. LinkedIn and WhatsApp are two huge vulnerability points, and people can use Signal in their personal life instead of some of those messaging apps.

When we are talking about business, clients, and interactive moments, we have found that educational sessions with clients are important. For our wealth management practices, we host a lot of Q&A and interactions to help educate clients on their own personal security, the trusted products we have, and how we interact with them.

From a development standpoint, we have a responsible AI framework. We were one of the first financial institutions to publish that. Those principles are used in our development flow.

Whether it is fraud, AML, or cyber, we put those principles in and code to them so that we are hardening our infrastructure for clients.

Chris Pornaras: Jose, when a real customer is being manipulated by a fraudster, how can that be detected?

Jose Israel Castro: One of the things that is common in every fraud, authorized or unauthorized, is the money mule account.

Usually, the fraudster manipulates the customer to drive transactions to an intermediary account. Those intermediary accounts are what we are able to detect before the fraud is committed.

We create a balance score for that account based on behaviour and pattern. For example, if an account has been dormant and suddenly starts doing transactions overnight, that allows us to determine whether the transfer is going to a money mule account.

We are able to alert the customer before they do the transfer or transaction. We can analyze the behaviour of that account, including new account fraud signals or whether the name is exposed on the dark web, and assign a score to that account.

That helps protect the customer before the transfer happens.

Chris Pornaras: We spend a lot of time talking about friction. We do not want to put friction in the process because we are worried about customer experience. But have we gone too far? Is it incumbent on us to put friction back in the process to prevent bad actors and take an extra minute or two to make sure customers are protected?

Colin Smith: I tend to think the old adage of friction versus speed is not the right trade-off conversation anymore in the fraud space. The conversation should centre more around trust.

As a financial institution, the most important thing we ship is trust. Everything we do is layered above the fact that clients trust that their money is safe with their financial institution.

Clients need to both feel safe and be kept safe behind the scenes. The biggest surprise to me has been how much clients do not experience these security features as friction. They experience them as empowerment and as having more control over their money.

At Wealthsimple, we recently launched trusted places, which allows clients to designate geolocated areas such as their home or office where transactions outside those locations face additional scrutiny and step-up.

The take-up, with basically no marketing, has been incredible. We have had more than a million transactions go through with additional friction that clients are asking for because it feels like an additional layer of control over their money.

Similarly, we now have passkey-enabled login. It is different, new, and requires a few extra steps to sign up, but without much marketing or push, over 15% of the assets on our platform in the first month were protected by a passkey.

That latent demand among clients for more control over their money is where I am really focused.

Kristin Milchanowski: Our clients really do want to own their own experience and have a flawless experience with us.

One thing we have done is keep clients out of the call centre whenever we can. Clients actually enjoy their digital experience more because we have enabled a lot of information at their fingertips.

What used to be a phone call to check a balance, confirm whether something happened at the end of the day, or ask whether a paycheque came in can now be handled digitally. We can send a proactive prompt to their phone.

That no longer becomes a phone call. They are getting the answers they would have asked for, and sometimes they can ask the question directly in our app in our interactive model.

That has drastically reduced our fraud rate just by giving the client a better experience and more control.

Chris Pornaras: Jose, a lot of firms still treat KYC like it should only happen at the front door: verify the customer at onboarding and move on. Is that model still relevant?

Jose Israel Castro: I think KYC is still alive, but it has multiplied. We now have a full ecosystem of new concepts around KYC.

KYC was originally thought of during onboarding. Now, KYC is becoming the radar during the whole journey. Customers need to be verified not only during transactions, but also across users and agents.

That is where perpetual KYC comes in. You might not be on a blacklist when you onboard, but you may be on a blacklist three months later. Perpetual KYC allows you to know who your customer is during the whole journey.

If you add that to know your agent, you can authenticate and make sure the behaviour of that agent relates to established patterns. If you add know your transaction and know your account, including money mule account detection, you can create a more integrated layer.

From a customer identity perspective, KYC has evolved from what we knew in the past into a whole ecosystem of new paradigms.

Chris Pornaras: Colin, are you seeing fraud develop after onboarding, and if so, where?

Colin Smith: We see many of the same types of fraud that are common across the financial ecosystem.

As a digital brokerage, one nuance for us is that when clients are moving money, it is not always for a transaction or to pay a bill. It can also be for investments. That creates a unique challenge in helping clients identify investment scams, which are quite common and a challenge for all brokerages.

Pump-and-dump schemes are one example, but any type of investment scam is not something that KYC at the front door is sufficient for. It requires an ongoing relationship, ongoing monitoring, and being there in the moments when those decisions are happening for clients.

Chris Pornaras: Kristin, Jose mentioned perpetual monitoring. How does AI help in that ongoing monitoring?

Kristin Milchanowski: We maintain the privacy requests of our clients. In doing so, we need to understand who and what our clients are.

Increasingly, our clients are going to be using agents to engage with us. It will not just be the human engaging with us. The human’s agent, which is a kind of bot, will be interacting with us.

I am not as worried about today’s conversation. I am trying to worry about what is coming six months from now, when we may have more agents interacting with us than humans.

When I think about that problem set, I want ongoing monitoring of our systems and a strong understanding of those behaviours.

What I love is that we can also make money with it. We can leverage the insights we are getting to understand what the market pulse is doing. We can provide that insight to capital markets, not about the individual client, because that account is private, but as packaged signals showing movement and trends.

We can also use it for risk management portfolios, to identify trends in loan growth or other movements, and use that as an input signal to different lines of business.

The ongoing monitoring part will be important not just for the human side, but for the next wave, where increasingly some of these transactions and movements will be done by digital agents.

Chris Pornaras: If you were developing your fraud mitigation stack today, with IDV, predictive modelling, biometrics, and document fraud detection, what would be your top three investments? Colin, start with you.

Colin Smith: I am a data guy, so I am probably biased. To me, the biggest thing I would invest in is setting up the infrastructure and ability to get all of the signals out of your data.

Companies may underestimate the power they can get from the internal signals they already have. With new methodologies in AI and foundation models, you can understand a lot more about the patterns a particular client would normally show, which makes it much more powerful to catch outliers.

I would invest in data infrastructure, talent, and the ability to extract those insights because every company is sitting on proprietary data about its client base, and that is one of its most powerful assets.

Kristin Milchanowski: I would really invest in entity resolution.

It is not a fundamental capability that enough people have. When you have a collection of data, entity resolution is the way to recombine it and create signals.

You will be hard-pressed to develop many of the signals we have been mentioning if you do not have entity resolution done well. Very few people do. It is a step that is often missed.

I have a phrase: keep the dead dead. You would be amazed how many people in data sets are no longer with us but are still actively trading in portfolios and moving money around.

Use entity resolution and figure out what accounts really do not belong.

Jose Israel Castro: I would think about account takeover first because it is one of the largest fraud patterns and affects both customers and organizations.

Second, I would think about behavioural biometrics and how we can understand the customer pattern across the whole journey. Most organizations are focused on KYC and regulatory compliance, but much fraud sits underneath that.

When a customer does transactions, you need to detect fraud before the transaction happens. For instance, one type of behavioural biometric we can detect with AI is device downgrade. You do not usually go from an iPhone 16 to an iPhone 11. If the customer was using one device and then the process is using a different device, technology can detect that.

When you combine that with geolocation and money mule account detection, you can better detect and classify fraud and assign a score.

Audience Question: A lot of technology looks for syndicate fraud, organized crime, account takeovers, and synthetic fraud. But what is rising now is first-party fraud. There is ability to pay and willingness to pay. When people are under financial pressure, they may be swayed into giving up their IDs or taking other steps. How are you accommodating or looking after the rise of first-party fraud in portfolios?

Kristin Milchanowski: One of the ways we are looking at first-party fraud is through credit cards. We are leaning into our credit card relationships to make sure point-of-sale partners are doing their part in the equation.

I would not forget about the relationships your institution has. Make sure credit card companies are helping with the first-party fraud problem as well. It is not just on one group to handle the problem.

Education also matters. We cannot stop communicating to people that these trade-offs are not always healthy.

Colin Smith: I completely agree on the credit card point, and lending is where this shows up the most.

Another way we think about this is in our brokerage. We have the concept of a client trust score, which we use to unlock new features over time where we take on more risk as we get more comfortable with the profile.

It is a different strategy than looking for third-party fraud or account takeover, but it follows similar methodology. We look at how much business we have done with this client, how long their tenure is, and what signals they are giving us that they are trustworthy.

Jose Israel Castro: In our case, we think about the customer journey and education.

Organizations have invested a lot in educating customers: we will never ask you for codes by phone, for example. And yet there is still fraud through those vectors.

Fraudsters create a sense of urgency, and customers still fail on that. So education is very important on this topic.

Here are 10 key insights from the panel:

1. AI is accelerating the speed of fraud
Panelists agreed that the balance between good actors and bad actors still exists, but AI has dramatically increased the velocity of attacks.

2. Trust is becoming harder for customers to verify
As phishing, deepfakes, fake calls, and AI-generated content become more convincing, customers are finding it harder to know what is real.

3. Fraud is increasingly targeting people, not just systems
Some of the most damaging attacks now happen outside financial institution systems, through phone calls, messaging apps, social media, and manipulated customer behaviour.

4. AI can help institutions fight AI-enabled fraud
Panelists highlighted AI’s ability to detect manipulated documents, identify pre-fraud signals, spot account takeover patterns, and alert customers before harm occurs.

5. Friction should be reframed as trust and control
Security features are not always experienced as friction. When designed well, they can make customers feel safer and more empowered.

6. KYC is evolving into a continuous journey
The panel emphasized that onboarding-only KYC is no longer sufficient. Perpetual KYC, know your agent, know your transaction, and know your account are becoming more important.

7. Investment scams require real-time contextual intervention
For brokerages and digital platforms, scams can unfold outside the institution’s walls, requiring real-time monitoring, social signals, and warnings at the moment of transaction.

8. Entity resolution is a foundational fraud capability
Strong entity resolution helps institutions recombine data, identify abnormal relationships, and detect accounts or activity that should not belong.

9. Behavioural biometrics and device intelligence are critical
Signals such as device changes, geolocation, customer patterns, and money mule account detection can help identify risk before transactions occur.

10. Education remains essential in fighting first-party fraud and scams
Panelists stressed that customers need continued education on urgency tactics, code-sharing scams, first-party fraud risks, and how institutions will and will not interact with them.

Sign up for the CLA Finance Summit Series