This interview was conducted by the team at The Banking Scene in the lead-up to the Brussels conference on May 22, where we’re excited to participate and share our perspective on the future of fraud prevention and digital trust.
Fraud in the banking sector is a moving target. As digital channels evolve, so too do the tactics of fraudsters. Guido Ronchetti, Chief Technology Officer at XTN Cognitive Security, has had a front-row seat to this evolution over the past decade and recently shared a detailed account of today’s fraud landscape and the tools required to defend against it.
From Malware to Manipulation: The Shift to Social Engineering
A decade ago, fraud was largely a technical game. Banking malware and browser-based trojans dominated the scene. But the pandemic reshaped the digital banking experience and, with it, the nature of fraud.
“The pandemic pushed people en masse towards mobile banking, even those who traditionally relied on branches,” explains Guido. As banking became increasingly digital, fraudsters pivoted accordingly. Rather than relying solely on malware, they began exploiting the human element—manipulating victims through scams and social engineering.
This shift coincides with the impact of regulations like PSD2, which improved transaction security from a technical standpoint. Yet, as Guido notes, “fraudsters realised it’s not a technical issue—it’s a human issue.”
The result: scams are now more about persuasion than penetration.
The Shell Game: Targeting a Younger Demographic
One of the newest threats identified by XTN is what Guido calls the “Shell Game Malware” attack. Traditionally, scams targeted older demographics, particularly those aged 55 and up. But fraudsters are now eyeing younger victims, those aged 30 to 50.
This age cohort typically maintains an account at a legacy bank for high-value transactions, such as receiving their salary and paying their mortgage and credit cards etc. They also tend to maintain an account at a neo-bank for high-volume, “everyday” transactions.
In this scenario, fraudsters use malware to gain control of a victim’s device, then move money from the victim’s legacy bank account to their neo-bank account – an action that often appears normal and goes undetected by either bank. From the neo-bank, funds are then siphoned off.
Many legacy banks rely on exemptions that classify internal transfers as low-risk, which allows fraud to bypass detection. The malware gives the fraudster control of the victim’s device, letting them intercept push notifications and authorise the SCA (Strong Customer Authentication), completing the fraudulent transfer.
“Legacy banks have stronger fraud defences, while neo-banks are quicker and more agile but often less robust in fraud detection,” says Guido.
Neo-banks commonly lack real-time transaction monitoring, and their mobile-only approach leaves devices used for SCA vulnerable to malware. They also often overlook geographic anomalies (frequently in the interest of reducing friction for their target audience), which makes it easier for fraudsters to transfer the stolen funds to external accounts.
This two-step fraud exploits both ends of the spectrum.
Combating Modern Fraud with Cognitive Security
XTN Cognitive Security combats these emerging threats through its Cognitive Security Platform. Crucially, the platform isn’t just focused on transactional data, it also embeds an SDK within partner banking apps to monitor user behaviour and device health.
“We’re not signature-based,” Guido stresses. “Our approach is behavioural. That means we can detect new and evolving threats, even if they haven’t been seen before.”
This holistic approach, combining app protection, transaction analysis, and behavioural insights, all powered by proprietary AI and GenAI algorithms enables XTN to catch fraud patterns like the shell game and Authorised Push Payment (APP) fraud before damage is done.
Tackling Money Muling in Three Phases
Money muling remains another significant threat. Ronchetti describes XTN’s strategy as a three-stage process:
- Application Behaviour Analysis: By analysing how new users enter personal information (e.g. typing rhythm, mouse movement), XTN can flag synthetic identities or suspicious account openings.
- Incoming Payment Monitoring: Dormant accounts suddenly receiving multiple payments from different sources raise red flags.
- Outgoing Transaction Behaviour: Unusual transactions, especially those draining 80% or more of an account balance, signal mule activity.
This layered detection approach makes it possible to identify mule accounts both at creation and during use.
First-Party Fraud and Regional Nuances
While first-party fraud, such as chargeback abuse and false claims, is reportedly rising, Guido sees this as less of a concern in Europe compared to the US.
“We’re still involved in detection,” he says, “but European banks typically want proof that a user was genuinely involved in the fraud.”
Geographical differences also shape fraud trends and responses. For example, cheque fraud remains significant in the US but is virtually non-existent in Europe. Likewise, liability for scam losses varies: in the UK and Europe, banks are typically held accountable, whereas in other regions, responsibility is often shifted to the consumer.
This regulatory variance influences fraud prevention strategies. “Some regions train customers with security messaging, while others involve the fraud team more actively,” explains Guido.
AI as a Strategic Tool, Not a Buzzword
Artificial intelligence plays a key role in XTN’s platform, but Guido is wary of overhyping it. “We don’t treat AI as a silver bullet,” he says. “We use multiple home-grown models that are tailored for specific goals.”
Where AI is truly transformative is in identifying anomalies and behaviours that static rules or signature-based systems might miss. For instance, AI helps detect synthetic identities and fake documents, an area where Guido anticipates increased activity in the coming years.
“With tools like deepfakes and AI-generated IDs, it’s getting easier to fool identity verification systems,” he warns. “That’s why we focus on catching fake identities through fraud analysis, not just identity checks.”
Interestingly, Guido believes fraudsters themselves aren’t yet heavily reliant on AI for scams. Their strength lies in social manipulation rather than automation – at least for now.
Regulation: Both Catalyst and Constraint
Regulation is a double-edged sword. On the one hand, frameworks like GDPR, PSD2, and the upcoming EU AI Act drive innovation and structure across the fraud prevention landscape. On the other, they create operational constraints.
“In Europe, we have strict limits on using personal information and biometric data,” says Guido. “This prevents some of the more aggressive techniques used in regions like Brazil, where camera recognition is widely deployed for fraud prevention.”
Still, Guido sees regulation as largely beneficial. “It raises the bar for everyone. It’s not always easy, and it comes at a cost, but ultimately, it pushes us in the right direction.”
Conclusion
As fraudsters adapt their tactics, so too must the defenders. Guido Ronchetti’s insights reveal a sophisticated, human-centred approach to fraud – one that leverages behavioural analysis, proactive AI, and a deep understanding of digital ecosystems.
The future of fraud prevention lies not in any single tool or regulation but in the ability to think like a fraudster, act before they strike, and build trust in digital banking.
(Join us at The Banking Scene Conference Brussels on May 22, where you can meet the XTN Cognitive Security team at Booth 13 and find out how they can help you keep your customers safe from fraud.)
