Fraud is evolving rapidly thanks to generative AI

Fraudsters now have access to technologies that were once the preserve of experts. It takes just a few clicks to generate:

• doctored images of products “supposedly” broken,
• forged supporting documents,
• and well-crafted synthetic identities

As TF1 explains, private sellers are now facing disputes based on AI-manipulated photos, with automated systems sometimes turning against the honest victim themselves.

One user interviewed recounted losing €180 due to an AI-generated image showing a supposedly broken vinyl record — an item that, by its very nature, does not break in that way. The platform’s automated system, however, ruled in favour of the fraudster, illustrating the vulnerability of traditional checks.

This phenomenon is part of a global trend: fraud involving doctored images is skyrocketing, with a 15% increase in falsified images in claims since the start of 2025.

Three major trends observed by Oneytrust

At Oneytrust, our experts have identified three major shifts:

1. More sophisticated fraud

Generative AI can produce highly realistic images, some of which are impossible to distinguish with the naked eye. Synthetic identities or invoices recreated pixel by pixel can fool traditional verification systems.

2. The industrialisation of attempts

What was once manual work is now automated. Fraudsters are now launching vast, coordinated campaigns, drastically increasing the volume of attempts detected on e-commerce sites.
This industrialisation is confirmed by the TF1 report, which warns of waves of scams potentially affecting millions of people.

3. New weak signals

Traditional methods are no longer sufficient. When evidence is generated by AI, behaviour, metadata and contextual inconsistencies become the new areas of analysis.

 AI: an essential tool for countering these new attacks

With fraudsters now using AI, anti-fraud solutions must evolve. That is why Oneytrust has integrated advanced artificial intelligence models at the heart of its technologies.

In particular, our systems enable us to:

Detect behavioural and contextual inconsistencies

Frequency of returns, unusual histories, multiple addresses or devices: the patterns speak for themselves.
Our solution cross-references these signals to identify abuse well before it becomes visibly repetitive.

Adapt in real time

Fraud methods change every week. Our models continuously recalibrate to keep pace with these changes and block emerging attacks.

Identify organised networks

By analysing data structure and correlating identity details, devices and network history, Oneytrust exposes organised criminal groups operating under different identities or accounts.

Tailor detection to your returns processes

Oneytrust adapts precisely to each retailer’s returns policies and internal workflows, incorporating their rules, thresholds and operational specifics.

The real challenge: maintaining trust

In this context, the issue is no longer simply about blocking fraud.
It is about protecting the relationship of trust between retailers and their customers.

Excessive suspicion can damage the shopping experience. Being too permissive can encourage abuse and undermine business models. The balance is therefore delicate — and AI plays a crucial role in accurately distinguishing between:

• honest shoppers,
• opportunistic fraudsters,
• and organised criminal networks.

Oneytrust is committed to maintaining this balance by combining cutting-edge technology with human expertise.

Fraud and AI: a huge challenge… but far from insurmountable

Artificial intelligence has profoundly transformed the landscape of reimbursement fraud. Whilst it provides fraudsters with new tools, it further enhances companies’ ability to detect and stop them.

With ongoing investment, increasingly sophisticated models and greater collaboration across the entire ecosystem, this battle is not only possible, but winnable.

Trust is one of the cornerstones of online commerce. Together, let’s continue to protect it.

The post Refund fraud: when AI becomes a tool for fraudsters… appeared first on Oneytrust.

1. The new broad definition of an ‘AI system’

The text defines an AI system very broadly as a ‘machine-based system, operating with varying degrees of autonomy, capable of adapting after deployment and which, for explicit or implicit purposes, deduces from data how to generate results (predictions, content, recommendations, decisions) that influence physical or virtual environments’.

This broad technological scope is complex to implement operationally, but the market agrees that it encompasses sophisticated approaches such as machine learning (ML), hybrid expert rule + machine learning approaches, and advanced optimisation.

With the proliferation of AI use by fraudsters, trusted anti-fraud companies such as Oneytrust will need to further develop their range of AI solutions to power their scoring, behavioural alerting and anomaly analysis engines in order to keep up with the times and identify increasingly sophisticated fraud patterns.

2. Risks: where does fraud detection fit in?

The AI Act classifies certain uses as ‘high risk’ (critical biometrics, employment, education, access to essential services such as credit scoring, health insurance pricing, etc.). These systems are authorised but must be accompanied by a very sophisticated risk management system and an assessment of their compliance before being placed on the market.

One notable exception is that AI used to detect financial fraud is not automatically considered ‘high risk’. This reduces the direct regulatory burden, but does not remove the expectations of transparency, data quality and human oversight that regulated institutions contractually pass on to their subsidiaries and suppliers (such as Oneytrust).

3. What are the key dates to remember?

The main requirements of the AI Act will come into force in stages. Here are the key dates to remember:

• 2 February 2025: entry into force of the ‘unacceptable risk’ prohibitions + AI literacy requirement (awareness/training for staff involved in AI).
• 2 August 2025: obligations for general-purpose AI models (GPAI) begin to apply (generative AI).
• 2 February 2026: European deadline for certain implementing acts (post-market surveillance plans).
• 2 August 2026: obligations for high-risk AI systems.
• August 2027: general application of all provisions of the regulation.

4. Why prepare even if you are not ‘high risk’?

Fraudsters are becoming industrialised with AI. Deepfakes, fake documents, automated attack scripts, automated use of synthetic identities: fraud is scaling up. Those involved in the fight against fraud must adapt quickly to these new trends.

Although fraud prevention is not explicitly considered high risk, it is essential to ensure that solutions respect the fundamental rights and privacy of customers and end users, whether in accordance with the GDPR or the AI Act. In addition, the expectations of regulated partners (mainly in the banking sector) are increasingly high, as they are subject to sector-specific requirements that demand traceability, good documentation and heightened vigilance regarding the quality of the data used to satisfy their supervisors.

5. The Oneytrust response

Oneytrust provides identity verification and fraud detection solutions for e-merchants, fintechs and banks, relying on AI solutions coupled with our 25 years of human expertise in fraud prevention to detect synthetic identities, transactional anomalies and risk signals in real time. We are members of the BPCE Group, which drives us to high standards of compliance and model governance.¹

As with the GDPR, we did not wait to cultivate our expertise on the AI Act and have been raising awareness and training our staff on these new compliance issues for several years. Contact us if you would like to learn more about Oneytrust’s vision for AI compliance and risk management!

The post AI Act and Fraud Prevention : why the market must prepare appeared first on Oneytrust.

a) Security and protection of citizens

The primary purpose of digital identity is protection. Users whose identities are stolen suffer dramatic consequences: loans taken out in their name, administrative disputes, damaged online reputations. Having a robust digital identity based on reliable technical and behavioural signals helps limit these risks.

b) Trust and fluidity of exchanges

For a company, accepting a new customer involves a risk. Digital identity provides the necessary elements to establish a trust score: is this a real, consistent person who has been active for a long time? This trust then facilitates exchanges, reduces friction (simplified KYC, smooth user journey) and improves the customer experience.

c) Sovereignty and independence

Today, proving one’s identity online often involves major private players (connection via Google, Apple or Facebook). However, delegating this strategic function to a few companies poses a problem of sovereignty. European states are seeking to regain control in order to avoid excessive dependence and guarantee data protection.

d) Inclusion and equal access

Digital identity must not become a factor of exclusion. People who are digitally excluded (the elderly, rural areas, vulnerable populations) must have access to simple and accessible solutions. Equity requires an inclusive design of these tools.

2. Future prospects

By 2030, digital identity could undergo three major developments:

Increased standardisation: adoption of international standards enabling seamless recognition between countries and services.

Biometric integration: enhanced association with biometric fingerprints (voice, face, fingerprint) to further secure access.

Enhanced user control: emergence of solutions where users decide which elements of their identity to share, depending on the context (e.g. proving they are of legal age without revealing their date of birth).

In a nutshell…

Digital identity is no longer a technical curiosity. It has become the beating heart of digital societies. It protects, streamlines and empowers, but also raises questions about surveillance and sovereignty.

By understanding it, decision-makers and citizens have an essential lever for navigating a world where the virtual and the real are inseparable. Ultimately, digital identity is the identity card of the digital age: intangible but decisive, invisible but unavoidable.

The post Digital identity: the new identity card for the digital age – Part 2 appeared first on Oneytrust.

1 . Defining digital identity:

Unlike civil identity, which is established and certified by the state, digital identity takes many forms. It is based on four main dimensions:

• Declarative data: surname, first name, email address, telephone number, address. This information is provided voluntarily, but can be misused/“imitated”.
• Technical fingerprints: each connected device generates a unique signature (IP address, configuration, sensors, time zones, cookies). These signals, invisible to the naked eye, become valuable clues for recognising a user.
• Behaviour: typing speed, connection times, location, frequency of service use. These elements are more difficult to falsify and constitute a behavioural signature that is almost biometric.
• Social and economic interactions: history of contact, payment and browsing data use. This data builds a coherent narrative… or, conversely, reveals inconsistencies typical of fraudulent events.

2. An identity in flux

Unlike a national identity card, which is fixed at the time of issue, digital identity is dynamic. Every connection, every payment, every interaction enriches this digital portrait. This dynamic provides robustness – it is difficult to simulate a consistent digital life over time – but also raises ethical questions:

How much data should be collected without infringing on privacy?

How can we ensure that users retain control over their digital identity?

What safeguards should be put in place to prevent widespread surveillance?

The GDPR in Europe and the concept of ‘self-sovereign identity’ attempt to provide answers. But the balance between security, fluidity and respect for individual freedoms remains fragile.

3. Why has this concept become so important?

Two major trends explain its growing importance. .

• Widespread digitalisation: smartphones have become our universal access point. From public services to healthcare, everything is now digital. Initiatives such as France Identité and the European eIDAS 2.0 regulation aim to create digital identities that are recognised at national and supranational level.
• A boom in 100% web-based crime: identity fraud is skyrocketing. The concept of ‘synthetic identity’ illustrates this trend. Fraudsters assemble pieces of real and invented data to create fake profiles capable of fooling traditional controls.

In this context, the ability to assess the credibility of a digital identity is becoming strategic for banks, insurers, retailers and also for governments.

In a nutshell…

Digital identity is constantly evolving: shaped by our usage, regulated by legislation, scrutinised for its security and commercial value. But this dynamic is not without its challenges. In the second part, we will address the multiple issues it raises – security, trust, sovereignty, inclusion – and the prospects that could redefine our relationship with identity by 2030.

The post Digital identity: the new identity card for the digital age – Part 1 appeared first on Oneytrust.

Triangular fraud is a complex and ingenious method of fraud that combines elements of real and synthetic identities to create a network of fraudulent transactions. This type of fraud relies on the interaction between three parties: the fraudster, the legitimate seller and the unwitting consumer, in order to divert resources discreetly and effectively.

How triangular fraud works:

The triangular fraud process can generally be broken down into four steps:

1. Creation of multiple identities: fraudsters begin by creating synthetic identities by combining real and fictitious information from real customer information received during purchases on their website. This allows them to generate credible buyer profiles that can interact with sellers without arousing suspicion.
2. Ordering products: using these identities, fraudsters place orders with legitimate sellers. Payment is often made with stolen or misused credit cards.
3. Reshipping products: the purchased products are shipped to intermediate addresses or directly to the ‘real customer’ depending on the method used. At this stage, fraudsters may also sell the stolen products to real buyers via online platforms at a reduced price.
4. Cash-out: Fraudsters cash out payments from genuine buyers, while the original seller remains unpaid or faces a chargeback.

Why is triangular fraud effective?

Triangular fraud is particularly effective because of its networked approach, which allows fraudsters to separate the elements of the transaction. The initial seller believes they are interacting with a legitimate buyer, while the final buyer thinks they are getting a product at a bargain price. This separation makes detection difficult, as individual transactions may appear legitimate because the information used is real, long-standing and sometimes even shows healthy activity. Traditional security rules are unable to detect these weak signals of fraud.

The MERLIN network

At Oneytrust, we are constantly detecting new fraudulent schemes. One of the most telling recent cases is that of a network we have named ‘Merlin’ because it used products from this brand to carry out its attacks. Detected in June 2024, this network perfectly illustrates the complexity and evolution of today’s threats.

It all started with an alert about unusual purchases: a sharp increase in orders for Merlin educational games, worth less than £100, from a partner specialising in childcare products. This sudden spike immediately caught our attention.

Our experts quickly spotted similarities between the orders, suggesting the existence of an organised network. However, certain elements were puzzling: the digital identities appeared reliable, and some profiles even belonged to real customers – but with a different email address. This was a clear sign of identity theft, which is rare for such small amounts.

To remove any doubt, we contacted the customers concerned. All confirmed their identity… but denied having made these purchases. The fraud was now certain. A thorough discussion with one of them revealed the key: he had indeed purchased the product, but on an online marketplace, not from our partner. The evidence provided enabled us to identify the fraudulent shop and understand the modus operandi: a triangular fraud.

Once the pattern had been established, our analysts listed the common signals associated with suspicious orders and created specific security rules. Thanks to these targeted actions, reinforced by direct checks with customers, we were able to block transactions linked to this network. The result: in less than 12 hours, the ‘Merlin’ network was neutralised.

This case shows how essential the responsiveness and expertise of our teams are in stopping new fraud networks as soon as they emerge. And the story of ‘Merlin’ is only just beginning… we will tell you more very soon.

The post MERLIN network: anatomy of a triangular fraud appeared first on Oneytrust.

1) Why AI has become essential in the fight against fraud

The boom in language models and content generation tools has lowered the barriers to fraud: flawless phishing emails, carefully crafted fake profiles, synthetic identities that are more difficult to detect, industrialisation of fraud scenarios, reusable attack scripts. Static controls are no longer sufficient. We need systems that are capable of learning, detecting weak signals, and continuously evolving. AI is not a gadget: it is essential for detecting anomalies, linking scattered events, and responding in real time without hindering legitimate processes.

2) Oneytrust’s AI toolkit

Over the years, Oneytrust has built a range of scores to analyse digital events, identify fraud patterns and prioritise actions. Our scores aggregate more than 200 signals and are based on a shared database covering more than 15 million consumers, authorised by the CNIL (French Data Protection Authority) in 2013 — well before the GDPR.
Beyond fraud at a given moment, we observe velocity: how a user, payment method, device (phone, PC, etc.) or email address behaves over time. This intelligent memory makes it possible to streamline the journey of good customers (controlled reuse of acquired trust) and tighten the noose on risks (accumulation of clues, inconsistencies, anomalies). Our rule engines remain adaptive: we add, adjust and remove rules as trends evolve, to keep pace with changing attacks without compromising the customer experience.

3) Humans + AI: augmented expertise, not automated

AI identifies, humans understand. Our investigators and fraud experts play a particularly crucial role in challenging alerts, contextualising cases, and revealing emerging patterns that models have not yet learned (low volumes, ambiguous signals, attacker innovations). This feedback loop feeds the models, improves the rules, and ensures an explainable decision. In particularly sensitive situations, human arbitration protects the customer relationship, avoids false positives, and maintains trust.

4) A strategy to acculturate our employees to Generative AI

As soon as ChatGPT was released in 2022, we quickly decided to train our teams in the use of generative AI to increase speed, operational efficiency and quality on non-sensitive tasks: writing, summarising, analysis assistance, preparing deliverables, etc. As part of the BPCE Group, we have access to the secure MAIA portal, which allows our employees to access reference models (e.g. GPT-4o, Mistral, Gemini) in a safe and ethical environment. In our training courses and with the help of our Generative AI Ambassadors, we emphasise the importance of maintaining a critical perspective on the results generated by AI (systematic verification, non-disclosure of sensitive information, traceability of uses): the aim is to accelerate useful production, not to automate indiscriminately.

5) Governance & compliance: already prepared for the AI Act!

Because many of our customers are regulated (banks, fintechs, e-merchants), we have long since implemented the safeguards expected by sector regulators: model documentation, decision logging and auditability, data quality, continuous monitoring, and human supervision. The AI Act, which has just come into force, reinforces these requirements: we anticipated this framework and are aligning our work with the BPCE Group’s compliance approach. In concrete terms, this means: system mapping, model risk management, periodic controls, proportionate explainability and team acculturation. Our ambition is to meet deadlines without slowing down useful innovation.

In conclusion, let us consider that the fight against fraud is a movement, not something static. AI enables earlier detection, better explanation and faster action — provided it is governed, complemented by humans and integrated without disrupting the user experience. At Oneytrust, it is this winning trio — high-performance models, committed experts and solid compliance — that transforms a shifting threat into a sustainable competitive advantage.

Would you like to learn more about the expertise of our models, which combine more than 200 types of data and velocities, and benefit from Oneytrust’s Data Consortium with more than 15 million digital identities to secure your customer journeys without losing conversions? Contact us.

The post AI at Oneytrust: technology at the heart of our DNA! appeared first on Oneytrust.

At Oneytrust, a long-standing player in the sector for over 25 years, we have turned this dual reality into an opportunity to innovate, by placing AI at the heart of our anti-fraud strategy.

How does Oneytrust use Artificial Intelligence to detect fraudulent behaviour?
Online fraud is evolving rapidly. Fraudsters are now using tools such as Chat GPT to industrialise their methods: cutting-edge phishing emails, identity theft, automated scam attempts, automated social engineering, etc. It’s no longer just a handful of malicious experts who are attacking e-commerce sites, but now also opportunistic, inexperienced ‘Sunday fraudsters’ who have no qualms about using AI to achieve their ends.
Faced with this growing threat, Oneytrust has decided to counter-attack by deploying its AI-powered anti-fraud solution. With our D-Risk Commerce solution, we analyse millions of transactions in real time to :

• Identify anomalous behaviour and emerging fraud networks;
• Proactively detect suspicious patterns and transaction anomalies using predictive algorithms;
• Maintain a smooth user experience by reducing the friction associated with anti-fraud controls.

Our AI models are constantly evolving, fed by a massive volume of anonymised data and enriched by the human expertise of our analysts. The result: in 2024, we succeeded in detecting 85.1% of upstream fraud, while identifying 97.3% of false positives – a performance that makes it possible to secure transactions without penalising legitimate customers.

The challenges and opportunities of AI in the fight against fraud
Today, AI is at the heart of a ‘cat and mouse’ game between fraudsters and e-retailers. With each technological advance, fraud techniques become more sophisticated. The main challenge? Keeping up.

But in this race, AI is also a formidable source of opportunities:

• Automated controls: shorter processing times and greater productivity;
• Adaptability: algorithms can learn new fraud scenarios in a matter of hours;
• Continuous improvement: each fraud detected feeds the models to strengthen future detection.

The other major challenge is to find the right balance between security and fluidity. AI that is too strict can block legitimate sales. AI that is too permissive opens the door to fraud. At Oneytrust, we have made this a priority, by putting human intelligence at the service of artificial intelligence.

Artificial intelligence and human expertise: the winning combination
At Oneytrust, we don’t see AI as a miracle solution, but rather as a powerful technological lever, which takes on its full value when combined with human expertise.

Our data scientists and fraud experts work hand in hand, and this synergy enables us to :

• Quickly identify new types of fraud not yet detected by our models;
• Qualify false positives so that honest customers are not penalised;
• React quickly to new attacks or unexpected anomalies;
• Continuously update our models, based on detailed analysis of the field.

At the same time, our AI algorithms support experts by:

• Prioritising the most sensitive cases;
• Correlating key data to save analysis time;
• Providing a solid base of insights for informed decision-making.

This constant dialogue between AI and our teams enabled us, in 2024, to boost the transaction transformation rate by 2.04%, while guaranteeing a 99.89% acceptance rate. A double benefit: more sales for e-merchants, and less fraud.

Practical advice for integrating AI into your anti-fraud strategy
Would you like to take advantage of AI to strengthen your security? Here are a few best practices:

• Work with an AI and anti-fraud expert partner, such as Oneytrust;
• Opt for scalable solutions that can be adapted to your specific business and data flows;
• Don’t rely entirely on technology: retain a degree of human control, particularly to manage the most complex cases;
• Monitor your key indicators (fraud rate, false positive rate, conversion rate) to adjust your parameters on an ongoing basis;
• Train your teams in the new risks associated with generative AI and social engineering.

To conclude, in a world where AI is both an engine for growth and a tool for fraud, it’s important to arm yourself intelligently. With Oneytrust, you benefit from the power of AI combined with human expertise, to build an ecosystem of trust around your transactions. Because tomorrow, true innovation will not just be technological, it will also be ethical, agile… and collaborative.

The post AI a strategic asset in the fight against e-Commerce fraud! appeared first on Oneytrust.

E-commerce has grown by leaps and bounds since the early 2000s, and with it, fraud has continued to evolve. According to the FEVAD figures communicated at this Round Table, 72% of e-retailers are profitable or break-even, which clearly shows that e-commerce is a profitable business. And e-commerce is also a job creator, with 41% of e-retailers having created jobs by 2024.

2000-2005: the beginnings of e-commerce

The arrival of the Internet in homes marked the start of a new consumer channel. The first e-commerce sites appeared, often with little security. Fraudulent behaviour remained small-scale, but was already a cause for concern.

2005-2010: the boom in e-commerce… and fraud

E-commerce becomes more democratic with the rise of marketplaces and the first major peaks in online consumption. At the same time, fraud is becoming more structured, targeting payments and technical flaws.

2010-2015: the social networking effect and the expansion of fraud profiles

Facebook, Instagram and other platforms are giving rise to new uses… but also new vectors for fraud. Content linked to fraudulent methods is becoming accessible to everyone. The profile of fraudsters is changing, from organised networks to everyday opportunists.

2015-2020: regulation, PSD2 and increasingly complex payment transactions

The entry into force of PSD2 in Europe (Payment Services Directive) requires strong authentication. The aim is to make payments more secure. As a result, fraudsters are moving to other areas (PayPal disputes, neo-banks, refunds, etc.). Human error is becoming a major target.

2020-2025: industrialisation, cybercrime and AI

The boundaries between fraud and cybercrime are becoming blurred. Attacks are becoming more professional, and fraudsters’ tools are becoming ultra-technical, sometimes doped with AI.

At the same time, merchants are having to cope with tighter regulation (BNPL, consumer credit framework), ever more demanding customer journeys, and increasing pressure on security… without compromising the user experience.

The next 25 years: human intelligence at the heart of the battle

The next few years promise to be just as decisive. Deepfake, synthetic identities, behavioural fraud and offensive AI are shaking things up.

But one thing remains certain: it is human intelligence that will make the difference. Where automated models can be fooled by a synthetic identity, the human expertise built into our approach can detect anomalies.

Why merchants need to (re)think their anti-fraud strategy

With fraudsters becoming ever more equipped, merchants’ anti-fraud strategy can no longer rely solely on technology or compliance.

The keys to effective fraud prevention today :

• Combine technical and behavioural approaches
• Work with partners who are familiar with emerging patterns
• Anticipating regulatory changes (DSP3, IA Act, consumer credit, etc.)
• Combining business performance and security

It is with this in mind that Oneytrust has been working with the biggest e-commerce players for 25 years.

Our mission: to create trust, without friction.

Would you like to find out more about our anti-fraud solutions?

Please contact us.

Meet our fraud experts and find out how Oneytrust can turn your security into a competitive advantage.

The future of e-commerce is being built today. Together, let’s build it on trust.

The post 25 years of fighting fraud: retrospective, changes and the future of e-commerce appeared first on Oneytrust.