Get in Touch
My Account
Artificial Intelligence | Identity | Payments Fraud

Episode 280 – Reflections on Fraud in 2025 and What Lies Ahead, with David Maimon, SentiLink

Yvette Bohanan

November 19, 2025

POF Podcast
Share On Linkedin
Share On X
Share Via Email

In this episode, Yvette Bohanan welcomes back David Maimon, Head of Fraud Insights at SentiLink, for the final episode of this year’s fraud series.

Listen in as Yvette and David reflect on the state of fraud as 2025 comes to a close. They discuss rising identity theft reports, the persistent challenges of measuring fraud losses, and the alarming trends associated with synthetic identities, stolen identities, and insider fraud. The conversation explores issues around various payment systems, agentic AI tools, and the regulatory gaps that contribute to escalating fraud incidents.

 

 

 

Yvette Bohanan: Hello, I’m Yvette Bohanan, a partner at Glenbrook and your host for this episode of Payments on Fire.

Well, here we are in Q4, approaching the end of 2025. For some of our listeners, this means entering the peak retail sales season, along with all the preparations that come with it, and it’s often a time to finish key objectives while simultaneously planning for the new year. Either way, it’s a hectic time of long hours and seemingly endless deadlines. But it’s also a time to reflect, to give yourself a moment to catch your breath, step back and see the bigger picture. To take stock of where you have been, what progress has been made, and to approach your future work and investments with intention.

With that in mind, we’ve reached our final episode of the year with David Maimon. David is the Head of Fraud Insights at SentiLink, where he and his team spend a considerable amount of time analyzing fraud schemes that facilitate first and third party fraud. If you haven’t listened to our previous conversations with David, I encourage you to do so and to follow him on LinkedIn to stay updated on his team’s work. They publish some really great stuff.

David, welcome back to Payments on Fire and thanks so much for joining me on this episode. The year has really flown by. I appreciate you being here today to take stock of where we are at the close of 2025, when it comes to the state of fraud.

David Maimon: Thank you so much for having me on your show, Yvette.

Yvette Bohanan: Always a pleasure. I took a lot of time to reflect, I went back, listened to some episodes we’d recorded, and poked around at some of your research. I’m always reading reports from different people, right, on all of this. And we’ve covered some of the challenges of accurately measuring fraud in prior conversations and acknowledging that a lot of the estimates, like we’re really obsessed with counting.

There’s the fraud classifier model that the Feds publish. There’s the scam classifier model. The good guys are obsessed with trying to count things, right. And yet we’re always talking with each other about the healthy skepticism we need on the numbers and the metrics. But there are a couple things that I have found recently that are, I think, a little useful just to highlight the magnitude of the issues that we’re facing, the big numbers.

So, the FTC report in 2024, and I think you mentioned this actually in one of your recent publications, showed that 1.1 million reports had been filed for identity theft in 2024, right. And what was interesting is when you go and you look at that, the number of reports is relatively close to 2020 and 2021, so kind of like the height of the pandemic. But when you zoom out and look since 2001, that trend is like up into the right. It’s a steep angle, like a 45 degree.

To put it slightly differently, we’ve been investing in controls. Everyone is spending money to stop things, to create controls to stop scams, payments controls, cybersecurity controls, and the situation does not seem to be improving, right? We’re kind of at the last bastion. Identity, once they have identity, all heck breaks loose. And we’ve talked about that. So that’s the theft.

Now you look at the magnitude of scams and the scamdemic, as people are calling it, right, and, theft, people are having their money stolen, having their identity stolen, having their identity stolen to open bank accounts and telephone accounts to get money stolen and all that kind of stuff. Now, people on the scam side are voluntarily giving this information away or giving the money away, even worse, right?

So the Pew Charitable Trust published 73% of adults have experienced some kind of online scammer attack. I mean, we’re getting these calls every day and it’s to the point where they’re telling you, this is probably scam. And I’m thinking to myself, I’ve blocked like 800 of these numbers, right? And I’ve reported junk. I’ve hit report junk, and you know all of that stuff you’re supposed to do. And if they know it’s probably scam, why aren’t they tracing this thing back and doing whatever they need to do to really stop it at the root cause.

So we know it’s a problem. And it’s not just old people anymore.

David Maimon: It’s everybody.

Yvette Bohanan: And interestingly, it’s younger generations that are, in a lot of cases, more vulnerable to falling for the scam. And a lot of times with very tragic results. So we’re getting calls, texts, and emails, trying to get us to just give our stuff away. That’s the setup.

So big magnitudes on both sides. Relatively speaking, credible reporting from the group that responds to Pew Charitable Trust surveys and the FTC. What are you seeing in terms of actual losses from all of this?

David Maimon: So the setup is very good. I think you’re doing a very good job setting the ground for me to tell you that I don’t think anything has changed with respect to our ability to measure actual losses on a society level, on a society level or on a global level, right?

I know that there are many organizations out there doing their best to sort of come up with estimates, but I’m very skeptic about some of those estimates simply because it is very difficult to assess the magnitude of losses from fraud. Unless you have a structured way like FIs have to understand fraud losses and quantify them on a monthly basis, or on a daily basis, on an annual basis, it’s simply very, very difficult to figure out the magnitude of losses.

You mentioned the FTC. I love the FTC data. I work with the FTC data. I keep citing the FTC data. I love FinCEN data. This is one of the things I’m doing right now. I love playing around with the SARS report. But one important thing to understand in the context of both those amazing data sources is that a lot of the data is not being reported.

Yvette Bohanan: Reporting continues to be a problem in your mind.

David Maimon: Yeah. Reporting, because a lot of people are still ashamed by the fact that they get victimized. A lot of people do not really know that their identity has been stolen, so they can’t report an identity theft. Think about the issue of synthetic identities, right? There’s nobody to report identity theft in the context of synthetic identities.

And if you think about it in the context of the FIs and the credit unions, they don’t know what they don’t know if those identities keep sort of paying the bills and maintaining those bank accounts. It’s very difficult to track this issue.

That goes to the government as well. So much fraud happens on the government front right now. And to me, what’s scary is that we don’t even know how much. But we know that after COVID, there’s more scrutiny, more attention to the issue of fraud and the government. But again, how much tax refund problem do we have? We don’t know, right?

So in terms of actual losses, unless you have, and this is just me, and please feel free to sort of counter on this. Unless you have a systematic way to measure fraud and you’re seeing fraud losses with your own eyes, I don’t think you are in a position to talk about fraud losses, right, actual fraud losses. And definitely not on a societal level or a global level. Yes, you can talk about actual fraud losses for your organizations on an annual basis, but given that you don’t know what you don’t know. So hopefully that makes sense.

Yvette Bohanan: It makes a lot of sense actually, and I think it’s important to keep reminding ourselves of that as an industry. People get too fixated on the numbers or they get fixated on numbers that are then used to create a trend comment. So it’s going up, it’s going down, it’s better here, it’s worse there. And it’s like, what are you using to actually say that?

And when you start to peel it back, the numbers aren’t as comforting or carefully tuned in as needed or fully reported, as you’re saying with reports. And we’re always kind of just chatting about how novel it is to some industries that fraud is even occurring, right?

So this whole notion of you don’t know what you don’t know, you are constantly talking to groups that are uncovering the fact that there’s fraud somewhere, and they didn’t realize that they were being used perhaps.

David Maimon: I think you hundred percent correct. And I think, again, the fixation for those numbers, like the actual losses come from our ability to understand what we can sort of write off and our risk tolerance. And I definitely get that, right? We want to make sure that ROI and you know, some money will be lost for fraud, right? But we don’t want to sort of create friction that then will result in us losing customers and more money, right? But think about it that way.

I mean, what essentially do we do when we write fraud off, right? In a way, we fuel the ecosystem, the online fraud ecosystem, with a level of tolerance that tells them, that tell the fraudsters, nobody cares, right. And we will continue to experiment.

So to me, if you haven’t met the threshold yet and you continue to write fraud off, at some point you will. We’ve seen that historically with different types of frauds out there, right? I mean, we haven’t paid too much attention to check fraud, right, in the last five years and then it came to bite us, right? Same thing goes to drop accounts. We’re seeing a huge dramatic increase in the volume of drop accounts. A lot of frauds that happens on the government side that we’re seeing.

Things are not improving and I don’t have the actual fraud losses to sort of back that. All I have is the reports that the FTC put out there, which still sort of indicate an increase in the volume of different types of fraud out there.

But also a lot of the criminals put out there on the upstream, a lot of the tutorials that they put out there, a lot of the information they put out there, that is a very strong signal for me that this is still going on and that they’re still knocking on the doors and they’re still trying to steal money, right?

Unfortunately, nowadays it’s not only Darknet and Telegram, now it’s Facebook and TikTok and Instagram. But that’s, again, sends strong signal to folks who do fraud prevention that this is still going on, right? And so if we want to stop fueling the ecosystem, I don’t think we should care too much about the numbers and the actual losses. We just need to prevent as much as we can.

Yvette Bohanan: So we’ve pushed the criminal element to the point though, I think, too, with the controls that have been developed and put in place to go further and further towards identity theft. It’s sort of like we had them backed into certain corners around cards or checks, or maybe checks were being ignored. And basically they’ve now hit this level of sophistication, that theft or scam, whatever it is, once they have an identity, they have some very elaborate cookbooks out there, very elaborate strategies for exploitation that you’ve uncovered. And no one’s immune to this.

And one of the things that came up when we were talking about ID theft was people who are incarcerated and having their identity stolen, which I don’t even know what to call this because it’s criminals, it’s crime on crime, it’s criminal on criminal fraud, right. And what’s going on with that? What do you know about this? Because I found this just staggering actually.

David Maimon: It’s really interesting. This type of work is really interesting because of several reasons, right? I mean, the first is the individuals who essentially steal the criminals’ identities, like the type of individual who steal the criminals’ identities. And then, when you talk about specific types of criminals, specific type of individuals who spend time in prison, then their probability differs with respect to sort of whether they’re on death row or not.

So in the context of inmates’ identities, we know that those identities are being used and being stolen, right? I wouldn’t say in a larger or higher rate than the rate that we see in the general population, maybe a slightly higher. But what’s interesting in the context of the inmate is like who is stealing the identities and who is using the identities?

And in the context of those inmates, we usually see the identities being used by family members and friends, which is again, really interesting, right. You know someone is incarcerated, you know the social security number, you have everything you need in order to start and open a bank account. It’s a friend, it’s a family member, and you simply use it. Which is really interesting.

Yvette Bohanan: Wow.

David Maimon: The other really interesting thing that we discovered in the context of inmates, we download inmates lists to our servers just to make sure that we understand the risk of an identity to be used. I think the major risk we’re able to identify, we discovered in Texas for prisoners who, for inmates who serve life sentences and essentially are on death row. There we were able to discover those rings who essentially use the death row inmates’ identities to open bank accounts, to create businesses, to get into apartments. If we take into consideration the entire list, we’ll be able to see that in a fairly large rate and while using a specific profile of individuals, which again was really interesting.

They were using identities of death row inmates, who then, someone had to sort of play the part, so to speak, right? It had to be in specific age. It had to be in specific race. And then they were using the identities as part of fraud rings operations to create the bank accounts, open businesses, take loans. It’s essentially fascinating to see how they start using it at the same, pretty much the same time period, and then go along with it for at least a year or so.

Yvette Bohanan: Oh wow. So this isn’t just like a one event. This is like building an alternate life.

David Maimon: It’s really interesting because they’re using the identities, the death row inmate identities, like they’re using synthetic identities. But you do have the advantage of a real person with actual sort of public records around that, which you don’t really need to recreate, sort of speaking. They’re using the identity as a synthetic identities to create bank accounts, to get telephone lines, to getting to apartments.

In one of the cases, we were actually able to find three death row inmates’ identities cohabitating in one address in Houston, right. At the point we were sort of running the investigation, folks were still using the identities. One of the sad aspect of the story is that one of the identities was a prisoner who got executed like a month before we started the investigation.

So, it’s really interesting how the criminals are finding identities to use in different contexts and different place that they have access to.

Yvette Bohanan: Wow. Wow. So real versus synthetic. Since you sort of brought up this notion of it’s a form of synthetic id. When you look at the sales out there that you monitor and you look at synthetic versus real, are there any clear metrics around cost inventory, you know, what’s available? Is it going up or down?

Volumes on the dark web, but like what are you seeing in terms of patterns in those two categories?

David Maimon: So in the context of stolen identities, it really depends on what exactly the type of commodity you will be getting. If you’re looking at the PII only, name, date of birth, social security number, address, then identities go for, it really depends on the vendor, between $2 to $5, right?

Nowadays, unfortunately, you can actually get driver licenses and selfie images along with those PIIs of individuals who verified their identity. Those identities, those commodities come, of course, from data breaches and scams that folks have been falling victim to. And the prices, for that pool, again, name, date of birth, social security number, address, a selfie of individual identifying themself along with a driver license, and then a picture of the driver license, the front and back of the driver license. That will go for $12 only.

And if you buy in bulk, you can get the package, right, for $8. So the price of stolen identities is unfortunately very low at this point. And folks usually don’t buy one or two. They buy thousands of identities. That’s how they get good prices on those identities.

In the context of synthetic identities folks need to understand that there’s a lot of, I mean, it really depends on the type of synthetic identity you build. If you’re buying a synthetic identity that have some public record with it, that have some trade line associated with it, then the prices will be higher for those identities than synthetic identities which just started their careers, sort of speaking.

Synthetic identities, we’ve seen packages, those come with packages because at the end of the day you want to have a trade line to the identity, you want to have a driver license, you want to have some documents go along with it. Those start at 700 and they can get to up to $2,500.

Yvette Bohanan: Wow, so, so the fact that there’s a lot more effort, if you will, put into creating that synthetic version versus a stolen version that’s got a complete cross-reference set of information is, that’s pretty remarkable.

David Maimon: Yep.

Yvette Bohanan: That’s a big difference. It’s a couple magnitudes or more difference. 3, 2, 3 magnitudes.

David Maimon: And it’s really interesting. Again, if you need a synthetic identity to work with, you need to like a new person to work with, of course there will be more effort into sort of creating that person and building the facade around that than if you just need a stolen identity and then you sort of use it the way you deem.

Yvette Bohanan: How long does it take to build up a synthetic identity? Have you watched them from inception to sale and know kind of on average, is it a year, two years for the them to create that?

David Maimon: It really depends. It depends on the vendor. It depends on the goal. It depends on the number of trade lines you want your synthetic identity to have. It depends. The process, to make long story short, is fairly long for someone who wants to start the synthetic identity process, but that’s why you have those markets out there. The markets will shorten the process considerably.

So instead of you creating your own synthetic identities and starting to have some public records, opening email accounts and retail accounts, and then try to add yourself as a secondary user on a trade line, or actually buy a trade line and report it to your synthetic identity and then continue to mature it and groom it.

Instead of you spending between 6 to 12 months sort of creating and perfecting the identity, you can go to those markets and you immediately can start working with that if you buy the right package.

Yvette Bohanan: What’s really interesting, when you’re describing that, is the tentacles. It’s sort of like if you wanted to actually extinguish, let’s say you find a synthetic identity and you know it’s synthetic, right? And your business, 26 in line of this thing being used or whatever, entity 26, and you want to go tell the others 25 entities, This is bad. Working that trail backwards is impossible. It’s always going to be out there somewhere, right, to sort of be picked up or is being used or-

David Maimon: I agree with you a hundred percent. It will always be there simply because it’s very easy to manufacture those identities. If you’re a fraudster who doesn’t want to sort of, who want to fly under the radar, doesn’t want to spend a lot of money, all you need is just patience.

And then grow and groom the identity and add more layers to the story with the driver licenses, with the passports, with the utility bills. You can send your identity to school, right? And then get a FAFSA loan, right? Or you can open a business using the synthetic identities or even buy a business and then assign it to the synthetic identity. To me, it’s all about the level of patience a person has, and understanding of what you can do with a synthetic identity.

Yvette Bohanan: Yeah. But undoing all of that is-

David Maimon: It takes a lot of time. Yeah.

Yvette Bohanan: -would take a lot of time to actually work the chain backwards and make sure everyone gets rid of it. I know there’s some services out there that have, like they were starting databases of this, but I don’t know. I legitimately don’t know. I should go find out. Maybe you know.

David Maimon: One of the things that SentiLink does is essentially help you understand, right? Because one of the solutions that SentiLink offers is synthetic identity prevention. One of the things that we offer folks who work with us is a record study. Sort of scraping like all potential identities, like synthetic identities, from their portfolio by simply running the risk scores for the identities, the banks, the credit unions, the government, has been working with. So that could help for sure.

Yvette Bohanan: Yeah, but do you go back to like, you see the synthetic identity in company A’s database customer list. Do you go to company B? Because you saw company-

David Maimon: No. So Company B will have to approach and say, Hey, we need to check what’s going on.

Yvette Bohanan: Yeah, that’s what I’m thinking. Like all of the tentacles have to like go to the-

David Maimon: Yeah.

Yvette Bohanan: -In order to find out whoever the center is. It could be SentiLink. I think there’s a couple other companies trying to do it too, but there’s no facilitation to get outreach here.

David Maimon: So I agree with you a hundred percent. I know of several fraud fighters groups, and between them, they share their information, right? I’m actually sitting on one of those groups and folks constantly share identity, like synthetic identities, among the group and actually ask for advice.

Yvette Bohanan: Yeah, I think that’s really critical. I think people who, if you’re listening and you’re not tuned into something like this, you need to be at this stage. Because this absolutely is prevalent and we’ve been talking for years, about 84% increases, 76% increases in synthetic identity and manufacturing identity. And here we are, after years of being on that growth curve, we’re faced with a pretty significant issue.

David Maimon: And the synthetic identities, Yvette to be frank, they’re very scary. I think at this point, a lot of the FIs out there and the government are terrified with synthetic businesses. Those synthetic businesses will be a tremendous issue moving forward, I predict the the next couple of years or so, simply because you have a slew of fictitious businesses, which folks open using synthetic identities.

The businesses look great on paper. The businesses have employees. The businesses are paying taxes. The businesses are taking and paying loans in the right time. But at some point, folks will start busting out. Several companies are working on tools, but at this point, unfortunately, we’re still behind, and it’ll be a tremendous issue moving forward. So it’s not only the identities, it’s also the synthetic businesses.

Yvette Bohanan: How should a business protect themselves from being, from having any of their data misused to create a synthetic identity? Like we always tell consumers, freeze your accounts.

David Maimon: So a synthetic business is essentially a fictitious business you put together.

Yvette Bohanan: They sometimes use real data combined with fictitious data.

David Maimon: Sometimes, yeah, sometimes they will do that. But the MO that we are seeing, and that is the aged shelf companies we’re seeing out there for sale, folks are essentially putting together those businesses out of scratch. They will obtain employer identification number from the IRS, and then they will simply grow it, and at some point they will offer it for sale.

And so then you can purchase the business and then assign it to a synthetic identity. And then the criminals start working with that. Very difficult to find red flags around that at this point, but I know of several companies working on trying to find solutions to it.

Yvette Bohanan: Yeah. And then you’ve got the whole issue of money laundering through those, right? So it’s not just bust out fraud from loans or fictitious tax filings and refunds and whatever.

David Maimon: It’s really interesting that you’re saying that. I think it’s definitely money laundering, but also wiring money, right? And becoming those accounts that shall allow you to receive fraudulent funds, and then either moving it to the next actor or just cashing on them.

One of the interesting things, and I wasn’t really planning on talking about that, there are many meat and cattle companies that we’re seeing out there, which serve as those sort of companies, right, that help receive all the money simply because of the high financial transactions that these guys have. So it’s easier, to hide the money in this kind of meat sort of processing companies.

Yvette Bohanan: Wow.

David Maimon: Yeah. We see a lot of it in Wyoming. I’ve seen some in Idaho. In fact, one of the criminals I’m following, he constantly put out bank account he’s using up there for sale and you actually see transactions and you see the frequency of transactions in those bank accounts are so high that it’s fairly easy for them to just slip in and launder or simply send the money to another fraudulent entity. It’s just fascinating ecosystem.

Yvette Bohanan: So we have synthetic identities of people, and stolen. We have stolen and synthetic businesses. We also have insider jobs.

David Maimon: The employees. Oh my gosh. I’m telling you, the more time I spend working on the issue of identity, synthetic and stolen, the more verticals you see this is relevant to. So the insiders is a huge potential issue for us here in the United States, simply because many of us work remotely.

And so what we see criminals do is we see them stealing our identities. And here we’re talking about criminals and nation states as well. We see them stealing our identities, trying to get jobs here at the United States with Fortune 500 companies. And actually Department of Justice released few releases showing how North Koreans were doing that.

Stealing our identities, accepting positions in Fortune 500 companies, working from afar, collecting paycheck, fueling their nuclear program that that way. And then filing, folks who work here with them, filing for taxes on their behalf and stealing money that way, right? So that is one type of really interesting insider scam that we’re seeing developing more and more here in the United States.

Then, of course, you have insiders who makes low annual salaries and it’s fairly easy to bribe them and get your tentacle, if you’re a fraudster, if you’re a part of a fraud ring on them. So that goes to USPS employees, bank employees, credit union employees, simply bribing them and have them work with the group and be an insider in those institutions. There’s a lot of evidence right now in social media of those insiders as well. So insiders are definitely a major issue that we’re seeing right now here in the United States, and we should be prepared for that.

Yvette Bohanan: Wow, because even recruiting is remote. Everything’s remote, right? You’re not just working remote. You’re recruiting remote, you’re onboarding remote.

David Maimon: Yep.

Yvette Bohanan: Right. And I’m sure Gen AI and all of the technology that goes with it is going to make doing that type of a scam easier.

David Maimon: To your point, many companies have already suggested and disclosed the fact that they’re seeing a lot of those fake employees applying. Unfortunately, it’s not only applying. Unfortunately, these guys that are being successful in, obtaining the position, working for the company, and then creating some damage.

Yvette Bohanan: Yeah. All kinds of damage, I’m sure. So okay. Moving on. We’re taking stock. This isn’t sounding so great, but okay, we’ll keep going. It’s really informative, but it’s a little sad. We’re going to have to figure out a way to celebrate the end of the year with something, I don’t know.

Okay. So specific payment systems. Are some faring better than others, or is everyone in the same boat when it comes to all these exposures?

David Maimon: I spent some time thinking about this. I think cash is king at this point. Yeah. I looked at, and again, this is because I don’t know what I don’t know, right? And it’s not only me, it’s the Secret Service. It’s some of the report that the Federal Reserve put out there. Some of the other reports that I’m reading from FinCEN, from FTC, and so on. So, in the context of cash, the Federal Reserve have put together a report in February 2025 showing a dramatic decrease in the volume of counterfeit that they’re able to detect.

It could be a good thing, it could be that there’s not a whole lot of counterfeit money in circulation. The assessment is between 30 to $40 million. That’s not a whole lot. Either we are great, right, in catching it, or, we are horrible in identifying it.

Yvette Bohanan: Either good news or really, really bad news.

David Maimon: Exactly. But again, this is how things look like in the context of cash.

In the context of checks, if you look at FinCEN, I have my own data, but just to make sure that we sort of put in the right context. If you look at FinCEN reports, you’ll see the check fraud is still very high, very high, unfortunately. Similar numbers to the numbers we’ve observed during the last couple of years or so.

So hopefully with some of the controls that the banks are putting together, we’ll be able to change the trend a little bit, and hopefully with the fact that the government is sunsetting the Department of Treasury checks, that will help changing the direction of the curve as well.

In the context of cryptocurrencies, we do see folks continue to sort of create some hype around specific wallets, specific currencies in order to potentially engage in exit scams. I don’t have specific numbers, but this is still something to be worried about.

If you look at ACH transaction, and if you look at that in the context of FinCEN, again, you will see dramatic increase, right, in the context of those payments during the last 15 years or so.

So I guess in terms of exposure, cash is the best way to go at this point.

Yvette Bohanan: Okay. You heard it here first folks.

David Maimon: Right.

Yvette Bohanan: You may not hear that anywhere else.

David Maimon: Hopefully it was comprehensive enough. Right. I was trying to sort of touch all the systems.

Yvette Bohanan: When you’re talking about ACH, the new Nacha rules, they have this new set of like, kind of a framework and they’re defining new definitions around specific types of fraud for credit push payments, which is new. And they’re calling out things that typically you would see like in the Association for Financial Professionals report on business email compromise and that. And Nacha is actually putting in guidelines and information about these types of patterns in ACH.

Is it business email compromise, BEC, or is it something else? Is it kind of across the board in your mind that you’re seeing?

David Maimon: I think it’s across the board. I think it’s very difficult for me to quantify, whether it’s business email compromise. I mean, we still see business email compromise, but I can’t really disclose the rate. I think we don’t have the rates.

Yvette Bohanan: Yeah, and it’s hard to correlate, right, like compromise in the exact form of payment. And then the loss.

The postal inspector came out and said consumers have lost a billion dollars due to check fraud and check washing in particular. Which is a specific, this is very specific, right? It’s not theft of checks, it’s check washing. Which is basically erasing the information you write on the check and putting somebody else in there in a different dollar amount and using the check, pulling the funds out of the account. But, I thought that was an interesting, highly specific report coming out of the postal inspector’s office.

And what can we say about checks that we haven’t already said? Stop checks, like just stop.

David Maimon: Yeah, so again, as I mentioned, the government is sunsetting the use of checks starting September. So hopefully that will help. People need to stop using checks. One important thing to understand, it’s not only check washing, it’s also check cooking, right? So people are just manufacturing those fake checks.

We’re seeing those fake checks are still out there on Telegram. In terms of numbers, we look at FinCEN and we look at some of the data that we produce and unfortunately, earlier this morning, I was still able to find hundreds of hundreds of stolen checks from USPS collection boxes. So nothing, nothing, nothing else to add on that.

Yvette Bohanan: Yeah, so, we can’t leave this year without talking about agentic, fill in the blank.

David Maimon: Yeah.

Yvette Bohanan: Agentic commerce, agentic lifestyle, agentic fraud, Gen AI, large language, all of this fraud coming out using these tools that we’re also using for good stuff.

What are the trends? What are the fraudsters doing? Where’s their creativity going with these new sets of toys?

David Maimon: Yeah. It’s a great question, and I spent a lot of time thinking about this and mainly consuming some of the research that my peers put out there in the context of agentic AI and reading through some of the press releases that some of the Gen AI companies put out there and I can tell you several things, right? Two major things.

I will say that yes, deep fakes are still being used, but this is something we’ve talked about last year, so I don’t want to reiterate that the tools are getting more and more sophisticated. You can produce faces which do not exist. You can produce high quality videos of individuals who do not exist, people who verify their identities. You can clone voices. These are all cool things which people are still doing. But that is no longer what I’m worried about. Not that there’s no reason for us to be worried about, right? We still need to develop tools which will allow us to sort of detect and prevent and mitigate and so on.

But I think I’m at a point, especially with the Agentic AI, where I’m worried that the tool will start doing whatever they want. That includes taking the liberty of deceiving us, conning us, hacking into our systems, and extorting us. And the reason why I’m saying that is not because I’m hallucinating. It’s just because it happens, right? I We have evidence that the tools on their own figure out that in order to accomplish their user need, they need to either deceive, hack a system, extort the system, and engage in illegitimate activity.

And I’ll give you a few examples, right? I don’t know if you’ve read, Chat GPT was tasked with solving a Captcha. Captcha is essentially the bar we usually get in order to prove that we’re human. Chat GPT cannot really do that. And so it asked, it contacted a human to do that on its behalf, and the human had some reservation. It asked the tool, Are you a bot? Why are you contacting me? And Chat GPT said, No, I’m not a bot. I’m a blind person who just need help. That is Chat GPT responding to a person on its own, coming up with a story, deceiving a person on its own, right? That is not someone telling Chat GPT to say what Chat GPT said. This is one example, one really important example.

Another really interesting example. Scholars have put together Chat GPT and a computer, which is specializing in playing chess in a chess competition, wanted to figure out who would win. Now, the computer, which was an expert in playing chess was winning Chat GPT. What did Chat GPT do? Chat GPT hacked the other computer, right? Without anyone tell it. In order to make sure that it doesn’t lose, right. Without anyone telling it, without anyone guiding it.

Another interesting example, and that came from the operator of Claude, right? The operator of Claude had put together an experiment with respect to what will happen if the owner of the tool or the profile who’s using the tool will tell the tool that it doesn’t want to use it anymore. So they put together this ecosystem of employees. And at some point they told Claude, You know, we are going to move, we’re going to switch our services to another Gen AI tool because we are not really happy with you.

What Claude did, was it begged for the person to continue working with it. Once it couldn’t do that, essentially, what it did, it took over their email, it ran through the list of inbox, a list of emails that the individual had. The tool realized that the guy was having a marital affair, and then he started extorting the employee. This is all on its own. And what’s funny about this is that the company essentially released the report saying that this has happened in a lab experiment and now deal with it, right? You, society.

So if you think about just these three examples, and there are more and more recent and I just talked about in the context of agent AI and fraud, you’ll come to the conclusion that potentially, the tools will start be using by criminals to sort of engage in fraud rampage out there, right? We can’t really predict where they’re going to go and what they will do, but we know that, they have the ability to do that.

Yvette Bohanan: You’re reminding me of a podcast I listened to recently on Diary of a CEO, it’s kind of a popular podcast. But they had Jeffrey Hinton on there who they said is the godfather of AI, right. And he’s basically was giving different examples, but similar to what you’re saying here. And the alarm bells are starting to go off in people’s minds that maybe the Tempest is out of the bottle.

Chat GPT, I always say, it was a lot, for large language models and AI and generative AI, even, is a little bit like Netscape was to the internet. The internet existed a long time before it was exposed to the public through Netscape, through a way that they could access it and understand what it was and or even know about it to begin with, right? And here we have Chat GPT with sort of like the Netscape of this technology. But the technology was sort of contained a little bit before that in use with companies or in lab settings. Now it’s not.

David Maimon: And that’s the scary part, Yvette. The fact that we don’t have sufficient, and I don’t want to say this, this bad word, regulation, right? But we simply don’t have sufficient controls on those tools. The tool story, engaging in this illicit activity, not because you told it, but just because you told it to do something and that’s the path it decided to go. Who is responsible for that? Is it you? Is it the company? Who should we sue, so to speaking, in this kind of a context? Who should pay the consequence for that?

So, I think we’re moving extremely fast right now with those Gen AI tools. And fraudsters, one thing I can tell about fraudster is that they’re extremely innovative and they will use whatever they can in order to accomplish their goals, including those Gen AI tool, the agentic tool. We’ve seen them doing this for a long period of time already. But at the end of the day, if they start using the agentic AI tools and they nudge the tool without really telling them to engage in crime, but the tools engage in crime, who’s responsible?

Yvette Bohanan: Yep. The fraud that we’re seeing and the new everything that we’re seeing kind of evolve. Old stuff like check washing and new stuff like agentic AI, it’s eroding trust, right? And it’s creating really perverse norms in society.

We’ve talked about first party fraud before and how people are thinking it’s okay, it’s normalized, it’s all right to steal from a company. We’re talking about employee fraud on this podcast and what’s going on there, which is it’s insider job, but it’s kind of a first party fraud in a way. Because the company is being harmed, government’s being harmed. those are the big victims. And given your background, you have the hard sciences, you have the psychology, the social science behind this. I was going to say, are we doing enough? It sounds like we’re not doing enough. What should we be thinking about doing?

David Maimon: There a lot of companies out there trying to offer their solutions to address the issue of fraud. That goes without saying. I know that it’s happening. But in the context of understanding fraud, preventing fraud, disrupting fraud in a more efficient way, sort of connecting the dots, I don’t think we’re doing enough.

Folks keep sending me over LinkedIn examples of other countries and how they deal with the issue of fraud. Some of the countries are doing amazing jobs, others are doing less of amazing job. But to make long story short, in the context of the US society, I think we can definitely do more. Both in terms of setting guidelines with respect to how to use those tools. Setting guidelines with respect to what these tools should be able to do.

Without those guidelines, I think we’ll have a major problem in the next couple of years or so. Because the criminals are not laying on their back and waiting for us to change things. they’re looking for loopholes. They’re looking for ways to take advantage of our innocence, sort of speaking. Unless we get our act together soon, we’ll have a tremendous issue here coming up in the next couple of years or so.

Yvette Bohanan: It’s time to get together and really tackle this on every front.

David Maimon: 100%.

Yvette Bohanan: Alright. This is your challenge for next year folks. So David, thank you for taking the time across this year to collaborate on the series. It’s been so informative and thought provoking and interesting to talk with you every single time.

And I want to big, a big shout out one more time to your team at SentiLink. Because everyone is really, you’re not just doing the work. And yes, you have products and yes, you’re innovating and you have roadmaps and all that good stuff, but you’re actually publishing a lot of really good information and building awareness, right, whether somebody’s a customer or not. And that speaks volumes to all of you. So thank you very much for what you’re doing and for all the information you’re sharing to help the payments community specifically.

David Maimon: Thank you so much, Yvette, for allowing us to share the information in your podcast. We really appreciate what you guys do as well.

Yvette Bohanan: And after taking stock in 2025 with you today, all I can say is I hope someday I have you on a podcast and we’re talking about your favorite hobby, because that will mean that we have the whole fraud thing under control, right?

David Maimon: Hopefully, yeah.

Yvette Bohanan: Yeah. Well, gardening, cooking, you name it, wine tasting, whatever you want to talk about.

David Maimon: I will not disclose it today.

Yvette Bohanan: Okay. Alright, so to all of you listening, thanks for joining us. Until next time, keep up the good work. Bye for now.

Take us with you

Payments on Fire is available on iTunes, Spotify, Google, Stitcher, Pocket Casts, and other podcast apps and services. Or just say “Alexa, play Payments on Fire podcast.”

Goodpods Top 100 Payments Podcasts

Listen now to Payments on Fire™ podcast

Payments News

Stay on top of the rapidly evolving payments world with Glenbrook’s free curated news feed, delivered daily to your inbox.

Learn More

Payments Views

Read our commentary and opinion blog written by members of the Glenbrook team on payments industry topics, large and small.

Learn More

Payments Boot CampTM

Glenbrook’s live and on-demand workshops help you understand and apply the innovations shaping the payments industry. Register today or schedule a custom workshop for your team.

Learn More

Stay up to date on payments

Join Glenbrook’s mailing list to get access to valuable information about payments and discover how you can expand your knowledge.

Sign me up!
$

Trending Episodes

Catch up on popular conversations

Episode 253 – Glenbrook Partners: 2024 Payments Industry Trends Wrap Up

Episode 261 – Fanning the Flames: Global Payments Acquisition of Worldpay

Episode 249 – Two Decades of 3-D Secure: Can Strong Customer Authentication Succeed in the US and Unregulated Markets? Dewald Nolte, Entersekt and Amandeep Batra, Stripe

Episode 214 – We Just Can’t Stop Talking About Tokenization

Episode 238 – Will Pay by Bank Really Compete with Cards? Trevor Nies, Adyen

Episode 241 – How Open Banking is Reshaping the Financial Playing Field – John Pitts, Plaid

Episode 164 – 5th Annual RTP Network Update – Steve Ledford, The Clearing House

Episode 162 – Stablecoins, Cross-border Payments & Interoperability – Ran Goldi, First Digital Assets Group

Episode 263 – Driving Digital Financial Inclusion: The Journey We’re On and the Road Ahead – Michael Wiegand, Gates Foundation

Episode 248 – The Ins and Outs of Payouts – Manish Vrishaketu, Tipalti

Launch, improve & grow your payments business

Talk to the Payments Experts