Credit Unions Prepare for the Day AI Agents Start Spending

Artificial intelligence is changing the nature of financial fraud by giving criminals the ability to imitate voices, construct synthetic identities and reproduce the digital behavior of legitimate account holders.

For financial institutions, and especially for credit unions, that development is forcing a reassessment of how identity is verified and how fraud detection systems operate.

In a What’s Next in Payments interview, Elizabeth Wadsworth, vice president of Decision Intelligence and Transformation at Velera, said the industry is moving into an environment where identity verification cannot rely on traditional signals alone.

Credit Unions See Fraud Attempts Across the Entire Member Lifecycle

Fraud is no longer confined to a single stage of the member journey. Credit unions are seeing attempts during account creation, login authentication and transaction activity, Wadsworth said.

“We’re in a space where it’s hitting all sides,” she said, adding that financial institutions must strengthen defenses across every point of interaction.

Synthetic identity fraud remains one of the most persistent threats. While the tactic has existed for years, generative AI tools are making it easier for criminals to assemble convincing identities by combining fragments of legitimate data with fabricated details.

Wadsworth said AI is accelerating that process.

“When we talk about LLMs assisting with this, that’s really what we’re starting to see more of,” she said, adding that synthetic identities are becoming easier for attackers to generate.

At the same time, fraud detection faces automated systems that imitate legitimate consumer behavior. Criminal groups can deploy AI to simulate patterns that look normal to fraud monitoring systems.

Fraud teams must increasingly determine not only whether a transaction appears unusual, but whether the activity itself is being carried out by a machine designed to behave like a person.

Voice Cloning Adds a New Layer of Risk

Voice authentication systems, widely used in contact centers, have become another area of concern as AI voice synthesis becomes more sophisticated.

Many financial institutions rely on voice recognition technology to confirm a caller’s identity during customer service interactions. Generative AI tools now allow criminals to reproduce voices with surprising accuracy.

“With synthetic voices now, bad actors can scrape voices off the internet via social media channels, take a snippet of that voice and then create an entire script based on that person’s voice,” Wadsworth said.

Fraud Decisioning and Risk-Based Authentication

To respond to these developments, credit unions are strengthening fraud decisioning systems that evaluate the context of a transaction before allowing it to proceed.

Risk-based authentication is becoming a key tool. Instead of requiring the same authentication steps for every interaction, institutions increase verification only when risk indicators appear.

For example, unusual login attempts, unrecognized devices or abnormal transaction patterns may trigger additional verification steps, such as one-time passcodes or device confirmation.

“We don’t want to start there,” Wadsworth said, referring to heavy authentication requirements for every interaction.

Instead, security measures should escalate only when risk signals warrant additional scrutiny, she said. That approach allows credit unions to maintain a smooth member experience while still responding quickly to suspicious activity.

Passkeys and Device Authentication Strengthen Identity Protection

Another area receiving increased attention is device-bound authentication and passkeys. These technologies link identity verification to a trusted device, such as a smartphone, which provides an additional layer of confirmation when a user attempts to access an account.

Device authentication verifies that the user possesses the device typically associated with their account, Wadsworth said.

“That is device-bound authentication,” she said. “That’s really the security that we’re looking for.”

Passkeys add a safeguard by using cryptographic credentials stored on the device itself rather than transmitting passwords across networks.

Credit unions are also exploring tokenization to protect sensitive identity information. Tokenization replaces sensitive data with randomized tokens so that the underlying information never travels across the internet.

“If it’s not out there in the first place and it’s tokenized, that reduces the option of that being something that’s happening,” Wadsworth said, referring to the risk of identity data being stolen and reused in fraud schemes.

Preparing for the Rise of Agentic AI

The next identity challenge may involve AI agents that conduct transactions on behalf of consumers, Wadsworth said. As these systems begin to participate in digital commerce, financial institutions must determine how to verify that an agent is authorized to act for a specific individual.

The industry has not yet fully defined how that process should work.

“I think agent identity is something that is an industry-wide issue,” she said.

Establishing clear methods for verifying agent authorization will be critical as automated commerce expands.

“AI agent authorization is something that is really important,” Wadsworth said. “If we know that it’s an agent that is authorized, that makes our lives a lot easier.”