There has been a dramatic rise in e-commerce fraud as the increasing use of AI-generated deepfakes poses an unprecedented security challenge for online merchants.

A report from research firm Juniper projects a 141% increase in global losses, from $44 billion in 2024 to a staggering $107 billion by 2029.

The report points to AI as a major factor driving the growing sophistication of these fraud attempts, with the technology being deployed to bypass verification systems that safeguard online transactions.

The study also identifies a rise in “friendly fraud” — a scenario where customers themselves exploit systems through activities like refund fraud — further straining merchant profitability.

AI enables fraudsters to remain ahead of security measures by creating synthetic identities and crafting highly credible messages at scale, overwhelming traditional, rules-based prevention systems.

The report warned as these technologies become more scalable, the frequency and quality of attacks continue to rise, posing an increasingly serious risk to the global eCommerce ecosystem.

Contextual Defense

Kris Bondi, CEO and co-founder of Mimoto said to combat growing fraud activities, merchants must prioritize elevating KYC — know your customer — and continually confirming the “person” representing their customer is who they claim to be.

“Two important shifts merchants must make are not assuming a credential is an actual specific person and not adding friction to the customers’ experience to prove themselves,” Bondi said.

She said in the age of AI, businesses must add context to their cybersecurity responses.

“This will enable them to prioritize to what they respond and what the response is,” Bondi said.

It enables more policy-based automated responses and highlights what needs immediate human attention.

“This also shows the need to move away from traditional anomaly detection techniques that are notorious for sending tons of false positives,” she added.

Bondi noted legacy security solutions are part of the challenge, as bad actors have developed their tools specifically to overcome and outwit these solutions.

“Legacy security solutions aren’t architected to be dynamic or able to adapt in the moment,” she explained. “Often, they’re relegated to being part of after-event forensics.”

Benefits and Risks of AI Defenses

John Bambenek, president at Bambenek Consulting, noted the early landscape of criminal AI seemed to be more scams of criminals defrauding other criminals, but the ground is shifting.

“For now, those capabilities are allowing them to craft similar attacks faster and in greater quantities,” he said.

He said nothing is truly “new” as AI is inherently retrospective, but malicious actors can craft phishing lures faster and in greater quantities, for instance.

“Attackers are also using GenAI to research and synthesize information quicker,” Bambenek explained.

From his perspective, using AI to prevent fraud can be a Faustian bargain, as attackers could just as easily manipulate such systems to artificially decline safe transactions too.

“Businesses will have to choose between less fraud and customer friction from false positives, or for more fraud and less customer friction in keeping money flowing,” Bambenek said.

He added using AI for cybersecurity is inherently dangerous since attackers are already fooling automated systems and have decades more experience in doing so than cybersecurity pros have in preventing it.

“Any AI tool should have a manual review of 10% until the quality is established, then 1% of events after,” he said. “If the error rate creeps back up, then back to 10%.”

This allows for capturing those situations where attacker behavior changes before the AI system is trained to detect it.