Green Sheet interviews Mitek's Keivan Bahmani

As artificial intelligence reshapes the fraud landscape, the race to build and maintain trust has become one of the payments industry's defining challenges. Fraudsters are using AI to create more convincing scams, deepfakes and synthetic identities, while security teams are deploying increasingly sophisticated defenses to detect and stop them in real time.

In this Q&A, Keivan Bahmani, Ph.D., director of machine learning and AI integrity at Mitek, discusses how organizations can stay ahead in an environment where both innovation and risk are accelerating, and why layered defenses, real-time adaptation and customer trust are now deeply interconnected.

Green Sheet: With AI now empowering both attackers and defenders, what does it mean to win the trust race, and how can organizations measure whether they're ahead or behind?

Keivan Bahmani: Winning the trust race comes down to maintaining strong fraud protections while preserving fast, low friction experiences for real customers, even as AI enables scams to become more realistic and scalable. When customers can onboard, transact and recover accounts smoothly while fraud attempts are consistently blocked, trust becomes an operational advantage rather than a tradeoff between security and growth. 

Organizations can measure whether they're ahead or behind by looking beyond traditional fraud‑loss metrics. Signals like attack presentation classification error rate, customer drop‑off during authentication or onboarding, response time to emerging fraud patterns and the speed at which new attack techniques are detected all offer insight into trust performance. 

Teams that adapt defenses continuously and intervene earlier in the fraud lifecycle gain a clear advantage, while teams that rely on reactive controls or introduce unnecessary friction will fall behind. 

GS: AI-driven scams are becoming more human and scalable. What specific tactics are you seeing that represent a meaningful shift from traditional fraud methods?

KB: Several AI-enabled tactics are changing the landscape of how fraud is carried out compared to traditional methods. Document template attacks now allow fraudsters to generate high-quality forged IDs that replicate layouts, fonts and security features. This method can bypass basic verification checks at scale.

Deepfakes have also become more advanced. They make it possible to impersonate real customers or executives convincingly enough to defeat traditional biometric and liveness controls. Additionally, phishing attacks have grown more sophisticated. AI is now used to develop personalized context aware messages that adapt in real time based on the victim's responses.   These tactics are increasingly combined across the identity lifecycle rather than used in isolation. Fraudsters may use synthetic identities to bypass onboarding, then rely on deepfake impersonation, injection attacks or social engineering to escalate access or authorize high value transactions later.

This multi-layered approach represents a departure from traditional fraud attempts. It underscores why static single layer defenses are no longer sufficient in an AI-driven threat environment.

GS: Deepfakes and synthetic identities are often discussed at a high level—where are they already having the most tangible impact on businesses today?

KB: The most tangible impact is being felt in digital onboarding, account takeovers and high-value transactions. In these instances, identity verification traditionally service as the gateway to trust. Deepfake audio and video are now capable of bypassing basic biometric checks. Synthetic identities, often created by blending real and fabricated data, can also pass initial verification with alarming ease.

These attacks go beyond direct financial losses. They also undermine confidence in digital channels by challenging the assumption that identity checks can reliably distinguish legitimate users from fraudsters. Once fraudulent identity is established, the activity often persists for long periods of time and gradually accumulates trust, access and transaction history before being leveraged for larger attacks.

GS: Security teams are deploying AI to counter these threats, but what are the biggest gaps or limitations in current AI-driven fraud defenses?

KB: A major limitation of today's AI‑driven fraud defenses is that they are applied to systems never built to handle adaptive AI threats. Fraudsters are learning how detection models behave through techniques like model probing and testing system responses. This gives attackers insights into which signals trigger defenses, and which do not.

Because of this, they can adjust their tactics to avoid detection. When AI models are not regularly stress-tested or trained, they can become very predictable.

Another major gap is the growing mismatch between how quickly AI-generated fraud evolves and how quickly defenses can respond. Deepfakes, synthetic identities and AI social engineering are improving in realism and speed. Many security teams still depend on models that update too slowly or operate alone.

Even the most advanced AI tools can fall behind if teams lack layered defenses, real time monitoring and strong governance over model training and data integrity. AI can be a powerful defense, but only if it is evolving at the same pace as the threats, t's meant to stop.

GS: You've emphasized early detection and real-time intervention. What does an effective layered defense look like in practice for organizations at different levels of maturity?

KB: An effective layered defense starts with the recognition that fraud is no longer happening at a single moment or channel. For organizations that are less mature, the foundation is strengthening digital onboarding with AI-driven document verification, biometrics and liveness checks that are supported by data sources to confirm that a real person is present from the start.

These tactics work together and establish identity confidence while filtering out common forgeries and synthetic identities before any fraud takes place.

As programs mature, defenses expand across the entire identity lifecycle and adapt in real time based on risk. This includes continuous authentication by using biometrics and behavioral signals, step up verification during high-risk actions like password resets or large transactions and secure recovery processes that prevent account takeovers. 

More advanced organizations also apply the same layered logic to physical channels, such as physical locations, and use dynamic orchestration to introduce "good friction" only when risk warrants it. At every stage, the goal should be the same, which is detecting AI driven threats early, intervening in real time and maintaining trust without degrading the customer experience.

GS: As AI models continue to advance, how should organizations balance innovation with risk, particularly when the same technologies driving growth are also enabling more sophisticated fraud? 

KB: As AI models advance, innovation is accelerating faster than governance, with 94 percent of CEOs citing AI‑driven innovation but only 24 percent confident they can balance risk with value. The most effective approach is to assume that any AI capability driving growth will be tested out by fraudsters and to build defense methods that evolve at the same pace.

Organizations need to invest in continuous model improvement like dynamic training and adversarial testing, so defenses are constantly exposed to new attack patterns instead of optimized only for known threats. Accuracy alone is not enough anymore, and models must be resilient to manipulation, adaptable in real time and maintain performance as fraud tactics change.

Additionally, high quality data, strong oversight and clear accountability are essential to ensuring AI systems remain trustworthy as they scale. Organizations need to pair real-time detection and automated responses with rigorous compliance frameworks that will keep pace with AI-driven decision making.

When innovation is paired with strong governance and layered defenses, organizations can move quickly without sacrificing customer trust. This balance is crucial, especially as the same technologies are powering growth and are being used to enable more sophisticated fraud.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.