Account takeover fraud is now the fastest-growing form of financial crime in the United States, costing American consumers a staggering $15.6 billion in 2024 — a sharp increase from $12.7 billion the year before, according to a recent report by Javelin Strategy & Research.

This alarming trend underscores a widening gap between the capabilities of modern fraudsters and the defensive strategies employed by many financial institutions.

The study points to a surge in SIM swapping, increasingly convincing phishing scams, and more frequent social engineering attacks as the primary drivers of the uptick. Yet, most financial institutions — particularly small and mid-sized credit unions — continue to rely on traditional defenses such as passwords, one-time passcodes (OTPs), and security questions, many of which are now easily bypassed.

“The challenge remains keeping members educated when they’re being hit from multiple channels daily,” said David Murphy, president of Marshfield Medical Center Credit Union in Wisconsin. He added that the organization is definitely seeing the impact of account takeover fraud but is still using some of the same defenses it has used for decades.

Murphy leads a credit union with 3,800 members and $90 million in assets. While SIM swapping has yet to become a serious issue in his region, phishing and smishing attacks are on the rise. The emotional nature of these scams — such as romance cons or fake deposit notifications — makes them especially effective.

Fraudsters hit people where they’re most vulnerable, and some members are just desperate to improve their financial situation and fall for these scams, even when they’ve been educated to spot them, Murphy said.

Efforts to implement more robust protections are often stymied by cost and complexity. Murphy shared that one security solution provider quoted $6,000 per month to protect all 3,800 members — a price point that puts advanced fraud prevention out of reach for many smaller institutions.

A lot of the best tools still require member engagement to be effective, and the people most likely to fall victim are the least likely to use them, Murphy added.

Story continued below…

The dual-edged nature of artificial intelligence is also shifting the fraud landscape. Fraudsters are using AI to scale their efforts and make interactions feel more authentic, Murphy said, but AI can also help FIs verify identities and flag suspicious behavior in real time.

Meanwhile, vendors like Portland, Oregon-based Tyfone are trying to get ahead of the fraud curve by rolling out new security protocols tailored for community banks and credit unions. Their latest initiative, Cryptographic Device Authentication (CDA), aims to bind trust to the user’s device using advanced cryptography — creating a seamless, passwordless experience that is also highly resistant to replication by attackers.

Tim Scholten, president of Visible Progress, a consultancy for credit unions and community banks, told Tyfone that without the right tools, it’s nearly impossible to detect fraud until it’s too late. “The fraudsters are getting more clever, and some of their scams are incredibly convincing,” he said.

Scholten advocates for a layered, risk-based approach to fraud prevention, one that evaluates identity verification across multiple dimensions and adapts in real time. Tools like rules engines that measure identity match percentages, require document scans, and validate funding sources can make a real difference.

Scholten said one client reduced its fraud losses by two-thirds using this approach — and without creating unnecessary friction for legitimate users.

While many institutions work to adopt stronger digital security, the personal toll of these scams continues to rise — particularly among older Americans. In Maine, where scam losses among older adults have soared, credit union leaders and state officials are pushing for more public awareness.

According to the Federal Trade Commission, reports from individuals aged 60 and older who lost more than $10,000 to impersonation scams quadrupled between 2020 and 2024. Losses over $100,000 are also climbing.

And those figures likely underestimate the problem as many cases go unreported. So the Maine Credit Union League recently released a public awareness video to help older adults recognize common scams.

“Awareness is our strongest defense against scams. Scam victims reach out to my office every day with stories about deceptive schemes designed to steal their money, their identity, or both,” said Maine Attorney General Aaron Frey.

Back in Wisconsin, Murphy says the same theme holds true. Education and empowerment remain credit unions’ best weapons.

“Empowering our members and consumers in general with the tools and education to protect themselves remains one of the best actionable steps we can take as financial institutions,” he said. “Finding system partners with affordable tools will help expedite this process.”

As account takeover fraud grows more complex and costly, financial institutions across the country face a reckoning: evolve quickly, or risk becoming complicit — if unintentionally — in a crime wave that shows no signs of slowing down.

“Ultimately, as victims continue to be helpless towards the relentless attacks from fraudsters, the fraud business will remain busy.”

 – David Murphy
President
Marshfield Medical Center Credit Union