Faster money means faster fraud. AI is on both sides of the arms race, and the defenders are running out of milliseconds.

For years, fraud detection worked because money was slow. A wire transfer took hours. An ACH payment cleared overnight. That lag was ugly for customers, but it gave banks time. Time to flag anomalies, review patterns, freeze suspicious transactions before funds actually moved.

Instant payments destroyed that buffer. When funds settle in seconds, the fraud detection models built for ACH timelines do not just underperform. They break. The window between "authorised" and "gone" has collapsed to milliseconds, and fraudsters figured this out before most banks did.

Here is the thing. The technology racing to fix this problem is the same technology making it worse.

The numbers are bad and getting worse. According to PYMNTS, 85 percent of banks expect fraud to increase as instant payments scale. Not "might increase." Expect it. Call it what it is: resignation dressed up as risk management.

Deloitte projects that generative AI could fuel $40 billion in US fraud losses by 2027. To put that in context, the figure was $12.3 billion in 2023. Triple in four years. And that projection was made before instant payment volumes hit their current trajectory.

The fastest-growing threat categories tell you where this is heading. Synthetic identity fraud tops the list at 61 percent, followed by impersonation scams at 60 percent and cross-border fraud at 54 percent. All three share a common trait: they exploit speed. A synthetic identity does not need to hold up for weeks. It needs to hold up for seconds. That is enough.

And the old safety net is not coming back. Nobody is going to slow payments down again. Checks, not instant payments, actually pose the biggest fraud risk today, but the industry is not building its future on checks. It is building on speed. So the fraud problem is not a temporary growing pain. It is structural.

This is where it gets strange. AI is now the standard tool for fraud detection, and it works. 83 percent of industry leaders say AI reduces false positives. Mastercard reports that AI is helping banks save millions by catching fraud that legacy rule-based systems missed. Real results. Real money saved.

But generative AI is also powering the attacks. Deepfake voice authentication bypasses. Synthetic identities generated at scale. Automated social engineering campaigns that sound like your actual bank because they were trained on your actual bank's communications. We covered this dynamic in depth in our analysis of the AI fraud paradox facing banks. The core problem has not changed. It has accelerated.

Finastra just partnered with FraudAverse to deliver real-time AI fraud prevention for global payments. The pitch is straightforward: embed fraud detection directly into the payment flow so it runs in the same milliseconds the transaction takes. No batch processing. No overnight reviews. Detection at the speed of the payment itself.

That sounds right. It has to be right, because the alternative is accepting that some percentage of instant payments will simply be stolen. But there is a problem with framing this as an arms race. Arms races do not end. They escalate. And right now, the attackers have a structural advantage: they only need to find one gap. Defenders need to cover all of them.

So how do you cover all the gaps? Six in 10 banks are turning to payments hubs to unify their payment rails into a single orchestration layer. The logic is sound. You cannot secure what you cannot see, and most banks cannot see across their own infrastructure.

A typical mid-size bank runs instant payments on one system, ACH on another, wires on a third, and card payments on a fourth. Each has its own fraud rules, its own risk thresholds, its own blind spots. A fraudster who gets flagged on one rail can simply try another. That is not a technology problem. It is an architecture problem.

Paysecure and Yaspa are adding an identity verification layer to payment orchestration, tying the "who" to the "how much" and "where" at the moment of transaction. The idea is that fraud detection should not just analyse the payment. It should analyse the payer, in context, across every rail they touch.

Banks are also shifting their AI investments away from chatbots and toward autonomous money movement. That is a telling reallocation. The industry spent years putting AI in front of customers. Now it is putting AI behind the transactions, where the actual risk lives. As we noted in our coverage of the Nasdaq Verafin AI fraud surge, the institutions moving fastest on detection infrastructure are the ones that got burned first.

Real-time fraud detection works. It is getting better every quarter. The models are faster, the data is richer, the partnerships are multiplying.

Real-time fraud recovery does not work. That is the gap nobody wants to talk about.

When an instant payment clears, the money is gone. Not "processing." Not "pending." Gone. Moved to another account, possibly another country, possibly already converted to crypto, within seconds of the fraud succeeding. There is no equivalent of a chargeback for instant payments. No 60-day dispute window. No provisional credit while the bank investigates.

The entire consumer protection framework for electronic payments was built on the assumption that money moves slowly enough to be recalled. Instant payments broke that assumption, and nothing has replaced it.

Some jurisdictions are experimenting with liability frameworks. The UK's Authorised Push Payment rules shifted some responsibility to receiving banks. But these are patches on a structural gap. The missing piece is not better AI. It is a recovery mechanism that operates at the same speed as the payment itself.

Until that exists, every improvement in fraud detection is playing defence with no goalkeeper. You can stop 99 percent of shots. The one percent that gets through still scores.

The next instant payment you send will clear in under two seconds. If it was fraudulent, how long will it take to get your money back?