The future of fraud prevention isn’t better biometrics. It’s layered truth.
By Jason Shedden, Chief Operating Officer, Contactable
Eighteen months ago, one of South Africa’s largest retailers wasn’t worried about AI.
Onboarding worked. Compliance checks passed audits. Fraud was a known, managed cost of doing business.
Then a syndicate found them.
The attack looked ordinary. Customers submitted genuine South African ID documents. Except they weren’t genuine anymore. Using AI, fraudsters had altered key information directly onto photographs of legitimate IDs, creating documents that appeared authentic to both people and systems.
We searched globally for technology that could reliably detect it.
Nothing could.
That wasn’t the most concerning part.
The most concerning part was realising this wasn’t a new fraud tactic. It was evidence that an assumption underpinning the entire industry had just broken.
For decades, fraud prevention has been built around signals. A photo. A document. A face. A fingerprint. A liveness check. The assumption was simple: if the signal was strong enough, eventually we’d be able to trust it – and importantly, spot it.
AI changed the economics of fraud
Capabilities that once required specialist knowledge are now available to almost anyone willing to use the tools. Attacks that previously took days or weeks of work can now be produced in minutes.
Every era of fraud defence has worked until the effort required to defeat it collapsed. AI has collapsed that effort again.
The result is that trust can no longer be anchored to a single signal.
The death of the single signal
Many organisations are still approaching fraud prevention as though the next technology breakthrough will solve the problem.
It won’t.
“You can’t out-biometric fraud. And I say that as someone who deploys biometrics at scale.” – Jason Shedden, COO, Contactable
Don’t get me wrong, biometrics remain valuable — but they’re no longer enough. In many ways, biometrics are becoming what passwords became: necessary, useful, but insufficient on their own.
The organisations that win will be the ones that combine identity, behaviour, context and risk into a single view of trust.
When we began building our own AI document detection capability, I assumed the answer would be one breakthrough algorithm.
I too was wrong.
We tested every mathematical approach we could think of. Individually, none of them consistently worked. One model would classify a document as legitimate. Another would flag it as fraudulent. A third would sit somewhere in between.
The answer only emerged when we combined dozens and dozens of independent checks and signals.
That experience reinforced a lesson I keep coming back to:
“Fraud isn’t defeated by finding a stronger signal. It’s defeated by combining enough independent truths that deception has nowhere left to hide.” – Jason Shedden, COO, Contactable
Trust is a context problem
A retailer opening digital wallets, a credit provider delivering goods within 24 hours, or an asset manager validating death certificates face entirely different threats. So we can never make the mistake of seeing fraud through one lens. If you do, you’ll come short very quickly.
That’s why the first question should never be, “Which technology should we deploy?”
It should be, “What risk are we actually trying to solve for?”
The playbook is simple:
Understand the asset → Understand the threat → Layer the right truths → Apply the right controls
For years, the question was whether someone could tell the difference between a real customer and a fraudulent one.
AI has made that the wrong question.
The better question is:
When every individual signal can be manipulated, what combination of truths does your business trust enough to say yes?
Jason Shedden is the COO of Contactable, Africa’s Integrated Identity Platform, named Regional Leader for Middle East & Africa by Liminal Strategy Partners. Contactable powers identity, compliance and fraud signals across the customer journey for telcos, banks and insurers in 15 African markets.
© Copyright 2012 – 2023 | All Rights Reserved | Privacy Policy | Terms of Use | PAIA Manual