Digital DNA: Fighting Fraud Is All About Identity

Banks are no longer in the money business. They are in the identity business. This reframing has profound implications for fraud detection and prevention.

The fraud models most financial institutions use were built for a world that no longer exists. The threat has evolved, but the architecture has not. That gap is where fraudsters are finding their entry point.

If you’re a bank or credit union executive whose fraud detection is still anchored in account- and transaction-centric fraud prevention, you’re fighting the 2026 fraud epidemic with 2015 defenses.

Juniper Research forecasts nearly $400 billion in online payment fraud losses between 2023 and 2028. Financial institutions that don’t adapt to the new paradigm will be the ones left holding the bag.

The Core Flaw in Traditional Transaction-Based Models

Traditional fraud detection assumes a legitimate user is initiating a suspicious transaction. That logic used to work, but today’s fraud operates on a fundamentally different model. Modern fraud is a normal transaction initiated by a compromised or fabricated identity. The user isn’t legitimate, yet the transaction seems appropriate.

That completely breaks your traditional transaction-centric risk models.

Consider synthetic identity fraud. Fraudsters no longer need to steal your customers’ IDs. They can create one by blending real and fake data into a plausible identity. This hybrid identity passes onboarding checks without raising alerts. The account opens, and the know-your-customer (KYC) criteria is satisfied.

And then nothing happens. For months, sometimes years. They build a credit profile, establish behavioral patterns, and eventually extract maximum value in a single coordinated move.

Or consider this real-world scenario: A large financial institution detects significant fraud on a single product. But there are zero actual losses on that product. Why? Because that product is the entry point, a weak link in the authentication.

Fraudsters get a foothold there, then move into higher-value products where the real money is. By the time fraud is detected, it’s in a different product. The institution sees clean numbers on one side while being systematically looted on the other.

An analysis of transactions won’t catch that pattern.

The Identity Shift — “Digital DNA" Framework

An identity-centric model doesn’t improve on the traditional approach; it replaces it entirely. Authentication rooted in transactions is pass/fail at a single point in time. Identity assurance is probabilistic and continuous. It never stops evaluating.

The modern framework builds “Digital DNA,” a composite identity signal drawn from three layers:

1. Device Identity is the persistence layer. Device signals go beyond IP address. It includes hardware fingerprints, software configurations, browser attributes, VPN usage, and more. It tracks device states over time. When you return, it compares the current device details to your profile and surfaces anomalies immediately.

Device checks are less about device anomaly and more about persisting an identity across devices.

2. Behavioral Identity is the intent layer. How do you interact with a system? Keystroke dynamics, typing speed, screen pressure, mouse movement patterns, and more are unique, passive micro-interaction signals. They’re extraordinarily difficult to replicate at scale, which is a necessity for a fraudster. This fraud detection disrupts fraudsters’ business model.

Behavioral layer reframes the traditional identity question from “Who you are” to “How you Act.” Because behavior captures intent, and it is hard to fake intent at scale.

3. Network identity is consortium intelligence, meaning it draws knowledge from multiple organizations. It’s the confidence layer, providing assurance in verifications. Graph technologies, software tools for mapping and analyzing relationships from companies such as Mastercard, LexisNexis, and Experian, can track a phone number, email address, or device across financial institutions and flag whether that entity has appeared in networks known for fraud. Consortium signals (i.e., data shared across organizations) give you visibility that no single institution can develop on its own.

Gone are the days when fraudsters could use a VPN in Russia to appear to be logging in from Florida and bypass basic fraud controls. That is no longer possible with Digital DNA. These three layers generate a pre-authorization confidence score for identity before transactions reach your engine. One Brazilian fintech using this method saw 97% higher accuracy for returning users than traditional approaches.

The operational upside is asymmetric friction. Good customers slide right on in, while fraudsters are scrutinized. False positives drop.

Consumer Privacy Concerns with Digital DNA

As with anything, there are complications and difficulties associated with identity-based fraud detection.

When identity is tied to a device, losing that device is a financial event, not just a consumer inconvenience. Recovery must be as robust as authentication. Otherwise, you trade one failure for another.

Explainability must be another non-negotiable. In a transaction-centric model, declining a transaction is easy to justify, such as a high-risk merchant. However, in an identity-centric model, telling a user “you don’t look like yourself” is operationally and psychologically different and harder to defend.

If your customers don’t understand why they were declined, they don’t complain. They leave. Explainability is core to trust.

Data concentration is another legitimate concern. Collecting more device and behavioral data makes your dataset more attractive to hackers. A stolen password is fixable. A stolen behavioral profile is not. Institutions need governance to safeguard this data appropriately.

Models trained on historical data can encode inequities, biasing the data. Age, cultural patterns, and regional norms can all produce systematically higher false-positive rates for certain customer segments.

None of these challenges is a reason to avoid the shift. Just understand them and ensure the proper governance structures are in place. Explainability must be front and center, not an afterthought.

Leaders Who Adapt Will Define the Next Decade of Risk

The pace of fraud evolution will only accelerate. Synthetic identities are proliferating. AI-generated deepfakes are increasingly avoiding detection.

The institutions that will navigate this landscape effectively must accept a fundamental reframe: The value at risk is the integrity of the identity tied to an account. Protect the Digital DNA, and everything else is taken care of.

About the author

Subramanian Narayanaswamy is a senior fraud and risk executive with deep expertise in payments fraud prevention, identity assurance, and machine learning-driven risk systems. A recognized expert in consumer risk management, he has successfully launched several enterprise-wide credit and fraud strategies that have safeguarded and prudently grown multibillion-dollar portfolios. Connect with him on LinkedIn https://www.linkedin.com/in/snsubbu/