Countering the Rising Cost of Voice Fraud in Banking

Voice fraud isn’t new. But the rise of text-to-speech and even vocoder deepfakes has dramatically changed the tactics, scale, and cost of these attacks.

At my recent Banking Dive webinar, AI-Powered Defense Against Voice Fraud in Banking, Modulate’s CEO & co-founder Mike Pappas joined Hailey Windham, host of the Banking on Fraudology podcast and founder of CU Fight Fraud, to discuss the shifting voice fraud landscape, its cost to financial institutions, and what banks and credit unions can do to get ahead.

From Phone Scams to Deepfakes: Key Takeaways 

For in-depth insight into the shifting voice fraud landscape, watch the full on-demand webinar. 

Here are the key takeaways from our conversation and why every institution should be rethinking its approach to the voice channel, whether it’s customer service lines or technical help lines. 

Voice Cloning Is Cheap, Easy, and Scalable

One of the most alarming shifts we highlighted is how accessible voice cloning has become. It no longer takes a sophisticated actor to launch effective voice fraud, voice cloning, or to create a fully synthetic voice. Anyone with minimal to no tech know-how can generate convincing clones of voices.

In the webinar, we called out:

• Callback and IVR spoofing attacks are rising. Fraudsters fake phone numbers or mimic the bank’s own IVR systems to trick customers or agents. Think: “Hello, this is Bank of America calling to confirm your account details.” 
• One-time passcode interception is now woven into multi-step attacks. Once an OTP is extracted, voice fraud often becomes the next pivot into account takeover or wire transfers. 
• Cross-channel orchestration is becoming the norm. Attackers may start in voice but move fluidly into SMS, email, or portal interaction, using the voice step to build trust or sow confusion. 
• Emotional manipulation is intentional. I specifically noted that our speech carries nuance and urgency in ways that SMS, website chats, or email cannot. Social engineering done over phone calls can steer victims, like customer service reps, without them even realizing it.

In short: voice fraud is no longer fringe. It’s becoming a core lever in modern fraud campaigns.

Modern Voice Fraud Tactics are Becoming Smarter

Hailey and I also covered some of the most disturbing and deceptive tactics that we see gaining traction in banking and even in credit union settings:

• Impersonation of internal teams: Fraudsters pose as the bank’s security or fraud department, or as investigators, instructing customers or employees to move funds “for safekeeping.”
• Agent manipulation and exploitation: Attackers may call a bank’s own support staff, learn internal workflows and call scripts, then use that knowledge to impersonate the bank when calling customers.
• Internal fraud via “trusted channels”: By spoofing caller identity as coming from internal systems like an internal phone extension, attackers can bypass suspicion and redirect focus away from anomalous requests. 

These methods undermine internal controls and trust within the financial institution itself and erode customer trust.

Small and Large Financial Institutions Have Unique Pain Points

Another recurring theme that we covered in the webinar: credit unions and community banks may be especially exposed, not because their fraud is qualitatively different, but because they often have fewer resources, less redundancies in their security protocols, and tighter operational budgets. With Hailey’s experience in credit unions, we talked about: 

• Social engineering tends to work better in smaller institutions where processes are less formalized.
• Large banks are more able to invest in advanced tools, but they also face broader exposure and difficulty scaling detection operations. Fraud rings may target a single big bank across many fronts.
• Some fraudsters will probe many agents or branches across a larger bank, looking for weak points; smaller banks have less “surface area” but also less buffer against unexpected losses.

Thus, institutions across sizes need creative, scalable defense strategies especially given how attackers operate.

The True Cost of Voice Fraud is Broad

It’s not just the financial toll of fraud that banks and credit unions should be aware of. Fraud attacks ripple broadly across operations, customer experience, and risk management:

• Longer call times and operational drag: Fraud incidents slow down normal service, raise escalations, and clog support pipelines.
• Employee stress and burnout: Call center staff are put under constant pressure to discern legitimacy under duress and fraudsters frequently harass agents over the phone with the goal of pressuring them to bypass security and ID verification measures.
• Broken trust: If customers lose confidence that a bank can protect them, they may move their business.
• Regulatory and legal risk: Even if fraud doesn’t originate in your systems, institutions may be held liable for failing to defend against it.
• “Friction tax” on growth: Over time, each mitigation and insurance measure adds complexity and cost, reducing agility.

‍

Fraud prevention is customer service. Protecting identity and trust is crucial to preserving your institution’s brand.

Traditional Voice-Fraud Defenses Miss the Mark

Most legacy defenses focus on who is calling, not what is being said. That’s a gap attackers exploit.

Conventional controls typically include tactics like voice biometrics or voiceprint authentication or checking call origin and geolocation metadata. But these defenses often ignore conversational cues like tone, urgency, and manipulative phrasing that distinguish benign from malicious calls. Agents themselves often can’t see multi-channel signals while handling calls.

If you don’t analyze the dialogue for social engineering signals, fraud slips through even when everything “looks normal” on paper.

Modern Fraud Detection Requires a Proactive, Real-Time Approach

So what is a bank or credit union to do? Hailey and I argue that institutions need to shift from reactive to proactive fraud defense. Key principles include:

1. Treat the phone as a payment channel. Don’t treat calls as mere support; recognize that high-risk financial actions may be initiated or justified through voice.
2. Close intelligence loops. Share data across departments (fraud, contact center, investigations) so the entire organization learns from each incident.
3. Escalation playbooks. Equip your frontline agents with clear protocols: when to pause, escalate, or invoke deeper review.
4. Continuous risk scoring. Use real-time scoring and multi-factor models to assess risk throughout the call, not just at authentication.
5. Conversation intelligence. Monitor live or near-real-time conversations to flag manipulative behavior, especially on transfers or “urgent” requests.
6. Conduct post-mortems. Analyze the incidents you missed to understand why the fraud passed undetected. 
7. Evolve escalation strategies. Retrain your staff on a regular basis as fraudsters shift tactics.
8. Stay active in industry collaboration. Fraud rings work across institutions; defenses should too.

As voice cloning, deepfake tools, and social engineering techniques continue to evolve, financial institutions must stay two steps ahead. The rise of voice fraud represents a new frontier in financial crime, one where the voice channel itself becomes both the attack vector and the battleground. 

If you haven’t tuned in yet, watch the full webinar on demand here.