From Siloes to Platforms: New Data on How Security Teams Are Closing the Fraud Gap

From Siloes to Platforms: New Data on How Security Teams Are Closing the Fraud Gap

Fraud is growing — and it's costing businesses big. One study from the Association of Certified Fraud Examiners estimates organizations lose roughly 5% of annual revenue to fraud worldwide. What’s driving the rise in fraud? Generative AI. It’s supercharging bad actors, letting them spin up flawless phishing lures and automate credential-stuffing attacks at scale.

Yet too many organizations are still fighting modern fraud with outdated playbooks—treating authentication and fraud prevention as two separate problems. That leaves costly blind spots: multi-factor authentication gets bypassed, passwords and one-time passwords (OTPs) are too easy to exploit, and logins go unmonitored. But the tide is turning. Forward-thinking security leaders know that single-signal authentication can’t hold the line anymore. The next frontier is about unifying authentication and fraud prevention into one adaptive defense.

That’s exactly what our latest research reveals. Twilio and Liminal surveyed 200 security leaders in our new report, The Convergence of Authentication and Fraud Prevention, to understand how they’re closing the gap — and why marrying these two should become the new norm for protecting both customers and businesses. Here’s a closer look at the survey’s findings and the trends shaping the future of authentication and fraud prevention. 
 

GenAI, social engineering, and speed

Fraud isn’t just growing, it’s getting smarter. Generative AI has fundamentally changed the game, making attacks faster, more personalized, and far more challenging to detect. We’re no longer dealing with typo-ridden emails and obvious scam calls; it’s synthetic identities and bots that can scale credential-stuffing attempts in seconds.

Security leaders agree they’re not prepared: 3 out of 4 admit their current defenses won’t stop AI-powered attacks. When we asked where they feel least confident against GenAI, three areas stood out: 

1. Phishing (75%)

2. Social engineering and scams (71%)

3. Credential stuffing (69%)

And if businesses don’t rethink their security approaches and protect their customers and businesses from these attacks, the consequences could be dire. In fact, 77% of organizations admit they’ve faced repeat account takeovers (ATOs), and of those businesses, 40% say they’ve seen erosion of customer trust and satisfaction, 38% report rising fraud losses, and 23% report increased internal pressure or operational burden.

Looking ahead, the outlook isn’t much brighter: on average, organizations expect AI-driven fraud to increase 55% over the next two years. That’s a sobering forecast, but it also underscores the urgency for change.

Static, point-in-time checks are no longer enough. Defenses must evolve to continuously sense, decide, and act. And buyers know it: 93% now rank social engineering and scam detection as a must-have capability for ATO prevention.
 

Where defenses fail: The authentication gap

Today’s authentication solutions have major blind spots:

• 70% lack supporting risk signals such as behavioral or device intelligence during login,

• 68% perform no continuous checks after authentication, 

• And 62% use multi-factor authentication that is too easily bypassed through methods like OTP interception.

These gaps leave organizations vulnerable and susceptible to increasingly sophisticated scammers. Finally, organizations understand that passwords alone are insufficient, with 72% of business leaders agreeing that single-signal authentication isn’t enough for fraud prevention. And they’re putting money behind that realization — budgets are rising an average of 7.5% next year, with targeted increases in ATO prevention (+8.0%), scam prevention (+7.6%), and authentication (+7.0%). 

The message is clear: authentication can no longer be treated as a checkbox — it must evolve into a layered, intelligence-driven defense that adapts in real time to modern threats.
 

What 2025 buyers are doing differently

In response to these shifting concerns and priorities, security teams’ buying habits are evolving. Here’s what they’re now looking to invest in:
 

Multi-signal scoring

Organizations are moving toward multi-signal risk scoring, recognizing that fraud prevention requires more than static authentication checks. In fact, 92.5% of business leaders say integrating multi-signal scoring with authentication is critical to preventing both ATO and transaction fraud.
 

Probabilistic signals

Adoption of probabilistic signals is already high, with 83% of organizations using them today and most of the remainder planning to adopt them within the next 12 months. These signals are being applied across multiple touchpoints, including step-up/authentication challenges (80%), continuous/session monitoring (74%), and initial login (58%). While multi-factor authentication remains a necessary safeguard, buyers increasingly see it as insufficient on its own without ongoing, signal-based monitoring.
 

Comprehensive platforms over siloed tools

Point solutions are giving way to unified platforms as organizations look to simplify vendor management and improve protection. Although 50% of businesses still juggle three or more vendors per fraud use case, 87% now prefer platform coverage. The return on investment is tangible: large banks using leading identity-focused platforms and multi-signal methods estimate ~$496MM in total fraud loss savings. 
 

How to evolve your identity-centric fraud prevention

The next phase of fraud prevention requires breaking down silos and treating identity as dynamic, not static. Here are the best practices your organization should adopt to protect both your customers and business moving forward:
 

1. Unify authentication and fraud prevention

Fraud doesn’t live in one part of the customer journey, so your defenses shouldn’t either. Eliminate silos by centralizing risk signal ingestion and decisioning across the lifecycle — from pre-registration to login to account recovery. A single source of truth for identity risk allows you to adapt in real time, ensuring the right response at the right moment.
 

2. Shift from static to adaptive triggers

Identity is fluid. Customers make countless routine changes every day, but it’s the suspicious shifts right before a high-value transaction that should trigger red flags. By moving beyond static checks and adopting continuous, session-level monitoring, businesses can spot fraud in real time and respond before it does damage. Here’s how:

• Low risk: A customer completes a routine SIM swap with no other changes. Keep them on the fast path with passkey, skipping OTP challenges by default.

• High risk: A customer initiates a SIM swap within the last 24 hours, adds a new device in an unexpected location, and attempts a high-value transaction. Escalate with push authentication or deny outright.

Adaptive orchestration balances security with user experience, giving trusted users the smoothest path and triggering extra security for risky transactions. Combine behavioral, device, carrier, and conversational signals into adaptive policies that apply friction only when it’s truly needed. 
 

3. Elevate signal depth without adding friction

Fraud prevention should be invisible until it needs to be seen. Prioritize behavioral analytics, device intelligence, and silent network authentication that operate passively and within tight latency budgets. This ensures protection doesn’t come at the expense of conversion. Twilio Verify proves the point: customers see 12% higher conversion rates compared to standard SMS APIs, because authentication flows stay streamlined when every millisecond matters.
 

4. Tackle social engineering head-on

Not all threats are purely technical. Social engineering remains a leading cause of account takeover. Invest in step-up paths, user education, and advanced detection techniques that recognize when human manipulation — not just technical compromise — is at play. Layering in push approvals or branded calling helps customers spot the difference between legitimate requests and scams.
 

5. Build for measurement and ROI

The strongest fraud strategy is one you can prove. Track key metrics like false positive rates, user friction, time-to-resolution, repeat ATO incidents, and customer retention impact. These insights help you prioritize enhancements, demonstrate ROI, and balance security investments with business outcomes.
 

Fraud prevention solutions built for yesterday won’t protect you tomorrow

Today’s strongest authentication strategies don’t rely on piling on more passwords or one-off checks. They’re built on layered, low-latency signals — like passkeys, push authentication, and silent network auth—woven together with adaptive, continuous orchestration. The future isn’t about isolated tools; it’s about unified platforms that bring authentication and fraud prevention together, safeguarding both your business and your customers.