The LexisNexis Risk Solutions Cybercrime Report (APAC edition) revealed a 37% year-over-year rise in human-initiated attacks, particularly in sectors such as communications and financial services. Third-party account takeover is the most prevalent type of fraud, accounting for 74.5% of reported cases.
The report claims that businesses are leveraging AI to enhance fraud detection capabilities, indicating a shift towards more sophisticated defence mechanisms. The report concluded that varying regulatory measures across countries complicate coordinated efforts to prevent fraud, necessitating a comprehensive strategy that complies with local laws and regulations.
Comments from industry practitioners suggest that the rise in threats, including their voracity and volume, may in part be fuelled by the adoption of AI within the threat actor ecosystem.
It is also suggested that fraudsters have elevated their game with generative AI (GenAI), creating fake IDs, synthetic voices, and documents so convincing that human eyes and even traditional verification systems can't spot the difference.
However, the same technology that powers these threats can also be the solution. AI-powered verification tools now analyse micro-anomalies, such as subtle inconsistencies in lighting, facial movements, or document metadata, to catch fakes before they cause harm.
With one in four organisations globally already reporting AI-driven fraud attempts, businesses that rely on outdated methods risk falling dangerously behind.
The evolving threat: ATOs and organisational response
Thanh Tai Vo
Thanh Tai Vo, APAC director of fraud and identity at LexisNexis Risks Solutions (LNRS), defines account takeover as "a case where an account of a genuine user is being taken over by, for example, a scammer or cybercriminal without consent."
He explains that the methods vary—from phishing and credential stuffing to exploiting remote access tools—and that while the number of incidents is high, the financial impact is often greater in scams like investment or romance fraud.
For his part, Paul Warren-Tape, chief of risk & compliance at LexisNexis IDVerse, stresses that prevention requires more than just technology: "It comes down to making sure we've got people, process and technology when we're thinking about that layered control."
He adds that education is vital, especially as phishing and smishing (SMS phishing) remain prevalent, and that businesses must be agile in adopting new technologies to keep up with increasingly sophisticated threat actors.
"We know threat actors are using technologies, and they're using them almost at that bleeding edge. Anything new, they'll be able to use it. We need the latest technologies to combat the latest." Paul Warren-Tape
Vo elaborates that behavioural analytics now play a central role, with organisations monitoring user behaviour, device patterns, and location data to detect anomalies in real-time.
"If we see a different device, a different IP address, a different geolocation linked to that account, most companies will probably send out notifications or a step-up authentication to validate that it's a genuine user," he says.
From detection to real-time prevention
Both experts agree that AI is transforming the field of fraud prevention. Vo explains that LexisNexis provides real-time risk scores based on user activity, allowing clients to block or review suspicious transactions immediately, rather than after the fact.
Warren-Tape highlights the growing importance of biometrics, suggesting that "For customer onboarding onto a bank account to stop a threat actor getting in, they're then leveraging technologies to go, do I have a real document? Am I a real-life person? Am I the right person?"
He adds that biometrics are increasingly being used not just at onboarding but also for ongoing authentication, especially for high-risk transactions or when anomalies are detected, providing a strong layer of multi-factor authentication.
Regulatory complexity: The compliance challenge
Deepika Giri, associate vice president for data & analytics at IDC Asia/Pacific, explains that organisations are looking to innovate, quicken the go-to-market process with new solutions, offer better customer experience, and embrace digital transformation.
However, the race to innovate has also revealed weaknesses in how organisations across both private and public sectors are protecting citizen and corporate data from misuse and abuse. This has given rise to an evolving data sovereignty dialogue by industry players and concerned citizen groups.
Interest around data localisation or data residency has been on the rise, including in Asia. Laws enforcing these vary, noted law firm, Herbert Smith Freehills: "Usually thought of as just a data privacy tool, regulations restricting cross-border transfers of data are gaining support with legislators in China, India, Vietnam and Indonesia as a way to protect national sovereignty and security."
The patchwork of APAC data privacy and sovereignty regulations complicates the prevention of cross-border fraud. Warren-Tape points out, "Everyone's local data protection and data protection standards are trying to look after those people in the country to protect them and look after their information."
To this, Vo adds that LNRS anonymises sensitive data to enable secure, privacy-compliant collaboration across jurisdictions.
Recommendations for 2025 and Beyond
Asked how organisations can improve their fraud detection and prevention stance, Warren-Tape suggested establishing a baseline, including assessing where an organisation stands in terms of its approach to fraud as a process. Vo suggested ensuring that key priorities and objectives are established.
Their recommendations can be summed up as follows:
Establish a baseline: Measure current fraud rates and user friction before deploying new solutions, ensuring a comprehensive understanding of the existing environment.
Adopt layered defences: Combine digital intelligence, behavioural analytics, and biometrics.
Invest in scalable AI platforms: Avoid point solutions and choose platforms that evolve with emerging threats.
Continuously monitor and test: Use KPIs and simulation exercises to ensure ongoing effectiveness.
Prioritise compliance: Stay current with regulations and invest in privacy-first technologies.
He concedes that financial institutions and merchants are turning to AI, among other technologies, to detect and actively combat AI-driven threats.
He warns that enterprises face significant integration hurdles as fragmented systems and disparate solutions complicate data ingestion, model deployment, and orchestration within enterprise fraud management (EFM) frameworks.
Make no mistake, we are at an inflexion point in the region when it comes to how organisations handle fraud, as individuals and as corporate entities. The complexity is compounded by the region's fast-growing digital economies, diverse regulatory frameworks, and the relentless innovation of cybercriminals.
For CIOs and business leaders, the message is clear: a reactive, "wait-and-see" approach to fraud is no longer viable. The speed and sophistication of attacks—particularly those leveraging AI and behavioural engineering—demand a proactive, intelligence-led defence strategy. This means moving beyond static rules and after-the-fact investigations to real-time detection, adaptive controls, and continuous learning.
"Technology is there, and it's in a good enough state to identify, detect, and help prevent. It's not going to stop entirely but getting it in quickly enough without having to go through all the lengthy governance components, I think, being able to deal with that in a much more flexible and adaptable manner is going to be very important. So, it's a mindset shift." Paul Warren-Tape
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
