
Last year, the UK’s Financial Conduct Authority (FCA) recorded a 23% rise in “money mule” accounts—individuals allowing criminals to launder funds through their personal accounts—with more than 225,000 accounts flagged. Research by the Royal United Services Institute (RUSI), which analysed data from the UK’s Faster Payment System, found that more than half of funds routed through money mules are paid out within an hour.
In England and Wales, fraud is the most common form of recorded criminal activity. According to the National Crime Agency (NCA), it grew by 19% in the year ending September 2024. Against this backdrop, payment service providers (PSPs) face both rising fraud and tougher regulatory scrutiny.
Fortunately, good user experience (UX) need not come at the expense of effective fraud prevention.
AI has evolved from a reactive rules-based tool into a proactive compliance co-pilot.
Tim Khamzin, founder and CEO, Vivox AI
“Great UX without consideration for risk is the perfect camouflage for fraud,” says Sara West, commercial director at ID-PAL. When UX design removes verification—for example, accepting a photo ID without liveness or facial matching—blind spots emerge. Fraudsters can exploit lost, stolen, or purchased ID photos from data breaches. Others digitally alter images to create new identities that pass visual checks. Generative AI produces increasingly lifelike images and videos that could pass basic checks.
There is no shortage of stolen identification for criminals willing to pay. Flashpoint, a cyber intelligence firm, recorded more than 1.8 billion credentials stolen in the first half of 2025 alone.
Customer attitudes towards fraud and fraud prevention present competing priorities. The LexisNexis ‘True Cost of Fraud’ study found 62% of US ecommerce businesses and 53% of Canadian ecommerce businesses report increased customer churn due to fraud prevention measures, which impacts revenue, customer trust, and operational efficiency among e-commerce and retail merchants.
This leaves PSPs in a bind: fraud itself harms businesses’ bottom lines, their reputations, and exposes them to penalties from regulators, but fraud prevention measures—and their added friction at checkout—are not popular with customers.
West recommends a “risk‑based orchestration & escalation” model: start with low‑friction checks and only trigger photo ID, facial matching, or liveness when the risk justifies it. Reusable identity solutions enable know your customer (KYC) to be perpetual rather than a one‑off, firing triggers when risk changes, such as on a politically exposed person (PEP) or sanctions update.
Global regulators are clear: speed and convenience in payments cannot come at the expense of robust customer due diligence. In the UK, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require that identity verification be “appropriate and proportionate” to customer, product, or transaction risks. For remote onboarding—common in embedded finance—the FCA expects firms to deploy controls against impersonation, including biometrics where needed.
The Financial Action Task Force (FATF) has issued guidance on digital identity systems, emphasising the importance of assurance levels. High-risk cases, such as customers from weak anti-money laundering (AML) jurisdictions, demand “substantial” or “high” assurance, often with multi-factor and biometric checks. FATF stresses verification is continuous, not a one-off, and must adapt as risk changes
In Europe, the second Payment Services Directive (PSD2) and its strong customer authentication (SCA) provisions already push for multi-factor verification in payment flows. The forthcoming PSD3 and Payment Services Regulation package will tighten fraud prevention, continuous monitoring, and secure customer authentication across all payment channels, including embedded ones.
Regulators are also turning their attention to explainable AI in compliance contexts. From next year, the EU Artificial Intelligence Act will classify AI in credit scoring and fraud detection as “high-risk,” requiring transparency, human oversight, and auditability.
For firms using machine learning in onboarding or transaction monitoring, this will mean ensuring decisions are not only accurate but defensible to both regulators and customers.
For embedded payment providers, the regulatory direction of travel is clear: design compliance into user journeys from the outset, ensuring it adapts dynamically as risk evolves and that decisions can be explained. Anything less risks falling short of both regulatory expectations and market trust.
Ben Taylor, COO at Modulr, agrees with West, stressing that frictionless design should not mean removing safeguards. The goal should be “to minimise friction, not remove it,” he says. The key is building compliance into the product from the start, with product and compliance teams shaping customer journeys that adapt to each risk profile.
Dynamic onboarding means low-risk customers move quickly, while higher-risk profiles encounter stronger checks without derailing the experience.
Though fraudsters recruit artificial intelligence (AI) for criminal activity, it can also be deployed for enhanced security checks. Tim Khamzin, founder and CEO of Vivox AI, says AI has evolved from a “reactive rules-based tool into a proactive compliance co-pilot,” enabling real-time monitoring across onboarding, transactions, and behaviour. He adds it can cut false positives, uncover ultimate beneficial owners (UBOs), streamline enhanced due diligence, and automate suspicious activity reports.
However, he warns that challenges remain, including siloed data (which undermines real-time detection); late product involvement by compliance teams; opaque black-box AI models that regulators cannot scrutinise; and weak return-on-investment (ROI) metrics for fraud detection. It follows that governance, explainability, and defined operating procedures are essential if AI is to be a trusted part of the compliance toolkit.
Strong fraud controls don’t need to come at the expense of a great user experience.
Lerato Matsio, CEO, Trudenty
Some providers embed controls at the infrastructure level. Paydock highlights orchestration layers that centralise AML, KYC, and know your business (KYB) rules across all payment flows, maintain single audit trails, and simplify data protection through tokenisation. The trade-off, in many cases, is increased dependency on third-party services; however, this can be mitigated through careful vetting and continuous monitoring. The approach is drawing interest from platforms seeking continuous compliance, where automated checks update in real time in response to changes in directorships, market activity, or risk profiles.
Lerato Matsio, CEO of Trudenty, stresses this idea: “Strong fraud controls don’t need to come at the expense of a great user experience.” She advocates for dynamic, personalised background assessments, with intervention reserved for high-risk users. She says this allows seamless transactions for legitimate customers while shifting towards intelligence-driven risk monitoring.
Industry experts broadly agree: risk-based escalation should be the default, with AI and personalised fraud prevention bringing compliance closer to real-time. The competitive advantage will belong to those who can integrate these elements without introducing blind spots, designing user journeys where security and speed reinforce, rather than undermine, each other.
The implications go beyond operational efficiency. Regulators are raising expectations around continuous KYC, explainable AI, and the auditability of transaction monitoring. As criminal tactics evolve—from deepfake IDs to instant mule account payouts—the ability to verify, monitor, and respond in real time is becoming a baseline requirement, not a differentiator.
UX and compliance are not opposing forces. The most successful embedded payment platforms will design for both from the outset, treating compliance not as a hurdle but as a core part of product value. The speed and volumes at which money can move in modern payments mean embedding trust is not optional but the foundation on which long-term growth will be built.
Great UX without consideration for risk is the perfect camouflage for fraud.
Sara West, commercial director, ID-PAL