The cost of fraud in Canada: the detection gap driving rising bank losses

Canada recorded more than CAD $704 million in direct fraud losses and over 112,000 reported cases in 2025, according to the Canadian Anti-Fraud Centre (CAFC). This increase makes the cost of fraud in Canada one of the main challenges facing the country’s banking sector. For many financial institutions, the greatest risk is no longer only the rise in digital fraud, but their limited ability to detect it before it results in losses.

Recent industry studies highlight a significant detection gap: 35% of banks detect less than 60% of fraudulent transactions before they are completed, while only 31% achieve preventive detection rates above 80%.

Although the analysis focuses on Canada, this dynamic reflects a growing challenge in other highly digitalized markets such as Mexico, the United Arab Emirates, and South Africa, where the expansion of digital onboarding, real-time payments, and mobile banking has broadened the attack surface.

In this context, fraud is evolving driven by artificial intelligence, synthetic identities, and automated attacks, making the gap between detected fraud and actual fraud one of the most critical operational risks in digital banking.

The impact of the cost of fraud on detection in Canada

Digital transformation in the financial sector has significantly expanded the attack surface. The acceleration of mobile banking, remote onboarding processes, and real-time payments has improved the user experience, but it has also increased exposure to fraud.

The volume of attacks is only the tip of the iceberg, as the real issue lies in the ability to intercept them in time and, above all, in how risk signals are structured internally.

In most financial institutions, identity, authentication, and transaction monitoring still operate as separate domains. This lack of continuity prevents a unified view of the user across their digital lifecycle, causing risk to be assessed in a fragmented way at each interaction point.

This suggests that a significant portion of fraud is not only driven by the sophistication of attacks, but also by the lack of correlation between signals that already exist within internal systems. Without a layer that connects identity, behavior, and transactions in real time, many alerts remain isolated and lose predictive value.

Why many banks still fail to detect fraud in time

The detection gap does not stem from a single cause. What makes it particularly concerning is that 70% of banks continue to see fraud losses increase, despite 53% having grown their anti-fraud budget by more than 5% over the past three years.

Higher investment does not equal better detection. The problem is not one of resources. It is structural: legacy technologies, fragmented controls and models that no longer evolve at the same pace as attackers.

Excessive reliance on SMS-based MFA

SMS-based multi-factor authentication remains the most widely used second-factor mechanism in Canadian banking, adopted by approximately 95% of institutions.

However, this model has been systematically bypassed through techniques such as SIM swapping, advanced phishing, or proxy-based attacks that allow OTP codes to be intercepted without alerting the user. In social engineering scenarios, where victims are manipulated into authorizing seemingly legitimate transactions, SMS-based MFA not only loses effectiveness but can also become part of the attack vector itself.

More robust alternatives already exist, such as phishing-resistant authentication based on FIDO2 or passkeys, which are available and proven. The main challenge is not technological, but the speed of adoption versus the pace of fraud evolution.

Low adoption of behavioral biometrics

Of all real-time fraud detection controls, behavioral biometrics is one of the most effective and, at the same time, one of the least widely deployed.

While 52% of financial institutions report having access to behavioral biometrics, Gartner estimates that active deployment in production is only between 25% and 30% — as many banks have it available through vendors but do not actively use it in their operational flows.

This is important because it analyzes patterns invisible to the attacker, such as typing speed and rhythm, device interaction, mouse movements, or screen pressure—signals that a legitimate user generates naturally and that are extremely difficult to replicate even with valid credentials.

Its impact is particularly strong in cases of account takeover (ATO), transactional fraud, and synthetic identities, precisely the fastest-growing fraud typologies in Canada.

Lack of device and contextual intelligence

Another frequent weakness is the low adoption of device intelligence. Technologies such as device fingerprinting, geolocation, contextual analysis, or device correlation are implemented in only around 50% of the sector.

Without contextual visibility, fraud prevention systems struggle to detect critical signals such as:

• access from previously unknown devices,

• unusual location changes,

• automated patterns,

• suspicious connections,

• or behaviors inconsistent with the customer’s historical profile.

As a result, many institutions continue to rely on models based exclusively on rules or static validations.

Fraud evolves faster than traditional models

The most disruptive change over the past year is the speed at which generative artificial intelligence is transforming the threat landscape.

Identity fraud was the most reported type of fraud in Canada in 2025, with 8,403 cases according to the CAFC, while investment fraud accumulated over $351 million in losses — the category with the highest economic impact of the year.

At the same time, AI-generated deepfakes are now capable of bypassing traditional KYC controls based on facial or document verification. What once required advanced technical capabilities is now available as a service under the Fraud as a Service (FaaS) model, accessible to any criminal actor.

This scenario places particular strain on supervised machine learning models, which rely on previously known patterns and fail when new signals emerge.

As a result, many financial institutions are accelerating the adoption of hybrid models that combine supervised and unsupervised learning, with real-time anomaly detection capabilities.

The hidden problem: many banks do not know exactly how much fraud they are letting slip through

One of the most alarming findings from the Gartner Fraud Detection & AML Survey 2025 is the divergence between what institutions believe they are detecting and what they are actually intercepting.

This gap between perception and reality is particularly dangerous because it creates a false sense of coverage. If senior management believes their detection rate exceeds 80% when in reality it is below 60%, investment decisions in fraud controls are delayed precisely when they should be accelerated.

The issue is methodological, as many traditional measurement models assess fraud only after it has materialized, rather than evaluating true preventive capability. And measuring what has already happened is not the same as measuring what could have been prevented.

This also has significant regulatory implications, particularly within frameworks such as FINTRAC in Canada, where non-compliance with KYC/AML obligations can result in substantial penalties — as demonstrated by the record $19.6M CAD fine imposed in 2025 in the KuCoin case, with the administrative monetary penalties framework being further strengthened in 2026.

Adding to this pressure, Canada’s regulatory landscape is actively evolving: Bill C-2 introduces updated AML/CFT obligations under the PCMLTFA, while the Retail Payment Activities Act (RPAA) brings payment service providers under Bank of Canada supervision, with direct implications for digital onboarding and identity verification.

table { width: 100%; border-collapse: collapse; margin: 20px 0; font-family: Arial, sans-serif; } th, td { border: 1px solid #ddd; padding: 10px; text-align: left; } th { background-color: #f5f5f5; font-weight: bold; } tr:nth-child(even) { background-color: #fafafa; }

Component	Estimate (CAD)	Source
Reported direct losses (CAFC)	$704M	CAFC 2025
Operational response costs (1.5–2.5x direct losses)	$1,056M–$1,760M	Sector estimate
FINTRAC penalties for KYC/AML non-compliance	$1.8M CAD in fines (2024) · $19.6M CAD record penalty KuCoin case (2025)	FINTRAC enforcement actions
Undetected fraud (detection gap)	Not officially quantified	Gartner G00846088
Estimated total real cost	$7,000M–$14,000M	CAFC (5–10% reporting rate)

How financial institutions can close the gap 

There is no single solution. But there is a logical investment sequence, prioritized by operational impact and ROI on fraud losses.

1. Move from SMS-based MFA to phishing-resistant authentication
   Adopting FIDO2 or passkeys removes the most exploited vulnerability in the authentication cycle. It is the initiative with the highest immediate ROI against SIM swapping and social engineering attacks.

2. Deploy behavioral biometrics across all channels
   Implementing it in only one channel is not enough. Behavioral biometrics should cover mobile banking, web banking, and onboarding processes to build a reliable behavioral profile. The 48% of institutions that have not yet adopted it face their biggest opportunity to reduce account takeover (ATO) fraud here.

3. Integrate device intelligence as a persistent risk signal
   Device fingerprinting, contextual geolocation, and session correlation should become standard inputs for fraud prevention engines, not optional controls.

4. Strengthen KYC processes with presentation attack (PAD) and injection attack detection
   Deepfakes and AI-generated forged documents require next-generation KYC controls. Institutions relying exclusively on traditional facial or document verification are the most exposed to the rise of synthetic identity fraud.

5. Transition toward hybrid machine learning architectures
   Models based solely on rules or supervised machine learning cannot adapt to new signals. Only 27% of institutions have deployed hybrid ML models. This figure will need to double for the detection gap to decrease significantly.

6. Implement continuous monitoring for new and dormant accounts
   Synthetic identity fraud follows a specific pattern: fraudulent accounts often remain inactive for 8 to 12 weeks after onboarding before executing the fraud. Institutions that deploy post-KYC behavioral monitoring during this period significantly reduce their exposure.

7. Align detection processes with FINTRAC reporting requirements
   Compliance with FINTRAC KYC/AML obligations is not just a regulatory requirement — when properly implemented, it becomes a source of actionable fraud intelligence. Institutions that integrate fraud detection and AML compliance into a single operational workflow reduce both fraud losses and regulatory risk.

8. Participate in threat intelligence consortiums such as DIACC
   The Pan-Canadian Trust Framework (PCTF), developed by the Digital ID & Authentication Council of Canada (DIACC), establishes reference standards for verifiable digital identity in Canada. Institutions aligning their identity architecture with the PCTF gain interoperability and access to shared industry intelligence.

The new competitive advantage

The detection gap has become one of the main drivers of fraud losses in Canada.

While attackers increasingly leverage automation, generative AI, and Fraud-as-a-Service (FaaS) models, many financial institutions still operate with authentication and detection mechanisms designed for threats from a decade ago.

Closing this gap requires a shift toward smarter, more adaptive models capable of continuously analyzing risk across the entire digital customer lifecycle. The ability to detect signals before a loss occurs will be the key competitive differentiator for digital banking.

Want to assess your institution’s real exposure? Request a personalized assessment.

FAQS