How Two Banks Grapple With Fraud and AI

From check detection technologies and customer education to AI governance policies, two bank leaders share how their organizations approach an increasingly complex risk landscape.

By Laura Alix, Director of Research, Bank Director

Nearly every bank today deals with check fraud. Amid an array of novel scams and schemes, the stubborn prevalence of check fraud neatly illustrates the nature of the risk landscape banks must confront. Widespread adoption of new technologies, including artificial intelligence, has introduced new risk vectors, while long-established risks persist.

“We’re seeing [fraud] rise across the board,” says BJ Goetz, CEO of the $1.2 billion Community Heritage Financial and its subsidiary, Middletown Valley Bank in Middletown, Maryland. “The key is working with customers, educating them and keeping them on the forefront of the ways to protect them.” Goetz has navigated his organization through challenges ranging from elder financial exploitation to the appropriate use of AI.

Maryann Bruce, chair of the enterprise risk oversight committee at the $9.2 billion Amalgamated Financial Corp. in New York, says the rising adoption of AI complicates existing threats. “The AI-related risks we’re most focused on right now are fraud and social engineering,” she says. That includes account takeover and cloned accounts, identity theft, phishing and smishing attacks, or cyberattacks via text message, that can trick customers and employees.

They recently discussed these dynamics with Bank Director’s director of research, Laura Alix, who also shared highlights from Bank Director’s 2026 Risk Survey. The transcript below has been edited for brevity, clarity and flow. To watch the full conversation, access the webinar recording here.

BD: What has your bank done recently to address fraud concerns?

Bruce: Amalgamated implemented DirectLink Risk Review, which is an advanced transaction and image-based risk detection tool [from the core provider FIS] designed to strengthen our check fraud monitoring. The platform uses analytics and AI-driven rules to analyze deposit activity across multiple channels and identify issues, including deposit fraud, image fraud, negotiability concerns and pay verification anomalies. The results have been significant. Just over the past six months, this system has helped us intercept 39 fraudulent checks and prevent approximately $828,000 in losses. In addition, through vigilant teller review, we identified a counterfeit check, which prevented a potential $20,000 loss for a customer.

Goetz: One of the things that we’re seeing from AI is the advancement of those fraud prevention tools on the back end, monitoring account transactions and so forth. Just like Amalgamated, we’re in the process of introducing a completely AI-driven fraud prevention tool.

That being said, we’re educating customers as much as possible. We’re telling our [commercial] customers the No. 1 fraud prevention is Positive Pay. We’re letting customers know to check with their liability insurance to see what sort of check fraud coverage that they have. Historically, businesses have mailed checks in window envelopes. We’re telling customers, “Throw those window envelopes away, because while it may cost you more to replace them and print new envelopes, you’re still preventing the fraud, because we’re seeing fraud come through in checks [taken from] the mail.”

BD: Maryann, what kind of fraud metrics does management share with the board, and how do you act on that information?

Bruce: Management provides our board with a regular dashboard of fraud and suspicious activity metrics. That includes things like [suspicious activity report] volumes, the most common fraud and scam types, overall customer reported fraud volumes, and the drivers behind the activities such as the channels, the products or the customer segments most affected. We also track the trends by fraud type, so the board can see what’s increasing, what’s stabilizing, and where additional controls or customer messaging may be needed.

From a governance perspective, the board’s role is to ensure that management invests in the right mix of technology, frontline training and customer education while maintaining clear visibility into emerging fraud patterns to stay ahead of the threat landscape.

BD: What risks associated with AI are you most focused on right now?

Goetz: It’s pretty scary when you think about how someone can take a three-word comment that is recorded, create your voice, create an entire dialogue, then call our customer care center, and the opportunity to access things goes up. We’re in the early stages of what AI can do from a very negative standpoint.

I think there’s a second risk there that a lot of boards and executive management are facing, and that is a lack of understanding and education on what AI is. It’s incumbent upon boards and upon management to understand and recognize the fact that your staff are and will be using AI, whether you realize it or not.

BD: What factors inform your organizations’ policies governing AI usage?

Goetz: We do have a policy in place that limits what [AI] can be used for at this point. We’re working with different vendors to see what’s available on the AI front. We really want to be in a controlled atmosphere. ChatGPT is wide open in cyberspace. There’s a lot of risk in that. We’ve created a policy that says, “Embrace [AI], use it, but let’s be careful with what we use it for.”

Bruce: The human element has to be part of everything when it comes to AI. You can’t just rely on the output and assume it’s correct. You have to make sure that you’re checking your sources, that someone’s looking at it, that they’re questioning what the output was. Otherwise, you can get into trouble. You’ve got to have that human element of checks and balances.