- podcast
- NEWS
Ancient Greece to AI: The past and future of bank fraud
Sponsored by Thomson Reuters
David Stone, CPA, CFE, MBA, is the author of the most recent FVS Eye on Fraud report.
In this episode, Stone, senior manager–Financial Services Practice Group at BerryDunn, shares insights from the report, which focuses on internal and external fraud risks facing financial institutions. Stone explains how long‑standing schemes — from misuse of dormant accounts to persistent check‑fraud activity — continue to evolve even as institutions strengthen their controls.
Stone, a graduate of the AICPA Leadership Academy, also describes emerging, technology‑driven threats such as deepfakes, more sophisticated ransomware, and the potential impact of quantum computing on systems once considered secure.
Previous Eye on Fraud-focused episodes:
What you’ll learn from this episode:
- David Stone’s explanation of perhaps the first recorded case of bank fraud.
- Defining internal and external fraud, both of which are focus areas in the March Eye on Fraud report.
- Why dormant accounts offer opportunities for fraudsters.
- The fraud stat that “astounded” Stone.
- How deepfakes and enhanced ransomware tactics are reshaping the threat landscape for financial institutions.
- What quantum computing could mean for the future of fraud prevention.
Play the episode below or read the edited transcript:
— To comment on this episode or to suggest an idea for another episode, contact Neil Amato at Neil.Amato@aicpa-cima.com.
Transcript
Neil Amato: Hello, listeners, and welcome to another episode of the Journal of Accountancy podcast. I’m your host, Neil Amato. Today, I’m joined by the author of a recent Eye on Fraud report focusing on fraud trends and mitigation strategies for financial institutions. You’ll hear the conversation after this brief sponsor message.
[Sponsor message]
Welcome back to the show. David Stone is our guest today. David is a CPA and senior manager of the financial services practice group at the firm BerryDunn in Portland, Maine. David, we are glad to have you on the podcast. Thanks for being on.
Stone: Thank you so much, Neil. Really happy to be here today. Before we dive in, just got to say, huge fan of the podcast. Having recorded a few podcasts myself, just really appreciate your style, approach, and then the content is always top-notch as well. Hopefully, I can hit the mark today.
Amato: Well, thank you. That’s very nice. I guess check’s in the mail after that. Appreciate it. No, but we are recording in early March and planning to publish this episode later in March when the FVS Eye on Fraud report that I mentioned is published. One thing that caught my eye in that Eye on Fraud report is you writing that financial fraud dates to ancient Greece.
Obviously, we’re going to talk about some current trends, but let’s go back in time a little bit first. What’s the story there about the first recorded type of fraud?
Stone: Sure. I was a little surprised by this myself, Neil, when doing some research. Back to ancient Greece, around 300 B.C., and it involved a merchant. This person took out what was referred to as a bottomry loan. It was essentially maritime insurance back in the day, back in 300 B.C. He took this out against his ship and cargo, and he was actually planning to sink the vessel after departure and keep both the loan and the goods.
That was the plan. However, his crew figured out what he was up to, and they confronted him about it. He tried to flee. He tried to swim away but actually drowned in the process. I guess not only is it the first recorded financial fraud, probably the first evidence of karma, as well, for this individual.
Amato: Yeah. That was definitely something that caught my eye, and I appreciate you giving me that example to set the stage for our conversation. The title of the FVS Eye on Fraud report is “Banking on Vigilance: Modern Fraud Trends and Prevention Strategies for Financial Institutions.” What is a high-level summary of this report?
Stone: In my role at BerryDunn, I work with a lot of financial institutions, primarily on the assurance side. So, really get a taste of different fraud techniques, fraud trends that are out there, and probably more importantly, prevention strategies, how financial institutions can prevent these emerging fraud trends.
I thought it would be timely to work with the fraud task force at the AICPA on this Eye on Fraud, specifically on fraud trends related to financial institutions. And the way the report reads is we tried to break it up between occupational fraud and then external fraud. Occupational being more insider fraud, if you will — asset misappropriation, financial statement fraud, even corruption.
Then the external fraud being probably some of the fraud trends that you see more so in the news. It could be elder abuse, social engineering fraud techniques, things of that nature.
Amato: Recently on the podcast, when we’ve focused on the Eye on Fraud reports, we have focused more on the employee embezzlement schemes, those types of internal fraud. We will share those previous episodes in the show notes for this one.
One of the prevention tips that caught my eye in the report was “monitor high-performing employees.” Now, I’m not trying to dismiss the other tips, but that one just stood out to me because it’s a little bit different. Why in particular should monitoring of high-performing employees be done as it relates to fraud?
Stone: To provide a little context, this prevention tip is in relation to mortgage fraud. The example that we cite in the report is actually that there are two mortgage loan originators that engaged in a multiyear scheme to defraud banks. One of those originators was actually a top-producing originator. They’re actually ranked fourth nationally a few years back.
Why this prevention tip? Well, of course, you want your loan originators to be high performing. That’s the goal, but are there any nefarious ways in that they’re becoming high-performing originators? Is there a reason that they’re high performing that maybe is fraudulent? That’s why that’s an important tip for financial institutions to consider.
Take a look at your high-performing employees, in this case, specifically originators and just review their activity. Is there anything that seems off, either analytically or maybe even doing a deeper dive to see what’s the underlying documentation that they’re producing? Does that seem legitimate?
Amato: That’s great. Thank you. Obviously, this focus is on banking and financial institution fraud. One type of fraud you discuss is the use of dormant accounts. That was a phrase that was new to me. Maybe it’s not new to most of our listeners, but what are dormant accounts and how do fraudsters use those?
Stone: I’m glad you picked up on this, Neil, and I would think this might be a new term for our listeners, to the extent that they don’t work with financial institutions regularly. I know it’s a term that I wasn’t really privy to prior to my time working on financial institutions.
Dormant accounts — what they are is, as the name implies, it basically means that the account has not had any activity on it for a specified period of time. By account, it could be a deposit account, for instance. You have a savings account at your institution, you transact on that account regularly. If you don’t transact on that account for typically a year, this is the time frame that’s used, the account will go into what’s called dormancy status at your financial institution.
And you wouldn’t necessarily be aware of this occurring. It happens behind the scenes. But what happens is that it goes into dormancy status and typically a control around those accounts is that if you go in to transact on that account that’s in dormancy status, there are additional steps that your institution needs to take to verify that you are who you say you are.
Now the reason this is important, the reason dormant accounts are a good area for fraudsters to maybe target is that, in theory, these accounts are dormant because you’re not really reviewing them often — you as the customer. Maybe it’s an account that you’ve forgotten about even.
Fraudsters, internally as well as externally, target these accounts for that reason because they figure that the owner of the account probably isn’t keeping as close attention to that account as they would an account that they are transacting on regularly.
Amato: I’m glad you brought this up, because I can think of now a few accounts that I may have forgotten about and have probably been dormant in the past year or so. Another thing you mentioned is, I think something people understand — check fraud, passing bad checks. But what I want to know is, does anyone still write checks anymore?
Stone: Valid question. Speaking from personal experience, I don’t write checks often, but I was astounded by the stats that I found, again, when researching for this Eye on Fraud. For instance, in 2022, so a few years back, alone, there were 680,000 reports of check fraud. On its own, that might not mean a whole lot, but that was nearly double the number that was reported in 2021.
The trend is going in the wrong direction. It’s actually gotten to be such a problem that the federal banking agencies, Federal Reserve Board, FDIC, [Office of the Comptroller of the Currency], they actually put together a joint request for public comment on strategies to mitigate payments fraud, including check fraud just this past year, in June 2025.
It’s something that the regulators are taking notice. The short answer to your question, Neil, is yes, people are still writing checks, and it’s still an area where we see a lot of fraudulent activity.
Amato: Check fraud is still out there. Maybe it’s going to be less common, but it still sounds like a problem based on those numbers that you cite and also the fact that guidance — it’s still a concern. Looking to the future where AI and emerging technologies have to be part of the conversation, what are some of the main types of fraud out there that banking institutions need to worry about?
Stone: I think three items come to mind. The first being and probably the most problematic out of the three, arguably, is deepfakes. Listeners may have not heard about deepfakes. It seems like it’s gaining a lot of traction in the news. But this technology, this emerging trend, really scares me for a couple reasons.
To take a step back, what’s a deepfake? Well, essentially, a deepfake is where you use artificial intelligence to mimic or copy an individual, typically virtually. It could be through video chat, for instance, where you might be thinking you’re talking to an employee on the other side of the screen, but it’s actually a fraudster that basically has used AI to look and sound like that employee.
There’s actually a pretty big fraud case that came out, a few years back at this point, where a multinational corporation was defrauded around $25 million through a deepfake. They thought they were on a call with their company’s executives. It ended up that all those executives were actually fraudsters using this deepfake technology.
That’s definitely a primary concern and what I just mentioned is using video chat, but how about just voice too? You get a phone call from somebody that you think is legitimate, but it’s actually an AI-generated voice on the other side.
That really scares me because sure, the video component, maybe you can tell that it’s not quite what you’re used to. Maybe the background is a little off or their facial expressions are a little off. But with voice, I think it’s really tough to tell if the person on the other end is legitimate or not.
I think the deepfake technology and the fraud risk surrounding that is definitely something to watch and is something emerging. I’ll also mention ransomware. And ransomware probably isn’t a new topic to most, but I think that the ransom attacks are getting more and more sophisticated. Whereas fraudsters have maybe used what’s referred to as a double-extortion tactic, meaning that they maybe lock down your systems and steal sensitive data. We’re now seeing that fraudsters are using what’s referred to as triple extortion. Not only are they locking down your systems, stealing sensitive customer data, but they’re actually leaking it to the media. They’re bringing this reputational risk into the picture as well. That’s another trend that I see as emerging.
Then lastly, quantum computing, we hear a lot about blockchain technology and how blockchain technology is super safe. This is probably the trend that is most outward looking, but I’ve heard that quantum computing could actually make blockchain technology obsolete and actually break that technology within minutes or even seconds. I think that’s another trend or risk that we need to be watchful about.
Amato: I think that’s a good list. We have heard about deepfakes. We have heard about ransomware, whether those deepfakes are audio, video. Quantum computing is something that I’m seeing come up in risk reports and such. Good summary.
This has been fun. We’ve gone from ancient Greece to AI, so it’s a pretty good span of time. Anything else you’d like to say as a closing thought today?
Stone: I think that the report really focuses on the fraud trends, where financial institutions need to be mindful and watch out for. I do want to point out that financial institutions are typically seen as a role model for other industries in their fraud prevention techniques.
I think it’s easy when you read this report to maybe forget that and you see these big trends, deepfake technology, check fraud is still around, and think, what are financial institutions doing? But I think we need to remind ourselves that these institutions are typically a target for fraudsters given the amount of information that they contain. And that, again, the prevention techniques that are already in place are a great starting point for these institutions. In general, financial institutions are doing a great job, but as always, there’s these emerging trends that we need to watch out for.
Amato: That’s great. Some good reminders, some good examples. David Stone, thank you for being on the Journal of Accountancy podcast.
Stone: Thank you for having me, Neil. It’s been a pleasure.
