The AI that helps a bank stop a scam before the payment
Commonwealth Bank combines models, alerts, and fraud teams to spot risky payments without making AI an automatic judge.
A payment scam does not always look unusual. A customer may authorize the transfer because someone persuaded them by phone, message, or fake advertisement. That makes bank prevention difficult: it is not enough to look for a stolen card or a wrong password. The bank must identify risk signals without indiscriminately blocking legitimate payments.
Commonwealth Bank of Australia (CBA) is a useful case because it has brought that detection into a large-scale operation. In 2024, the bank said it processed and analysed more than 20 million payments a day. Across that flow, it combines verification technologies, detection models, customer alerts, and teams that investigate cases. AI is part of the system, not the only defence and not the sole final decision-maker.
From payment to preventive warning
The deployment uses several layers. NameCheck checks account details before a transfer and aims to prevent money from reaching the wrong account or one linked to a scam. CBA also introduced a model to detect potential investment-scam transactions in real time, identifying cases for its teams to investigate.
In November 2024, CBA said generative AI was helping it flag thousands of suspicious transactions and send 20,000 proactive warnings a day to retail customers through its app. A warning is not an accusation that a customer or merchant has committed fraud. It is a signal for a person to reconsider a payment and for the bank to apply its controls according to risk.
The value is timing. An authorized transfer can move from a victim’s account through intermediary accounts within minutes. If a system links information such as the payee, a payment pattern, or signs of a known campaign and warns before funds leave, the bank gains an opportunity to prevent a loss. It is not a promise to stop every scam. It is a way to focus attention where it may be needed most.
Results, and what they cover
CBA reported that customer scam losses fell by more than 50% in FY24 compared with the previous year. It also estimated that NameCheck prevented about A$40 million in scam payments and more than A$370 million in mistaken payments from July 2023 to June 2024; its results presentation groups these as more than A$410 million in prevented payments. The tool was used 57 million times during that period.
In its November update, the bank linked a 30% drop in customer-reported fraud to measures such as its generative-AI-powered suspicious-transaction alerts. This is a meaningful operational improvement: rather than waiting for a complaint, the bank tries to intervene before or during payment.
But attribution matters. CBA does not say that one model alone caused the lower losses. Its reporting includes specialist teams, customer education, intelligence sharing with other institutions, identity checks, policies for payments to certain cryptocurrency exchanges, and telecoms collaboration. The 50% figure describes the outcome of that package.
Balancing security and friction
A system designed only to detect the greatest possible number of risks could stop too many legitimate payments. Those false positives carry a cost: they delay a purchase, complicate an urgent payment, and may affect customers with atypical transaction patterns unevenly. A useful alert therefore needs a comprehensible explanation, review routes, and criteria monitored against real-world data.
CBA says its investment-scam model identifies potential cases for human teams to investigate. It also says it implemented 11 guardrails for customer-facing generative AI, covering risks from malicious inputs and misleading outputs. These are relevant measures, but they do not replace independent assessment of bias, privacy, and effectiveness required for responsible financial systems.
Privacy is another condition. Detection works precisely because it analyses payment and behavioural signals. That requires limiting data use to prevention, applying security, and ensuring that customers can understand what happens if a transaction is delayed or challenged.
A lesson for banking
The value of AI in fraud prevention is not assigning a sophisticated-looking label. It is improving the moment of intervention: before money becomes unrecoverable, without turning every payment into suspicion. CBA illustrates a useful architecture: models that prioritize risk, clear warnings, verification steps, and staff who decide how to act.
For other institutions, the lesson is not to copy a headline figure. It is to measure prevented losses, false positives, response time, and outcomes across customer groups separately. An anti-fraud tool earns trust when it reduces real harm and explains how it protects the customer without preventing them from doing business.