Mid-Market Banks Adopt Intelligence Tradecraft as Fraud Networks Grow More Sophisticated – I2 Group - June 24, 2026
Mid-market banks are confronting the same organized fraud networks that once primarily targeted the largest financial institutions. According to Javelin Strategy & Research's 2026 Identity Fraud Study, identity fraud generated approximately $27.3 billion in losses during 2025 and affected 18 million victims. New-account fraud victims increased 31% year over year, while account takeover victims increased 18%, reflecting the growing sophistication and reach of modern fraud operations.
As criminal organizations execute attacks across multiple identities, accounts, institutions, and digital channels simultaneously, many financial institutions are finding that traditional investigative approaches are struggling to keep pace. The threat environment today resembles the complex networks traditionally investigated by intelligence agencies and law enforcement organizations rather than the isolated incidents that many banking governance, risk and compliance programs were originally designed to address.
Large financial institutions have spent years building specialized fraud, cybersecurity, anti-money laundering, and investigative teams to address these threats. Mid-market banks increasingly face the same adversaries but often with fewer dedicated resources and less organizational specialization.
According to John Watson of i2 Group, fraud has become far more interconnected than many traditional banking processes were designed to handle.
"Fraud today isn't isolated," Watson said during a recent BizTechReports executive vidcast interview. "It's networked, it's multi-channel, and it often spans across accounts, identities, and even institutions."
That evolution is changing how banks approach risk management, investigations, and customer identity verification.
Financial Crime Becomes an Identity Problem
For decades, financial institutions concentrated much of their fraud prevention efforts on transaction monitoring. Suspicious payments, unusual account activity, and irregular fund movements were often the primary indicators investigators used to identify potential criminal behavior.
Today, the identity behind the transaction is becoming just as important as the transaction itself.
Criminal organizations are creating synthetic identities by combining legitimate and fabricated information to establish seemingly authentic customer profiles. Account takeover attacks allow fraudsters to gain control of legitimate accounts and leverage established customer relationships. Artificial intelligence is further complicating the challenge by enabling bad actors to create convincing digital personas, fraudulent documents, and highly personalized social engineering campaigns at scale.
Experian's 2025 U.S. Identity & Fraud Report found that 72% of business leaders expect AI-generated fraud and deepfakes to become a major operational challenge, while nearly 60% reported increasing fraud losses as attackers adopt more sophisticated techniques.
As a result, identity can no longer be viewed as a static record established during onboarding. Instead, many institutions are beginning to treat identity as something that requires continuous validation throughout the customer lifecycle.
"What we're seeing is that identity is no longer a static concept," Watson said. "It's something that's being constantly manipulated."
The implications extend beyond fraud prevention. Identity intelligence now influences cybersecurity operations, anti-money laundering investigations, compliance programs, and customer trust initiatives. Failures in any of those areas can expose financial institutions to financial losses, regulatory scrutiny, and reputational damage.
For mid-market banks, the challenge is particularly acute. While they face many of the same threats confronting the largest financial institutions, they often operate with smaller investigative teams and fewer specialized resources.
Traditional Compliance Models Are Showing Their Limits
The growing complexity of identity-centric fraud is also exposing limitations in organizational structures that have remained largely unchanged for years.
Many banks historically developed fraud, anti-money laundering, cybersecurity, and compliance capabilities independently. Each function evolved to address a specific risk category, supported by its own processes, data sources, and investigative workflows.
While it was a structure that worked reasonably well when threats could be categorized and addressed separately, it fails to address risks when criminal activity crosses those boundaries.
Today, a single fraud operation may involve identity theft, cyber intrusion, money laundering, and social engineering tactics simultaneously. Each component may trigger alerts within different departments, creating fragmented investigations and incomplete visibility into the broader threat.
"The challenge for mid-market banks is that identity now sits at the intersection of all these governance, risk and compliance activities," Watson said.
The result is that potentially valuable information often resides in separate systems and among separate investigative groups. Signals that appear insignificant when viewed independently may reveal meaningful patterns when examined collectively.
Banks Adopting Intelligence Methodologies
As traditional investigative approaches encounter growing limitations, financial institutions are examining methodologies long used by intelligence agencies and law enforcement organizations. Those disciplines were designed to investigate complex networks associated with organized crime, counterterrorism, and national security threats, challenges that resemble today's financial crime environment.
For many banking leaders, the required shift is as much philosophical as technological. Traditional investigations often begin with suspicious transactions, account activity, or compliance alerts. Intelligence investigations, by contrast, typically begin by examining relationships among people, organizations, communications, locations, and events. The objective is not simply to determine whether an individual activity is suspicious, but to understand the broader network in which it occurred.
Synthetic identities, mule account networks, organized fraud rings, and coordinated cybercriminal operations, explained Watson, do not often reveal themselves through a single transaction or narrow category of activity. Investigators who connect the dots among customers, employees, third parties, accounts, devices, transactions, and organizations are often better positioned to identify suspicious behavior before losses escalate.
"As a result, the most important starting point is not technology, but rather getting more clarity across different data domains within their institution," he said.
That clarity often comes from connecting data sources that have historically remained separate and creating a more comprehensive view of the relationships among entities involved in an investigation.
Link Analysis Across Organizational Boundaries
The adoption of intelligence-oriented investigative practices is driving changes in how financial crime functions are organized.
Indeed, Watson said the institutions making the most progress are not necessarily those investing the most heavily in technology. Rather, they are often the organizations that improve collaboration and information flow among teams to understand how information from multiple sources connects to form a more complete picture of risk.
This investigative discipline, commonly known as “link analysis”, has served as a foundational capability within intelligence agencies and law enforcement organizations for decades. Link analysis is the process of identifying and visualizing relationships among people, accounts, devices, organizations, transactions, locations, and events. By examining how those entities connect to one another, investigators can uncover hidden associations, identify criminal networks, and reveal patterns that may not be visible through traditional transaction monitoring systems.
Platforms such as i2 Group's Analyst's Notebook have long been used by intelligence agencies and law enforcement organizations to support complex investigations involving large volumes of interconnected information.
Watson believes similar capabilities are now relevant for commercial banking environments, particularly among mid-market institutions seeking to connect fragmented data sources to develop a more complete understanding of financial crime networks.
###