Ordering with the Starbucks ChatGPT app was a true coffee nightmare

Venti iced coffee, light skim milk. That’s what I get at Starbucks. It is what I have gotten at Starbucks every time I’ve been to Starbucks for as long as I can remember, other than a brief love affair with the caffe misto a few years ago. In person, my brain barely needs to activate […]

Study finds AI fraud losses decline, but the risks are growing

While identity fraud losses have stabilized and scam losses have declined, new account fraud has surged, fueled in part by AI, which “is reshaping the fraud landscape,” says Javelin Strategy & Research’s 2026 annual identity fraud study, The Illusion of Progress.

“Artificial intelligence is at the center of these shifts in fraud and scam losses,” the report says. “Financial institutions are increasingly investing in AI and autonomous technology to improve fraud detection,” but, “at the same time, fraudsters are adopting the same tools, at faster paces, to broaden their reach with more convincing scams and efficient fraud schemes.”

“To fight the rising misuse of AI by criminals, financial organizations need to update fraud controls, enhance collaboration, and treat fraud detection as an ongoing process rather than a one-time decision,” the report says.

The study, conducted with support from TransUnion, Fiserv, Plaid, and Mastercard, reported that combined fraud and scam losses totaled $38 billion in 2025, a $9 billion reduction from 2024. The number of victims also decreased by four million, affecting 36 million in 2025.

Traditional identity fraud losses remained steady at $27.3 billion in 2025, affecting 18 million victims, the report says, with the number of victims increasing across all fraud types.

New-account fraud experienced the sharpest rise in the number of victims, a 31 percent increase from 4.2 million in 2024, to 5.4 million in 2025, suggesting that the stability in reported losses might mask shifts in fraud activity.

Account takeover, which makes up a part of both existing card fraud and non-card fraud, saw an 18 percent increase in victims from 5.1 million in 2024, to 6 million in 2025. Reduced losses do not translate to reduced risk.

Scam losses fell 45 percent year-over-year, from $19.5 billion in 2024 to $10.7 billion in 2025. This decline is attributed to an increase in scams that don’t result in immediate monetary loss but can lead to future fraud or account compromises.

Suzanne Sando, lead analyst in fraud management at Javelin and the report’s author, emphasized that the decline in scam-related losses doesn’t mean the overall risk has decreased.

“Reduced losses do not mean reduced risk,” Sando said. “A 45 percent drop may look like progress, but scammers are increasingly stealing information instead of money, setting up future fraud that doesn’t show up in today’s loss figures.”

The study highlighted a troubling 31 percent rise in new account fraud, which impacted 5.4 million victims and caused $7 billion in losses. Despite a 41 percent decline in romance scams, they continue to affect vulnerable populations.

Account takeover fraud, while seeing a slight decrease in losses, remained the costliest fraud type, with an 18 percent increase in victims.

“Fraud losses may look stable on paper, but the risk hasn’t gone away,” Sando told Biometric Update. “Without stronger identity, smarter controls, and real intelligence sharing and collaboration, today’s progress will prove to be nothing more than a temporary pause.”

Sando added that “we’ve reached an inflection point where fraudsters are outpacing banks in AI adoption. Fraudsters don’t have to worry about the same compliance or regulatory guardrails that financial services organizations do, and that gives them an advantage that financial services cannot afford to ignore.”

The report also points to a significant shift in consumer behavior, with many increasingly suspicious of fraud alerts from financial institutions.

“Despite decreases in scam losses … the rise in AI-fueled bank impersonation and purchase scams have made consumers skeptical of legitimate communications from their financial institutions,” the report says, noting that “many consumers now hesitate to engage with fraud alerts, unintentionally exposing themselves to serious fraud risk, simply because they are unsure of the alert’s legitimacy.”

“The result,” the report says, “is delayed action (or sometimes no action at all), unresolved fraud, and increased consumer frustration and confusion.”

As AI-driven scams grow in sophistication, consumers are more likely to distrust messages from their banks. In fact, 55 percent of consumers who received a fraud alert from their financial institution chose not to respond, fearing that the alert itself might be a scam.

AI is being used by financial institutions to enhance fraud detection, but concerns are mounting that current fraud controls may not be sufficient to cope with the rapidly evolving threat landscape.

Financial institutions are urged to implement continuous monitoring and collaborate more effectively to address AI-driven fraud.

The study serves as a wake-up call for financial institutions, urging them to strengthen fraud defenses and adapt to the changing realities of fraud driven by AI.

Last November, Javelin said “the fraud landscape in 2026 and beyond will experience significant changes due to … rapidly evolving mule activity, the importance of distinguishing between agentic commerce bots and malicious automation, and the imminent threat that phantom hacker scams pose to consumers across all demographics.”

“These trends require financial institutions to be flexible and willing to adapt to new technologies that provide stronger defenses against some of the costliest forms of fraud and scams.”

Last month the company warned that “escalating concerns about cyberattacks linked to Iranian-backed attackers and hacktivists put U.S. banks and other critical infrastructure sectors on high alert.”

The company also said that “criminals have set their sights on vulnerabilities during the payment transaction process through the growing adoption of real-time payments and digital wallets.”

As the line between legitimate and fraudulent activities continues to blur, financial services must keep innovating to stay ahead of fraudsters.

Deezer says AI song uploads have nearly overtaken human music

Deezer says it receives nearly 75,000 AI-generated song submissions to its music streaming platform each day, accounting for about 44 percent of all daily uploads, as reported earlier by TechCrunch. Despite the increase in “fraudulent” uploads, Deezer says the consumption of AI songs makes up around 1 to 3 percent of total streams, as the […]

Many smartphones don’t detect face biometrics spoofs or properly warn consumers

Biometric liveness detection remains a significant “flaw” and a “vulnerability” of most Android smartphones with facial unlocking. Most are still prone to simplistic and low-cost spoofs available to inexpert attackers, according to an analysis by Which?.

The publication notes that iPhones are generally immune to spoofs with printed 2D photos, due to the depth-sensing capability of Face ID. Some newer Google Pixel devices were also not fooled by flat images in Which? testing.

The convenience factor of native device face biometrics is identified as such sometimes, and Which? acknowledges that “some manufacturers have made strides in providing clearer warnings during setup.”

Yet many Android smartphones do not, it says, including models from OnePlus and Motorola. OnePlus did just release a new phone with in-display 3D ultrasonic fingerprint biometrics from Qualcomm.

Which? labs has tested 208 phones since October of 2022, and found 2D printed photos were good enough spoofs to fool the face biometric unlock systems of 133 devices, or 64 percent of them.

Testing during 2025 revealed a 13 percent improvement, year-over-year, after a brutal 2024 in which the share of spoof-prone devices rose dramatically.

Samsung’s Galaxy S26 has adequate biometric presentation attack detection (PAD), Which? says, but previous models including the Galaxy S25 do not. At least the manufacturer properly warns consumers that its facial recognition is a convenience feature, rather than a high-security one.

While banking apps and digital wallets no longer accept 2D Android face biometrics as a secure authentication factor, Which? warns that users relying on face biometrics to unlock their phone risk a phone thief with their photo reading their text messages, sending emails from their account, which could allow them to reset passwords for other services, access photos and other sensitive documents and view additional information like wallet history and partial payment card information.

The publication advises all smartphone users to unlock their phones with a PIN or fingerprint biometrics. A complex PIN or password provides the “highest” security level, it says. Patterns provide the lowest, Which? says, because they are easily shoulder-surfed. Shoulder surfing is not mentioned in the password guidance.

Which? will also avoid giving “Best Buy” or “Great Value” recommendations to phones that do not adequately inform users about the limits of their face biometrics capabilities.

As for those apps that do recognize a difference between on-device convenience authentication factors and higher-security biometrics, hopefully they have strong injection attack detection (IAD).

Mercedes’ first all-electric C-Class is its sportiest one yet

The Mercedes-Benz C-Class, typically a benchmark in luxury compact sedans, now gets an all-important electric variant. The new C 400 4MATIC is built on an 800-volt architecture designed for efficiency and long-distance travel. Its estimated range is up to 762 kilometers (473 miles) on the WLTP cycle. And Mercedes boasts that it’s the “sportiest C-Class […]

Roblox on the hook for $12.5M in Nevada online child safety settlement

Roblox on the hook for .5M in Nevada online child safety settlement

Roblox has agreed to pay $12.5 million to the State of Nevada, in part of a settlement deal that “resolves potential litigation over allegations that Roblox failed to adequately safeguard children while they played the online game,” according to a release from Nevada Attorney General Aaron Ford.

Ten million is committed to instituting age assurance for all users, which encompasses facial age estimation or government ID for age verification, as well as for “encouraging children to engage in non-digital activities.” One million will be spent on a two-year campaign to educate minors and adults about online safety. The remainder will be used to create a law enforcement liaison position to work with state law enforcement agencies over concerns about the platform.

Ford says “the injunctive relief that Roblox has agreed to will give parents the tools they need to protect their children on the platform; institute default protections to block predators from engaging with children; and ensure that messages involving minors are not encrypted.”

Per reporting in CNET, Roblox is facing more than 140 lawsuits over alleged shortcomings in online safety. Nevada is now closing its probe.

Roblox still claiming to be online safety paragon

Roblox has continued to push online safety features as evidence that it takes child online safety as seriously as anyone. A post on the company’s blog from CEO David Baszucki outlines two new age-based accounts for younger users: Roblox Kids is tailored to users ages 5 to 8, while Roblox Select will target users ages 9 to 15.“When they roll out in early June, these accounts will more closely align content access, communication settings, and parental controls with a user’s age,” Baszucki says. “We’re also establishing an ongoing selection process for games available to users under 16. Based on our selection criteria, we believe age-checked users under 16 will have access to the vast majority of their favorite games at launch. Age-checked users 16 and older will not see any change to their Roblox experience.”

Roblox Kids accounts will limit access to games with a Minimal or Mild content maturity label.

All communication is disabled by default. Roblox Select accounts will have access to games with content maturity labels up to and including Moderate. By default, Roblox Kids and Roblox Select accounts will not include games that feature sensitive issues, social hangouts, or free-form drawing games.

The company says it uses a three-step selection process to categorize games. The system factors in developer identity verification, real-time profiling and content maturity ratings. It also intends to transition to the International Age Rating Coalition (IARC) framework for assigning content ratings. Baszucki says “these clear, region-specific ratings, such as ESRB in the U.S. and PEGI in much of Europe and the U.K., reflect local cultural norms and will help families identify age-appropriate content while further reinforcing our alignment with global safety standards and local regulations.”

Users will automatically upgrade from Roblox Kids to Roblox Select accounts when they reach age 9, and to standard accounts when they turn 16. Roblox will limit users who have not completed an age check to games rated Minimal or Mild and communication will be turned off by default.

The update also introduces new parental controls, which “transparently show parents which games their child is spending their time in and who their friends are.” Parents can approve access to specific games that are not otherwise available under the child’s default account type.

However, the company has also raised concerns that parents may be helping their kids bypass age checks. The Guardian reports that the firm discovered this while monitoring account behavior to detect signs that a user might have been younger than the age they appeared in facial age estimation.

“When we went and did the validation tests on that, you could see the kid in the background who handed the phone to their parent,” says Matt Kaufman, Roblox’s chief of safety.

Roblox is the new oxycontin: Kentucky AG

“When it comes to safety, we do the right thing, including proactive filtering, age checks, parental controls, and providing clear content ratings,” Baszucki says. “Because the well-being of our community is our highest priority.”

Nonetheless, Roblox continues to serve as a hunting ground for child predators. In a recent interview with Russell Coleman, attorney general for Kentucky – which is also suing Roblox – compared the risks to those presented by opioids.

“This and the social media platforms, Roblox being one of those, it is the opioid fight of my time in office.” Coleman says. “This, this is the threat now.”

Coleman previously referred to Roblox as “a playground for predators and international organizations with links to terrorist organizations to distribute child sexual abuse material.”