March marks Fraud Prevention Month in Canada—a timely opportunity to rethink how organizations approach one of today’s fastest-evolving risks.
In this episode of A CGI Conversation, Derek Marinos speaks with Tammy McKinnon, Senior Vice President of Global Fraud Management at Scotiabank, and Neha Gupta, Director, Consulting and Financial Services Fraud Prevention Expert at CGI. Together, they explore how leading organizations are reframing fraud prevention as a strategic enabler of trust, resilience and long-term growth.
From the rise of social engineering and agentic AI to the growing importance of data, analytics and ecosystem collaboration, this boardroom-level discussion delivers practical, executive insights for leaders navigating an increasingly complex threat landscape.
Ideal for financial services executives, Chief Risk Officers and Chief Information Security Officers, Heads of Fraud, Cyber and Financial Crime, Digital, customer experience and transformation leaders, and Payments executives.
- Chapter 1: Introduction and Industry Context
-
Introduction
Derek Marinos (Host):
Welcome to a CGI conversation, a place where we explore the trends, challenges and opportunities shaping the future of business and technology. I'm your host, Derek Marinos. Marks Fraud Prevention Month. And today we're reframing a topic that's often misunderstood.
Fraud is seen as friction, a cost to manage, a risk to contain. But in this conversation, we'll explore how leading organizations are shifting that mindset. Treating fraud prevention as a strategic enabler that builds trust, resilience and stronger customer experiences.
I'm joined by Tammy McKinnon, Senior Vice President of Global Fraud Management at Scotiabank and Neha Gupta, a financial services and fraud prevention expert at CGI. Let's get started. To set the stage, let's begin with the big picture and clear up some of the misconceptions that still exist around fraud.
Tammy, from your vantage point, leading global fraud management at Scotiabank, how has the fraud landscape fundamentally changed over the past few years, and what do leaders still tend to misunderstand about fraud today?
Tammy McKinnon:
Hi Derek. Thanks for having me on the show today. I think one of the most significant shifts has been the rise in social engineering attacks, where fraudsters are focused less on breaching systems, for example, bank systems, and more on manipulating individuals directly.
You know, there was a time when we focused most on how bad actors or fraudsters are getting into our accounts and moving money out. I think as banks have implemented better controls, stronger controls to protect our clients, the fraudsters have figured out that it's just easier to go directly to the client of the bank or the individual to socially engineer them.
And that's brought rise to greater concern about AI-enabled scams as AI has become more sophisticated and easier for fraudsters to leverage. They're using these tools to attack clients.
Derek Marinos (Host):
Neha, bringing this into a broader market view, when you look across industries, are organizations still treating fraud as a control problem or are leaders beginning to recognize it as a strategic differentiator tied to trust, experience, and resilience?
Neha Gupta:
Firstly, thanks, Derek, for having me. And Tammy mentioned a vital point that while many are stuck in the compliance mindset, we are truly at a tipping point.
What we are seeing across the broader market now is a clear shift. Fraud is moving from an operational control problem to an enterprise trust strategy. And to understand the scale, we have to look at what I call the iceberg effect.
The Canadian Anti-Fraud Centre reported about $569 million in losses for the past year, but we know that only 5 to 10 % of victims actually report fraud. So this means that the real impact on the Canadian economy isn't just in millions, it's likely in the billions.
Neha Gupta:
It's a massive hidden cost. And in my work across the market, I'm seeing a fundamental shift. Leaders are no longer just asking, " How much did we lose?
How do we stop fraud? But they are asking, how do we use security to build a more resilient brand? How much trust did we protect?
So clearly, we are seeing organizations moving away from these siloed controls and towards an integrated approach where fraud prevention is treated with the same weight as cyber-resilience or brand reputation. And I always like to use this metaphor of a high-performance race car. People think that fraud prevention is the brake that slows down the car.
But in reality, the brakes are what will allow you to drive at 150-200 km per hour safely, and without them, you'd have to crawl. So smart security is what gives a bank the speed to scale. And at the end, the winners aren't the ones with most controls.
They are the ones that build trust at scale with smart and adaptive security.
- Chapter 2: The Evolving Fraud Landscape
-
How fraud is changing
Derek Marinos (Host):
Right, they can accelerate with speed to trusted action, as they say. So if that's the landscape and you've given us a pretty good portrait there, Neha, thank you very much. The next question becomes what's driving this shift, and Tammy, I want to check in with you here now.
When you look at today's threat environment, including things like AI-embedded scams and organized fraud networks, what's changed most for leaders compared to even a few years ago?
Tammy McKinnon:
Well. Fraud is no longer just an isolated event or something that happens every now and then. We really have to assume that it's a persistent and an evolving risk.
Traditional defenses are not sufficient anymore. And so we need to continue to adapt quickly, use new technology and controls. We also have to think about not just external risk, but also internal fraud. things that perhaps we have always thought about, but we just need to think about them now on a greater scale.
And I like something that Neha mentioned, even though fraud can at times be thought about as an operational function, we're really more of a risk function, and we have to think like risk leaders.
Derek Marinos (Host):
I think that's important, and Neha building on that when the threat landscape is evolving this quickly. I mean, how do you help organizations move away from legacy rule-based thinking and toward defenses that can adapt at the same pace as the fraud itself?
Neha Gupta:
Exactly, and Tammy mentioned a great point about moving away from the technical breaches to human manipulation because static defenses are no longer enough. The reality is that the biggest shift is moving from static rules to an immune system model, sensing, learning, responding, all in real time.
Neha Gupta:
So, thinking of legacy systems like static rules, like a castle wall, and today's fraudsters are entrepreneurial. So if we build a 10-foot wall, they will just find an 11-foot ladder. And today, if we see 75 % of the Canadian losses are cyber-enabled, and we are seeing the rise of agentic AI, where automated tools are mimicking human behaviour with terrifying accuracy.
So with fraud changing faster than policy cycles, the rigid rules are just creating false positives and blind spots. And what we need today is to move towards signal fusion. We can't look at a password or a PIN in isolation.
We need to look at the device, the location, the behaviour, and the transaction pattern, all fused together in milliseconds. It's about creating a DNA profile for every interaction. And with Canada's real-time rail almost coming in, where transactions will settle under 15 seconds, our defenses have to shift to a more immune system model, which will operate at the same machine speed.
At CGI, we are helping organizations to move away from those rigid rules. We are focusing on business outcomes. We start by asking, where is the friction hurting the customer? And then building defenses around the same pace as the threat itself.
And that's how we keep pace. It's just not more rules, but better intelligence and faster decisions.
- Chapter 3: Assumptions Leaders Can No Longer Afford
-
What leaders must rethink
Derek Marinos (Host):
Faster decisions, again, we keep coming back to speed and acceleration. You mentioned the real-time realm that is definitely front and center. Okay, I want to hear from you both very quickly on this question here. So if you strip away, you know, the individual threats, you know, what's the biggest assumption leaders can no longer afford to make about fraud today? Tammy, I'll start with you.
Tammy McKinnon:
Well, we can't afford to think that this is an isolated event, that it's only going to happen once every so often. We've got to be on top of our game every single day. It's critical that we're always ready for whatever kind of attacks we may have because they are coming fast and furious.
I sometimes say we need one foot in the new world and the new types of fraud trends that we see, but one foot in the old world. We still see attacks that happen in a more traditional way, using traditional methods like checks.
Neha Gupta:
I echo Tammy's point that fraud isn't just a once-and-done investment; the assumption that leaders made in the past that it is isolated and predictable, because fraud today is networked, adaptive and often digitally delivered. So leaders need continuous learning systems and cross-functional response, not just periodic rule updates.
- Chapter 4: Friction, Trust and the Human Dimension
-
Balancing security with customer experience
Derek Marinos (Host):
Okay, let's take a look at the human and customer dimension now. It's more importantly like friction versus trust. You know, as fraud becomes more sophisticated, leaders are under pressure to protect customers. the way, so to speak, of experience. Tammy, from a leadership standpoint, how do you strike the right balance between strong fraud controls and a seamless customer experience, especially when trust is so easily lost?
Tammy McKinnon:
It's a great question, and I firmly believe that there are ways to provide protection and minimize the amount of fraud while maintaining and even growing trust, right? Linking trust with client experience and looking for ways to identify what could be fraudulent behavior, but doing so in a way that doesn't provide the client with friction.
Doing work in the background, finding tools that can help us pull together and use telemetry of different risk indicators so that we're doing it without the client even noticing it. I do think that there are ways to do that without the client feeling a ton of risk. At the same time, I think we also have to understand that there are some clients who do want us to take those extra steps to protect them.
Many Canadians even believe that their financial institution could do more to help them be safe. and are open to those additional measures. So it's also about knowing our clients and ensuring that we are putting tools in their hands and that they're leveraging the tools that are provided to them to make sure that they feel safe, so that the trust isn't broken.
Derek Marinos (Host):
And that is a team effort. There's no question. Neha, let's stay on that human side for a moment. Beyond technology, how are organizations building a fraud-aware culture? One where employees and customers become part of the defense rather than seeing fraud controls as friction.
Neha Gupta:
Tammy made a beautiful point on that additional measure, the purposeful friction, because it's more of a bridge to safety. And it creates a moment of clarity for the customer. And it is essential because technology is only half the battle.
Fraud is increasingly, direct to your point, a human factors problem because it exploits urgency, trust, and emotion. So culture becomes a control. And if you look at the past year's data, adults over 60 accounted for roughly 40 % of the total reported losses.
And these aren't just technical hacks. These are social engineering successes. The fraudsters are exploiting the human desire to be helpful or the fear of getting into trouble.
We are all aware of the romance scams and the grandparent scams. So fraudsters are clearly stealing more than money. They are stealing the trust.
And that's why we advocate for permission to pause. We need to build a culture, both for employees and customers, where it is okay to stop and verify a request without the fear of causing friction. We have to move from blame to education.
I often think of it as a herd immunity. When our employees in the contact center or customers at home are all informed, they interrupt the chain of flaws. One informed person can actually stop a blank investigator scam before a single dollar moves.
Simple rituals like verifying using a known number, never acting on urgency from a new channel, all greatly help in reducing impersonation scams. And when culture is strong, security feels like care, and that's how trust grows.
- Chapter 5: From Reacting to Predicting Fraud
-
Data, analytics and smarter decisioning
Derek Marinos (Host):
That's interesting because what we're hearing here is if trust is the outcome, then I'm going to argue that intelligence is the engine behind it. And for many leaders, this isn't really a technology conversation so much as a decision about confidence, accountability, and where to place trust at scale.
Tammy, how are data and advanced analytics changing the way organizations move from reacting to fraud? reacting to fraud, to anticipating it, but more importantly, what does that mean for leaders making long-term investment decisions?
Tammy McKinnon:
Absolutely right, Derek. Having the right technology and tools in place is critical.
But I would argue that having the right data and analytics is equally important. When you think about the fraud chain of events, you see prevent, detect, and respond. And the more we can do on the prevention side using data and analytics, the less work we have to do to detect fraud and respond to fraud.
And so in my opinion, data and analytics have evolved, and we are moving further and further to the left of that chain, so to speak, to be more reactive and proactive in identifying patterns and detecting behavior and threats before they do damage. So starting with data, know, used, Neha used a car analogy earlier. I think about data as the gasoline in our engine, in our fraud engine, right?
It's so critical.
Tammy McKinnon:
And the foundation on the data side has to be right. You need strong data quality, strong data lineage, right? And so, you know, once you've got the foundation right around data, then having strong data and analytics capability allows you to be more targeted, to identify threats in real time, to leverage the feedback into the cycle and learn from it. So...I would argue it's one of the most important things that we leverage.
Derek Marinos (Host):
It's so true, and Neha, from what you're seeing in the market, what are the most effective investments organizations are making today to move from detecting fraud to predicting it and just as importantly, what's not delivering value?
Neha Gupta:
Building on Tammy's point, shifting from a reactive to a proactive approach is the only way to prevent that relational attrition. In the market, we see that the best investments aren't just about quantity. It's about reducing uncertainty.
They improve the signal quality and the speed of decisioning to what we discussed. And the most effective organizations today aren't just buying more tools; they are investing in real-time intelligence. Because the goal here isn't just to create more alerts, it's actually to create fewer false positives.
We want a completely seamless journey for the 99 % of the honest customers that we have, while quietly neutralizing the 1 % who aren't. And we're also seeing high return on investment and network thinking. Fraudsters don't work alone; they work in rings.
And by using graph analytics, we can see the mule patterns, how money is moving through different accounts, rather than just looking at a single isolated transaction. And Derek, to your point on what's not delivering value, it's the siloed point solutions that just create more alerts without any context. It's like the difference between a rear-view mirror and radar.
Detection tells you what already happened, and prediction tells you what's about to happen. So predictive approaches today focus on the pattern, new device, unusual pay, rushed behavior rather than any single threshold, and that's where the investment needs to go. The goal isn't just to catch fraud but to eliminate the friction for honest customers while we neutralize the threats.
- Chapter 6: Partnerships and the Fraud Ecosystem
-
Why collaboration matters
Derek Marinos (Host):
Thank you, Neha. It's a wonderful segue to our next segment, which is looking at partnerships and the fraud ecosystem. And when you talked about the fraudsters working in greater teams, know, one pattern we consistently see is that the organization struggling most under, they're not really under investigation, they're trying to solve fraud in isolation.
One theme that keeps coming up here is scale. and the reality that no organization can do this alone. Tammy, why is collaboration across banks, industries and trusted partners now essential to staying ahead of organized and global fraud networks?
Tammy McKinnon:
Derek, we mentioned fraud as a team sport, and I think that's so critical. But I think what's even better is a team of teams approach. And that's really what we get to with collaboration across banks and industries. know, fraud networks, as we said, are becoming more sophisticated, organized, they're operating across borders and making it difficult for any single institution to combat them by itself.
I think the collaboration allows us to share intelligence and identify threats and trends faster, and be able to leverage the best of the best at each organization, pooling resources and expertise to come together. Of course, this takes extra time out of our day, but I do think that this is probably the best way for us to come together and share amongst all of us so that we can get the best outcome.
A great example of this collaborative approach is the Canadian Anti-Scams Coalition, which is bringing together financial institutions, industry leaders, and government agencies to share intelligence and resources.
Derek Marinos (Host):
Neha, where do technology and consulting partners add the most strategic value in strengthening an organization's overall fraud resilience beyond tools and implementation?
Neha Gupta:
Tammy made a perfect example of the Canadian anti-scam coalition because we cannot solve fraud in isolation. And to stay ahead of the global fraud networks, we have to operate as a coordinated ecosystem. Partners today at the most value where fraud is hardest across silos, across channels, across the ecosystem.
And one of the biggest mistakes that I see organizations making is trying to solve fraud in isolation, because fraudsters operate like global enterprises. They share data and tools. And as defenders, we cannot afford to work in silos.
We cannot have the fraud, cyber, and customer experience teams all working in separate teams. And this is where partners like CGI come in. We bring the cross-pollination of patents.
We see what's happening across multiple industries and institutions, and we bring that collective muscle memory to our clients. We help turn the technical capability into an operating model that actually sticks.
And again, taking the example of real-time rail is such a game changer for the industry because it moves us from banks fighting fraud in isolation to a collective shield where we share intelligence across the entire ecosystem in milliseconds. Because a partner's value isn't just implementation, it's simplification.
It's about reducing fragmentation so that the leadership team has one clear view of risk across their entire enterprise. And beyond tools, the real win is building that repeatable resilience, building a capability that survives new scams, new channels and new technologies.
- Chapter 7: Leadership Priorities and Closing Reflections
-
Final takeaways
Derek Marinos (Host):
Wonderful, thank you. Some closing takeaways, and as we close, I'd like to bring this back to leadership priorities. Tammy, if you could give one priority to executives and boards this year, when it comes to fraud, what would it be, and why does it matter now?
Tammy McKinnon:
Great question. I mean, we talked about industry collaboration, which I do think needs to continue as a top priority. But if I could give one piece of advice to those who can influence, I would say it's to stay the course.
When you look across the economy and the financial industry, there's a great and a real sense of uncertainty. And that results a lot of times in reprioritization of plans. I think my advice would be to stay the course.
Derek Marinos (Host):
Sound advice. Staying the course is always a good option. Neha, final word to you when organizations get fraud right. How does it shift from being a cost center to becoming a strategic enabler of trust, resilience and long-term growth?
Neha Gupta:
So when fraud is done right, it does become a growth enabler because it protects the thing digital businesses run on, that is, trust. And that trust translates directly into digital confidence. When we reduce those incidents and handle them with empathy, we are not just stopping a financial loss; we are building customer loyalty.
And from a strategic perspective, this leads to a safer digital adoption, right? And I often say, you know, like my final thought for the leaders would be that fraud prevention isn't the tax that you pay on innovation. It's the confidence that allows you to innovate in the first place.
And when that shift happens, it stops being a cost of doing business and starts being the engine for the digital growth.
Derek Marinos (Host):
I'd like to take a moment to thank Tammy McKinnon, Senior Vice President of Global Fraud Management at Scotiabank and Neha Gupta, a financial services and fraud prevention expert at CGI, for joining us today. And if this conversation sparked a new way of thinking, we invite you to stay connected. And of course, for more information on fraud prevention, please visit Scotiabank's website and CGI's as well.
Follow a CGI conversation for more insights on business and technology. Thank you for listening.
