Will every bank become a fintech? (Featuring TikTok)

What does fraud look like when your platform processes tips to livestream creators? What about when your institution manages credit cards, personal loans, and home mortgages? And what happens when both environments face the same adversary armed with AI?

In this episode of Good Question, we brought together two risk leaders from very different corners of the financial ecosystem: Hua Li, who protects payments across TikTok's global marketplace, and Angela Diaz, who managed external fraud risk at Discover at the time of this recording (but now leads external fraud oversight at TD). Despite operating in distinct environments, their challenges are strikingly similar and their insights reveal why traditional banks are being forced to operate like digital-first fintech platforms — and vice versa.

The takeaway: the line between digital platforms and banks is dissolving. Whether you're protecting creator payouts or mortgage applications, the fundamentals of identity verification, document integrity, and behavioral analysis are converging… and so are the fraud risks.

Fraud in a digital marketplace: TikTok's payment risk landscape

TikTok operates as a marketplace where money flows in two directions. Audiences purchase virtual gifts to tip livestream hosts, and TikTok pays out earnings to creators through regional payout programs. That two-sided flow creates fraud exposure on both ends.

Hua described several attack vectors his team monitors daily:

• Account takeover of creators: Fraudsters gain access to high-earning creator accounts through phishing or malware, then change payout details to redirect funds. Because many creators have teams managing their accounts, the attack surface extends beyond the creator themselves.
• Fake audience accounts and collusion: Stolen or fabricated audience accounts are used to tip creators in coordinated schemes, sometimes with the creator's knowledge, sometimes without—raising money laundering concerns.
• Irreversible fund movement: Once money leaves TikTok's platform, recovery is extremely difficult, even with strong downstream provider relationships.

His team's daily rhythm starts with dashboards tracking loss rates, approval rates, and risk-related declines across payment methods — essentially the same operational discipline you'd find at a traditional bank, applied to a 100% digital, global platform.

The fraud landscape for TradFi: digital transformation meets growing complexity

Angela outlined the fraud pressures facing large financial institutions that span credit cards, online banking, and lending. Several themes dominate banking leaders' current focus:

• Authentication and verification in digital channels: As customers migrate away from branches, banks are investing heavily in robust digital identity verification that balances security with a seamless customer experience.
• First-party fraud: The industry has been so focused on scams that first-party fraud—where the customer themselves misrepresents information—has surged to the forefront. Document fraud ties directly into this, as applicants may alter income documents or identification to meet loan requirements.
• Social engineering: Scam activity that happens outside of a bank’s ecosystem is extremely difficult to prevent, but institutions must detect and respond to it quickly once it reaches their systems. The speed of digital transactions makes this especially challenging.

The trust equation changes when you go digital

One of the richest parts of the conversation explored what's lost when fraud prevention moves from in-person to digital channels.

Angela painted a vivid picture: in a branch environment, a teller can hold a physical document, observe social cues, ask follow-up questions, and compare the person standing in front of them to the documentation they've provided. In a digital environment, all of that disappears. Institutions are left relying on cross-checks of data points they cannot physically see, from humans they cannot physically interact with.

The challenge is compounded by speed. Banks are designing their digital experiences to let legitimate customers open accounts and move money quickly because that's what competitive pressure demands. But every convenience introduced without corresponding risk controls creates an opportunity for exploitation.

Hua offered a complementary perspective. TikTok was 100% digital from day one and global from the start, meaning it had to solve for the hardest version of these problems immediately. His team's approach distills identity verification into two core questions: is this a real person (not a fake account), and is this actually the account owner (not an account takeover)?

To answer those questions at scale, TikTok relies heavily on behavioral data—how users register, log in, and interact with the platform over time. For high-value creator accounts, they layer on document verification and bank account name matching, but always balance friction against conversion. In some regions, a 100% name match requirement created 20–30% friction, forcing the team to explore fuzzy matching and third-party verification to find the right tradeoff.

AI is making fake documents harder to spot and the gap is widening

Both guests confirmed that AI is actively helping fraudsters produce more convincing documents. Angela noted that fake passports and driver's licenses that would have been easy to identify five to ten years ago now mimic realistic characteristics like light glare and natural aging. When a reviewer knows a document is AI-generated, the differences are visible. But for an entry-level investigator working through high volumes without that prior knowledge, detection is extremely difficult.

The training challenge is equally pressing: keeping staff updated on what to look for, and updating procedures with current examples, at the same pace fraudsters are adopting new tools.

Hua shared similar observations from his experience. At TikTok, fraudster-generated names have evolved from easily detectable gibberish to sophisticated variations that defeat traditional detection models. In his previous role at a rideshare company, he saw fake driver's licenses ranging from crude hand-drawn forgeries to convincing cross-verified documents. He pointed to government database verification (APIs that connect directly to police or identity authorities in countries like China and Brazil) as one of the most effective countermeasures, but acknowledged the approach isn't universally available.

Ronan added context from Inscribe's data: one in 16 documents submitted via digital channels are tampered with, and there's been a 200% increase in the use of AI tools to alter documents. Beyond documents, the threat extends to phone call verification (where LLMs produce real-time scripts to defeat security questions) and even spending pattern fabrication to make fraudulent accounts appear legitimate.

AI is part of the answer, but governance determines whether it works

When asked whether AI is the answer to AI-powered fraud, Angela was measured: it's part of the solution, but not the full answer. She drew a parallel between fraud teams and fraudsters—both are optimizing for scalable, repeatable efficiency. That makes it a closely matched battle.

Her emphasis was on responsible integration. Before deploying AI, institutions need to define what they will and won't use it for, build governance and controls around it, and ensure they can measure performance and explain outcomes. AI can excel at real-time data analysis and pattern detection that the human eye would miss, especially for document review at scale. But deploying innovation without understanding its risk profile creates new vulnerabilities.

Hua was more forward-leaning on adoption. TikTok is restructuring its risk teams to invest significantly more in AI capabilities through 2026. He framed the decision in terms of adversarial dynamics: your counterpart is evolving, so you must evolve at least as fast. AI offers immediate value in reducing the cost of operations (BPO teams are expensive and limited), accelerating review times, and eventually providing advisory or even autonomous decision-making.

He also raised an underappreciated strategic dimension: increasing the cost for fraudsters to commit fraud. By making attacks more expensive and less profitable, institutions can discourage attempts altogether. That effort requires not just technology but regulatory cooperation—something he sees as an ongoing industry need.

The use case to watch in 2026: behavioral anomaly detection

Both guests converged on a shared recommendation for where AI can deliver the most impact in the near term.

Angela pointed to behavioral biometrics: using AI to detect anomalies in legitimate, aged customer accounts at transaction speed. Her reasoning: social engineering and account takeover attacks have already penetrated the institution's perimeter by the time they reach the transaction layer. The question is whether AI can identify behavioral deviations fast enough to intervene before funds move. She acknowledged this is easier said than done at the scale of a large financial institution, but sees it as the critical gap that recent scam waves have exposed.

Hua described the same concept through the lens of sequential modeling. Traditional approaches count discrete events (like how many logins in a period) which fraudsters can now mimic. But linking behaviors across a timeline (registration, app usage, browsing patterns, transaction initiation) creates a much harder pattern to replicate. The computational cost is high, but it's precisely where AI and LLMs can deliver disproportionate value. He committed to investing heavily in this direction through 2026.

The shared lesson: the fintech-bank divide is disappearing

Perhaps the most important insight from this conversation is how much the fraud challenges at a global content platform and a major financial institution have already converged. TikTok manages payments, verifies identities, and fights account takeover, which are functions that look indistinguishable from banking. Meanwhile, Discover is racing to build digital-native experiences that look increasingly like those of a tech platform. Both face account takeover. Both grapple with document fraud. Both must balance friction against growth. Both are racing to deploy AI responsibly while their adversaries deploy it without constraint.

The organizations that will lead in 2026 are those that:

• Treat identity verification as a continuous, lifecycle-wide discipline, not a one-time gate
• Invest in behavioral and sequential signals that are harder for fraudsters to replicate
• Deploy AI with clear governance, measurable outcomes, and human oversight
• Increase the cost of fraud for attackers, not just the defenses for themselves

The fintech-bank divide is collapsing. But the bigger shift may be this: traditional banks are increasingly operating like fintechs, and inheriting the same digital risk profile in the process.