The AI Fraud Accountability Act: what it means for voice security in banking

In 2025, Americans lost $893 million to AI-related scams, according to the FBI's 2025 Internet Crime Report — and voice cloning sits at the centre of that surge. Today, a fraudster needs fewer than 20 seconds of publicly available audio to generate a convincing synthetic clone of any executive, banker, or call-centre employee. 91% of U.S. banks have already reconsidered whether voice verification remains viable as a primary authentication method. The question is no longer "could this happen?" — it's "what do we do about it?"

Voice cloning has become a banking crisis

The threat is not theoretical. Threat actors download earnings call recordings, podcast appearances, or conference videos of corporate executives and, within an hour, can generate synthetic audio authorising wire transfers or directing fund movements. In verified incidents, businesses have lost millions before any human flagged an anomaly.

What makes the problem especially acute for financial institutions is scale. According to the State of Voice-Based Fraud 2026 report, 84% of financial and retail organisations have faced moderately to highly sophisticated voice attacks in the past year. More than 10% of surveyed financial institutions have suffered deepfake vishing attacks exceeding $1 million per case.

The verification layer banks relied on for decades — "if it sounds like you, it is you" — has been broken. Human ability to detect AI-generated voices has fallen to below 30% accuracy for high-quality deepfakes, with some studies recording accuracy as low as 24.5%.

Congress responds: the AI Fraud Accountability Act of 2026

In April 2026, U.S. Senator Maggie Hassan escalated congressional scrutiny of the voice-cloning industry, pressing ElevenLabs, LOVO, Speechify, and VEED to explain their safeguards against fraud. Hassan framed the urgency bluntly: "Global criminal networks have used deepfake voice programs to target more people with increasingly personalised and believable digital scams, fuelling a booming scam industry that surpasses the global drug trade as an illicit industry."

That same month, Senate bill S.3982 — the AI Fraud Accountability Act of 2026 — was introduced by bipartisan sponsors in both chambers. If enacted, the bill would:

• Create a federal criminal prohibition on using digital impersonations in interstate communications with intent to defraud
• Authorise penalties of up to three years in prison and asset forfeiture
• Establish FTC enforcement for civil violations, framing digital impersonation fraud as an unfair or deceptive trade practice
• Direct NIST to develop and annually update best practices for deepfake detection and prevention
• Apply extraterritorial jurisdiction, recognising that most scam operations originate overseas

The bill defines "digital impersonation" broadly: convincingly fabricated or altered audio or visual depictions of any identifiable real person — or even a fictional person presented as genuine.

What the legislation gets right — and where it stops short

The Act is a meaningful step forward. Criminalising digital impersonation at the federal level, creating FTC enforcement teeth, and mandating NIST standards represent the kind of coordinated framework the industry has lacked. Senator Hassan's concurrent inquiry into platform safeguards — asking companies whether they monitor for fraud phrases, watermark AI-generated audio, and report bad actors — adds valuable accountability pressure on the supply side of the problem.

But legislation addresses availability, not detection. It may constrain access to voice-cloning tools through compliance pressure and criminal deterrence. What it cannot do is flag a synthetic voice in real time on a live call to your contact centre or authentication system. Banks and fraud prevention teams need a technical answer that operates independently of whether an attacker used a regulated platform or built their own model. The volume and sophistication of attacks are increasing faster than any regulatory cycle can keep pace with.

The technology layer that fills the gap

The regulatory shift is accelerating adoption of purpose-built deepfake detection. Rather than relying on human judgment — whose accuracy has collapsed — or on voice-print matching that a high-quality clone can defeat, the next generation of authentication uses multiple independent signals simultaneously.

Effective real-time deepfake detection does several things that passive voice authentication cannot:

• Analyses audio artefacts invisible to the human ear — compression signatures, spectral inconsistencies, and generation-model fingerprints that distinguish synthetic from genuine speech
• Cross-references voice and face where video is present, detecting mismatches between lip movement, acoustic characteristics, and expected facial geometry
• Operates within the authentication window, flagging anomalies before a transaction clears — not forensically after the fact

This multimodal approach matters especially because sophisticated attacks increasingly combine cloned voice with AI-generated video. An authentication system that checks only one modality can be bypassed; one that correlates multiple independent signals is far more resistant.

What this means for security and fraud teams

The AI Fraud Accountability Act signals that regulators and legislators now treat voice cloning as a systemic threat — not an edge case. For financial institutions, that means two things: the regulatory cost of inaction is rising, and the technical standard for "adequate authentication" is being redefined.

Organisations that are best positioned are those that layer real-time deepfake detection alongside their existing identity stack — not as a replacement, but as a continuous check that voice and video content is what it claims to be. As voice cloning crosses the indistinguishable threshold for human listeners, detection has to happen at the signal level.

Corsound AI's Deepfake Detect is built for exactly this environment: real-time audio and video deepfake detection designed for financial institutions, contact centres, and identity verification workflows. See how it works at corsound.ai/deepfake-detect.