InfoSec People Profile: The ProSight Fraud Alert Network’s Jason Bartolacci

By Roy Urrico

Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security (infosec), cybersecurity and/or information governance to protect data and transactions at credit unions, other financial institutions, and fintechs serving the financial services industry.

“I focus on the intersection of fraud prevention, information security, and intelligence sharing. While my primary domain is fraud and scams, the work overlaps with cybersecurity,” Jason Bartolacci, director, ProSight Fraud Alert Network, told Finopotamus. “This is due to the reality that most fraud today begins with a cyber event, such as a data breach, credential theft, account takeover attempt, AI (artificial intelligence) document manipulation, or some form of digital exploitation that ultimately enables financial loss.”

The Chicago-based ProSight Financial Association launched the ProSight Fraud Alert Network — a digital community and knowledge group designed to help credit unions, banks, and direct-to-consumer fintechs combat fraud more effectively, efficiently, and collaboratively — in October 2025.

A Long Path Toward Financial Crime

Bartolacci was born and raised in western Pennsylvania. “I earned my bachelor’s degree from the University of Pittsburgh and my first master’s degree from the University of Cincinnati, both in criminal justice, leading to my first career path in law enforcement,” he recalled.

During his time as a police officer within the Metropolitan Police Department in Washington, D.C., he worked in plainclothes and vice. “However, a pivotal moment in my career arrived when I attended specialized training through the Federal Law Enforcement Training Center (FLETC) on money laundering and asset-forfeiture investigations,” said Bartolacci. “That experience put me on a long-term path toward financial crime, fraud, and complex investigative work.”

After leaving the Washington, D.C., police force in 2002, he continued that trajectory as a criminal investigator for the State of Florida Office of Financial Regulation from 2004-2006, where he focused on white-collar crime. “I was assigned to a federal task force hosted by the U.S. Secret Service, which consisted of a group of investigators across law enforcement and bank fraud working on fraud cases together,” explained Bartolacci. “This experience directly led me to the banking industry, where I’ve spent much of my career. Since then, I’ve worked with several banks and even represented Synchrony Financial at the National Cyber Forensics and Training Alliance (NCFTA).”

As cyber fraud continued to evolve, he witnessed firsthand at the NCFTA that almost every major fraud case had a cyber component, such as data breaches, credential-stuffing attacks, and other cyber-enabled events. “This overlap pushed me to deepen my technical expertise and return to school for a second master’s degree at Carnegie Mellon University’s Heinz College in Information Security and Assurance (Cyber Security), which enabled me to merge my fraud and cybersecurity backgrounds into one career path,” said Bartolacci.

Current Infosec Role

In March 2025, Bartolacci joined the ProSight Financial Association, molded in 2024 through the merger of the Bank Administration Institute (BAI) and the Risk Management Association (RMA). This merger combined BAI's expertise in retail banking and compliance with RMA's knowledge in commercial banking and risk management to support financial services leaders with insights, tools, and resources.

“We built the ProSight Fraud Alert Network, using a playbook borrowed from the cyberthreat intelligence community,” Bartolacci recalled. He described the network as a collaborative environment where financial institutions can share fraud indicators, attack attributes, emerging TTP threats, indicators of compromise (IOCs), and real-time intelligence. A “TTP threat” in cybersecurity refers to an attacker's tactics (goals), techniques (methods), and procedures (specific actions).

“The goal is to break down silos, enable rapid information sharing, and help institutions get ahead of fraud threats rather than reacting after the damage is done,” said Bartolacci.

In many ways, suggested Bartolacci, “We’re taking the proven models of cyberthreat intelligence and applying them to the fraud world, because fraud and cyber are no longer separate problems. We’ve recognized that they are two sides of the same threat landscape, and the end game for many attackers is almost always financial.”

Cybersecurity Operations

“As the leading provider of compliance and risk training to the industry, ProSight offers a variety of courses on fraud and cybersecurity to help educate financial services employees on relevant compliance regulations and risk considerations,” said Bartolacci. “From the Fraud Alert Network's perspective, our primary operation related to cybersecurity is ensuring that the network operates as a secure, authenticated environment for trusted professionals. Because the platform enables financial institutions to share sensitive intelligence about emerging fraud threats, maintaining the integrity of access is essential.”

Bartolacci noted the network works closely with their internal cybersecurity teams to ensure that only verified, credentialed members can join the community. “That includes strong authentication controls and single sign-on integration, allowing us to confidently validate who is accessing the platform. Our mission is to provide a trusted, authenticated space for collaboration, without the risk of unauthorized parties gaining visibility into fraud discussions or investigations.”

AI Makes Threats More Concerning

“The most concerning threats are the ones that combine speed, scale, and human vulnerability,” voiced Bartolacci. “Artificial intelligence [AI] is making sophisticated attacks dramatically easier to execute. What used to require a skilled threat actor can now be automated or generated in seconds, allowing criminals to launch high-volume, highly personalized fraud attempts at a scale we’ve never seen before.”

Bartolacci said, “One of the biggest cybersecurity dangers today is how quickly AI is accelerating the fraud landscape.” He noted that tasks once requiring time, skill, or specialized tools now takes seconds to complete. “For example, a threat actor can generate a realistic fake ID in under a minute by swapping their face onto a legitimate document. That makes identity theft, synthetic identities, and fraudulent account openings far easier and far more scalable.”

But a more troubling side is not purely technical; it is human, he asserted. “As banks and credit unions harden their digital channels, attackers simply pivot to softer targets. Call centers, for example, have become a major pressure point. It’s extremely difficult to hack a financial institution’s core systems, but it’s far easier to manipulate a well-meaning employee who’s trying to help a customer. This social-engineering vector is increasingly where fraudsters find success.”

Another crucial aspect, cited by Bartolacci, is the global surge in fraud and scam losses. “The volume alone is staggering, and the pace continues to accelerate. The combination of AI-enabled scale and human-focused exploitation is serious enough to keep any of us awake at night.”

Top Cybersecurity Dangers to Credit Unions

Responding to the prevailing financial institution hazards today, Bartolacci noted the broader challenge is not just the threats themselves — it is staying ahead of them.

“Institutions are inundated with data, alerts, and threat intelligence, and it can be difficult to distinguish what’s truly actionable from background noise. Without a way to filter, prioritize, and contextualize that information, even good intelligence can be overwhelming,” Bartolacci explained.

To this end, collaboration is critical, pointed out Bartolacci. “No single credit union or bank can track every threat in isolation. Sharing signals, patterns, and emerging attack techniques with trusted peers is one of the strongest defenses institutions have against cyber threats. The fraud and cybersecurity threat landscapes are expanding rapidly, and that expansion directly fuels higher fraud losses. Collective awareness and early warning are becoming just as important as the technology itself.”

Bartolacci continued, “The institutions that stay ahead are the ones that take a proactive approach. They leverage fraud threat intelligence, continuously test their controls, and incorporate fraud red teaming to assess how real attackers would exploit gaps. You can’t wait for fraud losses to reveal a weakness. You must simulate the threat, learn from it, and strengthen your defenses before criminals get there first.”

Intended for frontline and strategic fraud professionals in the banking industry, the ProSight Fraud Alert Network empowers its members with tools and knowledge to more efficiently resolve fraud cases and help reduce financial losses within their organizations and, ultimately, the industry, Bartolacci explained. He added, the ProSight Fraud Alert Network is offered to ProSight Financial Association institutional members complimentary for the first year.