How AI and ML are transforming digital banking security

In this Help Net Security interview, Nuno Martins da Silveira Teodoro, VP of Group Cybersecurity at Solaris, discusses the latest advancements in digital banking security. He talks about how AI and ML are reshaping fraud detection, the growing trend of passwordless authentication, and the security risks facing mobile banking apps.

Nuno also discusses the balance between ensuring security and providing a seamless, user-friendly experience for customers.

AI and ML are being integrated into fraud detection systems. How are these technologies transforming the landscape of digital banking security?

AI and ML are revolutionizing fraud detection in digital banking, enhancing security by enabling real-time, accurate, and adaptive solutions. Legacy traditional rule-based systems are now seen as deprecated as mostly they often struggle with the growing complexity and scale of fraud, but AI/ML models analyze vast amounts of transactional data to identify patterns and anomalies indicative of fraudulent activity and abnormal signals. These systems use behavioral analytics to establish profiles of normal user behavior, flagging deviations for investigation thus supporting in a much more evolved way of Fraud detection.

Additionally, by continuously learning from new data, ML improves over time, adapting to the organization’s needs and the ever-evolving fraud tactics. This supports reducing false positives, ensuring legitimate transactions proceed smoothly while maintaining security. Predictive analytics also help identify potential threats before they materialize, and fraud scoring prioritizes high-risk activities for action.

AI/ML-powered systems are scalable and effective against sophisticated threats, such as synthetic identity fraud and account takeovers, and can monitor multiple banking channels simultaneously. They automate detection, lowering operational costs, and providing seamless customer experiences, thereby enhancing trust.

However, nothing is a silver bullet and considerations must be made to things such as algorithm bias, data privacy concerns, and the need for explainable models persist.

Still, despite these potential hurdles, AI and ML are reshaping digital banking security, equipping financial institutions with proactive tools to counter fraud while safeguarding customer trust and regulatory compliance.

The shift towards passwordless authentication is gaining momentum. What are the primary benefits and potential challenges of implementing such systems in the banking industry?

There is an increased growing dependency on secure, transparent and resistant authentication systems to shift towards passwordless authentication. It’s always a constant mix of balancing enhanced security and enhanced user experiences.

Traditional passwords are being replaced with more secure and user-friendly methods, such as biometrics (fingerprints, facial recognition), hardware tokens or behavioral authentication leveraging unique user characteristics or devices to verify identity, reducing reliance on passwords, which are prone to theft, reuse, and phishing attacks.

Biometric methods are harder to replicate, while token-based systems and multi-factor authentication provide layers of protection that enhance user convenience by reducing login friction, creating seamless access across banking platforms.

Furthermore, passwordless systems lower operational costs by reducing password-related issues, such as resets and recovery requests.

Despite its advantages, implementing passwordless authentication does pose challenges. High initial costs for deploying advanced technologies, such as biometric scanners or multi-factor authentication (MFA) integration capable systems, can be a barrier especially within legacy technology stacks. Moreover, biometric data breaches raise concerns, as compromised physical identifiers cannot be reset like passwords and often need to be used in conjunction with additional authentication factors.

Passwordless authentication offers robust security and convenience for banking, but careful planning is essential to address adoption challenges and safeguard user trust.

Mobile banking applications are a significant target for cybercriminals. What strategies can banks employ to enhance the security of their mobile platforms?

It’s commonly seen that attackers exploit vulnerabilities such as poor app architecture design, unsecured networks, or user negligence to launch phishing scams, malware attacks, or credential theft. Threats like fake banking apps, man-in-the-middle attacks, and mobile-specific malware are increasingly sophisticated, endangering both users and financial institutions.

To enhance mobile banking security, organizations must adopt a multi-layered defense strategy. Implementing end-to-end encryption ensures data is protected during transmission, while robust authentication mechanisms, like biometrics and multi-factor authentication, provide additional safeguards.

The banking industry is also now leveraging several preventive controls such as digital risk monitoring for identifying and taking down malicious mobile apps and websites impersonations that attempt to defraud users in tricking them to use fraudulent applications and steel the user’s credentials.

The sector is also moving towards the use of app shielding technologies, such as runtime application self-protection (RASP) and code obfuscation, to prevent tampering and reverse engineering while ensuring some of the vital components such as the APIs are fully protected via an API protection platform that supports the identification of anomalous patters in the APIs, connecting those signals with the user’s profile and tracing it back to potential fraudulent operations.

Additionally, regular security testing, including penetration tests and vulnerability scans, is a mandatory activity in identifying and fixing weaknesses in and end-to-end approach.

Last but not least, banks should also invest in AI-driven fraud driven capabilities in the end user’s devices to allow safe and frictionless online customer journeys by integrating industry-leading threat intel, behavioral analytics, advanced device fingerprinting with adaptive fraud indicators to monitor for anomalies in real-time and promptly address threats.

By combining advanced technologies, proactive monitoring, and user education, banks can significantly reduce risks and ensure the safety of their mobile banking platforms, maintaining trust in an increasingly digital-first world.

How can financial institutions balance stringent security protocols with the demand for seamless and user-friendly digital banking experiences?

Balancing stringent security protocols with the demand for seamless digital banking experiences is a critical challenge for financial institutions. Customers expect fast, convenient access to services, but this must never come at the cost of security.

To achieve this balance, financial institutions are adopting risk-based authentication systems that adjust security measures based on the transaction’s perceived risk level. For example, low-risk activities like balance checks might require only basic authentication, while high-risk actions, such as large transfers, prompt multi-factor authentication. This minimizes unnecessary friction for users while maintaining robust security.

Biometric authentication, including fingerprint, facial recognition, and behavioral biometrics, is another key solution. These methods offer strong security while being intuitive and fast, enhancing the user experience. Passwordless authentication, using device-based authentication or cryptographic keys, also reduces login friction and eliminates vulnerabilities tied to traditional passwords.

Advanced technologies like AI and ML are helping institutions monitor transactions in real time, detecting anomalies and preventing fraud without directly involving users. Meanwhile, encryption and tokenization protect sensitive data, ensuring transactions remain secure in the background.

Education and transparency also play a vital role. Financial institutions must help users understand security measures and encourage secure behavior, such as recognizing phishing attempts or avoiding unsecured networks. Clear communication about privacy and security builds trust without overwhelming customers.

Lastly, financial institutions must regularly update and test their systems to adapt to evolving threats while maintaining a smooth user interface. By integrating cutting-edge technologies with a user-centric approach, they can achieve the dual goals of strong security and effortless banking experiences, ensuring both regulatory compliance and customer satisfaction in an increasingly digital world.

What are the implications of open banking initiatives on digital banking security, and how can institutions mitigate associated risks?

Open banking initiatives are transforming the financial services industry by enabling the secure sharing of customer data between banks and third-party providers (TPPs) via APIs. While open banking fosters innovation and enhances customer experiences, it also introduces new security challenges, requiring banks to navigate a complex regulatory landscape and adopt industry best practices.

Regulations such as the EU’s Revised Payment Services Directive (PSD2) mandate strong customer authentication (SCA) and secure API frameworks to protect sensitive data during transactions. Compliance ensures a baseline for security, but implementation varies across regions, creating potential gaps. Open banking amplifies the risks of data breaches, unauthorized access, and fraud, as expanding the ecosystem increases potential attack surfaces.

To mitigate these risks, banks must prioritize robust API security, including encryption, authentication, and access controls. Implementing OAuth 2.0 for secure token-based authorization is a widely adopted best practice. Banks should also employ threat detection systems, powered by AI and machine learning, to monitor API traffic for anomalies or malicious activity in real time.

Collaboration between banks, regulators, and TPPs is essential to establish clear security standards and promote trust. Regular security assessments, third-party audits, and penetration testing ensure compliance and identify vulnerabilities. Meanwhile, tokenization and data minimization can reduce the exposure of sensitive customer information.

Banks must also educate customers on securely managing their data-sharing permissions to minimize risks from phishing or fraud. Clear consent mechanisms and transparency about data usage are critical for maintaining trust.

By combining stringent regulatory compliance, advanced technology, and customer education, organizations can mitigate risks associated with open banking while fostering innovation. A proactive approach ensures that open banking initiatives deliver their full potential, balancing security with seamless customer experiences in a highly interconnected financial ecosystem.