Digital transformation continues to fundamentally reshape the financial industry, promising unparalleled convenience through advancements such as artificial intelligence (AI), open banking and real-time payments. It also opens doors to both emerging and evolving types of fraud. Indeed, delivering the seamless, innovative digital banking experiences consumers demand is challenging enough, but banks and financial institutions (FIs) must also tackle the vulnerabilities introduced by the very technologies that enable these experiences. Consequently, a central challenge the industry now faces is the need both to leverage these technologies and to master the art of securing them. As these next-generation services increasingly roll out, the ability to secure them effectively will likely be a key differentiator for banks and FIs — a litmus test for attracting and retaining customers in a fiercely competitive digital-first economy.
Is Fraud’s Hefty Bill the Price of Modern Banking?
Economic shock waves from fraud lead to a costly cycle, compelling banks and FIs to redirect resources from innovation to immediate threat mitigation. This redirection stalls critical innovation agendas, with profound implications for the financial industry.
Fraud is evolving, putting banks on high alert.
Digital banking is besieged by an increasingly sophisticated and complex threat landscape. Perhaps most troublingly, AI has become a weapon in fraudsters’ arsenals, targeting weaknesses in fraud control systems with alarming precision. The spike in purchase return authorization fraud, with potential losses averaging $115,000 per incident, alongside a rising tide of ransomware attacks highlights the acute vulnerabilities within current banking security frameworks. Additionally, the emergence of more obscure types of fraud, such as token-provisioning and enumeration attacks, signals a diversifying threat matrix.
As fraud spikes, FIs battle impostors and rogue account holders alike.
Banks and FIs continue to face a disturbing rise in both first- and third-party fraud. First-party fraud involves individuals deliberately misrepresenting their own identities or circumstances to obtain banking services, whereas third-party fraud entails fraudsters impersonating legitimate account holders, either to access services and products or to take over existing bank accounts. Indeed, 47% of FIs have dealt with account takeover fraud (ATO) in the past year alone. Phishing attacks, experienced by 73% of banking customers, are highly effective and costly because they frequently serve as a gateway to other banking services.
Fraud’s price tag skyrockets, draining millions.
In 2023, 43% of FIs reported an increase in fraud incidents, with the average fraud-related costs for those with assets over $5 billion soaring 65% to $3.8 million. FIs attribute a sizable share of attempted fraud to systemic deficiencies in their fraud tech stacks (14%) and in their controls and procedures (10%). The fiscal implications of fraud are profound, straining budgets and diverting strategic focus from long-term innovation to immediate crisis management, thereby hampering investment in technologies that could potentially mitigate fraud.
Trust or Bust: Consumers at the Heart of the Bank Security Equation
Balancing the push and pull between innovating digital banking services and enforcing stringent security measures is a daunting challenge for banks and FIs. Achieving equilibrium, however, is crucial for preserving a competitive edge while maintaining consumer trust.
Security sells as customers demand banks they can trust.
When selecting a bank or an FI, consumers prioritize the presence of a robust fraud protection framework, with 69% ranking it among their top three decision-making criteria and 32% considering it the most important factor. The pivotal role that security measures play, not only in promoting customer acquisition and retention but also in shaping technology investment priorities, cannot be overstated. However, the industry must also balance the need for robust security with the demand for streamlined onboarding processes, lest it risk deterring 24% of potential new account holders.
Security concerns overshadow digital banking’s convenience.
As digital banking becomes ubiquitous, consumer expectations for convenient experiences grow increasingly higher. However, these expectations are often marred by significant reservations about the security of AI and other novel technologies intended to enhance these experiences. Notably, 42% of consumers express apprehension about the security risks AI might introduce, with nearly half of retail banking customers in the United States urging banks and credit unions to prioritize fraud protection. This heightened awareness spotlights again the critical balance the industry must strike between pursuing innovation and strengthening essential security frameworks, especially as one-third of Generation Z consumers plan to increase their use of digital banking services in 2024.
The future of digital banking hinges on both trust and innovation.
Incredibly strong consumer demand for instant access and personalized services is reshaping both what digital banking looks like and how it operates. Seventy-six percent of consumers emphasize the need for real-time service access, and 67% expect personalization tailored to their unique banking behaviors. However, their expectations go beyond convenience, with a staggering 91% stating that protecting their sensitive personal information is the most critical capability any bank or FI can possess. As the industry strives to deliver on these demands, the ability to bolster consumer trust will be pivotal, potentially dictating the pace and breadth of the adoption of next-generation digital banking services.
Sign In to Safety: Navigating Security Obstacles in Digital Banking
Security threats are evolving at a rapid rate. The enduring questions are whether banks and FIs can outpace and counteract the tactics of fraudsters while fulfilling the growing consumer expectations for innovative security and convenience.
FIs weigh the potential and pitfalls of open banking — and the scales are tipping toward caution.
Open banking is on the brink of revolutionizing the payments experience. However, industry enthusiasm for the practice — a financial framework in which banks and FIs allow third-party FinTechs to access consumer banking, transaction and other financial data through application programming interfaces (APIs) — is significantly tempered by concerns over the potential for heightened risk of fraud. A recent PYMNTS Intelligence study highlights that nearly half of FIs (46%) say open banking’s risk of fraud outweighs its potential benefits. This sentiment is particularly acute among those already battling high levels of fraud, with more than 57% questioning the risk-reward calculus of embracing open banking.
Despite regulatory pressure to boost competition and improve services, only a minority of FIs (35%) believe the advantages of open banking offset the risks. This cautious stance is not merely a reaction to immediate threats but a strategic positioning to ensure that next-generation banking technologies do not outrun the industry’s capacity to guard against evolving security challenges.
Can banks build trust with biometrics?
In response to mounting consumer demand for secure and convenient authentication methods, a growing number of banks and FIs are turning to biometrics. A PYMNTS Intelligence study found that 47% of consumers regularly use biometric authentication, with 52% of those using biometrics favoring them over alternative methods. Similarly, a recent Paysafe survey shows that 60% of consumers believe that biometric payments strengthen the security of online transactions. By offering biometrics and other advanced authentication methods, banks and FIs achieve two critical outcomes: They align their offerings with the security expectations of consumers and demonstrate their commitment to remaining at the forefront of trust and technology in the financial industry.
AI and ML rally to outsmart fraudsters.
In a forward-looking move, more and more banks and FIs are deploying AI and machine learning (ML) to fight fraud. Indeed, a PYMNTS Intelligence study finds that already 79% of FIs employing cutting-edge cloud-based solutions express confidence in their ability to offer secure real-time payments — a sentiment echoed by 84% of FIs relying on rules-based algorithms. These numbers are encouraging, and with 60% of FIs committed to further investing in advanced technologies, the industry is broadcasting its firm resolve to safeguard digital banking operations and meet consumer expectations for reliability and security.
Securing Tomorrow: Proactive Strategies for Ensuring Digital Banking Resilience
Just as digital transformation inexorably marches forward, so too must the security frameworks of banks and FIs. However, at a time when digital progress and emerging threats evolve in lockstep, the old guard of reactive security measures falls short. For banks and FIs to remain competitive and trustworthy, they must not only adapt but also anticipate, implementing security solutions robust enough to withstand both current and future threats. This requires a paradigm shift — one that emphasizes predictive and adaptive security solutions designed for the fast-changing demands of the digital-first economy.
PYMNTS Intelligence offers the following actionable roadmap for banks and FIs:
- Implement adaptive and predictive security through deep learning models. Improve fraud detection by incorporating advanced behavioral analytics data into deep learning models. By analyzing vast datasets, these systems provide a dual advantage of strengthening transaction security and tailoring user experiences.
- Reinforce customer verification processes. Standardize mandated use of multifactor or biometric authentication across all sensitive digital banking activities. Consider augmenting these measures with cutting-edge behavioral biometrics, which analyze unique user interaction patterns, to offer an additional layer of security that blends seamlessly with user experiences.
- Prepare for post-quantum cryptography. Begin transitioning security architecture to ensure compatibility with the post-quantum cryptographic (PQC) standards recently released by the National Institute of Technology and Standards (NIST). Evaluate interoperability with existing systems, kick-start trial implementations and stay updated with the Cybersecurity and Infrastructure Security Agency’s (CISA’s) PQC initiative. This forward-thinking strategy will help to prepare for future threats and ensure compliance with emerging security standards.
- Partner with FinTechs. Collaborate with FinTechs to leverage their agility and innovative capacities. These partnerships facilitate the deployment of AI and ML within existing technology stacks, dramatically boosting the efficacy of real-time analytics and decision-making processes. By helping to bridge the gap between traditional banking practices and those expected by modern banking customers, these collaborations can also deliver the level of security demanded by a digital-first consumer base.
Fraudsters are relentless, driven by purely opportunistic motives. Understanding this empowers banks and FIs to fortify their security architecture — a crucial step for thriving in a market in which trust is as prized as innovation.