Banking and Payments 2024 Predictions from Entrust

We are entering a new age of AI phishing

“It’s not new or sensationalist, but good old-fashioned phishing is still the best way to steal account credentials. We expect that just to continue to grow not just in terms of scale, but in terms of effectiveness. AI-enabled phishing will vastly outperform human phishing as generative AI systems improve. We also expect to see more effective form stuffing, increased use of synthetic identities, and proliferation of deep fakes going forward. Deep fakes are becoming more sophisticated and services to create sophisticated deep fakes are rife on the dark web.”

AI will become a banking double-edged sword

“AI is a double-edged sword for the financial industry. On the positive side, it presents opportunities to improve customer experience and reduce costs. For instance, chatbots for customer service and streamlining account opening can help smaller players compete with established institutions. In this way, AI can have a democratising effect similar to past technological shifts like the internet and personal computing.”

“The flip side is that AI intensifies the arms race with hackers and criminals. Bad actors can leverage deep fakes and synthetic identities to impersonate people and bypass verification checks to open fraudulent accounts or break into existing ones. The sophistication of AI means average hackers can now execute attacks once only possible for highly skilled cyber criminals. The scalability of AI also expands the number of potential targets. Financial institutions will need to continuously innovate their security and risk management as AI capabilities advance on both sides.”

Post-quantum cryptography is not a top priority today, but banks shouldn’t be complacent

“Post-quantum cryptography is not yet a top priority for most bank CISOs, despite the existential threat it poses. More immediate issues like AI, biometrics, customer adoption and fraud take precedence currently.  However, long data retention mandates in banking mean “harvest now, decrypt later” quantum attacks could expose records far in the future. Banks should already be upgrading cryptography to post-quantum standards, even if quantum computers aren’t yet a reality. For banks, threats like synthetic identity theft feel more tangible in the short term. Post-quantum seems abstract, like the early warnings about climate change decades ago. But quantum computing will manifest itself eventually, and the failure to prepare will be felt for the next 20-30 years.”

Open banking – it’s the wild west, for now…

“Open banking regulation in the Middle East is expected to accelerate in the next few years. With directives being announced by many Governments including KSA, Bahrain and the UAE’s free zones having their license regimes, the focus on open banking and open finance is growing at an increasing pace.Banks are ambivalent because open banking can potentially threaten direct customer relationships. Consumers want convenience, but the industry doesn’t want any disintermediation. This friction is set to continue over the next 18 months as banks try to strike the right balance.”

“In the meantime, banks must adapt their identity and security frameworks to handle open APIs and new third-party fintech partnerships. As open banking spreads, the cybersecurity landscape will drastically expand. Banks usually aim to consolidate vendors, but open APIs introduce many new access points and players. We’ll likely see growing pains as convenience increases but so do breaches and malware. The technology infrastructure needs time to properly secure expanded data sharing. For now, it’s the Wild West until more comprehensive regulations emerge.

“In the long run, open banking can enable secure financial ecosystems where consumers control their data. Banks must collaborate with regulators and fintechs to ensure privacy and transparency. The potential benefits of open banking are huge – it’s inevitable, so proactive partnerships will smooth the transition.”

Removing tech complexity will protect banks from bad actors

“For banks, the ‘tech stack’ is becoming complex in terms of the number of providers they use, whether for biometrics, identity verification or digital signatures. Financial institutions have to integrate many different providers into their ecosystems, making the experience stilted. Fragmentation breeds risk: there is also more chance of attack if you’re working within an intricate environment of different providers. By decreasing fragmentation, banks can add another layer of protection from bad actors. This will not only make the data easier to observe, monitor and manage but also make experiences more frictionless for consumers. We expect this movement towards a more unified, common platform of delivering digital banking experiences to continue next year. Vendor consolidation is the best way to do this. It saves costs and also helps CISOs know who they’re using, what we’re using them for, and how various systems talk to one another.”

Biometrics will balance security and convenience

“Advancements in biometrics, smartphones, and document recognition have been game-changers for balancing security and convenience. More and more, banks will be able to build filters that make it harder for bad actors while easier for good ones. It’s important to have the latest and best technology possible making sure that hurdles aren’t the same height for good actors and bad actors. For instance, bots armed with AI can breeze through knowledge questions and form fills. However, biometric tech makes it simple for real people to snap ID photos but extremely tough for bots. With the right innovations, complexity can be removed for consumers while scrutinizing bad actors more effectively. The ideal system has just enough friction to deter fraud without frustrating users. By leveraging cutting-edge solutions, banks can eliminate hassles while enhancing security.”

“One of the best practices for protecting online and mobile banking platforms in 2024 would be using AI to support and expedite the identity and biometric verification process to prevent fraudulent account opening from the outset. Digital transformation is not binary – we’re not certain how aggressively banks will adopt AI and biometrics, but it’s the most effective way to secure the experience further, but also simplify the experience. With bad actors becoming more nefarious, this process can be extended to authenticate high-value transactions, such as discharging a mortgage. This will help consumers to feel more secure in their digital transactions.”