In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the growing threat of deepfake-related fraud and its impact on financial security. He also discusses overlooked vulnerabilities in digital banking and offers advice for organizations to protect themselves from fraud in the coming years.
Deepfake-related fraud is projected to grow at an alarming rate. How do you see this trend shaping the future of financial fraud?
A staggering 92% of companies have experienced financial loss due to deepfakes in this past year alone. Whether it’s bad actors manipulating audio to get individuals to share financial information, or a deepfake video impersonating company leadership to transfer or receive large sums of money, deepfakes have massively upped the stakes of financial fraud.
AI technology continues to become more sophisticated, so organizations’ understanding of their systems’ vulnerabilities, awareness of these threats, and technology in place to combat them need to be taken extremely seriously. This is why a zero trust architecture is going to be crucial in curbing future financial fraud, ensuring that every user entering a system is authenticated and proper education is in place so that employees don’t fall victim to scams like phishing or impersonation.
What are the most overlooked vulnerabilities in digital banking systems that cybercriminals are exploiting?
Digital banking has presented a myriad of new challenges when it comes to securing users’ experiences. The most glaring is the fact that digital and online banking lack face-to-face verification, allowing cybercriminals to pose as customers and takeover accounts with banks being none the wiser. Additionally, digital banking has made it easier for customers to access their banking from their mobile devices. Oftentimes users access their accounts on mobile in various locations that might not be connected to a secure network, which can open the door for bad actors to move through a network and gain access to critical data.
Another often overlooked aspect of digital banking systems that can be exploited is banks’ usage of third parties and reliance on APIs. While connecting with third-party services and partners can enable customers to get more out of their banking experiences, it makes banks vulnerable as those providers may not have the same security standards or are not properly secured against emerging technologies like AI. If those third parties are hacked, so too can that bank and its users.
What message would you like to share with professionals who feel overwhelmed by the fraud landscape?
The rapid advancement of deepfake and AI technology can be daunting, but just as cybercriminals are becoming more sophisticated, so is the right security technology to combat those threats. It’s easy to get overwhelmed by all the ways a system can be hacked or an identity can be stolen, but instead of being paralyzed by those ideas, organizations can take action to ensure they have the proper infrastructure in place before those issues even crop up.
From an organizational perspective, leaders can always lean on external partners to provide guidance on deploying verifiable credentials, biometric systems, and layered intelligence to build a resilient zero trust architecture, tailored to the specific needs of their business.
For individual professionals who are overwhelmed, I recommend that they follow a similar “trust nothing, verify everything” philosophy and remain vigilant in order to avoid falling victim to threats like phishing and social engineering.
Additionally, banks are actively adding “education and warning information” to their digital interactions. This includes warnings in SMS messages reminding users that the bank would never ask for a one-time password to be shared over the phone, or warning customers that a payment may be due to a scam. To make the fraud landscape less overwhelming, it’s critical consumers pay attention to the warnings.
If you could give financial organizations just one piece of advice to reduce their fraud risk in 2025, what would it be?
My advice to financial organizations would be to prioritize identity verification. As I previously highlighted, financial fraud is often an identity problem leading not only to financial losses but also to brand trust and reputation losses. By implementing high-quality digital identity verification tools, an organization can protect itself and its customers while delivering a smooth customer experience that ensures users feel both happy and protected. These tools can be in the form of one-time passcodes, verification of ID documents, authentication via biometrics, and geolocation to verify users’ locations when logging into their account.
Identity permeates the entire banking lifecycle, from account opening to wire transfers to cashing checks and applying for loans. The best thing a financial organization can do is make sure its identity verification infrastructure is robust to make those processes both smooth and safe.
What role will regulations and policy updates play in combating fraud over the next few years?
Regulations and policies certainly play a strong role in ensuring banks’ security frameworks are held to high standards and customer data is protected. For example, the Consumer Financial Protection Bureau (CFPB) recently created a new rule – the Personal Financial Data Rights Rule – which will grant consumers greater control over their financial data in open banking. Policies like this will help usher in a safer and more secure financial future for all.
As AI adoption continues to evolve, it’s very likely we’ll see strong regulation arise to ensure that organizations are properly equipped to combat threats and can confidently promise customers that their confidential financial data remains secure.