Biometrics, risk-based authentication and multi-layered security approaches are gaining in importance
Artificial intelligence is transforming not only the banking sector but also the threat landscape. Whilst financial institutions are increasingly relying on automation and AI applications, cybercriminals are simultaneously refining their attack methods. Deepfakes, synthetic identities and AI-enabled fraud attempts are becoming one of the greatest challenges for digital identity management. In response, banks worldwide are investing more heavily in biometric authentication, adaptive security procedures and AI-enabled fraud detection.
AI is reshaping priorities in the banking sector
A recent study by KPMG shows that 80 per cent of the bank managers surveyed expect artificial intelligence to bring about significant changes to their business models over the next three to five years. Technology, security and investment strategies are being realigned accordingly.
This is particularly evident in the field of cybersecurity. 76 per cent of the institutions surveyed report an increasing number of cyberattacks over the past year. In response, 92 per cent are increasing their security budgets. 84 per cent are investing specifically in measures designed to address risks arising directly from the use of AI.
Alongside the automation of business processes, fraud prevention is now one of the sector’s most important areas of investment.
Biometric methods are becoming the new standard
In parallel with the rising threats, biometric authentication is becoming significantly more important. Already today, around a third of the banks surveyed are using AI-supported biometric methods to secure payments and access processes. Within the next three years, 72 per cent of institutions plan to integrate such systems.
Biometrics is no longer limited to traditional login processes. Modern identity platforms combine biometric verification with continuous risk analysis and dynamically adjust the level of authentication to the specific risk of each transaction.
Deepfakes and synthetic identities are changing the fraud landscape
The increasing availability of generative AI is giving rise to entirely new attack scenarios. Security experts view deepfake technologies, manipulated biometric data and so-called synthetic identities as particularly critical.
In synthetic identity fraud, criminals combine genuine personal information – such as National Insurance numbers, dates of birth or addresses – with fictitious identities. Over a prolonged period, these artificial identities build up a credible transaction and credit history before being used for large-scale fraudulent activities.
Analysts expect synthetic identities to be among the most significant forms of fraud in the financial sector by 2026. For the US market, the resulting credit losses are already estimated at more than 3.1 billion US dollars. Annual growth in this fraud segment stands at around 16 per cent.
Attacks are increasingly targeting biometric systems directly
At the same time, attack techniques are also evolving. Rather than simply deceiving biometric systems through presentation attacks – such as photos or videos – modern so-called injection attacks target the software or hardware level directly. In these attacks, artificially generated image or video data is fed directly into the authentication process without any real camera footage being captured.
A particular cause for concern is that the tools required for this are now commercially available. Security researchers are observing a growing market for ‘deepfake-as-a-service’ offerings, which provide professional tools, support and subscription models. As a result, sophisticated attack methods are no longer the exclusive preserve of technically savvy actors.
Multi-layered security architectures are becoming the norm
Against this backdrop, the security architecture in the banking sector is undergoing a fundamental transformation. Individual authentication methods are increasingly regarded as inadequate. Instead, institutions are turning to multi-layered security concepts that combine biometric identity verification, device analysis, behavioural biometrics and continuous risk assessment.
Authentication itself is also evolving. New solutions permanently link the identity verified during account opening to all subsequent interactions. Depending on the risk associated with a transaction, different methods are used – ranging from biometric passkeys and facial recognition to motion-based liveness detection techniques designed to detect deepfake, replay and injection attacks.
Voice biometrics enhances protection in customer service
It is not only online banking but also telephone-based customer services that are increasingly being targeted by fraudsters. This is why voice biometrics is also gaining in importance.
New solutions enable continuous identity verification throughout the entire call and combine voice biometrics with adaptive multi-factor authentication and AI-powered fraud detection. The risk is assessed on an ongoing basis, so that additional authentication steps can be triggered automatically in the event of suspicious activity.
Technology alone is not enough
Despite growing investment, experts identify organisational shortcomings. Research shows that many financial institutions do not yet have specialised procedures in place to systematically investigate AI-enabled fraud cases.
Industry specialists therefore emphasise that modern security technologies can only be fully effective when combined with clear processes, staff training and defined escalation procedures. Similarly, the exchange of information between banks, technology providers and law enforcement agencies is becoming increasingly important, as individual institutions are hardly able to tackle fraud networks – which are operating with ever greater professionalism – on their own.
Identity is becoming the central security anchor
This development makes it clear that identity management in the financial sector is undergoing a fundamental transformation. Whilst traditional authentication methods are coming under increasing pressure from AI-based attacks, biometric methods, adaptive risk analysis and multi-layered security architectures are becoming the new standard.
For banks, this represents a paradigm shift: securing individual login processes will no longer be sufficient in future. Instead, a user’s identity must be continuously verified and assessed throughout the entire digital lifecycle of a customer relationship. In the face of ever more sophisticated AI-powered fraud methods, this capability is becoming a decisive factor in the resilience of the financial sector.
