What’s Next in Payments Security: White Hats vs Black Hats, With AI as a Weapon

Jeff Hallenbeck, head of financial partnerships at Forter, told PYMNTS that as 2024 dawns, artificial intelligence (AI) will be a technological tool increasingly leveraged by fraudsters — and a tool necessary to beat them too.

“In the payments security space, just as in the consumer space, you’re seeing a massive investment in AI,” he said. “It’s a buzzword — but it has to be, as bad actors evolve in the ways they are attacking businesses.”

The conversation was the latest in the continuing PYMNTS’ “What’s Next in Payments” series, which looks ahead at the key challenges and opportunities that loom in 2024 and beyond.

Businesses face a reckoning with any number of vulnerabilities, said Hallenbeck.

Everything Is Moving Faster

“Everything is becoming digitized — and everything’s faster,” he said. “The attack vectors are more complex. The days of merchants being able to fight all this with teams of humans … are gone. They just cannot do it anymore.”

Firms need to invest in AI and machine learning (ML), he said, to stay one step ahead of sophisticated fraudsters.

Authentication remains a critical piece of the puzzle, and biometrics are gaining ground, he said. But they are no silver bullet of defense. AI has gotten so good that the bad actors have been able to impersonate an unwitting victim’s mother’s voice, for example.

For the white hat side of the equation — those who would guard against the fraudsters — there’s an increased urgency to use additional lines of defense, especially with the continued emergence of real-time and instant payments, the recent debut of the FedNow® Service and the growing allure of open banking.

“Speed is everything, and the ability to monetize and get out of the transaction, from the fraudster side, is very attractive,” he said.

It remains to be seen whether these new rails can handle Distributed Denial-of-Service (DDoS) attacks, said Hallenbeck, or if application programming interfaces (APIs) can stand up to new prodding into their vulnerabilities.

We’re likely to see new regulation in 2024 from the likes of the Consumer Financial Protection Bureau (CFPB), said Hallenbeck, who added that data privacy laws have yet to be fully formed in the United States.

And no matter what happens on the regulatory front, he said, businesses and their security providers alike will grapple with the age-old question: How much friction should we inject into the payments process?

Data — collected, synthesized and analyzed with the use of AI and ML, behind the scenes — will help lessen friction and improve the customer experience.

He added that as criminals continue to swarm businesses and exploit new payments infrastructure, a consortium and collaborative approach to data sharing, alerts and trust among financial institutions (FIs) and enterprises will help ensure that fraud attacks are thwarted before they ever prove successful. And it will also help instill confidence in accepting high-volume, high-dollar transactions in an increasingly digital age.

“If you don’t have access to a vast amount of data, whether it’s your own data or third-party data, it just simply won’t matter what you’re collecting at the point of checkout, you’re going to get hit,” he warned. “Merchants need to embrace the new wave of technology.”