How big finance players bolster defences with AI as scams surge

Despite tech advancements, human behaviour remains the dominant vulnerability.

Financial institutions across Asia are confronting a rising wave of AI-enabled scams and cyberattacks, prompting a shift toward ecosystem-wide collaboration, proactive threat intelligence and customer-centric security models. 

During the Singapore FinTech Festival 2025’s “Collaborating for Cyber Resilience: How Financial Institutions Can Manage AI Risks” session held at the Frontier stage on 13 November, experts said that institutions are responding with layered authentication, AI-powered fraud detection, and deeper public–private partnerships to preserve trust in an increasingly digital financial landscape.

UOB Chief Information Security Officer Tobias Gondrom captured the structural shift clearly:  “Customers have moved from a PC to their mobile phone only, and maybe in the future, to only a watch… you rely even more on this digital world," 

He noted that whilst banks have strengthened their internal security, attackers now seek alternative paths: “Banks are very hard to hack… which is why… people [are] going after the ecosystem… a merchant, the customer directly," 

This displacement of risk has forced banks to rethink their defensive posture and work more closely with ecosystem players.

The advancement of today’s scams is being accelerated by accessible AI tools. 

SEON President Matthew DeLauro observed that the race toward digital convenience has amplified vulnerabilities: “Big companies are trying to act small, and small companies are trying to act big… everyone’s racing towards the middle ground… high-velocity digital surfaces," 

With AI-enabled fraud networks operating across Telegram channels and the dark web, DeLauro warned that “attacks are hyper personalised and more convincing, and the money moves a lot faster," 

Customers—often using dozens of apps to move or store funds—are increasingly targeted because, as he put it, “the softest target is the customer,"

Session moderator, Pieter Franken, Co-founder of the Global Finance & Technology Network, shared a complex Philippines scam where a man-in-the-middle scheme caused both a merchant and a customer to believe the other was the criminal. 

This escalated into account freezes and even a temporary bank run. “It shows how these things can play up really, really fast,” he said, underscoring the domino effect of misinformation in a digitised ecosystem.

DeLauro described the shift from traditional KYC to “pre-KYC,” where risk assessment begins before the customer formally engages with the system. 

“You can assess the digital footprint… very early on and start putting customers into risk cohorts,” he said. This unpredictability makes it harder for fraudsters to test and exploit verification processes.

Mastercard is taking a similarly layered approach. Aditi Sawhney, Senior Vice President for Security Solutions, explained:

“We use everything, including AI, biometrics, tokenisation… and behavioral analytics all to secure the transaction," Mastercard’s

Decision Intelligence Pro runs fraud models at the network level, and Sawhney noted the company is “using machine learning and now even generative AI to actually find fraud patterns before they happen,"

She added that solutions such as passkeys, passwordless authentication and dynamic CVVs are designed to reduce the value of stolen credentials.

Despite these enhancements, human behaviour remains the dominant vulnerability. Gondrom noted that “95% of the time it’s not really a hack. The customer was tricked to transfer the money… he thought he can make a lot of return… or he found the love of his life," 

The problem spans demographics, said HSBC’s Chief Risk & Compliance Officer Kathleen Gan: “It’s not just the elderly that get scammed… people sort of attack by preying on human factors," 

With deepfakes rising, company-level fraud is also expanding. Some markets have turned to heavy-duty friction to compensate. 

Franken referenced Japan’s long-running “It’s me” impersonation scams, which led to ATMs requiring multiple confirmation prompts such as: “Is there somebody behind you? Did somebody call you to do this?” 

Whilst effective, such measures also highlight the tension between security and convenience in customer experience design.

Industry leaders agreed that no single institution can manage these risks alone. Sawhney stressed: “There is no one solution or one party who can solve the problem, and you’re only as secure as your weakest link," 

Gan also emphasised the need for international data-sharing and upstream cooperation with telecom and social media platforms, where many scams originate. “Resiliency in the ecosystem is what we really need to focus [on]… across the value chain,” she said.

Looking ahead, AI-driven impersonation and autonomous agents pose new risks. Gondrom warned: “You can’t trust the voice anymore. You can’t trust the video anymore. The only thing you can trust is an authenticated channel,"