Five banking and payment security threats and trends in 2023

Issue 1 2023 Information Security, Financial (Industry)


Gerhard Oosthuizen.

The digital pendulum is swinging back to pre-pandemic agendas, offering security leaders in the banking world a chance to revisit longer-term projects and take advantage of the tech crunch layoffs to bolster their security teams. This will be especially important as cyber criminals are also beginning to feel the pinch and are likely to increase their efforts, warn authentication specialists from Entersekt in their 2023 predictions.

“People were so bullish about the digital spend in the COVID years that the retraction hitting large parts of the tech industry will take some by surprise – banks and credit unions included. Many of the important, but often delayed-due-to-COVID priorities will be put back on the 2023 to-do lists and we may also see many of the ‘technical debt’ and longer-term projects that were pushed out during the crisis get their rightful place on this year’s agenda. In my view, it will be a year where we’re going to see lots of different movements and initiatives get attention, as the ‘digitise everything’ focus that highlighted the past few years begins to wane,” warns Gerhard Oosthuizen, CTO at Entersekt.

“However, as we continue through our crypto winter and tech crunch, security leaders should make use of the opportunity to snap up available skills. Because the one thing we know is that when things get harder, criminals also become more desperate. We must prepare for more breaches as the year progresses,” he adds.

Entersekt has identified five trends that will influence tech and security leaders in 2023.

1. Generative AI is all the rage, but it comes with a warning label

If you have not played with the newer AI chat and art generators, then you must at least have heard of them. The maturation of natural language text generators like ChatGPT and image generators like Dall-E 2, are testing our limits when it comes to differentiating between machine and human outputs.

These advancements offer organisations a huge opportunity when it comes to deploying chat technology as part of their self-service and broader omni-channel communication efforts. Having a bot that is better able to interpret and easily respond to queries will put customers at ease and could rapidly improve automation efforts. This should attract particular interest from banks and other financial institutions, and is likely to add some momentum to chat banking initiatives.

As attractive as the additional automation may seem, security leaders will also need to gear up to deal with the darker side of the technology – or rather, the humans who use it for their nefarious ends.

One example is that some AI programmes can generate basic programmes that could help bad actors write code to bypass poorly secured websites. Another is that it is feasible to use these machines to simulate a voice (with just a small sample), which could then be used to bypass voice recognition or in payer manipulation fraud. Of course, the art generators are ideally positioned to help generate synthetic IDs with face images, voices and back-stories that do not actually exist, but look incredibly real. Fraudsters could even get advice on how to break security systems by just asking these AI systems to make recommendations.

While it is clear this technology has tremendous potential to improve the customer experience, it also offers fraudsters a host of new opportunities. Expect significant strides on both sides during the year ahead.

2. Social engineering fraud will see a big spike

There is no limit to human ingenuity and payer manipulation (or authorised push payment) and fraud is already highlighted as a big area of concern. In fact, the UK has seen a 41% rise in authorised push payment in 2021 according to the UK’s annual fraud report. This type of fraud often has a fraudster calling a customer and convincing them they are about to have their money stolen, fast-talking them into transferring their cash into a mule account controlled by the criminal ring.

Using the customer as the ‘insider’ that helps steal money has been established as the most effective way to access funds. Expect many new schemes to emerge that will try to exploit this, and many marketing campaigns to educate and warn customers. We also expect a good deal more new technology firms with increased innovation to prevent this kind of attack to emerge in this space.

3. Increased regulations will add to the pressure

Regulators will continue their efforts to protect the consumers (often from themselves) and businesses should prepare for added regulatory requirements in the coming months.

Widely regarded as a success in protecting customers, PSD2 will be extended with PSD3 in the EU in 2024. Expectations are that more focus will be placed on improving user experience and, wherever possible, removing them from the authentication process in order to reduce friction. In addition, Europe has published their eIDAS 2 regulations requiring governments to start issuing digital identities, with the first pilot kicking off in March 2023. This will be driving digital identity in the region over the coming years.

Overall, we are also seeing a lot more organisations, such as EMVCo, Visa, Mastercard and NIST, increase their security requirements and include FIDO authentication into their standards and regulations. With this regulatory backing and support from Apple, Google and Microsoft, FIDO authentication will receive a lot of attention.

The US government, meanwhile, has committed to Zero Trust architecture and has placed significant emphasis on stronger enterprise identity and access controls, including multi-factor authentication (MFA). Many vendors are jumping onto the bandwagon and security leaders will be hearing a good deal more about this during the year.

4. Digital ID hits its stride

With the regulatory support behind it, and eIDAS 2 coming into effect in 2024, we expect to see digital ID building on the small strides made in 2022, with Estonia and Canada already having built out various systems. The US has also dabbled with it in a few states and Apple is coordinating with travel agents to load drivers’ licences as part of its wallet offering.

With the first pilot in the EU underway, many private and public organisations will likely begin factoring digital ID into their thinking. The European approach is based on emerging standards from the Self Sovereign world such as the W3C’s Verifiable Credentials, while Apple has chosen NFC standards from the ISO. It will be interesting to see if these two diverging standards will find a way to work inter-operably, or if one will dominate.

5. Passwordless thinking will continue to gain momentum

We identified the rise of a passwordless future in previous predictions and we still hold that this will be a big trend on the CTO and CISO radars this year. The renewed commitment to FIDO will aid the move towards a passwordless world and security leaders can confidently move forward with their plans to slash the friction in their user experience.

Finally, we know that predictions can be foolhardy in a world as mercurial as the one in which we find ourselves, however, when we asked ChatGPT what its top five predictions for digital fraud in 2023 were, its number one concern was ironic, but perhaps indicative of just how ‘self-aware’ AI is becoming. Its answer? “Increased use of deepfake technology to create convincing impersonations of real individuals for fraudulent purposes.” Therefore, we remain confident of our 2023 list.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.