Copyright techcrunch
By Jenna Kaye-Kauderer, Managing Vice President and Head of AirKey, Capital One AI is changing the game for banks and fraudsters alike. AI enables financial institutions to protect against fraud by detecting anomalies and analyzing patterns of behavior at scale—all in a split second. Banks can apply AI to triage a potential attack by declining the payment outright or requesting authentication to confirm that the individual attempting the transaction is authorized. It can also detect impersonation attempts that could lead to account takeovers. Even if the login details are correct and the face matches stored records, AI techniques can go deeper. It checks whether the surrounding data, such as device, location or recent account changes, is consistent and doesn’t show signs of fraud. Evaluating all this information instantly, and taking action accordingly, requires powerful real-time technology that can keep up with the massive transaction volume and the rapid speed of payments today. But as powerful as AI is in the hands of banks, it’s also being weaponized by sophisticated fraudsters. Rise of AI-Powered Fraud Recent innovation in AI has allowed fraudsters to create novel attacks, as well as gain efficiency in more traditional efforts to defraud banks, merchants and consumers. Deepfakes and other AI-assisted technologies are being used to bypass established security measures to check whether people really are who they say they are. These include methods such as facial recognition, often used in account takeover attempts. Activity in this area has grown quickly in recent years, following the rise of widely available AI tools in 2022. One study, cited in the Wall Street Journal, found that deepfake incidents in the fintech sector increased 700% in 2023 compared with the previous year. Tools to create these kinds of synthetic identities are now more accessible, without requiring substantial financial investment, time or technical expertise. Traditional authentication methods like SMS one-time passwords are becoming more vulnerable because AI has made intercepting messages easier. Government ID checks—for example, with a drivers license or state ID card—are now much easier to clone with AI. AI also vastly increases the scale and effectiveness of more widespread fraud tactics. Notably, phishing attacks used to require actual people to make phone calls or respond to emails. This can now be done by machines at a broader scale and much lower expense. In response, banks need to continue experimenting with new AI capabilities while evolving their other fraud defenses—like physical authentication—to help combat AI-powered fraud. Adding a Tangible Layer to Digital Defenses One of the strongest ways to improve current defenses is to layer them with other forms of security. A layered approach, using different methods, is stronger than simply thickening a single wall. Layered security doesn’t just double the perimeter’s depth: it can exponentially improve the chances of avoiding fraud. That’s why combining digital defenses with physical authentication is so important. Digital security on its own can be manipulated by synthetic identities or deepfakes, but adding a tangible element creates a barrier that’s much harder to bypass. A physical artifact can’t easily be remotely cloned or artificially generated, making it a powerful complement to AI-driven fraud detection. At Capital One, this approach comes to life through a technology we call AirKey, which turns a credit or debit card into a hardware authenticator. We do this by embedding a custom applet onto the card’s chip, allowing customers to authenticate themselves simply by tapping their card to their mobile device. This added layer strengthens protection in high-risk moments—such as when a customer logs into a new device, changes an address or moves funds to a new account—without adding meaningful friction to the experience. The result is a defense system that’s both strong and seamless: one card tap provides powerful proof of identity, helping legitimate customers quickly ‘get to yes’ when something appears risky to their bank, rather than being blocked or declined. As fraudsters continue to innovate with their attacks, our industry will continue to bolster its defenses. We’ll continue to invest in new technologies and layers of defense—both physical and digital—to meet rising threats head-on. The challenge each time will be doing this without adding friction for legitimate customers, while ensuring security and convenience go hand-in-hand. Learn how Capital One’s AirKey is shaping the future of secure authentication.
