Reimagining cyber threats: How AI is transforming cyber defence in global payments

We’re in a new normal. More businesses worldwide are embracing open banking, unlocking unprecedented benefits but also bringing new, unexpected threats. Artificial Intelligence (AI) has democratised social engineering, allowing hackers to exploit human defences. A financial services company that prioritises cybersecurity capabilities is essential not just for your assets, but for your trust and reputation.

Today, money is moving differently. But have financial institutions, their vendors, and their clients adapted to the changing environment?

As businesses and their banks embrace new technologies and innovate to improve customer experience, they need to shift gears to understand their real weakness. This may not be the one they think.

The main threat for organisations today is not only their technology, but also their people. That’s because social engineering tactics are behind most cyber-attacks and nearly all successful breaches involve exploiting human error . While no industry is immune, the financial services sector is among the most targeted by cyber incidents .

How can businesses and their banks defend their people? By taking a page out of the hackers’ playbook.

The double-edged sword of AI

Artificial intelligence is democratising and humanising cybercrime. The same tools trained on the data we generate are being used to exploit us in human ways.

Today, armed with the latest AI tools, even less skilled hackers can develop sophisticated attacks, from scaling spear-phishing emails or writing malicious code to creating personalised deep fakes. Just look at headlines to see how successful these tactics have proven.

For cross-border payments, this democratising effect has made cybersecurity less of an IT problem and more an everybody problem. Hackers target organisations’ human defences rather than their digital ones.

“Just as hackers deconstruct technology, they expertly deconstruct the way humans think,” said Sarah Gosler, managing director and head of Wells Fargo’s cyber human defence. “Adversaries are using AI as a weapon. Companies can use it as a defence. The real battle is won when we empower humans and leverage AI, together, against these evolving threats.”

Just as the latest AI and machine learning tools allow hackers to scale attacks, they allow banks, their vendors, and their clients to bolster and scale their cybersecurity, anti-money laundering and fraud detection programmes. That includes reviewing and securing their human defences.

Massive scaling of research and data analysis can also work defensively. For example, companies can use AI to analyse trillions of data points to flag potential threats that don’t fit patterns. This leaves employees with just hundreds or thousands of data points to review on a human scale — and escalate if necessary.

The correspondent bank of the future

Correspondent banks need to work across borders and organisations, and at the same time stay secure. Having the right bank with AI and cybersecurity capabilities will be especially important given the new ISO 20022 standard. This transformative standard will mean correspondent banks and their partners have richer and more structured payment data where it matters. This data can make the models behind new AI defensive tools even better.

“If you have richer data - structured data that’s easier to identify and track - that’s a great tool for fraud prevention and AML screening. For example, one of the biggest headaches of sanctions screening is false positives,” said Angelica Alam, Wells Fargo’s head of financial institutions and non-bank financial institutions product solutions.

For the correspondent banks of the future, the new standard’s impact on AI will go far beyond cybersecurity. Wells Fargo has already deployed AI-driven fraud prevention and detection tools and is in the process of deploying agentic solutions for payment repairs and improving the operator side of payments.

In today’s threat landscape, a cyber-secure financial services company is essential not just because they’re holding your assets. You need assurance they thoroughly vet the organisations they do business with. With a new standard and the potential for next-level AI, the global payments ecosystem will rely on AI-fuelled cybersecurity solutions as a key defence to hackers, fraudsters and cybercrimes.

“We see AI not just as a threat to guard against, but as a powerful, indispensable ally in our mission to defend our company and our clients,” Gosler said. “Our core strategy is centred on using AI to profoundly augment our human capabilities, empowering our teams and making our collective defences smarter, faster, and far more adaptive to the dynamic threat landscape.”