CybersecAsia finds out more from an insider who grapples with the heavy cyberthreats and compliance obligations affecting banks.

The ease of collecting digital data has grown tremendously, leading to the generation of even more data that needs to be stored, managed, and secured.

However, just as data can be mined for useful outcomes, it can be abused if put in the wrong hands. In sectors where stolen data can be used for not only financial gain but also nefarious global activities, data privacy and protection laws have become stringently enforced, ferreting out many lapses.

In the financial industry, for example, built-in artificial intelligence (AI) and machine learning (ML) capabilities are necessarily driving a new era of data security.

According to a senior advisor for Data & AI, UnionBank of the Philippines, artificial intelligence technology is helping to make it improbable for cybercriminals to pierce through multiple layers of defenses. This is aimed at ensuring continuity, confidentiality, and integrity in financial services. Also, the technology gives financial institutions a deeper understanding of customers and can boost the quality of physical channels and the human touch when interacting with them.

CybersecAsia communicated with the abovementioned expert, David Hardoon, to find out more:

David Hardoon, Senior Advisor for Data & AI, UnionBank of the Philippines

CybersecAsia (CA):  We know that data analytics can work to identify the weaknesses in a bank or any organization. An illustrative example would be, by using analytics, identifying workers who are more liable to fall for phishing scams. Can analytics also work to complement built-in AI as part of a bank’s security?

David Hardoon (DH): AI can provide additional complementary layers of safeguards in the protection of the bank from security threats. In reality, security threats are identified as deviations of human behavior. AI can learn patterns of different behaviors using historical data and with this, can monitor trends, insights, and patterns on how to differentiate a threat versus a normal activity, with a high level of confidence.

In the example of finding workers who are more likely to fall for phishing scams, with the use of labeled behavioral data that may be available, AI can be trained on that data set and produce a confidence level depending on the risk appetite of the business when it comes to considering probable threats.

So as long as there are security data that AI can leverage on, there’s always an opportunity to train AI models that will complement to the existing safeguards that banks put in place.

CA: In the old days, phishing was perhaps the most common scam used to steal information from a financial institution’s clients.  What are the more insidious approaches that cybercriminals now use to steal credentials, data, and cash?

DH: Phishing remains the most common method used by malicious individuals to steal sensitive information such as passwords and credit card numbers from victims, especially now, as cybercriminals are taking advantage of COVID-19 fears and anxiety. They are now using lookalike website addresses, and SMS Sender Names masquerade as trusted institutions.

Ransomware is also a very common tactic used by hacking syndicates to extort money from their victims. Big tech companies have been in the news lately because of ransomware attacks, forcing days of unavailability of their systems.

To protect yourself, always make sure that your computer has up-to-date antivirus protection. Do not open attachments if they look suspicious, like too-good-to-be-true emails, or click links from emails or SMS. Type it, don’t click it.

CA: Can AI and its machine learning also help virtual banks?

DH: The introduction of virtual banking creates unlimited use cases where AI can be applied.

Just like how AI can improve the way physical banking operate, virtual banking gives us more opportunities to collect more and cleaner data that can effectively be used to develop AI models for a wide range of purposes such as improving the virtual banking platform, creating bespoke services and promotions, recommending value-added services, detecting fraud and money laundering, etc.

The advantage of virtual banking with the traditional physical bank is that we have a channel that can collect even more structured and unstructured data points, and we know that the more of these we have, the more AI models we can build on it depending on what the business is trying to achieve.

CybersecAsia thanks David for his thoughts on how the financial services are using AI tech.