The FinTech sector is growing at an unprecedented rate, but each innovation brings with it new and increasingly sophisticated threats. Traditional security methods, based on static rules, have proved insufficient in the face of automated attacks and fraud driven by artificial intelligence. In this context, cyber security is no longer solely a cost centre, but is becoming a key element in building competitive advantage. Trust, built through a seamless and secure customer experience, is today’s growth driver.
Financial institutions find themselves at the heart of a regulatory paradox. On the one hand, directives such as PSD2 force open APIs to stimulate innovation. On the other hand, RODO (GDPR) imposes severe penalties for not properly securing the same data. Companies need to be open and hermetically sealed at the same time. This article provides a strategic guide to five leading platforms – Onfido, Feedzai, Sift, Signifyd and Persona – looking at how their unique architectures address today’s challenges.
Threat landscape 2.0: from phishing to synthetic identities
While traditional attacks such as phishing and ransomware are still a threat, the risk landscape has evolved dramatically. The advent of generative AI tools has led to the industrialisation of fraud. Fraudsters are creating organised ‘fraud networks’ that systematically test security systems and then scale effective attack methods. The new generation of AI-driven fraud primarily involves the creation of synthetic identities. In this scenario, fraudsters do not steal an existing identity, but create a completely new fictitious person by combining fragments of real and fake data. Such an identity often passes basic verification because it is not linked to any known fraud. Another threat is deepfakes and spoofing attacks, where generative AI enables the creation of realistic fake videos and photos that are used to bypass biometric identity verification, particularly life tests. Finally, in the Open Banking ecosystem, where APIs are the bloodstream of data exchange, they are becoming a prime target for advanced account takeovers (ATO) using bots and stolen credentials.
Pillars of modern security in FinTech
Evaluating modern security platforms requires a multidimensional approach, based on three key pillars. The first is identity verification and authentication, which is the basis for confidence in a user’s identity. Simple methods such as SMS codes are nowadays considered risky, so modern platforms are promoting more secure solutions such as push notifications and biometrics. Physical biometrics, such as a facial scan, has become the standard for onboarding, while behavioural biometrics, analysing typing or mouse movements, allows continuous, passive monitoring of sessions for anomalies.
The second pillar is data protection. In the era of RODO, securing personal information (PII) is a priority. Strong data encryption in transit (TLS 1.3) and at rest (AES-256) is the standard. Tokenisation, the process of replacing sensitive data, such as a card number, with a worthless token, is also becoming increasingly popular. This allows systems to operate solely on tokens, drastically reducing the risk of leakage and simplifying compliance with regulations such as PCI DSS.
The third pillar is intelligent fraud analysis. Systems based on rigid rules are easy to bypass, so modern platforms use machine learning (AI/ML) models that analyse thousands of signals in real time and adapt to new attack tactics. Their strength is often network intelligence – analysing anonymised data from billions of transactions around the world allows them to identify global fraud patterns unavailable to a single institution.
Market leader analysis: 5 platforms in a nutshell
The first platform analysed is Onfido (Entrust), a leader in automated identity verification (IDV). It is ideal for companies, such as neobanks, where fast and secure customer onboarding is crucial. At the heart of the platform is the Atlas™ AI engine, consisting of more than 10,000 specialised micro-models to detect anomalies in documents. The company places a strong emphasis on physical biometrics, including advanced Liveness Detection mechanisms to defend against deepfake attacks.
Then we have Feedzai, a comprehensive risk management platform (RiskOps) that combines fraud prevention and anti-money laundering (AML). It is a solution aimed at large banks. It distinguishes itself by creating hyper-personalised profiles of ‘normal’ behaviour for each customer (‘Segment-of-One’) and the ability to provide understandable justifications for AI decisions (‘Whitebox Explanations’). The company is investing heavily in behavioural biometrics.
Another player is Sift, which offers a complete ‘Digital Trust & Safety’ platform that goes beyond payment fraud to include the fight against fake accounts and spam. Its greatest asset is its Global Data Network, which processes more than one trillion events a year, allowing AI models to identify global fraud networks. The new ‘Identity Trust XD’ framework analyses user behaviour across the Sift ecosystem, providing multi-dimensional identity intelligence.
Signifyd is distinguished by its unique business model focused on e-commerce. The platform offers a 100% financial guarantee on transactions it approves. If an approved transaction turns out to be fraudulent, Signifyd fully covers the loss, eliminating financial risk on the seller’s side. Decisions are made based on data from the Commerce Network, an extensive network of collaborating merchants.
The final platform is Persona, a flexible ‘identity infrastructure’ that provides the tools to build fully personalised verification processes. The architecture is based on ‘signals’ (active, passive, behavioural) that can be freely combined within a visual ‘workflows’ editor. This allows the creation of dynamic verification paths that adjust the level of security according to risk.
Choosing the right tool is a strategic decision that must be closely linked to a company’s business model and risk profile, as there is no one-size-fits-all solution. Looking to the future, the financial sector faces two key challenges. Firstly, the artificial intelligence arms race will intensify, requiring continued investment in increasingly sophisticated defence models. Secondly, a fundamental threat is on the horizon: quantum computers. These are predicted to be able to break most current cryptographic algorithms. This moment, referred to as the ‘Quantum Break’, could come as early as 2027. The financial sector needs to start planning now for the migration to post-quantum cryptography (PQC) standards to ensure the long-term security of its customers’ transactions and data.
