Gen AI Turns Fraud Into a Real-Time Arms Race

Watch more: Digital Shift: Capital One, Jenna Kaye-Kauderer

Novel threat vectors, like deepfakes, synthetic identity fraud and phishing powered by powerful language models, were once the province of science fiction.

But generative artificial intelligence is opening them up as a constant reality. Particularly for banks and financial institutions, resilience is an operating principle.

“With gen AI, there are new threats and new fraud vectors we hadn’t seen historically. And we’re seeing those today,” Jenna Kaye-Kauderer, managing vice president and head of AirKey at Capital One, told PYMNTS.

Fraud is not new, but gen AI has changed its tempo. Criminals can now generate convincing and scalable attack campaigns in minutes. The old playbook of deploying a defense and assuming it holds no longer works.

The discipline of authentication itself must evolve not as a product but as a continuous, adaptive practice.

“One of the most important things for financial institutions and banks is first building flexible authentication systems that allow us to react dynamically as these new fraud vectors appear,” Kaye-Kauderer said. “And second, having a really broad set of authentication tools, a really big toolkit.”

At Capital One, the AirKey product that Kaye-Kauderer leads sits squarely in that toolkit.

“AirKey is a technology that turns credit cards or debit cards into hardware authenticators,” she said, adding that AirKey has already scaled across more than 100 million cards. “For a consumer, they can take out their credit card or debit card, they can tap it to their phone, and through that tap, they prove possession of their card and they authenticate with their financial institution.”

It may sound deceptively simple. You tap your card to your phone and authenticate instantly. However, the impact is crucial in accelerating the shift away from comparatively more vulnerable channels like SMS one-time pins, which have long been exploited by fraudsters through SIM swaps and phishing.

Digital banking customers want seamless, frictionless experiences, yet they also demand absolute security. The trick is matching the right level of friction to the actual risk of a transaction.

At Capital One, the answer is what the company calls risk sloping, an approach that gauges the risk of a transaction up front and applies authentication proportionally.

“For something that is higher risk, we can match a stronger tool that might come with a little bit more friction,” Kaye-Kauderer said. “And for something that’s lower risk, we can do something that’s more convenient for the customer because we frankly already have confidence that the customer is who they say they are.

“Consumers expect some level of friction,” she added. “They expect that we as banks or financial institutions are protecting them, but the key is to match the right level of security and potentially friction with the right level of risk.”

But risk sloping is only part of the equation. Another principle is customer choice. What feels seamless to one user may be cumbersome for another. Giving options ensures higher completion rates without compromising security.

“As we introduce more authentication tools and we give customers more choice, we actually tend to see that they’re more successful in completing the authentication,” Kaye-Kauderer said.

AirKey sits alongside SMS, government identity verification, mobile app verification and more, she said. The idea is not to crown a single winner but to maintain a diverse arsenal that can be deployed as threats evolve.

The fight against fraud is not a series of sprints. It is a marathon where the terrain keeps shifting. That makes continuous innovation not just a strategy but a necessity.

“Fraudsters are continuing to innovate, right?” Kaye-Kauderer said. “They’re always seeking to adopt the newest tools. And so we need to do the same thing.”

“We really design and architect our authentication platform to be just that, to be a platform so that as we introduce new tools, new data, new policies. … We’re actually able to scale those across use cases quickly,” she added.

The challenge is making innovation repeatable. Too often, companies treat it as an occasional breakthrough. Metrics help. Patents, for instance, serve as a proxy for whether new technology is truly being created. Objectives and key results (OKRs) also embed innovation into performance tracking.

Patience and partnerships can be other ingredients.

“Innovation isn’t always linear,” Kaye-Kauderer said. “Going from zero to one can be really hard. … I would encourage other banks and financial institutions to be patient, give innovation time to bake and to grow.

“Fraud is an area where we as banks and financial institutions need to work together,” Kaye-Kauderer said. “About a year ago, we started selling AirKey, and we’re really excited about the possibility of just continuing to adopt and scale this more broadly.”

The implicit lesson in Capital One’s approach is that future-proofing does not mean predicting every threat. It means engineering for constant change. Authentication is shifting from static gates to dynamic systems that flex, learn and respond.

For all PYMNTS AI coverage, subscribe to the daily AI Newsletter.

The post Gen AI Turns Fraud Into a Real-Time Arms Race appeared first on PYMNTS.com.