Elevating the payments game – how financial institutions can navigate innovation and security

Today’s payments landscape bears little resemblance to what we were doing only ten years ago. As an industry, we should be proud of the progress being made, such as contactless growth, tokens and the continued rise of ecommerce, however there still is plenty of room to innovate. The demands of consumers continue to evolve, with many not willing to experience any friction in their payment journey, their rightful expectations that all transactions will be secure and their willingness to try new experiences.

Over the next five years, we will see even more change. Gen Z and Alpha are quickly reshaping the industry. They have been brought up in the smartphone age and, being digitally-native, have no patience for less-than-seamless experiences.

Today’s consumers are unforgiving – in fact, two-thirds¹ say companies are not responding fast enough to their changing needs. And their expectation will keep changing. What was magical today will become tomorrow’s expectation. So how can financial institutions address a hyper-complex landscape without compromising on security?

How did we get here? Exploring today’s hyper complex landscape

In the EU alone, the European Council found that 300 million people² – 75% of internet users – make online purchases. The pace of change in the payments space has been significant, especially over the last decade.

Consumers crucially expect more from their bank(s) – both in terms of contextual and personalised services, but also when it comes to choice of payment methods – so financial institutions have made strides to adapt. Not only to meet increasingly complex consumer demands, but also to address the changing fraud landscape.

The value of global ecommerce fraud in 2024 was estimated at $44 billion³, and is expected to grow to $107 billion by 2029. With technology changing at speed, bringing new players and different consumer expectations, we are also seeing a huge change in the risk landscape.

For many of the AI tools on the internet, there are criminal versions on the dark web, such as WormGPT, FraudGPT and DarkBERT. As technology becomes more advanced, criminals focus on the weakest link: people. Scams are increasingly sophisticated – anyone can be caught out.

Besides the direct financial impact, fraud also impacts the trust in financial services. Confidence is critical, and consumers want to know they will be safe. A Visa survey** found that 15% of UK customers⁴ leave their bank after falling victim to scams, even if they are reimbursed.

Yet adapting to this new, advanced fraud landscape comes with its own set of challenges. One of them is that the investment that banks had to make in their tech stack over the past decades has been phenomenal. The continued investment they have to make to keep those tech stacks running, compliant, and safe, is a massive feat.

McKinsey finds that the “amount of money banks spend worldwide on information technology and digital transformation dwarfs the GDP of most countries. Of the $4 trillion allocated⁵ each year to IT, banks account for about $650 billion.” Up to 70%⁶ of this spend goes to maintaining the existing IT stack and ensuring compliance, which gives banks only a limited amount of budget to invest in differentiation and innovation. Especially in large organisations with complex layers of hierarchy, this significantly impacts the ability to evolve their offerings based on new payment methods, new desires and new opportunities that consumers are looking for.

That in turn allows for new technology driven financial institutions to enter the market and disintermediate a relationship that a customer might have had with their bank for 20 years. Nimble players are able to release new product features every two to four weeks⁷ on average, while many traditional players still have product rollout cycles of four to six months.

Balancing consumer expectations with security

In 2025, striking a balance between enhanced security without impacting the customer experience is one of the main challenges that financial institutions grapple with. On one hand, fraud numbers are higher than ever before, and innovative technology and improved authentication methods – such as Strong Customer Authentication (SCA) – has had a massive impact on reducing those numbers.

On the other hand, once security measures cause too much friction in the payment process, consumers are increasingly inclined to switch payment providers. Research shows that, as a new generation is starting to enter the market, the bank/customer dynamic is starting to shift. 44% of Gen Z customers⁸ have changed their primary banking relationship in the last twelve months – with 40% of those switchers closing their prior account.

Today, customers no longer settle for adequate – they look for banking relationships that meet their needs, and do not hesitate to switch to providers that can meet these needs. In 2024, Pay.UK’s current account switch service alone facilitated 1.2 million switches⁹ in the UK. This puts financial institutions in a predicament. While consumers are seeking out frictionless experiences, the high level of fraud – especially in account-to-account (A2A) payments – often requires a certain level of friction in order to reduce fraudulent transactions.

Juniper Research finds that the global value of A2A payments is predicted to increase from $1.7 trillion in 2024¹⁰ to $5.7 trillion by 2029. This soaring popularity also meant that fraudsters have shifted their focus to the A2A space. One of the main fraud risks in the A2A space is authorised push payment (APP) fraud, which has caused losses of £459 million¹¹ in the UK alone in 2023.

The good news is that there are advanced, AI-complemented mechanisms out there already that are helping financial institutions improve their authentication and security while causing less friction than traditional methods. The task now is to spend time and effort into planning, deployment and training to leverage it.

Detecting fraud before it happens

The crux is that too many fraud detection mechanisms are still focused on catching fraud after it has already. Behavioural risk management using AI is one the most effective ways to catch fraud before it happens, all the while reducing friction. The AI looks at events and how customers behave to identify anomalies in behaviour that can help detect bad actors.

An example: Most days, I log into my bank account at 7 am in the morning, just to check. Now imagine one day, I log in at 3 am and my behaviour slightly more erratic in the app than is normally the case. The technology can now flag this behaviour to the financial institution. It may not be high risk, but it allows for a higher level of alertness to monitoring app activity to catch potential fraud.

This means that behavioural risk management using AI allows financial institutions to be a lot smarter in reducing the friction levels to create more customer loyalty and more customer engagement while increasing the friction once potential high-risk events are identified.

This technology is not for tomorrow – it’s here today. We have recently completed a pilot with Pay.UK, trialling Visa Protect for A2A payments, where we analysed billions of historic UK bank and Payment Service Providers (PSP) transactions using artificial intelligence and machine learning to detect and prevent emerging fraud and APP scams. The results showed an average 40%¹² uplift in fraud detection at a 5:1 false positive rate. The solution additionally identified 54% of fraudulent transactions that had already passed through sophisticated bank and PSP fraud detection systems.

While the role of technology cannot be overstated, industry collaboration will be key to keep on top of fraud. Even though there is ample competition in the industry, financial institutions come together like a neighbourhood watch – sharing insights, trends, and other patterns they spot in their individual institutions.
If you collaborate in your community, you are going to secure your community better. But no matter how fast we move, the bad actors are moving just as quick. The intensity of our collaboration just has to keep improving, and the nature of the tools that we deploy has to keep evolving as well.

Staying agile in a hyper complex environment

It’s impossible for one organisation to fight all of this alone – there needs to be industry collaboration, and there is a need for partnership as well. A debate I have recently had is about friction versus brand loyalty. Is there really still inertia – customers staying loyal to the brand they trust – whether you are a merchant or consumer? I believe increasingly this is not the case. A moment of friction can damage a relationship irreparably.

These are real challenges that financial institutions face. Customers are unforgiving, and we have to keep lifting our game. There has never been a more exciting time to be in payments. I believe the next five years will show more change than the last five years.

Whether it’s related to the customer engagement, speed of innovation, or managing risk – the opportunity to make an impact is significant. The financial institutions that focus on this will be the ones to succeed in 2025 and beyond.