Building Trust in Digital Banking: Securing Payments in the Age of Cyber Threats

Banking has gone digital. From mobile wallets and instant card issuance to frictionless in-app payments, consumers have never had more convenient ways to manage money and purchases. But this same acceleration has also widened the attack surface – making banks one of the most frequently targeted industries for cybercrime. 

On top of this, the threat landscape continues to mature and evolve, with AI fuelling new attacks. According to the Thales 2025 Data Threat Report, Financial Services Edition, 59% of financial services organisations identified AI as their top concern. At the same time, the IBM Cost of a Data Breach Report found that the average cost of a breach in financial services has risen to USD 6.08 million, significantly higher than the global cross-industry average. 

In this Q&A, we examine how Thales helps financial institutions strengthen resilience, safeguard customer trust, and stay aligned with fast-evolving regulations.

Q: Why is banking such a high-value target for cybercriminals?

A: Financial services combine three highly monetisable assets: money, identity, and trust. Attackers target digital wallets, card systems, and banking apps not only to steal funds but also to harvest personal data that can be resold.  

The attack surface is expanding with mobile-first banking, real-time payments, and API-driven ecosystems. Fraud is now multi-vector: combining phishing, credential stuffing, social engineering, and application compromise. Regulations such as PSD2 and the EU Cyber Resilience Act set the bar high, demanding that banks deliver frictionless customer experiences, but never at the expense of security. 

Q: How does Thales support banks in building secure digital services?

A: In financial services, security must be embedded across the entire payments ecosystem, from issuance and provisioning to transactions and compliance. Thales helps financial services organisations by:  

• Securing the foundation: Protecting digital wallets, card issuance, and mobile banking apps with trusted digital identities, strong authentication, and tokenization.  
• Enabling seamless experiences: Through the Thales D1 platform, banks can unify instant card issuance, mobile wallet provisioning, and digital banking services in one cloud-native platform – delivering agility, scalability, and resilience.  
• Protecting transactions end-to-end: Using encryption, PKI, and advanced fraud detection to keep payments compliant with global regulations while maintaining trust at every customer touchpoint. 

This integrated approach allows financial services organisations to innovate at speed while ensuring every digital interaction remains secure, trusted and compliant.  

Q: What role does mobile security play in protecting banking?

A: Mobile is now the dominant customer channel. But mobile banking apps are also prime entry points for fraud, from overlay attacks to malware injection. 

The D1 platform supports secure mobile provisioning and in-app protection, ensuring that banking credentials and payment data remain encrypted and tamper-resistant, while also enabling frictionless customer experiences across wallets, wearables, and other applications.  

Q: How does Thales help address fraud and compliance simultaneously?

A: Fraud and compliance pressures often converge. Thales supports banks with: 

• Strong identity verification and multi-factor authentication to meet PSD2 and global mandates. 
• Adaptive fraud prevention, using behavioural analytics to balance user experience with risk mitigation. 
• Tokenization services to remove sensitive data from transactions across mobile, e-commerce, and POS. 
• Compliance by design, embedding GDPR, PSD2, and global standards into the D1 platform and broader security portfolio. 

This ensures that banks can innovate with confidence while satisfying the strictest compliance frameworks.  

Q: How can banks strengthen operational resilience against cyberattacks?

A: Financial services are classified as critical infrastructure, so disruption can ripple far beyond individual customers. New regulations like DORA (Digital Operational Resilience Act) highlight the need for banks not only to prevent breaches but also to withstand and recover from them. 

Resilience requires: 

• End-to-end visibility across channels, APIs, and third-party providers. 
• Zero trust principles to limit damage if attackers gain access. 
• Lifecycle security management, so outdated apps or compromised credentials don’t become weak links. 

With its cloud-native D1 platform and embedded lifecycle security, Thales helps institutions maintain uptime, compliance, and customer confidence, even under sustained cyber pressure. 

Q: What does securing the future of digital banking really mean?

A: As banking becomes increasingly digital and connected, the challenge is not just to innovate but to ensure resilience at scale. Mobile wallets, instant issuance, wearables, and apps are transforming how money moves, but every new channel adds potential risk. 

Securing the future of banking means: 

• Embedding security into global standards for payments and digital identity. 
• Adopting cloud-native platforms that evolve with new fraud techniques and regulations. 
• Partnering across the financial ecosystem to design experiences where convenience and security reinforce one another. 

In the spirit of Cybersecurity Awareness Month, the lesson is clear: to secure our world, banks must ensure that trust is never optional, it’s built into every transaction, every channel, every time.