Conor White, President – Strategic Initiatives, Daon
It is called high finance for a reason. The stakes are high, the pace is unforgiving, and the tolerance for error is close to zero. None of this is new, but what has changed is the speed and scale at which trust is tested. In today’s markets, millions can move in seconds, and decisions around trust need to match or exceed that pace. Yet many of the identity systems protecting these transactions were made for a slower, simpler world. They assume that if the front door is strong enough, the rest of the building will hold. In reality, modern financial institutions operate as complex, high-speed environments where identity is tested constantly, often under pressure, and not always in the places security teams expect.
One thing that still holds true for attackers is that they’ll rarely attack from the front. Rather than smash their way through the front wall of the castle, they’ll test the perimeter – looking for the unguarded side entrance, the neglected hidden tunnel, or the next most likely mistake. This is true of just about every industry, but in high finance, these vulnerabilities are everywhere. Speed, delegation, and exception handling – dealing with any situation that falls outside of the standard, automated workflow – are core to how banks, brokers, and trading desks function. When trust mechanisms fail to account for these realities, identity security itself becomes a point of fragility. And in a system where trust underpins every transaction, that fragility can scale just as quickly as the wealth it’s meant to protect.
The Soft Underbelly of Fraud and Compromise
When identity assurance fails in high finance, it’s rarely at the login screen. The real weaknesses sit in the handoffs and exceptions that surround it. Account recovery, password resets, device changes, urgent limit increases, beneficiary updates – anything slightly outside of the day-to-day. These are routine servicing workflows, and they are precisely where assurance tends to drop. Brokers and trading desks operate in environments defined by speed, shifting responsibility, and constant pressure to keep things moving. When a client cannot get in, needs something changed quickly, or claims they are locked out at the worst possible moment, hardened digital processes tend to give way to human judgment. We might once have considered that a good thing, but in a high-volume, high-stakes environment, it’s exactly where identity assurance gets reduced to its weakest form.
Attackers seem to understand this better than some firms and institutions do. They don’t arrive swinging on the first interaction. They probe. They call contact centers, test recovery paths, switch channels, and observe where friction eases, and controls soften. Much of what looks like normal customer interaction is actually reconnaissance, mapping the perimeter and identifying the cheapest path to a high-value outcome. Knowledge-based authentication (KBA) thrives in these moments because it feels familiar and fast, but it’s grounded in information that is most likely already out there in the world. So once identity is forced off its digital rails and into exception handling, attackers are no longer trying to defeat the strongest control. They’re exploiting the fact that the system has already effectively downgraded itself.
When Biometrics Become “Just Another Password”
For a long time, basic biometric checks were a meaningful improvement over passwords, and in many environments, they did exactly what they were meant to do. The value and importance of biometrics haven’t changed, but the scale and sophistication of the attacks targeting them have grown. Today, not all biometric implementations are created equal, and treating any biometric signal as inherently trustworthy is a fundamental error. A strong implementation will treat biometrics simply as another security control layer rather than a green light, while weaker implementations will happily treat a selfie or voice sample as proof – without validating how that data was captured, whether a user was genuinely present (a liveness check), or whether the signal itself can be trusted. In these weaker cases, biometrics do little more than replace a password with something that “feels” more modern and secure. Biometrics are most effective when they are layered with other signals, such as device recognition, location context, and behavioral patterns, rather than being asked to carry the full burden of trust on their own.
A truly resilient biometric system has to answer three questions every time. First, “Is this the right person?” In other words, “Does the biometric match with a meaningful level of confidence?” Second, “Is the biometric real and live?”, rather than a photo, recording, or synthetic artifact. Third, and this is the part many deployments overlook, “Did that biometric arrive through a trustworthy path?” An accurate biometric match alone isn’t enough if the signal can be modified or manipulated somewhere between the sensor (e.g. the camera) and the system making the decision, or even bypass the sensor altogether. And it’s getting easier for attackers to carry out these exploits as the technology needed to do it successfully and at scale is becoming increasingly more accessible. This is why biometrics without strong anti-spoofing and injection attack detection are, in many ways, just a flashier version of a password prompt. The integrity of the entire chain matters, much like a logistics supply chain, because even if something looks correct at the destination, it can still be compromised in transit.
Omni-Channel Convenience = Omni-Attack Surface
Customers want convenience. Even though some friction may be tolerated for high-value transactions, user journeys are still expected to be smooth, accessible, and intuitive. That’s why mobile apps, web portals, and call centers should all be treated as part of a single customer journey. The problem is that basic deployments of identity assurance don’t match the complexity of these winding paths. For instance, it’s common to see strong biometric authentication in a mobile app, while the corresponding web experience still relies on a static password, and the contact center falls back to human judgment and knowledge-based questions. To an opportunistic attacker, this inconsistency is basically an invitation to cause harm. They don’t need to defeat every control – they simply need to find the weakest link.
The challenge for businesses is that verification is a point-in-time decision, while risk persists across the entire relationship. Brokerage houses, for instance, are subject to AML – so once a customer has been verified, they still need to be authenticated repeatedly, across channels, devices, and moments of heightened risk. When those authentication decisions are fragmented, the value of strong verification erodes quickly.
This is when convenience becomes a risk. Attackers map defenses across channels and take the cheapest path to the outcome they want. A high-risk request might arrive through a call center rather than a digital channel, framed as an urgent exception. A client needs to raise a transfer limit or set up a new beneficiary and claims they can’t access the app. At that point, the interaction often shifts away from digital controls and toward human judgment and knowledge-based questions – and that’s not a fair contest. It’s like a fully garrisoned battalion with advanced drone capabilities handing over to a lone operator in the accounts department and leaving them to guard the fort.
Consistency is key here. Instead of forcing assurance to downgrade, weaker channels like call centers can step up to stronger ones when risk increases. A call center interaction doesn’t have to rely solely on what a human can infer in the moment. It can be anchored to trusted signals from a known device or a secure mobile application, bringing the strongest identity controls into the conversation rather than bypassing them. Without that continuity, omni-channel service becomes an omni-attack surface, expanding and weakening the perimeter at precisely the points attackers are most likely to exploit.
Adaptive Identity in an Age of Industrialised Fraud
What is changing now is not the existence of fraud, but the economics of it. AI is turning impersonation into an industrial process. In the same way that the printing press transformed bookmaking from a manual craft into mass production – boosting education and literacy levels around the world – modern tools are doing the same to fraud. Activities that once required time, skill, and specialist resources can now be executed repeatedly, cheaply, and at scale. Deepfakes, synthetic identities, and Large Language Model-driven social engineering are now components in an industrial-level fraud pipeline.
Naturally, this has consequences for identity assurance. Static controls at the door assume a world where attacks are slow, obvious, and infrequent. In an industrialised model, they are the direct opposite. Attackers learn quickly, share techniques, and adapt faster than organizations can respond. The only suitable response to this is adaptive identity assurance – layered authentication that adjusts in real time, using continuous risk signals to decide when assurance can remain invisible and when it needs to step in and be decisive. And high assurance does not necessarily have to mean high friction. When done properly, it means “smart friction”, applied only when the value and risk of a transaction demand it. In high finance, identity cannot be a one-time decision or a product checkbox. It has to be treated as a living system, because trust itself is now under attack.
