This is not a minor issue: intrusion attempts on smartphones grew 70% compared to 2024, driven by the rise in the use of these devices to perform financial operations. Among the main threats are Android banking trojans, SMS phishing campaigns, fake applications, and email espionage—risks that affect both users and financial institutions.
While the new generation of fraud now relies on AI-powered voice and video deepfakes, automated messages that mimic customer language, or cloned apps indistinguishable from the originals, this crisis also represents a historic opportunity to redefine trust through the very same technology: Artificial Intelligence.
For financial institutions, AI should be viewed not as a threat but as an ally for cybersecurity teams. It can be used to integrate machine learning algorithms capable of detecting anomalies in real time, anticipating fraud before it happens, and protecting user identities even against hyper-personalized attacks enabled by generative AI.
Zero Trust: the new standard in banking security
Today, banks must adopt a Zero Trust model, capable of verifying every access request regardless of its origin, minimizing the risk of data breaches through constant monitoring. This AI-driven model enables continuous oversight of cloud environments and improves real-time threat response capabilities.
It is also essential for banks to focus on protecting their infrastructure end-to-end through data trust, usage control, and threat detection across all models, agents, and services. This prevents data corruption and misuse while ensuring resilient and reliable AI operations—in other words, creating secure AI life cycles.
Turning to these solutions is crucial because the recent implementation in Mexico of the User Transactional Amount (MTU) is not enough. While it is a good measure to strengthen online transaction security and reduce fraud risk, giving users more control over their financial operations, it merely limits potential fraud—it does not prevent it. That is why we must go further and build truly fortified platforms.
For example, a digital bank with an AI-powered Zero Trust model for its online and mobile operations could automatically request additional verification whenever a customer logs in from a new device or changes geographic location. This would enable a contextual evaluation that includes software version review, system integrity, and known threats, ensuring security before any transaction takes place.
At the same time, using AI, the bank could monitor user behavior patterns in real time (typing speed, usage rhythm, navigation paths) to detect subtle anomalies that may indicate fraud.
Toward secure and regulated AI life cycles
Additionally, to protect end-to-end banking operations, Mexican authorities could establish regulations suggesting that banks ensure secure AI life cycles—for example, requiring fraud-detection models to be trained only on verified data, implementing monitoring to avoid data corruption, and activating automatic alerts in the event of manipulation attempts. This means that even if an attacker infiltrates one layer, usage controls and oversight mechanisms could prevent that model from being exploited to escalate the attack.
In this new digital era, we must not forget that building trust is essential for any organization, and even more so for financial institutions, since people want assurance that their money is safe. Trust is not earned through promises or sleek interfaces, but through robust systems, transparency, and an experience that allows users to sleep peacefully. In the age of AI, the banks that manage to combine predictive technology with empathy will be the ones that truly remain relevant in the future of finance.
For Luis Battilana, Country Manager of México & Financial Industry Services Head of Baufest.
