Editorial

Escalating cyberthreats in digital finance

The Digital Threat Report 2025-26 from the Ministry of Electronics and Information Technology (MeitY) warns that even the strongest passwords or security measures like one-time passwords and two-factor authentication may not be enough to protect bank accounts and online financial transactions from cyber theft.

Sentinel Digital Desk

The Digital Threat Report 2025-26 from the Ministry of Electronics and Information Technology (MeitY) warns that even the strongest passwords or security measures like one-time passwords and two-factor authentication may not be enough to protect bank accounts and online financial transactions from cyber theft. The report prepared by MeitY, along with the Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA, a payment forensic investigator, is a timely reminder for banks and other financial institutions to upgrade their advisories and generic checklists as part of instructions given to their account holders to keep their accounts safe and protected from cybercriminals. The report highlights vulnerabilities that warrant urgent action by the BFSI sector. It has found that “Cybersecurity risk in financial services is no longer limited to data theft or isolated breaches. It now extends to transaction integrity, customer trust, third-party dependencies, decision systems, operational continuity, and confidence in digital infrastructure that underpins economic activity itself.” It cautions that “many of the consequential attacks no longer resemble traditional intrusions. They appear as legitimate sessions, approved payments, manipulated workflows, compromised vendors, or normal user behaviour until damage is already underway.” It has pressed the alarm bell that collectively, the emerging trends point to a threat environment that will become more adaptive, less visible, and increasingly embedded within everyday business operations, with cybercriminals using advanced Artificial Intelligence to clone sessions and steal the entire digital banking session, not just the password of the account holder, bypassing the safety wall of two-factor authentication. The report reveals that adversaries are innovating, scaling, and exploiting trust at a pace that exceeds the capacity of many institutional control environments, exposing critical gaps that jeopardise the safety of the banking ecosystem in the country. The report found that armed with AI, the capability of cyber attackers is scaling faster than the defensive mechanisms deployed by the BFSI sector, as cyberattacks once involved huge expenditure in hiring specialist teams working continuously for weeks to hack into accounts and siphon money but can now be performed at machine speed with smaller teams of modest capability and spending much less because of AI. The use of AI is effectively lowering the entry barriers for malicious actors by reducing costs, time, and required skills, which means that vulnerabilities in the BFSI sector are likely to increase as the number of malicious attackers rises. Closing the gap between the speed at which cybercriminals are mounting faster attacks by deploying AI and the speed at which BFSIs are adopting AI to defend against those attacks remains critical to effectively countering emerging threats. The recurrence of incidents where cybercriminals deceive bank customers into sharing passwords and OTPs, despite widespread reports of similar banking fraud cases and constant reminders from banks and financial institutions not to share such information or respond to fictitious emails and messages, highlights a significant lack of awareness among a large segment of customers. The drastic change in the threat landscape, however, presents a harsh reality: using the AI, the cybercriminals can now dupe even the well-informed customers about cybersecurity risks by sending highly personalised messages mimicking communication of a bank, insurance or other financial services; faking QR codes; and making the unsuspecting customers believe that it has come from genuine bank and other financial service authorities. Once customers are tricked into scanning the QR code and logging in to a hacker’s page that looks identical to their bank login screen, the hacker captures the username and password, then forwards these details to the customer’s real bank system, allowing the hacker to log in and steal the entire digital session. Unless such a security breach is detected by the bank’s or financial services’ system at the split of seconds through deployment of advanced AI tools and systems, the hackers will make the sessions appear to be genuine digital sessions. The report has correctly concluded that for the BFSI sector, the stakes are uniquely high, as finance runs on confidence, and every payment cleared, every account opened, and every digital interaction approved depends on trust working silently in the background. When that trust weakens, the impact is measured not only in losses but also in hesitation, disruption, and systemic friction, which highlights the risks of trust erosion if the ability of cybercriminals to strike faster and with precision using AI is not mitigated. The report says that the best way for BFSIs to protect themselves from rising cyberattacks is to defend against current threats while getting ready for new types of risks.