Novel threat vectors, like deepfakes, synthetic identity fraud and phishing powered by powerful language models, were once the province of science fiction. But generative artificial intelligence is opening them up as a constant reality. Particularly for banks and financial institutions, resilience is an operating principle. “One of the most important things for financial institutions and banks is first building flexible authentication systems that allow us to react dynamically as these new fraud vectors appear,” Kaye-Kauderer said. “And second, having a really broad set of authentication tools, a really big toolkit.” At Capital One, the AirKey product that Kaye-Kauderer leads sits squarely in that toolkit. “AirKey is a technology that turns credit cards or debit cards into hardware authenticators,” she said, adding that AirKey has already scaled across more than 100 million cards. “For a consumer, they can take out their credit card or debit card, they can tap it to their phone, and through that tap, they prove possession of their card and they authenticate with their financial institution.” It may sound deceptively simple. You tap your card to your phone and authenticate instantly. However, the impact is crucial in accelerating the shift away from comparatively more vulnerable channels like SMS one-time pins, which have long been exploited by fraudsters through SIM swaps and phishing. At Capital One, the answer is what the company calls risk sloping, an approach that gauges the risk of a transaction up front and applies authentication proportionally. “As we introduce more authentication tools and we give customers more choice, we actually tend to see that they’re more successful in completing the authentication,” Kaye-Kauderer said. AirKey sits alongside SMS, government identity verification, mobile app verification and more, she said. The idea is not to crown a single winner but to maintain a diverse arsenal that can be deployed as threats evolve.