Prove, a leader in digital identity, has partnered with First National Bank of Omaha (FNBO) to modernize customer onboarding. The bank is using Prove Pre-Fill identity verification solution to revolutionize its co-branded card onboarding process. The partnership demonstrates FNBO’s commitment to innovation and customer experience, as well as Prove’s leadership in providing modern onboarding solutions for large financial institutions. The Prove Pre-Fill solution has seen onboarding speed increase by up to 79%, abandonment drop by 35%, and fraud reduction by over 75%. The partnership aims to provide a seamless, VIP-like experience for customers, giving banks a competitive edge. Prove’s unique approach to digital identity verification focuses on verifying device possession, checking for suspicious activity or reputation flags, and confirming device ownership. This method maintains persistent identity authentication even when users switch devices, eliminating the need for re-enrollment.
Buyers prioritize price (62%), battery (54%), storage (39%) and camera (30%) over AI features (11%), suggesting Apple’s slower AI rollout won’t deter iPhone demand
A poll by CNET and YouGov revealed that only 11% of U.S. smartphone owners upgrade for AI features, a significant decrease from 2024. In contrast, price is the top priority at 62%, followed by battery life at 54%, storage at 39%, and camera quality at 30%. Apple has faced criticism for trailing Samsung and Google in the AI race. Samsung plastered Galaxy AI across the Galaxy SWX, Z Fold 7, and Flip 7. Google packed the Pixel 10 with Gemini features. Apple, by contrast, is still working to roll out Apple Intelligence with iOS 18, after delaying key upgrades to Siri. Yet the survey shows most buyers don’t care. When only a tenth of the market is upgrading for AI, there’s little reason to panic about who has the flashiest chatbot. Apple’s reputation has long been built on stability, privacy, and polished integration, not racing to check every feature box. Consumers prefer phones that are more affordable, have longer battery life, and offer greater storage capacity. Interestingly, a thinner design, rumored to be the highlight of the iPhone 17 Air, appeals to only 7% of buyers. Apple’s recent strategy aligns with what consumers value, which are affordability, battery life, and camera quality. The iPhone 16e highlights affordability, while the iPhone 16 Pro Max concentrates on battery and camera improvements, reflecting key survey findings. AI features are seldom used, with only 13% of users summarizing text, 8% generating images, and 7% editing photos. Additionally, around 20% of users admit they don’t know how to use their phone’s AI at all. The industry narrative says Apple is late to AI, but the consumer data says Apple’s timing may be just right. The company’s hardware still dominates sales, and its Services division continues to grow without leaning on AI hype.
Mastercard, NCR Atleos and ITCARD partner to offer contactless cash withdrawal at ATMs that involves verifying a cardholder’s identity using a mobile device without the need for physical wallet, plastic card or PIN
Thanks to Mastercard in collaboration with NCR Atleos and ITCARD, cash can be securely withdrawn – and other services accessed – using your phone—no PIN required. Multiple countries in Europe including Poland, Switzerland, the Czech Republic, and Austria have already deployed contactless ATMs. However, when using their mobile phone, the cardholder is asked to enter their PIN in addition to authenticating themselves via mobile wallet using biometrics. This creates unnecessary friction. The Consumer Device Cardholder Verification Method (CDCVM) streamlines this process, verifying a cardholder’s identity using a mobile device for contactless payments. The consumer authenticates themselves on their phone before tapping the ATM to start their transaction thereby streamlining interactions at the ATM—no physical wallet, plastic card or PIN required. CDCVM aligns the user experience across devices, reducing the need for verification of both CDCVM and online PIN on a single ATM transaction for a truly digital-first experience. Contactless ATM transactions using CDCVM are on average over 20% faster than those requiring PIN, according to initial testing by Mastercard. Johan Gerber, EVP, Head of Security Solutions at Mastercard said “By enabling biometric mobile authentication at ATMs, we are redefining the consumer experience, simplifying it without sacrificing security.
US federal disbursements for disaster relief start to flow via FedNow
US government ‘disaster relief’ payments are starting to flow to individuals and businesses via Federal Reserve-developed instant payments platform FedNow in a move being promoted as a ‘game-changer’. With effect from this month (September), FedNow participants ‘may start receiving a new type of government payment for their account holders — instant disaster relief disbursements’, according to an announcement. The move is described as the ‘latest example of Treasury’s use of the FedNow Service for certain government payments.’ The first financial institution to receive an instant disaster relief payment was CB&S Bank, a full-service community bank. Federal Reserve Financial Services chief payments executive Mark Gould said, “The ability to receive these types of federal agency disbursements instantly via the FedNow Service will be a game-changer for individuals and businesses, especially in disaster or emergency situations where speed really matters to the recipient,.” “It will also be a key differentiator for financial institutions that enable access to these funds through their participation in the FedNow Service,” he added.
Salt Security introduces MCP Protect and Agentic AI Governance controls integrated with CrowdStrike SIEM to secure proliferating agent-driven API interactions
With the rise of agentic AI, API exposure has proliferated. Agents fan out call paths and amplify traffic, effectively turning APIs into the enterprise “plumbing” of operations, according to Michael Callahan, chief marketing officer of Salt Security. This has created the “API fabric” — a complex, constantly moving mesh of connections that enterprises struggle to see, let alone secure. A large part of the API security conversation is on the role of MCP, an open standard championed by Anthropic PBC, and A2A, Google’s protocol for agent-to-agent interactions, according to Nicosia. Both sit atop existing APIs, acting as brokers to manage data retrieval and collaboration between agents. “For us, the visibility of the AIs and the MCPs … the protocols are so paramount because you can’t protect what you don’t know,” Nicosia said. “Having that visibility from either a zombie API or a zombie MCP protocol server, we give you that visibility. At least you’re aware of all of this proliferation that’s going on with the organization. And then how do you govern it? And then how do you protect against it?” Salt’s momentum has been bolstered by its close partnership with CrowdStrike Holdings Inc. The company is a Falcon Fund portfolio company and has integrated its API security solutions with CrowdStrike’s Falcon platform and next-generation security information and event management. Together, they provide customers with unified visibility across APIs and AI-driven workflows, Nicosia added.
Visa announces general availability of VCS Hub; offering an end-to-end embedded payables solution, enabling full invoice and supplier payments, while also supporting flexible ad hoc payments
Visa announced the general availability of the Visa Commercial Solutions (VCS) Hub, a breakthrough platform that redefines the future of commercial payments for issuers and fintechs worldwide. The VCS Hub represents a transformational leap forward, engineered to deliver a smarter, more seamless experience for all users. As expansion continues, the VCS Hub will also incorporate next-generation AI capabilities, ultimately offering issuers the ability to unlock a unified, intelligent platform that turns complexity into simplicity. Following a successful pilot, the VCS Hub is now available broadly, enabling issuers and fintechs to deliver powerful commercial payment and embedded finance experiences, turbocharged by automation and seamless integration. For existing users, the platform offers an end-to-end payables solution, enabling full invoice and supplier payments, while also supporting flexible ad hoc payments to efficiently manage business needs. For embedded payments, seamless integration into accounting solutions is a core capability, making it easier and more secure for organizations to manage payments and focus on other essential business priorities. The VCS Hub will continue to expand and be enhanced with additional commercial payment solutions and capabilities. GenAI will be at the core of that, transforming how business gets done. Key enhancements include: AI-Powered Payables: Automate accounts payable with GenAI-driven workflows that anticipate business needs, optimize cash flow and reduce manual bottlenecks. Embedded Payments: Integrate payment capabilities into business applications—accounting, ERP or custom workflows—using Visa’s open APIs and intelligent orchestration. Reporting and Insights: Harness advanced analytics and GenAI to surface actionable insights, predict trends and empower smarter business decisions in real time. Personalized Experiences: User experiences can be tailored by AI, delivering recommendations, alerts and next steps that drive growth and efficiency.
Google Messages is testing RCS’ new MLS encryption which makes E2E encryption possible across different RCS clients and providers
Google Messages is beginning to test the new Messaging Layer Security (MLS) protocol. Universal Profile 3.0 adds support for MLS, which makes E2E encryption possible across different RCS clients and providers. Google first announced its support for this interoperable protocol in 2023. The GSMA and Apple announced official adoption this March. Google Messages is now beginning to test MLS encryption for RCS. It starts with a new message “Details” (long-press on the chat/text) screen that’s fullscreen compared to the current approach. You get a preview of the message at the top, with Google also showing a “Status” section for “Sent” and Delivered” that explains the new checkmarks. We see Google using the latest single circle design that has yet to become widely available. There’s also a “From” section, while the bottom portion provides more technical details including Type, Priority, Message id and Encryption Protocol. This new design is not widely rolled out in the beta channel. It’s unclear if that’s also the case for MLS as the old UI makes no indication, while Apple has yet to specify when support is coming.
Embedding agentic AI into dispute workflows and fraud controls can help banks unlock RTP’s full potential by adding a predictive, self-learning layer that can autonomously detect, decide, and act
To thrive in a real-time payment’s world, banks must embed AI and cyber resilience into dispute workflows, fraud controls and compliance operations. To unlock the full potential of real-time payments (RTP), financial institutions worldwide are adopting intelligent, AI-led solutions to manage fraud, reduce errors, and enhance operational efficiency. In the US, AI is streamlining dispute resolution, improving accuracy and reducing turnaround times. The UK’s Faster Payments Service (FPS) is setting global standards for secure, real-time operations with integrated compliance controls. Meanwhile, banks in India, Brazil, and across the EU are exploring AI for real-time risk monitoring and dispute handling. The emergence of Agentic AI adds a predictive, self-learning layer that can autonomously detect, decide, and act transforming RTP ecosystems globally. Agentic AI brings autonomous decision-making, enabling systems to detect, act, and learn driving smarter fraud prevention and faster, context-aware dispute resolutions. To unlock RTP’s full potential, banks must center their dispute strategy around AI backed by regulatory alignment, robust assurance mechanisms, and proactive consumer education to ensure secure, compliant, and future-ready operations dispute management in the real-time era.
AmEx’s integration with Navan to enable business users to instantly create unique virtual cards for travel bookings with built-in spending policies while offering automated reconciliation and real-time expense management
Navan announced a new integration with American Express that enables American Express U.S. Business and Corporate Card Members to instantly create unique virtual Cards for travel booked on the Navan Travel platform via Navan Connect. Navan Connect’s “Bring Your Own Card” functionality enables businesses to enjoy the benefits of the travel and expense solution employees love while keeping the benefits of the company’s existing bank and corporate card partner. To support and foster this integration, Navan is participating in the American Express Sync Commercial Partner Program. Combined with the end-to-end Navan T&E solution, the Navan-American Express Sync integration offers: Improved reconciliation. Speed up month-end close with automated reconciliation, all while earning the rewards of your American Express Card. Proactive spending policies. Create unique virtual Cards with built-in spending policies that make managing travel spend simple for finance teams. Real-time expense management. Companies have full visibility into every virtual Card expense the instant it happens with pending and cleared transactions that automatically appear in the Navan Expense dashboard to enable finance leaders to uncover savings opportunities — while keeping budgets and forecasts up-to-date. With Navan there are even more reasons to love your Card. American Express Card Members can earn the rewards of their eligible American Express Card when they use on-demand virtual Cards for travel payments.
A hacker was able to infiltrate a plugin for an Amazon generative AI assistant after obtaining stolen credentials and making unauthorized changes, including secretly instructing it to delete files
Coders who use artificial intelligence to help them write software are facing a growing problem, and Amazon.com Inc. is the latest company to fall victim. A hacker was recently able to infiltrate a plugin for an Amazon generative AI assistant1 after obtaining stolen credentials and making unauthorized changes, including secretly instructing it to delete files from the computers it was used on. The incident points to a gaping hole in the security practices of AI coding tools that has gone largely unnoticed in the race to capitalize on the technology. The hacker effectively showed how easy it could be to manipulate artificial intelligence tools — through a public repository like Github — with the the right prompt. Amazon ended up shipping a tampered version of the plugin to its users, and any company that used it risked having their files deleted. Fortunately for Amazon, the hacker deliberately kept the risk for end users low in order to highlight the vulnerability, and the company said it “quickly mitigated” the problem. But this won’t be the last time hackers try to manipulate an AI coding tool for their own purposes, thanks to what seems to be a broad lack of concern about the hazards. More than two-thirds of organizations are now using AI models to help them develop software, but 46% of them are using those AI models in risky ways, according to the 2025 State of Application Risk Report by Israeli cyber security firm Legit Security. “Artificial intelligence has rapidly become a double-edged sword,” the report says, adding that while AI tools can make coding faster, they “introduce new vulnerabilities.” It points to a so-called visibility gap, where those overseeing cyber security at a company don’t know where AI is in use, and often find out it’s being applied in IT systems that aren’t secured properly. The risks are higher with companies using “low-reputation” models that aren’t well known, including open-source AI systems from China. Dive into the shadow world of hackers and cyber-espionage. The flaw was discovered by the Swedish startup’s competitor, Replit; Lovable responded on Twitter by saying, “We’re not yet where we want to be in terms of security.” One temporary fix is — believe it or not — for coders to simply tell AI models to prioritize security in the code they generate. Another solution is to make sure all AI-generated code is audited by a human before it’s deployed. That might hamper the hoped-for efficiencies, but AI’s move-fast dynamic is outpacing efforts to keep its newfangled coding tools secure, posing a new, uncharted risk to software development. The vibe coding revolution has promised a future where anyone can build software, but it comes with a host of potential security problems too.