Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
In this edition of The AI Exchange, Bank of America’s Vice President of Product Management, Timothy Thomas, offers insight into how his company is using AI, and how this rapidly growing technology is shaping the future of payment security.
How have you most recently incorporated artificial intelligence within your organization?
We run hundreds of AI and machine-learning models across the organization for fraud, risk and customer experience to name a few. While it is difficult to pick out how it has been most recently incorporated, I can say that it has already become ubiquitous across the organization and we see it used in unique and different ways every day.
What is the most significant change you’ve seen in your organization since AI-use has become so much more prevalent?
The primary change that I have seen is the socialization of AI use, with hearing AI come up in conversations on a regular basis. AI is not thought of as some esoteric thing that only the most technical people use, but something that can come in handy in our daily activities. This is stimulating new, interesting ideas to help us all work smarter, more efficiently, and get more done.
How do you see AI evolving or impacting payment security in the future?
It will most certainly help the bad guys figure out new ways to steal payment information or avoid getting caught once a merchant is compromised. Fraud will become harder to detect. I expect fraud tools and cyber security tools to shift from reactive to predictive and adaptive. In some ways, it’s what we have always experienced in the “arms race” of security. But I believe it will evolve at a much faster pace.
What potential risks should organizations consider as AI becomes more integrated into payment security?
I think an obvious risk is over-reliance on automated AI systems with little oversight. Another risk is reliance on AI models, which can be biased as they use historical data or can decay as patterns evolve quickly. There will also be regulatory scrutiny over decisions made by AI if the logic cannot be easily described/explained.
What advice would you provide for an organization just starting their journey into using AI?
First of all, start using AI as soon as possible, or you will be left behind. But you need a solid strategy that you follow closely, and it needs to be strictly governed and controlled. I would say to start small to prove the value, allow broad use within the organization to allow for new ideas and use cases that come from all parts of the organization. I would suggest prioritizing training and governance.
What AI trend (not limited to payments) are you most excited about?
The use of AI to augment what humans can do, how fast, and how much they can do is huge. Having AI that is transparent and explainable will also be a significant trend in our industry, making it easier for regulators. Then having AI everywhere, built into all kinds of products and tools will make it more ubiquitous and drive innovation.
