There is another point of view that while technology plays a crucial role, human awareness remains the weakest link. They feel that we have not yet scratched the surface when it comes to customer education

As India’s financial ecosystem becomes increasingly digital, industry leaders and cybersecurity experts are warning that the threat landscape is evolving faster than ever before — demanding a shift toward “zero-trust” architecture, AI-aware systems, and greater regulatory oversight. Speaking at a recent panel discussion on cyber security and financial infrastructure, experts from leading organizations and financial institutions emphasized that the traditional “perimeter-based” model of security is no longer sufficient.

 A senior executive at a reputed MNC group said that cyber threats are evolving at such a rapid scale that one needs to upgrade to the next level of zero-trust capabilities. He said that every data exchange — whether internal or external — happens in a zero-trust environment and all data, whether static or in motion, is encrypted. He recounted a recent case where a deepfake-led video call caused a financial loss of $25 million, underscoring how artificial intelligence is being weaponized by cybercriminals.

Zero-trust becomes a regulatory imperative

The Reserve Bank of India’s latest Financial Stability Report has also flagged the need for “AI-aware and zero-trust” systems, citing the explosion of users and transactions on platforms like UPI, which now boasts over 450 million unique transacting users. A representative from another tech company specialized in identity verification mentioned that regulators are now insisting on operational transparency and AI-readiness in systems — two goals that are often at odds with each other. 

He explained that zero-trust, a concept initially popularized by NIST (National Institute of Standards and Technology) in the United States, has become a foundational mindset rather than a single technology and that it spanned from  how systems are built, how data is shared, and even how employees and third parties access information.

Expanding on the fundamentals, another expert said that traditional cybersecurity relied heavily on perimeter-based defenses—trusting users within an organization’s network. Zero trust eliminates this assumption. He made it clear that under zero trust, everyone—employees, vendors, or partners—must undergo the same level of verification as this minimizes the damage from phishing or malware attacks by restricting lateral movement within systems.

Beyond KYC: Tackling tampered documents and AI-driven fraud

At the same time, there was another section of security experts who are of the opinion that  Know Your Customer (KYC) verification, though critical, is no longer enough in the face of increasingly sophisticated document forgery and impersonation tools. They recall a recent incident where a fully AI-generated passport managed to pass through a visa verification process highlighting the growing challenge of tampered documents and deepfakes in identity verification. They added that enterprises must rethink how customer data is stored, shared, and deleted — especially under India’s Digital Personal Data Protection (DPDP) Act.

AI and human awareness: The dual challenge

There is another point of view that while technology plays a crucial role, human awareness remains the weakest link. They feel that we have not yet scratched the surface when it comes to customer education. They say that while on one side many users are not fully aware of how to spot phishing links while on the other hand AI threats are far more complex. They say that hat outreach efforts must target vulnerable groups such as the elderly and semi-literate populations. They emphasize that awareness campaigns need to go beyond emails—through WhatsApp, videos, and local languages—to reach those most at risk

Addressing the vulnerabilities

Experts also pointed out major organizational blind spots(areas susceptible  to attacks)—from employee practices and un corrected open “shadow” systems to vulnerabilities in third-party partnerships. They cautioned that even if a company builds a fortress, it can fall through a weak vendor.

As India’s digital economy deepens, zero trust is no longer optional—it’s essential. The path forward will require a balance between regulation, innovation, and education, ensuring that security evolves as fast as the technology it seeks to protect.