How does Equals Money prevent employees from creating security risks when using AI tools?

Equals Money treats AI tool procurement like traditional software purchases, conducting security reviews of training data practices and privacy policies. The company uses Okta's Identity Security Posture Management to monitor non-human identities in real-time, detecting when employees grant excessive permissions to AI tools and enabling immediate intervention rather than discovering issues during annual audits.

Why doesn't Equals Money just add more security at the login stage to prevent account takeovers?

Adding excessive friction at login catches many legitimate customers who may be traveling, using new devices, or have forgotten passwords. Instead, Equals Money captures identity and device signals at login using Auth0, then feeds this data into risk platforms that make intelligent security decisions at critical moments like payment initiation, where the context of the entire customer journey can inform whether additional verification is needed.

Okta: Balancing AI Innovation with Security in Payments

Name: Okta: Balancing AI Innovation with Security in Payments
Uploaded: 2026-04-25T19:13:01-04:00
Duration: 11 min 55 s
Description: TL;DR AI tools are designed to encourage data sharing, making it critical for financial services companies to implement rigorous approval processes and employee education frameworks before allowing AI integration with sensitive systems. Equals Money us...

Okta

04/25/2026

0 (0%)

Report Like Favorite

TL;DR

AI tools are designed to encourage data sharing, making it critical for financial services companies to implement rigorous approval processes and employee education frameworks before allowing AI integration with sensitive systems.
Equals Money uses Auth0 to capture identity and device signals at login, then feeds this data into risk platforms to enable intelligent security decisions throughout the customer journey rather than relying solely on front-door authentication.
The rise of agentic AI in payments creates significant security risks as consumers may share credentials with unvetted DIY agents, highlighting the urgent need for industry standardization and regulatory frameworks.
Account takeover attempts have evolved from simple phishing to sophisticated, orchestrated campaigns that use fake websites and paid advertising, requiring professional security approaches that detect patterns across multiple customers.
Okta's Identity Security Posture Management helps Equals Money monitor non-human identities and AI tool integrations in real-time, preventing employees from inadvertently granting excessive permissions to AI agents in production environments.

AI Adoption Challenges in Financial Services

James Simcox, COO and CPO at Equals Money, discusses the dual pressures facing financial services companies as they navigate AI adoption. While teams are eager to leverage AI tools for efficiency gains, the ease of integration creates significant security risks. AI platforms are designed to encourage data sharing, making it simple to connect Slack, email, and other systems with a single click. Equals Money addresses this by treating AI tool procurement like traditional software purchases, conducting thorough security reviews that examine training data practices and privacy policies. The company has established clear frameworks that define acceptable AI use cases while educating employees on data handling boundaries. This approach recognizes that security ownership extends across the entire organization, with AI representing an extension of existing security responsibilities rather than a separate domain.

Identity-Driven Security Across the Customer Journey

Rather than concentrating security measures solely at the login stage, Equals Money implements a distributed security model that monitors risk throughout the entire customer journey. The company uses Auth0 to capture device information, location data, and authentication patterns at login, then feeds these signals into downstream risk platforms. This approach allows the security team to build a comprehensive risk profile that informs decisions at critical moments, such as when customers initiate payments. By correlating login behavior with transaction patterns, the system can identify anomalies that might indicate account takeover attempts without adding friction for legitimate users. The strategy acknowledges that customers have varying technical capabilities and preferences, supporting traditional authentication methods for vulnerable populations while encouraging more secure options like passkeys for corporate clients. This balanced approach protects customers without creating barriers that could exclude those less comfortable with newer security technologies.

Agentic AI and the Future of Payment Security

The emergence of agentic AI presents both opportunities and significant security challenges for the payments industry. Simcox notes that the first agentic AI payment occurred recently at a conference, signaling the beginning of a major shift in how customers will interact with financial services. However, the industry faces a critical standardization problem, with multiple competing protocols like X402 and agentic commerce protocol creating fragmentation. The proliferation of DIY agent builders enables consumers to create custom agents for tasks like booking and paying for holidays, but these tools often lack proper security frameworks. This creates scenarios where users might unknowingly share login credentials with unvetted third-party agents, similar to the screen scraping practices that preceded open banking regulations. Without clear regulatory frameworks and industry standards, consumers seeking convenience may inadvertently expose themselves to sophisticated account takeover schemes. The payments industry must rapidly establish security standards and consumer protections before widespread agentic AI adoption creates systemic vulnerabilities.

Chapters

0:00 - Introduction
1:03 - AI Adoption Pressures
2:14 - Invisible Security Strategy
4:14 - Account Takeover Threats
6:33 - Agentic AI Transformation
9:48 - Employee AI Security
11:38 - Closing

Key Quotes

1:32 "AI tools are designed sometimes to make you want to overshare with them. It's so easy just to click a button and link up your Slack or link up your email."
3:25 "We get from Auth0 that we then feed into other systems. So a customer signs in, great, it's a new device, it's a new location, but they use their usual 2FA method, so it's probably fine, right? And we'll let them in the platform there, but we feed all that information about the device, where it came from, everything else into our risk platforms."
5:55 "Actually AI's not helping us, right? Because with AI agents, you can actually behave like a human in that login journey. And so what used to be really obvious, because it's a bot, and they're just attacking the thing, and you go, well, you're a bot, come on, go away. Now it actually can look like a real human login journey, because agents behave like humans."
7:14 "There's a whole bunch of standards that everyone's creating right now, right? There's X402, there's agentic commerce protocol, there's others out there. And until we standardize on one of those things, it's going to be very hard for us to build our products to make it work for the customers the right way."
9:39 "You wouldn't just email your bank password to someone, but you'll happily give an AI agent your bank password potentially. And that is a concerning place for us to be."
10:52 "That's why I bought Okta's Identity Security Posture Management tool to help us secure those non-human identities in the platform. And that's how Okta helps us secure AI."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

04/30/2026

10:00 AM

04/30/2026

Insights into SaaS Data Protection from the Keepit Annual Data Report 2026

https://www.truthinit.com/index.php/channel/1868/insights-into-saas-data-protection-from-the-keepit-annual-data-report-2026/
04/30/2026

01:00 PM

04/30/2026

The New Economics of a VMware Exit

https://www.truthinit.com/index.php/channel/1880/the-new-economics-of-vmware-exit/
05/06/2026

02:00 AM

05/06/2026

Detecting Cyber Attacks Before They Evolve Into Breaches with AI Insights

https://www.truthinit.com/index.php/channel/1886/detecting-cyber-attacks-before-they-evolve-into-breaches-with-ai-insights/
05/06/2026

10:00 PM

05/06/2026

World Password Day: Strategies for Managing Your Passwords Effectively.

https://www.truthinit.com/index.php/channel/1913/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

05:00 AM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively.

https://www.truthinit.com/index.php/channel/1914/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

01:00 PM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1915/world-password-day-strategies-for-managing-your-passwords-effectively/
05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implement Effective Strategies for Securing Active Directory and Minimizing Data Exposure

https://www.truthinit.com/index.php/channel/1888/implement-effective-strategies-for-securing-active-directory-and-minimizing-data-exposure/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Spring of Satori: A Deep Dive into 2026's Threat Landscape and Findings

https://www.truthinit.com/index.php/channel/1930/spring-of-satori-a-deep-dive-into-2026s-threat-landscape-and-findings/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Transforming AI from fantasy to purposeful management

https://www.truthinit.com/index.php/channel/1924/transforming-ai-from-fantasy-to-purposeful-management/