How Truist and Western Alliance deploy AI to fight fraud

BOCA RATON, Florida — As financial institutions face an increase in fraud, scams and cybersecurity threats because of new artificial intelligence technologies, bankers with Truist and Western Alliance Bank detailed how they are using AI and related technologies to counter these threats.

Carl Eberling, who manages the division at Western Alliance Bank that handles class action settlement administration, described his organization's approach, which began about four years ago with a focus on robust log file monitoring using machine learning. He spoke during a panel on Tuesday at Digital Banking 2025, a conference hosted by American Banker.

This process, he said, allows the bank to interpret "indicators of compromise" and understand activity across various channels, including core systems, call centers, web browsers and mobile devices. Expanding beyond a narrow security focus to encompass availability and reliability broadened the view of the "threat surface," enabling a different approach to attacking threats.

READ MORE: Fifth Third cyber exec: Sharing threat intel comes with risk

This involves talking to regulators such as the Federal Reserve, the Office of the Comptroller of the Currency and the Financial Crimes Enforcement Network as well as peer groups to identify threat vectors.

Eberling explained that his bank feeds structured log data into AI models, including LLMs, allowing analysts to ask the models questions to identify patterns that deviate from established patterns or indicators of compromise. He said this is similar to analyzing data patterns for loan underwriting.

Thomas Mazzaferro, chief AI data and analytics officer at Truist Bank, said the bank partners with providers that use AI for threat detection and to scan the environment to take down attacks.

Mazzaferro said his bank uses AI not only for detection but also to scan the entire ecosystem, both on-premise and in the cloud, to map where critical data resides and understand exposure.

READ MORE: Here's what banks must do to secure open banking data

Truist uses machine learning models for scanning in cases where it has "defined inputs, defined logic, and defined outputs," he said. For detecting undefined threats and attack vectors, where patterns may differ from normal, the bank uses solutions based on generative AI, which is more tolerant to unstructured data.

Models that Truist trains internally on the bank's own data are less valuable than models trained by vendors on data from multiple banks, Mazzaferro said. He indicated a preference for partnering with vendors and focusing on integrating these solutions and automating the response to alerts and triggers because combining data provides more threat patterns for the models to recognize.

Addressing model bias

"I have never seen a model that has no bias, ever," Mazzaferro said in response to a question about avoiding training bias into machine learning models.

He said the focus should be on minimizing bias and ensuring models perform as expected. This happens when a bank establishes guardrails and monitors model outputs in near real time to ensure they remain within defined thresholds.

Truist maintains a "champion-challenger" mindset, training a discovery model in parallel with production models so that if a deployed model performs inappropriately, there is an alternative to assess. Mazzaferro noted that while the technology exists, the bigger challenge is overcoming the "human behavioral piece" and resistance to changing how teams think about their work.

Mazzaferro also touched on the challenge of collecting inputs from various touch points across different channels, describing it as a "huge issue" for financial institutions.

Western Alliance Bank deals with bias by using obfuscated production data sets in secure environments for model training, according to Eberling. The bank then runs new indicators derived from intelligence through standard risk, compliance and legal review processes.

Measuring impact

Measuring the effectiveness of these AI efforts is critical for banks, according to Mazzaferro. Every deployment should have a defined return on investment, whether hard or soft dollar, and performance should be monitored against that commitment, according to Mazzaferro.

"People are like, 'Well, what do you mean? This is really important. I want to make sure it's being done,'" Mazzaferro said. "But no, you should be focusing your time and your effort on things that have meaningful ROI, and if you can't define the ROI, you step back and say, 'Is this really the best use of my time?'"

If it's not worth your time, "pivot," Mazzaferro said. "Change."

Eberling added that while preventing threats on the perimeter is important, the most significant impact and "biggest bang for the buck" comes from reducing the "time to shut something down" once a penetration or risk occurs.

Intrusions will happen, Eberling said, and the key is rapid identification and containment to prevent incremental losses. Eberling said that using AI has reduced his bank's incident response time from days to minutes.