There is a familiar statistic that gets mentioned often at fintech events, but it felt different when we were preparing for our conversation with Tony Ball, President of Payments and Identity and the incoming CEO of Entrust.

Fraud. Nearly seven in ten organisations reported an increase in fraud attempts in the past year.

It is a reminder that the security models the industry used to rely on, now no longer reflect how people live and work. Especially when the bank is no longer big-old physical branches but rather, sits there in your pocket.

These days, your office may be a café, a train cabin or your living room, and your colleague might be a spreadsheet or an AI agent.

In that kind of workplace, where everything has become location-agnostic, the people attempting to breach your systems are just as unbounded, operating from anywhere in the world with access to the same technologies meant to stop them.

When both work and risk move this freely, Tony captured the challenge in a single line that stayed with me.

Entrust, he said, is focused on “securing a world in motion.”

Identity Is No Longer a Moment But a Continuous Journey

Entrust has been known for decades as a company that issues IDs and payment cards and builds the cryptographic hardware and software behind banks and governments.

The company’s role has expanded significantly in recent years, and Tony explained that Entrust has moved away from thinking only about the moment of onboarding – issuing an ID or credit card – and now looks at the entire identity journey. From the day a customer first signs up to every interaction afterwards.

And this journey is not limited to consumers as more often than not, it extends to employees, citizens and a rising wave of digital identities created by automated systems and AI agents.

Tony put it simply:

“It is not just human identity. There are also elements of non-human identity, and AI, is changing the game dramatically.”

Entrust has invested heavily in AI to speed up verification at the point of onboarding. Tony shared that the company can now verify customers in under ten seconds in the majority of cases.

That speed matters to consumers, but Tony also emphasised that the real value lies in what happens after the account is created. Fraud attacks rarely happen on day one.

It arrives when a user’s guard is down.

“Anytime a bank sees a high-value transaction or a high-security event,
like a password request, has to be treated as a potential fraud event,” he told me.
“You need to meet the customer where they are in that journey.”

That idea guides everything that comes next.

Which is why the industry keeps returning to the same concept. Zero Trust.

Zero Trust Sounds Simple. Implementing It Is Not

Zero Trust has become a common phrase among security leaders. The concept is pretty straightforward. Do not trust by default and verify every interaction.

The challenge however comes when organisations try to apply that concept across decades-old systems. Outdated if we may.

Many banks and financial institutions carry the weight of legacy infrastructure, and rebuilding everything from scratch is very unrealistic.

Tony acknowledged this tension openly. He said that the framework of zero trust is very important. Institutions must make sure that every point of interaction is as secure as they can be.

However, at the same time, he still understands that there are some practical barriers, that we must face. Entrust tries to make sure that they meet customers where they are, and not where textbooks say they should be.

The company focuses on layering modern security tools on top of existing systems rather than forcing organisations into costly and disruptive re-architecture projects.

“We help organisations add security to what they already have,” he said.

The move involves combining on-premise components with cloud-based systems that work together as a single environment.

Such a layered approach now allows institutions to match friction with risk they encounter. On the one hand, critical systems receive stronger checks. Low-risk interactions on the other hand, remain smooth.

The result is a more workable, seamless version of Zero Trust that reflects how real organisations should operate.

AI Is Transforming Fraud, And Luckily, Defence

Even the best Zero Trust strategy faces a tougher reality. Fraudsters now use AI too, and they are innovating rapidly. If one idea doesn’t work, they can try another, over and over, and at scale.

Tony’s view of the situation is nevertheless, straightforward.

“It is an arms race,” he said. “The responsibility we take is to use AI for good.”

According to Tony, both types of data matter because they teach models how fraud evolves and how legitimate users behave over time.

This experience is what gives Entrust a different form of perspective. Many organisations these days treat verification as a one-time event, but Tony believes that long-term protection depends on what he calls the “day-two experience.”

Once someone is in the system, the institution must remain confident that the person making each transaction is still the same individual who originally signed up.

“We use biometrics trained with AI to understand, in motion, that it is you,” he explained.

Institutions can now choose whether biometric templates are stored on a device or within the institution’s infrastructure. They can even request updated templates periodically. This creates a dynamic and adaptive identity, not a static snapshot.

The more these models are trained and automated, Tony said, the harder it becomes for fraudsters to take advantage of the same technologies.

Quantum Computing Will Redefine Encryption

Although AI dominates most conversations today, Tony believes quantum computing poses a much larger long-term, next-gen threat.

He emphasised that quantum capabilities will eventually break many of the encryption systems used today, and the change will be sudden.

“Quantum is coming, and everything you know about encryption will change forever,” he warned.

Despite widespread awareness of the threat, far fewer organisations have started preparing. He warned that institutions that delay may find themselves forced to redesign their systems under enormous pressure.

“If you are not ready, you will have to re-architect everything in front of your customers,” he said.

Entrust now is already working on quantum-safe cryptography, but the industry still has a long way to go.

Different Markets Want Different Levels of Friction

Security may be global, but tolerance for friction is very much local. That contrast becomes clearer when you look at how different regions approach digital identity.

You see, people want a fully secure service that is also fully seamless. Seems easy, but these objectives do not always align, and Tony pointed out that cultural expectations play a major role in how institutions balance them.

In North America for instance, institutions often prioritise user experience and smooth onboarding. As a result, they accept a moderate amount of fraud risk and address issues on the back end. Europe, takes the opposite approach.

Because of European Union regulatory requirements, many consumers there expect strong verification at the beginning. They are willing to tolerate friction if it protects them.

“There are always trade-offs,” Tony said, “and they vary by region.”

Rather than choose one philosophy, Entrust focuses on giving institutions the tools to decide how much friction they want in each part of the journey.

The Strength of a Full-Stack Approach

One thing that stands out about Entrust is how many layers of the security ecosystem it touches.

The company issues physical payment cards. It supplies the hardware that stores cryptographic keys in banking, government, and enterprise systems. It builds the AI-based tools that verify faces and identities on digital channels. Most competitors specialise in only one of these areas.

Tony believes this breadth is becoming an advantage. Fragmented security environments create gaps because vendors do not always integrate well with one another.

“The more vendors you invite into your environment, the more points of entry you provide for attackers,” he said.

Entrust tries to simplify this through a platform approach that ties together identity, card issuance, data encryption and hardware security.

The fewer moving parts an organisation has to reconcile, the stronger the trust foundation becomes.

A good example is Entrust’s work with AUTENTIKA in Indonesia, where the company’s HSMs form the cryptographic base of a major national identity platform.

Tony described the heart of the solution clearly.

“It is anchored in providing trust and encrypted data.”

The country relies on a multi-tenant architecture to deliver citizen services, and encrypted data is part of the foundation of confidence. Institutions know where data lives, who accesses it and how it is protected.

In an age filled with deepfakes and synthetic identities, this type of hardware-based integrity becomes even more essential.

Self-Sovereign Identity Sounds Ideal but Remains Difficult

Toward the end of our discussion, we turned to the idea of self-sovereign identity.

The idea is appealing. One day, people may store their identity in a personal digital wallet and reveal only selective information when needed. Tony likes the vision but views it with caution.

“We would all like the utopian idea of an identity we control,” he said. “But the world is not so simple.”

Different governments follow different approaches, so standards vary widely. Interoperability remains the biggest obstacle. Even if a person is fully verified in one country’s digital identity system, that identity might not be recognised elsewhere.

Entrust expects to play a role across several parts of this future. The company helps organisations create digital identities. It provides the technology needed to manage these identities across long periods of time.

It also builds tools that allow identities to be stored securely, whether in national identity wallets, private enterprise wallets or commercial platforms such as Google Wallet.

These three capabilities form a complete pipeline that supports identity throughout its life, although the world may need years before self-sovereign models become practical at a global level.

A Future Where Trust Must Keep Moving

By the time our conversation ended, one idea kept resurfacing. Identity has become a moving target. People work everywhere. Devices shift constantly. AI and automation reshape how fraud appears. Nothing stays still.

Security can no longer rely on fixed perimeters or one-time checks. It must follow the user throughout every moment of their journey.

Tony Ball summed it up with a simple message. If everything is in motion, trust must remain in motion as well. And for Entrust, that motion is no challenge to fear.

Featured image: Edited by Fintech News Singapore based on images by noob via Freepik and Anthony Ball via LinkedIn.