Find Out How Banks Use Threat Intelligence | KELA Cyber

Upcoming Webinar / Breached By Association - Outsmarting Cyber Risk In Your Supply Chain

Read more

In this article

How Banks Use Threat Intelligence

Banks are using threat intelligence (TI) to actively detect, assess, and mitigate risks across fraud prevention, cybersecurity, and compliance. From tracking carding schemes to monitoring geopolitical risks, RFIs reveal how TI supports tactical, operational, and strategic decisions.

a black and red logo with the word ikela
By KELA Cyber Intelligence Center

Published August 29, 2025

How Banks Use Threat Intelligence

Banks leverage threat intelligence (TI) to proactively identify, assess, and mitigate threats that can impact their financial operations, customer trust, and regulatory compliance. The RFIs (Requests for Information) from financial institutions reflect real-world use cases that span technical, operational, and strategic levels of intelligence consumption.

» Looking for an effective solution? KELA provides the comprehensive support you need



1. Tactical Threat Intelligence: Supporting Day-to-Day Defense

Banks utilize tactical TI to improve detection and prevention of specific threats targeting their systems and users. Examples from the RFIs include:

Credit Card Abuse & Carding Detection

  • RFIs requesting information on how credit cards are stolen or monetized, and inquiries into carding activity on encrypted messaging platforms, show a need for TTPs (tactics, techniques, and procedures) tracking for card fraud.
  • This intelligence supports anti-fraud teams in identifying suspicious BINs, flagging fraud patterns, and optimizing rules in transaction monitoring systems.

Phishing & Fake App Awareness

  • Requests related to impersonation of banking apps highlight a focus on brand protection, with intelligence used to identify and remove fraudulent mobile apps and phishing domains.
  • Intelligence about methods used to bypass verification processes (such as 3D Secure) helps financial institutions strengthen authentication and reassess user verification workflows.

» Learn how to prevent phishing attacks before they catch you

Malware Monitoring

  • Requests about malware targeting mobile banking users reflect a need for technical indicators, such as command-and-control domains, malware hashes, and infection chains, to bolster endpoint protection and detect customer compromise.

» Learn more: How to reduce damage from info-stealing malware



2. Operational Threat Intelligence: Securing Payment Systems and Third Parties

Third-Party Payment Platform Risk

  • RFIs assessing risks related to payment processors and gateways point to a broader strategy of evaluating supply chain security and vendor trustworthiness.
  • This intelligence is applied in vendor risk assessments, due diligence processes, and regulatory reporting.

Authentication Bypass Tactics

  • Intelligence on how actors bypass 2FA or exploit flaws in digital onboarding processes informs efforts to enhance KYC/AML protocols, patch verification gaps, and improve fraud modeling.


3. Strategic Threat Intelligence: Informing Policy and Geopolitical Risk

Banks rely on TI to inform strategic risk models that account for nation-state threats, regional instability, and cybercriminal evolution. For instance:

Hacktivist Campaign Monitoring

  • Interest in politically motivated attacks on financial services shows that banks monitor nation-state-linked actors and ideological campaigns to inform incident response readiness and regional crisis planning.

Regional Service Risk Assessments

  • Requests to assess the threat landscape in specific countries or for certain services indicate TI’s role in go-to-market risk evaluation, cross-border compliance, and digital expansion decisions.

» Here are the most targeted entry points by hackers



4. Threat Intelligence as a Service: Supporting Internal Teams

The wide variety of questions in the RFIs shows that many banks integrate external TI providers into their threat investigation lifecycle. This includes:

  • Dark web monitoring for mentions of banking credentials, BINs, or brand misuse

  • Threat actor profiling for identifying groups targeting financial services

  • Strategic advisory for enabling proactive security governance

» Not convinced? Read more about protecting your organization from future cybercrime

Advanced Cyber Threat Intelligence

KELA’s cyber threat intelligence helps banks identify and mitigate financial and operational threats so you can focus on serving your customers securely.




An Embedded, Multi-Layered Role

Threat intelligence in banking has evolved into a critical operational capability, embedded across fraud prevention, cybersecurity, third-party risk, and strategic planning functions.

The specificity and depth of the RFIs demonstrate that financial institutions now rely on TI to guide real-time decision-making, not just situational awareness.

» Ready to get started? Try KELA for free or learn more about our cyber threat intelligence platform