Konstantin Yuganov - stock.adobe
Interview: D360 Bank redefines cyber security for Saudi Arabia’s cashless future
Muath Alhomoud, director of cyber security at D360 Bank, discusses payment security, cloud resilience and the responsible use of AI in a hyper-connected financial ecosystem
As Saudi Arabia accelerates toward a cashless, digitally driven economy, cyber security has moved from a technical discipline to a cornerstone of national trust. At the heart of this transformation are digital-first banks such as D360 Bank, where security must evolve at the same pace as innovation.
For Muath Alhomoud, director of cyber security at D360 Bank, the challenge is clear: enable speed, openness and customer-centric design, without compromising resilience.
“Digital banking today operates in an environment of constant exposure,” Alhomoud says. “Payments are instant, ecosystems are interconnected and customer expectations for frictionless experiences are higher than ever. Security can no longer be reactive, it has to be adaptive and embedded by design.”
This shift comes at a time when digital payments globally surpassed US$9.5tn and continue to grow at double-digit rates. In parallel, application programming interfaces (APIs) now account for the majority of global web traffic, fundamentally changing how banks expose services and interact with fintech partners. In Saudi Arabia, these trends are amplified by Vision 2030, which targets 70% cashless transactions by the end of the decade.
Against this backdrop, Alhomoud explains that payment security strategies are undergoing a structural rethink. Traditional perimeter-based defences are no longer sufficient in an API-driven, open banking world. Instead, banks are moving toward intelligence-led security models built on zero-trust principles, continuous risk assessment and strong cryptographic foundations.
“Every transaction, identity and device must be verified continuously,” he says. “Zero trust isn’t just an architecture, it’s a mindset. When combined with risk-based authentication, we can significantly reduce customer friction while improving fraud detection.”
This balance between security and experience has become a defining priority. Studies show that risk-based approaches can cut customer friction dramatically, and Alhomoud sees this as essential to digital adoption. “Security that frustrates customers ultimately erodes trust,” he adds. “The goal is to make protection invisible but effective.”
However, securing payment systems in an increasingly connected world introduces additional complexity. The rapid expansion of APIs, mobile applications, fintech integrations and software supply chains has dramatically increased the attack surface. At the same time, real-time payment rails compress decision-making windows, giving defenders milliseconds rather than minutes to respond.
“Instant payments are transformative, but they are also attractive to attackers,” Alhomoud says. “Fraud attempts concentrate where speed limits human intervention. That’s why behavioural analytics and AI-driven anomaly detection are no longer optional, they’re foundational.”
“Security that frustrates customers ultimately erodes trust. The goal is to make protection invisible but effective”
Muath Alhomoud, D360 Bank
Third-party and supply-chain risks further complicate the landscape. As embedded finance and SaaS adoption grow, banks must maintain visibility far beyond their own infrastructure. According to Alhomoud, this requires rigorous third-party risk management aligned with Saudi regulatory frameworks, combined with end-to-end ecosystem mapping. “You can’t protect what you don’t fully understand,” he says.
Cloud adoption has become a critical enabler in addressing these challenges. Like many modern financial institutions, D360 Bank operates in a hybrid, cloud-centric environment governed by SAMA, NCA, and PDPL requirements. For Alhomoud, the cloud is not a security risk when implemented correctly.
“Cloud-native architectures allow us to build security directly into how systems are designed, deployed and operated,” he says. “From hardened containers and secure landing zones to CI/CD pipelines with automated guardrails, security becomes continuous rather than episodic.”
Operationally, this means real-time telemetry feeding security operations centres, continuous vulnerability scanning, and drift detection that identifies misconfigurations before they become incidents. Governance models also evolve, with shared responsibility frameworks and continuous compliance monitoring replacing periodic audits.
A ‘national responsibility’
Protecting sensitive customer data remains central to this approach. In Saudi Arabia, Alhomoud emphasises, data protection is more than regulatory compliance – it is a national responsibility. Banks must ensure that personal and financial data remains secure across all cloud environments through strong classification, encryption and identity controls.
“Most cloud breaches are caused by misconfiguration, not cloud providers,” he says. “That’s why continuous compliance, strong IAM and encryption across all states are non-negotiable.”
Artificial intelligence (AI) adds another dimension to both opportunity and risk. AI is now deeply embedded in banking operations, from fraud detection to customer engagement. But with its power comes governance challenges that Alhomoud believes must be addressed proactively. “AI must be deployed responsibly,” he adds. “We align AI governance with cyber security, data protection and ethical frameworks to ensure transparency, fairness and resilience.”
This includes classifying AI use cases by risk, applying PDPL-aligned data governance and protecting models against emerging threats such as data poisoning or manipulation. Many leading banks, Alhomoud says, are establishing cross-functional AI governance committees to ensure accountability across the AI lifecycle.
In fraud prevention, AI has already delivered a measurable impact. By building behavioural profiles and detecting anomalies in real time, AI-driven systems can prevent fraud before customers are affected, reducing losses while improving the customer experience. “The real value of AI is prevention, not just detection,” Alhomoud says.
Looking ahead, he sees the next wave of cyber security challenges driven by AI-powered attacks, deepfakes, supply-chain vulnerabilities and rising regulatory expectations for operational resilience. Talent shortages further complicate the picture, placing pressure on institutions to automate intelligently while investing in skills development.
“The future of digital banking security is about resilience,” Alhomoud concludes. “Resilient architectures, resilient operations and resilient teams. If we get that right, we can innovate with confidence and support Saudi Arabia’s ambition to lead globally in secure, inclusive digital finance.”
Read more about cyber security
- CISOs on alert: Strengthening cyber resilience amid geopolitical tensions in the Middle East. As regional uncertainty rises, security leaders across the Gulf focus on resilience, faster incident response and deeper threat intelligence to protect critical systems and data.
- Black Hat MEA: Saudi Vision 2030 fuels surge in cyber security innovation. Global cyber firms are racing to support the Kingdom’s mega-projects, but building trusted partnerships remains key, says Exabeam CEO Pete Harteveld.
Read more on Europe and Middle East information technology (IT)
-
![]()
Saudia Arabia’s STC commits to five-year network upgrade programme with Ericsson
By: Andrea Benito
-
![]()
Qatar launches Qai to accelerate national and regional AI ambitions
By: Andrea Benito
-
![]()
Qualcomm and Humain launch AI engineering centre in Riyadh
By: Andrea Benito
-
![]()
Saudi Arabia partners with Humain and Qualcomm to power next global AI frontier
By: Andrea Benito
