Deborah Guild’s career path seems preordained. Her grandfather was an examiner at the Federal Reserve of New York and taught her the importance of protecting the American financial ecosystem. She learned to code when she was just 15 years old, and at 19, she was hired by the Florida National Guard to install its first PC-based computer system.
Today, as head of enterprise technology and security at Pittsburgh-based PNC, Guild leads a team of 3,900 staffers and 1,000 contractors who are dedicated to stopping fraud and safeguarding data at the $562 billion-asset bank.
Threat actors used to attack financial institutions directly, but since banks have spent hundreds of millions of dollars on security, fraudsters have pivoted to attacking customers, Guild said. One emerging type of attack is “smishing,” which uses text messages crafted to appear as though they are coming from a customer’s bank to extract passwords or other information.
When that happened, the bank would ask consumers to report fake emails or texts to PNC, and Guild’s team would identify and take down the site so it couldn’t trick other consumers. And that worked fairly well, but it was “like a game of whack-a-mole” — as soon as her team took down one site, another would pop up, she said.
Last year, Guild took a different approach to stop smishing. She worked with telecom providers Verizon, AT&T and T-Mobile to block any numbers that weren’t PNC phone numbers. PNC numbers have a digital signature attached to them that serves as a certificate of authenticity. When a call or text comes in from a number that is not digitally signed, the telecom providers block the call.
“By intervening with the carriers, we’re able to disintermediate the threat actors before they get to the customer,” she said. According to Guild, the number of fraud reports went down from “the order of a magnitude of thousands to literally single digits.”
PNC also protects its customers by only sending outbound text messages through short codes. Short codes, which appear to customers as incoming texts from phone numbers just five or six digits long, have to be registered and approved by the mobile phone carriers. “It is very difficult for the adversaries to register a short code because they have to go through the know-your-customer process,” she explained.
Guild aims to have her division operate with “fintech-like agility.” To her, that means striving to get code to production faster and pruning datasets to save customers time and money while providing them with a high-quality customer experience. “Our data is curated and we spend millions of dollars protecting it and making sure it’s used properly and with customer consent,” she said.
Guild, whose first job in the industry was as an entry level programmer at Burnett Bank in the early 1990s, is devoted to mentoring women within and outside of the bank. She is a board member of the National Center for Women & Information Technology, which works to correct underrepresentation by women and minorities in computer science. The center provides programs and resources for K-12 and college-age students to encourage them to consider a career in computer science.
At PNC, Guild said that she’s worked to create an inclusive culture in her division. Women comprise half of her leadership team, and she’s very deliberate about how she’s bringing them along. She’s just as deliberate about building a pipeline of talent. Last year, the bank removed the requirement for a four-year degree for every entry-level role in her division. “That’s really been hugely beneficial to creating that pipeline and keeping people developing along the lines in their career,” she said. “What I realized later in life is that it’s easier for me to extend my reach and do so much more if I have highly curated talent at my table.”
One of the highlights of her career thus far came last August when Guild was appointed as the chair of the
FSSCC hosts three joint meetings a year and participants discuss such topics as how the financial services sector should address terrorism, cybersecurity, AI and other potential threats.
The chair position is a three-year term, and Guild said that she feels honored to serve. “I’m humbled by it, honestly. And I’m learning a ton,” she said.