In this short paper, a framework for building attacker personas based on a 10-step process model borrowed from user-centred design is proposed and applied to digital banking. In line with conventional personas, attacker personas are archetypical attackers to a system and ideally characterise the full threat landscape to a system. Benefits of attacker personas are currently seen in the context of generic security awareness programmes, usage by security experts alongside other threat modelling techniques and to ‘make threats real’ for non-experts in an organisation. However, attacker personas are by no means a mature method in information security—the largest drawback is currently a lack of their integration into threat modelling and the wider security management environment. The research report presented here covers the chosen methodology including data sources as well as the seven attacker personas proposed for digital banking systems. This work is primarily viewed as a basis for discussion to help foster methodological advancement for building better attacker personas in the future. Current limitations as well as potential future research directions are therefore given in the last part of this paper to promote discussion and collaboration with others in academia and industry.