Mastercard’s End-to-End View of Fraud and Cyber Security

As we live more online, our digital footprint ends up in more places. Despite the increased convenience the digital world gives us, it also comes with far greater risk if not properly managed, as criminals exploit technologies for their own nefarious gain. Ransomware, scams and other kinds of financial crime have increased in prevalence, with cybercrime expected to cost $10.5 trillion annually by 2025, up from $3 trillion in 2015, according to Cybersecurity Ventures. Threat actors and cybercriminals are taking advantage of new and emerging technologies, like Generative AI (Artificial Intelligence), to enhance their sophistication of social engineering campaigns at scale and for far less cost, making the fraud problem even more challenging.

Current global policy trends may be complicating the issue. For example, while many data localization requirements may be intended to support law enforcement and ensure data protection and privacy of citizens, in practice they reduce resilience, expand the attack surface, and restrict the shared ability to defend against transnational cybercriminals by building global models to detect and respond to fraud threats. Cybercriminals take what they have learned in one part of the world and use it to attack another, making defenses that draw only on domestic insights less effective. This is particularly important given that the transnational nature of cybercrime and fraud complicates law enforcement efforts, and recovering ill-gotten gains across borders is complicated by differing legal frameworks and priorities.

Fraud erodes trust in the financial system and imposes serious costs for consumers and society at large. Consumers are particularly vulnerable. Fraudsters prey on the weakest links in the chain including seniors, small businesses, and those who are less technologically savvy. At Mastercard, we are working every day to fight fraudsters who are trying to swindle merchants, consumers, and financial institutions with a wide range of techniques across each stage of the payments’ lifecycle:

These are not problems for any one institution or government to solve on their own but rather require international cooperation and coordination through public-private partnerships. Ensuring greater security for consumers in the digital world requires global intelligence of the threat landscape, partnerships, and a holistic approach to cyber defenses. It also entails ongoing investment in innovation and new technologies and a commitment to building global cyber capacity to protect critical infrastructure and trust in the global digital economy.

We will share a handful of approaches from our card business and real time payments operations that have worked in our network, in hopes they can provide a resource for others. We are committed to delivering best-in-class capabilities that meet the gold standard for security and privacy in the payment ecosystem, providing cybersecurity protections to foster safe and secure businesses in our digitally connected world. While we are best known for our card business, and have decades of experience securing card transactions, we have extensive experience applying those learnings to the protection of real time payments, and more recently to blockchain-based payments. At our core, we provide a service to the payments ecosystem that enables the protection of account holders, merchants, and financial institutions. In doing so, security is ensured across the lifecycle of a transaction through an array of techniques:

It all starts at the onboarding of a new participant in the payment ecosystem, such as a merchant. Several cybersecurity steps are taken to ensure the safety and integrity of the payment network, namely pre-screening through electronic Know Your Customer (e-KYC) processes and identity verification/authentication of the business and its owners. Merchants must comply with card network security requirements, including the Payment Card Industry Data Security Standard (PCI DSS) that ensure merchants’ systems are secure and capable of protecting cardholder data.

To ensure the security and integrity of transactions, sophisticated methods to verify the identity of the customer are combined with AI-powered tools for fraud detection and analysis of transaction patterns. Whether a customer is visiting a website to start a new relationship, open an account, enroll in a promotion, or make a purchase, identity plays an essential role in establishing trust. At account opening, our services prevent automated attacks using behavioral biometrics and bot detection. For example, before an ecommerce card payment is authorized, we can provide the merchant, acquiring bank, and payment processor with a real-time risk analysis of the likelihood that the transaction is being made by a scammer using stolen payment credentials. Doing so helps reduce friction for low-risk payments and indicates whether further authentication is needed. Passkeys (a digital credential that allows users to sign in to an account without using a password) are increasingly working in conjunction with payment tokens to ensure a seamless checkout experience, while Generative AI technology scans one trillion data points to predict whether a transaction is likely to be genuine or not.

Until recently, the need to navigate limitations on privacy, confidentiality, and data localization has placed frustrating limits on a financial institution’s ability to build collaborative defenses. But all that is starting to change thanks to a new family of technologies called privacy enhancing technologies (PETs). Using PETs, we have been able to demonstrate that it is possible to build a system where banks can share sensitive data about the riskiness of a given account without (1) letting the enquiring institution see any of the responding institutions underlying data, (2) without letting the responding institution see who is enquiring or which account is being queried, and (3) without any of the responding institution’s underlying data being transferred across borders or outside of the institution. Successfully unlocking the capacity for PETs to support the safety and security of the financial system will depend on work by a range of stakeholders across the public and private sector.

The fight against fraudsters and cyber criminals never ends as they constantly innovate; keeping up requires focus, investment, and upskilling. We have long been at the forefront of these issues, dedicating significant resources to ensuring the security of our network against an array of threats. At end-2024, we finalized the acquisition of Recorded Future, the world’s largest threat intelligence company providing real-time visibility into potential threats. In addition, we are dedicating efforts to community upskilling initiatives on cyber, applied digital skills, and basic digital literacy to mitigate fraud and cyber risks from materializing.

Mastercard is committed to advancing the security and integrity of the global digital ecosystem. Our goal is to drive the security of the shared digital economy — for everyone connected to our network and beyond. Our mission is clear: every day, everywhere, we use our technology and expertise to make payments and digital interactions safe, simple, and smart. As the world lives more online, our priority is to ensure consumers, banks, and merchants on our network are safe, encouraging all innovators to build in safety and security from the start, so we can better address the challenge of potential risks.

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Download your sample issue here!

No part of Central Bank Payments News may be reproduced, copied, republished, or distributed in any form or by any means, in whole or in part, without the express and prior written permission of the publisher, Currency Research Malta, Ltd.