In This Article:
In 2011, a criminal gang swiped millions of dollars from ATMs around the world. They did it by hacking the network of a Middle Eastern bank, and then giving illicit debit cards to accomplices who started draining cash from the machines. The heist is an example of a lucrative, decades-long trend of criminals using compromised credit and debit cards to steal from banks and merchants—but it is the sort of caper that is much harder to pull off today.
According to Craig Vosburg, chief product officer at Mastercard, the company’s Safety Net tool routinely detects and shuts down card scams before crooks can cash in. For example, in 2023, Vosburg says Safety Net detected more than 2,300 suspicious transactions per hour over the course of three days and blocked $14.7 million worth of fraud.
Mastercard is able to pull this off by drawing on insights from over 150 billion annual transactions. Using this data, it can target unusual activity in less than a second and send out warnings—warnings that give banks and merchants an opportunity to introduce additional steps to slow suspicious transactions or block them outright.
The insights Mastercard gleans from all of its data—a process that has been supercharged by AI—help stop individual incidents of fraud, but also provide the company with a holistic view of the cyber-threat landscape, helping its collective customer base prevent attacks from occurring in the first place. The upshot is that the proportion of fraudulent card-based transactions on Mastercard’s network has dipped significantly.
This has, in turn, become a significant business opportunity for Mastercard, letting it sell additional cyber solutions to clients as well as outside companies that don’t use its payment network. Vosburg says these offerings, as well as other services such as marketing and consulting, are the fastest growing segment of Mastercard’s business.
The growing prowess of Mastercard and others at curtailing card-based fraud is good news for merchants and consumers. Unfortunately, this has been offset by another trend: a rapid increase in so-called social engineering fraud, where crooks pose as someone the victim knows and trusts in order to get access to their finances. And while AI has helped companies like Mastercard improve their network security, the technology is also making social engineering scams more convincing thanks to tools like deepfakes.
“It feels like criminals are shifting from card fraud to account-to-account,” says Johan Gerber, head of security solutions at Mastercard.
As examples, Gerber cites the rapid growth in romance scams and investment scams, where the victim believes the person conning them is someone they trust or even love. This dynamic, he says, can make it hard to warn people when a firm like Mastercard suspects a scam; in some cases, the victim will even refuse to acknowledge clear evidence of fraudulent behavior. “Social engineering fraud is so hard to stop because of the emotional element,” says Gerber.