Mastercard has unveiled a new approach to identify compromised payment cards, leveraging a combination of generative artificial intelligence and graph technology. The company reports that this method has doubled its detection rate for compromised cards before they can be used fraudulently.
The new technique could have far-reaching implications for the broader commerce landscape. Online and brick-and-mortar retailers benefit from reduced fraud losses and increased transaction security. The enhanced detection capabilities could lead to fewer declined transactions due to suspected fraud, potentially boosting sales and improving customer experience. For eCommerce platforms, where card-not-present fraud is a persistent challenge, Mastercard's innovation could provide a much-needed layer of protection.
"The new technology works by scanning transaction data across billions of cards and millions of merchants at faster rates than previously imaginable," Rohit Chauhan, EVP of AI-Fraud Solutions at Mastercard, told PYMNTS. In doing so, it alerts Mastercard to new, complex fraud patterns, he explained: "Using Generative AI techniques built by Mastercard, we are able to extrapolate the full card credentials from those partially visible and being sold online. Meaning we can double the rate at which we are able to spot the compromised cards and alert banks, and then protect cardholders and prevent fraud before it takes place."
Visa's James Mirfin and Jotform's Johannes Wiklund previously told Karen Webster that small businesses are prime targets for fraudsters. PYMNTS recently reported that Mastercard's First Party Trust Program, which uses AI and enhanced transaction insights to combat friendly fraud, will roll out later this year.
According to Juniper Research, online fraud remains a significant issue in the financial sector, with global losses from payment fraud estimated to reach $40.62 billion in 2027. Fraudsters employ various techniques to steal payment card numbers, including spyware, malware, and card skimming. These stolen credentials are then resold on illegal websites, often with partially revealed card numbers, to attract potential buyers while avoiding complete identification.
Mastercard's new system uses generative AI, which learns to create new content based on large datasets, in conjunction with graph technology, which can identify relationships and patterns among data points. This combination allows the company to uncover compromised cards before they are used for fraudulent transactions, potentially saving millions of dollars in fraud losses for banks and consumers.
The algorithm analyzes recently reported fraud transactions, known or suspected compromised merchants, and other signals, such as testing pre-authorized transactions. It scans for recent activity that could be fraudulent, working with partners and third parties to obtain necessary data rather than directly scanning illegal websites. This approach helps Mastercard maintain ethical standards while still effectively combating fraud.
Using AI, Mastercard claims that it can now predict the full 16-digit card numbers of compromised cards and assess the likelihood of their use by criminals. This information enables banks to block suspect cards more rapidly than previously possible, potentially preventing millions of dollars in fraudulent transactions.
The system creates a network of cards and merchants, generating links based on associated risk. These links are dynamically updated with each iteration of new data. The result is a list of potentially at-risk cards on illegal websites and the probability of their use in criminal activities. This dynamic approach allows Mastercard to adapt quickly to new fraud patterns and tactics.
Mastercard's graph technology supposedly allows for more efficient activity tracking across its network, which processes billions of transactions annually. In one example, a single card can be mapped to 200 others, with risky links to a merchant where 30 compromised cards were used. This approach enables faster and more accurate alerts to banks, allowing for prompt blocking and re-issuance of cards, minimizing the window of opportunity for fraudsters.
The company has integrated this technology into its Cyber Secure product, which helps issuers and merchants assess cyber risk across their systems and prevent potential breaches. Attempted transactions on compromised cards can be continuously monitored to mitigate fraud and enhance cybersecurity.
This development represents an advancement in Mastercard's ongoing efforts to combat payment card fraud. The company has been utilizing AI in its cybersecurity solutions for years, but this new approach marks a step forward in addressing the challenges of partial card information on illegal websites.
The main hurdle in identifying compromised cards has been the limited information available. Fraudsters typically reveal only a portion of the 16-digit card credential on illegal websites, such as the last four digits. This partial information can be associated with multiple cards, making the problem complex. Mastercard's new system overcomes this challenge using advanced pattern recognition and prediction capabilities.
Mastercard's data scientists observed that these potentially leaked cards on illegal websites are used in a higher proportion of so-called BIN attacks and fraud cases. BIN attacks involve fraudsters using automated software to guess and test various combinations of credit card numbers, starting with the bank identification number. These attacks can be particularly damaging as they target multiple cards simultaneously.
The patterns of these attacks continually shift as attackers' methodologies evolve rapidly. This realization led Mastercard to consider using graph database technology, which focuses on the relationships between data points and can track all potentially risky or leaked cards in the network to improve its prediction algorithm. The adaptability of this approach is crucial in the ever-changing landscape of financial fraud.
According to Chauhan, fraudsters have been employing various methods, from simple scams to sophisticated identity theft. "There are many different types of fraud and these are evolving all the time," he noted.
Large-scale attacks using artificially generated card numbers and account takeover schemes were of particular concern. Chauhan said criminals often attempted to profit from stolen credentials by selling them on illegal websites, typically displaying only partial card numbers to avoid detection.
In response to these challenges, Chauhan said, Mastercard has developed new technology capable of predicting full card details of compromised accounts. "We are now able to predict the full card detail of these compromised cards on our network, enabling banks to block them far faster than previously," he said.
Chauhan also touted Mastercard's Decision Intelligence solution, which he described as "a real-time decisioning solution that helps banks score and safely approve 143 billion transactions a year." This system has been enhanced with generative AI technology to improve fraud detection capabilities.
"This is enabling Mastercard to transform the speed and accuracy of our anti-fraud solutions, deflecting the efforts of criminals, protecting banks and their customers," Chauhan said.
While acknowledging the benefits of smarter payment methods, increased transparency and personalized experiences, Chauhan highlighted the emerging risks to various stakeholders.
"For years, these challenges have come in the form of cyberattacks and hacks," Chauhan said, noting that criminals have long exploited weaknesses in cybersecurity defenses. However, he warned that the landscape has shifted dramatically with the advent of sophisticated AI technologies.
According to Chauhan, fraudsters now leverage AI to create convincing impersonations of customers and executives, taking their criminal activities "to a whole new level." He estimated that this criminal enterprise has ballooned into a nearly $10 trillion economy with far-reaching consequences.
"This damages reputations, diminishes revenue, and erodes trust," Chauhan said.
In response to these evolving threats, Mastercard is "investing in the latest cutting-edge technology to turbocharge its arsenal of capabilities to take the fight to the fraudsters and keep our digital world safe," Chauhan said.
The financial services industry continues to grapple with the persistent threat of online fraud. As criminals adapt their tactics, companies like Mastercard turn to advanced technologies to stay ahead. The integration of generative AI and graph technology represents a new frontier in fraud detection and prevention, potentially reshaping the industry's approach to cybersecurity.
This development underscores the growing importance of AI and data analytics in financial security. As these technologies become more sophisticated, they offer the potential for more proactive and effective fraud prevention measures. However, the ongoing cat-and-mouse game between financial institutions and fraudsters suggests that continued innovation will be necessary to maintain security in the digital payment ecosystem.