In 2011, a criminal gang swiped millions of dollars from ATMs around the world. They did it by hacking the network of a Middle Eastern bank, and then giving illicit debit cards to accomplices who started draining cash from the machines. The heist is an example of a lucrative, decades-long trend of criminals using compromised credit and debit cards to steal from banks and merchants—but it is the sort of caper that is much harder to pull off today.
According to Craig Vosburg, Chief Product Officer at Mastercard, the company’s Safety Net tool routinely detects and shuts down card scams before crooks can cash in. For example, in 2023, Vosburg says Safety Net detected more than 2,300 suspicious transactions per hour over the course of three days and blocked $14.7 million worth of fraud.
Mastercard is able to pull this off by drawing on insights from over 150 billion annual transactions. Using this data, it can unusual activity in less than a second and send out warnings—warnings that give banks and merchants an opportunity to introduce additional steps to slow suspicious transactions or block them outright.
The insights Mastercard gleans from all of its data—a process that has been supercharged by AI—help stop individual incidents of fraud, but also provides the company with a holistic view of the cyberthreat landscape, helping its collective customer base prevent attacks from occurring in the first place. The upshot is that the proportion of fraudulent card-based transactions on Mastercard’s network has dipped significantly.
This has, in turn, become a significant business opportunity for Mastercard, letting it sell additional cyber solutions to clients as well as outside companies that don’t use its payment network. Vosburg says these offerings, as well as other services such as marketing and consulting, are the fastest growing segment of Mastercard’s business.
The growing prowess of Mastercard and others at curtailing card-based fraud is good news for merchants and consumers. Unfortunately, this has been offset by another trend: a rapid increase in so-called social engineering fraud, where crooks poses as someone the victim knows and trusts in order to get access to their finances. And while AI has helped companies like Mastercard improve their network security, the technology is also making social engineering scams more convincing thanks to tools like deepfakes.
“It feels like criminals are shifting from card fraud to account-to-account,” says Johan Gerber, Head of Security Solutions at Mastercard.
As examples, Gerber cites the rapid growth in romance scams and investment scams, where the victim believes the person conning them is someone they trust or even love. This dynamic, he says, can make it hard to warn people when a firm like Mastercard suspects a scam; in some cases, the victim will even refuse to acknowledge clear evidence of fraudulent behavior. “Social engineering fraud is so hard to stop because of the emotional element,” says Gerber.
This doesn’t mean, though, there aren’t tools out there to help financial firms block social engineering fraud. Gerber points out that the perpetrators of these scams often whisk money to five or more separate accounts, which results in patterns that Mastercard and others can recognize.
Gerber says this offers an opportunity to take actions like adding friction to delay suspicious transactions and that, in the U.K., a program to share suspicious accounts with both sending and receiving banks have resulted in a 12% decline in peer-to-peer scams.
More broadly, criminals turning from card hacking to social engineering scams reflects the long-running cat-and-mouse game between financial scammers and the companies that detect them—a game that will continue for years to come.
This story was originally featured on Fortune.com
Recent Comments