\n
![](\"https:\/\/images.ctfassets.net\/jdtwqhzvc2n1\/1kewgFGr47cn9lpS05X3s9\/bd168f6b74179ec18e667dcc83b9ad38\/Stopping_fraud.png?w=300&q=30\")
<\/p>\n
\n<\/p>\n
Fraud protection is a race against scale.\u00a0<\/p>\n
For instance, Mastercard\u2019s network processes roughly 160 billion transactions a year, and experiences surges of 70,000 transactions a second during peak periods (like the December holiday rush). Finding the fraudulent purchases among those \u2014 without chasing false alarms \u2014 is an incredible task, which is why fraudsters have been able to game the system.\u00a0<\/p>\n
But now, sophisticated AI models can probe down to individual transactions, pinpointing the ones that seem suspicious \u2014 in milliseconds\u2019 time. This is the heart of Mastercard\u2019s flagship fraud platform, Decision Intelligence Pro (DI Pro).\u00a0<\/p>\n
\u201cDI Pro is specifically looking at each transaction and the risk associated with it,\u201d Johan Gerber, Mastercard\u2019s EVP of security solutions, said in a recent VB Beyond the Pilot podcast. \u201cThe fundamental problem we're trying to solve here is assessing in real time.\u201d<\/p>\n
Mastercard\u2019s DI Pro was built for latency and speed. From the moment a consumer taps a card or clicks \u201cbuy,\u201d that transaction flows through Mastercard\u2019s orchestration layer, back onto the network, and then on to the issuing bank. Typically, this occurs in less than 300 milliseconds.\u00a0<\/p>\n
Ultimately, the bank makes the approve-or-decline decision, but the quality of that decision depends on Mastercard\u2019s ability to deliver a precise, contextualized risk score based on whether the transaction could be fraudulent. Complicating this whole process is the fact that they\u2019re not looking for anomalies, per se; they\u2019re looking for transactions that, by design, are similar to consumer behavior.\u00a0<\/p>\n
At the core of DI Pro is a recurrent neural network (RNN) that Mastercard refers to as an "inverse recommender" architecture. This treats fraud detection as a recommendation problem; the RNN performs a pattern completion exercise to identify how merchants relate to one another.\u00a0<\/p>\n
As Gerber explained: \u201cHere's where they've been before, here's where they are right now. Does this make sense for them? Would we have recommended this merchant to them?\u201d\u00a0<\/p>\n
Chris Merz, SVP of data science at MasterCard, explained that the fraud problem can be broken down into two sub components: A user\u2019s pattern behavior and a fraudster\u2019s pattern behavior. \u201cAnd we're trying to tease those two things out,\u201d he said.\u00a0<\/p>\n
Another \u201cneat technique,\u201d he said, is how Mastercard approaches data sovereignty, or when data is subject to the laws and governance structures in the region where it is collected, processed, or stored. To keep data \u201con soil,\u201d the company\u2019s fraud team relies on aggregated, \u201ccompletely anonymized\u201d data that is not sensitive to any privacy concerns and thus can be shared with models globally.\u00a0<\/p>\n
\u201cSo you still can have the global patterns influencing every local decision,\u201d said Gerber. \u201cWe take a year's worth of knowledge and squeeze it into a single transaction in 50 milliseconds to say yes or no, this is good or this is bad.\u201d<\/p>\n
While AI is helping financial companies like Mastercard, it\u2019s helping fraudsters, too; now, they\u2019re able to rapidly develop new techniques and identify new avenues to exploit.\u00a0\u00a0<\/p>\n
Mastercard is fighting back by engaging cyber criminals on their turf. One way they\u2019re doing so is by using "honeypots," or artificial environments meant to essentially "trap" cyber criminals. When threat actors think they\u2019ve got a legitimate mark, AI agents engage with them in the hopes of accessing mule accounts used to funnel money. That becomes \u201cextremely powerful,\u201d Gerber said, because defenders can apply graph techniques to determine how and where mule accounts are connected to legitimate accounts.\u00a0<\/p>\n
Because in the end, to get their payout, scammers need a legitimate account somewhere, linked to mule accounts, even if it\u2019s cloaked 10 layers down. When defenders can identify these, they can map global fraud networks.<\/p>\n
\u201cIt\u2019s a wonderful thing when we take the fight to them, because they cause us enough pain as it is,\u201d Gerber said.\u00a0<\/p>\n
Listen to the podcast to learn more about:\u00a0<\/p>\n
How Mastercard created a "malware sandbox" with Recorded Future;\u00a0<\/p>\n<\/li>\n
Why a data science engineering requirements document (DSERD) was essential to align four separate engineering teams;<\/p>\n<\/li>\n
The importance of "relentless prioritization" and tough decision-making to move beyond "a thousand flowers blooming" to projects that actually have a strong business impact;<\/p>\n<\/li>\n
Why successful AI deployment should incorporate three phases: ideation, activation, and implementation \u2014 but many enterprises skip the second step.\u00a0<\/p>\n<\/li>\n<\/ul>\n
Listen and subscribe to <\/b>Beyond the Pilot<\/b> on <\/b>Spotify<\/b>, <\/b>Apple<\/b> or wherever you get your podcasts.<\/b><\/p>\n