Fraud protection is a race against the scale.
For example, Mastercard’s network processes approximately 160 billion transactions per year, and experiences a surge of 70,000 transactions per second during peak periods (such as the December holiday rush). Detecting fraudulent purchases among them – without chasing false alarms – is an incredible task, which is why fraudsters are able to game the system.
But now, sophisticated AI models can examine individual transactions, identifying those that seem suspicious in a matter of milliseconds. It is at the heart of MasterCard’s flagship fraud platform, Decision Intelligence Pro (DI Pro).
“DI Pro is specifically looking at each transaction and the risk associated with it,” Johann Gerber, MasterCard’s EVP of security solutions, said in a recent VB Beyond the Pilot podcast. “The fundamental problem we’re trying to solve here is to make assessments in real time.”
How does DI Pro work?
MasterCard’s DI Pro was built for latency and speed. The moment a consumer taps a card or clicks “Buy,” that transaction flows through Mastercard’s orchestration layer back over the network and then to the issuing bank. Typically, this occurs in less than 300 milliseconds.
Ultimately, the bank makes the approval-or-denial decision, but the quality of that decision depends on Mastercard’s ability to deliver an accurate, relevant risk score based on whether or not the transaction may be fraudulent. What complicates this entire process is the fact that they are not looking for anomalies; They are looking for transactions that resemble consumer behavior by design.
At the core of DI Pro is a recurrent neural network (RNN) that Mastercard refers to as a "inverse recommender" architecture. It treats fraud detection as a recommendation problem; The RNN performs a pattern completion exercise to identify how traders are related to each other.
As Gerber explained: “Here’s where they were before, here’s where they are now. Does this make sense to them? Would we have recommended this merchant to them?”
Chris Merz, SVP of Data Science at Mastercard, explained that the fraud problem can be broken down into two subcomponents: a user’s patterned behavior and a fraudster’s patterned behavior. “And we’re trying to tease apart those two things,” he said.
Another “neat technique,” he said, is how MasterCard takes the approach of data sovereignty, or when data is subject to the laws and governance structures in the territory where it is collected, processed or stored. To keep the data “on the ground,” the company’s fraud team relies on aggregated, “completely anonymized” data that is not sensitive to any privacy concerns and thus can be shared with models globally.
“So you can still have global patterns influencing every local decision,” Gerber said. “We take a year’s worth of knowledge and squeeze it into one transaction in 50 milliseconds and say yes or no, this is good or this is bad.”
scammers are cheating
While AI is helping financial companies like Mastercard, it is also helping fraudsters; Now, they are able to rapidly develop new technologies and identify new avenues of exploitation.
Mastercard is retaliating by engaging cyber criminals in their territory. They’re using a way to do that "honeypot," or artificial environment essentially means "Net" Cyber criminals. When threat actors think they’ve found a legitimate mark, AI agents join them in hopes of gaining access to mule accounts used to raise funds. This becomes “extremely powerful,” Gerber said, because defenders can apply graph techniques to determine how and where mule accounts are connected to legitimate accounts.
Because in the end, to receive their payment, scammers need a legitimate account somewhere, linked to mule accounts, even if it is covered with 10 layers. When defenders can identify these, they can uncover global fraud networks.
“It’s a wonderful thing when we fight them, because they cause us a lot of pain,” Gerber said.
Listen to the podcast to learn more about it:
- How was MasterCard created? "malware sandbox" With a recorded future;
-
Why the Data Science Engineering Requirements Document (DSERD) was necessary to align four separate engineering teams;
-
importance of "relentless priority" and making difficult decisions moving forward "a thousand flowers are blooming" For projects that really have a strong business impact;
-
Why successful AI deployment should involve three steps: ideation, activation, and implementation – but many enterprises skip the second step.
Listen and Subscribe beyond the pilot But spotify, Apple Or wherever you get your podcasts.
<a href