Building proactive cybersecurity and fraud prevention with cross-team collaboration

• Cyber fraud is accelerating as criminals adopt new tools and tactics to launch attacks at scale, fueling an estimated $404 billion in card fraud losses over the next decade. 
• Collaboration and shared intelligence between cybersecurity and fraud prevention teams at banks helps surface early warning signals before fraud escalates. 
• Shifting from reactive to proactive defense is critical for mitigating cyber-driven fraud losses and protecting customers in an evolving threat landscape. 

Fraud and cybercrime are now inseparable, with cyberattacks like breaches and exploits exposing stolen card data and credentials that power fraud at scale. 

In 2024 alone, threat actors posted 269 million stolen card records, and global card fraud losses are projected to reach $404 billion over the next decade. Payment fraud is a rapidly escalating cybersecurity issue directly impacting an organization’s bottom line and reputation.  

In response, payment fraud prevention professionals at issuing and acquiring banks must address fraud’s origins in cyber. When cyber breaches occur, fraud tends to follow predictable patterns as stolen data is monetized through account takeovers, fraudulent transactions or other financial schemes. Yet too often, early attack indicators go unnoticed because cybersecurity and fraud prevention teams operate in silos.

Breaking down these silos is vital for moving from reactive to proactive fraud prevention. By closely collaborating and sharing intelligence, fraud and cybersecurity teams can form a unified defense to act on emerging signals and prevent fraud from escalating, minimizing losses.

Today’s threat actors rely on cyber-enabled tactics to commit fraud at scale. Using tools readily available online, they identify vulnerable sites and automate infection across hundreds of domains at once.

For example, cybercriminals often scan potential targets in advance to identify vulnerabilities and map potential attack surfaces. Detected scan attempts rose by 16.7% worldwide in 2024, with cybercriminals leveraging automated tools to conduct millions of scans per hour across the web.

This surge in automated reconnaissance is just one example of how threat actors are advancing the scope and sophistication of their operations. Several forces are accelerating this shift and influencing how fraud and cybersecurity teams must respond:

• Cybercrime-as-a-service (CaaS) 
• Impact of AI on cyber threats and vulnerabilities  
• New and emerging fraud tactics 

CaaS describes the growing marketplace where criminals can buy or rent the tools, infrastructure and expertise required to launch cyber attacks. Demand for these services is surging. For example, in the second half of 2024, the use of Malware-as-a-Service (MaaS) tools, which provide attackers with pre-built malware kits, rose by 17%. 

These kits make launching a cyber attack relatively simple and inexpensive, with some costing as little as $40 a month.

CaaS enables inexperienced actors to execute campaigns that once required advanced technical skill, lowering the barrier to entry. It also expands the toolkit of seasoned cybercriminals, who can outsource key attack components to increase the efficiency and impact of their operations.

Artificial intelligence is reshaping the cyber threat landscape. As organizations rapidly adopt AI-driven tools (sometimes without adequate security assessments), they unintentionally expand the attack surface available to bad actors. 

Threat actors can then use AI to exploit these vulnerabilities more quickly and significantly reduce break-out time. Additionally, ​cybercriminals can now deploy autonomous, AI-powered bots that can learn from mistakes and adapt in real time. 

For example, in a brute-force attack in which an attacker attempts to guess passwords by generating many possible alphanumeric combinations, AI-driven bots can adjust each new password guess based on previous failures, steadily improving their chances of gaining access.

AI-driven trends will increase risk exposure for an organization's traditional perimeter (e.g., endpoints and servers) by 30% in the next three years, according to McKinsey estimates.

Threat actors continuously adapt their methods to exploit new technologies and processes. For example, social engineering scammers increasingly leverage deepfakes (synthetic audio and video that mimics a real individual) to add credibility to their schemes. 

In a recent attack, a finance worker in Hong Kong transferred $25 million to fraudsters who used deepfake technology to impersonate the company’s chief financial officer on a video call. This case reflects a wider surge in such tactics, as 46% of financial institutions reported an increase in deepfake-related fraud attempts over the past year.

In this threat landscape, familiar attack methods are being repurposed with new tools and in new channels, especially techniques that exploit human error. The median time for users to fall for a phishing email is under 60 seconds, and the human element was a component of 68% of breaches in 2024, underscoring the importance of security training to address both technical and human-driven risks.

As cyberattacks evolve and grow more advanced, integration between fraud and cybersecurity teams is necessary to combat fraud. That includes intelligence sharing to detect fraud proactively, before it has financial consequences. 

However, to integrate effectively, fraud and cybersecurity teams need a common approach to how they assess and respond to threats.  

​​As a guide, The Cybersecurity Framework’s Six Functions provide a clear structure for aligning priorities and approaching fraud prevention through a cybersecurity lens. The framework was developed by the National Institute of Standards and Technology (NIST) to improve organizations’ approach to cybersecurity.  

The Cybersecurity Framework’s six Functions represent the primary pillars for a holistic cybersecurity program. Together, they help organizations maintain an organized and effective approach to managing cybersecurity risk.

1. Identify: This Function focuses on developing an understanding of the systems, people, assets, data and processes that underpin critical operations. By mapping these elements and assessing associated threats and vulnerabilities, an organization can prioritize resources and align its security strategy with business needs.

2. Protect: The Protect Function establishes safeguards to maintain the resilience of critical services, supporting organizations to limit the potential impact of a cyber incident. For example, this includes an organization enforcing strict Identity Management and Access Control for physical and remote access.

3. Detect: The Detect Function emphasizes timely identification of cybersecurity events through continuous monitoring and analysis. The goal of this Function is for organizations to surface anomalies and understand their potential impact. 

4. Respond: The Respond Function centers on taking action to contain the impact of a detected cybersecurity incident. This involves executing response plans, coordinating communications with stakeholders and applying mitigation measures to stop an attack from spreading.

5. Recover: After an incident has been contained, the Recover Function ensures that systems and services are restored promptly. Along with implementing structured recovery processes, organizations can refine existing strategies based on lessons learned.

6. Govern: A sixth Function was added in 2024 underpinning the overall cybersecurity framework and informing how organizations implement the other five Functions. The Govern Function helps guide what an organization should do to supports its cybersecurity goals and priorities, ensuring these efforts fit within the mission and broader organizational context.

To address cybersecurity risks that drive fraud, banks must tighten the feedback loop across core defense efforts. However, doing so requires coordinated effort between fraud and cybersecurity teams to act on early threat signals.

When cybersecurity and fraud teams remain siloed, fraud may come to light only after loss occurs, while cyber teams remain unaware that a security incident in their systems was the catalyst for fraud. This disconnect gives threat actors space to escalate their operations and exploit weaknesses before defenses can adjust.

However, integrated fraud and cybersecurity teams can interpret cyber signals to detect fraud earlier and align on response strategies. In particular, teams must collect, analyze and share information related to attack methodologies and indicators of compromise.  

A key enabler of these efforts is threat intelligence. Unlike traditional fraud detection tools that surface fraud after it has occurred, threat intelligence proactively monitors criminal marketplaces, messaging apps and compromised websites to uncover stolen payment data and emerging threats.

Cyber and fraud teams that collaborate to share and apply this intelligence gain the insight to detect and disrupt attacks before losses mount. In turn, an organization’s fraud defense shifts from reactive to proactive, an essential stance as threats gain complexity.

While fraud and cybersecurity teams may be accustomed to operating in isolation, these silos leave critical gaps for attackers to exploit. The reality of cyber fraud demands a united defense. 

By working in close coordination, fraud and cybersecurity teams can close visibility gaps to detect and address cyber threats before they lead to fraud. Critically, this collaboration should involve ongoing intelligence sharing to track attacker tactics and surface early warning signals of fraud. With this awareness, banks can adapt their defenses and act proactively to reduce risk.

However, the importance of intelligence sharing extends beyond any one bank. Broader coordination and intelligence sharing across the financial sector enhances awareness of active threats and further supports banks to protect their customers.

Want to learn more about proactive fraud prevention? Discover how Mastercard’s cybersecurity and cyber intelligence capabilities can help.

For a quick overview of how cybersecurity and fraud prevention intersect, explore the answers to these frequently asked questions: 

Cyber-enabled fraud threats are accelerating as criminals use new technologies like AI to automate and scale attacks. Additionally, CaaS tools continue to lower the barrier to entry for cybercriminals.

Fraud often begins with a cyber vulnerability, making the two inseparable. When cybersecurity and fraud teams collaborate, they can better identify and respond to emerging threats.

Banks can improve fraud prevention by closing visibility gaps between cybersecurity and fraud teams. Shared intelligence between teams, particularly fraud intelligence, enables proactive threat detection and more coordinated response efforts.