Sharpening card fraud defenses in the age of risk

The risk landscape for card fraud is significantly more difficult than ever before with card fraud losses growing worldwide for both online payments fraud and card fraud. A robust Cybercrime-as-a-Service (CaaS) economy with criminal buyers and sellers scarcely existed a decade ago, but it operates effectively now. Future expectations of fraud leaders lean pessimistic. In a Q3 Datos Insights research study, 53% of U.S. FI fraud executives believe their fraud losses will rise by 10 points or more in the next three years. Fraud executives continue to fight the good fight for their consumers and institutions, but it is an arduous uphill battle. A closer look at recent Datos Insights research paints a clear picture of significant challenges, headwinds, and complexities. Fraud executives I have the privilege of speaking with know these challenges are severe. I hear it in their words and feel it in their tone. Some of them also wonder if this battle can be won. In the context of heighted cyber and fraud risk, I believe improving card fraud defenses requires a new kind of institutional risk journey, a new way forward.

In a recent Datos Insights global research study commissioned by Mastercard, we discovered that challenges and headwinds faced by card fraud prevention executives were largely systemic. These were not improvements for edge cases. They were fundamental issues with the issuer’s fraud defense solutions and defense ecosystem. 

A few key insights were these:

FI fraud and risk professionals are most concerned by their lack of agility and speed. Seventy-eight percent of participants highlighted their FI fraud prevention teams as too slow, lacking the agility to keep pace with the market and highly agile criminal attackers. With the market availability of AI enabled tools and growth of the attacker CaaS economy of buyers and sellers, criminal teams continue to speed ahead. Speeding up is a systemic challenge for FI fraud teams, and a source of high stress for FI fraud executives.

The next most concerning areas for fraud executives relate to cyber threat intelligence (CTI) capabilities. CTI is both crucial and often misunderstood. Our research highlighted that 74% of participants owned CTI capabilities but lacked the integration to apply this data to improve card fraud outcomes. It also indicated that fraud leaders are very bullish on the effectiveness of CTI data, with 57% of participants believing CTI data could help them mitigate or prevent 50% or more of their confirmed card fraud. CTI data has high presumed value in improving card fraud defenses, but traditionally lacked systemic integration. This frustration in the face of urgent need is highly concerning for global fraud executives, who are looking for integrated solutions to solve this need.

Finally, 66% of global fraud executives are concerned about their siloed controls. For issuers in North American and Asia Pacific, 72% of leaders cite this entrenched issue. The seasoned reader knows how traditional fraud prevention solutions operate as separated, operational silos from cybersecurity defenses. Silos cripple the ability to share risk data across teams, and function as dead-weight that cross-functional teams must carry in attempting to work together. My 30-year security career in financial services suggests we often do not view silos as seriously damaging as they are, and we tend not to prioritize the deconstruction of risk silos, especially for cross-team data sharing, with the urgency this demands.

The research highlights clearly that the primary fraud challenges faced by issuers are systemic in nature and require technical frameworks which enable defense agility, integrate CTI data, and cross operational silos.

Card business is strategic and competitive for issuers. Several business drivers exist which sometimes come in conflict with one another. A three-legged stool serves as a good mental model for considering pain points most highly prioritized by executives. Recent Datos Insights research highlights that top-of-the-house executives view loss of consumer trust as their top pain point, with 76% of participants indicating their executive team is most focused upon. Loss of consumer trust, sometimes triggered by a card fraud incident experienced by the consumer, leads to loss of consumer revenue as the impacted card drops to the bottom of wallet. Strong consumer trust is reflected by continued card transactions and high net promoter scores.

The next highest executive pain point is high false positive rates, highlighted by 69% of study participants. Card fraud defenses at the FI strengthen card security value to the consumer. But in competitive markets where consumers have choices, excessive card fraud mitigation actions can be viewed as irritating consumer friction, an inconvenience which drives some consumers to cards from another issuer. 

The third leg in the stool is high net fraud losses, where 53% of participants cited this high pain point for their executive team. Writing off card fraud losses as a cost of doing business has been a traditional approach for some FIs. Those days seem to be waning. My view is that with card fraud losses climbing across the world, business executives have less appetite to simply write them off. And because fraud incidents also drive loss of trust problems with consumers, executives have even attention toward analytics which elevate detection and prevention of card fraud.

Delivering seamless card experiences for consumers while stopping fraudsters depends on having better, more timely risk data. To truly address executive concerns, fraud leaders must overcome systemic challenges, such as slow response times, lack of integrated cyber threat intelligence, and persistent risk silos. It's no surprise this task is so challenging.

Let’s examine the practical example of card testing.

Card testing is a malicious activity which indicates a strong possibility for subsequent card fraud attacks. In the global research project, fraud leaders indicated card testing was the third-most encountered attack vector leading to card fraud, with 48% of participants highlighting this vector. 

Card testing functions within a maturing criminal supply chain. Criminal teams are funded, operate at scale, and leverage a supply chain of CaaS buyers and sellers to enable the attacker economy. While variances exist, the reader can generally understand the attacker supply chain as a funnel of customer and card data, which each layer becoming more refined and valuable to cyber criminals.

• Top of funnel is the customer data stolen through the data breaches, which remain an onslaught worldwide. During the first half of 2025, 1,732 data breaches were reported impacting approximately 166M individuals¹. Card data is often included within data breaches. With no end in sight, this top of funnel “pool” represents a vast amount of customer data for sale within the attacker economy.
• Supplied with stolen customer data, the next level of the funnel is the enrichment of this data, using tools increasingly enabled by generative AI. Criminals drive phishing and social engineering campaigns against consumers while using the online channel, in pursuit of login credentials, card information and online fraud. Recent Datos Insights research highlights that account takeover (ATO) via phishing remains the top cyber concern for customer-facing financial service as FIs enter 2026².  This refined collection of customer and card data is sold within the criminal ecosystem to enable the next step.
• Supplied with customer and card data, the next level of the funnel involves the testing of cards. Criminal teams seek to validate cards through small purchases (often as low as $1) which confirm the card is active and can be misused in a subsequent step, all without tipping off the activity and raising suspicion. Once validated as active, these validated customer and card sets can be sold to other criminal entities or used directly to purchase expensive goods (to be resold) or withdraw cash advances on the card.

As stated earlier, 57% of fraud leaders believe that cyber indicators (such as card testing) are included in more than 50% of their confirmed card fraud – indicating so much upside opportunity. The ability to flag card testing creates critical wins for card fraud prevention leaders. The systemic challenges? The inability to overcome risk silos and lack of integration for CTI data of this category.

Fraud prevention and cyber teams traditionally operate as siloed risk businesses, very much separated from one another. Fraud and Cyber function with different goals, tools, skill sets, and definitions of success written into their key performance indicators (KPIs). Attackers operate in an ecosystem which enables them to naturally cross between cyber and fraud domains, yet traditional FI defender teams often operate within entrenched operational silos which slow progress and essentially limit what the teams see. Often, it is the siloed data aspect which is the most damaging to defending faster and at higher quality for the business. The research shows that 73% of global FI fraud leaders lack access to real-time or daily cyber threat intelligence, a major opportunity for improvement through faster data sharing.

While sharing risk reports monthly or quarterly matters, it's not enough for FI leaders aiming for real, strategic progress. This is exemplified when the research captured that 60% of fraud leaders become aware of cyber breaches only after fraud losses begin to occur. This gap is most severe for issuers in Latin America and Asia Pacific, where 67% of fraud and risk leaders highlight this visibility issue.

Integration or collaboration between cyber and fraud prevention teams is proving effective for many global FIs. Instead of traditional siloed fraud and cyber risk analysis, the FI can better deliver higher quality and faster risk responses operating together. In the recent Datos Insights research study, 81% of FIs investing in cyber-fraud integration report faster risk delivery improvements, with 89% of FIs in Europe and Asia Pacific achieving speed improvements! Furthermore, 68% of FIs investing in cyber-fraud integration are reporting reduced fraud losses, as well as achieving improved card security, enhanced threat intelligence, faster incident containment, and quicker ATO detection.  These are fantastic results much needed by issuers! 

CTI data flagging card testing activities is highly prioritized, as it is especially useful to provide early indication of card fraud attacks. With earlier visibility to suspicious card testing activities, FI defender teams gain a markedly improved position prior to card transaction request. 

My recommendation is that FI defender teams take a play out of the criminal playbook and build their funnel of risk data. While criminal teams are successfully committing fraud by leveraging a refreshed funnel of consumer data bought and sold in their attacker ecosystem, FI defender teams must become more effective by building their “defender funnel” of malicious behavior data through CTI risk feeds. FIs can self-build these data frameworks or partner with a provider which can do this on their behalf. Through early phase detection of malicious activities, FI fraud prevention teams can shine light into historical blind spots, increase catch rate for bad actors, improve defenses for legitimate consumers, and step into the kind of more proactive defense strategies needed by the business. This is the kind of rigorous risk solution which stands resilient in the age of risk, enabled by a new breed of CTI malicious behavior data.

Improvements to deliver improved fraud prevention for card and online payments have become urgent.  The age of risk is here and will become more difficult in the future. These actions are recommended at FI card issuers:

1. Invest in cyber-fraud integration. Cyber-enabled fraud risk is a significant threat to the business. FIs pursuing greater collaboration and shared ownership between the fraud prevention and cybersecurity teams are achieving important wins. 
2. Become more familiar with card testing behaviors, as well as the CaaS ecosystem of buyers, sellers, and attackers. This is a good resource to begin. 
3. Seek robust CTI solutions. The best include capabilities to flag card testing activities as precursor behaviors for card fraud attacks, and share this data through real-time and near real-time (next day) mechanisms.

Look for the Datos Insights research report in January 2026. This global study examines the risk challenges, integration achievements for the business and priorities for the journey ahead from 90 FI fraud executives and risk leaders. As FI issuers and acquiring processors operate in the new age of risk, these solutions will play a large role in who wins, who survives, and who loses within financial services.