Mastercard exec says smarter payments call for stronger defences

This article was first published in Tech Wire Asia.

Mastercard: Financial institutions need smart tools and collaboration to protect payments. Cybercriminals move fast, but payment systems lag.

Cybercriminals are no longer lone operators. They now work as coordinated, borderless networks that share stolen data, infrastructure, and attack methods in real time. This level of collaboration allows them to scale attacks quickly, while many businesses still rely on siloed defences that leave blind spots.

Global losses from online payment fraud are projected to climb to US$362 billion by 2028, and artificial intelligence is making attacks sharper and faster. The gap between how criminals work and how businesses defend themselves is widening. To close it, financial institutions, merchants, and technology providers must rethink how they protect their customers.

Tech Wire Asia recently spoke with Aditi Sawhney, Senior Vice President, Security Solutions, Asia Pacific at Mastercard, about the changing nature of financial crime, why old defences are falling short, and how AI-driven collaboration can help.

Siloed defences can’t keep up

Many financial institutions still rely on separate, fragmented fraud detection systems. These were designed for a time when threats were smaller and less coordinated. That approach is now proving inadequate.

“Fraud today is borderless,” Sawhney explained. “As the world becomes more reliant on technology, and systems grow more interconnected, the attack surface for bad actors expands – and so do the opportunities to exploit vulnerabilities.”

She pointed out that ten years ago, cyberattacks were already a concern but occurred on a much smaller scale. Today, there are more than 2,200 attacks daily — about one every 39 seconds. Criminals collaborate across geographies, share stolen data, and reuse tactics quickly. In contrast, siloed systems give organisations only a limited view of suspicious behaviour.

A bank might see unusual login activity but fail to connect it with suspicious transactions happening elsewhere. This lack of integration delays detection and gives criminals more time to act.

Sawhney said that banks, merchants, governments, and technology providers need to work together to build unified defences. She pointed to Mastercard’s collaboration with UK banks through its Consumer Fraud Risk (CFR) solution as an example. CFR analyses payment patterns, transaction links, and payer habits across the ecosystem in real time, helping institutions detect suspicious activity that siloed systems miss.

Another tool, SafetyNet, acts as a second line of defence by scanning billions of transactions independently of issuer systems. According to Mastercard, it has blocked more than 70 billion fraudulent transactions worldwide to date.

Rethinking security through global collaboration

The rise of coordinated cybercrime means financial services can no longer rely on one-off security checks. Instead, they need ecosystem-wide collaboration.

Mastercard’s latest white paper, Securing tomorrow: Preparing for an always-on, AI-powered future, found that cyberattacks on global infrastructure jumped 30% in 2023, with double-digit growth expected through 2030.

One effective way to address these threats is by adopting global technology standards. These make it easier for different systems to work together and close the gaps that criminals often exploit. “Cybercriminals don’t remain within borders. Stopping them will require governments and businesses to work together as much as possible on a global scale,” the report states.

Organisations like the Financial Services Information Sharing and Analysis Center (FS-ISAC) have long played a role in sharing threat intelligence. But scams are changing. They no longer involve just unauthorised intrusions but increasingly include authorised scams that are harder to detect and block. This shift requires a broader, more connected response.

Financial institutions are being encouraged to adopt AI-driven platforms, work with regulators on secure cross-border data sharing, and build trusted channels for intelligence exchange. These steps can help them keep pace with fast-moving threats.

AI platforms enable earlier, smarter detection

AI is playing a growing role in spotting suspicious activity before it causes harm. Mastercard’s TRACE (Trace Financial Crime) and CFR platforms are examples of this shift.

These tools use large-scale, real-time payments data from multiple institutions, along with advanced AI models, to detect mule accounts, money laundering, and emerging fraud patterns. Unlike traditional fraud systems that rely on static rules, TRACE and CFR continuously learn and adapt to new criminal tactics.

By drawing from many data points across the network, they can flag problems earlier and more accurately. This reduces false positives and stops fraudulent transactions before they reach customers.

The impact is already visible. In the UK, TRACE and CFR helped 11 banks improve their detection of authorised push payment fraud before funds left victims’ accounts. In the Philippines, TRACE has flagged mule accounts across real-time payment systems, generating over 100 proactive alerts every month from 36 participating banks.

Tackling first-party fraud through trust

While external attacks often dominate headlines, first-party fraud—when legitimate customers dispute their own transactions—remains a major challenge. It’s often overlooked because it can look like normal behaviour, but it’s a growing financial burden.

Digital goods merchants estimate that 75% of Card-Not-Present fraud they face comes from first-party fraud, according to Ethoca’s Chargeback Trends and Outlook 2023 report.

Sawhney noted that progress is being made. Technologies like tokenisation, biometric authentication, and passkeys are reducing fraudulent disputes by strengthening identity verification and transaction security.

Trust-based analysis also helps. Mastercard’s First-Party Trust Program uses enriched historical data to confirm cardholder identity and improve information sharing between issuers and merchants. This reduces confusion, improves detection, and lowers chargebacks.

Securing identity across the customer journey

Identity theft now sits at the centre of most cyberattacks, from deepfakes to synthetic identities and bot-driven scams. That makes it crucial to embed AI-driven security from account opening through to dispute resolution.

Sawhney explained that Mastercard’s approach is to make security “invisible yet omnipresent.” AI and machine learning models connect the dots between behaviour, devices, identity signals, and transaction patterns to uncover hidden risks.

Examples include:

• Detecting synthetic identities during account opening in real time.
• Using behavioural biometrics during onboarding to verify users without extra friction.
• Balancing risk and reward at the transaction stage in milliseconds to reduce false declines.
• Streamlining dispute resolution with enriched data after transactions.
  
  

For this to work, different AI tools need to orchestrate and share intelligence across the ecosystem, adapting quickly to new threats.

The cost of standing still

The stakes are high. More than 40 billion devices are expected to be connected by 2030. This hyperconnectivity, combined with generative AI and autonomous agents, is creating an unprecedented attack surface.

Cybercrime already costs the world an estimated US$9.5 trillion annually, making it the third-largest “economy” globally. That number is expected to rise to US$15.6 trillion by 2029.

Beyond financial losses, a single breach can destroy consumer trust overnight. In Asia, where digital inclusion drives economic growth, scams undermine public confidence in digital services.

Sawhney warned that organisations that fail to modernise risk falling behind as criminals innovate faster. Those that invest in AI-driven, collaborative security can better protect their customers and strengthen their reputations in a trust-driven market.

Intelligence sharing strengthens the ecosystem

While criminals share information freely, businesses are often hesitant to do the same. Competitive concerns and data sensitivity create barriers.

Sawhney believes structured, neutral platforms can overcome this. Industry consortiums or trusted third parties can enable anonymised, aggregated intelligence sharing, where insights are pooled without exposing customer data or strategies.

She pointed to Mastercard’s role in the Global Anti-Scam Alliance and cross-sector coalitions in Singapore, Indonesia, the Philippines, and Oceania. These partnerships foster collaboration and exchange of best practices to stay ahead of new fraud trends.

“Collaboration on security is not a threat to competition – but a prerequisite for market integrity,” Sawhney said. “When the ecosystem is secure, everyone benefits. And when it’s compromised, everyone loses.”