How banks prevent cyber fraud with improved threat intelligence

• Fraud is rarely a one-off event. It’s usually the monetization step in a longer chain of cyberattacks. 
• At many banks, cybersecurity and fraud prevention remain siloed, which can lead to missed warning signs and slower responses.
• When cyber and fraud teams share intelligence, they can spot patterns that point to potential fraud and disrupt suspicious activity before it escalates. 
• Payments-specific threat intelligence and industry-wide sharing of attack patterns are essential to preventing cybercrime.
  

Global bank fraud losses are projected to surge 153% over the next five years, climbing from $23 billion in 2025 to $58.3 billion in 2030. Banks could save millions by acting on early warning signs. Yet in many organizations, siloed fraud teams don’t get the right cyber intelligence in time.

Fraud is rarely a standalone incident. A cybercriminal may steal credit card data during a breach and sell it to another bad actor, who then uses it to commit fraud for financial gain.

That breach is an early fraud signal. But if a bank’s cybersecurity team doesn’t flag it to fraud prevention, the opportunity to act is lost. As a result, fraud teams don’t get involved until criminals have cashed out and financial and reputational damage is already done.

Without collaboration and shared intelligence, early warning signals stay siloed. To break this cycle, banks need frameworks that connect cybersecurity and fraud prevention, allowing them to disrupt cybercrime and fraud patterns before they impact the customer.

Many cybercriminals operate in sophisticated supply chains where different actors focus on each stage of an attack, from initial breach or exploit to monetization.

In this environment, what may seem like low-level cyber incidents often signal larger fraud to come, including:

• Phishing and social engineering techniques
• Credential theft via malware
• Digital skimming attacks
• Bot-driven card testing
  

Attackers impersonate trusted brands or individuals, or create fake websites to trick victims into sharing sensitive data. Phishing-as-a-Service platforms now use generative AI to craft convincing messages and websites, making scams even more difficult for the average person to detect. Information stolen in phishing attacks is often sold or used to gain account access and make unauthorized transactions.

Malware like infostealers and keyloggers capture login credentials from infected devices. Stolen credentials now drive the majority of web application attacks, comprising 88% of incidents in this category. Fraudsters use these credentials for account takeover (ATO) attacks, where they gain control of legitimate accounts to move money or commit financial fraud.

Cybercriminals inject malicious code into e-commerce checkout pages to harvest card data. Stolen details are then either sold or used to make fraudulent purchases.

Groups known as Magecart specialize in these large-scale skimming attacks. In 2024, threat actors posted 70 million more card records for sale compared to 2023, showing the growing scale of the threat.

To verify whether stolen card data is valid, fraudsters run small-dollar test transactions on e-commerce sites using automated scripts. Active cards are then sold or used for larger fraud attempts. Validated data is especially valuable on criminal marketplaces, where full identity bundles known as “fullz” (including Social Security numbers, dates of birth, and addresses) can sell for up to $100.

To run these tests, fraudsters exploit Merchant Identification Numbers (MIDs), the unique IDs tied to merchant accounts that allow businesses to process payments.

While tester MIDs are meant to simulate transactions and confirm systems work before going live, criminals abuse them for card-testing. In 2024, the number of identified tester MIDs increased by 48%, giving fraudsters more opportunities to validate stolen card data.

Cyber incidents often precede fraud, but many signals never make it to the right people. At many banks and financial institutions, the gap comes from several barriers:

• Organizational silos: Separate reporting lines mean cyber alerts rarely inform fraud models, and fraud events may not be tied back to their cyber origins.
• Resource constraints: Larger institutions may have cyber fraud fusion programs, but smaller ones often lack the staff and budget for effective integration and data-sharing.
• Data gaps: Most financial institutions maintain an external threat intelligence feed that covers broad cyber threats, but may overlook, for example, payments-specific indicators tied to fraud.
• Limited information sharing: Even with strong cyber and fraud intelligence, a lack of sharing across financial institutions delays detection and weakens the industry’s ability to disrupt attacks early.

For cyber and fraud teams to coordinate effectively, banks need structured approaches to cyber fraud fusion that make collaboration consistent and repeatable. There are several steps banks can take to close the gap and move to proactive defense:

• Leverage payments-focused intelligence
• Build information-sharing routines
• Expand intelligence sharing across the financial ecosystem

Payments-specific threat intelligence helps teams tailor threat analysis and response directly to fraud risks. For example, intelligence can flag e-skimmer infections at merchants before card data is stolen. This intel allows banks to proactively monitor at-risk cards, reducing losses and minimizing disruption for customers.

Banks don’t need massive budgets to benefit from intelligence sharing. Fraud and cyber teams at smaller institutions can adopt basic fusion practices, such as weekly joint reviews to analyze data patterns or ad hoc collaboration around specific cyber events. 

These routines build trust between teams, helping them leverage threat intelligence data proactively and establish effective contingency plans. 

When institutions keep intelligence to themselves or share it only with a handful of partners, the industry struggles to mount a collective defense. Broader information-sharing helps shut down fraud faster across the ecosystem.

Improved collaboration between cyber and fraud teams helps banks prevent cyber fraud more effectively and brings clear benefits, including:

• Faster fraud detection and response
• Stronger customer trust and retention
• Clearer ROI for security and fraud leaders
  

Integrated intelligence reduces mean time to detection, allowing teams to understand threats better and act on them faster, before they escalate into large-scale fraud. By spotting attacks earlier, banks can limit financial losses and minimize the impact on their operations and customers.

Reducing fraud incidents can also help minimize customer churn and support long-term customer relationships. Almost two-thirds of bank customers (62%) say how a bank handles fraud has a greater impact on trust than the fraud incident itself.

Security teams often struggle to prove their impact on business performance. By tying their work directly to fraud prevention, they can demonstrate measurable outcomes such as lower churn, preserved customer lifetime value, and reduced financial losses.

Likewise, when fraud and cybersecurity teams work together, both functions can clearly demonstrate their strategic value. Collaboration reinforces their roles in building customer trust and protecting the institution’s bottom line.

When fraud and cyber teams unite, they can surface early cyber indicators that would otherwise go unseen and act on them before they escalate into fraud.

Improving cyber fraud fusion through integrated intelligence allows institutions to allocate resources more effectively by focusing on the signals that matter most for stopping fraud. With defined tools and processes to share intelligence consistently, financial institutions strengthen not just their own internal defenses, but also the collective resilience of the industry.

Looking to spot fraud sooner? Explore Mastercard’s cybersecurity and cyber intelligence capabilities to learn more.   

Here’s a closer look at some of the most common questions about the link between cybersecurity and fraud prevention.

Many fraud schemes start with earlier cyber incidents like a phishing attack or malware infection. Spotting these early signals helps banks connect the dots before criminals monetize stolen data through fraud.

Organizational silos, resource limits and poor intelligence sharing often keep fraud and cyber teams apart. Without collaboration, warning signs go unshared, slowing detection and leaving banks more exposed.

By establishing consistent intelligence-sharing frameworks, banks can break down silos between cyber and fraud teams. Sharing payments-specific threat intelligence and coordinating response routines enables earlier detection, faster intervention, and reduced fraud losses.