How to Combat the Escalating AI-Powered Fusion of Cybercrime and Fraud
By Justin Estes, Contributor at The Financial Brand
Simple Subscribe
Subscribe Now!
Executive Summary
- In a recent episode of the Banking Transformed podcast, host Jim Marous spoke with Laura Quevedo, executive vice president of fraud and decision solutions at Mastercard, about how the fusion of cybercrime and fraud is reshaping financial security.
- Quevedo explained that modern fraud now begins with cyber infiltration, where stolen data from breaches is weaponized across institutions and channels, exposing the limits of traditional, siloed defenses.
- She emphasized that effective protection depends on real-time collaboration, automation and integrated intelligence that link cyber insights directly into fraud detection models.
- As criminals harness generative AI to scale scams and impersonations, Quevedo noted that financial institutions must adopt the same technologies ethically and strategically to predict and prevent the next wave of fraud.
Q: Can you walk us through how a cyberattack actually develops into fraud and what that progression looks like?
LAURA QUEVEDO: The way we think about it, and the way I think we’re seeing this really play out, is that the cyberattack is really the first stage of any fraud that occurs. What we’re seeing is a merchant website that’s been infiltrated with malicious code, allowing criminals to steal card information.
Once they steal that card information from a legitimate cardholder shopping on a legitimate merchant site, they then take those card numbers and they can sell them on the dark web or they can use them themselves to then commit fraud.
We’re also seeing things like BIN attacks, where criminals are leveraging test merchants and just card information to test cards, either in the authorization or the authentication stream, just to see if the card number is good, and then they go and sell it on the dark web to a criminal who will then monetize it. So, we’re seeing these kinds of attacks happen, and they typically start in the cyber realm.
The Hidden Cost of Siloed Teams
Q: What warning signs of coordinated attacks do organizations with siloed fraud and cyber teams often overlook?
QUEVEDO: That’s a really good question, and that goes back to what I was saying before about the cyberattack being the first stage. If I have two very independent organizations, one focused on cyber and one on fraud, they will miss some of those key indicators.
So, for example, the cyber team may have seen that a particular merchant is exposed in some way. Either it’s been a victim used as a coordinator of BIN attacks, or it may have malicious code, and they know that information.
If the fraud team knew that, then they may be able to say, “Hey, these cards were used at this merchant that we know has been compromised or has some bad code, so now I’m going to apply more due diligence to the transactions that are coming through the network for those particular cards.” So, by missing that kind of shared intelligence, the fraud teams are going to miss key indicators that help identify these transactions as potentially bad and possibly the result of a fraud attack.
Q: Beyond poor communication, what are financial institutions missing in their fraud prevention playbooks?
QUEVEDO: I think some of the critical things that financial institutions have to think about is not just how they work together, but how quickly they work together, and how they can work together in an automated way.
So, how do they readily and easily share data and share insights from one side to the other so that they can be embedded in the different fraud tools and capabilities that they may have?
It’s important that not just the communication, but the automation and the integration of data and capabilities are critically important. So, being able to leverage all of that information in a real-time automated way is really a major focus.
Mastercard’s New Threat Intelligence Weapon
Q: What is Mastercard Threat Intelligence and how does it differ from what you’ve offered in the past?
QUEVEDO: Well, the key to this is the different kinds of intelligence that we’re able to bring to bear through this tool. We have insights into merchants that may have been compromised. We know about merchant websites used for card testing and cards that have been sold on the dark web or used in other ways.
Being able to take these insights and embed them into traditional fraud models makes them much more intelligent and effective. So, that’s really the key to this added intelligence, bolstering existing fraud tools.
It’s actually intended to work in conjunction with other tools. Its insights, reporting, and intelligence can be leveraged in multiple ways. It can definitely be embedded in the insights and information within your internal fraud tools or in any kind of AI model.
So, how you use that data for education and awareness is a critical component of your overall fraud strategy.
Q: What measurable impacts are you seeing when banks integrate cyber intelligence into their fraud detection tools?
QUEVEDO: So, we have seen that by adding additional intelligence just internally within Mastercard, for example, we have seen just by leveraging additional insights that we’re pulling in from all different sources, that we have been able to improve our detection tools and the tools that we’re able to offer to customers by huge amounts.
In some cases, there is as much as a 300% increase in fraud detection for some of our AI models, like our decision intelligence. We’ve seen a 20% increase in the detection of scam attacks on certain other products, such as in our financial crime area. So, we know that these types of insights and intelligence really do help identify next-gen fraud attacks and improve the accuracy of our models.
The AI Arms Race in Fraud
Q: How are fraudsters using generative AI to make more convincing scams and scale attacks?
QUEVEDO: And you’re absolutely right. I mean, it’s no secret that criminals have access to the same tools as everyone else, and they have been able to create highly sophisticated scams. They’re leveraging things like deep fakes to really improve how they target consumers and consumer data, making it extremely hard for anyone to tell the difference.
Dig deeper:
- Fraud Is Inevitable. Cardholder Attrition Doesn’t Have to Be.
- Here’s Your Due Diligence Checklist for AI Fraud Dispute Management
- Modernizing Fraud Disputes with AI: Balancing Cost, Compliance and Customer Trust
So, as a result, Mastercard is also leveraging that same technology, but applying it to our various fraud solutions and tools. We know that leveraging additional insights and integrating them through tools like generative AI makes our tools not just stronger at detecting, but also really strong at predicting what could be fraudulent.
Q: How is Mastercard using AI to fight these threats while maintaining ethical standards and regulatory compliance?
QUEVEDO: We’re doing a good job of staying ahead and incorporating new technology as quickly as possible. I think we’re definitely doing it as quickly as criminals. Still, obviously, when you think about the way criminals have really no controls around them, they can use whatever data they want, they can go in any direction they want, they’re not bound by regulations, and they’re not bound by kind of restrictions.
Within financial institutions and the banking industry, we’re obviously looking very carefully at how we leverage data to ensure we’re doing it in the most ethical way, while also making sure that our technology is safe, secure, and protects the confidentiality of transactions.
So, we have more at play when it comes to how we build our products and solutions, but they’re built with integrity and all the right protections in place.
The Scam Economy Ahead
Q: Looking ahead, what emerging threats are you most concerned about?
QUEVEDO: Well, in my mind, two areas are coming that we have to be really prepared for, and we have to really think about in terms of preparing consumers and preparing the industry.
There’s no doubt that scams will continue to be one of the most challenging problems that we deal with. If you ever go to a conference or any industry event, the word you hear most is scam.
Scam and fraud, fraud and scam. Scams are going to continue to be a very difficult challenge for us, especially as AI evolves and becomes more sophisticated; they will be harder and harder to detect. So, that is one of the biggest areas we need to consider.
Q: How are scams evolving beyond traditional fraud patterns where credentials are stolen?
QUEVEDO: And when I think about scams, it’s one thing to see consumers who are scammed into sending money to somebody they shouldn’t have. That’s definitely a big problem; we’re seeing it today on the account-to-account rails, that kind of scam activity.
But when you consider the sophistication of hackers and criminals today, I think we’re going to see more and more cases where the old fraud events we used to see aren’t really what’s happening anymore. What’s really going to happen is that consumers will continue to be scammed into doing things they shouldn’t have done. So, the transaction is real; they actually went through with it. It’s the real credentials, the real card, the real account, but the purpose was impacted by a scam event.
So, those are the kinds of challenges that we’re going to be dealing with. What do we do in those cases?
For that, what’s going to be critically important is understanding the players on either side and their behaviors. Is this what we expect to see from this consumer? So, we’re going to be focusing on that kind of detection capability.
And then I think the other area that we really have to focus on is this kind of new emerging agent to commerce, and all of the fraud challenges that will be presented through these new ways of transaction. So, there’s going to be a lot that keeps us busy in the years to come.
