NEW YORK — Mastercard said Wednesday that it expects to be able to detect that your credit or debit card number has been compromised well before it ends up in the hands of a cybercriminal.
In the latest software update being released this week, Mastercard is integrating artificial intelligence into its fraud prediction technology, which it expects will help it see patterns in stolen cards more quickly and allow banks to replace them before they are used by criminals.
“Generative AI will make it possible to find out where your credentials have been compromised, how can we identify how this may have happened and how we can remedy that situation very quickly, not only for you, but also for the other customers who don't doing. know they've already been compromised,” Johan Gerber, executive vice president of security and cyber innovation at Mastercard, said in an interview.
Mastercard, based in Purchase, New York, says that with this new update it can use other patterns or contextual information, such as geography, time and addresses, and combine them with incomplete but compromised credit card numbers that appear in databases to gain access to cardholders replace the bad card sooner.
The patterns can now also be used in reverse, potentially using batches of bad cards to detect potentially compromised merchants or payment processors. The pattern recognition goes beyond what people might do through database research or other standard methods, Gerber said.
Billions of stolen credit and debit card numbers are floating on the dark web and can be purchased by any criminal. Most have been stolen from merchants in data breaches over the years, but a significant number have also been stolen from unsuspecting consumers who used their credit or debit cards at the wrong gas station, ATM or online merchant.
These compromised cards can go undetected for weeks, months, or even years. Only when the payment networks themselves delve into the dark web to search for stolen numbers themselves, a merchant hears about a breach, or the card is used by a criminal, do the payment networks and banks learn that a series of cards may have been compromised.
“We can now actually proactively reach out to the banks to ensure that we serve that consumer and put a new card in their hands so that they can live their lives with as little disruption as possible,” Gerber said.
Payment networks are largely trying to move away from “static” credit or debit card numbers – that is, a card number and expiration date used universally by all merchants – and towards unique numbers for specific transactions. But that transition could take years, especially in the US, where payment technology adoption often lags.
While more than 90% of all personal transactions worldwide now use chip cards, in the US this figure is closer to 70%, according to EMVCo, the technology organization behind the chip in credit and debit cards.
Mastercard's update comes as its main competitor, Visa Inc., is also looking for ways to get consumers to ditch the 16-digit credit and debit card number. Visa last week announced major changes to the way credit and debit cards will work in the US, meaning Americans will have fewer physical cards in their wallets, and the 16-digit credit or debit card number printed on each card will become increasingly will become more irrelevant.
