NEW YORK — Mastercard said today that it expects to be able to discover that your credit or debit card number has been compromised well before it ends up in the hands of a cybercriminal.
In its latest software update rolling out this week, Mastercard is integrating artificial intelligence into its fraud-prediction technology that it expects will be able to see patterns in stolen cards faster and allow banks to replace them before they are used by criminals.
“Generative AI is going to allow to figure out where did you perhaps get your credentials compromised, how do we identify how it possibly happened, and how do we very quickly remedy that situation not only for you, but the other customers who don’t know they are compromised yet,” said Johan Gerber, executive vice president of security and cyber innovation at Mastercard, in an interview.
Mastercard, which is based in Purchase, New York, says with this new update it can use other patterns or contextual information, such as geography, time and addresses, and combine it with incomplete but compromised credit card numbers that appear in databases to get to the cardholders sooner to replace the bad card.
The patterns can now also be used in reverse, potentially using batches of bad cards to see potentially compromised merchants or payment processors. The pattern recognition goes beyond what humans could do through database inquiries or other standard methods, Gerber said.
Billions of stolen credit card and debit card numbers are floating in the dark web, available for purchase by any criminal. Most were stolen from merchants in data breaches over the years, but also a significant number have been stolen from unsuspecting consumers who used their credit or debit cards at the wrong gas station, ATM or online merchant.
These compromised cards can remain undetected for weeks, months or even years. It is only when the payment networks themselves dive into the dark web to fish for stolen numbers themselves, a merchant learns about a breach, or the card gets used by a criminal do the payments networks and banks figure out a batch of cards might be compromised.
“We can now actually proactively reach out to the banks to make sure that we service that consumer and get them a new card in her or his hands so they can go about their lives with as little disruption as possible,” Gerber said.
The payment networks are largely trying to move away from the “static” credit card or debit card numbers — that is a card number and expiration date that is used universally across all merchants — and move to unique numbers for specific transactions. But it may take years for that transition to happen, particularly in the U.S. where payment technology adoption tends to lag.
While more than 90% of all in-person transactions worldwide are now using chip cards, the figure in the U.S. is closer to 70%, according to EMVCo, the technological organization behind the chip in credit and debit cards.
Mastercard’s update comes as its major competitor, Visa Inc., also looks for ways to make consumers discard the 16-digit credit and debit card number. Visa last week announced major changes to how credit and debit cards will operate in the U.S., meaning Americans will be carrying fewer physical cards in their wallets, and the 16-digit credit or debit card number printed on every card will become increasingly irrelevant.