Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

As with just about every industry, AI has increasingly infiltrated the financial sector — from visual AI tools that monitor customers and workers to automating the Paycheck Protection Program (PPP) application process.

Talking at VentureBeat’s Transform 2021 event today, Johan Gerber, executive VP for security and cyber innovation at Mastercard, discussed how Mastercard is using AI to better understand and adapt to cyber risk, while keeping people’s data safe.

Lego blocks

On the one hand, consumers have never had it so easy — making payments is as frictionless as it has ever been. Ride-hail passengers can exit their cab without wasting precious minutes finalizing the transaction with the driver, while home-workers can configure their printer to automatically reorder ink when it runs empty. But behind the scenes things aren’t quite so simple. “As easy as it is for the consumer, the complexity lies in the background — we have seen the evolution of this hyper connected world in the backend just explode,” Gerber said.

Even the largest companies don’t build everything in their technology and data stacks from scratch, with countless components from different parties coming together to create the slick experiences that customers have come to expect. It’s also partly why big companies will often acquire smaller startups, as Mastercard did a few months back when it agreed to buy digital identity verification upstart Ekata for $850 million.


MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

However, connecting all these “Lego blocks,” as Gerber calls them, is where the complexity comes in — not just from a technological standpoint (i.e. making it work), but from a data privacy perspective too.

“We’ve seen innovation happening faster than ever before, but it happens not because every company is innovating from A all the way through Z, but [because] we’ve got these third parties in the middle that are creating these wonderful experiences,” Gerber said. “Now, once I put all of this together, how do I manage security, how do I manage cyber risk, when I’ve got a hundred or thousand different third-parties connected to create that one experience for the consumer?”

In cybersecurity, there is an obvious temptation to “isolate things” to minimize the impact from cyberattacks or data leaks, but for products to work, the “Lego blocks” need to be connected. Moreover, companies need to share intelligence internally and within their industry, so that if a cyber attack is happening all their collective systems around the world are put on alert.

“Systemic risk” is what we’re talking about here, something that major financial institutions comprised of myriad Lego blocks need to address, all the while considering compliance and data privacy issues. This is particularly pertinent for global businesses that have a plethora of regional data privacy regulations to contend with, including country-specific laws around data residency.

From Mastercard’s perspective, it leans on a philosophy it calls connected intelligence, or collaborative AI, which is about connecting the dots between systems by “sharing intelligence or outcomes, and not the underlying data,” Gerber noted.

“So by not sharing the underlying data but sharing confidence levels and outcomes, I can maintain your privacy — I don’t have to say ‘this is you’ or ‘this is your card,’ I can just say ‘this person passed the first test and passed it really well,'” he said. “So the collaborative AI is basically how AI systems can share outcomes as variables, so the output of the model becomes the input variable to another model.”

Platform approach

So how does Mastercard achieve all this, so that the data is safeguarded while the systems can still derive insights from the data itself? According to Gerber, the company takes a platform approach — at the bottom end is where the raw data is ingested, upon which the company uses all manner of technologies such as Hadoop and similar tools capable of processing multiple sources of data in real time. From this raw data, Mastercard creates what it refers to as “intelligence blocks,” which are variables derived from the underlying data.

“By the time you get to the derived variable, we’ve applied a layer of compliance checking, data governance checking, [and] made sure that our models are not biased,” Gerber said. “We’ve basically done all the regulatory data scrubbing to ensure that we don’t abuse anything that goes in.”

This is the data that Mastercard can now freely use to build its AI models and products, leading to the top-end customer access layer through which third-parties such as retail stores or card issuers can query a transaction in real time through Mastercard’s API.

Above: Mastercard: Platform approach to data security and privacy

Through all of this, Mastercard doesn’t share any data with banks or retailers, but it can still greenlight a transaction on an individual level. And all this data in aggregate form can also give Mastercard valuable insights into possible attacks; for example, an unexpected spike in transactions coming from a particular retailer might indicate that something untoward is happening. Criminals have been known to procure a bunch of stolen card numbers and then try to imitate retail stores by running transactions against the cards.

Mastercard’s AI can also start imposing certain restrictions — for example, limiting specific types of card at specific retail stores to small-value purchases of less than $50 — or otherwise block any kind of transaction that it considers questionable.

So it’s clear that there is quite a lot of automation at play here — and there really needs to be, given that it would be impossible for humans alone to analyze millions of transactions in real time. The ultimate goal is to help companies improve their security and combat fraud, while ensuring that legitimate customers and retailers are affected as little as possible, as well as adhering to strict data governance rules and regulations.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.