Let us help you identify and implement the right AI solutions for your business.
In the high-stakes world of digital payments, card-testing attacks emerged as a critical threat to Mastercard's ecosystem. Fraudsters deploy automated bots to probe stolen card details through micro-transactions across thousands of merchants, validating credentials for larger fraud schemes. Traditional rule-based and machine learning systems often detected these only after initial tests succeeded, allowing billions in annual losses and disrupting legitimate commerce.[1] The subtlety of these attacks—low-value, high-volume probes mimicking normal behavior—overwhelmed legacy models, exacerbated by fraudsters' use of AI to evade patterns.[2]
As transaction volumes exploded post-pandemic, Mastercard faced mounting pressure to shift from reactive to proactive fraud prevention. False positives from overzealous alerts led to declined legitimate transactions, eroding customer trust, while sophisticated attacks like card-testing evaded detection in real-time. The company needed a solution to identify compromised cards preemptively, analyzing vast networks of interconnected transactions without compromising speed or accuracy.[3]
Mastercard's Decision Intelligence (DI) platform integrated generative AI with graph-based machine learning to revolutionize fraud detection. Generative AI simulates fraud scenarios and generates synthetic transaction data, accelerating model training and anomaly detection by mimicking rare attack patterns that real data lacks.[2] Graph technology maps entities like cards, merchants, IPs, and devices as interconnected nodes, revealing hidden fraud rings and propagation paths in transaction graphs.[1]
This hybrid approach processes signals at unprecedented scale, using gen AI to prioritize high-risk patterns and graphs to contextualize relationships. Implemented via Mastercard's AI Garage, it enables real-time scoring of card compromise risk, alerting issuers before fraud escalates. The system combats card-testing by flagging anomalous testing clusters early.[4]
Deployment involved iterative testing with financial institutions, leveraging Mastercard's global network for robust validation while ensuring explainability to build issuer confidence.[3]
Book a free consultation to explore how AI can solve your specific challenges.
Mastercard's solution centers on its proprietary Decision Intelligence (DI) platform, enhanced with generative AI models akin to GPT architectures and graph machine learning. The gen AI component generates synthetic data to augment sparse fraud signals, enabling faster training of detection models on rare events like card-testing attacks. Graph ML, powered by technologies like Neo4j or proprietary graph databases, models transactions as dynamic graphs where nodes represent cards, accounts, merchants, devices, and IPs, with edges capturing relationships and velocities.[1][2]
This architecture processes billions of transactions daily, using embeddings to vectorize graph features and feed them into transformer-based gen AI for predictive scoring. Risk scores are computed in milliseconds, flagging cards with elevated compromise probability based on propagated signals from testing clusters.
Development began in early 2024 at Mastercard's AI Garage, with the foundational gen AI model announced in February 2024, promising up to 300% detection boosts. By May 2024, the full gen AI + graph system launched commercially, doubling detection speeds for compromised cards. Rollout involved phased pilots with issuing banks, integrating via APIs into existing authorization flows.[3] Training leveraged federated learning across Mastercard's network to preserve privacy, with continuous retraining on evolving attack vectors.
The approach overcame data silos by unifying siloed signals into a unified graph, using gen AI for imputation of missing data. Scalability was ensured via cloud-native deployment on hyperscalers, handling peak loads during high-fraud periods like holidays.
A primary challenge was class imbalance in fraud data—fraud comprising <0.1% of transactions—addressed by gen AI's synthetic oversampling, improving model recall without inflating false positives. Graph complexity risked computational bottlenecks, mitigated by efficient graph neural networks (GNNs) like GraphSAGE for scalable inference.[2] Regulatory compliance (e.g., GDPR, PCI-DSS) was navigated through explainable AI techniques, providing audit trails of graph traversals and AI decisions.
Integration hurdles with diverse issuer systems were resolved via standardized APIs and sandbox testing, achieving 99.9% uptime. Fraudster adaptation was countered with online learning, updating models in hours versus weeks.
Post-launch, the system scaled globally, covering over 3 billion cards. Enhancements in 2025 incorporated behavioral biometrics and velocity checks, per recent reports. Ongoing monitoring via A/B testing validates 2x speed gains and ROI through reduced fraud losses.[4] Future iterations explore agentic AI for autonomous response.
Issuers report fewer chargebacks, merchants see reduced testing traffic, and consumers experience seamless payments. This positions Mastercard as a leader in AI-driven payments security.[5]
Discover how we can help you implement similar solutions.
Founder & Partner
Reruption GmbH
Falkertstraße 2
70176 Stuttgart
Phone