Cyberattacks targeting payments are surging. According to a recent Nilson report, by 2030 – when total payment card volume will surpass $79 trillion worldwide – the industry will lose an estimated
$49 billion from card-not-present fraud.
In an interview with Finextra, Rigo Van den Broeck, executive vice president, cybersecurity solutions, Mastercard, explained how organisations can address this issue with a trifecta of strategies to protect their customers – and, ultimately, their bottom
line. These include curated intelligence, organisational reform and industry-wide collaboration.
The scale of cyber threat
To avoid detection, today’s cybercriminals are constantly cycling through an ever more sophisticated raft of tactics, targets, and attack tools. Given its high exposure to this threat, the payments industry is engaged with fraudsters in a perennial game
of whack-a-mole, in the hope of protecting users and limiting losses.
“The digital economy’s rapid growth has many benefits – from more secure payments through tokenisation, to the ability to make real-time payments,” explained Van den Broeck. “While these technologies are empowering businesses and consumers around the world
by making payments easier and more convenient, new cyberthreats are emerging at the same time. No individual or organisation is immune.”
Indeed, payment fraud often begins as a cyberattack. Through Mastercard’s vast payments network, it has access to billions of data points and fraud insights, providing a comprehensive view of the risk landscape. Van den Broeck pointed out that fraudsters
steal payment card numbers through spyware or malware and then test the card by carrying out a small transaction, worth one cent, for example. If successful, the card is used for illegal purchases or sold to other criminals.
Phishing is another major entry point for criminals to gain access to data, as are supply chain or third-party vendor attacks – whereby bad actors gain access to an organisation's network and data via a vendor or supplier.
One of the reasons cybercriminals are so successful today is because they are accessing resources and advanced attack tools via open-source marketplaces on the dark web. Online global forums and communities are increasingly becoming places for sharing information
and attack strategies. The use of artificial intelligence (AI) and automation is accelerating the development of these tools.
With the scale and sophistication of the risk landscape laid bare, it is time for FIs to reconsider their responses and devise a composite strategy – spanning threat intelligence, organisational reform, and industry-wide collaboration.
Tactic one: Curated intelligence
According to Van den Broeck, the first in a trifecta of fraud responses must involve curating threat intelligence data. By leveraging this information and quickly acting on it, organisations can proactively detect, prevent and respond to cyber-enabled fraud.
So, how does this work in the field?
“With a global network view, threat insights can enhance the security approach for an organisation as well as the digital ecosystem-at-large,” explained Van den Broeck. “It’s critical to continuously assess entities to understand external threats and measure
the cyber resilience of organisations.”
Real-time and historical payment flows are key to identifying anomalies and suspicious behaviors, enabling payment fraud and merchant compliance teams at issuing and acquiring banks to identify and prevent fraudulent transactions before it impacts their
bottom line.
Proactivity is increasingly becoming the vital element in tackling cyberattacks. According to a 2025 Datos Insights survey,
57% of global fraud leaders report they are notified of cyber-breaches only
after fraud losses begin.
Tactic two: Organisational reform
The second tactic for combatting payments fraud is based on organisational reform. Fraud and cyber teams can further sharpen their responses – and identify emerging threats faster while proactively strengthening security measures – by making structural changes
to how they work together on the ground. In Van den Broeck’s view, this means bridging communication gaps and ensuring cross-team communication.
“As fraud and cyber threats increasingly converge,” he said, “collaboration between fraud and cybersecurity teams is essential to enable real-time intelligence sharing, unified KPIs, and proactive threat detection – turning fragmented signals into actionable
insights before financial losses escalate. By aligning workflows and embedding threat intelligence into decisioning engines, organisations can anticipate attacks earlier in the lifecycle and strengthen their resilience.”
This shift from reactive to proactive security is foundational to protecting consumers, reducing fraud losses, and maintaining trust in an era of sophisticated, AI-driven threats.
Tactic three: Industry-wide collaboration
Yet, as is increasingly the case in the payments industry, no organisation can formulate a robust and long-lasting response in isolation. As such, industry-wide collaboration is the third and most foundational tactic; enabling the collective identification
of emerging fraud trends and the preservation of customer trust in the wider ecosystem. To combat payment fraud at scale, argued Van den Broeck, fraud insights and global network visibility must be united with cyber threat intelligence:
“More broadly, we must work with FIs, policy makers, educational institutions and law enforcement to share insights, identify patterns, and take action to help keep the digital ecosystem safe.”
Some challenges and rewards
In today’s world of tech-driven innovation, there is hardly any sector left untouched by AI – and payments are no different.
“AI is a key enabler of fraud prevention in financial services,” said Van den Broeck. “It enables real-time detection and predictive analytics, at scale. With AI we can go further, faster, and keep customers safe.”
Mastercard, for its part, is using AI to analyse billions of data points in real time, identifying suspicious patterns and anomalies that may indicate fraud. Its solution has detected and declined over 70 billion fraudulent transactions since its launch
10 years ago.
“With global fraud losses climbing, industry leaders are prioritising AI-driven solutions to protect consumers and maintain trust,” Van den Broeck summarised. “Long-term success depends on balancing robust security with seamless customer experience, ensuring
regulatory compliance, and staying ahead in an AI arms race where fraudsters are equally innovative.”
The shifting tectonics of fraud
The fraud landscape is becoming increasingly pervasive, personalised and technologically sophisticated.
In the coming years, Van den Broeck believes we will likely see a shift from traditional card fraud to scam-based fraud, AI-powered scams, and identity manipulation. Indeed, criminals are already exploiting human behavior and digital vulnerabilities, as
opposed to purely technical loopholes. As commerce becomes more digital – and AI more accessible – the line between what’s real and what’s fake will become blurred.
“A proactive, intelligence-first approach here is essential to combating the challenges of an evolving fraud landscape,” Van den Broeck concluded. “A more secure future requires the continued advancement of cyber technology – faster than fraudsters can advance
theirs – and a united, collective defense that protects trust across the entire digital ecosystem.”