Mastercard Uses AI to Catch Compromised Cards

Your card gets swiped, and it gets declined. You’re sure you’ve got the cash. In a split second, you’re worried you’ve had your credentials stolen, and then you wonder if the bank simply doesn’t trust you. The embarrassment and fear represent the personal cost when fraud systems make the wrong prediction.

Banks need strict guidelines because the alternative could be even worse: a card appears to be functioning normally one day and then ends up in a criminal's hands the next. Fraudsters steal card numbers by the millions, then quietly test the partial details on underground sites, and test them quietly until they find the ones that still work. Mastercard’s bet is that generative AI can break this pattern; catching compromised cards earlier, while declining fewer good transactions. Its new system has doubled the detection rate of compromised cards before they are used and significantly sped up how quickly at-risk merchants are found.

The Challenge: Concealed Compromise, Overt Friction

Typically, compromised credit cards appear legitimate until it is too late. Attackers harvest the information using spyware, malware, skimmers, and data theft; they then break the stolen information into partial 16-digit card numbers and distribute them in large batches.

Each bank observes just a small part of this activity. One bank might spot an unusual test transaction; another sees nothing. If rules are tightened, the number of real customers shut out increases. If rules are relaxed, the number of successful frauds rises. This “fraud vs. customer experience” dilemma has long been present in card systems.

The problem is complicated by the fact that Mastercard must answer a tougher question than "is this one transaction bad?" They need to figure out where and when the problem began—which cards were exposed by a suspicious merchant, and which of those cards are currently on the dark web, waiting to be exploited.

The Approach: Generative AI on a Living Network

Rather than looking at a flat list of rows, Mastercard now thinks about its network in terms of dots and lines. The card, the merchants, the devices, the locations—all are dots. When they connect, they form lines. Over time, the dots and lines create recognizable shapes of normal spending, and very different shapes when things are not quite right.

This new generative AI model is designed to identify these suspicious patterns and then fill in the blanks. The algorithm doesn't simply flag what is already visible. Based on the graph, it predicts the missing parts of the picture. This includes full card numbers likely present beneath the visible credentials, accounts that are one or two steps away in the same breach, and the likely next destinations for the fraud.

It searches through data related to billions of cards and millions of merchants to find groupings that match past incidents. When partial card numbers appear on illicit sites, or when a particular merchant keeps showing up near suspicious activity, the model infers which cards are likely exposed and which merchants are at the center of the problem.

The reason it can detect threats that would pass unnoticed by a single bank is that it has access to the whole network. Mastercard compares this to a jigsaw puzzle: pieces that were once spread out across different systems can now be put together to create the complete picture.

However, detecting the issue is only the start; the network must still approve or decline the transaction in real time. That is where Decision Intelligence Pro comes in, a generative AI upgrade to the transaction scoring engine. It scans a card’s history and related patterns, then returns a risk score in under 50 milliseconds, fast enough to decide before the terminal times out, while improving fraud detection compared with older models.

The Impact: By the Numbers

In compromised-card detection, there are three major improvements:

2× higher detection rate of compromised cards before criminals use them.

Up to 200% fewer false positives when monitoring these cards for fraud.

Up to 300% faster identification of compromised and at-risk merchants.

In other words, the network can alert banks earlier that there is an issue, and banks can prevent the card from making a large fraudulent transaction before it goes through. At the same time, improved accuracy means fewer legitimate transactions are rejected.

At Mastercard’s scale, AI models analyse around 160 billion transactions annually. Even single-digit percentage improvements mean a great deal in terms of thwarted fraud and reduced customer annoyance.

Where It Fits in Mastercard's AI Stack

This isn't a single tool tacked on the side. The compromised card model plugs into a broader AI security wall:

Threat Intelligence detects evidence that credentials or merchants are at risk.

Generative AI on the Network Map predicts the cards and merchants involved in a breach even when there is only partial data.

Decision Intelligence / DI Pro scores each new transaction in real time, approving, challenging, or blocking in a few dozen milliseconds.

Combined, these propel Mastercard from a reactive position to a proactive one, predicting where the next wave of fraud might emerge.

The Bottom Line: Why This Matters

For consumers, this generative AI isn't another chatbot. It's invisible plumbing that reduces the odds your card gets stolen—and reduces the chance you get rejected at the checkout when you've done nothing wrong.

For the industry, it means AI is doing the heavy lifting deep in the transaction chain, finding patterns beyond the reach of traditional programming. It shifts systems away from blunt rules toward precise detection. For Mastercard, it proves that AI in payments isn't about hype—it's about protecting money.protecting money.