What AI builders can learn from fraud models that run in 300 milliseconds
Source: VentureBeat
Fraud protection is a race against scale. For instance, Mastercard’s network processes roughly 160 billion transactions a year and experiences surges of 70,000 transactions per second during peak periods (like the December holiday rush). Finding the fraudulent purchases among those—without chasing false alarms—is an incredible task, which is why fraudsters have been able to game the system.
Now, sophisticated AI models can probe down to individual transactions, pinpointing the ones that seem suspicious—in milliseconds. This is the heart of Mastercard’s flagship fraud platform, Decision Intelligence Pro (DI Pro).
“DI Pro is specifically looking at each transaction and the risk associated with it,” Johan Gerber, Mastercard’s EVP of security solutions, said in a recent VB Beyond the Pilot podcast. “The fundamental problem we’re trying to solve here is assessing in real time.”
How DI Pro works
Mastercard’s DI Pro was built for latency and speed. From the moment a consumer taps a card or clicks “buy,” the transaction flows through Mastercard’s orchestration layer, back onto the network, and then on to the issuing bank—typically in less than 300 ms.
The issuing bank makes the approve-or-decline decision, but the quality of that decision depends on Mastercard’s ability to deliver a precise, contextualized risk score based on whether the transaction could be fraudulent. Rather than looking for anomalies per se, DI Pro looks for transactions that, by design, are similar to the consumer’s normal behavior.
Inverse recommender architecture
At the core of DI Pro is a recurrent neural network (RNN) that Mastercard refers to as an “inverse recommender” architecture. This treats fraud detection as a recommendation problem; the RNN performs a pattern‑completion exercise to identify how merchants relate to one another.
“Here’s where they’ve been before, here’s where they are right now. Does this make sense for them? Would we have recommended this merchant to them?” – Johan Gerber
Chris Merz, SVP of data science at Mastercard, breaks the fraud problem into two sub‑components: a user’s pattern behavior and a fraudster’s pattern behavior. “And we’re trying to tease those two things out,” he explains.
Data sovereignty
Mastercard addresses data‑sovereignty concerns by using aggregated, completely anonymized data that is not sensitive to privacy regulations. This allows the fraud team to share data globally while keeping it “on soil.”
“So you still can have the global patterns influencing every local decision,” said Gerber. “We take a year’s worth of knowledge and squeeze it into a single transaction in 50 ms to say yes or no, this is good or this is bad.”
Scamming the scammers
While AI helps financial companies like Mastercard, it also aids fraudsters, who can rapidly develop new techniques and identify fresh avenues to exploit. Mastercard fights back by engaging cyber‑criminals on their turf.
One tactic is the use of honeypots—artificial environments designed to trap threat actors. When attackers think they’ve found a legitimate target, AI agents engage with them, aiming to access mule accounts used to funnel money. This approach becomes “extremely powerful” because defenders can apply graph techniques to determine how and where mule accounts connect to legitimate accounts.
“It’s a wonderful thing when we take the fight to them, because they cause us enough pain as it is,” Gerber said.
By identifying the legitimate accounts linked—sometimes ten layers deep—to mule accounts, defenders can map global fraud networks and disrupt them more effectively.