We are witnessing a continual escalation in the number, type, and sophistication of cyberattacks. And we are responding accordingly. The same tools and techniques available to attackers are also accessible to defenders. Fraud is an arms race in which we invest a lot of time and money in to protect our systems.

An interesting area is social manipulation, known as social engineering. The weakest link in any system often is us, the human element. The sophistication in phishing attacks and attempts of fraud by individuals posing as friends or business associates has significantly increased.

This is where Mastercard's Zero Liability and consumer protection come into play as we offer consumers an option that many other payment methods do not have. Unfortunately, there are incredibly clever individuals out there. I wish they would use their skills for good rather than for bad things. Sadly, people are always vulnerable to the right offer and the right attack.

Fraud constantly shifts its lines. The more we secure the transaction side of the system, the more fraud shifts toward social manipulation and account takeovers. People create or open new suspicious accounts. They are not targeting the payment system itself but are aiming at targets higher up in the process. Identity theft, fraud in account openings, and a few others are significant areas. Thus, we collaborate with financial institutions, clients, law enforcement agencies, and others to counter these threats. A highly intricate ecosystem has emerged, involving individuals specializing in exploits and information extraction. Brokers sell this information, and others seek to profit from it. Some focus on accessing consumer credentials, while others monetize direct system attacks. Interestingly, with many of these actors you have nation state sponsorship.

I wouldn't directly attribute an increase in specific types of attacks to the start of the war in Ukraine. There have certainly been many cyber activities, and they are increasing, especially in terms of speed and sophistication. But whether they are linked to a particular geopolitical event or simply reflect the general situation is hard to say.

The ability to conduct targeted phishing or social manipulation attacks using scalable large language models or text generation has not been widely observed in practice yet. I don't think we've seen that as much in the wild, but it's certainly been projected. It is one of the unintended consequences. New technologies are neither inherently good nor bad, but they are also not neutral. Every new technology will be used for both executing and preventing attacks.

It's not just AI; it's the combination with increased connectivity that has led to an exponential increase, an explosion of available data. We can use this data to gain new insights and power AI engines, enabling us to do things that were previously impossible. We've made significant strides in recent years with machine learning, making our systems smarter. Now, new opportunities and potentials arise through generative AI and in areas like quantum computing. All of this presents incredible opportunities but can also pose significant threats. Hence, we need to grapple with these new technologies. However, amidst all the technology we discuss: agility is not the goal, APIs are not the answer, the cloud is not a destination, and Lord knows, AI is not a strategy. They are simply amazing tools that offer immense potential. The key lies in utilizing them effectively.

The question is how we utilize technologies. AI, in itself, is nothing new for Mastercard. For over a decade, we've been using powerful AI technologies and techniques. Forbes named Mastercard's Decision Management Platform as Innovation of the Year in 2019. We employed 13 different AI engines to make the network smarter and more secure. It's basically a supercomputer we put together through commodity hardware. It features a massive in-memory grid containing billions of card profiles and over 200 analytical vectors that are updated in real-time from transactions flowing through the network. This allows us to make sophisticated decisions in less than 15 milliseconds, enhancing transactions and network operations. As a result, Last year we stopped over $10 billion worth of fraud from being executed. But it wasn't just about stopping fraud.

We also wanted to ensure that all legitimate transactions ran more smoothly. Consequently, as we transitioned from a rules-based to an AI-based systems, we achieved a three-fold increase in fraud prevention and a six-fold increase in correct transactions passing through the system.

We are constantly anticipating potential new methods of fraud and looking for ways to prepare. One example is our work in the field of quantum computing security. How can we use quantum-resistant algorithms in systems? We have already tested Quantum Key Distribution in our network. With this method, keys can themselves be secured rather than relying on an algorithm-based process that can be hacked. It provides a secure distribution of a one-time key that cannot be cracked. We harness the power of quantum key distribution to strengthen our entire infrastructure. We work with industry experts such as Verizon to test these methods, secure our network, and protect our data.

We have separated the algorithms we use for encryption from the deployment process. We work with methods like elliptical curve cryptography, which is based on the calculation of two points on a curve. To crack it, you would need to know the curve itself. Could quantum computers theoretically attack it? Yes. However, it's not like the prime factoring number. We are gradually working towards making these algorithms quantum-resistant and developing an algorithm that cannot be computed.

We are collaborating with central banks and other initiatives worldwide on the topic of CBDC. Currently, we have over 150 currencies in our system as digital counterparts to one of these currencies. Nevertheless, a currency is only as useful as the places where it can be used. The ability to have a digital currency running on the Mastercard acceptance network, which connects to 100 million merchants today, offers some real possibilities. We are working closely with banks on this. The Bahamian Sand Dollar project was one of the first projects for a CBDC, and we actually issued a Mastercard for it. We strongly support anything that makes central banks more efficient and makes things more accessible and secure.

Not necessarily a significant one. Although blockchain technology could be applied, it comes with substantial computational demands and technical overhead. These complexities often arise for tasks that could be efficiently managed using a centralized database system. It creates two separate issues. One concerns the issuance of a central bank-backed currency, while the other questions whether a blockchain framework is the most suitable technological solution. For example, China and its eRenminbi project utilize blockchain technology. But – and I'm not trying to create a false equivalence here – if you look at a Bitcoin transaction compared to a Mastercard transaction, a Bitcoin transaction consumes about 700,000 times more electrical energy.

Ed McLaughlin (58) is the President and Chief Technology Officer of Mastercard and a member of the management committee. He is responsible for the global payment network, platforms, infrastructure, information security, and technology centers. Previously, he held the positions of Chief Information Officer and Chief Emerging Payments Officer. Prior to joining Mastercard, he served in senior roles at Metavante (now FIS), Paytrust, and Logicworks. He is a graduate of the Wharton School of Business and has completed the AI: Implications for Business Strategy Executive Program at the Massachusetts Institute of Technology (MIT). He is also a member of the Council on the Responsible Use of Artificial Intelligence at the Harvard Kennedy School. In 2019, he received the Forbes CIO Innovation Award.