Corporations and politicians share a tendency to say things that are narrowly true, though a lack of context renders the statements misleading. Mastercard on Nov. 30 offered a terrific example of this in the security arena.
On that day, the card brand rolled out something it calls Decision Intelligence, which it said “uses artificial intelligence technology to help financial institutions increase the accuracy of real-time approvals of genuine transactions and reduce false declines.” That sounds pretty good. It then elaborated why it saw this as news: “This is the first use of AI being implemented on a global scale directly on the Mastercard network.” It also labels Decision Intelligence as “a radical new approach,” one that “takes a broader view in assessing, scoring and learning from each transaction. That score then enables the card issuer to apply the intelligence to the next transaction.” Mastercard’s Ajay Bhalla, president of its enterprise risk and security efforts, is even quoted as saying, “We are solving a major consumer pain point of being falsely declined when trying to make a purchase.”
But the “radical approach” of using A.I. to intelligently assess fraud in real time has been done routinely for years by providers that include Forter, Signifyd, Smyte, Stripe Radar, Sift Science, Ravelin, Riskified and Feedzai. Naturally, unlike Mastercard’s technology, all of them look for problems across payment types, not limiting themselves to transactions from one payment card. (Full disclosure: I’ve written some blog pieces for Sift Science.)
And the claim that Mastercard has solved the problem of false declines is really over the top. There are two problems with that, one involving market share and the other involving the data that Mastercard can apply its A.I. to.
Mastercard does not have a stranglehold on the transactions market, and in fact Visa processes far more transactions. And while there are merchants that get along without accepting American Express, Diner’s Club or Discover, it’s just about impossible to accept Mastercard and not accept Visa. That means that, even if this Mastercard effort were perfectly effective, merchants would still have to deploy other antifraud measures for every other payment type they accept. So how does a Mastercard-specific approach help them, given that it is limited to a minority of their transactions?
Here’s what one security executive (who wished to remain anonymous and not alienate Mastercard) had to say about Mastercard’s announcement: “There’s nothing new in their technology or its application. More likely, Mastercard is just trying to fix a deeply broken declines problem and is hoping this will help them look better in the eyes of banks when it comes time to renegotiate contracts.” He then tried to imagine what Mastercard would say to those banks: “‘We can help you reduce declines. Look, we have fancy artificial intelligence.’”
The security executive added that the best A.I. analytics can’t overcome the limitation that the data that Mastercard has access to — transaction data — is quite restricted. Most security firms use a “machine learning model [that] is informed by all kinds of data, including how users behave on their site, specific order information, device information, user account details, navigation patterns on the merchant’s website, social networking activity, stuff Mastercard has no access to.”
Any embrace of analytics in security is a positive move. Let’s just hope Mastercard doesn’t believe its own hype. It might have to change its tagline to “Mastercard: We’re everywhere context isn’t.”