Mastercard Touts Value of ‘War Games,’ Simulations in Prepping for Cyberattacks


The best way for enterprises to battle frauds, bot attacks, synthetic ID attacks …

… is to treat it all like a game.

A war game.

Raj Seshadri, president of data and service at Mastercard told Karen Webster that the battle against real world threats is eternal.

The hyper accelerated pace of innovation seen through the past few years, she told Webster, has given rise to the remote work environment, or hybrid models.

“There are a lot of opportunities here,” as companies embrace the great digital shift, she said, “and there are a lot of challenges too.” Those challenges run the gamut from securing Mastercard’s own payment operations to helping enterprise clients gauge risk up and down their own vendor and supplier relationships.

Global cybercrime is a staggeringly lucrative business — and indeed is big business, given the fact that it is estimated to be worth as much as $10.5 trillion in just three years.

That staggering sum may not come as a massive surprise, given that digital commerce, whether business-to-consumer (B2C) or business-to-business (B2B), is itself growing by leaps and bounds. But the myriad, indeed billions, of points of contact, across mobile devices and tablets, means that anything can be weaponized by the bad guys to infiltrate a network.

“The Internet of Things is one aspect,” to emerging vulnerabilities, said Seshadri, “but we want to keep all ecosystems secure.”

Another Piece in the Anti-Fraud Jigsaw Puzzle 

To do that, she said, requires a multilayered approach to risk assessment, monitoring security infrastructure and operations with real-time insights.

The company already had Cyber Quant and RiskRecon as prominent arrows in its anti-fraud quiver.

RiskRecon is focused on “outside-in” third party risk scanning and evaluation technologies to help customers worldwide assess enterprise and vendor. Cyber Quant helps over 1,000 clients gain an “inside-out” view of their internal security risks and quantify them in financial terms.

Now comes the announcement that Mastercard’s consulting practice has made a minority investment in Picus Security, which readies the launch of Cyber Front. Mastercard said Tuesday (May 24) that Cyber Front will operate as an always-on platform that helps clients, through simulated attacks, pinpoint vulnerabilities and make smarter decisions, with AI, about security and where their risk lies — and what’s doing the job, in terms of lines of defense. About 3,500 real-world risk scenarios, continuously refined and updated, can help uncover new threats and spur new protective measures.

“Picus is complimentary” to those other risk offerings, she said, in jigsaw puzzle fashion across authorization and fraud diagnostics, “and looks to see if preventative controls that were put in place are actually working.” Cyber Front will also help companies assess how they should address the threats that were not prevented or detected during the simulations that mimic hackers’ behaviors.

In this way, she said, the companies can examine the gaps they need to plug as they continue simulations, and head off the financial impact of risk.

Along the way, the ecosystem will solidify its lines of defense through public/private partnerships. She noted by way of example that Mastercard partnered with the Paris Chamber of Commerce in an 18-month-long educational program that included the participation of 5,000 smaller firms. From the breach “point of view,” she said, risk assessment and fraud detection have now become a board- and CEO-level concern.

“Understanding these things is the first step to getting better,” said Seshadri, who added that good defenses “cannot be based on guesses and hunches — there’s a need to be comprehensive, collaborative and cutting edge, data driven — and always evolving.”