Securing the payments ecosystem: mitigating the threat from ransomware

Blurring of lines 

Gerber – who spent 10 years in law enforcement in South Africa before joining Mastercard — says the trends point to a “blurring of lines” between cyber warfare typically conducted by state actors, and crimes motivated by financial gain. All of this means many more parts of our infrastructure – including entire cities – are put at risk. Indeed, a recent report from RiskRecon, also a Mastercard company, found that 41% of US cities do not have information security programs strong enough to protect their data assets, making them vulnerable to data breaches and ransomware.  

AI has proved to be a double-edged sword in the fight against cybercrime. On the one hand, AI has proved a formidable weapon for criminals, who use it to identify and probe even the smallest weakness in companies’ defenses. “AI can automatically help them select the tools they need for the attack, so it actually allows hackers to attack businesses more than ever before,” explained Gerber.  

Yet on the other hand, companies, including Mastercard, have harnessed the power of AI to improve cyber defenses and improve monitoring capacity. In the last three years, Mastercard has prevented $30 billion in potential customer fraud losses from attempted global fraud and cybercrime attacks across its network. “We leverage AI to watch tens of thousands of transactions per second,” said Gerber. “That’s the power of AI, and how we are turning the tables on cybercriminals.”  

The power of blockchain 

Gerber – who has spent his career tackling organized and financial crime – argued that one of the most important tools in increasing the transparency of crypto was the public ledger or blockchain. These ledgers allow for a record to be kept of crypto transactions and are, therefore, helpful in tracing the flow of criminal funds.  

“The fact that everything gets recorded and registered allows us to do way more from a law-enforcement point of view, because it allows us to understand where the money went,” Gerber said. “It becomes very, very powerful in anti-money laundering, tracing the ransomware payments and bringing in law enforcement.” 

Technology is already allowing blockchain to be used in the fight against cybercrime, including through analytics tools which enable Gerber and his team to determine how criminals use and move cryptocurrencies.  

CipherTrace provides a clearer picture of how and when cryptocurrency payments are made – and to whom. “You can actually see the blockchain payments being made from ransomware attacks,” said Gerber. “You can see the payments being split at some point in time, with a portion going to the ransomware technology provider and the rest going to the criminal gang.”  

Ultimately, this analysis and oversight could be a helpful resource for law enforcement. And, Gerber said, there’s a critical role for government too. “Since cryptocurrencies are decentralized by nature … if you want to establish trust and integrity in that ecosystem, you’re going to have to bring in some form of regulation.”  

Firstly, he added, “this could look at the source of the coins, which could help you not just understand the tracking tied to a ransomware attack but also whether the coins being used in a legitimate transaction have had a ‘dirty’ past.” 

A second front for regulation could be to push for changes within companies, elevating the position of the chief information security officer (CISO) to encourage greater collaboration and communication with board members, and to improve cybersecurity practices, knowledge and training.  

The US Securities and Exchange Commission (SEC) hinted at such a regulatory role as recently as March this year when it published proposals requiring companies to disclose policy to manage cyber-risk. Its review also advocated for transparency around management’s role in implementing that policy, and for disclosure of boardroom expertise on cybersecurity and oversight of related risks.