Mastercard acquires Recorded Future: How will threat intelligence transform the payments industry?

As cyber criminals grow ever more crafty with their tactics, enterprises are increasingly turning to threat intelligence, which — much like military threat intelligence — involves collecting, processing and analyzing data to determine behaviors, motives, and target areas.

To help protect its enormous global network and secure the digital economy, payment giant Mastercard is increasingly relying on this comprehensive method, and is further bolstering those efforts with a new agreement to acquire global threat intelligence company Recorded Future for $2.65 billion.

“This is the next step in our journey to secure the digital ecosystem,” Craig Vosburg, chief services officer of Mastercard, said in a statement to CSO Online. “Recorded Future’s threat intelligence capabilities help to identify the intent and tools behind an attack and the associated risks. That allows companies and governments to quickly safeguard their operations and infrastructure.”

Real-time, AI-powered intelligence

Recorded Future uses artificial intelligence (AI) to analyze billions of data points across a broad set of sources to provide real-time visibility into potential threats. The company serves more than 1,900 clients across 75 countries, including more than 50% of the Fortune 100.

The acquisition will allow Mastercard to expand its threat intelligence capabilities across its network of financial institutions and merchants. Recorded Future, for its part, will gain access to the payment giant’s vast network, whose billions upon billions of data points will help it further optimize its AI-driven models.

In several posts on X (formerly Twitter), Recorded Future CEO Christopher Ahlberg said the company will remain an “independent and open intelligence platform,” serving as an independent subsidiary of Mastercard.

“Our commitment to you is stronger than ever,” he pledged. “Our capacity to deliver will increase. We will push the envelope in collections, analysis, AI, finished intelligence, all of it.”

The significance of the acquisition lies in Recorded Future’s ability to provide real-time, actionable intelligence through its AI-powered analytics, which can parse vast amounts of data from across the web, including the dark web, explained Scott Dylan, founder at NexaTech Ventures.

The technology will allow Mastercard to identify and mitigate risks before they “manifest into full-blown security breaches,” he said. Just as importantly, the payment giant will gain a more holistic view of the threat landscape to help ensure that both consumers and businesses are better protected throughout the entire payment process.

Improving threat intelligence capabilities is consistently a “top tactical security priority” for enterprises, which purchase more than a half dozen threat intelligence tools on average, said Brian Wrozek, Forrester principal research analyst focused on security and risk.

“Threat intelligence allows companies to prevent and interrupt types of attacks to minimize the impact to customers and preserve their brand reputation,” he said.

Because of that, the threat intelligence market is expected to explode; Statista estimates that by 2033, the cyber threat intelligence (CTI) market will grow to more than $44 billion (up from $11.6 billion in 2023).

The combination of Recorded Future’s threat intelligence capabilities and Mastercard’s extensive network of merchants and financial institutions should provide greater, more widespread protection to digital payment transactions, said Wrozek.

He added that it will be interesting to see how this partnership impacts other threat intelligence use cases long-term, such as providing additional context to prioritize vulnerability remediation.

Addressing the fraud that happens ‘when security fails’

Mastercard and Recorded Future previously partnered on an AI-supported service that alerts financial institutions when a credit card is likely to have been compromised. Launched earlier this year, that service has doubled the rate at which compromised cards are identified, the companies claim.

“Mastercard has made multiple investments in fraud prevention companies and technologies over the past 10 years,” said Aaron Press, research director for worldwide payment strategies. This includes Brighterion AI, Vocalink, Ekata and Ethoca, among others. “They have different angles on things, but they’re all around fraud prevention and risk management.”

He pointed out that the direct financial risk of fraud to Mastercard and its competitors, such as Visa, is minimal, as they don’t issue the cards themselves — the financial institutions that make up their customer base do.

“It’s interesting that they’re taking such an interest in this,” he said. Although risk is indirect, “it’s in their interest to maintain integrity in the payment systems that they operate. If consumers lose trust in the process, nobody uses the cards. They want to increase their stickiness with their constituents.”

Press explained that in the card world, fraud comes from both the issuing side (loan origination) and the acceptance side (transaction authorization). Threat intelligence essentially “gets to the aftermath of cybersecurity failures,” he said, as it typically occurs after a breach has taken place.

“Fraud is what happens when security fails,” he said. “Fraud is how data from a breach is monetized.”

Financial institutions ultimately have to strike a delicate balance: It comes down to “fraud versus friction” and establishing a baseline for what they can consider an acceptable level of fraud.

“It’s critical to know what to look for and be predictive about it, and at the same time you have to balance that threat with opportunity,” said Press. “You can get to zero fraud, but you will have zero sales or zero profit. You’ll say no to anything that’s even remotely suspicious.”

Threat intelligence ‘indispensable’

Ultimately, Mastercard is building a comprehensive security service that addresses not just payments, but the “surrounding infrastructure that powers the digital economy,” said Dylan, pointing to the company’s other recent cybersecurity acquisitions, including RiskRecon (third-party risk management) and CipherTrace (crypto services and payment).

“This acquisition highlights the growing role that threat intelligence plays in fortifying the global financial system, where the stakes have never been higher,” he said.

From a broader industry perspective, the move also signals that threat intelligence is becoming indispensable. “As the digital economy continues to expand, companies like Mastercard are recognizing that threat intelligence is no longer optional,” Dylan said.