How Mastercard’s ‘Securing Trust’ Report Maps the Emerging Cybercrime Landscape

What do a phishing email, a voice mail spoofing a CEO, and a hacked QR code have in common? They’re not just the stuff of spy movies anymore – they are part of a growing, evolving reality of cybercrime that is impacting everything from your neighborhood bank branch to global supply chains.

In its 2024 report, Securing Trust: Insights from the Frontlines of Cybercrime, Mastercard provides an incredibly interesting window into how cyber threats are changing. And perhaps more importantly, how trust – the invisible currency of our digital economy – is being tested in unprecedented ways.

If you are a digitally-savvy executive, cybersecurity professional, or just someone who accesses their banking app, maybe more than they’d like to admit, this report is your early warning system. Let’s get started.

Cybercrime: It’s No Longer Only About Hackers

You may have a mental picture of a hoodie-wearing hacker in a dimly lit room when you think about cybercrime. But the threats that exist today are much more complex. Mastercard’s latest findings reveal that the modern digital underworld thrives on on-demand fraud kits, deepfake-enabled voice manipulation, QR-based deception tactics, and AI-driven scam infrastructures. 

“The attack surface is bigger, deeper, and remarkably more creative than ever,” explains Ajay Bhalla, Former President, Cyber & Intelligence at Mastercard.

Key Trend #1: Generative AI Is the Cybercriminal’s New Friend

Deepfakes, synthetic identity fraud, and real-time voice impersonation are no longer hypothetical. Criminals are now using generative AI to:

Create a realistic video or audio spoof of someone in a position of authority in your company (your CFO could be calling you, without calling you).

Write code that appears to be a legitimate software update but is malware.

Simulate your business processes to insert them in transaction chains.

It’s not only frightening. It’s scalable. AI isn’t just helping businesses automate: it helps criminals to automate, too.

Key Trend #2: The Surge of the Digital Scamdemic

Phishing is now personal. Mastercard’s report showed that QR code scams, business email compromise (BEC), and smishing (SMS phishing) are on the rise. Threat actors are utilizing old-school tactics with new tech tools.

Anecdotally, there was a retailer that lost $1.2 M after approving a fraudulent invoice after it came through a perfect duplicate of their supplier’s website (with SSL certificates that looked legitimate).

The Cybercrime Economy: A $10.5 Trillion Wakeup Call

By the time we reach 2025, the global financial toll of cyberattacks is expected to skyrocket to $10.5 trillion annually, according to long-term projections by Cybersecurity Ventures. The Mastercard report amplifies this with real-world consequences:

• Fraud-as-a-Service platforms are now bundling kits that include ransomware, phishing, and synthetic identity creation together.
• The marketplace commoditization of stolen credentials appears to be on the upswing, as access keys are sold similarly to concert tickets. In summary, Cybercrime is no longer some anonymous hack; in fact, it is evolving into structured commerce.
• From coders to social engineers, digital mules to laundering networks, Mastercard charts how attackers are now working together, globally. Think of it as a startup with a poorly articulated mission statement. 
• Phishing is moving upmarket and getting personal. Based on Mastercard’s report, QR code scams, business email compromise (BEC), and smishing (imitation SMS or “text” phishing) appear to be gaining traction. Attackers are combining old-school concepts with new-tech tools.

For example, a retailer recently reported a $1.2 million loss after approving a fake invoice that proxied through an exact copy of its vendor’s site, complete with authentic-looking SSL certificates.

• Security is the old perimeter. Today, it’s trust that is on the line. Mastercard frames this in what they call a “trust-by-design” approach. Consider that:
• Signal layers need to be multi-layered for digital identity verification (biometric, behavioral, transactional).
• Payment authentication shouldn’t just go to 2FA, but be simple AND have AI-based anomaly detection.
• Zero trust architecture isn’t a checkbox; it needs to be baked in.

“In the world we are moving to, we are shifting from an environment where trust is intrinsically assumed in every interaction, to a place where trust must be earned every time through verification,” the report states. 

This recalibration of digital trust architecture, Mastercard maintains, is what will define the next 5 years.

Understandable Risk: If You Own a Smartphone, You Are at Risk

Here is a fun (read: scary) story: A senior VP at a fintech firm received a WhatsApp message that appeared to come from their boss. The tone was right, the phrasing matched, and it contained a typo that the boss regularly made. One wire transfer later, $500,000 was gone. 

What made it possible? A combination of:

• AI-generated text, trained on publicly available social media.
• Phone number spoofing

Impersonating emotional urgency – “This must go today!” 

If this sounds all too familiar, you’re in good company. Mastercard’s findings urge organizations to embed cybersecurity mindfulness into every role, from entry-level hires to executive leadership. 

Mastercard’s Recommendations: A Framework for Digital Trust

Mastercard proposes a multi-layered framework that addresses the modular threatscape in which we currently operate:

1. Cyber Resilience, not Cyber Defensibility

Start from the premise that a breach is inevitable, and build your systems to spot it fast, contain it early, and recover without chaos. 

Conduct regular tabletop exercises to simulate attacks with AI as an important weapon.

2. Public-Private Collaboration

Mastercard’s Cyber Front isn’t just a framework—it’s a live intelligence-sharing network empowering police agencies and corporate security teams to close cyber gaps together.

3. Education and Human Firewalls

95% of cyber breaches stem from human mistakes. Training employees in how to identify the modern iteration of scams is equally important as applying software updates.

4. Investment in Intelligence-Infrastructure

Mastercard’s risk recon and identity check programs are tools that enable partners to assess risk signals in real time.

According to Mastercard, “Trust must be verifiable, dynamic, and contextual.”

Recommend: Alibaba, Mastercard Launch U.S. Co-Branded Business Card

Let Us Conclude: Will We Never Feel Safe Again?

In a world where even your face and voice can be held hostage, it’s not a matter of if cybercrime is going to impact your life; it’s a matter of when and how well you are prepared.

There is a ray of hope, though! Trust doesn’t have to be the focus of the casualty with the right strategy, tools, and most importantly, with the right mindset. Trust can be one of your biggest advantages.

So next time you get that email with an urgent wire transfer, maybe consider using some of your newfound skepticism. Trust is earned, and verifying trust should just be part of good business in 2025.

FAQs

1. What does the Mastercard Securing Trust report cover?

The report describes how the cybercrime ecosystem is changing, focusing on how digital threats are becoming more sophisticated and the increasing need to secure digital trust.

2. How are AI technologies influencing cybercrime?

AI technologies are enabling initial attacks to be harder to detect by both end users and solutions, making it feasible to easily scale attacks and abuse digital trust. Cybercriminals can take deepfakes or realistic phishing messages to new heights.

3. What is “fraud-as-a-service”?

Think of “fraud-as-a-service” as the dark web’s version of a startup—criminals packaging their attack tools and selling them like software.  It is easier now to conduct fraud with kits or services where the criminal does not need a high level of technical sophistication. 

4. Why is trust being referred to as the new perimeter?

The increasing risk of crime in a digital world suggests that there is no longer a perimeter. Instead of considering the perimeter as bricks and mortar, organizations must fully validate trust in every interaction (such as log in, user input, transaction). In other words, trust is the new perimeter.

5. How can organizations build cyber-resilience?

Organizations can build resilience in a number of ways. One is moving towards zero-trust architectures. Another is investing in intelligence-led, risk-reducing, security tools. A third is training employees regularly. A fourth is partnerships in data sharing efforts from a public and private approach.

For deeper insights on agentic AI governance, identity controls, and real‑world breach data, visit Cyber Tech Insights.

To participate in upcoming interviews, please reach out to our CyberTech Media Room at sudipto@intentamplify.com.