Category Archives: intelligence gathering

Mastercard’s Strategic Cyber, AI, and Blockchain Acquisitions: RiskRecon, CipherTrace, and Recorded Future

Fig. 1. Master Buys Recorded Future Infographic.[1]

Minneapolis—

Mastercard has long been a leader in the payments industry, known for its global network and cutting-edge financial solutions. However, in recent years, Mastercard has expanded its focus beyond traditional payments to include a broader suite of digital security, risk management, and compliance services. This shift is evident in its key acquisitions of RiskRecon, CipherTrace, and Recorded Future, each of which bolsters the company’s position in the fintech and cybersecurity ecosystems. By integrating AI, advanced analytics, blockchain, and enhanced compliance capabilities, Mastercard has emerged as a more competitive and savvy player in today’s rapidly evolving cyber and fintech landscapes.

1. RiskRecon (Acquired in December 2019):[2]

RiskRecon is a cybersecurity firm that specializes in third-party risk assessment. The company uses AI-driven analytics to help businesses understand and manage their cybersecurity exposure by continuously monitoring the cyber risk of vendors and partners.

Acquisition Details:

  • Date: December 2019
  • Cost: Undisclosed, but estimates place it around $150-200 million.
  • Company Size: A relatively small firm but highly influential in cybersecurity monitoring.

Strategic Value:

RiskRecon’s technology allows Mastercard to offer enhanced cyber risk management services to its business customers. The acquisition integrates AI-driven analytics to assess security risk levels, providing organizations with continuous monitoring of third-party systems, enabling early detection of vulnerabilities, and helping to avoid costly breaches.

For Mastercard, integrating RiskRecon offers:

  • Enhanced cybersecurity: Real-time risk assessments ensure the security of financial transactions.
  • Improved compliance: RiskRecon’s platform ensures businesses adhere to international regulations and frameworks for data security.
  • Fraud avoidance: By continuously scanning systems for vulnerabilities, Mastercard helps its customers avoid fraud or breaches stemming from third-party risks.

2. CipherTrace (Acquired in September 2021):[3]

CipherTrace is a blockchain analytics firm that helps organizations monitor and secure cryptocurrency transactions. Given the growing adoption of digital assets, CipherTrace provides tools for detecting fraud, tracing illicit transactions, and ensuring compliance with anti-money laundering (AML) regulations.

Acquisition Details:

  • Date: September 2021
  • Cost: Estimated at $250 million.
  • Company Size: Medium-sized firm with a specific focus on cryptocurrency compliance and fraud detection.

Strategic Value:

The acquisition of CipherTrace positions Mastercard as a key player in the emerging blockchain space. By integrating CipherTrace’s tools, Mastercard is equipped to:

  • Secure cryptocurrency transactions: Provide greater transparency in blockchain activities, reducing the risks of fraud, money laundering, and other illicit activities.
  • Enhance anti-money laundering (AML) compliance: CipherTrace’s tools help organizations comply with strict AML regulations, a significant concern with cryptocurrency.
  • Support blockchain adoption: As cryptocurrency becomes more mainstream, Mastercard ensures its networks are prepared to support digital asset transactions securely.

This acquisition directly ties into Mastercard’s strategy of offering fraud avoidance and enhanced compliance in the evolving digital economy. As blockchain technology continues to mature, Mastercard is well-positioned to support safe and compliant transactions in the cryptocurrency space.

3. Recorded Future (Acquired in Sept 2024):[4]

Recorded Future is an intelligence company specializing in real-time threat intelligence. By using machine learning and AI, Recorded Future aggregates and analyzes data to provide businesses with insights into potential cyber threats before they can cause damage. They currently has more than 1,900 clients, which span 75 countries, according to Mastercard. Those customers include 45 national governments as well as more than half of the companies in the Fortune 100, the payments firm said.

Acquisition Details:

  • Date: Sept 2024
  • Cost: Approximately $2.65 billion. Yet Mastercard was one of the key investors via an equity stake acquired through Insight Partners in 2021.
  • Company Size: Large, globally recognized threat intelligence company.

Strategic Value:

Recorded Future’s AI-driven threat intelligence adds another layer of security to Mastercard’s offerings:

  • Proactive cybersecurity: Recorded Future’s data and analytics can identify emerging threats before they impact Mastercard’s networks or those of its partners.
  • Advanced analytics and AI: Mastercard gains access to an enormous database of threat indicators, allowing the company to leverage AI to detect patterns and anticipate future threats.
  • Fraud prevention: Real-time threat intelligence makes it easier to stop fraud before it happens, protecting customers from financial loss.

By incorporating Recorded Future’s threat intelligence capabilities, Mastercard is enhancing its ability to prevent cyberattacks and protect the integrity of its global payments infrastructure.

Comparing Mastercard to Visa and American Express:

Mastercard’s acquisitions of RiskRecon, CipherTrace, and Recorded Future have significantly differentiated it from competitors like Visa and American Express.

  • Visa has also invested heavily in cybersecurity and compliance but lacks the comprehensive focus on third-party risk management (RiskRecon) and blockchain analytics (CipherTrace) that Mastercard now possesses. While Visa has ventured into cryptocurrency through partnerships and blockchain experimentation, it hasn’t yet integrated a firm like CipherTrace, which is critical for cryptocurrency compliance and fraud detection.
  • American Express, while focused on fraud prevention and customer experience, hasn’t made as aggressive a push into the cybersecurity and blockchain spaces as Mastercard. Amex remains a leader in traditional fraud detection and financial services but lacks the AI-driven intelligence and blockchain transparency that Mastercard has through Recorded Future and CipherTrace.

Mastercard’s comprehensive approach, combining cybersecurity (RiskRecon and Recorded Future), blockchain analytics (CipherTrace), and AI-enhanced threat intelligence, puts it ahead of both Visa and American Express in terms of securing digital transactions and ensuring regulatory compliance.

ConclusionA Well-Rounded Competitive Advantage:

In today’s fintech landscape, the convergence of cybersecurity, compliance, AI, and blockchain is crucial for payment processors to remain competitive. Mastercard’s strategic acquisitions of RiskRecon, CipherTrace, and Recorded Future provide a holistic solution to the growing challenges of cyber threats, cryptocurrency fraud, and AML compliance. These moves not only strengthen Mastercard’s existing payment network but also position the company as a leader in digital security.

By diversifying its portfolio and incorporating advanced technologies, Mastercard has gained an edge over competitors like Visa and American Express, especially in the areas of fraud avoidance, enhanced compliance, and cryptocurrency security. This forward-thinking approach ensures that Mastercard remains at the forefront of the financial industry, well-prepared for the future of digital payments and the ongoing battle against cybercrime.

About the Author:

Jeremy A. Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and seasoned senior management tech risk and digital strategy consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota’s Technological Leadership Institute, an MBA from Saint Mary’s University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale, and New Hope Community Police Academy (MN), and the Minneapolis FBI Citizens Academy. You can follow him on LinkedIn and Twitter.

References:

[1] N, Balaji. “Mastercard Buys Recorded Future for $2.65 Billion.” 09/12/24. https://cybersecuritynews.com/mastercard-buys-recorded-future/

[2] Miller, Ron. “Mastercard acquires security assessment startup, RiskRecon.” Techcrunch. 12/23/19. https://techcrunch.com/2019/12/23/mastercard-acquires-security-assessment-startup-riskrecon/

[3] Mastercard. “Mastercard acquires CipherTrace to enhance crypto capabilities.” 09/01/24. https://www.mastercard.com/news/press/2021/september/mastercard-acquires-ciphertrace-to-enhance-crypto-capabilities/

[4] Alspach, Kyle. “5 Things To Know About Mastercard Acquiring Recorded Future”. CRN. 09/13/24. https://www.crn.com/news/security/2024/5-things-to-know-about-mastercard-acquiring-recorded-future

The 9/11 Terrorist Attacks: Lessons Learned for Security and Investigation

On September 11, 2001, the United States faced one of its darkest days. Today, we remember the lives lost and the lessons learned. Nineteen terrorists, linked to the extremist group al-Qaeda, executed a coordinated series of attacks on American soil. Four commercial airplanes were hijacked: two were flown into the Twin Towers of the World Trade Center in New York City, one crashed into the Pentagon in Washington, D.C., and the fourth, United Airlines Flight 93, was downed in a field in Pennsylvania after passengers fought the hijackers.[1]

The tragic events unfolded over the span of just a few hours, forever changing the course of U.S. history. Nearly 3,000 people lost their lives, including civilians, first responders, and passengers on the hijacked planes. The attack had devastating human and emotional costs, along with far-reaching economic and geopolitical consequences. Today, a memorial stands at Ground Zero in New York City, honoring the victims and reminding future generations of the impact of terrorism.

Timeline of the Attack:

  • 8:46 AM: American Airlines Flight 11 crashes into the North Tower of the World Trade Center.
  • 9:03 AM: United Airlines Flight 175 crashes into the South Tower.
  • 9:37 AM: American Airlines Flight 77 crashes into the Pentagon.
  • 9:59 AM: The South Tower collapses.
  • 10:03 AM: United Airlines Flight 93 crashes in Pennsylvania.
  • 10:28 AM: The North Tower collapses.

The 9/11 Commission Report:[2]

The aftermath of 9/11 spurred a comprehensive investigation into how the attacks occurred and what failures enabled them. The 9/11 Commission Report, released in 2004, outlined critical lessons and provided recommendations to prevent future attacks. It focused on three key areas: the importance of collaboration, the need for enhanced information sharing, and the role of private sector innovation in improving national security.

1. The Power of Collaboration

Before 9/11, U.S. intelligence and law enforcement agencies operated in silos. The FBI, CIA, and other entities each managed their own investigations without significant interagency coordination. This fragmented approach hindered their ability to piece together warning signs that, in hindsight, could have potentially foiled the attacks. One of the most important lessons learned was the need for stronger collaboration across all government agencies.

Post-9/11, the creation of the Department of Homeland Security (DHS) and the Director of National Intelligence (DNI) was designed to foster better collaboration. DHS now coordinates efforts across different agencies, while the DNI serves as the head of the U.S. Intelligence Community, overseeing the work of multiple intelligence organizations. This structure has strengthened unity across federal and local government institutions.

2. Information Sharing as a Security Best Practice

Prior to the attacks, there was a critical failure in sharing information. Multiple agencies had pieces of intelligence about suspicious activities by some of the hijackers, but these data points weren’t shared in time to create a clear threat picture.

The 9/11 Commission Report emphasized the need for robust information sharing among agencies. The report also led to the creation of fusion centers where federal, state, and local agencies can share intelligence in real time. This collaborative approach has drastically improved the ability to detect and respond to potential threats, highlighting the importance of breaking down institutional silos and fostering a culture of openness among government bodies.

The USA PATRIOT Act, enacted shortly after 9/11, further addressed this issue by expanding the sharing of information between law enforcement and intelligence agencies, though it has also sparked ongoing debates about privacy and civil liberties. Yet it was abused in some cases, resulting in the overreach of phone and internet data surveillance by the NSA, which was rolled back during the Obama administration after Edward Snowed leaked these abuses.

3. Private Sector Innovation in Security

The private sector plays a crucial role in national security, particularly in areas such as cybersecurity, surveillance technologies, and aviation security. The 9/11 Commission Report acknowledged that the private sector has the ability to innovate quickly and provide cutting-edge solutions to address security threats. In response to 9/11, the Transportation Security Administration (TSA) was created to oversee airport security, with significant input from private companies on how to better screen passengers and cargo.

In the years following the attacks, advancements in biometric technology, data encryption, and surveillance systems have all stemmed from public-private partnerships. Companies have also played a role in developing cybersecurity frameworks to protect critical infrastructure from potential digital attacks, reflecting the growing interdependence between national security and technological innovation.

Memorial and Remembrance:

The legacy of 9/11 continues through memorials and acts of remembrance. The National September 11 Memorial & Museum was built at Ground Zero, featuring two large reflecting pools where the Twin Towers once stood, with the names of the victims inscribed in bronze. It serves as a place for reflection and remembrance, while the museum educates visitors on the events of that day and the lives lost.

Conclusion:

The 9/11 terrorist attacks were a defining moment in modern history. They highlighted vulnerabilities in U.S. national security, but the response led to transformative changes in how the nation collaborates, shares information, and innovates to protect itself. The lessons learned from the 9/11 Commission Report continue to shape security and investigation best practices, with collaboration, information sharing, and private sector innovation standing at the core of these efforts. These changes honor the memory of the lives lost and aim to prevent such a tragedy from ever happening again. The private sector is critical to all of this.

About the Author:

Jeremy A. Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and seasoned senior management tech risk and digital strategy consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota’s Technological Leadership Institute, an MBA from Saint Mary’s University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale, and New Hope Community Police Academy (MN), and the Minneapolis FBI Citizens Academy. You can follow him on LinkedIn and Twitter.

References:

[1] U.S. Gov’t.” The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States (9/11 Report)”. 2004.

[2] U.S. Gov’t.” The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States (9/11 Report)”. 2004.