All right, let's go ahead and get started. Morning, everybody. Great to see everybody here to kick off the third day of the 2025 Morgan Stanley TMT Conference. Very pleased here to have Johan Gerber, Executive Vice President of Security Solutions for Mastercard. Before we get started with Johan, I'm James Faucette. I run FinTech research here at Morgan Stanley. And before we dive in with Johan, we're going to. I do have a quick disclosure to read. Please see Morgan Stanley research disclosure website at morganstanley.com/researchdisclosures. If you have any questions, please reach out to your Morgan Stanley sales representative. So very excited to be able to talk to you today. I was mentioning earlier, for a while, I covered networking equipment, so like Cisco and other things, while also covering Mastercard.
And I always felt like all the conversations around network security and security initiatives generally, people had an underappreciation of Mastercard and the work that you do and a lot of the capabilities that you have in-house or you've added over the years. And so this is going to be a fantastic conversation. And it's interesting because in investors' minds, clearly, all of the capabilities that Mastercard can bring to bear within the broader bucket of value-added services are very forefront in people's minds. So thanks for joining us, Johan. So maybe I'll start. Can you tell us a little bit about your background and area of responsibility within Mastercard?
James, first of all, thank you very much and thank you for the opportunity. You're right. They don't let us out too often, given we're living in the dark side of the moon a little bit. We live where sometimes all of the bad stuff sometimes happens, but hopefully, we'll get into this a little bit later. It really is about opportunity and how do we achieve and benefit from the opportunities that are out there by doing so with a long-term security mindset in place, but just a little bit about myself, it's a bit of a journey. I've been with the company for 25 years, originally born in South Africa, was a police officer for about 10 years, and I think I just got tired of chasing these criminals. There must be a way with technology to kind of make it a lot easier.
I joined a company called Europay, actually, in Europe, which ran the Mastercard brand in Europe. That was the very first acquisition that Mastercard made. And that's kind of how I came into the company. And as part of an agreement I had with one of our account managers, I met a guy for lunch, or I had to meet this guy for lunch, which was the CEO of Brighterion and actually a company from here that we eventually acquired. And he told me this thing about AI. This was back in 2003. And I tell you, I was hooked. I immediately changed jobs into a product development world. And since then, it's been 25 years building product, doing various things. So it's been a very exciting journey that we've been on up to now.
That's really interesting. We were just mentioning it. So you started talking to the team at Brighterion in 2003, you said?
Yeah.
What year did Mastercard finally acquire them?
Yep.
They finally acquired them probably like 2000.
2017.
2017, yeah. That was a good acquisition. So let's talk a little bit about Mastercard's value-added services and solutions and give us a little more insight into the breadth of services and then specifically the security component.
Yeah, look, this is a really exciting part of the business. And in 2024, we had a restructure, an organizational change in Mastercard where we actually brought all of the majority of our value-added services together. Just to give you a little bit of a sense of the impact here, it's just shy of about $11 billion in 2024. It represents about 38% of the company's revenue, growing at a very comfortable clip of north of 17%. And the interesting thing is we're only 2% penetrated in our TAM at that amount and about a 7% penetrated on our SAM, our serviceable addressable market, which means we have a lot of opportunity to grow. Since 2019, in Security Solutions alone, which is my world, we were able to convert more than $30 billion from TAM into SAM. So we've got penetration deeper that we can grow into.
We also have the opportunity to go perhaps wider into a broader TAM by converting some of these things over. As I say that, our focus is not to say, how do we get SAM as big as possible? Our focus is, how do we make payments better? How do we get that virtuous cycle of differentiate our core value propositions, win more share, that produce more transactions, more data that feeds our data services? And you've got that virtuous cycle that kind of feeds off another. That's really where we want to go. And if in that opportunity we need to convert more of this, we'll, of course, go after it. I think there's still a lot of opportunity left for us there. But to give you an indication of what's in there, of course, Security Solutions.
And we're going to talk about that a little bit in more detail later on. So I'm not going to spend time on it now. But something else is our Customer Acquisition and Engagement. This is where we do marketing services, loyalty, personalization. Dynamic Yield is one of the very interesting acquisitions that we made there. They do personalization for something like Starbucks, for instance. That's in that bucket. We've got a Business Market Insights group where we have our consultancy services. A lot of our analytics products in there. Our Economic Institute is in there. We do a tremendous amount of processing analytics, targeted analytics. There's a lot of work in there that we just spend time with our customers to really understand the operations, the markets, and how do we help provide them with guidance.
And then in addition to that, we add things like our open banking platforms, our authentication and digital processing platforms. So there's a pretty big world that's all together sitting in that world. Now, prior to 2024, you can almost think of it that we spent a tremendous amount of time at building out the portfolio of services. And we've built a pretty strong portfolio. That's how we got to that $11 billion number. With the change in 2024, that focus is now on how do we really hone down on getting that virtuous cycle going and how do we make a big difference in the lives of our customers, our banks, our merchants, and various other stakeholders in that chain. And just to give you an example of how the narrative has shifted.
In the past, I would show up at a customer and we'll tell them, look, we can help you with fraud services before, during, and after the transaction. And my colleague from Customer Acquisition and Engagement will show up and talk about how we can help you with engaging customers and getting them to spend with loyalty services and personalization, make that so much more of the conversion rates better. Now we tell a story of we can help you acquire customers. We can onboard them safely. We can activate them with our loyalty services, authenticate them, manage their fraud. And if something goes wrong, we catch them on the back end through our dispute management services. And so the value proposition and the narrative of how we show up in front of our customers as an integrated is just so much different.
I think that for me is the most exciting part of how this just really changes the way in which we take our products to market.
So that's generally the, as you said, is kind of the overall capability and breadth. And as you said, it's really been interesting to see how you've worked to add functionality and abilities that allow you to increase your SAM within that TAM. But let's talk a little bit about your direct purview and what is the strategy? What's the go-to-market? How do you interact with your clients? Just that sales process.
So the way to think about Security Solutions, let me start with the strategy, and I'll tell you a little bit more of what's in there. If we think about the opportunity that's ahead of us, the opportunity that's being brought together by the evolution of digitization, AI, new technology, I mean, what we can do now is incredible. Experiences for customers is how many more people we can bring into the digital economy. What that would mean for our secular shift, ultimately, is phenomenal. The way we think about Security Solutions is how do we get access to that opportunity and maximize the benefit of that opportunity, but in a long-term sustainable way is by security by design, embedded security in these things. Mastercard has been around for well over 50 years now.
So we take a long-term view on this, and we feel it's very important if we want to bring a billion people into the digital economy. And their first experience is one where they get scammed, they get hacked, they get abused online. We will lose them forever. So we really take a very thoughtful approach to this to say security is a business enabler and a thing that will sustain our business growth in the long term. And that's why this is so important for us. And that's why you will hear us always talk about layers of security. You will always hear us talk about embedded security, security by design. We feel that's fundamental. If the world wants the benefit of this in the long term, we're going to have to do this. So that's a little bit about the strategy and how we think about these things.
As we think about our strategy, where we add capabilities, that's always in our mind. That's why cyber is such an important piece. Digital is the biggest part of our growth. Cyber and identity, massive opportunities in those. That's where we've invested pretty heavily. The areas in my world that we cover as part of Security Solutions include our cyber world, things like our Recorded Future acquisition, RiskRecon acquisition, Baffin Bay acquisition, a bunch of products that we build ourselves. We've got fraud and financial crimes, which is more looking at our transaction-level services, looking for fraud, looking for scams, looking for compliance. Things like anti-money laundering is in there. We've got an identity group as well where we look at digital identities. We're looking at authentication, tokenization, a lot of those areas. Then we've got what we call our Dispute and Customer Engagement area.
So this is what happens if something goes wrong. How do I get my money back? And that piece is very exciting because it has grown from just disputes and what we call chargebacks to actually subscription management to how do I get digital receipts? How do I actually just have more transparency in the post-transaction phase? And how do I digitize beyond the transaction? And so that's a little bit of kind of what's in that world. It's an exciting area that also grows pretty nicely. It's the largest part of our services bucket is actually in here as well. So it's a really exciting part, but it's a fundamental part to how we see we will grow our business in the future.
So I want to spend a few minutes here just diving a little bit deeper into some of these areas within Security Solutions. You mentioned it just a moment ago, fraud and financial crimes. What kinds of measures does Mastercard take to ensure the security of digital transactions to protect against fraud? Can you kind of give us an example of a transaction and how that process works?
Yeah. This is really, it's a lot of fun, actually. We look at what happens before, during, and after the transaction. We literally have a suite of services that span that entire lifecycle, so our identity suite plays very much before the transaction happens. This is where one of our acquisitions is Ekata. We'll talk about that hopefully a little bit later when we get into identity. But how do I know you are who you say you are when we sign you up, and then every time you want to use your payment credentials, authenticate you again to make sure you are who you say you are when you come and use your card that we've given you when we authenticated you in the first time or identified you in the first time.
When you use your card, we have a couple of services that actually look at the patterns of the transaction. This is where AI plays a big role for us, Brighterion, and that we talked about a little bit earlier. There are two services which are really cool here. One is what we call our Decision Intelligence product. Decision Intelligence, think of it as a cop on the street corner that lets us look at every car that crosses by, every transaction that goes by. We look at every single transaction and we assess the risk of that transaction. Now, keep in mind, we do about $159 billion of this a year. So there's a really, really nice opportunity there to add value. All of this happens in real time.
So while you tap your card or while you click buy, all of this happens, more than 500 calculations in the background in real time that gets presented to your bank. And they use that together with all of the rest of your information to decide, are we going to approve this transaction or not? That's one of the services. The other one is a service we call Safety Net, which I would equate more to think of a drone above San Francisco where we can look at the entire city in real time all the time. So we look at our network in real time all the time. And here, we don't look at the individual transactions, but we look for spikes of things that don't make sense. What happens if one of our banks gets breached through a cyber attack and somebody makes a money run?
How do I identify it? I don't need to look at one transaction at a time. I need to look at why is this ATM firing up in ways that it shouldn't? So there, again, same thing. We look at all these transactions in real time. That product alone over the last three years stopped. And I don't mean stopped. It declined. So basically, we didn't even let it go through to our banks. More than $50 billion of attempted fraud, which is phenomenal. So there's a lot of value in these products individually for the consumer and then also at a much larger scale on the other ones as well. So it's a pretty exciting area to get into.
So I want to ask you, one of the things that a lot of times we'll have people talk about new payment schemes or approaches or technologies, et cetera. And they'll talk about some aspect of it, right? Whether it be ease of use or security, et cetera. But talk a little bit about how you balance security and convenience, right? That's the biggest problem. You can always make something more secure, but are you adding too much friction to the front end so that people won't use it and vice versa? So how do you balance that out? And what's the progress look like over the years?
It's a real funny story. In the beginning of this year, I had a long debate with a brand specialist who produces GenAI of all things, so GenAI and payments apparently go well together for what it's worth. The interesting thing was we talked about the relationship between trust and experience, and because my argument was in the old days, we looked at trust as something that gets established over time and repeated delivery of a consistent outcome that we expect and that expectancy is delivered on. In the digital world, trust gets established in a second. How does that happen, and what came out of the conversation is that there's a direct correlation between experience and trust, and that's how you will get into a car services car, how you will get access, or you will trust a new site that's on a digital platform or whatever it is.
Sustaining that trust is what really needs to happen in the long term. So reliability or convenience and trust for us goes hand in hand. Now, we also have something that we call friction by design, which is really, really interesting because if I want to do it, if I want to grab a cab to get to the airport, do not put friction in there because first of all, I'm probably late and this is not the time to do this. But if somebody wants to draw $15,000 out of my bank account, I will actually appreciate it if you put some friction in there. So friction at the right time actually enhances trust. And that's the way we think about these things.
Now, in a world of digital, in a digital world with devices and the amount of data that's available from our devices, we're actually in a place where I think we can provide a lot of security without any friction. But friction is actually really important. So we're actually in a place where we do not have to sacrifice one for the other. In the old days, like you heard, I've been here for 25 years. We literally were tuning those models and it was false positive versus detection rate. And you got either more declines or you detect more. And you were constantly figuring out how do I treat my affluent portfolios versus my mass market. Nowadays, the data that's available for us, the strength of our AI allows us to actually provide you a great experience.
We can design friction in at the right time to provide that trust, which as we go to our customers to translate this into value is how do I help you to create a strategy that serves the portfolio that is on the table for us here? You've got a travel portfolio. We want to make sure that anything related to travel and dining and those things do not have a bad experience. And so we can actually take those and we can put it into our systems and we can design that outcome with our customers. So you bring a bit of our consultancy services, our on-behalf services, how we configure the things on our network. And so we can really help our customers with this end-to-end technology pieces on the background that then memorialize those strategies and put them into action in real time on every decision.
That's where the power of the network that can do this at scale with thousands of banks and billions of transactions. That's, I think, where the power sits, what we can do with that. It's a great question. I think as we go on with this, we'll see more of this shift in terms of what is the right balance there. I think the good thing is we actually have the tools to really use it to really underscore trust versus we're in a bind that we have to sacrifice one for the other.
So obviously, most of the time when we talk about security and the capabilities of Mastercard, we put it in the context of the payments, payment scheme, and the payment network generally. But as I said at the outset, back when I was covering networking equipment and looking at things from a networking security perspective, it occurred to me that a lot of these approaches and strategies had strong applicability outside of the payment space. Is that true? Or how do you think about that?
Yeah, I think you should think about this in two ways. First of all, there is our services and how they apply to other transactions or other brands than Mastercard's brand. And this is something that we feel pretty strong with. So we do provide services on non-Mastercard branded transactions or even non-processed Mastercard transactions. So while we don't process every single Mastercard transaction, we have the ability to apply services to every transaction if that's what the customer wants from us. So we've got that capability. And we have the ability, a lot of our service are brand and rail agnostic. So we will do things, and we may get into that a little bit later around account to account and so forth. So there is the expansion of beyond the brand in the transaction world. And then there is how do we go beyond the transaction?
Things like identity is a good example of that. Those services apply irrespective of the brand that's being used. Cybersecurity, cybersecurity is not necessarily purely transaction-based. It looks at the entire ecosystem out there. So a lot of the assets that we have are actually thinking, and you should think of them as going beyond payments. Some of our things like subscription management, the acquisition of Minna Technologies, the ability to allow a customer from in the banking app to address and manage their subscription, great value. It's not necessarily related to the transaction, but it is kind of, so while we go beyond the transaction, I do want to bring it back and make sure people understand. It's not just we're looking at this as the wild west and say, where do we find pockets of money?
We always will bring this back to how does this drive that core differentiation to win the brand, to produce more data in that virtual cycle that I described before. So please keep that in mind as you think of these things. So it's not just that we're going to expand into whatever we can, but we'll be very mindful in how we expand and how that can play a role. In the digital world, if you think about the experiences, I always look at what Uber did to payments. All of a sudden, we were used to I go to a store, I buy something, whether it's online or physical. And at the end of my experience, I tap, I click pay. And as part of, it's just that last final step when I exit. Think about many of our experiences today.
I consume my service and I carry on with my life. The payment just happens, right? We can see that's going to become more and more of how the future works. If you think about AI agents and those kinds of things as they come in, where will payments sit? Will it be in the beginning, in the end, in the middle, somewhere in different parts of the experience? For that reason, we are thinking and taking a more holistic view on those that is not just, why do I do it payments? But we will always bring it back to ultimately there's a payment somewhere in that experience that we want to make sure that we have trust embedded in that security, embedded in a great experience.
So I want to hit on a few different other elements. And you've talked about a few of them, but identity management. What's happening in that segment and how important is that within the business?
I'll tell you, I'm really excited. A company we acquired a couple of years ago, whose name is Ekata, they do what we call an identity graph. It's basically AI that we put on a bunch of identities. We don't so much care about the identity of the person, but we care about the attributes that's built around that identity. To give you an example, take my name. My name can be completely anonymized, but you will say Johan is linked to these two physical home addresses. He's got two cell phones. He's got five email addresses and some other elements out there. We create that graph that basically associates me with these components around me.
Now, when somebody goes and applies for a bank account or a loan, they use my name and perhaps one of my addresses, but they use a phone number that's never been associated to me. They use an email address that's never been associated to me. Our graph is going to say, this has never been seen in relation with Johan's identity. So we built this graph that gives you context to understand why this doesn't make sense. So if I only look at the individual attributes, they all may make sense. Email addresses may check out, the phone numbers. But this is a great way how we help customers onboarding new clients, understanding when there's risk of synthetic identities, scams, mule accounts. When these mule accounts are getting opened, a lot of it gets done by synthetic identities. So these are just ways that we can help our customers.
So that's a big part of it. The role of tokenization and what that can play in the future of making digital identities usable. I'm not going to go into too much detail in this, but if you think about the power that payment cards did for bank accounts, if you really think about it, a payment card is a proxy to your bank account. It basically provides utility to your bank account. Can we do the same things for digital identities? Tokens have that power because I can tell the token to answer the question without revealing all the data. What a card payment does for you, when I want to check out my hotel, it answers the questions, does Johan have enough money to pay for this transaction, yes or no? I don't have to show them my bank account.
But yet when I check in, I have to show them my passport or my driver's license. When I get carded at a restaurant, I have to show them. Why can't we just answer the right question? Is he old enough? Yes or no? Is he old enough to buy liquor? Is he old enough to buy a car? So there's so many utilities that we can go into identity that I think are still untapped for us. Verification of attributes. We have such a big graph around the world. We have the world's largest database of fraud data. When you look at Recorded Future, which hopefully we'll get into as well, we even have more data that comes in there about all the stuff that gets stolen.
When I put that stolen identities onto my graph, and I now know that while Johan has these 10 attributes, two of them have just been sold on the dark web. Now I've got a whole different way of understanding my risk and making much better decisions. That's kind of where we play in the identity space, which is really exciting. And it's a very fast-growing world. In a world of digital, I'll close with this. In a digital world, the two biggest questions we have to answer are, are you who you say you are because you're represented by a device? And is that device doing what it's authorized to do? So it comes back to cyber and identity. Think about a world of AI agents. Now it's no longer just the identities of people and of devices.
It's the identity of agents and what agents are allowed to do or not. So that's an area that we've hardly even scratched the surface on that. But I think these are all opportunities that are coming that our customers are going to need help with. If I want to tell my digital agent to transfer money and to pay my share of our dinner last night to you, I need to make sure that that agent can really access your bank account to make the transfer, right? That's what our consumers are going to expect. So I think there's some really exciting things on the horizon for us there.
So you mentioned it, and I wanted to ask you about Recorded Future and how that fits within the broader cybersecurity solutions. And you've done this acquisition recently, but how does Recorded Future enhance not just the identity management, but cybersecurity capabilities overall?
I tell you, we are really excited about this acquisition. It's arguably the world's largest independent threat intelligence company around the world that's not linked to a cloud service, for instance. That's kind of independent and provides across multiple customers. More than 1,900 customers are coming in, 75 countries are doing business in. More than half of the G20's governments are all using them. We have 45 governments in total that are clients. So it allows us to have a conversation at a much different level. So if you go back to what I said right in the beginning around how do we actually empower economies? How do we show up at a different place where we're just not just facilitating transactions, but we're actually looking at just rising the tide for an economy in a country?
This allows us to have a very different conversation with governments and stakeholders in a country to do this. A couple of things around the data, what the data brings for us, two very important points. The data that Recorded Future brings into the fold for us has real tactical applicability on our transactions and the services we do. Just about every one of our products, our security products benefits from that data. To give you an example, I don't know how many, but there are millions and millions of cards being sold on the dark web every day. With the help of Recorded Future, we know the moment a card gets sold and we know the moment the criminal is testing that card. It's an interesting fact, but the criminals have a wonderful customer service component to their services on the dark web.
If you buy, let's say you want to buy 100 stolen card credentials, you've got the option to say, I just want the card. I want the card with a PIN number. I want this person's address and Social Security and everything. And of course, the more you buy, the more you pay. But then right at the end, they have the ability to say, test this thing for me. I want to see it works. And they will actually run a test transaction. So through something like Recorded Future, we actually know who's doing the test transaction. So now all of a sudden, I know which are the merchants or businesses that were set up in our ecosystem that does this. So I can tactically go and help my acquirer to say, you've got a bad apple in your portfolio.
I can tell my issuer, this card has just been sold. So the way when you heard me talk about Decision Intelligence, my AI decision can now be so much more accurate. If I see a bunch of these were all sold, my Safety Net application can now say, well, there's something clearly an attack happening here. So it influences very tactical on how we make real-time decisions, how we help our customers. But then the other piece is, think of this. They've got the world's biggest cyber threat intelligence. We've got a very large chunk of data around financial crime, fraud, identity theft. Bringing that data together, we have probably one of the world's most comprehensive data sets around financial crime and cyber threats applicable to the financial industry.
So we can use this for very tactical decisions, but we can also use this for strategic conversations around how do we prioritize? How do we help a bank to understand what are the biggest threats or a merchant or any other stakeholder or a government? What are the threats that you need to prioritize in terms of things that are coming down the line? And that's where I think I love this most. There's real-time decisioning coming out of this, but there's also how do we think about the future differently? And I think that's changing the conversation for us completely, which is really exciting. So just that value is already substantial. If you think about the digital world and that cyber will be part of this, any CEO that we speak to, cyber is amongst the top three of their biggest fears that keeps them up at night.
Oh, I'm sure.
And so this opens up doors to have different conversations, different value proposition. I can go on and on on this thing you can see, but we are really, really exciting. And it brings it back to payments and how we just make that world better.
So I want to ask you about AI. So internally at Morgan Stanley, AI was emerging as a key investment theme over the last few years. Other analysts or people within the firm would come to me and say, hey, how's AI going to impact Mastercard? And what are they going to do about AI? And my response is, I don't think it's going to impact them much at all because they're already doing it. They have been doing it. They've been on the continuum of machine learning to AI forever. And that's why fraud rates are really low and you can use your card with very little friction, right? So to me, it didn't seem like a big step function change. But is that accurate? And how do you think about the path forward?
Yes and no. When it comes to AI, I'll say we are paranoid. We are confident, but we're paranoid. So we will always keep an eye on what's going on there. To our earlier conversation, I think we made our first investment in Brighterion prior to 2010. I can't remember the exact year. We acquired the company in 2017. So we've been around AI for a long, long time. If you think about how we think about AI, there are a couple of ways in which you do this. One is how do we make transactions smarter? This is like how do we provide intelligence to our customers, merchants, issuers, processors, everybody in the middle? For instance, things like optimization of approval rates, retries if a merchant doesn't get the transaction through because the money has not landed in the customer's account. When is the best time to do that?
So there's an optimization component, just making the network smarter. There is how do we do things more personalized? The Dynamic Yield is an AI company that uses AI that looks at the data to make sure we produce the most relevant experience for that customer through their digital journey. And then, of course, we have how do we make it safer, which is all around my world. And you heard we have identity graphs. We've got cyber graphs. We've got AI in the interaction. So there's a whole bunch of different areas where AI is being used there. And then the last one is how do we make the company more? How do we protect the company and actually help enhance productivity in the company? How do these AI tools help us to code faster, how to make faster decisions and have a productivity impact?
So there's an internal set of use cases, and then there's all these other things where we provide better value to our clients, but we appointed an AI officer that's looking at this. We are building a very structured approach to this. The acquisition of Recorded Future, the way we think about structuring our data, fundamental. The way we think about our investments into data governance and data privacy, so on top of you have the data at the bottom, you've got your governance and privacy rules on top, and then we start putting our AI on top of that, so everything we do has that long-term sustainable view, and we'll be sitting in one of those buckets, make it smarter, make it more personalized, make it safer, and then benefit the company itself. Data and technology, critical to do this.
We think we've got a very strong hold on both of them, very strong data set. But there's people waking up every single day making sure that we stay on top of that thing because it changes in a heartbeat.
So, quickly. So, let's talk quickly go to market approach. How do you distribute your solutions? And particularly with your Security Solutions, how should we think about attach rates within the Mastercard payment ecosystem, et cetera?
So today, about 60% of the revenue that we have in our services world comes from directly linked to our transaction base. That's a strong piece because there's a CAGR, I think about a 13% CAGR growth from 2021 to 2023 in terms of processed transactions. So that just comes, there's a nice organic growth that just comes due to the fact that we link it there. But you also should think about our portfolio of services a little bit more balanced. During COVID, when transactions were down, a lot of our other services kind of helped balance that out. So we don't have, so we still could help support the growth of the company overall. So we are taking a very mindful growth in terms of how we diversify our set of portfolios. What do we put in the transaction? What do we not?
Go to market strategy, a couple of them. We have a dedicated security solution sales team all around the world. So we've got people in every region. They report into the regions. They live with the customer live. They sell. Every single day they wake up and they sell. Then we have what we call embedding it into our core. It's embedding it into our network. Decision Intelligence, like I explained to you, every transaction that passes through, we take a look at it. We embed it, for instance, in our cards. We may have a small business card that's got services attached to it. We may have a prepaid card that has some services attached to it. By virtue of you getting access to the card, identity theft, for instance, an example in the U.S., everybody has access.
If you have a Mastercard, you've got access to our identity protection program, so these things are attached to our core products, and then we have programs that we do where we think about technology, things like open banking, open APIs, where we actually speak to the developer community in how do we make these things available to the developer community, which is really important, and I think in the future will be a massive part of how we go to market with agent technology. That's going to be critical. We need to show up in those places where the developers code, where the agents are looking for getting access to the right APIs. I would say those are some of the big ways in which we take the products to market, so it's kind of embedded in our core, embedded in our network.
We're selling, and then we go to the developer community. So a technology approach.
Love it. Last couple of minutes here. Just with all this work, let's put it in context of what Mastercard does versus other payment schemes. So can you speak to fraud rates generally for new and alternative payment types, like real-time payments versus physical versus card, et cetera?
Interestingly enough, card fraud rates are lower now in terms of basis points compared to our overall GDV, is lower now compared to before COVID, which means card fraud is growing slower than the business. I'm never going to claim victory as long as there's still fraud. It's still in the billions of dollars. It's still too much. We'll never stop doing this. But I think what we've been able to do is to find a balance where it's growing slower than the business. So like I said, nobody's going to call it the winner until the stuff is gone, and we'll continue to invest in it. But that's looking really, really good. If you think about account-to-account payments, that has gone through the roof. I think the Global Anti-Scam Alliance puts a number of $1 trillion of money that's been siphoned out of the financial systems.
The problem with this is that's gone out of the hands of consumers. One of the biggest differentiators that we have in the payments world, in card payments, is that the consumer is not liable, and the merchant knows they will get their money. Those are two fundamental promises on which our entire business is built. If you're a business that accepts our card, you will get paid if you follow the rules. If you're a consumer, you won't be liable if you follow the rules. And those things are fundamental to our business. And that's why that business model has sustained so long. Now, what's good about this is we are now helping several markets.
So for instance, in the U.K., we're doing a lot of work with all the banks to say, can we bring some of these learnings that we've had over the last 50 years to help you do a better job of how we do account-to-account payments? Our franchise rules are designed in card. The party with the least security typically has liability. For instance, chip is just a really simple example. If there's a chip card, but the terminal can't read the chip and there's fraud, the one without the chip facilities will be liable. So we've created a system where there's self-policing and self-correction. Can we bring some of that advice to help our A2A? The way we have been able to collect data, report on data, and then use that to build our AI models. So I think there's a lot that we can do there.
Scams, fraud, crypto is growing at a very alarming rate. And the heartbreaking piece is consumers are losing their entire savings. I think there's a lot that we can do. We're very well positioned. We've got some really strong tech that we can bring to our banks on that base as well.
Well, that is fantastic. Johan, we're out of time. I've got at least another hour's worth of questions, but this is all we have time for today. So appreciate you being here today.
Thank you so much, James. Thank you everybody.