Mastercard Backs Cybersecurity Startups – What This Means for the Future of Fraud Prevention in APAC

As fraud and cybercrime escalate globally, Mastercard’s strategic support for five cybersecurity startups sends a clear message: the future of financial security will be shaped by agile, intelligent, and collaborative innovation. For financial institutions across Asia-Pacific, the move highlights both a growing threat—and a powerful new direction for response.

The Rising Cost of Cybercrime — And the Urgency of Reinvention

Global losses from cybercrime are projected to surpass US$15.6 trillion by 2029, according to Mastercard. In Asia-Pacific, where digital payments, fintech adoption, and mobile-first ecosystems continue to boom, the surface area for attack is expanding faster than most institutions can adapt.

In markets like Indonesia, the Philippines, Vietnam, and India, fraud typologies are becoming increasingly complex: deepfakes, synthetic identities, social engineering, phishing scams, and malware-enabled account takeovers are now a daily reality.

In response, Mastercard has announced a new Security Solutions track under its established Start Path programme — supporting five cybersecurity startups with cutting-edge approaches to combating fraud and protecting digital identity.

The cohort — comprising OneID, Scamnetic, Spec, VanishID, and Shield-IoT — isn’t just a random selection. These startups reflect the new contours of cyber defense: modular, AI-driven, embedded into digital journeys, and focused on real-time intervention.

Innovation in Action: What Each Startup Brings to the Table

Let’s take a closer look at what these five companies are building — and why it matters, particularly for APAC’s diverse and high-growth markets.

1. OneID – Rethinking Identity Verification

Based in the UK, OneID is tackling one of the most pressing challenges in financial services: proving who someone is, safely and instantly.

Rather than relying on physical documents, selfies, or knowledge-based authentication (KBA), OneID verifies identity directly using data already verified by banks. This concept has strong implications for Asia-Pacific, where many countries have national ID-linked bank accounts (e.g., Aadhaar in India, Singpass in Singapore) — but still struggle with frictionless digital onboarding, especially for remote or underbanked customers.

Implication for APAC:Institutions in markets like Thailand, Malaysia, and Vietnam could integrate similar models that authenticate identities using existing financial infrastructure, improving inclusion while reducing onboarding fraud.

2. Scamnetic – Real-Time AI Detection of Scams and Deepfakes

Scamnetic, led by former banking security researcher Al Pascual, is focused on real-time scam detection, including deepfake detection, voice spoofing, and phishing prevention.

Its AI models analyze behavioral signals to identify when a scam is in progress — often before a fraudulent transaction occurs. This proactive layer is a game-changer in countries like Singapore, where SMS phishing (or “smishing”) scams have cost consumers tens of millions in just the past two years.

Implication for APAC:Banks and telcos in the region can deploy Scamnetic-like technology at the channel level (SMS, voice, browser) to intercept scam signals before money moves, especially relevant in jurisdictions tightening liability rules on scam losses.

3. Spec – Mapping the Entire Customer Journey

Spec takes a broader approach to fraud by observing user behavior across the entire digital journey — from login to checkout — detecting anomalies before they escalate.

Instead of waiting for payment data or flagged transactions, Spec’s platform can preempt fraud by analyzing real-time intent, navigation behavior, and inconsistencies across devices.

In APAC markets where super-apps and mobile-first commerce platforms dominate (e.g.,

Grab, GCash, Paytm), detecting fraud early in the funnel—before the payment even begins—is critical.

Implication for APAC:Digital banks, ecommerce platforms, and ride-hailing/payments hybrids can adopt journey-centric monitoring to reduce fraud and preserve user experience, without adding friction.

4. VanishID – Eliminating Leaked Data from the Web

In a region where data leaks, phishing kits, and social engineering are rampant, VanishID’s focus is refreshingly pragmatic: remove leaked personal data from the open web.

The company enables organizations to detect and delete publicly exposed sensitive data — preventing its reuse in credential stuffing, impersonation scams, or targeted phishing campaigns.

Implication for APAC:Regulators across the region, including Hong Kong’s PCPD and Malaysia’s PDPA, are tightening expectations around consumer data protection. VanishID’s approach supports proactive compliance, especially for firms managing large customer databases or operating in sensitive verticals like insurance or lending.

5. Shield-IoT – Securing Payment Devices at the Edge

Shield-IoT targets the physical layer of digital commerce: point-of-sale terminals, payment kiosks, and connected devices such as EV chargers. Its AI platform identifies anomalies in device behavior over cellular networks, requiring no deep integration or software changes.

This is crucial in emerging APAC economies, where millions of unattended payment endpoints (QR-code scanners, mobile POS systems, fuel dispensers) are coming online — often with minimal cybersecurity oversight.

Implication for APAC:Retailers, payment aggregators, and banks supporting offline or semi-connected devices (especially in rural areas) can use similar technologies to secure devices without interrupting operations — closing a significant blind spot in the payment ecosystem.

Mastercard’s Broader Security Strategy — And What It Signals

The new Security Solutions cohort builds on Mastercard’s sustained investment in cyber defense. Since 2018, the company has invested over US$10.7 billion in cybersecurity innovation — including its 2024 acquisition of threat intelligence giant Recorded Future.

The Start Path programme, launched in 2014, has already accelerated more than 475 startups across 60 countries. This new security-focused track reflects a deepened commitment to securing digital commerce at scale, with startups playing a central role.

Mastercard’s EVP for Security Solutions, Johan Gerber, put it best:

In APAC, where digital commerce is growing 2–3x faster than in North America or Europe, the lesson is simple: trust isn’t a luxury — it’s infrastructure.

What This Means for APAC’s Financial Ecosystem

Mastercard’s initiative is important not just for who it supports, but what it validates — and what it challenges.

1. Innovation Will Come from Startups

Smaller, agile companies are solving problems incumbents have failed to address: early scam detection, dynamic identity verification, behavioral journey analysis. Large FIs should view startups as collaborators, not disruptors.

2. Security Must Be Embedded, Not Layered On

These solutions aren’t just fraud filters. They sit inside the customer experience — monitoring behavior, predicting risk, and guiding decisions as events unfold. In a region as mobile-first as APAC, this shift is critical.

3. Partnerships Drive Scale

The success of programmes like this lies in ecosystem collaboration. Whether through regional innovation labs (e.g., MAS’ Financial Sector Technology and Innovation scheme) or regulatory sandboxes, public-private partnerships will define the region’s fraud defense future.

Final Thought: From Cyber Threats to Cyber Resilience

Fraud isn’t just a risk — it’s a growth blocker. Without scalable, intelligent security, the digital economy can’t expand equitably or sustainably. Mastercard’s initiative is a strong signal that cyber resilience is now a shared responsibility — between multinationals, regulators, startups, and service providers.

For Asia-Pacific, the way forward is clear:

• Collaborate widely

• Adopt early

• Build trust by design

Because in the future of finance, those who protect trust will own the relationship.