Executive Summary

Organizations operating largescale card programs face pressure to reduce fraud losses without increasing customer declines or service disruptions. Fraud tactics are rapidly increasing in sophistication, fueled by fraudasaservice models, scalable automation, and the expanding use of AI, enabling faster adaptation and greater attack efficiency.1 In this environment, the ongoing operational burden and cost of rule maintenance has increased, driving higher false positives, growing alert backlogs, and avoidable customer declines. Financial institutions are therefore seeking approaches that improve fraud decisioning accuracy, reduce noise for fraud analysts, and stabilize fraud performance without increasing operational burden.

Mastercard Decision Intelligence and Rules Services (DI&RS) provides network-level intelligence and configurable rules to support more informed, real-time fraud decisions. Decision Intelligence (DI) provides intelligence signals, with Rules Services (RS) enabling issuers to translate those insights into effective fraudmitigation decisions with measurable economic value. By augmenting existing fraud stacks with consortium data and risk scoring, the solution helps organizations identify fraudulent activity earlier while reducing false positives and unnecessary alerts. This lets institutions tighten controls around genuinely risky transactions while spending less time reviewing lowvalue alerts.

“Fraud alerts” refer to transactions flagged for investigation based on elevated risk scores, while “rules alerts” refer to alerts generated when predefined business or risk rules are triggered. Both contribute to the overall alert volume handled by fraud and operations teams.

Mastercard commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Decision Intelligence and Rules Services (DI&RS).2 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of DI&RS on their organizations.

98%

Return on investment (ROI)

 

$595K

Net present value (NPV)

 

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed five decision-makers with experience using DI&RS. For the purposes of this study, Forrester aggregated the experiences of the interviewees and combined the results into a single composite organization.

Interviewees said that prior to using DI&RS, their organizations relied on internally built rules, processorbased tools, and siloed data sources to detect and prevent fraud. However, this resulted in high falsepositive rates, elevated alert volumes, and largely reactive fraud management processes. These limitations created unnecessary customer friction, overwhelmed investigation teams, delayed responses to emerging fraud patterns, and provided inconsistent control over fraud losses.

After the investment in DI&RS, the interviewees described a more proactive and precise fraud management environment supported by networklevel intelligence and improved risk scoring. Key results from the investment include lower fraud losses and fewer alerts, which allowed teams to intervene earlier in active attacks and spend more time investigating true risk rather than discounting noise.

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

  • Fraud loss reduction of 12% attributed to DI&RS. By adding Mastercard’s networklevel intelligence to its existing fraud tools, the composite organization can identify emerging attack patterns sooner and contain fraud before losses accumulate. It experiences fewer sudden fraud spikes and more stable fraud performance over time. Over three years, reduced fraud loss is worth $1 million to the composite organization.

  • Fraud alert reduction of 20%. Improved signal quality and lower false-positive rates reduce the volume of fraud alerts requiring investigation. As a result, fraud and operations teams spend less time reviewing low-value alerts and avoid downstream follow-up work triggered by false positives. Over three years, these efficiencies free analyst capacity and reduce operational costs and are worth $153,000 to the composite organization.

Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:

  • Improved customer experience and reduced friction. More accurate fraud decisions lead to fewer unnecessary transaction declines, fewer card reissues, and less disruption for legitimate customers. The composite experiences reduced customer frustration at the point of sale, fewer inbound calls related to declined transactions, and improved trust in fraud controls.

  • Increased fraud stability and predictability. Earlier detection of emerging fraud patterns reduces volatility in fraud performance and limits sudden spikes. More stable fraud trends improve confidence in risk thresholds and reduce escalations during fraud events.

  • Improved decision quality and analyst confidence. With fewer low-quality alerts reaching analysts, the fraud team makes more consistent and accurate fraud decisions. Reduced alert pressure lowers error rates and enables analysts to spend more time validating true risk, improving both fraud outcomes and internal confidence in decisioning.

  • Reallocated effort toward higher-value work. By reducing reactive alert handling, the fraud team shifts its time toward proactive activities such as rule optimization, fraud trend analysis, and cross-team collaboration. The composite is able to spend less time firefighting and more time strengthening long-term fraud controls.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

  • Decision Intelligence and Rules Services subscription costs. The composite organization incurs ongoing subscription costs for DI&RS based on transaction volume and regional pricing. As processing volumes grow over time, subscription costs increase accordingly. Over three years, the composite organization invests $605,000 in DI&RS subscription costs.

  • Internal labor for implementation and ongoing management. Implementation requires minimal internal effort and focuses on configuration, validation, and parallel testing alongside existing fraud systems. Ongoing management consists of periodic oversight and performance reviews rather than daily rule maintenance. Over three years, the composite organization invests $2,900 in implementation and ongoing management.

The financial analysis that is based on the interviews found that a composite organization experiences benefits of $1.2 million over three years versus costs of $608,000, adding up to a net present value (NPV) of $595,000 and an ROI of 98%.

Key Statistics

98%

Return on investment (ROI) 

$1.2M

Benefits PV 

$595K

Net present value (NPV) 

<6 months

Payback 

Benefits (Three-Year)

[CHART DIV CONTAINER]
Fraud loss reduction Reduced alert volume

The Mastercard DI&RS Customer Journey

Drivers leading to the DI&RS investment

Interviews

Role Industry Region Revenue
Head of fraud Retail banking Latin America €84 billion
Vice president of fraud management Banking Asia Pacific (APAC) S$22 billion
Head of CLM Banking APAC A$5 billion
Fraud analytics manager Retail banking APAC $2.1 billion
Fraud strategy officer Banking North America $1.6 billion

Key Challenges

Prior to using Mastercard DI&RS, interviewees described an environment in which fraud patterns were changing rapidly, particularly across card-not-present and digital transactions. Prior approaches relied heavily on internally built rules, processor tools, or siloed systems that required constant tuning and manual intervention. As transaction volumes increased and fraud tactics evolved, these approaches became more difficult to maintain without introducing friction for legitimate customers or overwhelming fraud and operations teams.

Several interviewees said their fraud metrics became unpredictable, with sharp spikes occurring when fraudsters introduced new attack patterns. Others described regulatory pressure and internal risk thresholds that were difficult to sustain with existing tools. Because of this volatility, organizations looked for additional intelligence that could sit alongside their existing tools and help stabilize fraud outcomes without adding ongoing operational workload.

Interviewees noted how their organizations struggled with common challenges, including:

  • High false-positive rates created customer friction. Interviewees said large volumes of false positives led to legitimate transactions being declined, frustrating customers and creating unnecessary service interactions. The head of CLM in banking explained, “A false positive will have a ripple effect. If we say it looks like the card is compromised, block the transaction, and send them a new card, there is nuisance to the customer. They have to wait for it [the new card] to arrive. Catching this early means less cost for us and fewer alerts for the team looking at fraud, scams, and transaction monitoring, as well as saving the customer the nuisance.”

The head of fraud in retail echoed this, saying, “Customers were getting impacted [by false positives] and they shouldn’t have been. I can just imagine standing at a counter trying to use your credit card and it declines. There’s a reputational impact there.” The fraud strategy officer in banking also tied false positives to poor customer experience, saying, “The spikiness that we were seeing with the fraud before was driving poor customer experiences because we would then have to do multiple reissues for people who got hit by the bin attack.”

  • Elevated alert volumes overwhelmed operations teams. Interviewees described environments where fraud and operations teams were required to process large numbers of alerts daily, including false positives, limiting the time available for meaningful investigation and increasing operational strain. Subsequently, teams were not able to dedicate enough time to each alert. The head of CLM in banking said: “The basic pain point was that our inhouse systems were overburdened. COVID changed a lot in terms of how people transact. The bank was struggling internally.” The vice president of fraud management in banking described how high false positives and ineffective tooling consumed skilled labor before DI&RS: “There were a lot of false positives, so labor was one of the issues. Some alerts can get resolved within 1 hour, but some alerts takes at least 7 to 8 hours, and there are two people, a junior analyst and a senior analyst.”

  • New fraud patterns caused ongoing difficulties in keeping defenses up to date. Several interviewees said that fraud attacks often shifted faster than their internal rules could be updated, resulting in temporary spikes in fraud losses or customer impact until new controls were put in place. The fraud strategy officer in banking said: “Prior to implementation of DI&RS, fraud had a tendency to spike as fraudsters were discovering new lines of attack, and then we would address those new lines. We were seeing a return of credit master attacks or bin attacks.”

The head of CLM in banking remarked: “Criminals keep evolving. We were continuously updating our rules.” This made it hard to keep up, as the fraud analytics manager in banking described. They said, “The team had archaic processes that did not incorporate data points and options to improve.”

  • Limited visibility beyond internal and processor data caused difficulties in maintaining efficient fraud defenses. Interviewees noted that relying primarily on internal transaction data or processor-level tools made it harder to detect emerging fraud patterns occurring across the broader network. The head of CLM in banking said, “If you look at the data that we get together from our bank, it’s just purely based on a silo on one bank, while what we are getting from Mastercard is broader trend analysis.” The fraud strategy officer in banking said: “One of the recommendations from Mastercard was to review Rules Services because it allowed us to leverage network data that we’re not able to do through the processor. Our processor didn’t have a velocity solution that looked at the portfolio overall. Mastercard’s going to have more consortium data.”

Investment Objectives

Interviewees said their organizations looked for a solution that could support existing fraud tools while addressing these challenges. Specifically, they sought to:

  • Improve decision accuracy without increasing customer disruption.

  • Reduce noise for fraud and operations teams.

  • Respond more quickly to emerging fraud patterns.

  • Leverage broader intelligence to complement internal data.

“This process was very manual before. We were continuously updating our rules. Now, we already reduced false positives, so that means fewer alerts, and the team here can focus on actual risk rather than actually just discounting the alerts.”

Head of CLM, banking

Composite Organization

Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:

  • Description of composite. The regional card-issuing financial institution operates at scale managing a large card portfolio and processes transactions across digital and card-not-present channels. It processes 40 million transactions in Year 1, 45 million in Year 2, and 50 million in Year 3. Its average transaction size is $120 and average cost of remediation is $55. Fraud management responsibilities are distributed across fraud strategy, analytics, and operations teams, supported by a mix of processor tools, internal rules engines, and third-party services.

The composite organization uses DI&RS to augment its existing fraud environment rather than as a replacement for core systems. Fraud analysts and strategists use the intelligence and rules outputs to refine decisioning, while operations teams continue to manage alerts and customer interactions through established workflows.

  • Deployment characteristics. The composite organization deploys Mastercard Decision Intelligence and Rules Services alongside its existing fraud detection and transaction-monitoring environment rather than replacing core systems. The solution integrates with current processor platforms and internal rules engines, with DI&RS outputs used to enhance real-time decisioning and risk assessment across card transactions.

Fraud strategy, analytics, and technology teams collaborate to configure and maintain rules and decision logic, while fraud operations teams continue to manage alerts and customer interactions through established workflows. DI&RS operates as an additional intelligence layer within day-to-day fraud management, supporting ongoing tuning and monitoring activities with minimal disruption to existing processes.

Over time, the composite organization incorporates DI&RS into steady-state operations as a standard component of its fraud management approach, using the solution to support consistent decisioning as transaction volumes and fraud patterns evolve.

 KEY ASSUMPTIONS

  • 40 million transactions in Year 1

  • $120 average transaction size

  • $55 average cost of fraud remediation

Analysis Of Benefits

Quantified benefit data as applied to the composite

Total Benefits

Ref. Benefit Year 1 Year 2 Year 3 Total Present Value
Atr Fraud loss reduction $378,000 $425,250 $472,500 $1,275,750 $1,050,079
Btr Reduced alert volume $55,100 $61,988 $68,875 $185,963 $153,067
  Total benefits (risk-adjusted) $433,100 $487,238 $541,375 $1,461,713 $1,203,146

Fraud Loss Reduction

Evidence and data. Prior to deploying DI&RS with Mastercard, interviewees described fraud environments characterized by sudden spikes, emerging attack patterns, and delayed containment, which resulted in elevated losses and repeated customer impact. Fraud teams were often forced to respond after losses had already occurred, particularly as fraudsters rapidly shifted tactics.

With DI&RS, interviewees described earlier detection of fraud attacks, driven by access to networklevel velocity signals and consortium intelligence not available through internal or processoronly tools. Interviewees said this earlier visibility helped them stop attacks sooner, limit the size of loss events, and avoid the large swings in fraud performance they had seen previously.

  • The fraud strategy officer in banking described how, prior to using Mastercard’s networkbased capabilities, fraud losses tended to spike as new attack patterns emerged, requiring reactive mitigation after losses had already accrued. After deploying DI&RS, the interviewee emphasized that fraud losses stabilized as attacks were detected and mitigated earlier, before they could escalate. They explained: “What we’ve seen with DI&RS is fraud has stabilized over the last year. We’ve seen far fewer spikes as the velocity, whether it be merchant level or [bank identification number] level, has been effective at capturing those attacks and mitigating much earlier.” That earlier intervention translated into measurable basis point improvements in fraud losses. They continued, “We have dropped our gross fraud basis points by, I believe, 2 to 3 basis points.”

  • The fraud analytics manager in banking also highlighted a direct link between improved rule quality, reduced false positives, and materially lower fraud losses: “We’ve been able to refine a lot of the rules and get the false positives down while we still continue to stop the fraud. In saying all that, we also reduced our losses by almost 50%.” The same interviewee reinforced that reduced customer impact and loss reduction went hand in hand, especially when fraud was stopped earlier in the transaction lifecycle. They said, “We had such poor-performing rules before DI&RS and a whole lot of impact on genuine clients that were still losing more than what we’ve achieved now with fewer alerts.”

  • The head of CLM in banking similarly said, “Our fraud losses in the past six months, compared to before we you were doing this manually with fragmented processes, have definitely been halved, and we have definitely been back in our threshold that is acceptable for the bank.”

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

  • Credit card transactions for the composite total 40,000,000 in Year 1, 45,000,000 in Year 2, and 50,000,000 in Year 3.

  • The transaction fraud rate is 0.05%, which is reduced by 12% due to DI&RS.

  • The average fully loaded cost per fraudulent transaction ($175) includes the transaction loss as well as downstream operational and remediation costs.

Risks. The impact of this benefit will vary among organizations based on the following factors:

  • The organization’s processing volume with DI&RS.

  • The organization’s previous fraud alert processes and intelligence before DI&RS and the tools that it retains with DI&RS.

  • The organization’s baseline fraud-alert-per-transaction ratio.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.1 million.

12%

DI&RS contribution to fraud reduction

“What’s really important for us are the basis points. Before Decision Intelligence and Rules Services, the basis point metric was around 25 to 30 bps, and now it’s 14 to 15 bps.”

Head of fraud, retail banking

Fraud Loss Reduction

Ref. Metric Source Year 1 Year 2 Year 3
A1 Credit card transactions Composite 40,000,000 45,000,000 50,000,000
A2 Transaction fraud rate Composite 0.05% 0.05% 0.05%
A3 DI&RS contribution to fraud reduction Interviews 12% 12% 12%
A4 Average fully loaded cost per fraudulent transaction Composite $175 $175 $175
At Fraud loss reduction A1*A2*A3*A4 $420,000 $472,500 $525,000
  Risk adjustment 10%      
Atr Fraud loss reduction (risk-adjusted)   $378,000 $425,250 $472,500
Three-year total: $1,275,750 Three-year present value: $1,050,079

Reduced Alert Volume

Evidence and data. Before DI&RS, interviewees consistently described alert volumes that overwhelmed fraud and operations teams, forcing fraud analysts to process thousands of alerts per day with minimal time per decision. This environment drove inefficiency, error risk, and excessive staffing requirements across both onshore and offshore teams.

As false positives declined, interviewees reported meaningful reductions in alert volumes, which freed fraud analysts to spend more time on complex cases and, in some cases, reduce reliance on offshore or temporary staffing. Interviewees quantified these improvements using alert volume reductions, timeperalert context, and team size reductions.

  • The head of CLM in banking described a highly manual, multitier alert process prior to DI&RS: “We had a team sitting in a different offshore jurisdiction where they were dealing with alerts. Then the alert comes back to [the] onshore [team]. If it is a true alert, then a level two team is sitting here. DI&RS has already reduced false positives for us. That means fewer alerts coming onshore, and the team here can focus on actual risk rather than just discounting the alerts. We were able to reduce the workforce sitting offshore by 20% or so.”

  • The vice president of fraud management in banking said: “The previous software we were using was not that effective. There were a lot of false positives. … Earlier, the false-positive rate was 70%; it has now reduced to 40%.” The interviewee attributed this partially to DI&RS, along with other tool improvements.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

  • The composite organization experiences 200,000 alerts before DI&RS, which it is able to reduce by 20% with the solution.

  • As a result, the composite saves 500 hours per year in fraud analyst time.

  • The average hourly burdened rate of a fraud analyst is $52.

  • In addition to reducing alerthandling effort, the solution reduced downstream operational work triggered by a subset of falsepositive alerts, such as customer verification or secondary review, at an average blended cost of $4 per instance.

Risks. The impact of this benefit will vary among organizations based on the following factors:

  • The organization’s complete environment with tools that complement DI&RS.

  • The organization’s team size and processes for handling alerts.

  • The organization’s rate of false positives before DI&RS.

  • The average fully burdened hourly rate for a fraud analyst and the cost to follow up on false positives.

Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $153,000.

20%

Alerts eliminated that would have required follow-up work before DI&RS

“Across the three different tools, we had about 8,000 transaction alerts per day. Our operations team were taking only 42 seconds per alert. There were so many. Now, that’s down to 2,500 alerts. We take some time and go through the rules to see what risk scores can help formulate a better rule. That’s freed the team up to look at these alerts now.”

Fraud analytics manager, banking

Reduced Alert Volume

Ref. Metric Source Year 1 Year 2 Year 3
B1 Percentage of credit card transactions resulting in alerts before DI&RS Interviews 0.5% 0.5% 0.5%
B2 Alerts before DI&RS A1*B1 200,000 225,000 250,000
B3 Alert reduction attributable to DI&RS Interviews 20% 20% 20%
B4 Reduced alerts attributable to DI&RS B2*B3 40,000 45,000 50,000
B5 Fraud analyst alert review time per alert (minutes) Interviews 0.75 0.75 0.75
B6 Fraud analyst hours saved B4*B5 500 563 625
B7 Average fully burdened hourly rate for a fraud analyst Composite $52 $52 $52
B8 Subtotal: Value of resources freed due to reduced alert volume B6*B7 $26,000 $29,250 $32,500
B9 Alerts now eliminated that would have required follow-up work before DI&RS Interviews 20% 20% 20%
B10 Blended cost per false positive follow-up effort Composite $4.00 $4.00 $4.00
B11 Subtotal: Downstream followup cost avoided B4*B9*B10 $32,000 $36,000 $40,000
Bt Reduced alert volume B8+B11 $58,000 $65,250 $72,500
  Risk adjustment ↓5%      
Btr Reduced alert volume (risk-adjusted)   $55,100 $61,988 $68,875
Three-year total: $185,963 Three-year present value: $153,067

Unquantified Benefits

Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:

  • Improved customer experience and reduced friction. Interviewees reported that DI&RS improved the overall customer experience by reducing unnecessary transaction declines and minimizing friction during legitimate purchases.

They said that more accurate decisions led to fewer unnecessary declines at the point of sale and faster resolution when fraud occurred, reducing customer frustration and complaints. The fraud analytics manager in banking said, “Even though we don’t formally track churn tied to fraud controls, we see fewer legitimate customers being disrupted.”

Earlier and more accurate fraud detection limited the scope of fraud incidents and reduced the number of customers affected by downstream remediation processes. The fraud strategy officer in banking reported a significant reduction in card reissuance volumes after improving early detection of fraud attacks. They shared, “By catching fraud earlier, we reduced card replacements by about half, which significantly reduced customer disruption.” The interviewee gave a single concrete, high-level example: “Rules Services picked up one of the stolen cards for a highvalue client. By following that, we had at least $25,000 in savings.” This illustrates how earlier declines directly prevented material fraud losses.

The fraud analytics manager in retail banking said their organization experienced fewer inbound customer calls related to declined or blocked transactions, reducing overall disruption to customers. They said, “With fewer false positives, we saw a noticeable drop in inbound customer calls related to declined transactions.”

The head of CLM in banking said: “Reducing the number of genuine customers being impacted was a big win for us. Fewer declines meant fewer frustrated customers at the checkout.”

The head of fraud in retail banking noted that customers increasingly perceived fraud monitoring as a protective service rather than an obstacle, reinforcing trust in the bank’s ability to safeguard transactions.

  • Increased fraud stability and predictability. The fraud strategy officer described how prior to implementing DI&RS, fraud patterns sparked sharply during BIN attacks. This stabilized after the organization adopted DI&RS. Fraud spikes often triggered emergency rule changes, leadership escalation, and operational disruption, all of which carry costs and risk exposure.

Interviewees said that DI&RS reduced volatility in fraud performance by enabling earlier detection of emerging fraud patterns and limiting sudden spikes in fraud losses. Instead of reacting to new attack vectors after losses had already escalated, the interviewees’ organizations experienced more stable and predictable fraud trends over time.

The fraud strategy officer in banking said: “Before Rules Services, fraud would spike when a new attack hit and we’d have to react. Since implementing it, fraud has been far more stable month to month.” The head of CLM in banking shared a similar sentiment. They said, “Having network-level intelligence helped us identify issues earlier, rather than dealing with sudden increases after the fact.”

  • Improved decision quality and fraud analyst confidence. DI&RS improved the quality of and confidence in fraud decisions by ensuring that alerts reaching fraud analysts were more meaningful and actionable, preventing downstream costs that would be visible to customers and internal teams alike. With fewer low-quality alerts to review, teams made decisions with greater accuracy and less second-guessing, reducing both missed fraud and unnecessary customer declines.

The fraud analytics manager in retail banking noted that reduced alert volumes lowered fraud analyst error rates, even though those improvements were not formally quantified. They noted, “With fewer alerts coming through, our analysts weren’t rushing decisions anymore, and we saw far fewer mistakes.” The vice president of fraud management in banking highlighted greater confidence in fraud classifications as a key benefit of improved scoring accuracy. They said, “The accuracy of classification improved, which gave us more confidence that high-risk transactions were truly risky and low-risk ones were safe.”

  • Reallocated effort toward higher-value work. DI&RS allowed fraud teams to shift effort away from reactive, low-value work toward more strategic activities such as rule optimization, fraud trend analysis, and cross-team collaboration. Even in cases where headcount was not reduced, teams spent less time firefighting and more time strengthening long-term fraud controls. With fewer lowquality alerts to manage, fraud teams were able to spend more time proactively tuning rules and reviewing trends instead of reacting to large volumes of false alerts, which increased agility.

The fraud strategy officer in banking reported reallocating approximately 10 hours per week from reactive response to longer-term fraud strategy. The interviewee said, “It allowed me to stop being purely reactive and spend more time on longer-term fraud strategy and rule improvements.” The head of CLM in banking also described improved collaboration among fraud, onboarding, and risk teams as signal quality improved. They shared, “Better signal quality meant our teams could focus on actual risk instead of just discounting alerts.”

“When we stop the right transactions, customers actually feel protected. And even when an alert turns out not to be fraud, they see that the bank is actively monitoring their activity.”

Head of fraud, retail banking

Flexibility

The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement DI&RS and later realize additional uses and business opportunities, including:

  • Increased organizational agility and future-readiness. As fraud environments continued to evolve, institutions needed adaptable controls that could scale with transaction growth and product expansion. Interviewees viewed DI&RS as foundational infrastructure that could support future transaction growth and new payment channels without requiring proportional increases in fraud operations staffing, which positioned their organizations to adopt new payment channels, digital wallets, and fraud capabilities with greater confidence and lower incremental risk.

Interviewees described DI&RS as foundational infrastructure that strengthened readiness for future digital offerings and evolving fraud threats. The head of CLM in banking said, “Mastercard’s solutions became foundational infrastructure for us. It’s not just about today’s fraud but being ready for what comes next.”

Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Total Economic Impact Approach).

“As we roll out new digital capabilities, having DI&RS in place gives us confidence that fraud controls will scale with us.”

Fraud strategy officer, banking

Analysis Of Costs

Quantified cost data as applied to the composite

Total Costs

Ref. Cost Initial Year 1 Year 2 Year 3 Total Present Value
Ctr Decision Intelligence and Rules Services subscription $0 $231,000 $244,125 $257,250 $732,375 $605,032
Dtr Internal labor for implementation $2,288 $229 $229 $229 $2,974 $2,857
  Total costs (risk-adjusted) $2,288 $231,229 $244,354 $257,479 $735,349 $607,889

Decision Intelligence And Rules Services Subscription

Evidence and data. The annual subscription fees for the interviewees were organized in tiers and calculated based on region and processing volume.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

  • As the composite increases its processing volume, its total subscription for DI&RS is $220,000 in Year 1, $232,500 in Year 2, and $245,000 in Year 3.

Risks. Forrester recognizes that these results may not be representative of all experiences. The following factors may impact this cost:

  • The pricing included in this study is intended to support directional economic modeling and should not be interpreted as list pricing or a proxy for fees paid by all organizations. DI&RS pricing varies by region and by scope, based on regulatory and market differences which materially influence product bundling and licensing structures.

  • Actual license fees are determined per implementation and are influenced by factors including organization size, transaction volume, product mix, and geography. Contact Mastercard to determine appropriate pricing based on required capabilities and regional nuances.

Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $605,000.

Decision Intelligence And Rules Services Subscription

Ref. Metric Source Initial Year 1 Year 2 Year 3
C1 Decision Intelligence fees Composite   $220,000 $232,500 $245,000
Ct Decision Intelligence and Rules Services subscription Composite   $220,000 $232,500 $245,000
  Risk adjustment 5%        
Ctr Decision Intelligence and Rules Services subscription (risk-adjusted)   $0 $231,000 $244,125 $257,250
Three-year total: $732,375 Three-year present value: $605,032

Internal Labor For Implementation

Evidence and data. Interviewees reported that implementation labor for DI&RS was modest, particularly when compared with internally built or heavily customized fraud solutions. Because Decision Intelligence is networkembedded and Rules Services is largely managed by Mastercard, implementation primarily involved configuration, validation, and parallel testing.

Several interviewees emphasized that DI&RS was introduced alongside existing fraud stacks, allowing teams to validate outputs without disrupting production systems. As a result, implementation effort was concentrated among a small number of fraud and operations stakeholders and was limited in duration.

After implementation, interviewees reported that DI&RS required minimal ongoing management effort. Mastercard manages the underlying models and rules, while customer teams focus on monitoring performance, reviewing recommendations, and holding periodic governance discussions. Subsequently, ongoing labor typically consisted of lighttouch oversight, such as monthly or quarterly reviews, rather than daily rule maintenance or model retraining.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

  • An FTE spends 40 hours in the initial period for implementation

  • Five fraud analysts each spend 4 hours per year (one per quarter) at a rate of $52 per hour for ongoing management

Risks. The impact of this cost will vary among organizations based on the following factors:

  • The organization’s cadence of periodic reviews and oversight.

Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $3,000.

Internal Labor For Implementation

Ref. Metric Source Initial Year 1 Year 2 Year 3
D1 FTEs involved in implementation Composite 1      
D2 Implementation time (hours) Interviews 40      
D3 FTEs for ongoing maintenance Composite   5 5 5
D4 Ongoing maintenance (hours) Interviews   4 4 4
D5 Fully burdened hourly rate for an implementation FTE Composite $52 $52 $52 $52
Dt Internal labor for implementation   $2,080 $208 $208 $208
  Risk adjustment ↑10%        
Dtr Internal labor for implementation (risk-adjusted)   $2,288 $229 $229 $229
Three-year total: $2,974 Three-year present value: $2,857

Financial Summary

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

[CHART DIV CONTAINER]
Total costs Total benefits Cumulative net benefits Initial Year 1 Year 2 Year 3

Cash Flow Analysis (Risk-Adjusted)

  Initial Year 1 Year 2 Year 3 Total Present Value
Total costs ($2,288) ($231,229) ($244,354) ($257,479) ($735,349) ($607,889)
Total benefits $0 $433,100 $487,238 $541,375 $1,461,713 $1,203,146
Net benefits ($2,288) $201,871 $242,884 $283,896 $726,363 $595,257
ROI           98%
Payback           <6 months

 Please Note

The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.

These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.

The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.

From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in DI&RS.

The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that DI&RS can have on an organization.

Due Diligence

Interviewed Mastercard stakeholders and Forrester analysts to gather data relative to DI&RS.

Interviews

Interviewed five decision-makers at organizations using DI&RS to obtain data about costs, benefits, and risks.

Composite Organization

Designed a composite organization based on characteristics of the interviewees’ organizations.

Financial Model Framework

Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.

Case Study

Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

Total Economic Impact Approach

Benefits

Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.

Costs

Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.

Flexibility

Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.

Risks

Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”

Financial Terminology

Present value (PV)

The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PVs of costs and benefits feed into the total NPV of cash flows.

Net present value (NPV)

The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.

Return on investment (ROI)

A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.

Discount rate

The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.

Payback

The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.

Appendix A

Total Economic Impact

Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.

Appendix B

Endnotes

1 The Top Trends In Enterprise Fraud Management In 2024, Forrester Research, July 2024.

2 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.

Disclosures

Readers should be aware of the following:

This study is commissioned by Mastercard and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in DI&RS. For any interactive functionality, the intent is for the questions to solicit inputs specific to a prospect's business. Forrester believes that this analysis is representative of what companies may achieve with DI&RS based on the inputs provided and any assumptions made. Forrester does not endorse Mastercard or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, Mastercard and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The interactive tool is provided ‘AS IS,’ and Forrester and Mastercard make no warranties of any kind.

Mastercard reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Mastercard provided the customer names for the interviews but did not participate in the interviews.

Consulting Team:

Anahita Sultana

Published

June 2026