How Mastercard's AI Decision Intelligence Scores Your Sportsbook Deposit

Real-time risk scoring dashboard showing AI signals evaluating a sportsbook deposit transaction

Loading...

The millisecond decision that decides whether your card clears

When your Mastercard hits a sportsbook cashier, the transaction passes through an AI risk-scoring layer called Decision Intelligence before the issuer even sees the authorisation request. This layer is fast — measured in milliseconds — and since its 2024 generative-AI upgrade, it now detects compromised cards roughly twice as fast as the previous generation. Decision Intelligence Pro, the updated version, uses generative AI to identify fraudulent patterns in ways the earlier rule-based engines could not. The upgrade matters for bettors because it has shifted the false-positive rate on legitimate gambling transactions measurably, while also catching genuine fraud that the old engine would have missed.

Most bettors will never know their transaction was scored. The layer is invisible in the normal case — the deposit clears, the money lands, no notifications fire. It becomes visible only when a transaction is flagged and declined, and even then the cashier message blames the issuer or gives a generic error without mentioning the AI layer at all. This piece walks through what Decision Intelligence does, the signals it scores in real time, the 2024 generative-AI upgrade and what it changed, how to present a low-risk profile to it without gaming the system, and where its blind spots live.

What Decision Intelligence does

Decision Intelligence is Mastercard’s AI-powered transaction-scoring service that sits between the acquirer and the issuer in the authorisation flow. Every Mastercard transaction — not just gambling, not just high-value, every transaction — passes through the scoring layer in real time, and the layer outputs a risk score that the issuer can use to inform its own approval decision.

The score is a number between 0 and 999, calibrated so that higher scores indicate higher fraud risk. The issuer integrates the score into its own authorisation logic — a low score passes through to the standard approval engine; a high score triggers additional checks or a decline. Issuers configure their response to the score based on their own risk appetite, so two issuers receiving the same score on the same transaction might reach different decisions.

The scoring runs on thousands of features derived from the transaction, the cardholder’s history, the merchant, and the network context. Some features are transaction-level: the amount, the time of day, the merchant category, the authorisation method. Some are cardholder-level: recent activity patterns, velocity, geographic consistency. Some are merchant-level: the merchant’s historical fraud rate, dispute rate, chargeback rate. Some are network-level: patterns across the broader card base that indicate coordinated fraud attacks.

For gambling transactions the scoring is notable because the category is in the higher-risk part of the network’s distribution. The broader gambling-industry fraud rate rose from 4.2 percent in 2022 to 7.6 percent in 2023, an 80 percent increase, and Decision Intelligence is one of the mechanisms the network uses to keep that rate from propagating into non-fraudulent transactions. Annual industry losses to cyberattacks in sports betting are estimated at around $1 billion, with account takeover the primary vector, and the AI scoring targets exactly those patterns.

Signals scored in real time

The scoring model draws on a large feature set, but several signals carry disproportionate weight for gambling transactions specifically. Understanding them helps explain why some deposits score low and others high.

Transaction velocity is near the top of the list. A cardholder making one or two gambling deposits a month scores differently from one making twenty deposits in a day. The velocity threshold is not a hard cutoff; it is one input among many. But a sudden spike in deposit frequency — the hallmark of a compromised card or a problem-gambling behaviour pattern — raises the score meaningfully.

Geographic consistency is another major input. A card typically used in Sydney that suddenly authorises a deposit from an IP address in Eastern Europe generates a high score. The model accounts for legitimate travel — a cardholder who has recently crossed borders will not trigger the flag as severely — but abrupt geographic shifts remain a strong signal.

Device fingerprinting feeds the score too. A cardholder who always deposits from the same mobile device and suddenly deposits from a new device produces a higher score. Operators integrate device fingerprinting data into their own authorisation submissions, and Decision Intelligence uses it as context.

Timing patterns matter. A deposit at 3am on a weekday after months of weekend-afternoon-only activity produces a slightly higher score. Not enough on its own to decline, but combined with other signals it can push the aggregate over a threshold.

Historical dispute rate on the card is a structural input. A card that has filed several chargebacks in the last twelve months scores higher on every subsequent transaction, because disputed transactions are a fraud signal even when individual disputes were resolved in the cardholder’s favour.

Merchant reputation is the symmetric input. An operator with a strong history of low fraud rates and clean dispute outcomes reduces the score on transactions with them. An operator with a poor track record raises the score on everything that touches them.

The 2024 generative-AI upgrade

The shift from Decision Intelligence to Decision Intelligence Pro in 2024 moved the scoring from a primarily rule-based and classical-machine-learning architecture to one that incorporates generative AI techniques. The practical effect is a model that can identify fraud patterns that have not been seen before — patterns that rule-based engines would have missed until after a training update.

The speed improvement matters: compromised cards are detected roughly twice as fast as under the previous system. A card that would have been caught after ten fraudulent transactions under the old system might be caught after five under the new one, which reduces the total fraud exposure per compromised card.

The shift has also been commented on in wider industry conversation. As one technology policy voice has put it, AI is poised to supercharge the gambling industry, helping sportsbooks fine-tune their odds and making them even less likely to lose. The same AI toolbox that helps operators tighten their margins is also tightening the fraud-detection layer underneath, and the effect on ordinary bettors depends on which side of the net they fall on.

For legitimate bettors, the generative-AI upgrade has had an ambiguous effect. False positive rates have come down at most issuers, which means fewer legitimate transactions get wrongly declined. But the increased sensitivity to novel patterns means that bettors who change their behaviour abruptly — starting to bet more, moving to a new operator, changing deposit patterns — can generate short-term declines that resolve once the new pattern stabilises.

The model is also more opaque than its predecessors. Rule-based engines could be inspected and their logic reverse-engineered; generative AI scoring is harder to interpret. Issuer staff often cannot tell a cardholder why a specific transaction scored high, because the model’s outputs are not always decomposable into human-readable factors.

How to present a low-risk profile

The question bettors ask most about AI scoring is how to avoid triggering it. The honest answer is that you cannot game the model directly, but you can reduce the signals that push scores higher.

Consistency is the biggest factor. A cardholder with a stable pattern — same device, same approximate times, same operators, same amount ranges — generates lower scores than one with erratic patterns. Establishing a stable pattern takes weeks of use, and once established it scores well automatically.

Geographic stability helps. Depositing from the same home network rather than a variety of VPNs, public Wi-Fi, or mobile data connections produces a cleaner profile. This is not an instruction to avoid travel — legitimate travel is scored reasonably — but rapid location hopping reads as suspicious.

Amount consistency with history reduces scoring pressure. A cardholder who typically deposits $100 to $200 and suddenly deposits $2,000 generates a higher score even if the $2,000 is legitimate. Gradual scaling of deposit size, if the cardholder’s goals shift over time, scores better than abrupt jumps.

Avoiding deposit-to-withdrawal cycles without bets in between matters. The model treats a deposit followed within hours by a withdrawal of the same amount as a fraud or layering pattern. Real betting activity between deposit and withdrawal reads as legitimate play.

Keeping the issuer informed about unusual activity does not change the AI score, but it changes how the issuer responds to a flagged score. A travel note added before a trip, or a conversation with the bank about a planned large transaction, makes the issuer more willing to approve a transaction the AI layer flagged.

Limits of AI scoring

The AI layer is powerful but not infallible, and understanding its blind spots matters for both bettors and operators.

The model scores individual transactions with limited context beyond the cardholder’s own history. Coordinated fraud across multiple cards owned by the same bad actor is harder for the model to detect than fraud on a single compromised card, because the cross-card pattern requires data the model does not always have.

The model’s false-positive rate is not zero. Legitimate transactions get flagged, legitimate cardholders see declines, and the cost of those false positives falls on the cardholder. The overall error rate is low in percentage terms but substantial in absolute terms across the volume the network processes.

The model cannot adjudicate regulatory violations. A transaction that is fully legal in the cardholder’s jurisdiction but illegal in the operator’s jurisdiction is scored the same as any other — the model does not know the operator is breaching a local rule. Regulatory compliance lives in separate systems and is the operator’s responsibility.

Finally, the model does not protect against friendly fraud — cardholders who genuinely authorised a transaction and then dispute it later. The dispute resolution process runs separately from the AI scoring, and the model’s earlier approval of the transaction does not influence whether a subsequent chargeback succeeds or fails. The full mechanics of the chargeback process, including which reason codes apply to gambling disputes and how they play out, sit in this look at Mastercard chargeback reason codes for sportsbook disputes.

Can I see the risk score Mastercard assigns my sportsbook deposit?
No. The score is an internal input to the issuer"s authorisation decision and is not exposed to cardholders, operators, or public APIs. Issuer staff sometimes cannot see the specific score either, because the model"s outputs are not always surfaced to frontline representatives. The only visible output is the eventual approval or decline at the cashier.
Does a flagged deposit ever resolve on retry?
Sometimes. A flag that was driven by transient signals — an unusual time of day, a new device, a temporary velocity spike — can clear within hours or days as the profile normalises. A flag driven by structural signals — a cardholder"s dispute history, a compromised-card indicator — will not clear on retry and the transaction will continue to decline.
What behaviours quietly raise a deposit"s risk score?
Rapid velocity changes, new devices and new IP ranges, large amounts inconsistent with history, deposit-to-withdrawal cycles without bets in between, and any activity on recently-added operators are all inputs that raise the score. Consistent patterns across weeks of use keep scores low; abrupt changes raise them and take time to normalise.