Risky Business - Risky Biz Soap Box: Why Mastercard became a cybersecurity vendor
Episode Date: October 16, 2025In this sponsored Soap Box edition of the Risky Business podcast, host Patrick Gray chats with Mastercard’s Executive Vice President and Head of Security Solutions, Jo...han Gerber, about how the card brand thinks about cybersecurity and why it’s aggressively investing in the space. After listening to this interview you’ll understand why the credit card company spent $2.65b on threat intelligence vendor Recorded Future! This episode is also available on Youtube. Show notes
Transcript
Discussion (0)
Hey everyone and welcome to another soapbox edition of the Risky Business Podcast.
My name's Patrick Gray.
As regular listeners know, each edition of the Soapbox podcast is sponsored.
And that means that everyone you hear in one of these soapbox editions, they paid to be here.
And this edition of the Soapbox podcast is brought to you by MasterCard, which is a real sign of the times.
Because, you know, when we think MasterCard, we think credit cards.
brand. We don't think cybersecurity vendor. But that is kind of changing. I mean, they're always
going to be a card brand first, right? But they are increasingly offering cybersecurity related
threat intelligence and services to various, what would you call them, stakeholders, I guess,
in their ecosystem. You know, they even bought Recorded Future. They announced that deal in
December 2024. $2.65 billion they paid for Recorded Future, which is a, you know,
a fairly large threat intelligence company.
So why is MasterCard getting into cyber security?
Or why is MasterCard in cybersecurity?
Because it has been in the cybers for a little while now.
So joining me to explain it all is Johann Gerber,
who is the Executive Vice President of Security Solutions for MasterCard.
And yeah, he really joined me to talk about why it is that a card brand
is getting involved in the threat intelligence and cybersecurity game.
So, yeah, really, at a fundamental level, as Johan's about to explain, it comes down to the fact that if you want to prevent fraud, you know, it's one thing to be able to do it at the transaction layer, but really you kind of have to shift left a bit.
And, you know, cyber threat intelligence is a good way to do that.
So here is Johann Gerber explaining that.
I do hope you enjoy this conversation.
When we get to the final transaction, it's almost too late to prevent fraud.
If you really want to be preventative and be proactive,
you need to move upstream and you need to look beyond the transaction.
And so in a world where everything is connected
and we are being represented by machines or things,
be it an IoT device or a phone or an actual machine,
the two biggest problems that I think we need to understand and resolve
is are you where you say you are, which is an identity problem?
And is this device authorized to do what it's trying to do,
which is in essence the cyber problem that most of us face
and CISO land every single day.
And so that's at the essence of why cyber became so important to us.
And so we have a traditional CSO in the organization who looks after protecting what we call the house, which is MasterCard.
But then we've got this global network where we connect three and a half billion consumer who carries a card with our logo on,
150 billion, well, sorry, million merchants or businesses where you can use that card, about 22,000, 23,000 finance institutions in the middle.
as you look at that connected ecosystem,
how do we go and protect beyond just our house?
And that's really where my focus is in that area.
That's where cyber is becoming a big problem for us.
You know, every time somebody hacks into a business
and steal your data, sells it on the dark web,
it becomes a problem eventually for us
in our brand, in the integrity of our brand.
And so cyber just became one of those things for us.
I almost get to the point where
how can you be in the online business
without having a cyber capability?
And that's really where that came into
The threat intel component of it was, how do we become more proactive?
How do we understand where the threat actors are going, especially in the world where geopolitics
are playing a much bigger role for us?
So how are you positioned to actually be able to execute on a bunch of this, right?
Because look, I'll be completely honest.
My knowledge of the credit card ecosystem is not great.
You know, I understand that you have the card brands like MasterCard visa, whatnot.
But then you have the sort of issuing banks.
And I have no idea even what sort of data, MasterCard, it's.
as a card brand can see when there are these transactions happening online.
So, you know, okay, you've got this amazing threat intelligence capability.
You develop it.
You've got all of this good information.
Is this stuff that you can apply yourself to transactions as they happen?
I mean, you already mentioned that, you know, we need to sort of shift left in disrupting
the fraud cycle.
But I guess I'm asking, what do you do with all of this wonderful information that you're
collecting?
How do you then turn that information into fraud prevention?
So maybe let me just debunk a few myths around the data that we see.
So for instance, when the data that travels or traverses our network, you know, we don't see who you are.
We only see the 16 digit number that's on your card.
And often that's represented by a token if it's an online transaction.
We don't see what you buy.
So we have no idea what's in the basket that you buy.
We see the amount.
We see the name of the business where you buy, the date time.
There's a whole bunch of data around that.
but there's very little, there's basically almost no PII data in terms of other than card numbers,
which is considered PII, but it's not your name or your address or anything like that.
That doesn't flow over our network.
That stops at a point before it hits our network.
But where we see the cyber attacks happen could be a couple of places.
We have cybercriminals that will do brute force attacks on our network to try to numerate valid card numbers
in order to find them to then go and make counterfeit cards and go and use them.
that's one. We have places where criminals have tried and successfully hacked into banks
and actually put a piece of malware in front of their authorization system. Do they just approve
a bunch of ATM transactions? In fact, there's a very famous case dating back to 2013,
which I think was at a lot of media attention where the criminals reached as a financial
institution in the Middle East, put a piece of malware in front of their system, and every
ATM transaction that came in was just approved. And they had 300 people,
in 26 countries all heating ATMs at the same time.
And they pull out a whole bunch of money.
So there's all sorts of attacks that are coming in.
I think it was 9 million bucks, if I remember correctly.
It was 40 million.
It was 5 million in the first four minutes.
So yeah, so they hit them at scale.
And so you see that happen.
Now other places where this becomes relevant is let's say we have, you know, a criminal
who just stole, you know, a thousand or a million card numbers out there
and they're offering it for sale on the dark web.
When that card number now gets sold and try to get used on our network, that intelligence for us is extremely helpful.
Because now we can make sure that, you know, you get a new card in your hand.
We block the criminals from actually executing that transaction because every time they're successful, there's a whole process now of getting you your money back, making sure all the stuff is restored.
That takes time. It takes money. It takes effort.
So being proactive on that space, very important.
At the same time, one of the things that we've learned is that the criminal community, they go through a great lens.
to either hack into existing businesses
or establish businesses with fake credentials
to supply the demand for test transactions.
Every time somebody tries to sell or buy a card number
on the dark web in one of these marketplaces,
one of the services they offer is to run a test transaction.
And those test transactions have to cross our network.
So how do we find these things?
How do we know about them?
And they just shut them down.
So there's a lot of application for our thread intel
that comes in into our systems.
And the last thing that I will mention is just helping our banks understand what kind of threats are moving around our network.
So, for instance, if we see an attack happening in Brazil, how do I make sure that that attack cannot immediately evolve to the United States or to Japan or to Australia or South Africa or wherever?
So that's where we use a lot of this intel and then also in our network with very advanced systems and AI to just make sure it doesn't spread.
and we can be as pre-operative as possible.
I mean, everything that you've just described, though,
seems to revolve around lists of card numbers
detecting when there's strange patterns
with things like transactions and whatnot.
I guess where I'm curious, because that's the fraud discipline.
I've always thought this sort of payment card fraud and bank fraud stuff.
It's like this parallel discipline to pure cybersecurity, if you will,
where you've got your own sort of TTPs, you've got your own detections,
but it's like the indicators, the data is all very different to, say, trying to determine when a, you know, file hash might be bad or an IP might be bad or whatnot, you know.
So where are you, as I understand it, you're moving more towards that sort of, you know, complete picture, cyber, less just about card numbers.
You know, how do you then start gluing all of this together where you've got the insights that you're developing from just doing detections on payment data,
streams, whatever, you know, however you want to phrase it.
But then you've also got this threat research going on, which is looking at what's happening
on the wider internet.
Like, how do you start to bring those together?
Because I'd imagine, you know, that threat research is really useful to you, but you're
not really best position to execute on that.
Like, is this a case where you start sharing with banks or like, you know, why don't you
just tell us how it all works?
We do.
So we do a lot of sharing with the banks.
We also do a lot of sharing with the government.
One of our biggest missions is, you know, if you look at Mascot as a company, we do well when economies do well.
You know, we do well when governments are doing well, when economies doing well, when people spend and they use it.
So we go to great efforts to work with governments, especially when we see threats.
So, for instance, if you think about what we did with Recorded Future, I mean, they bring more than 47 sovereign governments as part of their client list.
this allows us to connect data between the banks, between governments, around the world
in order to help figure out how these attacks works.
Because ransomware, for instance, ransomware per se may not be a big threat to the actual
payment ecosystem, well, to our specific transaction network.
But every time one of our businesses gets attacked, they cannot do transactions anymore
that loses a bunch of data of their clients and all those transactions that gets used later
on by criminals, that is how the cyber and the fraud world are fusing more and more.
And we actually see several financial institutions around the world that are actually
merging their fraud and financial crime systems where they see-so office, because they're
all looking for these patterns.
You know, cybercrime and fraud nowadays is almost impossible to disconnect the two.
A lot of scam attacks, for instance, he's been perpetrated by using deep fakes, hacking into doing
social engineering, the same things we see with attacks on fishing attacks. Very similar
attacks is being deployed across both of them. So we see a lot of patterns and a lot of similar
groups behind the scenes that are doing the same things. That intelligence be able to share
that through not just the banking system, but broader. So for instance, if you take what we've
done with recorded future, I mean, we're not turning that into a financial services company.
In fact, we still want to expand its footprint because we think the financial industry is
learning a tremendous amount about all the attacks that's coming that we can provide to the
whole world and the same to government as well. Risk Recon is another company we acquired,
which is a third-party risk management assessment piece. The first thing we did with that is
when we bought that company, we deployed it across every single finance institution on the
world, as well as about 13 million of the highest transaction processing businesses out there,
and we started establishing a baseline of all the vulnerabilities that we see across our network.
now we can use that data to inform the CSOs at all of our banks, say these are the commonalities,
and now if you overlay that with thread intel, we've got the vulnerabilities,
we can see through the threat intel which vulnerabilities are being exploited,
and we can help our CSOs in the banks much sooner to kind of prioritize which ones they should fix.
So there's a transaction layer which I talked about, but there's also an ecosystem,
they call it hygiene, that we're trying to work and fix it, say,
how do we just raise the bar of cybersecurity across those that are connected to our network?
Well, I guess that's why I was asking about, you know, how are you in a position to be able to execute on threat intelligence, right?
Because you're really not.
It's not like you are seeing the originating IPs of transactions.
It's not like you are able to understand if a merchant website has skimmer code in it or whatever.
You might be able to see, hey, there's a lot of dodgy transactions coming from this merchant, which might imply that there's been a compromise.
But you don't have that visibility.
The banks are much better position for this.
And, you know, the banks and the merchants are much better position for this.
So is this the idea here to sort of unify this fraud intelligence and cyber threat intel,
sort of package it up and offer it to, is it the vendors, sorry, is it the merchants and the banks?
Or is it just the banks?
Or like, what's the plan here?
It's both.
And through the acquisition of recorded future, we actually do get insights into the merchant websites that have got scheming devices on them.
And in fact, you know, just in July, we started.
actually disabling through law enforcement and, you know, relationships with companies like
Shadow Server to actually take down some of those underlying infrastructure below them just to
stop some of those scheming efforts as well. So this allows us to offer a package to merchants
to work closer with companies like Shadow Server, law enforcement, you know, the administrators
of a lot of the directory services, just to start taking down some of these criminal pieces
as well. Or in that move to move up, you know, a little bit more proactive and upstream and not
wait for this until it hits our transaction network, because by that time, you're fighting with
one ad behind you back to your point. I don't see the IP address. I don't see, I always see a very
limited set of data. So all of this is giving us that ability to see more of this and then to be
proactive and just keep it away from the system to start with. That's a very important. That's a good
observation that you've had there. Yeah. Now, you mentioned ransomware too. I'm curious about
this. You mentioned ransomware and about how it looked like that's just bad for everybody.
It's bad for the, you know, for people who are in your ecosystem. And as you mentioned,
You literally have billions of cards out there.
I mean, I'm a mastercard holder, right?
Like, pretty much everyone I know has well.
Glad to hear that.
Yeah, well, I mean, it's hard not to be, right?
Like, let's be honest.
But when you mentioned ransomware, you know, I sort of got curious because, you know,
obviously Recorded Future has done a lot of work around ransomware and all sorts of
cyber threat intel, even state actor-based stuff.
You know, as a payment card company, I mean, do you have any interest in keeping that size?
of the threat intel practice going because you've said oh absolutely because warm and fuzzies and
you know feels good but like is that really a concrete business case for you i mean to what extent
do you see this push as being mastercard getting into the cyber security business as opposed
to getting into the securing payments business yeah look if you if you if you listen to how we
explained the services side of MasterCard. So our cybersecurity business is part of what we call
our services division that we have. And ultimately, the goal here is that we provide services
that will ultimately differentiate the MasterCard brand, make it more secure, make it more safe,
make it more profitable, make it easier to use for our consumers, easier to use to accept
for our businesses. That will allow us to expand our business, which means we get more cards
out there, more customers, we grow that $3.5 billion to something more than that. And that you
get this flywheel of effect. So ultimately, this all has got to do with how do we create
the pave the road for for mascot to become a bigger brand and to continuously grow our business.
Security in this online system is foundational to that. And that's why, you know, us helping
our small businesses with ransomware attacks, preventing them from ransomware attacks,
builds relations between us and them, helps us to create a more secure environment where
they can continue to do their businesses. Because like I told you, every time
a business can successfully perform a transaction, that's where we benefit. So it's in our interest
to make sure that we kind of protect businesses. Small businesses, for instance, is one where
we are particularly concerned. In a world of AI, where attacks can be automated and, you know,
you can set an agent to try and penetrate these businesses. So criminals will have the ability
to scale. Somebody needs to help these small businesses. For us, every small business is potentially
a business that will accept our cards. So it's in our interest to kind of protect those
business system, make sure that they can protect themselves from ransomware attacks. So
for us, it's a very real business piece. Now, I can see why you're going to look at this and
say, this doesn't feel like a true cyber thing. But for us, ultimately, the trust and integrity
in this online ecosystem is fundamental to our future success in a world where everything is
connected. I actually take a happier view on the impact AI is going to have on small business
security. I did a fascinating interview recently with one of my sponsors.
who works with a AI-based, like, SOC agent.
They make an AI-based SOC agent.
And his opinion is, finally,
small to medium businesses are actually going to be able to access a lot more
detection technology and whatnot because it's going to be automated by AI.
Like, it might not be as good as the enterprise stuff,
but it'll be something.
And that's the first time we can actually say that.
Now, look, speaking of emerging threats,
you know, you just mentioned AI there.
I feel like in some ways AI has already changed.
some stuff, but like the true impact of AI on criminality is like yet to be borne out.
As things are today, though, like currently, not looking to the future, but right now,
you know, what would you say the major problems are?
You know, when it comes to the, you know, online criminal ecosystem because, you know,
in your position, you're sitting on top of recorded future and Mastercard data.
So I'd imagine you'd have some good insights there.
Yeah, look, some of the biggest phrase we have today.
still, I almost say, you know, just the basic security things.
If people just do the basics, right, we can already prevent a big chunk of them.
I have to say ransomware pro for me is probably still one of the largest problems out there
that folks are facing.
The other piece that is coming through very clearly today is the fusion between, the lines
are really becoming very gray between cyber fraud and financial crimes.
Criminals are using cyber elements to get access to data, to all,
order to scam you. And once they have that money, they need to wash the money through the banking
ecosystem. So the lines are grayed out. And in addition to that, we have nation states that are,
you know, all this geopolitical fractions that we have around the world. It feels like cyber is somehow
becoming weaponized in the hands of some of the nation states. A lot of the technologies coming
into the hands also of criminals. And so again, the lines are blurring, which is why the collaboration
we have with governments and so forth are also so important. But those are some of the things.
threats that for me are very, very concerning. Ransomware is still on the rise. We see more
advanced technology coming into the hands of threat actors that are deploying them, not just
for criminal activity, but also for other types of activities as well. And somehow the financial
industry, you know, in many countries, we are considered critical infrastructure because you
operate a big chunk of the economy as well. So you have that role as you see a tax coming from
you, some of them with criminal intent, some of them with other.
other intentions. And so that's, that's some of the threats that I see will persist and that
worries me most now. Future weight, we can talk about that. I think AI will definitely feature
there. I mean, it's interesting what you said about how some of this financial, the blurring
of the lines between financial crime and cyber crime. I know what you mean there. Like, you look at these
online, fake online casino kits that you can license, re-skin, and then you're using
dodgy ad networks and stuff to try to pull people into your, you know, fake casino.
I mean, there's no actual hacking involved there, but there's a million terms of service
violations, some shady browser tricks.
Like, it's a blurry line.
You know, and what happens here is the criminal activity creates a market for the cybercriminals
to sell more of their goods.
so the need for data to fish or to do social engineering
creates a market for stolen data
of personal data so people are hacking into hotel systems
into hospital systems to get as much personal data as they can
that becomes a very lucrative business for the cyber criminals
that's been bought by the they call them the fraud criminals
to execute their crimes and then it's being offered
if you go to the dark web now the range of services
It's all the way from hacking in a box to money laundering in a box, you know,
and we'll do all of this for you as a managed service.
And so there's a flywheel of demand being created here where those lines are really, really criss-crossing.
A lot of the data that gets offered on the dark web marketplaces are being pumped into AI models
to create deep fakes to create fishing scams and so forth that eventually then extract different other things.
So it really has become, they kind of feed of each other almost.
Yeah, it's interesting because earlier you mentioned identity, right?
And do you, have you made an acquisition in the identity space?
Because I was literally just chatting with a, with a identity verification company yesterday, recording an interview for them, which was really about how they try to, you know, scan, do live capture of government ID, live capture of a face, use various signals and whatnot.
I mean, I know that the card brands have various.
extra verification steps to profile devices and whatever but I haven't seen much
around that you know around technology to identify a person using like live
capture or whatever is that is that something you're looking at and if not why
not like how are you thinking about the identity problem because in my mind
there is no solution to that problem you can do things to minimize the amount of
fraud that would be prevented if you know if you were doing that sort of
stuff, but you can never fully solve it. So I'm really curious to know what you're thinking about
all of that. It's a tough problem, I think I won't lie. We did an acquisition a couple of years
ago of a company called Eccara. And what they've done is they've built a very large identity
graph. And so we're not so much concerned around you and your specific identity, but we are
concerned around or we are concerned around the attributes that surrounds your identity. So for instance,
I'm Johan. I've got five email addresses.
two home addresses, you know, three phone numbers,
and we create this graph of how these things,
and the future we will build this out with,
you've got so many agents that you use to buy things
or that does things on your behalf.
And so when you apply for a bank account
or you apply to open up an account
that any business, to create a business relationship
with anybody out there,
we look at the attributes that you put in in addition to your identity.
So, for instance, the address that you put in,
we will say,
what is the integrity of this address association
with your identity. Is that been well established over many years? Is it something that's
brand new? The phone number, you know, we've never seen this phone number associated with your
name and your address. There's something wrong. This may be a synthetic identity. So we've got
these signals of risk. But as you pointed out, as you pointed out, there's an entire
underground marketplace for fools. And what a full is, it's all of that information, right? So this is
why I'm curious about how you're thinking about it, because criminals really have adapted to
those sorts of checks, right? And to go the next level, it's like, it gets,
gets hot. It gets really hard. And so you have to do, you have to do that and you have to look at
more granular because one of those elements, ultimately, if I take over your identity, I need
something that will give me control, something like an email address or something where
that's different that the notifications goes to me instead of to the real person. So we look for
those anomalies. It's not easy. There's no, there's no solar bullet for the stuff. But you put
that in, you put device IDs in and you start binding these things. So if I, if I also,
know your typical, you know, I've got, I don't know how many devices, 20 of them, let's say,
the more integrity we have around the established relationships between your identity and the
things that you use around it, the attributes, the devices, the more we can help give you a smooth
path. And remember, when it comes to fraud, prevention, and the same is for cyber. It's not always
identifying the bad stuff. It's also identifying what we know is good and give those good transactions
is a really happy path. So a big part of our efforts around fraud detection is also how do I
detect what's good? And if it's good, how do I make sure your transaction is as smooth, as
frictionless as possible versus then I create a smaller bucket of high-risk transactions, which I then
have to disseminate. How do I deal with this? Which is very similar to the way in which we deal
with cyber things, right? There is the stuff that I know that's good. There's the stuff that's high
risk. And then I have to prioritize my high risk and start working from the highest priority.
Fraud is not very, very different, which is why I think we see this.
interesting interaction of similar technologies being applied, similar methods.
They have different data, but there's a lot of similarities and synergies between those two worlds.
I mean, it's interesting when I think about it, what you're most concerned with is making sure that an established identity is correct.
And really, when it comes to like live capture and stuff, that's about establishing the identity in the first place.
And that's up to the card issue and not you, right?
So everything that you've just said that makes sense.
That is up to the card issue.
Correct. Yeah. Yeah.
So look, you know, loathe to talk.
about it in some ways, but we've touched on it a couple of times, which is the future of AI
in criminality.
Like, do you have any concrete sort of feelings about where that's going and what sort of
challenges it's going to present in financial crime in particular?
Because everyone's got an opinion, but I figure someone who's worked at MasterCard for 25 years
and has your job, probably going to be a more educated guest than most.
Patrick, I'm actually, believe it or not, fairly optimistic.
as long as people invest in AI in the right ways as well.
Look, there's no doubt that criminals will benefit,
they're already benefiting from this.
You know, if you just look at the progress that's been made,
if you look at Hacker 1, you know,
the bots now are the best red teams.
So we know they can read the CVEs,
they can translate them into attack vectors,
and they can start hitting them,
and they can adjust the fly.
We've seen examples in the world of red teams,
but we've also seen real examples in the world out there
where criminals have used.
use AI effectively to do this. Now, the same way AI can be used on the inside, you mentioned
this a little bit about small businesses, getting a sock or something that can be in my
system, identify those vulnerabilities and then automatically go and patch them. I do believe
this is going to be a great way for us in a much better defensive mode to automate things
in a much better way. So I'm very optimistic when it comes to that. Yeah, it removes some of the
asymmetry. I think that's something that the doomers forget, right? Is that.
that it sort of levels the playing field a little bit,
a little bit more, but between attackers and defenders.
I remember, like, it was even a couple of years ago
when, you know, a good friend of mine was saying,
well, I mean, you know, the vuln research that these models
will eventually be able to do,
there's going to be an explosion in O'Day,
and I'm like, well, there's going to be an explosion in patching.
Exactly, exactly.
So it's, there's going to be a period of disruption
followed by like a new equilibrium
that's probably us in a better place, is my opinion.
I'll give you a real good example.
So Recorded Future has a malware sandbox.
And so we get all these samples of the malware in there.
And then we extract the signatures.
Now we've got AI that automatically writes your IRA queries for you and then go threat hunting.
So in a similar way, we can react way faster.
You know, as long as we actually invest in AI in the right ways to do this.
So I'm optimistic that this will allow us, and this is to your point, the way in which small businesses can benefit from this.
The problem we have to solve, though, is how do we get into the small businesses
at scale.
And this is where I think the collaboration with, you know, telcos, hosting providers,
all of those, we'll all have to come together to collectively do this and enable these
technologies to actually operate on within the environments of which these small businesses
operate.
That's something that we ourselves sees as a big task for us ahead to actually bring the right
parties to the table to enable this at scale.
I can tell you, I've been, I've lost half my hair in trying to get access to small
businesses to actually pay attention that cyber is a problem. Many of them just stick their heads
in the sense like it won't happen to me. My business is too small. It's irrelevant. They forget
that everything is automated. Criminals will just deploy these crawlers and they will attack
you. But I do think we have tech on the other side that can defend us way better and more
effective. It will remain in arms race, but it's not a doomsday scenario as far as I'm concerned.
Well, everything that you just described in terms of like, you know, getting AI to write a
arrow rule and then go threat hunting with it. I mean, I think I heard recently someone on a podcast
describing AI as like automation of simple, you know, simple brain tasks, sort of in the same way
that factory robots automated simple manual labor tasks. So manual labor didn't disappear because
we had factory assembly lines with robots on them and, you know, intellectual labor, if you will,
won't disappear because we have AI models. We just won't have to do the mind-numbingly
repetitive, annoying stuff, like writing Yarra rules and then figuring out how to query large
data sets with them. Exactly right. And the same will be true for patching, right? The stuff that
probably most people hate most. The question in my head is, will our AI models have access to
the right data to automate and be more sophisticated than just the simplified rules exactly what
you said? So a lot of that's going to be an action of how we design this and what we give action
and how we can safeguard those things, not to go out of control. But I feel,
feel the power is there for both the attackers and the defenders, and there's a lot of promise
in there that the defenders can be way more sophisticated and let our security professionals
really focus on some of the more advanced things out there that needs human attention.
Okay, well, Johann Gerber, we're going to wrap it up there. It's been fascinating to talk to you,
you know, the latest cybersecurity company, MasterCard. It's a bit strange, really, a bit of a sign
of the times. A pleasure to chat with you. Really appreciated your insights.
Thanks for joining me.
I appreciate that.
Thank you so much for having us, Patrick.