← Himilo
Technology & AI

Mastercard is building Africa's cyber early-warning system — and starting where the attacks hit hardest

Mastercard has launched a pan-African Cybersecurity Centre of Excellence, beginning in South Africa and Nigeria. Illustrative: the Mastercard corporate logo.
Mastercard has launched a pan-African Cybersecurity Centre of Excellence, beginning in South Africa and Nigeria. Illustrative: the Mastercard corporate logo.Mastercard Incorporated, via Wikimedia Commons

Mastercard has launched a pan-African Cybersecurity Centre of Excellence, starting in South Africa and Nigeria — the two markets its own data flags as the continent's most-attacked. Powered by threat-intelligence firm Recorded Future, which Mastercard bought for $2.65 billion, the shared-defence hub will run a first-year risk analysis across up to 50 banks, agencies and large firms as Africa's digital economy races toward a projected $1.5 trillion by 2030.

A payments company is not the first name that comes to mind when a bank's systems light up under attack. Yet the institution now positioning itself at the centre of Africa's cyber defence is exactly that — and the move says as much about where the continent's digital economy is heading as it does about Mastercard's ambitions beyond the card rail.

On 29 June, Mastercard announced the launch of its Africa Cybersecurity Centre of Excellence, a multi-year, pan-African initiative to pool threat intelligence and coordinate defence across the continent's fastest-growing digital markets. The unveiling came during a visit to South Africa and Nigeria by Mastercard's global chief executive, Michael Miebach, with Presidents Cyril Ramaphosa and Bola Tinubu appearing alongside the company to lend the effort state backing. According to Mastercard, the idea grew out of discussions with both governments — in Abuja, and with Pretoria around last year's G20 summit in Johannesburg, the first time the group of leading economies met on African soil.

Strip away the launch-day language and the Centre is, at its core, a shared alarm system. Organisations that join gain three things: an Africa-focused threat intelligence feed that flags attackers already active in the region; recurring assessments of how exposed their own systems are; and a forum where security teams — chief information security officers, or CISOs, and their practitioners — compare notes and rehearse responses through joint exercises. In its first year, Mastercard says the Centre will run an ecosystem-wide cyber risk analysis covering up to 50 organisations across the two launch markets, spanning banks, government agencies and large enterprises.

The choice of where to begin is the most revealing detail. Mastercard's own figures name South Africa as the continent's most-targeted market, accounting for roughly 29 percent of Africa's ransomware attacks — in which criminals lock up a victim's data and demand payment to release it — and about 40 percent of its phishing attempts, the fraudulent messages designed to trick people into surrendering passwords or financial details. Nigeria, the company says, ranks among the worst hit for ransomware and dark-web activity. Rather than plant a flag in the safest market, Mastercard is starting where the fire is hottest. Kenya, often first in line for such continental launches, is not part of this opening phase.

The engine underneath is Recorded Future, the threat-intelligence firm that scans the open internet and the dark web — the slice of the web not indexed by ordinary search engines, where stolen credentials and attack plans are traded — for early warning signs. Mastercard is not licensing this capability from a distance: it acquired Recorded Future outright in a $2.65 billion all-cash deal announced in September 2024 and closed that December, one of the largest purchases of a pure-play threat-intelligence company on record. That acquisition is what turns a goodwill gesture into infrastructure. Mastercard is not merely convening a talking shop; it owns the intelligence pipe feeding it.

Why a card network cares is straightforward once the numbers are in view. Africa's digital economy is projected to reach $1.5 trillion by 2030, and every rand, naira and shilling of that runs on trust in the systems moving it. "Africa is dynamic, fast-growing, and ready to scale its digital future," Miebach said at the launch. "That won't happen without trust. People don't use what they don't trust." For a company whose revenue depends on transactions actually happening, financing the continent's collective defence is less charity than self-interest aligned with public good — a rare and useful overlap.

The harder problem the Centre is built to solve is not any single breach but the fog around all of them. Mastercard estimates only about 35 percent of cyber incidents in Africa are ever officially reported, the silence driven by thin detection capacity and a reluctance to admit compromise. That underreporting leaves every defender working from a partial map — unable to see that the group hitting a bank in Lagos is the same one that struck a lender in Johannesburg weeks earlier. Independent research points the same way: Interpol's most recent Africa Cyberthreat Assessment estimated cyber incidents cost the continent more than $3 billion between 2019 and 2025. A shared-intelligence model attacks precisely that blind spot, converting one victim's painful lesson into everyone else's advance warning.

That is also where the model's real leverage sits, and why it is worth watching closely. Cyber defence has long been lopsided: attackers collaborate freely, trading tools and stolen data across borders, while defenders guard their own walls in isolation. A pooled system inverts that asymmetry — and it compounds. Each organisation that joins adds its signals to the feed, sharpening the picture for the rest, which in turn makes membership more valuable and draws in the next. Fifty organisations is a modest start; the design only pays off at scale, across more markets and more sectors. The open questions are whether firms that have historically hidden their breaches will share honestly, how a single company's stewardship of the continent's threat picture is governed, and how fast the phased rollout reaches the markets left out of phase one. On those answers rests whether this becomes genuine continental infrastructure or a well-branded pilot. For now, the most consequential player in African cybersecurity is a payments company — and it has chosen to build where the threat is greatest.

Illustrative: network cabling in a server room. The Centre pools threat intelligence and runs a first-year risk analysis across up to 50 organisations.
Illustrative: network cabling in a server room. The Centre pools threat intelligence and runs a first-year risk analysis across up to 50 organisations.ProjectManhattan, via Wikimedia Commons
WhatsAppXLinkedIn