Enzoic’s Mike Green on Winning Most Innovative FinTech Solution and Fighting Payment Card Fraud With Dark Web Intelligence

We sat down with Mike Green, CEO of Enzoic, which won Most Innovative FinTech Solution in the TechAscension FinTech Awards for its Payment Card BIN Monitoring Service, to learn more about the growing payment card fraud landscape and how financial institutions can detect compromised card data before losses escalate. Mike also explains how Enzoic’s real-time Dark Web intelligence helps banks and credit unions proactively identify exposed cards, reduce fraud risk, and protect customers without adding friction to the cardholder experience.

Can you briefly describe the payment card fraud landscape, and why the threat is growing? 

Unfortunately, I think it’s an issue most of us are familiar with.  Sixty-three percent of US cardholders have fallen victim to fraud, with many people experiencing multiple instances. Not only is it a growing issue; it’s also an incredibly costly one. It’s estimated that a single compromised card costs issuers an average of $2,500.Cybercriminals obtain card data through a variety of methods, and either use it for fraudulent activity themselves or share it with others for the same purpose. 

How do hackers obtain compromised card data? 

Payment card numbers can be exploited in numerous ways, including data breaches, skimming devices, malware, and phishing emails. In many cases, hackers target retailers or service providers that store payment data and steal large batches of card numbers in a single attack. They also use fake websites, malicious emails, or infected devices to trick people into entering card details directly. 

Once compromised, this information is often packaged and sold on the Dark Web or other cybercriminal marketplaces. Listings are typically organized by card type, issuing bank, geography, or whether the card has been “verified,” allowing threat actors to quickly identify the most usable data.

One of the most common ways stolen cards are exploited is through Card Not Present (CNP) fraud. This is when cybercriminals make online, phone, or other remote purchases without the card being physically present. These transactions only require the number, expiration date, CVV, and billing details, making it easy to monetize card compromise at scale.

How does Enzoic’s Payment Card BIN Monitoring service address the issue?

We monitor the Dark Web for exposure data so organizations can proactively act at the first sign of compromise to prevent fraudulent purchases. While VISA and Mastercard typically notify issuers after a potential fraud has occurred, our Payment Card BIN Monitoring service provides real-time Dark Web exposure alerts the moment a compromised card is detected. This gives issuers an early signal so fraud teams can act quickly before downstream losses, chargebacks, or customer disruption escalate. 

The solution works by tapping Enzoic’s proprietary Dark Web intelligence to scan for cards associated with customers’ BINs (Bank Identification Numbers), providing immediate notification of any breaches containing the digits. Financial institutions only need to register their BINs, which ensures that customer account details are protected while we scour the Dark Web for compromise. If an exposure is detected, the service sends an immediate alert with the full card number so that the bank or credit union can notify the individual and deny any subsequent transactions. 

Unlike other card monitoring solutions which only provide older data with infrequent updates, Enzoic utilizes a dynamically updated database of compromised payment card information. We really differentiate our solution through the combination of automated scanning tools with dedicated human expertise. Our proprietary technology collects and processes compromised data from the Dark Web and other sources, while our in-house threat research team validates, refines, and organizes the findings. 

Beyond enhanced security, what are some additional benefits for financial institutions and their customers? 

Financial institutions have historically struggled to strike the right balance between security and a positive user experience, as customers are easily frustrated by any action that impedes their card usage. Because our Payment Card BIN Monitoring solution happens entirely in the background there is zero customer friction, with people only becoming aware of it in the event an exposure is detected. 

False positives are another issue we often see with other card fraud solutions. This has obvious customer experience implications and also eats up resources related to restoring account access and authorizing the initial purchase. Enzoic eliminates this administrative burden, with issuer IT teams only alerted if a match is detected. 

Finally, the solution offers significant cost savings. Fraud insurance is primarily designed for large scale breaches, so financial institutions are often responsible for covering the smaller card compromise that occurs more frequently. With a new person falling victim to identity theft in the US every 4.9 seconds, this could quickly become an expensive undertaking. By enabling banks and credit unions to act before fraudulent transactions occur, Enzoic prevents these financial headaches from compounding. 

Does Enzoic offer solutions for other industries? 

Absolutely. Our focus is on keeping compromised data out of the hands of those that would exploit it—whether it’s payment card numbers, exposed credentials, or other personally identifiable information (PII). As such, we have a lot of customers in other regulated industries such as healthcare, government, and education. 

Enzoic for Active Directory is one of our products which sits across these and other sectors. It draws on the same technology that powers the Payment Card BIN Monitoring service to scan passwords both at their creation and at every subsequent login to ensure they are safe. If we detect a breach, the solution can automate a range of customizable actions—including immediately disabling the account to prevent unauthorized access. 

What’s your perspective on the passwordless movement?

There’s certainly been a lot of buzz around this topic, but I don’t anticipate that our personal or professional lives will be truly passwordless for the foreseeable future. While numerous authentication alternatives have emerged in recent years, passwords are still deeply embedded in digital identity systems.

Passkeys and other passwordless solutions are heavily reliant on underlying device ecosystems and their respective identity frameworks. This can quickly lead to interoperability issues due to differences in implementation, device management, and account syncing. What this means in practice is that a passkey stored in an iCloud Keychain cannot automatically transfer to a Windows-based laptop. When you think about how many operating systems are utilized in your average corporate environment, it’s easy to see why this is a major hurdle. 

There are other integration and interoperability challenges to consider, but even if a company were to address them, credentials are still required to authenticate a passwordless system at some point in the security chain. So, in reality even the most aggressive passkey-first implementations are only as secure as the password that underpins them. 

What is your focus for the next 12 months? 

Hopefully it’s clear from our conversation that cybercriminals are always looking to capitalize on exposed PII! As such, Enzoic’s focus is on helping our customers stay a step ahead and be more proactive in the face of these risks. While it’s not possible to completely eliminate card compromise or credential abuse, integrating real-time threat intelligence prevents hackers from further weaponizing this information.