Post-pandemic economies demand cutting-edge security

By Paul Fabara, Visa Chief Risk Officer

April 21, 2022

Visa’s Chief Risk Officer details how security has evolved for a digital-first world

COVID-19 upended a lot of assumptions about how, where and when we work, shop, and play. According to Digital Commerce 360, since the emergence of the pandemic in late 2019, e-commerce volume has grown by more than 50.5 percent while peer-to-peer payments on our network have more than doubled and subscriptions to digital streaming services hit the 1 billion milestone.

The common denominator across almost all post-pandemic behavioral shifts is the growing importance of digital payments. Put another way, the safe, reliable and fast movement of digital money between individuals, businesses and governments is the engine powering today’s global economy — including everything from $0.40 digital downloads to $4 million cross-border corporate transactions.

Ensuring that life-saving medicines could be purchased or governments could efficiently distribute pandemic relief mostly falls to networks like Visa, with the required technology, experience and partnerships.

To say the task of securing the global movement of money is complex would be an understatement, particularly now. Unfortunately, criminal enterprises saw the pandemic as a golden opportunity to exploit human and technical vulnerabilities. On the human frailty side, 78 percent of people who receive unsolicited links click on them¹, while 51 percent of people admitted to using the same password for most of their online activity². Meanwhile, 81 percent of global organizations experienced increased cyber threats with 79 percent experiencing downtime due to a cyber incident during a peak season³.

A lot of attention is paid to the innovations on the bleeding-edge of finance and payments — tap to pay, crypto, buy now pay later, for example. What garners less attention are the products, platforms and services that ensure any new form of money movement is safe, secure and private.

We don’t often show what happens behind the scenes at Visa, but it’s worth shining a light on the changes we’re making to our security systems, processes and innovations. Why? Because it’s important and, frankly, kind of cool (if we do say so ourselves).

Multi-layered, cutting-edge cybersecurity

We look at cybersecurity from two perspectives — protecting Visa’s assets, and providing clients and partners with layers of proactive defense and offense. For example, Visa has over 1000 full-time cybersecurity specialists use natural processing analyze petabytes of data that enable them to protect Visa’s network from malware, zero-day attacks and insider threats. Adding another layer, machine learning models predict and fix most likely points of network vulnerability. On the client side, Visa’s security team monitors, scans and checks client systems for suspicious activity and vulnerabilities.

Some of the cybersecurity work, like ethical hacking attempts by our in-house engineers or triangulating fraud attempts, IP addresses and GPS data to catch criminals, wouldn’t be out of place in a Jason Bourne movie. Vulnerability testing alone has saved clients ~$31 million in prevented fraud in FY21. Other work, like fielding in-bound client incidents, is less dramatic, but no less important. In one instance, Visa helped to prevent ~$2.2 billion in attempted client fraud using the Visa Account Intelligence tool, which uses AI and machine learning to catch fraud before it starts.

Preventing fraud with the power of AI

When it comes to fighting fraud, data is the most precious resource. Because of Visa’s expansive global network, it has more data than its competitors, and Visa deploys that data to reduce fraud. But it’s not just about the volume, it’s the quality and how it is used. In the past five years, the company has spent more than $9 billion to boost cybersecurity and reduce fraud. With an investment of $500 million in artificial intelligence and data infrastructure, for example, Visa can power over 60 different AI capabilities that can automate much of the heavy lifting in fraud detection — a time-consuming task that many clients are doing manually today.

One service alone, Visa Advanced Authorization, helped prevent an estimated $26 billion in fraud in 2021. The other side of preventing fraud is minimizing false customer declines. To that end, Visa applies the latest deep learning techniques to reduce false declines by as much as 30 percent.

360-degree protection with advanced authentication tools

With the majority of financial activity now occurring in the cloud, it’s critical that customer data be protected wherever transactions take place. Authentication 2.0 — the future of consumer protection — is anchored by tokens, pioneered by Visa, which reduce the risk of identity theft by replacing cardholder information with a unique identifier for a specific transaction. Tokenization is up 60 percent year-over-year and has led to a 2.5 percent increase in approval rates and 28 percent reduction in fraud rates. Visa has also introduced its Cloud Token Framework (CTF), designed to enhance security and increase approval rates for card-not-present transactions across multiple payment experiences and devices. In Europe, the use of Visa's new authentication technology, EMV 3DS, has tripled since the start of 2021, which has coincided with a reduction in card-not-present fraud by 28 percent, and as it's more broadly adopted, Visa anticipates a similar reduction globally. That is as important for business as it is for trust, as 89 percent of cardholders abandon or reduce use of their credential after a fraud event.

As a critical engine of global commerce, Visa’s uncompromising commitment to security has bred new innovations to power the future of trusted digital money — one transaction at a time.