How Visa has weaponized its data to keep thieves out of your wallet

(Image credit: Shutterstock / Darko 1981)

The pandemic has disrupted practically all industries in some way or form, but few to a greater degree than commerce.

With the introduction of lockdown policies in early 2020 came an instantaneous shift in the way people purchased goods. By necessity, online shopping became the default, where previously the vast majority of purchases were made in-person.

Although brick-and-mortar sales have recovered with the withdrawal of restrictions, the consensus is that the pandemic has brought about a permanent change in shopping habits.

The latest analysis from FTI Consulting suggests ecommerce sales will exceed $1 trillion for the first time this year, accounting for 22.1% of all retail purchases. Before the pandemic, this figure sat at roughly 15%.

With a shift in behavior of this magnitude inevitably comes an uptick in cybercriminal activity, as fraudsters attempt to capitalize on low levels of tech knowledge in some quarters of the population.

Online shopping

Ecommerce sales are expected to exceed $1 trillion for the first time in 2022. (Image credit: Shutterstock / JIMMYOYHT)

Visa has funnelled billions of dollars towards securing its payments network over the last five years, a significant portion of which has gone into figuring out how to weaponize its troves of data in the fight against fraud.

“The shift to digital commerce has inspired a wave of creativity among fraudsters. In an increasingly digitized world, that really comes to bear,” said Dustin White, Chief Risk Data Officer at Visa, in conversation with TechRadar Pro.

“We believe we are – and want to remain – the most secure way to pay in the world. That means investing heavily to stay ahead of the fraudsters.”

New era of fraud

Historically, fraud prevention has focused predominantly on understanding and validating transactions to determine what can be considered a “legitimate moment of commerce”, White explained.

However, the picture has changed in recent years as attacks begin to take place further up the chain, in the form of identity or entity compromise. When an attacker is using valid payment credentials in an authentic way, identifying a fraudulent transaction becomes a lot more difficult.

To address this problem, Visa has turned its attention to developing a suite of AI tools capable of identifying red flags that would otherwise go undetected, fueled by the petabytes of transaction data it holds in storage. 

“All of the data Visa generates as part of its business operations has a lot of value as it relates to understanding patterns that signify fraud. We work with that data to ensure our ecosystem is of the highest security, integrity and resilience as possible, based on what we understand from the past and what our predictive capabilities can tell us about the future,” said White.


Fraud attacks are beginning to take place further up the chain, in the form of identity compromise. (Image credit: Shutterstock / Sapann Design)

“Some of the applications and tools we’ve started building focus a lot more on the authenticity of identity, which will be really important as fraudsters try to take advantage of the shift towards digital commerce.”

The “staple” of Visa’s fraud prevention arsenal is its Advanced Authorization score, a measure of the riskiness of a transaction assigned at the point of purchase. Armed with this information, which is calculated in a matter of milliseconds, card issuers can make a decision on whether or not to proceed with a transaction.

This service alone is estimated to have prevented roughly $26 billion in fraud last year and a similar figure is expected to be met again in 2022.

However, while the measures put in place by Visa and other stakeholders up and down the payments chain are clearly paying dividends, there is evidence to suggest that consumers are getting better at protecting themselves too.

Changing attitudes

A common way to characterize the relationship between cybersecurity posture and quality of user experience is as the opposing poles on a spectrum; twisting the dial in favor of one results in a drop off in the other of an equivalent degree.

In this scenario, the unenviable task of the service provider is to locate the point at which they are able to secure transactions effectively while inconveniencing the customer to the least possible extent.

However, White believes there has been a “rebalancing” of this equation as more people grow aware of the dangers of fraud. Whereas consumers have previously been unwilling to abide any amount of added friction, irrespective of the benefits, people are now increasingly willing to engage with the protective measures available to them.

“Obviously, friction in digital payments can cause disruption, but so can a fraud event. I think the calculus is shifting, in a world where there’s increased financial literacy and a higher focus on privacy and data protection,” he told us.

Google Titan Security Key

Consumers are increasingly willing to abide a level of friction, if it means minimizing the risk of fraud. (Image credit: Google)

“The voice of the consumer is showing there’s an appetite to take a moment – whether to type in a one-time passcode or register for an account - to drive a higher level of security.”

Although Visa is obviously aware of the need to ensure the buyer’s experience is as smooth as possible, the company is more concerned with friction as it relates to the cybercriminals perpetrating fraud atop its network.

If placing an AI-based rendering on top of a transaction increases wait time by a few hundred milliseconds for buyers, but results in a dramatic increase in friction for fraudsters, the overall benefit can be said to outweigh the tax.

“We’ve tried to remove all the paths of least resistance that we know fraudsters tend to migrate towards; when they find a weakness, they’ll go at it as long and hard as they can,” White added.

Turning the tide

Although the pandemic has brought many millions of new people to online shopping, and in spite of the rise in the volume of cyberattacks and fraud attempts over the last few years, there is evidence to suggest the defenses put in place by retailers, card issuers and infrastructure providers are doing their job.

“Despite a monumental shift for digital commerce and continued growth of new ways to pay, fraud rates continue to come down and are as low as they’ve been historically,” White told us.

”While issues do come up, they come up much less than they used to - and we’ll continue to make sure that trend continues into the future.”

The key to extending this trend will be in finding new ways to mine transaction data for patterns and clues that betray attempted fraud, says Visa, which claims to have a larger data repository than any of its competitors.

The capacity to automate fraud detection will also lift much of the burden from the shoulders of security professionals, who are fighting an uphill battle in the face of the tsunami of attacks. 

In some respects, this is thankless work for Visa; nobody ever knows when fraud has been prevented, after all. But the company will be comfortable with receiving none of the glory, if a record for watertight security continues to bring new merchants and issuers to its doors.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.