Visa has announced a suite of security capabilities to help prevent and disrupt payment fraud.

These should help protect the integrity of the payments ecosystem by detecting and disrupting fraud threats targeting financial institutions and merchants. They are available to Visa clients at no additional cost or sign-up.

"Cybercriminals attempt to bypass traditional defences by stealing credentials, harvesting data, obtaining privileged access, and attacking trusted third-party supply chains,” said RL Prasad, senior vice president for payment system risk at Visa. “Visa’s new payment security capabilities combine payment and cyber intelligence, insights from breach investigations, and law enforcement engagement to help financial institutions and merchants solve the most critical security challenges.”

According to a report by Forrester Consulting commissioned by Visa, ATM cashout attacks that exploit vulnerabilities among financial institutions and processors to withdraw money from cash machines fraudulently, and automated testing of values and credentials to gain unauthorised access to information called ‘enumeration attacks’, were among the most prevalent account-related fraud types identified.

At the same time, card-not-present fraud that includes e-commerce, phone and mail orders was found to be less frequent but caused more damage to businesses—representing nearly 40 per cent of fraud losses and operational costs.

As threats evolve, Visa stated that its payment security capabilities attempt to holistically protect the core components of the ecosystem - people, data and infrastructure - to maintain trust.

The new security capabilities add to existing protections and include:

• Visa Vital Signs – Actively monitors transactions and alerts financial institutions of potential fraudulent activity at ATMs and merchants that may indicate an ATM cashout attack. To limit financial losses for financial institutions, Visa can automatically or in coordination with clients, step in to suspend malicious activity.
• Visa Account Attack Intelligence – Applies deep learning to Visa's vast number of processed card-not-present transactions to identify financial institutions and merchants that hackers may be using to guess account numbers, expiration dates and security codes through automated testing. The machine learning technology detects sophisticated enumeration patterns, eliminates false positives, and alerts affected financial institutions and merchants before fraudulent transactions begin.
• Visa Payment Threats Lab – Creates an environment to test a client’s processing, business logic and configuration settings to identify errors leading to potential vulnerabilities. For example, Visa can verify if a financial institution is effectively validating cryptograms - dynamically generated codes unique to each transaction - for EMV chip transactions.
• Visa eCommerce Threat Disruption – A proprietary solution that uses investigative techniques to proactively scan the front-end of e-commerce websites for payment data skimming malware. Identifying potential website compromises limits the amount of time malware might be present on a merchant website and significantly reduces exposure of customer and payment data.

These capabilities complement existing Visa Payment Threat Intelligence, which provides actionable cyber intelligence to clients and merchants worldwide. This includes alerts, analysis, technical indicators and mitigations for potential cybercrime threats, account compromises and fraud.

Share Story: