Visa Launches New Fraud Detection Efforts
The company says the features would help protect the integrity of the payments ecosystem.
Visa has rolled out four new security features that alert financial institutions about fraudulent ATM activity and card-not-present fraud, as well as detect security vulnerabilities in EMV transactions and merchant websites.
The company said the features would help protect the integrity of the payments ecosystem and would be available to Visa clients at no additional cost.
“Cybercriminals attempt to bypass traditional defenses by stealing credentials, harvesting data, obtaining privileged access and attacking trusted third-party supply chains,” Visa Payment System Risk SVP RL Prasad said. “Visa’s new payment security capabilities combine payment and cyber intelligence, insights and learnings from breach investigations, and law enforcement engagement to help financial institutions and merchants solve the most critical security challenges.”
The four features include Visa Vital Signs, which monitors ATM transactions for cash-out attacks. In those attacks, criminals typically hack or phish their way into a credit union, bank or payment card processor; remove the financial institution’s ATM withdrawal limits and other fraud controls; and then alter account balances and other measures to make an unlimited amount of money available. Soon after, the criminals use fake cards to withdraw the money at a predetermined time. Visa said its new feature allows it to step in automatically or in coordination with clients to suspend the activity and limit losses.
The second feature, called Visa Account Attack Intelligence, uses “deep learning” to detect whether hackers are trying to guess account numbers, card expiration dates or security codes.
“The machine learning technology detects sophisticated enumeration patterns, eliminates false positives and alerts affected financial institutions and merchants before fraudulent transactions begin,” the company said.
Also part of the rollout was the Visa Payment Threats Lab, which tests clients’ processing, logic and configuration settings. One of the objectives is to determine whether a financial institution is effectively validating cryptograms for EMV transactions, it noted.
Additionally, Visa launched “eCommerce Threat Disruption,” which scans merchant websites for malware that could be skimming payment data.
“Identifying potential website compromises limits the amount of time malware might be present on a merchant website and significantly reduces exposure of customer and payment data,” it said.
The launches come on the heels of a new study from Visa and Forrester Research, which found that 68% of financial institutions, merchants and fintechs were worried about fraud in mobile banking payments. It also found that 60% were worried about fraud in mobile wallets and 58% were worried about it in peer-to-peer payments.
“Broadly speaking, organizations recognize that advanced analytics and decision-making models are crucial to success in addressing the risks of new payment technologies. Many don’t have these capabilities on their own and are investing in partnerships that can provide those capabilities. Additionally, 39% of survey respondents stated that security capabilities are a critical requirement of their partners,” the study reported.