The COVID-19 pandemic has driven a massive increase in e-commerce spending, doubling to an expected $1 trillion this year, according to Adobe.
But that spending surge has brought with it a corresponding rise in payment security challenges. eSecurity Planet sat down with Dustin White, chief risk data officer at Visa, to discuss some of the steps the credit card and online payment giant has taken to combat fraud and improve cybersecurity.
White said Visa has invested $9 billion over the past five years on fraud prevention, with half a billion of that focused on AI and data infrastructure to secure the petabytes of data Visa handles, an investment that turned out to be well timed. “Our AI and data infrastructure powers over 60 different services that allow us to make the movement of money safer and smarter,” White told eSecurity Planet.
One of those services, Visa Advanced Authorization, helped prevent approximately $26 billion in fraud last year alone by evaluating over 500 unique attributes per transaction – including previous spending patterns, location, merchant, purchase amount – and generating a risk score in about a millisecond.
Also read: Best User and Entity Behavior Analytics (UEBA) Tools
Balancing Speed and Security
The challenge for Visa lies in balancing the amount of information that must be assessed with the speed of response – and AI, White said, has made it possible for Visa to integrate a significant amount of intelligence information into a real-time decision.
“That’s where we’ve gotten a lot better: to be able to ensure that we can incorporate as much of that intelligence as possible as fast as possible, so that those transactions that should be happening in milliseconds continue to do so, and continue to be more secure,” White said.
The security of the transaction, the speed of response, and the reliability of the decision are all critical. A recent Visa study found that when consumers see a charge on their statement they don’t recognize, or get a security alert on their phone, nearly 90 percent either completely abandon or greatly reduce their use of those credentials going forward.
To decrease the likelihood of those events, Visa also leverages AI to minimize false declines.
We’ve built a number of deep learning capabilities that allow us to look at false declines – and we’ve seen the effect of as much as a 30 percent reduction in false declines,” White said. “That’s important too, because as you start to get more granular and more specific about the fraud you’re looking for, you can impact genuine consumers adversely, and nobody wants that either.”
Also read: Database Security: 7 Best Practices & Tips
Tokenization has also been transformative for security, protecting everything from in-person mobile device payments to card-not-present transactions using Visa’s Cloud Token Framework. A 60 percent increase in tokenization year-over-year has led both to a 2.5 percent increase in approval rates and a 28 percent reduction in fraud.
“Not only are we taking crime out of the ecosystem, but we’re also increasing the likelihood that payment intentions go as expected for the merchants, the cardholders, and the financial institutions,” White said.
One key strength of tokenization is that it can be implemented regardless of where the transaction takes place. “As much of the crime has moved to the digital side of the house, you see less and less of it happening in person and more of it happening in the digital world,” White said. “This solution has ubiquity on both sides, and it allows us to make sure that the types of things that have had great effect in securing the card-present environment can start to manifest and thrive in the card-not-present environment as well.”
Also read: Tokenization vs. Encryption: Pros and Cons
Analytics, Communication and Targeting
For any company seeking to improve data security, White said, it’s critical to maintain clear communication between analytics and business operations.
“Harmonizing your analytic and business strategy is incredibly important, no matter if you’re dealing with a gigabyte of data or petabytes of data,” he said. “Ensuring that those folks have an understanding of the business, and the business has an understanding of the analytics, can only benefit you.”
It’s also important to be as targeted as possible. “There’s often a tendency in the industry to say, ‘You know what would make our business amazing? A good old scoop of AI.’ And it’s like the general approach to intelligence – you lose a target function, and when you don’t have a target function, you’ve basically got a research and development shop. Those have their place, but for most businesses, they want to be able to leverage data to drive a better outcome of some variety.”
The Visa Advanced Authorization score is a good example, with a tight focus on preventing fraud – and White said that clearly defined focus has been key to its success. “The integration of analytics and business, and being very targeted with the applications and the KPIs that you want to impact, are critical – no matter how big you are,” he said.
Read next: Top Data Loss Prevention (DLP) Solutions