For merchants and banks, payment fraud can lead to heavy financial losses and a serious besmirching of reputation.
Business and financial institutions received a helping hand today when Visa announced a suite of new industry-first payment security services and capabilities to prevent and disrupt payment fraud. The new capabilities are available to Visa clients at no additional cost or signup.
Before launching the new services, Visa commissioned Forrester Consulting to study global bank account-related fraud. The report found that the most prevalent types of fraud committed were ATM “cashout attacks” that remove fraud controls put in place by financial institutions and processors to withdraw money from cash machines fraudulently and "enumeration attacks" in which automated testing of values and credentials is carried out to gain unauthorized access to information and functionality.
Rarer but more damaging were instances of card-not-present fraud, including e-commerce and phone and mail orders, which represented nearly 40% of fraud losses and operational costs.
The approach of Visa's new service is holistic, combining preventative steps to address vulnerabilities before they are exploited with swift action when a breach does occur.
Under the new four-pronged system that went live today, Visa Vital Signs will monitor ATM and merchant transactions, alerting financial institutions when any potentially fraudulent activity occurs in a bid to prevent cashout attacks. Malicious activity can be suspended by Visa automatically or in coordination with clients.
A second layer of defense will be provided by Visa Account Attack Intelligence, which applies deep machine learning to Visa's vast ocean of processed card-not-present transactions to identify financial institutions and merchants that hackers might target with automated testing to guess account numbers, expiration dates and security codes.
Visa Payment Threats Lab provides a third layer of protection by creating an environment in which a client's processing, business logic and configuration settings can be tested to identify errors that could lead to vulnerabilities.
Bringing up the rear is proprietary solution Visa eCommerce Threat Disruption, which uses sophisticated technology and investigative techniques to proactively scan the front end of e-commerce websites for payment-data-skimming malware.