As real-time and account-to-account transactions rise and payments fraud continues to rise with them, Visa is putting artificial intelligence (AI) to work. The company announced Wednesday (March 27) that it will use AI in a trio of new applications within its fraud and risk management technologies platform to protect issuers, merchants and consumers — even if the transaction is not within its network.
According to James Mirfin, senior vice president and global head of risk and identity solutions at Visa, fraud levels within its own network are relatively low — at around 7 cents per $100. But fraudsters continue to find new ways to attack transactions. Social engineering has become a key attack vector, where businesses and financial institutions (FIs) can be duped by fraudsters posing as legitimate customers, as phishing scams and business email compromise scams gain ground.
“It all just plays on human nature,” Mirfin said, “and the organized criminals are getting better at using technology to break trust.”
Add in the fact that real-time payments shrink the window for examining transactions for red flags, and it’s clear that enterprises — FIs and merchants alike — need some additional layers of protection. The urgency is there, especially for FIs and merchants outside of North America that may have multinetwork card portfolios or operate in markets where they have to “domestically” switch their transactions, Mirfin said.
These companies are looking for simplicity in the tools that are used to manage fraud, and to write new anti-fraud and authorization rules across their portfolios in a bid to approve more “good” transactions while lessening the operational burden of risk management (where, for example, call centers can be overwhelmed by concerned clients and fraud victims).
Visa has global coverage and a wealth of data that spans trillions of transactions, billions of accounts and decades of analysis to help improve authorizations and reduce false positives.
As he told PYMNTS’ Karen Webster: “We’re continuing to invest to make the Visa credentials as secure as possible — and to extend that protection more broadly across the payments ecosystem.” That ecosystem, where Visa’s spent more than $10 billion on new technologies through the past five years alone, Mirfin said, includes non-Visa card transactions.
“Unless you bridge the networks,” he said, “it’s hard to identify” fraudsters and illicit fund flows. The U.K. stands out here, as recent legislation would let banks and payment service providers put suspicious-looking peer-to-peer payments on hold for up to four days to conduct security reviews.
To that end, the company said Wednesday that it has launched three new AI-powered solutions as part of its Visa Protect suite — which Mirfin said is a rebranding of the risk and identity suite — that leverages neural network and deep learning models.
Among the new offerings of Visa Protect is Visa Deep Authorization, which is designed to help issuers — through transaction risk scoring — better manage card-not-present transactions, boosting authorization rates while cutting down on fraud.
The payment network is also expanding its Advanced Authorization and Risk Manager for non-Visa card payments — the expansion is network-scheme-agnostic so that issuers can simplify their fraud operations.
And in a nod to the growing embrace of faster transactions, the company has also launched real-time Account-to-Account Payment Protection, which is billed as Visa’s first fraud-prevention solution built for instant transactions, including risk scoring for payments that move between accounts and digital wallets and which move over real-time rails as money is sent and received by banks.
The new solutions will be available to Visa clients through the first half of this year, with launch dates dependent on the solution and the market.
Diving deeper into the offerings, Mirfin explained that Visa will run its advanced models on all transactions that flow through its network and assign risk scores. Those risk scores will be available in real time to the sending bank and the receiving bank.
In the other iteration, he said, the risk scoring can be run for a bank, or a group of banks, independently, and the new offerings model transactions and assign risk ratings.
“It’s like the Visa Advanced score,” he said, “that runs on the Visa network, but here it’s on a different real-time payment network.”
He offered up the example where Visa worked with a bank in the U.K. to connect and score not just the transactions traversing real-time rails, but also examine the debit portfolio so that accounts could be “mapped” to card transactions — uncovering “mule” accounts that had been used to funnel ill-gotten gains. One significant tell: A2A payments were linked to debit cards that suddenly showed signs of life long after remaining dormant (and in some cases, funds had flowed out to crypto wallets).
The new solutions, Mirfin said, will prove especially advantageous for smaller FIs that don’t have the resources or teams in place to grapple with the operational burden of risk management.
“They can choose whether they use VDA or VAA, which has been around for a long time,” he said, “or a combination, by using Risk Manager … or to put rules in place to manage the risk across their portfolios.”
“The criminals are getting more sophisticated,” he said. “They’ve got the same technology that the banks have and that the merchants have.
“We’re always trying to stay ahead of them,” he said of Visa, “and to help our customers stay ahead of them, too.”