• Saturday, May 18, 2024
businessday logo


How Visa tackles growing $408bn card fraud ecosystem


Millions of people either opening their first bank accounts or coming online for the first time, renewing old cards, and so on, were responsible for chip card issuance and penetration rising to new levels in the first quarter of 2022 with adoption growing by 90 percent.

But as financial institutions make efforts to deliver best-in-class card services to their new and existing customers, hackers are sharpening their skills, deploying new strategies, and ruining the card payment experiences of many people.

Card fraud is expected to cost the industry a collective $408.50 billion in losses globally, according to data from a Nilson Report. The attacker’s areas of focus include ATM cash-outs (in an attack on Issuers) and Force Posting (in an attack on Acquirers) type of schemes, which are usually well-prepared and used to be extremely damaging for financial institutions.

Irene Auma, senior director, Head of Risk, sub-Saharan Africa, Visa, said at a recent security media roundtable that the threats are taking new dimensions. The dimensions include digital skimming which happens due to misconfigurations or lack of security controls within a merchant’s environment, which enables threat actors to exploit such misconceptions and successfully deploy the malicious skimming code.

Read also: Fintech, banks must collaborate to bridge Nigeria’s financial inclusion gap -Adebiyi

Other new threats include the return of card present schemes and social engineering. Investigations by Visa’s Global Risk team showed that nearly three-fourths of fraud and data breach cases on e-commerce merchants were carried out through social engineering and ransomware attacks. An example of social engineering is cases where a threat actor contacts a cardholder and claims to be an employee from the cardholder’s bank.

“In these schemes, the actors generally call the cardholders or send an SMS text alleging that the cardholder’s account was involved in fraud and prompts the cardholder to either call back a provided number or provide sensitive information to the threat actors. The result is the compromise of one-time passwords (OTPs), tokenised/one-time use PANs, or sensitive user account data such as bank login credentials (username/password),” Auma said.

Visa has invested over $9 billion in network security in the past five years as part of efforts to mitigate fraud. The company says it now employs more than a thousand dedicated specialists protecting its network from malware, zero-day attacks, and insider threats.

A significant part of its investment has gone to developing its artificial intelligence and big data capabilities. Today, the company says it uses AI and big analytics to identify threats. The AI capabilities involve real-time monitoring. This helped to block over $4.2 billion in fraudulent payments volume last year.

With big data, it can see from multiple-entry points what is being collected from the consumer and it can predict actions that are likely to be fraud. In 2021, the company managed to identify over $2 billion worth of potential fraud that would have impacted its clients and partners.

“When it comes to fighting fraud, data is the most precious resource. Because of Visa’s expensive global network, it has more data than its competitors, and Visa deploys that data to reduce fraud. But it’s not just about volume, it’s the quality and how it is used. Visa Advanced Authorisation, helped prevent an estimated $26 billion in fraud in 2021. The other side of preventing fraud is minimizing false customer declines. Visa applies the latest deep learning techniques to reduce false declines by as much as 30 percent,” Auma said.

Tokenisation which the company pioneered which replaces a customer’s card number with a 16-digit equivalent, or token, continues to protect sensitive payment data, secure digital payments, and accelerate the adoption of ecommerce in Africa and around the world.

Visa says it has over 800 resources across the globe to comb the web and identify potential risk information.

“This is an asset that we bring to our partners. Giving the consumer the mandate or the control to be able to determine when and what transaction they actually do and actually how they want to authenticate their transaction is actually proving to be efficient and very deterrent to the threats that we continue to see in the payment space,” Auma said.

However, the best way to effectively tackle card fraud is to make it a collective effort. It, therefore, goes beyond the singular investment of operators like Visa to efforts in encouraging behavioral shifts in consumers. These efforts already seem to be paying off.

Visa’s Back to Business Study noted that 78 percent of global consumer respondents have adjusted the way they pay for items due to intensified safety concerns and nearly half (48 percent) would not shop at a store that only offers payment methods that require contact with a cashier or a shared machine like a card reader.

The study predicts that consumer behaviours will further push merchants to innovate in order to grow and meet customer preferences. Merchants that invest in new ways to onboard customers and new ways to pay such as online, in-app, contactless, and IoT (wearables, in-car, smart speakers, smart appliances, among others) will be rewarded through customer acquisition, existing customer retention, and growth in sales. Merchants would need to upgrade their fraud defenses to avoid surprises from new customer acquisition.

Protection of customers will largely be happening on cloud technology, according to the study. Visa sees tokenisation playing a huge role. Tokens are expected to anchor an upgrade in payment authentication. The adoption of tokenisation has grown 60 percent year-on-year and has led to a 2.5 percent increase in approval rates and a 28 percent reduction in fraud rates.