In a recent blog post marking 25 years of ecommerce, Visa noted that the first ecommerce payment was made on the Visa network on August 11, 1994.
A lot has changed since then, but fraud remains alive and well on the Internet, harming not only buyers, but sellers as well. On Tuesday, Visa announced the launch of a suite of security capabilities to help prevent and disrupt payment fraud.
The new payment security services detect and disrupt fraud threats that target financial institutions and merchants. There are no additional costs to Visa clients.
“Cybercriminals attempt to bypass traditional defenses by stealing credentials, harvesting data, obtaining privileged access, and attacking trusted third-party supply chains,” said RL Prasad, senior vice president, Payment System Risk, Visa. “Visa’s new payment security capabilities combine payment and cyber intelligence, insights and learnings from breach investigations, and law enforcement engagement to help financial institutions and merchants solve the most critical security challenges.”
The company cited research conducted on its behalf by Forrester Consulting. Card-not-present fraud – including ecommerce, phone and mail orders – was found to be less frequent but caused more damage to businesses, representing nearly 40% of fraud losses and operational costs. Managing payment fraud holistically is imperative to meet these challenges, the company wrote.
The new security capabilities that add to existing protections include:
Visa Vital Signs – Actively monitors transactions and alerts financial institutions of potential fraudulent activity at ATMs and merchants that may indicate an ATM cashout attack. To limit financial losses for financial institutions, Visa can automatically or in coordination with clients, step in to suspend malicious activity.
Visa Account Attack Intelligence – Applies deep learning to Visa’s vast number of processed card-not-present transactions to identify financial institutions and merchants that hackers may be using to guess account numbers, expiration dates and security codes through automated testing. The machine learning technology detects sophisticated enumeration patterns, eliminates false positives, and alerts affected financial institutions and merchants before fraudulent transactions begin.
Visa Payment Threats Lab – Creates an environment to test a client’s processing, business logic and configuration settings to identify errors leading to potential vulnerabilities. For example, Visa can verify if a financial institution is effectively validating cryptograms—dynamically generated codes unique to each transaction—for EMV® chip transactions.
Visa eCommerce Threat Disruption – A proprietary solution that uses sophisticated technology and investigative techniques to proactively scan the front-end of eCommerce websites for payment data skimming malware. Identifying potential website compromises limits the amount of time malware might be present on a merchant website and significantly reduces exposure of customer and payment data.
Those capabilities complement Visa Payment Threat Intelligence, which provides actionable and informational cyber intelligence to clients and merchants worldwide. It offers timely intelligence reporting, technical delivery and educational materials. This includes alerts, analysis, technical indicators, and mitigations for potential cybercrime threats, account compromises and fraud.
Read the full press release on the Visa website.