Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Visa Tackles Payment Fraud with New Security Services

Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems.

The new payment security services are meant to detect and disrupt fraud threats targeting financial institutions and merchants, and are available to Visa clients at no additional cost or sign-up.

Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems.

The new payment security services are meant to detect and disrupt fraud threats targeting financial institutions and merchants, and are available to Visa clients at no additional cost or sign-up.

The most prevalent account-related fraud types at the moment, Visa says, are ATM cashout attacks (where cybercriminals attempt to withdraw money from automated teller machines fraudulently) and enumeration attacks (automated testing of credentials to gain unauthorized access).

At the same time, card-not-present fraud (includes ecommerce, phone and mail orders) was found to be the most damaging to businesses, representing nearly 40% of fraud losses and operational costs.

The first of the newly introduced security capabilities is Visa Vital Signs, designed to actively monitor transactions and alert financial institutions of potential fraudulent activity at ATMs and merchants, to prevent ATM cashout attacks.

With Visa Account Attack Intelligence, deep learning is employed to analyze processed card-not-present transactions and identify any financial institutions or merchants that hackers may be using in enumeration attacks to guess account numbers, expiration dates and security codes.

Visa Payment Threats Lab was designed as an environment to test a client’s processing, business logic and configuration settings to discover any errors that could result in vulnerabilities. It allows Visa to verify if cryptograms (dynamically generated codes unique to each transaction) are correctly validated for EMV chip transactions.

To identify potential website compromise, Visa introduced eCommerce Threat Disruption, a proprietary solution that can proactively scan the front-end of eCommerce websites for payment data skimming malware.

Advertisement. Scroll to continue reading.

These new capabilities add to the previously introduced Visa Payment Threat Intelligence, which provides cyber intelligence to clients and merchants worldwide, including alerts, analysis, technical indicators, and mitigations for potential cybercrime threats, account compromises and fraud.

“Visa’s new payment security capabilities combine payment and cyber intelligence, insights and learnings from breach investigations, and law enforcement engagement to help financial institutions and merchants solve the most critical security challenges,” RL Prasad, senior vice president of Payment System Risk at Visa, said.

Related: Breach Trends and Tips From Visa Threat Intelligence Exec Glen Jones

Related: Chip Cards Lead to 70% Drop in Counterfeit Fraud: Visa

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...