Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Visa Tackles Payment Fraud with New Security Services

Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems.

The new payment security services are meant to detect and disrupt fraud threats targeting financial institutions and merchants, and are available to Visa clients at no additional cost or sign-up.

Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems.

The new payment security services are meant to detect and disrupt fraud threats targeting financial institutions and merchants, and are available to Visa clients at no additional cost or sign-up.

The most prevalent account-related fraud types at the moment, Visa says, are ATM cashout attacks (where cybercriminals attempt to withdraw money from automated teller machines fraudulently) and enumeration attacks (automated testing of credentials to gain unauthorized access).

At the same time, card-not-present fraud (includes ecommerce, phone and mail orders) was found to be the most damaging to businesses, representing nearly 40% of fraud losses and operational costs.

The first of the newly introduced security capabilities is Visa Vital Signs, designed to actively monitor transactions and alert financial institutions of potential fraudulent activity at ATMs and merchants, to prevent ATM cashout attacks.

With Visa Account Attack Intelligence, deep learning is employed to analyze processed card-not-present transactions and identify any financial institutions or merchants that hackers may be using in enumeration attacks to guess account numbers, expiration dates and security codes.

Visa Payment Threats Lab was designed as an environment to test a client’s processing, business logic and configuration settings to discover any errors that could result in vulnerabilities. It allows Visa to verify if cryptograms (dynamically generated codes unique to each transaction) are correctly validated for EMV chip transactions.

Advertisement. Scroll to continue reading.

To identify potential website compromise, Visa introduced eCommerce Threat Disruption, a proprietary solution that can proactively scan the front-end of eCommerce websites for payment data skimming malware.

These new capabilities add to the previously introduced Visa Payment Threat Intelligence, which provides cyber intelligence to clients and merchants worldwide, including alerts, analysis, technical indicators, and mitigations for potential cybercrime threats, account compromises and fraud.

“Visa’s new payment security capabilities combine payment and cyber intelligence, insights and learnings from breach investigations, and law enforcement engagement to help financial institutions and merchants solve the most critical security challenges,” RL Prasad, senior vice president of Payment System Risk at Visa, said.

Related: Breach Trends and Tips From Visa Threat Intelligence Exec Glen Jones

Related: Chip Cards Lead to 70% Drop in Counterfeit Fraud: Visa

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...