Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Visa Tackles Payment Fraud with New Security Services

Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems.

The new payment security services are meant to detect and disrupt fraud threats targeting financial institutions and merchants, and are available to Visa clients at no additional cost or sign-up.

Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems.

The new payment security services are meant to detect and disrupt fraud threats targeting financial institutions and merchants, and are available to Visa clients at no additional cost or sign-up.

The most prevalent account-related fraud types at the moment, Visa says, are ATM cashout attacks (where cybercriminals attempt to withdraw money from automated teller machines fraudulently) and enumeration attacks (automated testing of credentials to gain unauthorized access).

At the same time, card-not-present fraud (includes ecommerce, phone and mail orders) was found to be the most damaging to businesses, representing nearly 40% of fraud losses and operational costs.

The first of the newly introduced security capabilities is Visa Vital Signs, designed to actively monitor transactions and alert financial institutions of potential fraudulent activity at ATMs and merchants, to prevent ATM cashout attacks.

With Visa Account Attack Intelligence, deep learning is employed to analyze processed card-not-present transactions and identify any financial institutions or merchants that hackers may be using in enumeration attacks to guess account numbers, expiration dates and security codes.

Visa Payment Threats Lab was designed as an environment to test a client’s processing, business logic and configuration settings to discover any errors that could result in vulnerabilities. It allows Visa to verify if cryptograms (dynamically generated codes unique to each transaction) are correctly validated for EMV chip transactions.

To identify potential website compromise, Visa introduced eCommerce Threat Disruption, a proprietary solution that can proactively scan the front-end of eCommerce websites for payment data skimming malware.

These new capabilities add to the previously introduced Visa Payment Threat Intelligence, which provides cyber intelligence to clients and merchants worldwide, including alerts, analysis, technical indicators, and mitigations for potential cybercrime threats, account compromises and fraud.

“Visa’s new payment security capabilities combine payment and cyber intelligence, insights and learnings from breach investigations, and law enforcement engagement to help financial institutions and merchants solve the most critical security challenges,” RL Prasad, senior vice president of Payment System Risk at Visa, said.

Related: Breach Trends and Tips From Visa Threat Intelligence Exec Glen Jones

Related: Chip Cards Lead to 70% Drop in Counterfeit Fraud: Visa

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...