Follow Datanami:
April 26, 2022

Payment Fraud at Record Lows Thanks to Analytics and AI, Visa Says


Despite a massive increase in online activity during the COVID-19 pandemic, fraud on the Visa payment network is at an all time low, the company says. One of the chief reasons for that success is a big investment in advanced analytics and AI.

The world changed in March 2020, when many countries went into lockdowns to prevent the spread of the virus that causes COVID-19. As retail shops and other physical locations closed, people’s attention turned to the Internet for school, work, and play.

Since late 2019, the volume of e-commerce traffic has grown by 50%, according to Visa. Peer-to-peer payments on Visa’s network more than doubled, while subscriptions to digital streaming services surpassed 1 billion for the first time, the company says.

Fraud also proliferated during the pandemic. There were many scams directly related to COVID-19, such as for fake test kits, unproven treatments, and personal protective equipment that never arrived. Criminals also helped themselves to $100 billion from various government COVID-19 relief programs, according to the U.S. Secret Service, with the California state unemployment office losing up to $30 billion alone. Work from home also helped proliferate the spread of ransomware into corporate networks, which doubled from 2020 to 2021, security researchers say.

But when it comes to cybercriminals netting huge profits from the COVID-19-induced panic and confusion on the Visa payment network, which handles half of the world’s payment traffic outside of China–well, it never actually happened.

Yes, there was fraud on the Visa network. But considering the huge increase in volume of card-not-present transactions, the amount of fraud has actually decreased during COVID-19 as a percentage of dollars transacted, according to Visa Chief Risk Data Officer Dustin White.

(Backcountry Media/Shutterstock)

“Fraud in our network is historically low,” White tells Datanami. “We’re talking about $0.07 for every $100 of payment volume. And that’s in the face of over 2 million daily attempts to harm our infrastructure.”

White, who is tasked with directing the $24-billion company’s global risk analytics and platform functions, attributed the record low fraud rate to Visa’s investments in cybersecurity and fraud prevention. Over the past five years, the Foster City, California company has invested $9 billion into cybersecurity, with $500 million of that specifically targeting Visa’s data and AI capabilities.

AI and analytics are embedded in more than 60 different services that Visa brings to bear to ensure the integrity of transactions on its network, White says. One of the most important ones is the Visa Advanced Authorization (VAA) score, which uses various AI and machine learning techniques to determine the likelihood that a given transaction is fraudulent within 300 milliseconds. VAA is the “flagship” AI and ML service at Visa, White says, and alone prevented $26 billion in fraud in 2021.

A more recent product out of White’s team is Visa Behavioral Analytics, which is designed to detect account takeovers and bot-based attacks. Over the past two years, this system has analyzed more than 400 million authentication requests against 12 million unique devices, White says.

“We continue to leverage capabilities like that to ensure we’re not just looking at transactional products,” he says, “but we’re also starting to get upstream into understanding places where identity comes into play and how that can be one more layer of how we ensure that what comes into our ecosystem is of the highest fidelity.”

Dustin White is the Chief Risk Data Officer for Visa

With more online activity comes more potential for trusting consumers to fall into traps set by an unscrupulous merchants. Some of Visa’s AI and analytics systems look to identify merchants who aren’t who they say they are or otherwise problematic merchants.

“The threat of….disingenuous actors is something that obviously goes up the more our business digitizes,” White says. “And we have to ensure that we’re constantly upping our game and driving better capabilities to stop that kind of behavior, to ensure that trust and security remain at the forefront of our brand.”

One area where Visa is employing deep learning techniques is reducing false declines. According to White, the latest deep learning techniques can reduce the false decline rate by up to 30%. “These are some of the new things we’re experimenting with, because that notion of ubiquitous acceptance globally and the highest level of security are two things that are really paramount to our brand,” White says.

However, not all of Visa’s security nets require AI or advanced analytics, or even big data for that matter. For example, tokenization, which came out of the PCI DSS regulation that Visa spearheaded over a decade ago, has been shown to reduce fraud by 28%, White says. It also leads to a 2.5% increase in approval rates, which White says is due to greater trust in transactions.

And there are places where rules-based decisioning still makes sense. For example, a sudden jump in the velocity of transaction volumes is a very good indication of fraud, White says.

“If we see transactional volumes accelerating somewhere that we have never seen of that magnitude or speed, you don’t need a lot of sophisticated analytics to pick up on that kind thing and investigate it,” he says.


“So it’s a balance,” he continues. “What I don’t think you want to do, and what a lot of companies I would argue struggle with, is they get this notion that machine learning and artificial intelligence is a necessity of success. And I would agree with that. But the implementation and deployment is what really matters, and having places where we have clear designated drivers that say ‘Artificial intelligence and machine learning can make this tool better in these ways,’ are the places we’ve seen the most success.”

Visa clearly must automate much of its response to fraud, as the volume of attacks is so great. And AI and machine learning are indispensable in that regard. But the company still maintains humans in the loop, because people are an indispensable component of the equation too.

“Our approach is aggressive and multilayered. No one solution is going to solve and thwart all of the attacks on our infrastructure,” White says. “One of the examples would be our cyber Fusion Centers. We have these centers built on three continents. They’re 24/7/365 shops that are doing security monitoring, incident response investigation, and they have threat intelligence capabilities.

“So in some ways what they’re doing is sitting at the tip of the spear,” White says. “[They’re saying] ‘What are we seeing that’s getting into our ecosystem and how does it look compared to what we historically see?’ That’s another piece of it that has humans in the loop as it relates to advanced capabilities.”

Despite the success in tamping down the fraud and saving consumers billions of dollars, Visa isn’t holding parades. The work continues to stay one step ahead of the bad guys. The company is constantly looking for ways to stop what new thing the criminals come up with.

“It’s at the very top of the register for cybercriminals to have creativity,” White says. “So that work is never done. And as our attack surface grows, it proliferates in the new places.”

Related Items:

The Modernization of Data Engineering at Capital One

AI Powers Mastercard’s New Authentication Process

AMEX Adopts Machine Learning to Crunch More Data