Andrew Torre, regional president for the CEMEA region, presents on how security drives growth Image Credit: Supplied

Visa, the world’s largest payment processor, has unveiled a suite of security capabilities that will help prevent and disrupt payment fraud, breaking new ground in cybersecurity and fraud prevention across Central & Eastern Europe, Middle East and Africa (CEMEA).

Fighting fraud

According to a global report by Forrester Consulting commissioned by Visa, ATM cashout attacks that exploit vulnerabilities among financial institutions and processors to remove fraud controls to withdraw money from cash machines fraudulently, and automated testing of values and credentials to gain unauthorised access to information and functionality called “enumeration attacks” were among the most prevalent account-related fraud types identified by respondents.

At the same time, card-not-present fraud that includes e-commerce, phone and mail orders was found to be less frequent but caused more damage to businesses — representing nearly 40 per cent of fraud losses and operational costs. Managing payment fraud holistically is imperative to meet these challenges.

Visa’s new payment security capabilities combine payment and cyber intelligence to help financial institutions and merchants solve the most critical security challenges

- Hector Rodriguez, Regional Risk Officer, CEMEA, Visa

Launched at the Visa CEMEA Security Summit 2019 in Barcelona, the new payment security services and capabilities help protect the integrity of the payments ecosystem by detecting and disrupting fraud threats targeting financial institutions and merchants.

No additional cost

The new capabilities are available to Visa clients at no additional cost or sign-up, but through Visa’s continued investments in intelligence and technology. These add to the long list of benefits financial institution and merchant clients enjoy as participants in the Visa global payment network.

"Cybercriminals attempt to bypass traditional defenses by stealing credentials, harvesting data, obtaining privileged access, and attacking trusted third-party supply chains,” said Hector Rodriguez, Regional Risk Officer, CEMEA, Visa. “Visa’s new payment security capabilities combine payment and cyber intelligence, insights and learnings from breach investigations, and law enforcement engagement to help financial institutions and merchants solve the most critical security challenges.”

It is critical we maintain that trust – among consumers, businesses, and governments – to ensure further digitalisation of commerce.

- Neil Fernandes, Visa’s Head of Risk for Middle East and North Africa

Neil Fernandes, Visa’s Head of Risk for Middle East and North Africa: “Findings from our recent ’Stay Secure’ survey conducted across the UAE, Saudi Arabia, Kuwait and Pakistan reveal increased consumer confidence and trust in transacting digitally using payment credentials. It is critical we maintain that trust – among consumers, businesses, and governments – to ensure further digitalisation of commerce.

"Collaboration with our partners is how we will be successful in our mission, and that is why platforms like our Security Summit are so important to translate our efforts into tangible outcomes and support the region’s commerce ambitions and digital transformation goals.”

Protecting the ecosystem

The new security capabilities add to existing protections and include:

Visa Vital Signs

Actively monitors transactions and alerts financial institutions of potential fraudulent activity at ATMs and merchants that may indicate an ATM cashout attack. To limit financial losses for financial institutions, Visa can automatically or in coordination with clients, step in to suspend malicious activity.

Visa Account Attack Intelligence

Applies deep learning to Visa's vast number of processed card-not-present transactions to identify financial institutions and merchants that hackers may be using to guess account numbers, expiration dates and security codes through automated testing. The machine learning technology detects sophisticated enumeration patterns, eliminates false positives, and alerts affected financial institutions and merchants before fraudulent transactions begin.

Visa Payment Threats Lab

Creates an environment to test a client’s processing, business logic and configuration settings to identify errors leading to potential vulnerabilities. For example, Visa can verify if a financial institution is effectively validating cryptograms — dynamically generated codes unique to each transaction — for EMV chip transactions.

Visa e-commerce threat disruption

A proprietary solution that uses sophisticated technology and investigative techniques to proactively scan the front-end of eCommerce websites for payment data skimming malware. Identifying potential website compromises limits the amount of time malware might be present on a merchant website and significantly reduces exposure of customer and payment data.

These capabilities complement Visa Payment Threat Intelligence, which provides actionable and informational cyber intelligence to clients and merchants worldwide. It offers timely intelligence reporting, technical delivery and educational materials. This includes alerts, analysis, technical indicators, and mitigations for potential cybercrime threats, account compromises and fraud.

The Visa CEMEA Security Summit 2019 bought together payment industry experts from risk, business and operational departments of financial institutions, merchants, processors and other payment service providers.