MIAMI – Instead of building a “wall” to protect digital payments, Visa opts to reduce the amount of information contained in transactions to the point of making them unattractive targets for cyber crooks, Chief Enterprise Risk Officer Ellen Richey said.
That approach has helped to hold down the fraud risk rate to “less than 10 cents per each $100 transaction” over the last 15 years, she said in Miami, venue for the 2019 Visa Latin America and Caribbean Security Summit.
“The answer is, there is no wall because everything behind the wall is worthless. There is nothing to protect. That is the beauty of this,” Richey said.
“For the payments to go through so many places we have to devalue the data,” she said.
Besides minimizing the information, Visa is exploring “tokenization” and the use of biometric data for personal identification, the executive said, adding that the idea behind the token is similar to the concept of the chip already present in many credit and debit cards.
Like the chip, the token transmits an encoded message that must accompany the card number to complete a transaction, Richey said.
The token is intended for use “in a particular setting, on a particular device or particular Web site,” she said.
“In both cases, if the data are stolen they can’t be re-used for fraud,” the Visa executive said.
Another strategy relies on “ever more sophisticated” tools, such as machine learning or artificial intelligence, to analyze the behavior of cardholders and detect “unusual or suspicious” transactions, she said.
Richey said that the nature of the risk to payment systems changes with each successive technological revolution, “which are coming more and more quickly.”
Looking ahead, she said that the impending threat comes from “the brute force attack.”
Because the advent of the chip means that a card number alone is not enough to conduct a fraudulent transaction, criminal organizations “are trying to guess the data,” Richey said.
Using computers, crooks will run “hundreds of thousands, perhaps millions, of tests to be able to guess the account number, the expiration and date and the three-digit (security) code,” she said.
Cyber crime is a $600 billion-a-year industry, Richey said, citing research from computer security firm McAfee.
“With the explosion of connectivity, there are many more opportunities for the fraudsters,” she said.