Advanced Authorization detects transactions using numbers acquired through phishing and ID theft.
Visa USA has unveiled technology for analyzing card transactions both individually and cumulatively across its entire network in order to detect emerging fraud patterns. The technology, called Advanced Authorization, will prevent an estimated $164 million in fraud losses over the next five years, Visa estimates.
When a credit card is swiped, Advanced Authorization provides an instantaneous rating of the transaction's potential for fraud to the card-issuing financial institution, including whether the card number was among those lost or stolen in a data-security incident.
The issuer is then able to respond back to the merchant whether to accept or decline the transaction, based in part on the evaluation provided by Advanced Authorization. The technology is being applied to every Visa credit- and check-card purchase today. Issuing financial institutions are in various stages of determining how to incorporate the expanded fraud information into their existing risk-assessment systems.
Visa has always had fraud-detection technology for analyzing risk involving a single card based, for example, on the cardholder's buying patterns. Until a few years ago, most card fraud revolved around a stolen card or account number being used to make fraudulent transactions. With existing fraud-prevention technology, Visa has been able to limit fraud losses to approximately 5 cents per $100 of transactions.
But with the emergence of phishing attacks, Internet E-commerce, and the opening of new accounts using stolen identities, more instances of card fraud are part of a broader scheme. The Advanced Authorization system examines transactions both vertically, based on risk behaviors associated with the individual cardholder, and horizontally, based on similarities occurring across the Visa network. For example, a fraud ring might be simultaneously testing hundreds of stolen or counterfeit account numbers; the system will detect that pattern of activity and alert Visa and the issuing banks to halt the transaction at the point of sale.
"The system is designed to spot situations where multiple accounts have been associated with some type of event, whether it's fraudulent testing or some other type of coordinated attack involving multiple accounts," says Jean Bruesewitz, senior VP of processing and emerging products at Visa USA.
The new system could cut the fraud rate from 5 cents per $100 to 2 cents, Bruesewitz says. Still, thwarting card fraud will "require continuous pushing back to keep fraudsters out of the payment system," she says.
During the pilot phase, begun a year ago, Advanced Authorization was tested by 90 card issuers accounting for half of Visa's transaction volume. "Advanced Authorization gives us an accurate risk score for every transaction, which has successfully helped us [flag] more fraudulent transactions and approve transactions that otherwise may have been [flagged] or declined," said Steve O'Connell, risk manager at Merrill Lynch, in a statement.
It wasn't clear how the Visa technology would work with commercially available fraud-detection systems from companies such as Real Decisions and eFunds Corp. Such systems apply sophisticated pattern-recognition technology to detect unusual activity such as large numbers of keyed-in transactions and significant increases in purchases of higher-priced items. Says Financial Insights research director Aaron McPherson, "Will the Visa system run as an independent layer on top of these other [vendors'] layers, or is there some linkage between the layers?"
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.