New Visa Technology Detects Fraud Rings - InformationWeek
Software // Enterprise Applications
02:17 PM
[Ransomware] Taking the Mystery out of Ransomware
Dec 07, 2016
Lost data. Systems locked down. Whole companies coming to a grinding halt. When it comes to ransom ...Read More>>

New Visa Technology Detects Fraud Rings

Advanced Authorization detects transactions using numbers acquired through phishing and ID theft.

Visa USA has unveiled technology for analyzing card transactions both individually and cumulatively across its entire network in order to detect emerging fraud patterns. The technology, called Advanced Authorization, will prevent an estimated $164 million in fraud losses over the next five years, Visa estimates.

When a credit card is swiped, Advanced Authorization provides an instantaneous rating of the transaction's potential for fraud to the card-issuing financial institution, including whether the card number was among those lost or stolen in a data-security incident.

The issuer is then able to respond back to the merchant whether to accept or decline the transaction, based in part on the evaluation provided by Advanced Authorization. The technology is being applied to every Visa credit- and check-card purchase today. Issuing financial institutions are in various stages of determining how to incorporate the expanded fraud information into their existing risk-assessment systems.

Visa has always had fraud-detection technology for analyzing risk involving a single card based, for example, on the cardholder's buying patterns. Until a few years ago, most card fraud revolved around a stolen card or account number being used to make fraudulent transactions. With existing fraud-prevention technology, Visa has been able to limit fraud losses to approximately 5 cents per $100 of transactions.

But with the emergence of phishing attacks, Internet E-commerce, and the opening of new accounts using stolen identities, more instances of card fraud are part of a broader scheme. The Advanced Authorization system examines transactions both vertically, based on risk behaviors associated with the individual cardholder, and horizontally, based on similarities occurring across the Visa network. For example, a fraud ring might be simultaneously testing hundreds of stolen or counterfeit account numbers; the system will detect that pattern of activity and alert Visa and the issuing banks to halt the transaction at the point of sale.

"The system is designed to spot situations where multiple accounts have been associated with some type of event, whether it's fraudulent testing or some other type of coordinated attack involving multiple accounts," says Jean Bruesewitz, senior VP of processing and emerging products at Visa USA.

The new system could cut the fraud rate from 5 cents per $100 to 2 cents, Bruesewitz says. Still, thwarting card fraud will "require continuous pushing back to keep fraudsters out of the payment system," she says.

During the pilot phase, begun a year ago, Advanced Authorization was tested by 90 card issuers accounting for half of Visa's transaction volume. "Advanced Authorization gives us an accurate risk score for every transaction, which has successfully helped us [flag] more fraudulent transactions and approve transactions that otherwise may have been [flagged] or declined," said Steve O'Connell, risk manager at Merrill Lynch, in a statement.

It wasn't clear how the Visa technology would work with commercially available fraud-detection systems from companies such as Real Decisions and eFunds Corp. Such systems apply sophisticated pattern-recognition technology to detect unusual activity such as large numbers of keyed-in transactions and significant increases in purchases of higher-priced items. Says Financial Insights research director Aaron McPherson, "Will the Visa system run as an independent layer on top of these other [vendors'] layers, or is there some linkage between the layers?"

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll