Visa adds new payment security services to combat emerging frauds

New payment fraud services from Visa includes a tool to probe websites for card-data skimmer malware

Visa has launched a suite of new payment security services for merchants and financial institutions to help prevent payment fraud.

All new security services are immediately available to Visa merchants and banks at no extra cost or signup.

"Cyber criminals attempt to bypass traditional defences by stealing credentials, harvesting data, obtaining privileged access, and attacking trusted third-party supply chains," said RL Prasad, senior vice president of payment system risk at Visa.

"Visa's new payment security capabilities combine payment and cyber intelligence, insights and learnings from breach investigations, and law enforcement engagement to help financial institutions and merchants solve the most critical security challenges," he added.

Before rolling out the new capabilities, the company commissioned Forrester Consulting to study how bank account-related frauds are being carried out worldwide. The analysts found that ATM "cashout attacks" and "enumeration attacks" are the two most common types of frauds carried out by cybercriminals.

Visa's new payment security capabilities combine payment and cyber intelligence, insights and learnings from breach investigations

In ATM cashout attacks, criminals surreptitiously remove fraud controls used by banks or other financial institutions to withdraw cash from ATM machines. In "enumeration attacks," hackers carry out automated testing of credentials to gain unauthorised access to sensitive information of account holders.

But, more damaging are "card-not-present" frauds, which account for about 40 per cent of losses and operational costs.

The new services launched by Visa combine various preventative measures intended to fix vulnerabilities before they can be exploited by attackers.

Visa Vital Signs is the first of five security additions. It constantly monitors all ATM and merchant transactions throughout the network and alerts financial institutions about any potential fraudulent activity indicating an ATM cashout attack. Visa will suspend the malicious activity automatically or in coordination with its clients to minimise potential financial damages.

Visa Account Attack Intelligence provides the second layer of defence by using deep machine learning to analyse the processed "card-not-present" transactions on Visa's database. The aim is to identify the malicious attempts by attackers to guess clients' account numbers and other sensitive details through automated testing.

Visa Payment Threats Lab works as a third layer of protection by enabling a firm to create a testing environment in order to test any configuration setting, business logic or client's processing to highlight security issues that could result in new attack vectors.

Visa eCommerce Threat Disruption is designed to scan the front-end of eCommerce websites to identify card data skimmer malware.

Online banking frauds are constantly on the rise for the past several years, according to cybersecurity firms. In May, a study conducted by a group of Cambridge University cybersecurity researchers revealed that online banking frauds have doubled since 2011. The researchers argued that the governments should do more to combat such fraud.

In another study, security researchers at Positive Technologies revealed last month that hackers can bypass the £30 spending limit on Visa contactless cards by leveraging a series of security flaws.