How Visa built out its fraud-fighting tech with machine learning, Visa Europe's scale
The fraud challenge faced by issuers and merchants alike has become increasingly complex over the last few years with the prevalence of e-commerce and cross-border payments. Visa's response to these trends has benefited heavily from the global scale it got by reabsorbing Visa Europe in 2016.
Today More than 8,000 issuers in 129 countries have deployed Visa Advanced Authorization (VAA) to help tackle payment card fraud. This expansion capitalized Visa's purchase of Visa Europe, granting it access to multiple issuers in that region — and supercharging the data available to its AI-driven fraud detection engine.
A major use case for VAA is in policing cross-border transactions, a task that would have been much more challenging when Visa and Visa Europe were separate entities (the two split in 2007 in preparation for Visa's IPO). VAA has saved issuers an estimated $25 billion in annual prevented losses, the card network announced Monday.
“Cross-border transactions are an important application for issuers to deploy VAA because our network is global and we can spot fraud trends faster than individual issuers can,” said Ann Ewing, vice president of identity and risk products at Visa.
At the time of reunification, Visa described its plan for Visa Europe as one of exposing that market to the technological developments created by the U.S.-based Visa. And while that has happened, it's also a boon for a fraud system like VAA to have visibility into the data Visa Europe brings.
The efforts at Visa to leverage the massive amounts of data that runs through its network to identify fraud date back to 1993, when it launched the Credit Risk Identification System or CRIS. The CRIS program saved the first 15 issuers on the platform from suffering $20 million in fraud losses in its first year of operation.
The program was renamed Visa Advanced Authorization in 2004 and has experienced continuous upgrades along the way as Visa has learned how to apply lessons through machine learning, which helps it spot new fraud trends as well as mitigate false declines (legitimate transactions that are flagged as possibly fraudulent).
“Visa Advanced Authorization or VAA is one of our flagship products and it’s based on Visa data spanning 200+ countries, trillions of dollars of spend over multiple years of card use” Ewing said. "We take all of that data and score transactions based on 500 risk attributes to inform an issuer about the potential risks in accepting a specific transaction."
With all of that data available to Visa, AI became an essential part of its fraud management strategy.
"AI allows us to examine transaction histories and pattern recognition in a much faster way than we could have done before," Ewing said. "We also have a feedback loop that examines reported fraud that passed through as well as false declines to improve the algorithm. We monitor the model on a regular basis so we can improve its accuracy."
While the growth of e-commerce in the Americas, Europe, and Asia, has made it significantly easier for consumers to shop 24x7x365 it has also opened up a new and lucrative avenue for criminals in which to commit fraud.
Significant efforts have been made by all card networks to defeat the rise of fraud and to appease chargeback weary merchants. Earlier this year Mastercard acquired the Toronto-based fraud detection firm Ethoca to complement its dual 2017 acquisitions of the biometric and behavioral analytics firm NuData and AI-powered fraud software provider Brighterion.
“Platforms like Visa’s VAA and Mastercard’s EMS [Expert Monitoring Solutions] are excellent illustrations of the value of investing in and applying advanced analytics to better manage the increasing threat of fraud," Trace Fooshee, senior analyst in the fraud and AML practice at Aite Group. "Because they have access to the entire network’s transactional data, their fraud analytics tools are particularly well positioned in their capacity to provide a more accurate and holistic perspective on the validity of the transaction."
By deploying multiple tools offered by the networks or third parties, individual issuers can assemble a multi-layered defensive solution. Visa also offers additional fraud fighting tools such as its Visa Risk Manager, Visa Consumer Authentication Services (VCAS) and CyberSource Decision Manager.
“Most issuers use more than one risk model to get a more accurate prediction of fraud," Fooshee said. "Each risk model has its own unique strengths and weaknesses. While each one has value in and of itself, they work considerably better when they work in concert to provide a 360-degree view of the transaction.”
AI and machine learning techniques are increasingly important to prevention payment fraud, noted Tim Sloane, vice president of payments innovation at Mercator Advisory Group.
“Issuers need to be particularly vigilant regarding false positives and there are companies that specialize in machine learning models that do nothing but catch false positives to allow the transaction to be processed – again think layers,” added Sloane.