CRO Paul Fabara shares how Visa is using AI to counter cyberattacks

Security isn’t scalable without AI. Whether you’re protecting personally identifiable information (PII), intellectual property or digital payments, being able to automate discovery of malicious activity is vital. Recently VentureBeat connected with Paul Fabara, chief risk officer at Visa, who’s led the organization’s cybersecurity and risk management strategy since 2019. During our Q&A Fabara highlighted some technologies and approaches organizations can use to protect sensitive information at scale, and elaborated on how Visa uses these internally.

Key insights from the interview include the importance of using AI and machine learning to detect threats to data across the cloud, and to identify vulnerabilities at the network level.

Following is an edited transcript of the interview. 

VentureBeat: How do you see cybercrime evolving over the next 12 to 24 months?

Paul Fabara: As commerce continues to return to digital and physical modes, fraudsters are adapting their tactics to find new ways to scam consumers and businesses.

Over the next couple [of] years, we will continue to see fraud follow trends that reflect daily life. This is due to a couple of factors — for example, the rise of digital payments has significantly transformed money movement, making it easier, faster and more seamless.

While the benefits are clear, this also provides bad actors with more opportunities for fraudulent activity, such as having the ability to conceal their identities and trick consumers more easily into sending them money.

Additionally, the potential for economic slowdown may provide bad actors with a stronger incentive to connect with and lure their victims, for their own financial gain. Bad actors thrive on uncertainty, and often expand their targets to make quick cash to cover rising costs and expenses.

Countering threats in the cloud, threats from generative AI

VB: What’s the central challenge of maintaining data security and protecting PII in even more complex cloud environments?

Fabara: PII is a double-edged sword. On one hand, collecting personal information is useful in validating identities and ultimately preventing fraud.

On the other hand, people recognize the value of their PII and are frequently hesitant to provide such details in fear of it being compromised or falling into the wrong hands. 

As organizations continue to leverage complex cloud environments, enabling and maintaining data security can prove to be even more challenging due to complicated access controls and wider attack surfaces that can create new vulnerabilities. 

To address this issue, AI- and ML-powered solutions can be used to detect threats across environments and strengthen an organization’s defenses. At Visa, protecting consumers’ data and transactions is at the heart of everything we do.

To that end, we’re focused on leveraging cutting-edge cybersecurity, AI, advanced analytics, authentication solutions and more to reduce fraud across the entire payments ecosystem.

VB: What impact do you think ChatGPT will have on the threat landscape? 

Fabara: Criminals are becoming more adept at using AI, leveraging sophisticated techniques to steal data and information that isn’t their own.

As AI continues to evolve and new use cases enter the market, like we’ve seen with ChatGPT, it will become easier for fraudsters to leverage AI-enabled tools to their advantage. This can include replicating real people and conducting social engineering attacks at scale.

It might be easy to spot a phishing email today when it’s full of grammatical errors, but AI could help bad actors create more accurate and personalized forms of communication that are harder to spot as fraudulent.

Security at Visa: The next generation

VB: What technologies/strategies are you looking at to secure Visa against the next generation of threats? 

Fabara: There is no silver bullet when it comes to security, but taking a multi-layered approach and implementing best-in-class fraud solutions at every stage of the payment lifecycle has enabled us to provide 360-degree protection for consumers and businesses. 

For example, we have over 1,000 full-time cybersecurity specialists who use natural [language] processing to analyze petabytes of data. That enable[s] us to protect Visa’s network from malware and zero-day attacks. 

We’re also leveraging more AI-enabled solutions and machine learning models to identify threats and fit the most likely points of network vulnerability. 

On the client side, our security teams monitor, scan and check client systems for suspicious activity and vulnerabilities. As we prepare for the next generation of threats, we will continue to invest in cutting-edge technologies to stay on top of the ever-evolving threat landscape.

How does Visa identify fraudulent transactions at scale? 

Fabara: AI is woven into the fabric of Visa, powering about 60 different capabilities, making the movement of money smarter and safer. 

Our powerful data processing and algorithms allow for real-time decision-making for every transaction. Having one of the largest and richest datasets in the world, we’re able to put AI to work in a very tangible way.

One service alone, Visa Advanced Authorization, prevented $26 billion in fraud in 2021. The technology uses various AI and ML techniques to determine the likelihood that a given transaction is fraudulent within 300 milliseconds.

With every transaction, our Advanced Authorization technology analyzes up to 500 unique risk factors to detect fraud in real time, making fraud detection faster, more efficient and far more accurate.

AI key to cybersecurity

VB: Could you elaborate on what role AI plays in your cybersecurity strategy? 

Fabara: As cyberattacks become increasingly sophisticated, technology is key to preventing fraud and thwarting bad actors’ threats to the global money-movement ecosystem. With $500 million invested in AI and data analytics, we are using cutting-edge technology to reduce and prevent fraud before it ever happens.

For example, our Advanced Identity Score solution combines Visa’s AI with rich, proprietary data to predict fraud on transactions where the Visa network is involved.

Additionally, we use machine learning to prevent billions in fraudulent transactions every year, and are applying the latest deep learning techniques to reduce false declines by as much as 20%.

VB: What roles does ethical hacking play in Visa’s security strategy? 

Fabara: Our Visa Payment Threat Lab creates an environment where we can test a client’s processing, business logic and configuration settings to identify errors that can lead to potential vulnerabilities.

In this lab, we use real-world fraud scenarios to better understand threats to the ecosystem and identify weaknesses before they lead to fraud losses in the real world.

VB: Are there any other comments you’d like to add?

Fabara: We have invested $10 billion in technology and innovation over the last five years to stop fraudsters in their tracks and protect merchants and consumers from taking on fraud losses. Through our cutting-edge cybersecurity, using AI and advanced data analytics, we leverage a robust dataset to combat fraud proactively.