With enumeration attacks rising at an unprecedented scale and speed, foresight of this form of cyber attack, which accounts for $1.1B in annual fraud losses, has spurred Visa to consolidate its Account Attack Intelligence tools using AI components to identify and score enumeration attacks.
Visa is a global leader in digital payments that values protecting its customers’ identity when making transactions as much as offering more ways to pay. The Visa Account Attack Intelligence (VAAI) offering with the addition of the VAAI Score harnesses the beneficial aspects of AI to detect enumeration attacks. U.S. issuers will be the first to generate a risk score of real-time fraud in card-not-present (CNP) transactions.
Paul Fabara, Chief Risk and Client Services Officer at Visa emphasised the toll of these attacks on enumerated account users, of which a third had experienced fraud within 5 days of fraudsters stealing their payment information.
Generating a VAAI Score in 20 milliseconds will help to reduce operational losses for the issuer and overall improve the cardholder experience by identifying legitimate transactions whilst “malicious transactions are proactively declined”.
“Enumeration can have lasting impacts on our clients and there’s an immediate need for tools that can better detect and prevent these attacks in real-time”.
“With the VAAI Score, our clients now have access to real-time risk scoring that can help detect the likelihood of an enumeration attack so issuers can make more informed decisions on when to block a transaction”.
AI-predictive technology is working on the side of fraud detection reducing the false positive rate by 85% compared to other risk models.
The VAAI Score model has been tested on more than 15 billion VisaNet transactions and has six times the number of features compared to previous VAAI models to help better assess suspicious enumeration transactions.
Visa’s approach leverages noisy data to train the highly accurate real time AI model.
The statement explained the decision to approve or decline CNP transactions after a two-digit risk score is generated and evaluated against general enumeration patterns.
