CIO Insight: What is Inovant? What is the purpose of creating a separate IT subsidiary within Visa?
Dreyer: Setting up Inovant as a separate entity allows for a cleaner division of responsibilities between what the business is trying to accomplish and what we, from a system's perspective, are trying to do.

We're set up as the IT arm, so we actually work with the various regions to understand what they're trying to accomplish, because what might be done in Asia Pacific, although the basic principles are the same, might be done differently in another area of the globe.

What kind of traffic are we talking about on the Visa network?
In 2005, we processed, or settled I should say, nearly 2 trillion U.S. dollars around the globe, and that's big in anybody's book. We have more than 1.3 billion cardholders on a worldwide basis. Over 20 million merchants accept Visa. You're looking at about 21,000 member financial institutions. And our transaction volume is growing at about 20 percent year over year.

All of this happens while we undergo two major upgrades every year with no downtime. So you have to have continuous availability, and that doesn't include the day-to-day enhancements we make to the system with no impact to the system's availability, reliability or flexibility. It's a fairly fast, complex, interwoven relationship.

What would the consequences be if the network went down?
We don't talk about that. It's in our DNA that we're up and running. Reliability, that comes first with us. Then security.

What is your general security philosophy?
We're obviously committed to being the safest, most reliable way to pay. We start with that as our basic tenet. And then we continually invest in technology.

We have an integrated, multilayered approach to security. What I mean by that is we look at it as layers: data, applications, platform and network. And then we employ a suite of fraud prevention and remediation tools.

Within data, you have two categories: data in flight and data at rest. Data is either going through a transaction right now, meaning "in-flight," or it is at rest, meaning it's in one of our systems.

How do you treat each differently from a security standpoint?
When data's in-flight, there's shared responsibility throughout the entire payment chain. But when the data comes into Visa, we screen it with our security tools, one of those being Advanced Authorization, where we look at a number of risk factors and help the industry in making better decisions about that transaction. So there are a number of things that happen there.

When data's at rest, it's really stored within our environment, and it's our internal security that keeps it safe here.

Next page: Securing the Network without Slowing it Down