The Gatekeeper: Talking Data Security with Visa CIO Mike Dreyer - ' Securing the Network ' (
Page 3 of 4 )
without Slowing it Down ">
What is Advanced Authorization?
As long as there's been money, there have been incidents of fraud. So you have to get very good at being able to combat that, and that requires working together.
We invest hundreds of millions of dollars each year to either upgrade or add new capabilities, and Advanced Authorization, which is what we launched last year, is a real-time risk-scoring system. It allows us to identify fraudulent transactions while the data is still in-flight, before being authorized. So we actually hit it at the start of the chain, if you will. And what Advanced Authorization does is it really supports highly informed decision-making. We look for vertical fraud, like anomalous activity occurring in a single account, and horizontal fraud, irregularities across either a number of cards or merchants.
That's got to slow down the transaction times.
Time is paramount in this industry. We knew we had to be able to add security into the payment chain and not have any degradation or latency of the time it takes to bring that information back. Our round-trip transaction time is 1.4 seconds, the same as it was before Advanced Authorization.
So how often do bad guys slip between the cracks?
Fraud is about 7 cents per $100, or as we refer to it, 7 basis points. That's the industry average, and it's been fairly stable for any number of years.
Many companies struggle to measure the value of security initiatives. How do you measure the ROI on something like Advanced Authorization?
That's a fair question, and we look at it not only from a Visa standpoint but across the payment chain as well. Even when you're investing the amount of money we invest, it's a finite universe of money. So we do rank the projects and understand their impact.
As with any organization, there have to be business cases that are justified and looked at and so forth. But there are some cases in which the importance of maintaining that trust and safety within the payment industry is such that you have to harden your systems, no matter the cost.
Over the last year, Advanced Authorization has identified about $350 million of fraud across all products for our members, creating the potential—and I do mean potential, because it depends on how you apply the information, since everyone looks at fraud in different ways and has different tolerances—to reduce fraud by 30 percent.
So Advanced Authorization is really a service that IT created for the business side to roll out, right?
All our efforts are collaborative, without a doubt, but it starts with the product side saying, "we have a challenge here, and how do we go about solving it for the industry?" Then they work with us to learn how we can use the systems or add incremental information to an authorization message stream, or whatever, in order to take advantage of these new risk-scoring tools or other things, without increasing the transaction time.
We work with our product partners because they're the ones that are coming up with the new products and applications. The product group provides the thought leadership in the market. Our job is to understand what the product group is trying to accomplish and help them make more informed decisions and help them to execute cleanly. Because they're driving the business.
Next page: Bringing Business to IT
Expert Voices 
