March 15, 2019
There are more than 2.4 billion Visa cards worldwide. With the growth of digital commerce, Visa is delivering innovative solutions to its issuers that replicate the ease and convenience of face-to-face transactions without increasing fraud. A global digital business of Visa’s size and scale needs global digital intelligence that is effective across dispersed regions, cross-border transactions and is updated in real time.
Visa Consumer Authentication Service (VCAS) is a risk-based authentication solution that is used to verify e-commerce transactions without adding friction. The solution adds an extra layer of fraud protection prior to the authorization process, seamlessly supporting an issuer’s 3D Secure program such as Verified by Visa. VCAS is a risk-scoring model that analyzes enhanced inputs, including critical information about the device, transaction information and spending profiles. ThreatMetrix enables Visa to:
- Incorporate real-time shared intelligence from billions of global transactions, across tens of thousands of websites.
- Use device analytics to enhance issuers’ decision-making ability to identify potential fraud. Additional verification is then used only when necessary.
- Deliver holistic fraud and security protection while reducing friction at checkout.
“Our partnership with ThreatMetrix has allowed us to augment our network-level data with device analytics to make better fraud decisions.”
– Mark Nelsen, SVP, Risk Products, Visa Inc
The core aim of VCAS was to negate the need for a user to input a Verified by Visa password, which is associated with increased friction and higher transaction abandonment rates. Verified by Visa could then be used more strategically for the highest-risk transactions, streamlining the online experience and reducing overall friction.
As digital businesses continue to grow exponentially, shared intelligence is one of the key business imperatives for authenticating global online transactions. Online, users can be whoever they claim to be. It is up to businesses to ensure that the identities they see online correlate to the physical identity of the card user. Fraudsters are becoming more adept than ever at duping online companies into believing they are a legitimate user, leveraging a full arsenal of stolen identities, spoofed devices, cloaked locations and remote access Trojans (RATs), to name but a few. The challenge Visa faced was integrating the most effective available data sources to make more accurate risk decisions.
For many regions, static identity assessment data either does not exist, or has very poor coverage, meaning many users would be subject to step-up authentication measures that weren’t really necessary. What’s more, static identity assessments alone are near useless when pitted against a fraudster using a stolen identity. In some cases, this even means fraudsters are better at answering step-up authentication questions than legitimate users. In addition, as people became more mobile, and cross-border transactions grew, Visa needed a way to incorporate dynamic shared intelligence to verify users even if they were logging on from different devices or locations.
“The objective of VCAS was to eliminate friction and improve user experience. By using Digital Identities we can provide a more streamlined authorization process, improving overall card usage while reducing fraud.”
– Mark Nelsen, SVP, Risk Products, Visa Inc
Leveraging ThreatMetrix Digital Intelligence to Enhance Fraud Detection
The ThreatMetrix solution is underpinned by the ThreatMetrix Digital Identity Network, which harnesses global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations and anonymized personal information. This helped Visa understand the complete context of every transaction so that suspicious behavior was detected in real time and the Verified by Visa solution was used only for specific transactions.
Digital Identities are created by combining the following key intelligence:
- Device profiling – Device identification, device health and application integrity, as well as detection of location cloaking or spoofing, (proxies, VPNs and the TOR browser).
- Threat intelligence – Harnessing point-in-time detection of malware, Remote Access Trojans (RATs), automated bot attacks, session hijacking and phished accounts, then combining with global threat information such as known fraudsters and botnet participation.
- Identity data – Incorporating anonymized, non-regulated personal information such as user name, email address and more.
- Behavior analytics – Defining a pattern of trusted user behavior by combining identity and transactional metadata with device identifiers, connection and location characteristics. Every event can be analyzed in the context of this behavior pattern and historic context globally.
VCAS has been supported by the following key ThreatMetrix capabilities:
- ThreatMetrix Smart ID helps recognize a returning device even when cookies are deleted or disabled. Derived from the analysis of many browser, plug-in, and TCP/IP connection attributes, Smart ID generates a confidence score that helps Visa identify when fraudsters are using the same device to set up a fraudulent merchant account and make fraudulent purchases.
- ThreatMetrix deep connection analysis technologies give Visa a clearer view of suspicious events. Fraudsters often attempt to hide behind location and identity cloaking services, such as hidden proxies, VPNs and the TOR browser. ThreatMetrix accurately detects the use of these technologies and, in the case of proxies and VPNs, allows Visa to see the true IP address, geolocation and other attributes of each event.