How Visa is fighting fraud in an era of deep fakes
- Mike Lemberger, Regional Risk Officer, North America, of Visa, discusses how the anti-fraud landscape is changing due to deep fakes.
- To counteract this novel form of fraud Visa has undertaken a three-pronged strategy based on customers, transactions and the payments network.
Fraud is an ever-present problem for financial services. But recent innovations in the sector of deep fakes are making things harder for risk and security operations in the industry, according to Mike Lemberger, Regional Risk Officer, North America, of Visa who spoke at Tearsheet’s recent The Power of Payments conference.
While payment networks like Visa have established strong guardrails against traditional types of fraud, the use of deep fakes by fraudsters is complicating the equation. Believable human likenesses, whether on video or audio, make it hard for companies to ascertain who is making a transaction.
Moreover, fraudsters are focusing on newer types of payments like real-time payments and P2P transactions, where security protocols are less mature and still developing. “
We are all leaning into the web3 revolution. And it's interesting, because none of us really know exactly what to make of it. Except the fraudsters,” Lemberger added.
To counter this emergent form of fraud, Visa has taken a three-pronged approach.
Customers are the weakest link when it comes to fraud prevention, according to Lemberger. Although historically, older generations have been more vulnerable to frauds and scams, the next largest group that is susceptible to these tactics are consumers between the ages of 18-28, primarily because of their trust in emergent technologies. This is why educating customers about scams and alerting them to suspicious activity is a key part of the puzzle. Moreover, fraudsters have begun to shift away from simply stealing money and instead target personal information and data. This broadens the scope of things that they can steal from a consumer and allows them to utilize deep fakes to create fraudulent but believable customer profiles.
Another piece in Visa’s strategy against fraud is securing the transaction itself. This is where tokenization comes in. This process allows credit card numbers involved in a transaction to be replaced with sequences of randomly generated numbers, so that no original information is transmitted during a transaction.
Other mechanisms such as behavioral analytics or biometrics, used by some banks and fintechs like Plaid, work in tandem with these technologies to ensure that the transaction is actually generated by the consumer and not a bad actor who may have taken over their account.
As use of deep fakes grows, it is likely that behavioral analysis of how a user interacts with their device will become a key part of identifying fraud. This is because while likenesses may be easy to fake now, replicating the minutiae of human behavior is a lot harder. Callsign, an anti-fraud and authentication provider, has partnered with Visa Fintech Partner Connect program, to bring the technology to FIs that want to partner with Visa.
To observe how fraud operates on a network level, Visa is “trying to find the people that are attempting to infiltrate not just Visa’s network, but all the networks we're actually connected to,” said Lemberger. He also added that this expanded approach means that Visa is observing the deep web as well as the larger payment ecosystem, which is different from their previous approach where the focus was observing their own network and getting a god’s eye-view of the attacks within their ecosystem.
The “network” part of Visa’s three-pronged strategy may allude to a change of approach on the horizon. Over the past few decades, the industry has made a concerted effort to move towards more secure methods of transactions and verification such as digital wallets, biometrics, and contactless mechanisms. Countering use of deep fakes may require a similar industry-wide collaboration. While lawmakers play catch up, network providers as well as fintech and technology companies will have to fill in the gap. This may mean sharing high level information, like channels and frequencies, as well as granular information like the specific deep fakes used in a reported case of fraud.