Brighterion and Elavon to Fight Fraud with Artificial Intelligence

Leading AI capabilities deliver more sophisticated and efficient fraud protection

SAN FRANCISCO and ATLANTA, July 09, 2019 – While the global implementation of EMV chip technology has reduced fraud activity for card payments, the payment’s ecosystem is still battling the threat of new and emerging fraud payment schemes online. Brighterion, a Mastercard company, and Elavon, a global payments provider and subsidiary of U.S. Bank, have announced they will work together to integrate Brighterion’s advanced artificial intelligence (AI) platform into Elavon’s network to minimize fraud and manage risk.

“The explosion of ecommerce has been matched with a rise in digital fraud,” said Ajay Bhalla, president, cyber & intelligence at Mastercard. “AI has proven itself critical in managing the complexities of today’s evolving world. We’re pleased to collaborate with Elavon as they take a leadership role in fighting fraud in the industry.”

With the ability to analyze nearly 100 billion transactions annually, Brighterion will enable Elavon to better discover and identify transaction anomalies, which helps mitigate risk and maintain the integrity of Elavon’s global systems.

“The increasing sophistication of fraudsters demands smarter, more nimble and innovative fraud tools that allow us to stay one step ahead,” said Tim Miller, senior vice president, global credit and risk, Elavon. “We look forward to bringing the strength and flexibility of Brighterion’s AI platform to our fight against fraud.”

In addition to Brighterion’s AI capabilities, Mastercard’s AI and machine learning technologies, such as AI Express, provide real-time intelligence across data sources regardless of type, complexity or volume. AI Express helps companies develop a tailored AI model and was designed to help address key business priorities, including anti-money laundering, fraud risk management, cyber security, credit risk prediction and operational efficiencies.

“Banks, processors and large merchants are rapidly adopting advanced machine learning technologies to combat fraud,” said Julie Conroy, research director for Aite Group’s Fraud and AML practice. “Our research shows that these technologies provide substantial lift in fraud detection compared to legacy rules-based systems, while at the same time reducing the false positives that can be so detrimental to the customer experience.”

The companies will work with merchants in the United States, Europe and Latin America to incorporate fraud monitoring into their systems.

About Brighterion, Inc.

Brighterion, a Mastercard company, was founded in 2000 and acquired by Mastercard in 2017. We deliver a leading artificial intelligence and machine learning platform that provides real-time mission critical intelligence from any data source, regardless of type, complexity or volume. Our AI solution secures billions of transactions monthly and is used and trusted by many of the world’s leading organizations and governments in payments, compliance, financial markets, security and defense, healthcare, Internet of Things, marketing and more. Currently we serve 74 out of 100 of the largest U.S. banks and more than 2,000 customers worldwide, analyzing nearly 100 billion transactions annually.

About Elavon

Elavon provides end-to-end payment processing solutions and services to more than 1.3 million customers in the United States, Europe, Canada, Mexico, and Puerto Rico. As the leading provider for airlines and a top five provider in hospitality, healthcare, retail, and public sector/education, Elavon’s innovative payment solutions are designed to solve pain points for businesses from small to enterprise-sized.

Magento mandatory upgrade for PCI Compliance

Merchants must replace Magento version 2.1.x summer 2019. The Magento 2.1.18 software release marks the final supported software release for Magento version 2.1.x. As of June 30 2019, Magento 2.1.x will no longer receive security updates or product quality fixes now that its support window has expired.

PCI compliance requires the installation of critical software security patches within 30 days. When a software or related service provider no longer offers security patches, then merchants must replace or upgrade within 30 days. This is the same reason merchants using Microsoft Windows XP would not be PCI compliant.

I previously reported the Magento vulnerabilities and patch requirements in April 2019. Merchants should not rely on their business partners to automatically perform updates. Here’s a handy web site to check your Magento version now.

Now is a great time to also do a payment gateway checkup.

Call Christine Speedy, PCI Council QIR certified, to reduce merchant fees with new or existing merchant account at 954-942-0483, 9-5 ET.

EMVCo Launches EMV 3-D Secure 2.2.0 Testing Programme

Confirms that EMV 3-D Secure products support merchant whitelisting functionality and authentication of additional e-commerce payment scenarios.

25 June 2019 – EMVCo has updated the EMV® 3-D Secure (EMV 3DS) Testing Programme which includes test platform and process updates to support the EMV 3DS 2.2.0 Core Specification and EMV 3DS 2.2.0 SDK Specification released in December 2018.
Using the EMV 3DS Test Platform, EMV 3DS product providers can validate that their products support all the enhancements introduced in EMV 3DS 2.2.0, such as the exemptions to Strong Consumer Authentication (SCA) for the European Second Payment Services Directive (PSD2). Additionally, the test platform will also validate support for FIDO enhancements, and authentication for new payment scenarios, such as mail order and telephone purchase transactions.

“Testing and approving 3DS products using the EMV 3DS Test Platform provides the industry with confidence that 3DS products are aligned with the EMV 3DS specifications to ensure delivery of effective and convenient e-commerce authentication,” comments Karteek Patel, EMVCo Executive Committee Chair. “Our specifications and testing frameworks can’t be static. EMVCo works with industry experts to ensure the 3DS infrastructure supports the latest requirements of e-commerce stakeholders.”


EMVCo’s EMV 3DS Testing Programme, launched in August 2018, has approved more than 100 3DS products to date. This update to the Test Platform references additional features for merchants and issuers to maximise the benefit of the available SCA exemptions, including the ability of a consumer to whitelist a merchant.
EMV 3DS is a messaging protocol that promotes secure, frictionless consumer authentication for card-not-present, e-commerce purchases across channels and connected devices. To learn more about EMV 3DS, please read the FAQ that is available for download from the EMVCo website.

EBA publishes an Opinion on the elements of strong customer authentication under PSD2

The European Banking Authority (EBA) published today an Opinion on the elements of strong customer authentication (SCA) under the revised Payment Services Directive (PSD2). The Opinion is a response to continued queries from market actors as to which authentication approaches the EBA considers to be compliant with SCA. The Opinion also addresses concerns about the preparedness and compliance of some actors in the payments chain with the SCA requirements that apply as of 14 September 2019.

Today’s Opinion provides a non-exhaustive list of the authentication approaches currently observed in the market and states whether or not they are considered to be SCA compliant. The Opinion does so separately for each of the three SCA elements of knowledge, possession and inherence, and also provides clarifications regarding combinations of these elements.

The Opinion also responds to the concerns about market preparedness, by clarifying that the EBA is legally not able to postpone an application date that is set out in EU law. The Opinion also explains that sufficient time has been available for the industry to prepare for the application date of SCA, given that the definition of SCA had been set out in PSD2 when it was published in 2015, which gave clear indications that existing authentication approaches would need to be phased out, and because PSD2 already granted an additional 18-month period for the industry to implement SCA.

However, the Opinion acknowledges the complexity of the payments markets across the EU and the challenges arising from the changes that are required, in particular by actors that are not payment service providers (PSPs) and, therefore, not directly subject to PSD2 and the EBA’s technical standards, such as e-merchants, which may lead to some actors in the payments chain not being ready by 14 September 2019.  

The EBA, therefore, accepts that, on an exceptional basis and in order to avoid unintended negative consequences for some payment service users after 14 September 2019, NCAs may decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide limited additional time. This is to allow issuers to migrate to authentication approaches that are compliant with SCA, such as those described in this Opinion, and acquirers to migrate their merchants to solutions that support SCA.

This supervisory flexibility is available under the condition that PSPs have set up a migration plan, have agreed the plan with their NCA, and will execute the plan in an expedited manner.

In order to fulfil the objectives of PSD2 and the EBA of achieving consistency across the EU, the EBA will later this year communicate deadlines by which the aforementioned actors will have to have completed their migration plans.

Background

The revised Payment Services Directive was published in November 2015, entered into force on 13 January 2016 and applies since 13 January 2018. The Directive brings fundamental changes to the payments market in the EU, in particular by requiring SCA to be applied by payment services providers (PSPs) when carrying out remote electronic transactions.

SCA is defined in the Directive as an “authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.” The Directive also provides that SCA is to be applied to all electronic payments, unless one of the exemptions applies.

The EBA had been mandated to support the Directive by developing regulatory technical standards (RTS) setting out the details on strong customer authentication and common and secure communication (RTS on SCA and CSC), including its exemptions, and to regulate the access to customer payment account data held in account servicing payment service providers.

The RTS were developed in 2015/16, consulted on during 2016/17, adopted as Commission Delegated Regulation (EU) 2018/389 on 27 November 2017, published in the Official Journal on 13 March 2018, and will legally apply from 14 September 2019. The RTS deliberately refrains from referring to any particular authentication approaches in the industry, in order to ensure that the RTS remains technology neutral and future-proof.

Legal basis

The EBA issued the Opinion in accordance with Article 29(1)(a) of its Founding Regulation, which mandates the Authority to play an active role in building a common Union supervisory culture and consistent supervisory practices, as well as in ensuring uniform procedures and consistent approaches throughout the Union.

Visa Prevents Approximately $25 Billion in Fraud Using Artificial Intelligence

Since pioneering AI in payments, continuous evolution of the technology in Visa Advanced Authorization helps drive commerce and consumer confidence

SAN FRANCISCO–(BUSINESS WIRE)–Visa Inc. (NYSE: V) today announced new analysis showing Visa Advanced Authorization (VAA) using artificial intelligence (AI) helped financial institutions prevent an estimated $25 billion in annual fraud—making the global payment ecosystem safer for retailers and consumers.i VAA is a comprehensive risk management tool that monitors and evaluates transaction authorizations on the Visa global payment network, VisaNet, in real time to help financial institutions promptly identify and respond to emerging fraud patterns and trends. Visa processed more than 127 billion transactions between merchants and financial institutions on VisaNet last year, and employed AI to analyze 100 percent of the transactions—each in about one millisecond—so financial institutions can approve legitimate purchases while quickly identifying and preventing fraudulent transactions.

“One of the toughest challenges in payments is separating good transactions made by account holders from bad ones attempted by fraudsters without adding friction to the process,” said Melissa McSherry, senior vice president and global head of Data, Risk and Identity Products and Solutions, Visa. “Visa was the first payment network to apply neural network-based AI in 1993 to analyze the riskiness of transactions in real time, and the impact on fraud was immediate. By striking the right balance between human expertise and technology innovation, we continue to evolve our capabilities as new AI breakthroughs expand the realm of what’s possible.”

For financial institutions, friction in the payment process can lead to the abandonment of a payment card. A study by Javelin Strategy & Research revealed more than half of cardholders affected by false declines (51 percent) used a secondary payment card to complete the purchase at the same merchant, which can push a competitor’s card to the top of wallet.ii However, removing friction cannot come at the expense of identifying and preventing fraud. As a survey by the National Retail Federation and Forrester discovered, the top payment-related challenge faced by retailers is fraud, cited by 55 percent of those surveyed.

Visa Advanced Authorization is a layer of fraud prevention that can help drive down risk and fraud for financial institutions and retailers, and help reduce friction due to false declines for payment account holders. More than 8,000 financial institutions in 129 countries use Visa Advanced Authorization.

Preventing fraud near the speed of light

Visa pioneered using neural networks modeled after the human brain to power its AI platform to identify possible fraud. This delivers faster and deeper insights through previously unknown correlations. Delivered through Visa Advanced Authorization, retailers and financial institutions benefit from:
• Machine Learning models used for real-time examination of each transaction for indicators of fraud—looking at activities, patterns and more than 500 risk attributes—all in about one millisecond.
• Risk scoring, which Visa shares with the account holder’s financial institution, where the decision is made to either approve or decline the transaction, or flag the transactions for follow up with the account holder.
• The ability to identify good transactions even when made by new or infrequent shoppers, reducing the likelihood of false declines.
• Real-time authorization using integrated, global predictive analytics to identify and prevent fraud.
Visa has kept global fraud rates at historic lows—less than 0.1 percent—through a multi-layered approach of investing in human intelligence and technology like A.I.; empowering consumers and clients with tools, resources and control to manage risk; and setting governance processes to help businesses and regulators stay nimble.iv
“Consumers identified Visa as the most trusted company to provide financial services or payments among all payment networks and we believe it is due to Visa’s unrelenting focus on eliminating fraud and protecting the payment ecosystem,” said McSherry.v

Additional Risk Solutions Using AI
Visa champions security every day to protect the payment ecosystem and offers a portfolio of risk products and services that can help consumers, merchants and financial institutions prevent fraud. This includes Visa Risk Manager (VRM), Visa Consumer Authentication Services (VCAS) and CyberSource Decision Manager (DM), among others. For more information about Visa’s Risk solution portfolio, visit Visa Security.

Additional Resources

About Visa Inc.

Visa Inc. (NYSE: V) is the world’s leader in digital payments. Our mission is to connect the world through the most innovative, reliable and secure payment network – enabling individuals, businesses and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s relentless focus on innovation is a catalyst for the rapid growth of digital commerce on any device for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce. For more information, visit About Visa,visa.com/blog and @VisaNews.

i For the 12 months ended April 30, 2019.

ii “Addressing the Threat of False Positive Declines” by Kyle Marchini and Al Pascual, Javelin Strategy & Research, October 17, 2018.

iii “The State of Retail Payments Report – Outlook for 2019” by Brendan Miller, principal analyst, Forrester, November 2018.

iv Visa Global Fraud Data, Visa Inc., April 2019.

v “Omnichannel and Branch: The Current U.S. Consumer Banking Environment,” by Peter Reville, Director of Primary Data, Mercator Advisory Group, March 2019.

Source: Visa Inc.