Security powers the great commerce reset
A great leap towards digital commerce has rewritten the payments world – including the threats it faces. Hector Rodriguez, Regional Risk Officer for Central and Eastern Europe, Middle East and Africa (CEMEA) at Visa, shares what Visa is doing to keep the payment ecosystem resilient, and how security is key to thriving in the future
The COVID-19 pandemic has undoubtedly caused undue disruption over the last two years. It has also ushered in a range of new behaviours and resulted in significant changes in the use of digital technology in the CEMEA region, as around the world. Marked strides have been made, which have broadened our relationship with digital technologies and integrated them further into our lives. However, this significant transformation also has profound implications for risk and security. “As we all were grappling with the rapid pace of digital transformation, the threat landscape was adapting accordingly,” says Hector Rodriguez, who as Regional Risk Officer for the CEMEA region has seen first-hand how it is manifesting in terms of security. This includes the emergence of new fraud threats that could impact the global payments ecosystem. Cybercriminals, for example, have responded to the shift with ever more sophisticated tactics. So too has Visa evolved its approach to combat them – from embracing new technology solutions, to deploying chatbots and partnering with ecosystem to help consumers recognise fraud.
Emerging Threats
So, why exactly has the threat profile changed? As a result of the disruption, digital payments, already booming in CEMEA, saw an extra uptick: in UAE, 97% of merchants tried new payment methods, while globally 68% of consumers say COVID-19 changed the way they pay permanently1. While this shift continues to present opportunity for banks and merchants, it does not come without risk. “The frequency and severity of cybercrime attacks across the globe rose steeply,” says Hector. “What we must remember is that cybercrime is an industry – a sophisticated one – with syndicates that operate worldwide.”
In fact, businesses globally were experiencing an average of 4,000 cyberattacks per day, a 400 percent increase on what was reported pre-pandemic2. In the CEMEA region, there has been an increase in social engineering attacks – where fraudsters trick people into disclosing sensitive information – which have grown more complex to include spear phishing (targeting a specific victim with personalised messages) and vishing (voice phishing scams). Here, criminals were taking advantage of consumer vulnerabilities as many people moved to eCommerce for the first time: 97% of whom were unable to recognize a sophisticated phishing email. 3
The Evolving Response
And yet, Visa’s payment ecosystem has remained resilient. “There has been an unexpected development, as the ambition and rush to digitize consumer interactions and experiences, along with volatile patterns of spending and emerging fraud rings, initially created the expectation that there would be a significant rise in fraud,” says Hector. “But Visa data shows that the CEMEA fraud rate actually decreased by 8 percent while payment volume decreased by 1 percent year-over-year (March 2020 to March 2021)”4.
Helping to drive that in terms of face-to-face transactions, was high chip and contactless adoption, reaching close to 100% in many places across the region. In ecommerce, EMV 3-D Secure (3DS) protocol – an additional security layer – has supported secure purchases. The latest EMV 3DS specification is behind Visa Secure, which prompts banks to ask for more information if in doubt of the customer identity. As Hector explains: “We’ve greatly enhanced the data exchange capabilities enabling risk-based authentication to create frictionless payments. This means that banks can be more confident in approving the transaction.”
Tokens – estimated to decrease fraud rates by 20% – also have a growing role. Here, customers load their card details to their mobile or a merchant app, and their card number is replaced with a 16-digit equivalent or token, meaning that their sensitive payment details aren’t stored. In CEMEA, around 20% of Visa payment transactions are already happening with the support of tokens5. “It enables us to envisage a world in which any item with a digital heartbeat could be used to securely initiate or accept payments across any channel,” says Hector.
Harnessing New Technologies
These recent developments build on Visa’s continuing mission to combat fraud: over the past five years, investing $9bn in tackling the cyber threat, and employing 800 cybersecurity specialists globally. In the process, Visa’s system has offered near 100% uninterrupted service, saving clients $3.3bn across 5.1 million fraudulent transactions since the beginning of 2021 alone6. All of this positions Visa to keep CEMEA among the regions with the lowest fraud rates globally. “We are enabling innovative, new technologies and moving from static, knowledge-based security instruments that could be stolen or forged to stronger, more dynamic technologies that better prevent fraud,” says Hector.
Specifically, Visa sees fraud-fighting technologies such as biometrics replacing the customer signature in the payment process; EMV chip and contactless methods taking the place of PIN and magnetic stripe; and tokenization increasingly making sensitive customer data less key to the payment process. All this must be delivered seamlessly: one in three consumers are only willing to wait 30 seconds or less before abandoning an online transaction.7 “Heightened security must not impact the consumer experience,” stresses Hector.
Education to Empower
There is an important human element to protecting payments and building trust in the system. “Cybercriminals are getting more advanced in their approach,” explains Hector. “They are building up a wealth of personal information on people’s day-to-day lifestyle, such as the stores they frequent, the bank they belong to, and the subscription services they have signed up for. As consumers remain the most vulnerable link in ecosystem security, we are putting a special focus on their continuous education.”
Therefore, Visa’s Stay Secure campaign promoting safe digital payment habits has been rolled out across UAE, KSA, Kuwait, Egypt, Morocco and Pakistan. In Russia, Visa has launched stop-fraud.ru to explain fraud schemes and even give advice from a psychologist on how to identify manipulation. And in Ukraine, Kazakhstan, Azerbaijan, Moldova, Belarus and Russia, Visa has used a gamified learning strategy, introducing chatbots which interact with consumers to help them Spot a Scam; while across Africa Visa runs digital and social media activations in this area.
Supporting Businesses
Visa continues to support businesses in staying resilient. As Hector warns: “As the world recovers from the pandemic and government stimulus funds are decreasing, the industry can expect fraudsters to return the focus to financial institutions and merchants with cybersecurity attacks in the new digital age. This will be especially painful for SMBs that are just now going online.” Visa will also enable new payment flows – such as cryptocurrency – responsibly, viewing it as important to keep crypto monitored from a fraud risk perspective.
In tandem, Visa will protect itself with continued investment in its network capabilities, and will keep partnering with industry and regulators to fight fraud collectively to build a foundation for long-term growth. “Fighting fraud won’t be an easy job,” adds Hector, “but with the right approach and the right technologies, payment players can stop threat actors from damaging the ecosystem, maintain trust in digital payments, and provide a great payment experience for customers. And Visa has a big role to play here.”
Stay current with the latest payments insights from Visa Navigate CEMEA – subscribe today.
All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.
1 Visa Back to Business Study, Jan 2021, UAE
2 Arabian Business. ‘Understanding fraud trends during the coronavirus pandemic.’ (Op-ed by Hector Rodriguez). December 22nd, 2020.
3 Visa Back to Business Study, Jan 2021, UAE
4 Visa Back to Business Study, Jan 2021, UAE
5 Driving Towards Frictionless Payments, Visa (visamiddleeast.com)
6 Visa Back to Business Study, Jan 2021, UAE
7 Driving Towards Frictionless Payments, Visa (visamiddleeast.com)
Share Feedback