And with the great pivot to card-not-present and other types of online commerce, fraudsters have been fine-tuning their efforts to compromise credentials, hijack payments themselves and find new areas of vulnerability.
The threats “created a wave of new technologies that evolved quickly,” Fabara said, “and generative AI [artificial intelligence] may be among the technologies that are ‘the next frontier’ in terms of protection for transactions and the payments ecosystem.” AI has gotten good enough, by way of example, to find when a URL has been “contaminated” and may in fact pose a threat to legitimate consumers.
Of course, that same technology is available to the fraudsters themselves, he said.
“In many ways,” he added, “this is going to become a war of AI, as to who has the strongest data sets to be able to feed those models and ultimately be able to create better protection for consumers.”
None of this is to say that the battle against the fraudsters should be fought only with advanced technologies. There’s an added line of defense that boils down to the “consumer beware” approach.
“There’s traditional, old-fashioned hygiene,” Fabara said, that consumers should practice when it comes to protecting their data. That means pausing and checking to make sure that email addresses and websites look legitimate, and that “at the end of the day, you are transacting with someone you believe you are transacting [with].”
For the providers themselves, Visa included, there’s a philosophy of “zero trust” engineering as it relates to products and services to make sure that outside parties and bad actors cannot get into applications and various technologies to compromise them as data is transferred between various endpoints. The key is to follow the protocols of data management and data movement. A key example is 3DS in Europe, where stakeholders have striven to establish and create a balance between the user experience while at the same time providing an end-to-end protected transaction.
Cross-border transactions can illuminate the benefits of marrying data, advanced technologies and consumer awareness. ACH payments have been, traditionally, unprotected, but with protocols such as 3DS, consumers can work with their providers and their financial institutions in a dialogue that protects the payment from beginning to end.
“It’s a journey that might have a bit of friction — and since we’re trying to protect the transaction, that may not be a bad thing,” he said. “The only way that we are going to be able to prevent fraud in the near future will be a partnership between the folks that offer that service to the consumer and the consumer taking responsibility for some of the things that they need to do.”
Indeed, friction need not be punitive, Fabara said. Connecting devices (on the part of the consumer) and sellers can in fact have positive ripple effects as individuals realize that their chosen commerce partners are looking out for them, through stepped-up authentication and other ways of confirming.
“It’s a journey,” Fabara said, “that’s going to take a while, and which starts with small steps.”