Enumeration fraud is like thieves attempting random keys until finding one that opens a door, except that these thieves are trying credit cards numbers randomly. Criminals use software to generate credit card numbers until, through trial and error, they find one that is a valid number. Naturally, once they discover a working number, they exploit it to conduct fraudulent transactions.
“Enumeration generates about 6-10% of total fraud, which is about the third largest fraud vector in the Central and Eastern Europe, the Middle East, and Africa (CEMEA) region,” said Michael Jabbara, Visa global head of fraud protection, during a keynote address at the Visa CEMEA Security Summit 2024 in Dubai last week.
Visa uses a product called the Visa Account Attack Intelligence (VAAI), a predictive model that leverages generative artificial intelligence (GenAI), and network data to identify enumeration activity before it results in fraud.
“My hypothesis is that, when we roll VAAI out, it will do to enumeration fraud what the chip did to counterfeit fraud,” said Jabbara. “Essentially. it will eliminate it.”
The summit brought together more than 350 participants, including top Visa executives, industry experts, and thought leaders from around the world, to discuss the latest trends and technologies in payment security. This summit’s theme, “Steering the new security paradigm”, explored innovative solutions and new partnerships to accelerate digitisation and safeguard the ecosystem’s integrity.
“This predictive model, built on generative principles, has allowed us to achieve results that I have not seen in my career in this space before,” said Jabbara.
VAAI is coming to the United States in a couple of months, and to the CEMEA region next year. However, this is not the only tool with which Visa works. The company has invested $10-million into cybersecurity and AI technology over the last 5 years.
Jabbara showcased Visa’s Incident Insights, an internal operations tool that uses GenAI. “Now, we are integrating GenAI enabled assets into the flow so that we can start to streamline and make the time to respond that much smaller by creating some of these enhancements in how we pull up our data.”
He showed how an AI assistant called HawkAI can investigate a suspicious incident after receiving an alert. The assistant identifies from where the data comes, and recognises an anomaly in the data.
“Normally, it would be necessary to look across different dashboards for this process, but Visa Incident Insights unifies all the assets,” said Jabbara.
Over the past year, GenAI has undergone significant advancements in both content and video creation. Interest in the latter stemmed from the superficiality of absurd generated videos, like Will Smith eating spaghetti. However, recent developments exemplified by applications like OpenAI’s Sora, which can produce videos that can initially appear indistinguishable from non-AI content, are indicative of major improvements.
In the same vein, Jabbara identified two categories of GenAI applications — those generating content and those creating code — that provide cybercriminals with enhanced tools for more effective execution of fraud. Phishing schemes, malware creation, biometric bypass, and voice cloning are some of the evolving methods in which fraudsters can access one’s information.
“There are nefarious new applications that are exploiting GenAI, such as FraudGPT. Open-source GenAI capabilities enable the connection of dots so that dark web marketplaces can create a holistic data profile. It’s more difficult to detect fraud when you have a fully fleshed out, validated account. However, Visa’s global network, on top of petabytes of data, provide the company with a greener view of possible fraud attempts, and how best to combat them.”
During Visa’s last fiscal year (October 2022 to September 2023), said the company, it blocked over $40-billion in global fraud.
