Visa’s Blog – Visa Viewpoints


Oct 2, 2013


OMG, 2 much info!

Visa publishes consumer oversharing data in time for National Cyber Security Awareness Month

A new national survey published by Visa today found that American consumers are sharing some of their most sensitive personal information on social networks.

More than 58 percent of consumers surveyed admitted to sharing personal details over social media that could put them at risk for fraud and identity theft.

Here are some of the topline results of that survey:

  • 7 percent of consumers admitted to having shared their social security number over social media.
  • 20 percent of respondents provided their home address on social media.
  • 15 percent of overall respondents placed themselves at risk for burglary by providing their upcoming travel dates.
  • Consumers also posted additional pieces of information that, taken in conjunction, could be used to target an online account:
    • Close to half of respondents shared their birthdate.
    • 29 percent of respondents shared their phone number.
    • 14 percent shared their mother’s maiden name.

There are certain pieces of information, including you social security number, full birthdate, payment card information or banking information that should never be shared on social media. Other information, like your full name, mother’s maiden name, pet’s name, phone number, physical and email address may seem harmless, but can give criminals enough clues to answer security questions and break into your financial or online accounts.

Social media platforms are making it easier to share than ever before. It’s encouraged and even rewarded with more views, more clicks, and more followers. But with it also comes more risk.

New technologies can be built to the highest security standards, but consumers can also take steps to make sure they are not the weakest link:

  • Think twice before posting information publicly.
  • Monitor your financial accounts regularly, and report any suspicious activity immediately to your bank.
  • If you believe you have been the victim of identity theft, contact one of the three national credit reporting companies – Equifax, Experian or TransUnion – to place a fraud alert on your credit report. The FTC also has a toolkit with immediate steps to repair identity theft.

*The survey results are based on 1,000 telephone interviews conducted nationally from August 16 – 18, 2013 in cooperation with GfK Roper’s Omnibus Service OmniTel. The margin of error is +/-3 percentage points.



Posted by: Jennifer Fischer, Head of Americas Payment System Security on October 2, 2013 at 5:00 am

Sep 20, 2013

Visa Security Summit 2013: Mobile Payments Security Requires a Little More Effort

Guest blog by Brad Caldwell, CEO, SecurityMetrics

Mobile point-of-sale (mPOS) has the potential to forever change the interaction between business and consumer. Because of the low entry barrier to obtain a smartphone or tablet device, many companies now offer mobile as a way for consumers to process their card payment.

Mobile devices were initially developed for communication and convenience, not necessarily security. Now that devices organize the important details of business and private lives on wireless data networks, security is high on the consumer wish list and requires a bit of extra work to achieve.

Many businesses are enthusiastic and ready to implement mPOS. Although seemingly technologically advanced, smartphones and tablets aren’t created with the typical security features that have evolved in computers over decades of development.

As more and more merchants across the world use mobile devices to process customer payment transactions, hackers will continue to adapt their strategies to gain the most sensitive and profitable information from mobile devices.

Unless security precautions are taken, credit card numbers, personal information, and passwords entered, texted, or saved into personal and business mobile devices may be at risk.

Don’t despair. Though mobile security is in its infancy, there are proven methods to securely process via mobile devices. Here are five tips to help your mobile processing strategies stay one step ahead of hackers.

1. Use an encrypt-at-swipe piece of hardware that attaches to your smartphone or tablet to securely process payment cards. Perform due-diligence when selecting mobile POS hardware to ensure it supports encrypt-at-swipe.

2. Minimize manual key entry of customer’s credit card data, even if a card stubbornly refuses to be swiped! While your hardware card reader may encrypt sensitive information at-swipe, your phone does not have that secure capability. Manually-typed data is not encrypted, and a rogue app could be recording those card numbers.

3. Always update both OS and app software so any discovered security holes can quickly be patched.

4. Use discretion when downloading apps. Many pieces of malicious software infect mobile devices by acting as a Trojan horse inside an app. Even some apps that look legitimate may be infected.

5. Use a mobile vulnerability scanner. A mobile vulnerability scanner, such as SecurityMetrics MobileScan, can check a device for security holes that may grant access to hackers.

As an industry leader in securing payments, SecurityMetrics is on the security front lines providing the technology needed to protect mobile devices. Visit them at for more information.

SecurityMetrics is a sponsor of the 2013 Visa Global Security Summit.  Visit them at the SecurityMetrics booth during the event on October 2. For additional information on mPOS acceptance, Visa has published a list of mobile acceptance best practices, which can be accessed here or visit our website for additional information.


Posted by: Brad Caldwell, CEO, SecurityMetrics on September 20, 2013 at 11:14 am

Sep 17, 2013

Visa Security Summit 2013: Crowd-Sourcing a New Solution to Consumer Education

Did you know that consumers spend more than two hours a day in mobile apps? That’s nearly as much time as people spend watching television. Mobile devices are transforming how consumers learn and engage. When it comes to security, an engaged consumer is a more protected consumer. There are countless studies that have shown consumers who check their accounts online or take steps to monitor their credit report are less likely to be victimized by fraud and identity theft.

As consumer adoption of new technologies evolves, we are evolving our strategies and practices to ensure we’re reaching consumers in relevant ways. And that includes our efforts to educate consumers about payment security.

In April, Visa became a first-time sponsor of TechCrunch Disrupt NY, one of the nation’s top hackathon contests, which attracts more than 700 developers from around the world.  Developers were given 24 hours to create an app that would help consumers learn payment security basics. The event generated a number of creative ideas and lots of interest from developers.

Now Visa is showcasing this fresh thinking at our flagship security event, the Visa Global Security Summit. Two standout teams from Disrupt will showcase their ideas on stage at this year’s event. Attendees will then vote on which app will win the $5,000 Developers Challenge Award. You can preview information on both teams here.

With consumers being inundated with more information today than ever before, it is critical that we continue to find new and innovative ways to reach them with important security information. We’re excited to be tapping into the talent of the independent developer community to help expand our thinking on how to reach consumers via mobile.

We’re looking forward to seeing the demos showcased on October 2…and may the best team win!


Posted by: Jennifer Fischer, Head of Americas Payment System Security on September 17, 2013 at 11:16 am

Sep 9, 2013

Visa Security Summit 2013: Focus on Responsible Innovation

Connecting the world’s commerce would be daunting without technology. It’s what generates purchase authorizations in about the time it takes you to blink. It’s what identifies fraudulent transactions in that same blink of an eye. And now it’s changing the way commerce is conducted.

Mobile devices and social networks are creating an always-on society where people can connect with each other and do business anytime, anywhere. We call this the “new normal.”  Unfortunately, the solutions that make it easier for us to connect with each other also make it easier for criminals to connect with us.

Can we use the capabilities of the new technologies to deliver a payment system that is safer than ever before? Or will these technologies bring opportunities to criminals that will challenge our security teams as never before? This is the crossroads we stand at today.

At Visa, we call the road ahead “responsible innovation.” It’s a two-part idea.

First, we must stay true to the principles that have made us successful, ensuring that every innovation comes with the same level of security that our stakeholders have come to expect. Our imperative must be to build security into every solution from the ground up, not after the fact. Otherwise, we risk losing the trust on which our business depends – trust that’s been built over decades.

Second, we must consider how new technologies are changing consumer behavior. Consumers are using the mobile and social world to open their private lives to friends and family in new ways. In so doing, they are also opening their personal details to others with darker intentions. Clearly, our second imperative must be to adopt security approaches that work in a world where nothing is certain to be private.

At this year’s Visa Security Summit, to be held on October 2 in Washington, D.C., we will bring together a range of speakers – elected officials, entrepreneurs, technologists, journalists and global development experts – to talk about this unique intersection of technology and security.

Please join us for one of the most important conversations on payment security!  And thank you to our sponsors, including Trustwave, SecurityMetrics and Kaspersky Lab, for helping make this dialogue possible.


Posted by: Ellen Richey, Chief Enterprise Risk Officer on September 9, 2013 at 9:00 am

Aug 21, 2013

Visa Continues to Support Aspiring Cyber Pros

In an effort to help inspire and train future cybersecurity professionals, for the second straight year Visa partnered with San Jose State University and the Bay Area Council to host the 2013 U.S. Cyber Challenge Northern California Cybersecurity Summer Boot Camp.  Held August 4-9 at San Jose State University, the camp’s mission is to give aspiring cyber security professionals hands-on training with workshops and presentations focusing on intrusion, detection, penetration and forensics. Students also had the opportunity to attend a job fair as well as talk with representatives from major San Francisco Bay Area technology companies and the federal government about how to prepare for a career in the cyber field.

I was thrilled to be invited to share my experiences in the field, hear directly from students at the executive roundtable discussion, and also watch them put their skills in action during the camp’s capture-the-flag competition.

When it comes to protecting the payments system from cyber threats and attacks, it starts with hiring and training the most talented cyber security professionals. That’s why we need to ensure we have the brightest minds and most effective tools available to meet the nation’s growing needs in the ongoing battle against cybercrime.  As The Office of the Comptroller of the Currency warned in its spring 2013 Semiannual Risk Perspective report, “cyber-threats continue to increase in sophistication and require heightened awareness and appropriate resources to identify and mitigate the associated risks.”

Demonstrating our continued leadership and commitment to this issue, on October 2, 2013 in Washington, DC, Visa will be convening executives from business, government, academia and law enforcement at the Visa Global Security Summit.  This year’s theme will be “Responsible Innovation: Building Trust in a Connected World” and will feature keynotes by RSA Executive Chairman Arthur Coviello, who also joined on site at the San Jose State cyber camp, as well as Senator Kirsten Gillibrand (D-NY).

Space is limited so for more information and to register, visit:  Visa will also be sharing more details on its website as they become available as well as through @VisaSecurity, hashtag #PaymentSecurity and on LinkedIn.


Posted by: Gary Warzala, Head of Global Information Security on August 21, 2013 at 9:00 am

Jun 7, 2013

Visa payWave: Protecting Consumers While Making Transactions Easier

Contactless technology continues to expand globally, and the number of NFC-enabled devices in use is expected to top 500 million next year according to ABI Research. That’s exciting news, and we expect NFC and other chip-based technologies will help drive future payment innovations.

Visa payWave, our secure contactless payment technology, helps cardholders speed through checkout without having to make physical contact with a payment terminal through their NFC-enabled phones or their contactless cards. With Visa payWave, available globally on debit and credit cards and NFC-enabled mobile devices, a consumer simply holds his or her card or phone in front a contactless terminal in order to pay.

Visa payWave transactions are around three times faster than paying with cash, and they meet all the same security standards as traditional debit and credit cards. Every transaction is protected by multiple layers of security:

• First, Visa payWave-enabled cards and mobile devices must be in a specific position and within two inches of a merchant’s terminal in order for card information to be transmitted.

• Second, each contactless transaction includes a unique code that changes with each purchase – and it’s different from the one encoded on the magnetic stripe of a Visa card. So if a criminal attempted to use intercepted data to manufacture a counterfeit card, the bank that issued the card would be able to immediately identify the fraudulent transaction.

• Finally, because Visa payWave transactions are processed through VisaNet – the same reliable network as swipe transactions – we continuously monitor for suspicious activity, allowing us to help identify and prevent fraud.

As payment technology continues to evolve, so do our security measures, and NFC-enabled mobile payments are no exception. Several layers of security at the device, chip and the Visa network levels work in concert to help prevent unauthorized use of mobile-based Visa accounts. The technology that allows an NFC-enabled device to transmit transaction information wirelessly is only active during a transaction. Account data cannot be read wirelessly from the mobile device if the consumer has not activated the payment application and placed the device within inches of a reader.

Although Visa payWave has been used around the world since 2005, there have been no reports from law enforcement or financial institutions of fraudulent activity associated with contactless technology to date. Nevertheless, Visa remains vigilant in protecting cardholders.

As emerging forms of payment like Visa payWave continue to gain traction, Visa continues to invest in multiple layers of security to prevent, detect, and resolve unauthorized use of consumers’ information.


Posted by: Stephanie Ericksen, Head of Authentication Product Integration, Visa Inc. on June 7, 2013 at 11:09 am

May 28, 2013

With 3.5 Million Visa Chip Cards Issued Since 2011, EMV Continues to Gain Momentum










Since announcing our EMV migration roadmap in August 2011, Visa issuers have put what averages out to over 5,000 new chip-enabled cards in the hands of U.S. cardholders every day. As of March 31, the total number of Visa chip cards in market was at 3.5 million and growing.

We’re very pleased with the progress the U.S. has made over the past two years. With each new card, the U.S. payments ecosystem gets one step closer to achieving the improved security that EMV technology affords to consumers, merchants and issuers. That’s because when a chip is inserted into the payment terminal, the chip generates a code that is unique to that transaction. This code renders stolen payment information useless at the point of sale, reducing its value to criminals and shrinking counterfeit fraud. The opportunity that chip presents goes beyond security, and will enable new and emerging forms of electronic payment, such as NFC-based mobile payments.

“We are always looking for new ways to provide our customers with better ways to pay,” said Clifford Cook, chief marketing officer for U.S. Bank Retail Payment Solutions. “EMV is a secure and trusted technology that is in use globally. We’re excited to offer chip technology to our cardholders, adding not only an additional layer of protection to transactions, but extra convenience when traveling abroad.”

We have heard similarly positive feedback across the industry. And while 3.5 million cards represent a strong start, we know that there is still work to do before the U.S. is fully migrated to EMV. That’s why we’re working with financial institutions and merchants of all sizes to provide them with the guidance, tools and resources they need to help support their migration plans. We’re also actively participating in discussions with the various EMV industry groups to provide our input and expertise.

I frequently hear the question, “How long will it be until everyone in the U.S. has a chip card?” The ubiquity of chip cards is still a few years out, but we’re proud to be at the forefront of this evolution, working alongside other stakeholders in the payments ecosystem.


Posted by: Stephanie Ericksen, Head of Authentication Product Integration, Visa Inc. on May 28, 2013 at 4:48 pm

May 15, 2013

Growing Phishing Industry Underscores Need for Consumer Education


Phishing scams have plagued consumers for a number of years, morphing to adapt to changing trends and technologies.

Once perpetrated by mail and phone, this tactic is now also common by email and text message.

Phishing is when fraudsters pretending to be from well-known companies, organizations, or government agencies contact consumers and try to trick them into revealing their Social Security numbers, financial account information, passwords, or other personal information. That information is then used to make unauthorized purchases, take over victims’ accounts, open new accounts, or even to apply for jobs or get tax refunds and other government benefits.

Even though phishing scams are not new, they continue to pose a serious problem. According to RSA’s recent Fraud Report, the total number of phishing attacks launched in 2012 was 59% higher than in 2011. Further, the report estimates that global losses from phishing last year were around $1.5 billion.

With fraudsters becoming ever more sophisticated at impersonating trusted organizations, it’s important for consumers to stay a step ahead and recognize these scams and better protect their personal information. That is why we are working together with the Consumer Federation of America to develop consumer education materials to help address this trend.

Watch the new video or access the tip sheet to get more information on how to avoid this type of scam.


Posted by: Jennifer Fischer, Head of Americas Payment System Security on May 15, 2013 at 9:58 am

May 3, 2013

The Results Are In: Visa’s TechCrunch Disrupt Hackathon Generates Fresh Thinking on Payment Security Education

After two days of panels, a Startup Battlefield and a 24 hour hackathon, TechCrunch wrapped up another successful Disrupt NY event with thousands of attendees.  Visa joined in on the fun by sponsoring the Disrupt hackathon, where 700 developers descended on New York City for a chance to win $8,500 from Visa.

My Visa colleagues Lee Mokri and Sofia Mata-Leclerc were on-site at the hackathon helping developers throughout the night and eventually awarding the prizes.  The Hackathon was a way to generate more awareness and create a forum to discuss improving payment security, and make learning about security more engaging and digestible.  We tapped into the incredible creative talent of the developer community to take a new approach to this challenge.  After working through the night, developers submitted numerous creative concepts, making it a tough choice for the judges.

The grand prize winner, Theo Rushin, Jr., created a game designed for kids and parents to play and learn about online security, together.  The runner-up, Frank Denbow, was recognized for creating a phishing game that delivers tips throughout each stage of play.



Here’s a peek inside the hackathon:


Posted by: Mark Norris, Senior Business Leader, Emerging Products, Visa Inc on May 3, 2013 at 4:22 pm

Mar 6, 2013

New World Economic Forum Report Underscores the Importance of Data Collection and Use in Context

Last week the World Economic Forum release a report called, “Unlocking the Value of Personal Data: From Collection to Usage.” As part of the Forum’s steering board on personal data, I was able to contribute to the report, which explores the importance of unlocking the value of data in a way that preserves the trust of all stakeholders.

One important theme in the report is the value of managing consumer expectations through context setting. What that means is the use of personal data should be understandable when compared to what is being shared and why. Most consumers don’t need or want every detail of every data flow. What they are ultimately looking for is clear benefits from use of their data. For that they need context.

At Visa we understand the importance of context. In the Visa system, for example, consumers are delighted when analytics are used to identify attempted fraud on their accounts. I have repeatedly heard from consumers who applaud us for working with their bank to flag a suspicious purchase. It makes them feel safer. It is only possible if we use their own shopping behavior to look for patterns. But this data use is expected — and welcomed — by consumers because they understand the context.  And they support its purpose.

As companies explore new ways to use data and the opportunities and responsibilities that come with them, they need to keep the importance of context and consumer expectations in mind. When consumers understand the context, they feel a sense of transparency and control. With context, there is trust. And with trust, there is opportunity.


Posted by: Ellen Richey, Chief Enterprise Risk Officer on March 6, 2013 at 4:02 pm