close
close

Visa uses generative AI to mitigate brute force attacks

Visa is launching a generative AI tool to assign real-time risk scores to transactions to stop enumeration attacks that use automated scripts and botnets to test for vulnerabilities.

An enumeration attack, more commonly known as a brute force attack, occurs when a hacker repeatedly attempts – using automated scripts or software – to conduct card-free transactions using a combination of payment values, such as: B. a primary account number (PAN) or a card, verification value (CVV2), expiry date and postal code.

When they receive an approval response, they know they have legitimate payment account information that they can use to empty bank accounts or pay a credit card bill. According to Visa, such attacks cause fraud losses of $1.1 billion annually.

Threat actors are leveraging sophisticated technologies such as automated scripts and botnets to amplify their card testing attacks, allowing them to exploit vulnerabilities at an unprecedented scale and speed. These attacks, known as enumeration attacks, result in operational costs and fraud losses of $1.1 billion per year, representing a significant portion of global fraud(1).

To address this threat, the card system is updating its Visa Account Attack Intelligence (VAAI) offering to include the VAAI Score, a new tool that uses generative AI components to identify and score enumeration attacks. The VAAI score, which will initially be available to U.S. issuers and will go live in Europe for both issuers and acquirers in April 2025, assigns a risk score to each transaction in real-time to prevent card-not-present enumeration attacks ( Card Not Present (CNP). Transactions.

According to Visa, 33 percent of listed accounts experienced fraud within five days of a fraudster gaining access to their payment information

By using generative AI components to learn normal and abnormal transaction patterns, Visa’s VAAI score identifies the likelihood of complex enumeration attacks in real-time.

Paul Fabara, chief risk and client services officer at Visa, says the tool was able to reduce the false positive rate by 85% compared to other risk models because the VAAI score focuses on specific signals to enumerate, providing better performance enabled.

“Enumeration can have a lasting impact on our customers and there is an urgent need for tools that can better detect and prevent these attacks in real time,” he says. “With the VAAI Score, our customers now have access to real-time risk assessment that can help identify the likelihood of an enumeration attack, allowing issuers to make more informed decisions about when to block a transaction.”