Last month, Georgia’s capital Tbilisi hosted two significant events: VISA Risk Executive Council and the Security Summit. Both events discussed key focus in risk management , current worldwide trends and fraud prediction techniques, and showcased VISA’s most advanced technologies and innovative practices to make payments even more secure..
VISA sees Georgia as a pioneer country that has launched and acquired modern technologies and has made huge steps towards transactional and e-commerce innovation.
We had the opportunity to talk with Larisa Makarova, VISA’s Head of Risk in CIS&South East Europe countries.
Cybercrime is fast becoming one of the greatest challenges in the marketplace. How is VISA ensuring that consumer data is protected and that the company remains ahead of the curve?
VISA has been doing well throughout the sixty years of its history. Nowadays cybercrime and new technological threats are growing very fast. We have four key strategic pillars, which we have already tested and have been working on for a couple of years.
- Protect Data:
VISA has initiated standards for data protection now called Payment Card Industry Data Security Standards (PCI DSS), which were mandated in the payment industry worldwide. In simple words PCI DSS ensures that transaction data is secured, when stored, processed and encrypted when transmitted from one point to another.
- Devalue Data:
Data should be ‘devalued’ while in transit, and here we can talk about EMV chip, Verified by VISA and the recent innovative practice developed by Visa which is ‘tokenization’.
VISA’s Token Service, a new security technology, replaces sensitive account information such as the 16-digit account number with a unique digital identifier called a token. The token allows payments to be processed without exposing actual account details that could potentially be compromised. As consumers increasingly shop with connected devices, the need for a seamless and secure digital payment experience becomes crucial. Without exposing the consumer’s account to fraud, tokenization enables frictionless, card-free payments in digital commerce environments.
- Harness Data:
What we mean here is stop fraud before it occurs. Recent technological innovations have given rise to artificial intelligence, which is playing an increasingly important role in today’s world, but also making the job of fraudsters easier. Nowadays, cyber-attacks can be more successful as malware’s ability to mimic human behavior has increased, making it more difficult to identify whether one is facing a phishing attack or a real email. Malware is helping criminals to commit crime, but the good news is that the same technology and the same artificial intelligence is helping us to identify potential attacks and stop them before they occur. One of our techniques is called VISA Advance Authorization, which enables us to identify real cardholder behavior based on neuron networks techniques. At VISA Net we score every transaction, whether it is considered risky or not, and if we see evidence of a high degree of risk then the transaction is stopped before it is complete.
- Empower Consumers:
There is a high demand for collaboration nowadays. No single institution can cope with fraud on its own. Clients, regulators, cardholders, VISA—we should all work together to fight fraud. Cardholders are the source of information. VISA has developed Alert Messages which help consumers track their transactions: if consumers don’t recognize a transaction, if it was not made by them, they inform their bank immediately. This concerns to all type of transactions, including those made via new devices.
These are the four pillars which we have implemented strategically and continue to follow, improve and innovate.
There’s a lot of hype surrounding the virtual currency infrastructure Bitcoin, and a lot of talk about mobile payment platforms like Square, Google Wallet and PayPal revolutionizing the future of the digital payments industry. How would you rate the long-term staying power of these digital payment trends?
The whole world is going digital, and it is difficult to predict on each company and each method of payment. At VISA, we are looking towards this digital world and are co-operating with other companies such as Apple Pay and Samsung Pay. We carry out joint activities and together try to improve security.
We should not only think about innovation from the consumer point of view: our task as risk managers is to make innovations secure. You can innovate as much as you want, but at the end of the day innovation has many participants, many other institutions and data transmission aspects, and the data is the key. As soon as you own the data, you have the power, but the data could be compromised and that’s the risk. So our task is to make sure that sensitive data is protected.
What opportunities and challenges do you think will arise in digital commerce in Georgia over the next five to ten years?
We chose Georgia for our two-day event (VISA’s Risk Executive Council and Security Summit) for the Middle East North Africa and South-East Europe because among the region of 17 markets, Georgia is the most innovative one— contactless cards are widespread here. Almost 70% of banks issue contactless cards, and 90% of merchants accept them.
In Ukraine, for example, most cards are not yet contactless and still rely upon magnetic stripes, so in terms of over the next five to ten years, Georgia is already 5-10 years ahead of Ukraine, which is lagging behind. And besides new technologies, Georgia was also one of the first markets to introduce the practice of tokenization, which is gradually being adopted across the CIS countries. Georgia is a pioneer, and in that sense, you are already in the future.
What are the difficulties in managing an emerging market like Georgia versus a more mature market?
I would ask the question the other way round: what are the privileges of managing an emerging market such as Georgia?
Mature markets are the difficult ones to manage, because during the years of their development they have invested in technologies which are getting out of date . Now they need new funds, since these are huge markets—like the United States, for instance, which are still investing in EMV chip technology. In Georgia, chips appeared ten years ago and the country is increasingly contactless, but in the U.S., chip technology remains a goal. Georgia is a small market, and as soon as something new appears, the country tends to adopt it immediately. Big markets, on the other hand, move slowly. Generally speaking, banks in emerging markets understand where they are lagging behind today, and try to predict the next big move investing into new technologies . That is why they appear to be ahead of their time, and to me this is one of the privileges of working in emerging markets.
What distinguishes Georgia in terms of VISA payments? How does retail fraud here compare to elsewhere?
As I have mentioned, from the issuing point of view Georgia is a territory of innovation, a place where new technologies introduced and are in widespread use. However, fraud does pose some challenges to acquirers. Many fraudulent merchants are targeting Georgia from abroad and are trying to do business here. The key problem is illegal activity of those merchants. Majority of them are FOREX and Binary Options merchants, as well as illegal pharmacy moving to Georgia. The banks start to work with them, but this leads to Georgian acquirers being identified under VISA risk analysis programs. We are monitoring this activity very closely, sending information to acquiring banks on violating merchants in order to help them terminate the illegal activities.
According to VISA rules, transaction must be legal in both the acquirer’s and the issuer’s jurisdictions, and the transactions we are often seeing here are legal in Georgia but prohibited in the U.S. for example. Today there is lots of business between Georgia and the U.S., and banks should pay more attention to what is legal and what is not.