Visa CRO: antiquated infrastructure needs updating to fight fraud
credit: Studio_Nazh / Shutterstock

Fraud has evolved over the years to being perpetrated by highly sophisticated operations, likened by a senior executive at payments giant Visa to emulate the same corporations whose customers these criminals target.

“Fraudsters run these things like corporations. Just like we sell value added services they are trying to sell value added services,” said Natalie Kelly, Visa Europe’s Chief Risk Officer, at the Financial Crime 360 (FC360) conference in London this morning (19 November).

Hosted by The Payments Association (TPA), the UK’s payments trade body, FC360 takes place surrounded by the high-rise corporate buildings that define the financial capital of Europe, some might say the financial capital of the world.

The companies that call this area home have had a lot to contend with regarding fraud this year. UK Finance, the financial services trade body, estimates that £570m was lost to fraud in H1 2024 alone. Meanwhile, new regulations came into effect early last month requiring companies to reimburse victims of authorised push payment (APP) fraud up to £80,000.

Speaking more broadly about the impact of cyber crime in financial services, Visa’s Kelly shared an estimate that the total cost of cyber crime will reach $10.5trn in 2025. Huge societal, industrial and technological changes are posing new challenges for financial companies to contend with. 

Regulatory changes across various markets, shifts in consumer expectations and demands, the rising economic power of Gen Z, and further down the line Gen Alpha, regulatory and technological fragmentation, and the sheer breadth of payments options available right now have made fraud prevention a much more challenging discipline for financial services.

“The rapid pace of change is here, it’s upon us,” Kelly added. “We like to say that the last five years of change have impacted us more than the last 30.”

So what more can actually be done? Technological advancements are of course a necessity, with Visa’s CRO sharing that an estimated 75% of banks are ‘not nimble enough’ to respond to gaps in fraud prevention and detection, gaps which are subsequently being exploited by criminal actors.

“A lot of our infrastructure is antiquated, it’s not nimble,” she said, asserting that the global banking sector needs to drastically upgrade legacy systems to counter the threat posed by advanced fraud. 

The fact that fraudsters are making more and more use of tech like artificial intelligence (AI), particularly to generate deepfake images, videos and voice clones, has placed the onus on this need for a technological upgrade even more.

For its part, Visa has invested $10bn into fraud prevention, cybersecurity and technology. 

Visa
Editorial credit: Shutterstock.com

The company has earned its stripes in this regard, securing a 4.9 (rating?) cyber security – though it is of course important to note that as one of the two biggest payments processors in the world, alongside its rival Mastercard, Visa has a lot of resources on hand to achieve this, resources which smaller fintechs and startups will not have.

This is also not a fight that financial services firms are expected to fight alone, and they are not fighting it alone. Law enforcement and regulators are also playing a key role, not just in the form of introducing new policies like the aforementioned APP reimbursement rule by the Payment Systems Regulator (PSR).

The City of London Police, as its name suggests responsible for policing the City of London including its financial districts, is the UK’s leading law enforcement body on financial crime. Tijs Broeke, Chairman of the Police Authority Board, believes that fraud needs to be treated with more urgency by UK authorities.

“Online safety must be embedded in all government policies as much as physical safety,” he said, noting that although fraud does not command as much media attention as violent crimes, it accounts for around 40% of crime in the UK – but only 2% of overall police resources.

“There needs to be a rethink of how fraud prevention is handled at the local, regional and national level”, he told attende. Ensuring police forces have the digital and analytical tools at each level will be key to this.

Meanwhile, banks and technology companies need to be factored into fraud prevention as critical partners. This is a common talking point in UK payments circles, with many stakeholders criticising the PSR regulations for not factoring in what Big Tech can do to prevent fraud, and the use of social media to facialite fraud.

“The tech industry in particular has the tools to safeguard the public and prevent criminals before they strike, and they must up their game,”  Broeke remarked.

Fraud is something that affects varying companies of varying sizes, and according to stats from regulators, banks and trade associations also affects consumers of varying ages and demographics.

Kelly noted that even Visa, one of the world’s biggest financial services actors and as noted above, one with substantial monetary and technological resources, has been targeted by deepfake fraudsters impersonating its CEO.

Internationally, Visa’s CRO believes that Europe has established itself as a leader in fraud prevention, citing regulation and secure technology adoption. The rest of the world is trying to catch up, she said, but fraud rates ‘could be a bit lower’.

Zeroing in on the UK, the financial service sector accounts for around 9% of the country’s GDP, – and not just in the capital as many believe, with two-thirds of the industry located outside London. 

Countering fraud will be vital for ensuring the industry continues to play a role in the UK’s economic growth, and with the government clearly focusing on financial services as a core segment of this growth, this area needs to be addressed.

As Broeke put it: “The financial services ecosystem underpins our society and so addressing fraud has to be a national priority. We have to shout about it.”