Visa is investing billions of dollars in cybersecurity, both to defend its own payments system and to develop services for its clients, CEO Ryan McInerney said at an investor conference last week.
“Cybersecurity is a huge topic for any company around the planet, especially for financial services firms, and especially for us as a platform for banks around the world, and as you might imagine, we’re a huge attack vector,” McInerney said in speaking to the RBC Capital Markets conference on March 5.
The company fends off about a half billion attacks on its perimeter on a monthly basis, ranging from average phishing emails to sophisticated nation-state-backed cyber assaults, McInerney said in describing Visa’s cyber landscape.
The San Francisco-based card network has spent billions of dollars defending its system and the CEO suspects it will spend billions more, he said. He said about 1,000 of the company’s 30,000 worldwide workers are “only working on cyber.”
“We are all in an arms race to protect this ecosystem, to protect the network,” McInerney said.
He noted that the company blocks some 20 million malicious emails monthly before they reach those workers.
“We've spent billions of dollars, we'll spend billions of dollars protecting the network of networks that we built on behalf of our clients and the ecosystem,” McInerney said, adding that Visa is also “increasingly productizing” its cyber know-how to sell both additional network services and consulting services to customers.
The company didn’t immediately respond to a request for comment on specifically how much it spends on cybersecurity each year.
In conversations with customers, Visa tries to bring understanding of the cyber threats in one part of the world to bear on dialogue with customers in other parts of the world, for instance helping Canadian customers be informed by what’s happening in Southeast Asia, the CEO said.
The company spends “a lot of time connecting our market teams so that they're learning from each other, seeing pattern recognition,” McInerney explained.
The insights on Visa’s cybersecurity spending come as the industry is battling government entities that aim to reduce the card network fees that merchants must pay. Visa and other industry trade groups argue those interchange and related fees fund work to deter cyber and fraud threats.
Those government efforts include the Federal Reserve’s proposal last year to lower the amount that card networks can charge merchants for processing debit card transactions. They also include the bipartisan effort in Congress to pass the proposed Credit Card Competition Act, which aims to reduce such fees by injecting more competition into the processing of credit transactions.
With respect to cybersecurity, McInerney also discussed how the company is using generative artificial intelligence to thwart account-to-account fraud by way of Visa services.
“What powers generative AI is data,” McInerney said, adding that Visa has “arguably the largest global payments data set that exists.”
As a result, the company is using its data, collected from all around the world, to create its own large language model, a machine-learning engine of sorts that can be used as the basis for generating simulated human responses. It’s using that AI approach to fight fraud and scams in account-to-account bank payments, whether that’s real-time or ACH payments, the CEO said.
Visa is doing so by creating synthetic datasets that allow the company to develop new fraud tools, fraud mitigation services and scoring algorithms that can be applied to “entirely different payment ecosystems,” McInerney said. “We're doing this with large at-scale, real-time payment networks and banks all around the world,” he said.