With over 20 years of extensive experience in risk management in the payment industry, Rodriguez is responsible for Credit Settlement Risk, Enterprise Risk Management and Payment System Risk, including Data Security, Brand Protection and Cyber Investigations at Visa.
With the rapid growth of electronic and online payment usage globally, where does Visa stand in ensuring security for consumers?
Consumers are crucial, and the event we’re having today (Middle East and Eastern Europe Security Summit) is a vital part of our efforts to ensure they’re protected when using our products and network. For the last two days, we’ve been here in Tbilisi with a group of clients not only from the CISSEE region but also from across the Middle East and North Africa to talk about what we need to do to make sure the electronic payments system is secure for consumers. Visa can do a lot of things, the banks can do a lot of things, and merchants can do a lot of things, but at the end of the day you, as the consumer, need to have trust what we’re doing.
What measures are undertaken specifically?
We do many different things and we can talk about the tools and techniques that we’re using. When it comes to consumers, we believe first in raising awareness – we need to make sure that consumers are aware of what is available in terms of the tools and solutions designed to protect them when using their cards. These include EMV chip cards, which use an embedded microprocessor instead of a magnetic stripe to store cardholder data, making it almost impossible to counterfeit, and Verify by Visa, our online solution that helps ensure that payments are made by the rightful owner of the Visa account, building consumer confidence in online shopping. We also run consumer education campaigns in many markets. Through these campaigns, we offer consumers tips to help consumers avoid pitfalls and stay protected at all times. For example, we offer advice like, if you’re shopping online, make sure that the site has a padlock icon and never share your password. Also, sharing and not protecting your PIN is something people should avoid doing. Another things we also see is scams, unbelievable deals that attempt to lure cardholders into giving up their personal and account information. As part of the campaign, we run short 20-second video messages on social media to help show consumers how to protect their personal and account information at all times. We also work to remind consumers that if they are victims of fraud involving their card, they won’t be held responsible for it. So, talking to our clients in Georgia and around region helps us make sure that the right tools and processes are in place to ensure consumers feel safe, comfortable, and confident using their cards. That’s our key aim with regards to consumers.
So, in a way, it’s all about education?
Yes – education and awareness are key. We can explain complex things such as tokenization and encryption, but what consumers need to understand is that a chip card is a secure way of making a transaction and that it will protect them. And, when they’re shopping online and are authenticated by Verified by Visa, they should feel comfortable and safe. Finally, not sharing their passwords, and avoiding unsafe websites, are simple steps that will go a long way in ensuring they are protected from fraud.
How do you convince your consumers that the online payments and the cashless concept generally is more reliable and less time consuming?
Georgia ranks among the top ten countries for contactless transactions and has one of the highest card penetrations within the region. Contactless is the perfect example of security convenience, because what contactless has is the same chip card used in the same dynamic cryptogram that basically alternates and prevents it from being counterfeited. And, at the same time, it gives you the convenience because you just tap and go. We discuss contactless payments in our security summit to educate our other clients on the convenience and security of this type of payments technology. Georgians are innovators in this space. With regards to eCommerce, we have to continue to deliver the message of safety and security, and how we’re working to enhance the way we use Verified by Visa for added security. We have something called 3D Secure, a protocol upon which Verified by Visa is based. With 3D Secure, more information is shared between merchants, issuers, and banks, allowing them to better authenticate and identify that individual’s device and information. Using additional pieces of information – such as geo-location, information about the device, and even the language of the device – gives enough contextual information about the transaction for us to assess accurately its risk level. If it’s a high risk, there is an extra layer of security in the form of an OTP sent to the cardholder, and if it’s not high risk and we feel it is a genuine transaction, then we approve and notify the consumer that they’ve been validated and authenticated. We see that as a significant thing with a positive impact on people. Consumers get a more seamless experience and it continues to be as safe and secure as before – this helps improve merchant profitability. By creating this seamless transaction, by using more information that can be shared between the merchant and the issuer, we can approve more transactions, the consumer has a better experience and, at the same time, the merchants enjoy better sales.
What are the threats and demands that need to be addressed today?
Today’s threats are mainly cyber security-related. Cyber security threats are happening around the world on all levels: you have breaches of personal information within governments and you have websites being taken down with malware. The latter is a key area of our focus and one of the things we continue to develop a response against. We’ve been working very closely with our clients to identify and disrupt these threats, making sure that the entities that have information are protected, and that we devalue the data and make sure we use the same information to make better decisions. Being the largest retail payments network in the world, we have a vast amount of transactions and data upon which we can build solutions and insights which we can share with our clients as part of payments security training we provide. The data capability of our network is an integral part of our multi-layered approach to security. And, with regards consumers, protecting and educating them is critical.
What new developments do you foresee in terms of a Cashless Economy in Georgia?
One of the big things is the Internet of Things, where everything will be connected and wearables such as rings, and watches and more and more phones will have the capability to make payments. We were just discussing at the summit today that in 2016, there were an estimated five billion connected devices – by 2020, it is expected that there will be over 20 billion connected devices. Now, is Georgia there yet? We’re seeing Georgia moving in this direction but I think it is still some years away. But with more transactions, and data connected and transferred there are more opportunities for criminals to steal information. So, one of the key technologies we developed to address this is tokenization, which replaces sensitive account information with a token, which has no meaning or value. It’s a critical thing coming to this market and Georgia is one of the first countries leading the implementation of tokenization within the CIS region. It’s a proven testament of Georgia’s ambition to be an innovator, and Visa is bringing new technologies and innovations to Georgia first because of its desire and innovative spirit. We’ve already launched an initiative to start tokenization with the Bank of Georgia, and obviously there will be other banks here that will follow.
What new solutions do you plan to launch in the future?
Biometrics as a key area of focus and interest. At the moment, we need to make sure we have the right standards, and interchangeability of the technology is also something we’re exploring.
Click Here to check the original link of the interview.