Visa Deploys AI Defenses To Thwart Payment Fraud

Visa is publicly framing payment fraud as a professionalized, technology-driven economy and is pushing AI across the payments stack to counter it. James Mirfin, senior vice president and global head of risk and identity solutions at Visa, told PYMNTS that “Fraud has become a business, an economy,” and described a transition from ad-hoc schemes to coordinated, professionalized operations.

Fraudsters are adopting automation and AI techniques that scale attacks and reduce the latency and manual effort previously required. That raises two technical challenges for defenders: (1) distinguishing legitimate behavior from increasingly sophisticated, automated attacker behavior in real time, and (2) doing so without introducing customer friction that increases false declines and revenue loss.

Visa’s response is to embed intelligence at multiple decision points — provisioning, authentication and authorization — rather than treating fraud as a single downstream problem. The company emphasizes reducing false declines while increasing the cost and operational complexity for criminals. Mirfin frames Visa’s objective bluntly: make fraud “too costly and complex for criminals to sustain.” The coverage positions Visa’s strategy as combinational: data-driven risk scoring, identity orchestration and real-time authorization controls that operate across the payment lifecycle.

This is a signal to product, security and fraud teams at issuers, gateways and merchants that the defensive bar is rising. Expect continued pressure to deploy real-time risk models, tighter identity linkage across provisioning and auth flows, and orchestration layers that can route transactions to graduated authentication or frictionless paths dynamically. Reducing false positives will remain a central engineering challenge: effective defenses must increase attacker cost while preserving conversion rates.

Watch for product announcements and technical detail from Visa about specific APIs, signals, or model-sharing mechanisms available to partners; look for partnerships that broaden shared telemetry and for guidance on privacy-compliant signal exchange. Also monitor whether attackers respond by shifting to supply-chain or account-creation vectors that evade current provisioning/auth focus.