Throughout the pandemic, the payments threat landscape was largely influenced by the ongoing COVID-19 pandemic. Cybercriminals continued to employ tried and true methods, such as phishing, payment account enumeration, eCommerce skimming, ransomware, among others to exploit many vulnerabilities during the pandemic, says Natalie Kelly, Visa’s SVP, Global Head of Payment Ecosystem Risk. Here, we talk to Kelly about the payments fraud ecosystem, her role at Visa, ensuring business continuity through the evolution of the payments threat landscape and more.
Security: What is your background and current role?
Kelly: I started my career at SouthTrust Bank, a small but very progressive financial institution in Birmingham, Alabama where I led the Bankcard Center Strategy. It offered an incredibly valuable experience that served as a springboard for my payments career. Three years later, I joined Visa’s Management Associates Program, which encompassed learning all aspects of the Visa payment ecosystem. This led to a 20-year journey at Visa that has spanned multiple areas of responsibility while offering the opportunity to be on the cutting edge of payment innovation.
I’ve had the privilege of helping to drive exciting progressions in digital commerce including smart cards, ecommerce, mobile commerce, tokenization/digital wallets, and risk management.
Security: Could you tell me about your role supporting Visa’s Chief Risk Officer?
Kelly: With the various roles I’ve enjoyed during my time at Visa, I feel fortunate for the opportunity to play a role in the Risk organization to round out my experience. I’m taking all the accumulated knowledge and using it to lead Visa’s Global Payment Ecosystem Risk team. In this role, I assist Visa’s Chief Risk Officer Paul Fabara in advising on potential risks to the business, maintaining an end-to-end Global Risk Strategy to defend against the latest threats, developing best in class analytics for insight, and protecting data in the ecosystem that has been entrusted to Visa by merchants, issuers, and accountholders.
Most importantly, at this critical juncture in history with pandemic-induced crises across the world, I feel fortunate to be able to play a small part in helping merchants recover by offering a secure way to pay and be paid. This way, individuals, communities, businesses, and governments can sustain, recover, and ultimately thrive.
Security: How has payments fraud evolved during your two decades at Visa?
Kelly: Twenty years ago, payment fraud was largely focused on exploiting payment cards by physically stealing them or printing stolen card numbers onto counterfeit cards.
Today, fraud is perpetrated by stealing digital credentials and by individuals belonging to criminal syndicates or groups funded by nation states. These individuals are technology savvy. They use the latest capabilities available from A.I. and big data tools, conduct research to understand and identify system vulnerabilities in specific industries, use social engineering to target individuals with certain job titles at companies to gain privileged access to sensitive information, coordinate attacks in real-time across geographies with local criminal groups with precision, and are primarily motivated by financial gain.
However, the industry is keenly aware. Merchants, financial institutions, and payment networks are working together to protect the integrity of the payment ecosystem to prevent fraud, defend against known attacks, stay one step ahead of fraudsters, and maintain consumer trust so commerce is not impacted.
Security: What are the gaps in security in the payment industry exposed by the pandemic? How is your team at Visa doing to address and solve them?
Kelly: The pandemic revealed that businesses are more nimble than we thought. Many moved from only accepting in-person payments at brick-and-mortar stores to quickly establishing an online presence to sell products and services, and accepting digital payments almost overnight. This was crucial for survival. Merchants large and small adapted quickly and seeing business owners respond and pivot so quickly was inspiring. However, some were not adept at protecting their online stores against fraudsters and fell victim. Methods such as enumeration attacks using automation to test and guess payment credentials on merchant websites during checkout and unauthorized online purchases using stolen identities and payment information are increasingly common.
Security: How have you ensured business continuity in a very fluid pandemic environment at Visa? Has it been hard to lead a global team from one single office?
Kelly: Visa’s global payment network plays a critical role as the world’s commerce engine, ensuring consumers, businesses, banks, and governments can send and receive funds. For decades, we’ve invested in global and local business continuity plans and these investments placed Visa in a position of strength in responding to the unique challenges of the global pandemic. We executed our plans and made resources available so services to our employees and clients were never disrupted.
The transition to working entirely remote has been a challenge for every leader – myself included. I was particularly concerned about inclusivity. With all-virtual meetings, it can be more difficult for some people to interject their thoughts and be heard, and I’ve seen women struggle more than men in most cases. I view this as an opportunity to make space for them to speak up and specifically ask what they think. I’ve always been a growth enthusiast, looking to create opportunities for future leaders, and I will continue to empower voices that aren’t the loudest.
Security: What is your secret weapon to working efficiently and productively? What do you like to do in your free time?
Kelly: Meditation is my secret weapon. Quieting the mind is critical, otherwise, it seems like everything is coming at you at once. If you can sit in meditation for 15-20 minutes and observe your thoughts, it will help quiet the mind and open space for more focused productivity.
My non-work hours are spent with my family. I’m also an artist on the side and I love creating things. Throughout my career, I’ve found that my artistic side can be a huge benefit whenever I’m in a situation where I feel stuck.
For example, if I’m in a meeting where it doesn’t feel like we’re reaching a solution or getting to an outcome, I will go to the whiteboard or take a sheet of paper and draw out the current situation and where I think things should go. I map out multiple paths to get there. I’ve found that most people are visual learners, and it helps to have something tangible for them to see to get their thoughts going.
