When the client decides to make an online purchase on-line, the moment he decides to make the payment and click Pay, the first thing that happens is to be inserining his card, the debit or credit card. At this point, the merchant cattes these information and other information and sends them to the merchant merchant, so that the merchant is connected to Visa and sends them to our network. network e noi in base al PAN riconosciamo chi ha invece la banca che ha emesso quella carta, quindi la banca del consumatore e mandiamo queste informazioni a tale banca. Tale banca verifica la transazione, verifica se ci sono i fondi sufficienti per coprire la transazione e poi da un sì o no approva o declina. Quindi questo è il flusso di dati. Ecco quello che succede in Visa when they arrive these information Visa in 5.000 seconds in a batting of a cigarette, really takes more than 500 points, analyzes these information in real time, looks at the historical history of the client, so the two years of historical history of the client, looks at the historical history of the merchant, looks at the location of the merchant, the address of the operator, the IP of the device, so there are a series of information that in 5 seconds allow us to give a scoring, so we can make a probability of the transaction, if it is a risk or if it is a genuine transaction. So we give this information to the issuer, so that the bank can take the decision. Welcome to the I'm Gianluca Dotti of Wired Italia and this is a new episode of The Big Interview, recorded live by Bocconi. In this episode, which is done in collaboration with Visa, we will talk about payment, security and cybersecurity, but also about artificial intelligence and innovation in a wider sense. We will do it together with our guest, Guido Mangiagalli, Head of Risk and Identity Solutions Europe of Visa. Welcome to The Big Interview, Guido. Grazie, good morning. Allora, io partirei dal dietro le quinte di quello che succede quando un pagamento digitale viene autorizzato, perché lato utente è molto semplice, ma dietro c'è un sistema molto complesso, molto efficiente, che deve lavorare molto bene perché tutto ciò sia, come si dice, senza attriti per chi il pagamento lo sta inviando e ricevendo. Ci dai un pochino di racconto di quello che c'è dietro le quinte? Certo, assolutamente. Quindi proprio ad alto livello, come lo chiamiamo noi, è un sistema a quattro parti. Nel senso che quando il cliente decide di fare un acquisto online su un sito, il momento che decide di fare il pagamento e clicca Pay, la prima cosa che succede, vabbè, prima di tutto inserisce il suo numero di carta di debito, di credito. A questo punto il merchant cattura questa informazione più altre informazioni and sends them to the merchant bank, so that the bank connects to Visa and sends these information to our network. We, based on the PAN, recognize who is the bank that has emulated that card, so the bank of the consummate, and sends these information to the bank. The bank verifies the transaction, verifies if there are sufficient funds for the transaction, and then a yes or no, a pro or declines. So this is the flow of data. What happens in Visa, especially when they arrive, Visa in 5.000 seconds, in a batting of a cigarette, really takes more than 500 points, analyzes these information in real time, looks at the profile of the client, so the two years of history of the client, look at the historical history of the merchant, look at these data, there are like the address of the purchaser, the IP of the device, so there are a series of information that in 5 seconds allow us to give a scoring, so to make a probability of the result of that transaction, if it is a risk or if it is a genuine transaction. And then we give this information to the issuer, so that the bank can take the decision. So, to make sure we process more than 60.000 transactions per second, so to be able to process all these transactions and apply these statistics of machine learning, artificial intelligence, we need, as you can understand, infrastructure very heavy. I'll start with the infrastructure and technologies because you have told us about how it works, which is very easy and maybe a little more complicated. What are the tools that a reality like Visa uses and, at the level of technological, are they sufficient for giving those guarantees that who who envies or receives a payment need for being tranquil? Certo, allora Visa è stata pioniera nel mondo dell'artificial intelligence. Noi utilizziamo l'artificial intelligence da più di 30 anni. Certo, abbiamo iniziato con l'artificial intelligence, quella che si chiama predictive intelligence, che è basata su algoritmi di decision tree, che sono algoritmi abbastanza standard oggi, which are algorithms that use the logic of yes and no. So, for example, if you have a transaction over 500 euros, yes, then you can take this direction. If you have the address of the car holder correct, yes, then you can take that decision. So, it's a tree of decisions, of course, which is very complex. Ecco, these technologies, for now, have worked well and have given good results. But, only today, the fraud is becoming more complex and the more difficult and even the technology is changing. So today, for example, in the US, we launched last year a new product called Visa Deep Authorization, which uses technology more advanced artificial intelligence such as the Neuron Network which is a very complex quite complex and we see that they have better results We're thinking about expanding this project to a global level. In addition, we have a future space company in the UK, and we're piloting technology more advanced, like the LLM. So, the LLM is on the the right hand of everyone, thanks to the GTP, we all know and are very much applied in the linguistics world, so they are very much applied in the linguistics, so they are very much applied with words and language. We have taken that technology and we have taken that with millions of transactions and we are seeing that the use of these systems gives an we give an ulterior 20-30% of improvement in our capacity to predict the fraud. So, the technology is evolving and the systems are also adapting and we see that the artificial intelligence is applied to the world of anti-fraud. For the concept of artificial intelligence itself is changing in time, in the sense that, as you said, it is decades ago that you use it, what it means to be a concrete level, with what models and what instruments are an evolution continuous. Absolutely. An evolution that is necessary because obviously, as who who is paying, who proceeds in technology more innovative, the same can do to us, even those who have intentions well nobiles in front of the payment, so we talk about fraud, we talk about systems of protection from cyber security. You have already anticipated that one of the strategies that Visa uses is also the acquisition of reality that can give a better. How does continuous improvement happen? This continuous course to the technological advance? For staying at the pace, we need to invest a lot of technology, because these technologies are powerful, but also expensive. In fact Visa has invested in the last 5 years more than 10 billion dollars in cyber security and anti-fraud. So this allows us to stay at the steps. But there are three things that need to be relevant in this space. 1. Have the right talent. So it's important to have data science, team of people in order to understand, use and develop these technologies. And this is not easy because they are always less, they are always more requested. The luck of Visa is that our headquarters is in San Francisco and San Francisco is in the center of Silicon Valley. So we have access to this type of resources, and we have a great team of experts in San Francisco. In addition, as I mentioned earlier, we have also made an acquisition, Future Space, which is a company founded by a professor from the University of Cambridge. They are based at Cambridge, and when I found them immediately after the acquisition, I was really impressed by the people who work at Cambridge. They are all young, all experts, all native AI. This is one of the main things. The second is to have the right infrastructure. We have to invest in a lot of servers, and this requires investment. We have data centers super secure, but also our technologies are developed in order to take advantage of local cloud. So we are able to replicate our capabilities locally in the cloud. This is important because in a way in which we need to have more data, we need to be more data, the data is often required to be local. So this is another important factor to consider. And third, the data. The data is the oil that makes it work with the artificial intelligence, and therefore we have a big data. And here is where we are different from the more, because having one of the biggest networks of the payment, we have data, and not only local, but global data, so we can see how the fraud is going to be global. This is important, because the fraud is maybe developing in a country and then moving, not static. So if you have a global visibility, you can see when you develop those patterns and then block them when you move. If you have only a local visibility, you can see it more difficult to do this. Insomma, it serves technology and infrastructure, but it also means having an eye capable of taking those trends and the new ones. Ecco, ci puoi raccontare quali sono, a proposito, queste frodi, questi trend, come sta evolvendo anche la tecnica, la strategia di chi tenta di portare a segno degli attacchi? The fraud is changing, and if we consider the world of cards, the fraud that we have seen before was the fraud in which the frauders tried to intercept or rub the information, so the number of cards, the CV2, and then used them to commit fraud. So it was the fraud that committed fraud. Now what we're seeing is what is called scam or APP fraud, which is Authenticated Push Payment. This new fraud is a fraud in which the fraud, through the psychological techniques, tries to influence and convince the consumer genuine to make a transaction that is then fraudulent. This changes the model in which we have to work, because now it's more difficult, because it's you who is doing the transaction, and we have to understand that you are doing but you don't have to do it, because that person doesn't exist or you don't think to think that it is. So, for being able to do this, we need to change the model, but to have a visibility end to end of fraud. So you have to know, you have to know me as consumer, but you have to know who is the person who receives this transaction, because what they call the mule account, the mule account, are those that are created that are to be able to receive the transfer. Now, with account to account, real-time payments, this fraud is exploding. At the global level, it was quantified more than 500 million dollars in 2024 So these are impressive numbers So there is always more need to invest and try to block it It also a fraud I would say because the people who were being frauded are being totally frauded from a point of view economic, but also from a point of view psychological, because they had invested in a relationship with that person, they believed in that relationship and they are totally contradicted. So it's important to try to reduce this at the maximum. Yes, there is an aspect technological and cultural, as you said, the fraud is also made by psychological, so for example, furthermore, increasing the complexity. Absolutely. And to increase the complexity, if we want, is also a instrument of which we have talked a lot, which we have already talked about in this artificial intelligence, which is obviously a disposition, let me say, the good and the bad. All right, the question is who is helping a better technology? That's the balance. From which part can we move to the effect of the IA, generative or less? The IA is neutral. It is available for us and for the Froster. The Froster today is having access to costs always more low, to technology like the deepfake. These are technologies in which, for example, they can replicate the voice of the people. So, going back to that scam, that fraud, they can impersonate better the person who maybe the victim can trust. So it becomes more difficult for the victim to defend themselves, because it seems to interact with your friends, with your friends, with your friends. And so, the AI is helping the fraud in this part. But, on the other hand, we have to go faster. We have to go ahead. We have to go ahead. In the world of cards, if we look at the fraud in the world of cards, the last few years is always in a trend of growth. while in this world of account to account and scam it is growing exponentially. We, as I've already said, the use of artificial intelligence and the use of the data to try to anticipate and see when a transaction is genuine from a non-genuine transaction. This is the artificial intelligence, soprattutto le ultime tecnologie sono molto brave a proprio a creare il profilo standard, quello regolare del cliente e identificare anche discostamente sempre più piccoli per quella transazione da quel profilo e quindi far suonare degli allarmi. Però è una gara che bisogna continuare a investire. È una gara testa a testa diciamo così. You talked about the importance of the sharing of data, maybe another element very useful to increase the security is that we talk about the various stakeholders that are in the world of the payment, which are banks, providers, institutions. Is this collaboration enough? Is it enough? Is it better? How is it going? Sta andando, sta andando per... Prendiamo lo UK come esempio, perché lo UK per esempio è un paese in cui il real time payment è già una realtà, mentre in Europa sta iniziando ora e una piccola parte degli account accounts è un real time, ma la maggior parte sono ancora bonifici a due o tre giorni, però in UK sono tutti real time. E quello che abbiamo visto, due cose. 1. that the real time is 10 times more risky than the account standard. 2. We saw that the regulation is pushing in the right direction. In the UK, for example, the regulation has requested, since there was a perception that the banks were not doing enough, has imposed on the banks to be responsible for fraud. So in the UK, in October of last, if I suffer a scam, even if I have sent money to a platform because I wanted to make incredible returns, it doesn't matter, if I report it, the bank should reimburse me. So this is pushing the banks to invest more. We have done a project in the UK with five or six big banks and they have shared their data, because at this point they have taken care of that if we do not have to suffer the fraud, we have to invest and they have understood that they have to work together, so they have given us the data of the transactions and fraud, with which we have been addressing our models, and the results are incredible. We saw that with this consortium we were able to block the 50% more fraud than what the bank was in order to do. So these are already indications of importance of the share. And we have also done an increase in one of these banks. we also have united the number of accounts, so the IBAN, with the number of the debit card of the client. And then, matching the data, not only having the visibility on the account to account, but interseccing the account to account with the card, we have seen an ulterior 30% of the capacity to prevent fraud. So, the answer is absolutely, that to fight this world of scam, is important that we work together and share data. And to interrupt those silos of data that impedes interoperability or to call it, that is to call it a unique place where we can be together for a greater value in terms of knowledge, of information, etc. Guido, Visto che parliamo, lo diceva anche tu prima, di un'evoluzione della sicurezza che riguarda non solo la parte tecnologica ma anche quella umana, psicologica, culturale. Quanto è importante il valore, appunto, la consapevolezza che le persone hanno? Mi spiego meglio. Sappiamo che c'è un tema di alfabetizzazione digitale non sempre perfetta. We know that the financial education is not in the field where the results are better. What is the role of the person What can we do to feel better The first thing that one has is the awareness If you know what you doing it more difficult to be perpetrated by fraud So events like this, magazines like WIRE, these are very important. They are very important to educate clients with simple messages that explain what is fraud, how it is performed, what are the tools that you have to understand it. So absolutely more communication, more engagement of this type that you are doing today is absolutely fundamental to bring the know-how to the community, the message that you have to pass is that the electronic systems, the account to account, e-commerce, are fantastic things, things that simplify life, things that are also secure, but we need to be aware of it, we need to be aware of it, we need to be informed. So, as I said, it's important that there is always more opportunity to communicate, to help people understand what is done. And then if one is a little bit, before you send money, maybe ask a friend, and don't give up, because there is probably under pressure, the moment in which the fraudator is going to take you. So the communication is fundamental. When the fraudator is going to a very human vulnerability, It's the moment right in which you can take advantage. Guido, I would like to talk a little bit about the future, in the sense that we have talked a lot in detail about the technologies that today are and the trends that are more in vogue on the level of methods of payment. At the same time, an eye cannot go to what is emerging, with the perspective. Then the horizon is also temporary, you are far away or far away, but give us some input, some sense of what is coming, and what you and colleagues, seeing this world inside, are starting to start to occupy. As I said before, we are using the new technology of AI, so the large language model, but not the language, but the transactions. That, as we have seen from our pilot, will be a great potential in our capacity to individuate fraud. So this is the first part. Second, we have the authenticance. We invest a lot in everything that is biometrics, the ability to identify the identity, So, to be able to recognize and to be aware of the transaction, in the two parts, to be sure that the two parts are authenticated, because this reduces the fraud. Today the problem of the fraud, as I said, is that it is easy, especially with certain fintechs, to open a account, and these accounts become then used to be used to make fraud. So, we need to do a KYC structured when you open a account, KYC is Know Your Client, quindi la parte di autenticazione che avviene al momento della registrazione. Quindi biometrico, modelli di artificial intelligence sempre più avanzati sono sicuramente i trend sui quali va investito sempre di più. Chiarissimo. Ti faccio un'ultima domanda, un po' meno tecnica tecnologica, ma proprio un pochino di visione anche sul futuro. Quando parliamo di pagamenti, the physical object through which the payment is done. We all know the physical card for the payment, you can pay with the smartphone, you can pay for the anel or other devices. If we look at the future, do we continue to have the physical card or the alternative materialized on the smartphone or there are also other ways possible, even beyond the software technology that we are behind, artificial intelligence etc. Tecnicamente tutto è possibile, poi va capito quello che l'utente vuole fare, cioè per esempio già negli US ha quel sistema di pagamento nei loro shop che se tu ti registri, registri il tuo biometrico non devi più passare neanche nella cassa, non devi fare più nulla, tu prendi quello che vuoi comprare, vengono registrati automaticamente tramite dei tag e tu esci, your face scanner, the card is in the system and then the payment is in it. These things are already happening today, so technically we can already register our biometrics with a payment. Now it's not even a close, people prefer to have a little more control, to have that gestualità che dire sì l'ho provata io perché chi mi dice che che sto pagando quello che non voglio e poi adesso con tutto il mondo dell'agentic, agentic e-commerce, agentic AI, quindi dove avrai gli agenti che faranno lo shopping con te, anche questo è un mondo in completa evoluzione che per il quale non sarai più tu che fa la transazione ma tu demandi la transazione ad un computer che la farà per te. Quindi per permettere tutto questo è importantissimo, come ho detto, riconoscere il cliente la prima volta, quella registrazione è fondamentale e poi far sì che le informazioni e comunque che ci sia sempre un check finale che tu vuoi fare quella transazione. Quindi da un punto di vista psicologico sì io posso renderla il più frictionless, il più invisibile possible, but I still have to be sure that I can't even be able to more than 500 €. Insomma, the technology offers a lot of potential, then there is a cultural aspect of it, an abituality of the way to leave autonomy. A little bit of the analogous guide, but there is a technology but there is also a cultural and collective. Thank you for this conversation. a Guido Mangiagalli, lo ricordiamo, Head of Risk and Identity Solutions Europe di Visa. Grazie per essere stato a The Big Interview. Siamo arrivati alla fine di questa puntata. Vi ricordo di continuare a seguire anche le prossime puntate, i prossimi episodi di questa serie. Qui abbiamo registrato live dalla Bocconi. Un ringraziamento ancora a Guido Mangiagalli e da Gianluca Dotti. Un saluto e alla prossima puntata. Ciao. you
