Visa strengthens AI defences amid new era of cyber threats
Tue, 30th Jun 2026 (Today)
As artificial intelligence rapidly transforms the global technology landscape, payment network giant Visa is expanding its investment in AI-powered security, risk management and operational tools while navigating an increasingly complex regulatory environment.
The rise of advanced AI systems is fundamentally changing how financial institutions manage risk, respond to cyber threats and maintain trust in a digital economy where attacks can emerge and evolve faster than ever before.
Visa has invested approximately $13 billion in AI technology and innovation over the past five years and currently operates more than 300 AI models across areas including fraud prevention, cybersecurity and operational management.
Over 100 internal AI-powered applications have been developed, with more than 2500 Visa engineers focused on AI initiatives.
As AI adoption accelerates, new legal and regulatory challenges naturally arise.
The conversation around AI has moved beyond whether organisations should adopt the technology, toward how it can be deployed safely, transparently and at global scale, according to Paul Fabara, Chief Risk and Client Services Officer at Visa.
"The regulatory question is no longer whether AI can be deployed, but whether it can be deployed in a way that is safe, explainable, audit-ready, and resilient at global scale," Fabara said.
Regulatory pressures around AI
One of the most significant challenges facing financial institutions is the way AI compresses the lifecycle of cyber risk. Vulnerabilities that previously took weeks or months to identify and exploit can now be discovered and weaponised within hours.
This acceleration is forcing companies to rethink traditional governance models, which have often relied on periodic reviews and assessments. Regulators increasingly expect continuous monitoring, real-time controls and auditable decision-making processes.
The emergence of agentic AI systems - technologies capable of autonomous reasoning and action - has introduced additional complexity. While such systems promise greater efficiency and automation, they also raise questions around accountability and decision authority.
For payment providers operating in heavily regulated environments, the challenge lies in balancing innovation with predictability. Financial institutions must ensure that critical decisions remain governed by clear policies, defined thresholds and human oversight, even when AI systems are involved.
Regulators are now paying closer attention to third-party and systemic risk. As AI capabilities become embedded across interconnected ecosystems, organisations are increasingly expected to ensure that vendors and external partners maintain security and governance standards equivalent to their own.
The dual-use nature of AI presents another challenge. The same technologies that can help defenders identify threats more quickly, can also enable attackers to automate reconnaissance, vulnerability discovery and fraud attempts.
As a result, regulators worldwide are placing greater emphasis on responsible deployment, controlled access to advanced models and safeguards that align with the capabilities and risks of the underlying technology.
Cybersecurity enters continuous defence era
Visa's cybersecurity strategy reflects the changing threat environment.
AI is dramatically increasing the speed at which cyber threats evolve, making rapid response as important as threat detection itself. Instead of relying on periodic security reviews, Visa has shifted toward a continuous security model that prioritises real-time scanning, assessment and remediation of vulnerabilities.
The organisation is also using AI defensively to identify potential risks earlier. However, AI-generated findings remain subject to human validation and established risk-management procedures before action is taken.
The focus on response speed has become particularly important as attackers increasingly combine multiple vulnerabilities across interconnected systems. In payment ecosystems, where institutions, merchants, technology providers and consumers are tightly linked, isolated weaknesses can have broader consequences.
To mitigate those risks, Visa continues to invest in automation, risk-based prioritisation and zero-trust security architecture. Its defence-in-depth approach is designed to maintain resilience even when previously unknown vulnerabilities emerge.
The strategy reflects a broader industry shift toward cyber resilience, where organisations assume threats will penetrate some layers of defence and instead focus on limiting impact, accelerating recovery and maintaining service continuity.
Building trust through AI and scale
Trust remains a central concern for payment providers, particularly as fraud techniques become more sophisticated and increasingly AI-enabled.
Visa attributes its customer trust and safety record to a combination of AI-driven risk management, network-wide visibility and extensive collaboration with financial institutions, merchants and technology partners.
By monitoring transactions across its global payments network, the company can identify fraud patterns and emerging threats at a scale that individual institutions may struggle to achieve independently.
One of the most prominent examples of this approach is Visa's Scam Disruption Initiative, which combines analytics, intelligence gathering and industry partnerships to identify and dismantle fraud operations before they reach consumers.
The program recently helped uncover a coordinated network of fraudulent eCommerce websites operating across APAC.
It involved more than 500 scam sites impersonating legitimate brands through increasingly sophisticated tactics, including AI-generated websites and highly targeted digital advertising campaigns.
Working with regional partners, the company identified approximately $25 million in potential fraud exposure and helped disrupt the network before additional consumers were affected.
The case highlights how fraud prevention is increasingly moving beyond transaction monitoring toward proactive disruption of criminal infrastructure.
Preparing for the quantum era
While AI dominates current security discussions, Visa is also preparing for longer-term technological shifts, including the eventual arrival of practical quantum computing.
The company expects post-quantum cryptography (PQC) to become an increasingly important component of payment security over the next three to five years.
Initially, quantum-resistant technologies are expected to be implemented primarily at the infrastructure level, securing communications, authentication systems and cryptographic key exchanges rather than introducing visible changes for consumers.
Visa is anticipating that organisations will adopt hybrid approaches, combining traditional cryptographic methods with quantum-resistant algorithms during the transition period.
A major concern driving this effort is the harvest now, decrypt later threat model, in which encrypted data captured today could potentially be decrypted in the future once sufficiently powerful quantum systems become available.
A successful transition will require close cooperation among financial institutions, technology providers and regulators to ensure interoperability and minimise disruption across the broader payments ecosystem.
Trust as a competitive advantage
The future of payments security is ultimately tied to trust.
Cybersecurity is no longer simply about protecting systems and networks but about safeguarding confidence across a global digital economy. As AI accelerates both attack capabilities and defensive technologies, maintaining that trust will depend on organisations' ability to adapt quickly while preserving transparency and accountability.
Visa's strategy combines AI-driven innovation with governance controls, human oversight and collaborative security practices.
For an industry facing concurrent paradigm shifts in artificial intelligence, cyber threats and cryptographic security, that challenge is likely to define the next era of digital payments.