Essential cybersecurity threat intelligence for payment data
Visa Threat Intelligence delivers exclusive Indicators of Compromise derived from Visa investigations and forensic reports covering breaches in the global payments ecosystem, to provide highly accurate context with low false positives. By integrating the Visa Threat Intelligence API into their existing security infrastructure, merchants can reduce fraud and dramatically cut breach detection times.
Visa Threat Intelligence leverages Visa’s unparalleled visibility into the global payments ecosystem—processing over a hundred billion transactions each year.
The majority of IoC's are unique and not found in other leading threat intelligence tools.2
Using the data, Visa cut their own breach response time in half by providing payment focused cyber intelligence.1
How it works
Visa Threat Intelligence is available as a set of API’s that are compatible with all major cybersecurity hardware, software, and intrusion detection and prevention systems. Supported formats include JSON, CSV, and STIX. Programmatic integration with existing security infrastructure provides accurate and unique IoC’s of known malicious actors—and enables prompt detection of the latest and most sophisticated threats.
Visa Threat Intelligence clients can access the API on the Visa Developer Center.
Q + A
Learn how Visa Threat Intelligence is a unique source of intelligence to protect payment data.
-
Visa Threat Intelligence is an exclusive source of verified merchant breach intelligence delivered to subscribers via the Visa Developer Center API. Visa Threat Intelligence Indicators of Compromise (IoC’s) help organizations determine if they have been the victim of a financially motivated breach and can be instrumental in fortifying cyber defenses to prevent future breaches, in a broader effort to prevent card fraud.
-
Everyone (other than criminals) is looking for ways to reduce payment fraud and the exposure of sensitive payment data. Visa Threat Intelligence provides cybersecurity teams Indicators of Compromise and related intelligence that can effectively help identify a breach in advance of discovering payment data was stolen and used by criminals to commit fraud.
-
When fraud does occur, Visa works with merchants, cybersecurity experts and their investigative teams to collect and analyze evidence left by the hackers and cybercrime organizations:
- Malware used to penetrate networks and steal payment card data
- Network indicators observed over the duration of an attack
- TTP’s (Tactics, Techniques & Procedures) used throughout the attack lifecycle
- Threat actor-specific indicators
- Other artifacts that are critical to cybersecurity threat hunters
The Visa Threat Intelligence team anonymizes the data to protect the victim, organizes it into industry standard formats for customers to ingest into existing infrastructure, and makes it available through the Visa Developer Center API.
-
Visa is uniquely positioned in the payment ecosystem to gather and analyze a broad array of payment threats. In most cases, the IoC’s delivered via the Visa Threat Intelligence API cannot be found in any other source of threat intelligence. We use a variety of threat intelligence today, and find many alerts end up as false positives. Visa Threat Intelligence is meant to focus only on real threats observed in confirmed breaches, thus false positives are rare.
-
Visa IoC’s are only focused on payment related threats and have been gathered from confirmed victims of cybercrime. Therefore, Visa IoC’s produce very few false positives. If you find a ‘hit’ from one of our indicators, there is a very high likelihood that a breach has taken place.
-
Visa IoC’s are provided in a variety of formats including JSON, CSV and STIX 1.0 XML, allowing for seamless integration with any platform supporting industry standards for threat data.
Visa Threat Intelligence has also teamed up with a number of strategic partners to help organizations operationalize Visa Threat Intelligence and get the most use out of the intelligence. See our partner page at www.visathreatintelligence.com for a list of partners.
-
The Visa Threat Intelligence product does not directly address PCI DSS (Payment Card Industry Data Security Standard) controls and is organizationally segmented from the compliance side of Visa. The Visa Threat Intelligence team does not report or disclose threats identified by Visa Threat Intelligence subscribers and the compliance team does not direct Visa Threat Intelligence to report on compliance with any of our customers.
In some cases, using security tools that utilize breach-related indicators of compromise to search (hunt) or monitor for cybercrime may be considered a compensating control for some PCI DSS controls. Only a QSA (Qualified Security Assessor) or PCI auditor can confirm whether this applies to your organization.
-
Visa Threat Intelligence customers use a variety of tools to operationalize IoC data. We recommend incorporating it into your cybersecurity operators and Incident preparedness and/or response workflow to provide teams with powerful threat detection and breach prevention data. Common use cases for Visa Threat Intelligence include:
SIEM Integration: Correlation of IoC’s with log data. Analysts create rules and alerting mechanisms to assist in breach identification, incident response and remediation.
Endpoint Security: Clients utilize the VTI API to configure endpoint monitoring for IoC’s. This allows merchants to run endpoint scans for threat hunting on files and connections found in the VTI feed.
Firewall: IP addresses and domains from the IoC feed which are known to be malicious and unnecessary for daily operations can be blocked/quarantined/monitored at the firewall level to prevent connections and quickly detect malicious activity.
Third Party: Threat Intelligence Platforms & Gateways, Simulated Breach & Penetration testing, Operation Management and Services.
-
Visa Threat Intelligence is updated whenever a new breach is discovered in the payment ecosystem. Historically, we have seen updates as often as several times a day to every two or three days. Factoring in the time it takes to process new incoming intelligence, Visa Threat Intelligence generally updates within 2-3 days of a newly discovered breach.
-
Two options exist for getting the latest threat intelligence from Visa: At any time, subscribers can select a date range in the API query and receive all the intelligence covering that range. All IoC’s have a date element, allowing for targeted IoC selection based on date. Second, Visa Threat Intelligence API has an alert option, which will push the latest IoC’s out to subscribers as soon as new threat data is discovered by Visa. In other words, when Visa learns of a new threat, Visa Threat Intelligence subscribers are instantly informed and can begin protecting their organizations with the very latest intelligence.
-
Indicators of Compromise are just that – indicators that something bad may be happening. The discovery of an indicator requires further investigation to determine the exact nature of the threat and its impact. Our goal is to help customers find and eradicate threats before they become payment data breaches and we fully expect there will be times when Visa Threat Intelligence data helps identify bad things in your environment. We are aware that identifying a threat does not necessarily mean payment data has been compromised.
Partners
Our partners provide to tools to operationalize the power of Visa Threat Intelligence, turning our payment-focused threat data into proactive defense strategies that turn the tables on cyber-criminals.
Speeds threat detection with unified security solutions and operationalized intelligence.
Validate and optimize your defense with simulated attacks.
Accelerate security operations through context, prioritization, and automation.
Protect your payment data with community intelligence.
Threat Intelligence, Analytics, and Orchestration in One Platform.
Synchronize threat data to alert and block at the network perimeter.
Source
1 Source: Visa Payments system risk. breach response time is the average time between initial intrusion and breach discovery by Visa from 2014-2016.
2 Source: Visa. Based on a sample of Visa Threat Intelligence indicators compared to four commercial threat intelligence sources/vendors (2016).