Welcome

How mature is your organization’s security strategy for navigating the evolving payments landscape?

Customers are demanding new and more innovative ways to pay for goods and services. From mobile wallet payments to digital currency payments, the modern payments landscape has drastically evolved past simply cards and cash. To keep up with customers’ growing demands, firms globally are investing in technologies to embrace these new and emerging ways to pay.

How mature is your payments security strategy? Take our short self-assessment to find out.

The assessment will yield customized results and recommendations based on your responses and should take no more than 5 minutes to complete.

Questions

1. How well do the following statements describe your organization?

Empowering customers

Doesn't describe my organization at all (1)

Neutral (3)

Describes my organization completely (5)

Don't know/does not apply to our industry

We consider authentication, fraud management, and customer experience holistically to deliver a payment journey that meets the customer’s preferences

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

We supply our consumers with the right payment risk tools and features throughout their payment journeys (from acquisition to usage to account management to data analytics)

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

We actively build consumer trust in our payment capabilities through our products, our marketing, and our policies

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

1 of 10

Questions

2. How well do the following statements describe your organization?

Technology & People Investments

Doesn't describe my organization at all (1)

Neutral (3)

Describes my organization completely (5)

Don't know/does not apply to our industry

We regularly invest in new technology capabilities that enable us to build next-generation fraud management solutions and keep pace with the evolving landscape

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

We leverage advanced analytical techniques (e.g., neural networks) and multiple sources of data (e.g., geolocation) to enhance our fraud detection capabilities and protect our infrastructure from cybercrime

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

We actively employ security experts whose full-time jobs are protecting our consumers and securing our infrastructure

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

2 of 10

Questions

3. How well do the following statements describe your organization?

Governance

Doesn't describe my organization at all (1)

Neutral (3)

Describes my organization completely (5)

Don't know/does not apply to our industry

We have a dedicated organization that ensures our risk and fraud personnel are educated on the latest industry trends and protocols

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

We leverage industry standards and bodies to innovate securely at scale

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

We have a documented, repeatable process for vetting any enhancement, policy change, or product rollout that could impact customer security

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

3 of 10

Questions

4. How well do the following statements describe your organization?

Strategy

Doesn't describe my organization at all (1)

Neutral (3)

Describes my organization completely (5)

Don't know/does not apply to our industry

We have made strategic investments and allocated resources to ensure that we are at the forefront of security innovation

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

We consistently contribute ideas and learnings with industry partners to ensure that we are collectively protecting our consumers’ payments journeys

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

We have a well-defined security roadmap that assesses our existing capabilities against emerging risk trends and provides a defined path for addressing any identified gaps

Doesn't describe my organization at all (1)

Neutral

Describes my organization completely (5)

Don't know/does not apply to our industry

4 of 10

Questions

5. Please indicate your level of agreement with the following statements.

Strongly disagree

Disagree

Neither disagree nor agree

Agree

Strongly agree

Don't know/does not apply to our industry

We have been investing in hiring new talent with specialized fraud/security skills

Strongly disagree

Disagree

Neither disagree nor agree

Agree

Strongly agree

Don't know/does not apply to our industry

We have a well-defined process for onboarding new payment technologies

Strongly disagree

Disagree

Neither disagree nor agree

Agree

Strongly agree

Don't know/does not apply to our industry

We have been investing in new tools to manage our payment technologies

Strongly disagree

Disagree

Neither disagree nor agree

Agree

Strongly agree

Don't know/does not apply to our industry

We have a dedicated team to manage payment security

Strongly disagree

Disagree

Neither disagree nor agree

Agree

Strongly agree

Don't know/does not apply to our industry

New payment technologies make us more susceptible to fraud

Strongly disagree

Disagree

Neither disagree nor agree

Agree

Strongly agree

Don't know/does not apply to our industry

The benefits of new payment technologies outweigh the risks

Strongly disagree

Disagree

Neither disagree nor agree

Agree

Strongly agree

Don't know/does not apply to our industry

5 of 10

Questions

6. Which of the following security challenges do you expect to have the greatest financial impact on your business in the future? (Rank top five.)

Social engineering and account takeover (ATO)

12345

Increasing regulatory intervention

12345

AI/ML being leveraged by criminals

12345

Digital commerce becoming a bigger target for fraud

12345

First-party disputes (genuine transactions disputed by the cardholder)

12345

Increasing application fraud

12345

Nation state-backed cyberattacks

12345

Legacy systems more vulnerable to criminal attacks

12345

Lack of risk controls for push payments

12345

Fraud shifting outside of payments (e.g., fraudulent advertising schemes, ransomware)

12345

Attacks on technical infrastructure and data manipulation

12345

Unfair merchant contracts (e.g., deceptive terms)

12345

6 of 10

Questions

7. What is the approximate timeline for when you expect these challenges to have a financial impact on your business?

Within 3 years

Within 3 to 7 years

7+ years from now

Don't know

RANK 2 FROM Q6

Within 3 years

Within 3 to 7 years

7+ years from now

Don't know

RANK 2 FROM Q6

Within 3 years

Within 3 to 7 years

7+ years from now

Don't know

RANK 3 FROM Q6

Within 3 years

Within 3 to 7 years

7+ years from now

Don't know

RANK 4 FROM Q6

Within 3 years

Within 3 to 7 years

7+ years from now

Don't know

RANK 5 FROM Q6

Within 3 years

Within 3 to 7 years

7+ years from now

Don't know

7 of 10

Questions

8. Which of the following capabilities, if any, does your company utilize currently to support payment risk management? (Select all that apply.)

Biometrics

Behavioral analytics

Risk-based authentication (e.g., 3D secure)

Account takeover solutions

Usernames and passwords

Tokenization

Enhanced data sources (e.g., connected device data)

Sophisticated risk scoring and modeling

AI/ML-powered risk solutions

Automated chargeback management capability

None of the above

Other (please specify)

8 of 10

Questions

9. What emerging payment technology is your company most concerned about?

Company-branded eCommerce app

Invisible payments

IoT payments (e.g., purchases through a connected fridge, connected car, wearable)

Digital currency payments

Mobile wallets, eWallets

Payments through mobile network operators (i.e., the payment will appear on your cell phone bill)

Peer-to-peer payments

Push payments

QR code-based payments

Social payments (i.e., payments made through social media platforms, including chatbot payments)

VR/AR-enabled payments (e.g., making payments in a virtual or augmented reality experience)

Company-branded eCommerce app

Invisible payments

IoT payments (e.g., purchases through a connected fridge, connected car, wearable)

Digital currency payments

Mobile wallets, eWallets

Payments through mobile network operators (i.e., the payment will appear on your cell phone bill)

Peer-to-peer payments

Push payments

QR code-based payments

Social payments (i.e., payments made through social media platforms, including chatbot payments)

VR/AR-enabled payments (e.g., making payments in a virtual or augmented reality experience)

9 of 10

Questions

10. Which of the following KPIs does your organization measure risk management success against? (Select all that apply.)

Cost of poor quality (COPQ)

Customer retention

Customer satisfaction score/Net Promoter Score

Fraud detection rate

Fraud remediation time

Internal audit scores

Number of fraud incidents

Transaction authorization rate

None of the above

Other (please specify)

10 of 10

Chart Placeholder

Results Overview

Managing payment fraud holistically is not just a nice-to-have, but it is imperative in reducing customer friction, while maintaining/improving fraud management efficiency and investigation costs.

We focused on four primary factors regarding respondents’ approach to risk/fraud management:

Strategy: Does your organization have a clear payment security strategy?
Customer focus: How customer-focused is your company's risk/fraud strategy?
Skills and technology: Is your organization investing in the right skills and technology?
Governance: Does your organization have a strong governance practice?

Where is your firm today, and what can you do to maximize your payment fraud investments in the future? Continue to see your personal results and recommendations.

Results

Your maturity result: Beginner

Chart Placeholder

Beginner

Your score means your payment fraud maturity is only at the beginning stage.

Your fraud management investments are in their early stages.
You are not investing in payment fraud management holistically; you are focused on individual components, but not the big picture.
Data is siloed and not empowering future product development.

Recommendations

Integrate fraud management systems to offer a single pane of view to fraud investigators.
Implement a bimonthly governance meeting for fraud management to work on process, people, and technology aspects.
Champion a dedicated fraud management function.
Consolidate data attributes from as many of your payments systems as possible, and create a single schema or at least view of payment and transaction data.
Implement automated transaction monitoring and fraud screening for your payment channels.
Create a review process that reviews the effectiveness of all risk controls on a yearly basis at a minimum.

Results

Your maturity result: Intermediate

Chart Placeholder

Intermediate

Your score means your payment fraud management maturity has advanced to the intermediate stage.

You have a defined process for payment fraud management investment but are not necessarily holistically incorporating your organization into its strategy.
You are exploring payment fraud management with a methodical approach and expanding its impact in your organization.

Recommendations

Treat payment fraud management as a cycle and continuing improvement process and not as a single, standalone project.
Focus on what threats are prevalent, and stay current on the tools and practices to mitigate those risks that are common or unique to your business to stay on top of evolving fraud patterns.
Expand automated fraud screening and risk scoring starting with the most risk-related transaction or customers.
Adopt more secure technologies such as biometrics or behavioral biometrics to aid in fraud detection and risk scoring.
Use tokenization to protect cardholder data.
Build peer groups and individual transaction-related user profiles, and treat every transaction in that context.
Use cross-channel approaches for payment fraud management and look at multiple channels (in-person, card, peer-to-peer, etc.).

Results

Your maturity result: Advanced

Chart Placeholder

Advanced

Congratulations, your score means that your payment fraud management strategy is advanced!

You use payment fraud management to propel your business forward, advancing your business model and continuously evolving your strategy.
You are approaching payment fraud management holistically, with tools, technology, and teams.
Payment fraud management initiatives are pervasive throughout your organization.

Recommendations

Use IP, device information, biometrics, behavioral biometrics, and geolocation in payment transaction risk scoring.
Focus on unsupervised machine learning decisioning explainability to ensure that risk scores are explainable to auditors and customers.
Treat your customers’ information on an entity basis and using artificial intelligence and machine learning technologies to 1) reduce investigation workload and 2) improve the customer experience by optimizing authorization and fraud rates.
Deploy versatile and flexible passwordless, risk-based, and two-factor authentication methods (including biometrics and behavioral biometrics) to guard against ATO and other types of emerging online fraud.
Develop and implement a 3 Lines of Defense (3LoD) model to proactively identify and mitigate risks across the organization.

View your detailed results

Fill in your details below to receive your detailed report.

First Name *

Last Name *

Work Email Address *

Your Company *

Business

Industry *

Phone Number *

Country

Just type 'blue', without quotes

By checking this box, you agree to receive marketing emails from Visa. You can unsubscribe at any time. For more information on how Visa collects and protects your personally identifying data, please review our Privacy Policy.

COOKIE ACCEPTANCE IS REQUIRED TO DOWNLOAD DETAILED RESULTS

Next steps

Download your results

Ready to get started?

To learn more, please visit visa.com/security.

Methodology, Disclaimers and Disclosures

Methodology

In the initial study, Forrester surveyed 566 professionals across North America, Latin America, Western Europe, Central Europe/Middle East/Africa (CEMEA), and Asia Pacific. Survey participants included decision makers in fintech, retail banking, and payments merchants. Respondents were offered a small incentive as a thank you for time spent on the survey. The study was completed in March 2019. Your self-assessment responses will be compared to the results of the overall study to determine your relative maturity level.

Disclaimers

Although great care has been taken to ensure the accuracy and completeness of this assessment, Visa and Forrester are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein.

Disclosures

This interactive tool is commissioned by Visa and delivered by Forrester Consulting.

Required Inputs

Please enter an answer for all of the fields on this screen before continuing to the next.

Choose your country