Visa’s 24/7 War Room wins global cybercriminals

Visa runs a global fraud command center as a patch in the Washington suburb, a patch in the heart of the data center’s alleyway, brings global internet traffic.

The numbers the payment giant is working on are enormous. Every year, $15 trillion flows through Visa’s network, accounting for around 15% of the global economy. And bad actors constantly try to suck up some of that money.

Modern con artists differ dramatically in sophistication.

To move on, Visa has invested $12 billion over the past five years, building AI-powered cyber fraud detection capabilities, and we know that criminals are spending heavily.

“We have all of the single threat actors trying to do much faster from fraud and fraud activities to actual corporateized criminal organizations that generate hundreds of millions or millions of dollars each year,” Visa’s Global Head of Fraud Solutions told AFP while touring the company’s security campus.

“These organizations are very structured in how they operate.”

Today, the most resourced crime syndicates focus on fraud that directly target consumers, seducing them to buy or trade by manipulating emotions.

“Consumers are continuously vulnerable. They can be exploited, so we’ve recently found that the incidence of attacks is much higher,” Jabara said.

Fraud Center

The warning sign is clear. What you think is better online than true is questionable, and opportunities for romance with strangers from faraway countries are particularly dangerous.

“What you don’t notice is that the person you’re chatting with is likely not in places like Myanmar,” Jabara warned.

He said human trafficking victims are being forced to work at a multi-billion dollar cyber fraud centre built by Asian criminal networks in Myanmar’s lawless border regions.

The latest fraud techniques are systematic and quietly devastating.

Once the criminal gets your card information, they automatically distribute it to numerous merchant websites that generate small repetitive fees.

Some of these businesses are increasingly similar to legitimate high-tech companies that provide services and digital products to scammers like Google and Microsoft companies.

On the dark web, criminals can purchase a comprehensive fraud toolkit.

“You can buy software. You can buy tutorials on how to use the software. You can access a mule network on the ground or a bot network to run a denial of service attack that overwhelms your servers with traffic and shut it down effectively.

Just as cloud computing lowered the barriers to startups by eliminating the need to build servers, “the same type of trend has happened in the cybercrime and fraud sectors,” Jabala explained.

These ready-made services also allow bad actors to launch brute force attacks on an industrial scale. This uses repeated payment attempts to crack card number, expiration date and security code.

Sophistication extends to corporate style management, Jabara said.

Currently, some criminal organizations employ top risk officers who will determine operational risk appetites.

They may find it too dangerous to pursue by targeting government infrastructure and hospitals to attract excessive attention from law enforcement.

“Millions of Attacks”

To combat these unprecedented threats, Jabala leads a payment fraud destruction team focused on understanding criminal methodologies.

From a small room called the Virginia Risk Operations Center, employees analyze multiple on-screen data streams and search for patterns that distinguish between unauthorized activity and legitimate credit card usage.

At large cyber fusion centres, staff monitor potential cyber attacks targeting the visa’s own infrastructure.

“We deal with millions of attacks in different parts of the network,” Jabara pointed out, emphasizing that most are automatically processed without human intervention.

Visa maintains the same facilities in London and Singapore, ensuring 24-hour global vigilance.

©2025 AFP