Visa: DOJ Targets Company’s Security, Tokenization Tactics in Ongoing Antitrust Probe

Published on Sep 13, 2021

DOJ’s antitrust division is probing whether Visa (V) is pushing anti-fraud tools that help the company maintain its dominance in the online debit marketplace, sources familiar with the investigation said.

Online shopping fraud has steadily climbed in recent years with losses on debit and cash cards running more than 50% higher than a decade ago, the Federal Reserve has found. Visa has advocated several tools to combat the problem.

But Visa’s anti-fraud efforts often allow the company to steer debit transactions towards its own debit processing network and away from about a dozen alternatives that offer lower costs, according to industry sources.

“Visa can boast about its security and even disparage competitors,” said one industry lawyer who recently spoke to DOJ. “But that doesn’t give Visa the right to decide how a merchant will route a transaction. That’s what Visa is doing. DOJ can see that’s a problem.”

Department attorneys are examining whether Visa—alongside large banks that issue Visa cards—exaggerate security concerns about rival debit networks in order to box them out and keep them from reaching merchants, said the sources.

DOJ lawyers are said to be particularly interested in Visa’s role in promoting a payment advance known as “tokenization” that forms the backbone of Apple’s (AAPL) Apple Pay product.

Tokenization converts a customer’s card data into a numerical identifier, or “token,” that would be worthless if intercepted by fraudsters. Token technology allows customers to complete transactions by waving their phone at checkout and increasingly to make online purchases.

In 2014, Visa inked a deal with Apple to facilitate token payments on iPhones, Apple Watch and other offerings of the Apple Pay function. The deal gives Apple at least 15 basis point on every purchase made with Apple Pay and includes other terms that favor Visa and Mastercard (MA), according to press reports.

Security partnerships aren’t the only target of DOJ’s probe: department lawyers are also examining other Visa agreements with large banks might help the company cement its dominance in the debit card market, The Capitol Forum has reported.

Apple and Visa spokespeople didn’t respond to requests for comment. DOJ declined comment.

The Federal Reserve has its own powers to police the payments industry and DOJ isn’t likely to finish its investigation until the Fed finishes writing a rule that could force banks to partner with more debit card networks in online sales, sources said. The Fed rule-writing work could stretch through the end of the year.

The Federal Trade Commission is also investigating Visa’s debit policies.

Security claims. Most U.S. debit cards are branded Visa, but merchants are supposed to have the final say on whether Visa’s or a rival payment network will handle a transaction. Under the Durbin Amendment, merchants must be given at least two choices of network to ‘route’ a transaction.

Some banks haven’t been abiding by the Durbin Amendment online and the Fed’s proposed rule would force banks to make space for Visa’s competitors in e-commerce.

According to Visa, rival debit networks cannot be trusted.

A bank should be allowed to block a debit card network if the bank “has good faith concerns about…fraud prevention or security capabilities,” Visa wrote the Fed in July. The Visa letter doesn’t offer evidence that other debit networks are more susceptible to fraud, but describes some rival networks as “new and unproven.”

Fed data, though, indicates that Visa’s debit card system is the more susceptible to fraud.

Visa debit transactions are commonly routed over a system known as “dual-message” because it takes a pair of messages to first authorize and then clear a purchase. Visa’s debit payment rivals favor a system that settles in a “single-message.”

Fraud losses are more than ten times higher in dual-message debit than they are in single-message debit, according to recent Fed data.

Retailers have warned that Visa could endorse or discredit new card authentication systems—like advances in tokens or new biometric—to push more online transactions into its payments network.

Online shoppers don’t actually hand their debit card to merchants but only enter personal details in sales known as “card not present” (CNP). The payment industry broadly agrees that CNP transactions require more anti-fraud and card-verification checks.

But Visa could insist on ever-evolving security protocols that it controls to “destroy merchant routing choice,” the National Retail Federation wrote the Fed in August.