Guest Q&A: AI-powered Fraud Attacks and Data Security are Key Challenges for SecOps
Responses by Adnan Khan, chief architect and senior director of data analytics and AI platforms at Visa
Tell us about yourself
With over 20 years of experience in data, AI, and enterprise architecture, I currently serve as chief architect and senior director of data analytics and AI platforms at Visa. My focus is on modernizing enterprise architectures and selecting future-proof technologies that enable secure, intelligent, and AI-first systems. A key area of responsibility is supporting agentic AI-driven fraud prevention and risk mitigation initiatives at global scale. Previously, I led the design of Nokia’s next-generation Open Analytics (NOA) framework, a pioneering data mesh-driven platform for telecom-scale data analytics. I completed a MS in CE at the University of Florida and have complemented my academic foundation with advanced AI/ML training on platforms like Coursera. I am passionate about building systems at scale that not only leverage data for business insights but also ensure resilience, governance, and security.
What are three considerations you feel should be top of mind for security teams?
At Visa, we see firsthand how AI-powered fraud attacks are evolving. Leveraging AI, fraudsters are preparing and launching sophisticated phishing and enumeration attacks. Security teams must anticipate these adversarial uses of AI and craft necessary controls to block those attempts.
Second, data security and governance: in payments, every data point can represent risk, and ensuring lineage and provenance across pipelines is critical for accurate fraud scoring.
Third, zero trust by design: with billions of global transactions flowing through hybrid environments, identity-centric controls and least-privilege access must be embedded at every layer to protect both customers and institutions.
Where do you think the challenges are in implementing and monitoring security policies across hybrid/multi-cloud environments?
For global payment networks like Visa, policy fragmentation is a core challenge. Different cloud providers enforce controls differently, creating inconsistent visibility across private/public or public/public cloud environments. This gives rise to visibility gaps, where rapidly scaling workloads are difficult to monitor. Finally, compliance drift often occurs as teams deploy services faster than controls can adapt. The solutions lie in a centralized policy orchestration, standardized security baselines, and cloud-agnostic observability platforms that maintain consistent enforcement across providers.
What kind of security challenges should organizations anticipate when scaling AI use, from test/dev to production?
Scaling AI in fraud prevention and risk scoring introduces unique risks. Model security is critical—an adversarial input could be crafted to bypass fraud detection models. Data leakage poses another risk. If sensitive payment or PII data is exposed in training or inference, trust is immediately compromised. Finally, operational blind spots emerge when dev/test models don’t have the same controls as production, yet they may still contain sensitive data. Addressing this requires secure MLOps pipelines, AI-specific governance, and continuous monitoring of fraud and risk models across environments.
What AI techniques do you see organizations using to improve security efficacy?
Some of the approaches working well for us are:
- Behavioral analytics that establish “normal” spending patterns and flag anomalies in real-time, a cornerstone of Visa’s fraud prevention.
- Generative AI and LLMs for signal correlation—surfacing hidden fraud attack vectors by connecting disparate transaction datasets, presenting security posture holistically.
- Agentic AI to automate incident response—reducing the time from fraud detection to transaction blocking or risk mitigation in seconds rather than hours.
Moving into the future, given the landscape of multi-vector attacks, how do you see security vendors needing to adapt and evolve? Should vendors start partnering or producing consolidated solutions instead?
In a payment ecosystem processing billions of transactions daily, point solutions simply won’t suffice. Vendors will need to consolidate their core capabilities into unified platforms that cover fraud detection, transaction monitoring, and compliance in an integrated way. At the same time, they must embrace open standards and APIs to integrate with complementary best-of-breed solutions. What will win in the future is ecosystem-level collaboration, where vendors provide end-to-end visibility, adaptive AI-driven defenses, and seamless interoperability, similar to how Visa partners globally to secure payments across the financial ecosystem.
More Posts in this Series:
