How Visa places big bets on AI and gen AI to secure 639 million daily transactions

By John KellContributing Writer and author of CIO Intelligence
John KellContributing Writer and author of CIO Intelligence

    John Kell is a contributing writer for Fortune and author of Fortune’s CIO Intelligence newsletter.

    Rajat Taneja
    Rajat Taneja is president of technology for Visa.

    Rajat Taneja has a delicate balancing act in his role as president of technology at Visa.

    He is responsible for the security and resilience of 639 million transactions each day, money that moves between more than 150 million merchants and 4.6 billion active Visa cards while keeping pace with fast-evolving technologies like generative artificial intelligence.

    “That infrastructure has to run in a rock solid manner,” says Taneja, who has worked at Visa for more than 11 years, after serving as chief technology officer at video game publisher Electronic Arts and a 15-year career in research and development leadership roles at Microsoft.

    When he initially joined Visa in 2013 as a EVP of technology, the company was beginning to see an evolution from simpler forms of AI to more deep learning, neural networks that can learn from data including images and text.

    Taneja and Visa then spent a few years—and $3.5 billion in total—rebuilding the company’s data platform from scratch, including rebuilding and rearchitecting systems to support more modern technologies like digital and mobile commerce, as well as tokenization, which replaces the 16-digit number found on a card with a digital “token” that Visa says reduces the risk of a data breach. The refreshed data platform also helped position Visa for the generative AI boom.

    Visa’s researchers had been exploring generative AI but it was after the ChatGPT breakthrough in late 2022 that Taneja and his team created rules to protect the company’s data, avoid any copyright infringement, and ensure the models Visa uses are compliant with regulations. The company also gave nearly all its workforce access to a secure, internal version of ChatGPT, and it has licenses with Microsoft Copilot for software developers and the sales team. 

    “We give unfettered access, but with the guardrails and the controls that we built at the beginning,” says Taneja.

    Today, Visa has embedded more than 100 products with AI and generative AI technologies. Fraud prevention is a big area of focus for Visa’s generative AI applications, especially because bad actors are also using generative AI for phishing attacks, helping scammers craft emails, texts, or calls to extract personal banking information from their victims.

    Some newer generative AI tools include Visa Account Attack Intelligence, which uses the technology to identify and score attacks before a merchant is compromised, and Visa Protect for Account to Account Payments, which provides a risk score to assist financial institutions and automatically block bad transactions deemed suspicious. 

    Visa says generative AI, along with other forms of AI like deep learning detection models, has helped it prevent around $40 billion in fraud attempts annually.

    As is the case with fraud prevention, most of Visa’s generative AI applications are behind the scenes, including assisting with cybersecurity and software development. As for some consumer-facing applications of generative AI technologies, Taneja says they are mostly still in development and not yet ready for deployment.

    Taneja, who uses generative AI to craft songs to thank his 12,000-strong team or celebrate his father’s birthday, also aims to inspire excitement about the technology at Visa. A company hackathon he organized saw thousands of participants and more than 2,300 ideas for AI across departments varying from IT to finance to marketing. A second, three-week hackathon is currently underway. He also hosts regular office hours that are free to anyone on his team to demo new ideas, with the only parameter being that they must show him the code.

    Visa works with a wide variety of AI LLMs, including OpenAI, Anthropic’s Claude, Google, and open-source language models from IBM, Meta, and Mistral AI. Taneja says his team aims to match the best large language models for the solutions for software development, building risk models, and agentic workflows to perform workplace tasks autonomously. 

    Taneja says he’s very open minded on the AI providers Visa works with, wanting to avoid vendor lock in. He prioritizes models that he feels are transparent, that put effort into fairness, and that give Visa the control to fine tune the models for the company’s needs. Hallucination rates are also an important factor in how he distinguishes between models.

    “It’s only been two years now,” says Taneja of generative AI’s boom. “It is a toddler in terms of the life cycle of what these models will be.”

    John Kell

    Send thoughts or suggestions to CIO Intelligence here.

    NEWS PACKETS

    Vendors rethink AI pricing strategies as CIOs push back on costs. The Wall Street Journal dives into the pricing structures for AI tools, noting some changes are afoot after chief information officers balked at the lofty pricing for AI features, with many IT leaders saying that the return on investment for generative AI isn’t always clear. A few recent changes to pricing includes Google pivoting from charging $12 per person per month for its Workspace productivity suite, with an additional $20 for access to Gemini AI business tools, to a $14 package with Gemini AI features that are built into Workspace. Microsoft, meanwhile, introduced consumption-based pricing for 365 Copilot Chat to help lower the barrier of entry for new customers. 

    DeepSeek’s ripple effect across the U.S. tech industry continues. After Chinese-based AI company DeepSeek unveiled new models it claims were trained with a fraction of the compute power that AI rivals in the U.S. utilize, the fallout continues to reverberate. Top executives at rivals have been weighing in, with Meta cofounder and CEO Mark Zuckerberg saying DeepSeek’s open-source model only reaffirms Meta’s strategy to make its Llama AI technology open-source; Amazon boasting of its pitch for cloud, which allows customers to access a wide range of AI models, now including DeepSeek’s R1; and OpenAI CEO Sam Altman saying his startup has been “on the wrong side of history” and needs to figure out a different open-source strategy.

    The European Union’s AI Act applies a ban to “unacceptable risks.” This past weekend, the EU’s regulation banning the use of AI systems that are completely prohibited in the region went into effect, including using AI to create facial recognition databases by scraping images online or collecting biometric data in public places for law enforcement’s use, among other activities. For companies that run afoul of any of the AI restrictions in the EU, regardless of where they are headquartered, TechCrunch reports they could be on the hook for up to $36 million in fines, or 7% of their annual revenue from the prior fiscal year, whichever is greater.

    PowerSchool’s cyberattack reportedly due to failure to use multi-factor authentication. The hack of educational software provider PowerSchool, in what is reported to be the largest-ever breach of American children’s personal information, was reportedly due to a community-focused customer portal not supporting multi-factor authentication, according to NBC News. TechCrunch, meanwhile, reports that PowerSchool declined to answer some of the news outlet’s questions about the breach and says that the company won’t say how many schools and individuals were affected. PowerSchool’s filings with state attorneys generals does suggest that millions had their personal information stolen.

    ADOPTION CURVE

    Board and executive interest in gen AI is waning. That may be a good thing. Deloitte’s latest quarterly study of generative AI, based on a survey of 2,773 directors through C-suite-level respondents across 14 countries, found that excitement and expectations for the technology is waning at the board and C-suite level. When asked about their level of interest in generative AI, “high” or “very high” responses dropped by 16 percentage points among board members in the fourth quarter of 2024 from the first quarter, and declined by 15 percentage points for C-suite leaders.

    “Although the shift among business leaders might seem like a step backward for GenAI, it is entirely consistent with the usual life cycle for transformative technologies,” writes the audit and consultancy firm, saying the less sanguine view reflects a better understanding of the rewards and challenges of deploying AI at scale.

    The study also found that more than two-thirds of respondents say that 30% or fewer of their experiments will be fully scaled in the next three to six months, which highlights that big organizational changes can only happen at a measured pace, according to Deloitte.

    Courtesy of Deloitte

    JOBS RADAR

    Hiring:

    - Sound Transit is seeking a CIO, based in Seattle. Posted salary range: $140K-$450K/year.

    - PepsiCo is seeking a CTO director, based in Purchase, New York. Posted salary range: $125.9K-$249.9K/year.

    - Covered California is seeking a CTO, based in Sacramento County, California. Posted salary range: $141.3K-$168.4K/year.

    - Urban Institute is seeking a senior director of infrastructure and security, based in Washington, D.C. Posted salary: $180K/year.

    Hired:

    - Burberry named Charlotte Baldwin to the role of CIO and will join the luxury British brand at the end of March 2025. Baldwin will oversee Burberry’s global technology team, join the company’s executive committee, and report to Burberry CEO Joshua Schulman. She is currently global chief digital and information officer at Costa Coffee and previously held leadership roles at Bupa Insurance, Pearson, and Thomson Reuters.

    - Citizens promoted Paula Guerrero, who served as VP of IT at the financial services firm since 2021, to the role of CIO, effectively immediately. Prior to joining Citizens, Guerrero served as an IT director at healthcare system Baylor, Scott & White Health. She also previously worked at software providers including Accruent, Mitratech, and BMC Software.

    - Roche announced the appointment of Wafaa Mamilli as chief digital technology officer. Previously, the CIO responsibilities were part of a dual role under Chief Financial Officer Alan Hippe, but the Swiss-based pharmaceutical company wanted to split the responsibilities, giving Mamilli oversight of enterprise-wide use of AI. Mamilli joins from Zoetis, where she served as CDTO for China, Brazil, and the precision animal health business.

    - Korn Ferry appointed Michael LoRusso to the role of CIO, joining the management consulting firm to oversee technology strategy, II operations, and cybersecurity. LoRusso previously served as CIO at medical device maker Embecta and worked in various leadership roles at BD, a medical equipment manufacturer. He also served as a SVP at JP Morgan Chase & Co.

    - MoneyGram appointed Luke Tuttle to serve as CTO and oversee product development, engineering, information security, and emerging technologies, including blockchain. Tuttle joins the money transfer company after prior engineering leadership and architect roles at Swedish fintech company Klarna, credit reporting company Experian, and e-commerce retailer eBay.

    - Velo3D named Darren Beckett to the role of CTO, joining the metal 3D printing company to steer the development and implementation of all internal and external technology initiatives. Prior to joining Velo3D, Beckett served as VP of engineering at Woodruff Scientific, CTO at Sigma Additive Solutions, and more than 20 years in various technical and engineering leadership roles at Intel.

    - Pattern appointed Ryan Byrd to serve as CTO of the e-commerce accelerator, which helps brands optimize their sales on marketplaces at retailers like Amazon and Target. Byrd will oversee various functions, including engineering, AI, software development, and data science. Prior to joining Pattern, he served as CTO at environmental services company Aptive and as CTO of software provider Entrata.

    - Cooper’s Hawk Winery & Restaurant named three new senior leadership appointments, including Dave Harris to serve as CTO of the restaurant chain and wine club. Harris joined Cooper’s Hawk from Shake Shack, where he served as CIO. He also held digital and IT leadership roles at consumer goods company Newell Brands and JetBlue Airways.

    - Caliber announced the appointment of Casey Santos as CTO, effective immediately, and will work closely with CIO Ashley Denison to design and deliver tech solutions for the auto repair provider. Most recently, Santos served as CIO of equipment insurance provider Asurion and also served as CTO of private equity firm General Atlantic.

    - Ministry Brands appointed Jamshed Patel to the role of CTO, joining the church software provider after most recently serving as a VP at security provider Alert Enterprise. Patel also previously held leadership roles at ADP and has worked at Workday, Oracle, and Honeywell.

    This is the web version of CIO Intelligence, a weekly newsletter on the tech, trends, and news IT leaders need to know. Sign up for free.