Cyber Threat Hunting

Search for malicious activity inside payment systems and networks using the latest threats to the payment ecosystem.

Visa Threat Intelligence helps cyber threat hunters detect activity from adversaries targeting payment data. It provides high quality Indicators of Compromise (IoCs) along with contextual information to help cyber security operations protect their own systems from attack by recognizing the characteristics of threat actors who continually target the payments ecosystem. 

Available for use by

Issuer Banks
Acquirer Banks

Regional Availability

North America

Cyber threat hunting

Hunt for payment threats

Cyber threat hunting is a process where a security operations team searches through networks to detect threats and threat actors that have evaded existing security protections. With the knowledge of how threat actors operate, the tools and tactics they use, how they maintain access to victim networks, threat hunters can look for matching patterns in activity on their networks and attempt to isolate activity similar to that of known adversaries. Ultimately, their goal is to identify advanced threats and disrupt their activities before damage can be done. 


Refer to Visa Threat Intelligence for more details.

Threat hunting scenario

Mary works in the Security Operations Center at a large retailer. Her job is to collect and analyze intelligence about cybercriminal activity that poses a risk to her organization. Using cyber intelligence, she scans and performs data analysis to look for patterns of activity in logs, network communications and critical systems that appear similar to what she has learned about how various cybercriminals operate.


When Mary identifies a suspicious communications channel on her network, she investigates further and discovers an unauthorized remote access tool used by an advanced cybercriminal seen commonly in retail breaches. She has found an intrusion into her company‚Äôs network that all other security processes and systems failed to detect and begins to take steps to eradicate the threat from her network. 

Scan and Perform Data Analysis

Scan and Perform Data Analysis

Using cyber intelligence Mary scans and performs data analysis to look for threats.

Identify a Possible Threat

Identify a Possible Threat

She identifies a possible threat and investigates further, finding a breach.

Eradicate Threat

Eradicate Threat

She spots an intrusion to her company network that other security measures missed and begins to take steps to rid her network of the threat.

Key Benefits

Descriptive image text here

Targeted threat intelligence for payment threats

Few things are more valuable to a security operations team than the detailed knowledge of how an attack against their point-of-sale network would appear. Monitoring systems for signs of attack, however, is only as effective as the signs being watched. The most effective ones are vetted, verified and updated as soon as the threats change.

Descriptive image text here

Detect and prevent payment data breaches

Our goal is to keep customers more secure by detecting breaches earlier (or preventing breaches altogether), minimizing fraud, and reducing the cost associated with remediation and clean-up. Because of our role in the payments ecosystem, Visa learns about breaches affecting the ecosystem much earlier than many others. As a Visa Threat Intelligence client, your organization can now tap into critical insights Visa has on payment threat adversaries, tactics and breaches. Armed with the knowledge of who, what, and how payment data is under attack, organizations can better prepare to detect breaches and limit the damage or prevent them altogether.

APIs Used

Visa Threat Intelligence Inquiry API

This API allows applications to download IoCs based on parameters of Date, Victim Type and Indicator Type.

Learn more about Visa Threat Intelligence

Ready to start a project with these APIs?