Visa said that the $2 billion cash deal announced Wednesday is part of a strategic effort to expand its security efforts. Antifraud capabilities at retail locations have improved dramatically in recent years, and Visa wants to focus more attention on the Internet and especially on mobile phones.
"Mobile is clearly a growing and important channel for us," Gerry Sweeney, Visa's head of global e-commerce and authentication, said in an interview Wednesday.
CyberSource, of Mountain View, Calif., is a major player in e-commerce. It has more than 295,000 merchant clients and says it handles about a quarter of all U.S. online transactions.
However, Visa specifically mentioned CyberSource's mobile operations as an appealing asset, and stressed that mobile commerce is a separate channel from traditional online sales.
Joseph W. Saunders, the San Francisco company's chairman and chief executive, said in a press release that "as e-commerce increasingly migrates to mobile devices, we believe the combination of Visa and CyberSource technology and services will position Visa to lead in mobile e-commerce."
CyberSource is also well known for its security technology, and Sweeney said the acquisition will play an important role in Visa's evolving antifraud efforts for online transactions.
Visa and CyberSource have worked together since 1999, and the landscape for payments and risk has changed significantly since then.
In 2006, in a signal that the Web had gone mainstream, Visa changed the way it categorizes merchants under the Payment Card Industry data security standard.
Under its new definitions, being an online merchant was no longer in and of itself considered a significant risk factor. Since then, many retailers have taken pains to safeguard the point of sale, Sweeney said.
Visa's action in 2006 "was very reflective of the 2006 environment," Sweeney said. "In 2006, we were seeing much more of a trend around fraudsters attacking the physical card-present merchants."
But that changed in recent years, largely because merchants have fought back, he said.
"Over the course of the last four to five years, we have seen tremendous progress in physical merchants actually shoring up their systems," Sweeney said. "When you shore up one part of the payment chain, the fraud will migrate to another part," including the Web and the mobile phone.
Sweeney emphasized that using phones to make payments is not inherently risky — "I would not characterize mobile as less secure today" — but said that Visa wants to stay ahead of the curve as more consumers use mobile devices to manage, move and spend their money.
Though mobile banking and commerce in the United States is still in its infancy, phones are already coming under attack from hackers who have figured out how to harvest the increasingly sensitive information stored on smart phones.
Observers say that as banks continue to push the idea that phones can be used as mobile wallets, the channel will attract the attention of more determined hackers, and the defenses in place today may not be enough.
Avivah Litan, a vice president and distinguished analyst at Gartner Inc. in Stamford, Conn., said "nobody's figured out how to solve mobile fraud yet, because there's not a lot of it."
But that will eventually change, she said, and the CyberSource deal signals that the payments company is aware of its shortcomings and is working to address them.
