At Visa USA Inc., its technology that ensures you can use a Visa credit card “everywhere you want to be.” Every year, Visa invests two-thirds of its IT budget in existing systems, with the remainder dedicated mostly to new IT initiatives to help retain its lead over archrival MasterCard International Inc.
With the holiday season coming up, Visa USA is preparing for a 2003 peak processing rate of an estimated 5,200 transactions per second, with more than 100 million estimated transactions on its busiest processing day. To handle such a load, the company has deployed a combination of Web services and security technologies, all of which will be augmented in the future with grid computing.
Leading Visas IT initiatives is Scott Thompson, executive vice president of the companys technology group, Inovant.
Twice a year, Visa implements new technology and enhancements to its network. One biannual release requires approximately 90,000 hours of labor and includes an average of 25 to 30 projects, according to Thompson.
The most recent project, Resolve Online, will enable banks to resolve chargebacks over the Internet, something Thompson said will dramatically improve and accelerate the dispute-resolution cycle. Resolve Online has the potential to affect the more than 21,000 member bank customers, 396 million cardholders and millions of merchants in the United States that rely on Visas payment systems.
Thompson recently sat down with eWEEK Labs Senior Writer Anne Chen at Visas headquarters in Foster City, Calif., to discuss the potential of utility computing, the priority on data security and what IT plans to do to help ensure that Visa remains the worlds largest payments processor.
Your top rival, MasterCard, claims 65 percent of revenues are derived from IT-generated initiatives. How does that compare with your IT initiatives at Visa?
I couldnt really tell you that answer. We support the global operations of Visa. At the end of the day, the way to think about technology at Visa is by thinking of that brand promise we have: “Be everywhere you want to be.” That is essentially our promise that you can go almost anywhere you want to go to use that card to transact your business, and our payment system will be there to make it work. In the context of technology and the business, technology is center stage. It is the highest priority along with the acceptance priority, which is really the brand of Visa globally.
What are some of the challenges you face, and what IT initiatives are you are focusing on to meet those challenges?
One of the things that is always in motion is reinvestment in our core systems. We process so many transactions from so many areas in the world, so its always first in our minds to reinvest in our systems to ensure reliability, responsiveness to merchants and banks, and responsive transaction times. We also focus on keeping the global payment system up with continuing investments to meet the scale of our business, which really dwarfs everyone else out there in the global payment business.
One big initiative we have under way is to expand the utility of our operations networks. As a transaction hits our network, wed like to provide more value-add: more fraud analytics, more utility in terms of who the cardholder is to potentially provide awards recognition so that things can begin to come to life at point of sale for merchants around the world.
This is where you get to the competing part of the business and the IT strategy. We need to be able to grow [the system] so that its able to keep the scale that were used to in place and operational, keep the round trip so the latency is as low as we can optimize it to be. As you add utility and new functions, that puts more burden on the course of the round trip of the transaction. The real science is building to scale, building to be lightning-fast, while adding additional functions. On the operations side, thats our big challenge.
In our clearing and settlements system, there is an enormous scale challenge. If youre authorizing the transactions, youre eventually going to have to clear and settle them. But theres a lot of additional data that now flows in many of the transactions clearing. We have to make our systems flexible enough and make it easy enough for a bank to use because they have their own systems and do all of this in a short period of time. Over the course of an evening, well clear and settle 125 million items and have to do all of that, and deliver the files globally, in a 9-hour period of time. Theres always that constant rub in function and utility while delivering scale.
At Visa, Web services isnt a new concept. What Web services-related work are you doing now?
We didnt do all that work with the standards that are emerging, but, yes, Web services has been our business using private networks and the Internet for years. While developing standards will be important for us and will really cut down the one-to-one connections weve made over time, we look at this as the natural evolution of our business rather than the next great thing.
Our big thrust right now is on the XML side, particularly for clearing and settlement. We have a custom XML overlay for clearing, which is VML [Visa Markup Language].
We are looking at all the other Web services standards and seeing where it makes sense to use them. You dont want to adopt a standard that forces you to invest again in something that is already working.
What percentage of your budget is dedicated to new initiatives, and what percentage is devoted to keeping your systems operational?
One-third of our continuing budget spend goes to new projects, and two-thirds goes to sustaining engineering, focusing on reliability and scale. Thats been the percentage breakdown now for the last two or three years, and, if anything, looking at 2004 and 2005, the trend line is a higher percent of overall budget on new projects and a decreasing amount on sustaining activity.
How fast is transaction volume growing?
Over the last several months, weve seen significant pickup in transactions in the American marketplace. Were about 15 to 16 percent higher in terms of transactions from a year ago this time.
As we hit peak season, well expect year-on-year to be even higher than the 15 percent you see today. Business is growing very rapidly, which I see as an encouraging sign for the economy.
How will grid computing change the way Visa is able to respond to volume growth?
We build ahead of the demand because we have to. During the course of the day, we run at very high volumes. But during the holidays, those transaction volumes are growing rapidly, and those peaks are what you build for.
Unfortunately, you also pay for those peaks when you have idle capacity.
We are very interested in the concept of utility computing being pitched by IBM and others because it provides us tremendous opportunity to “pay by the drink.” It has certainly revolutionized the way technology is bought, deployed and delivered, and if its ever delivered the way its been described, it will certainly be very cost-effective for a business with our model.
Its still strategy and vision now, though, so well see.
How do you plan to handle the California Database Breach Security Notification law [SB 1386]? If you choose to encrypt your databases, how will you continue to maintain performance related to transaction processing?
When you think about Visa, you have to be clear regarding what we have and what we dont have. While we have your account number and information on the transactions you are making, we have no idea who you are. We have no ability to tie any of that information back to you.
Beyond that, the data warehouse infrastructure we have for storing information is enormous because it handles all the transactions we process. Historically, and this is true even today, our security over our systems has been really fortified around the edge of the network. And that includes security inside our organization. We have very tight security, and we continue to invest a terrific amount of money around the edge of the network to make sure were best in class as it relates to our security. This will always be our challenge.
Regarding the law itself, we are still looking at how we plan to proceed. Any data that goes outside of our organization, essentially anything that involves cardholder transactions, is encrypted. We encrypt the data if its leaving our facilities, even temporarily, from facility to facility. We are currently looking at our actions for encrypting certain data we store inside our organization. We want to extend the security model we have, to take care of that.
The challenge youre talking about, for us at least, is taking on a 100-terabyte data warehouse. The idea that youre going to encrypt that data and then try to use it for something is counterintuitive. But there are smart people everywhere that are trying to solve this type of problem for us. To store data and make it unusable is absolutely counterproductive. We just cannot do that.