The Gatekeeper: Talking Data Security with Visa CIO Mike Dreyer

In the brave new world of data theft, Visa USA is sitting on the Fort Knox of personal information. Though he won’t say just how much information the 21,000-member association is hording in its top-secret data centers around the world, Mike Dreyer, the executive vice president for technology solutions at Inovant LLC, Visa’s IT subsidiary, is not afraid to drop some big numbers. “I forget sometimes just how many transactions we process,” says Dreyer. “Right now we average about 100 million transactions a day, and we can handle up to 300 million. So already you’re talking a huge amount of throughput. About 1,200 to 1,500 bytes of data in each transaction. We can process over 7,000 transactions per second. That still boggles my mind.”

Appropriately, Dreyer is tight-lipped and guarded when talking about his network’s security. The data that passes through it, and ultimately comes to rest in the San Francisco-based company’s storage facilities, is coveted by nearly every imaginable party, both good and bad: hackers, petty thieves, marketers, day traders, terrorists and government agencies. All of this data must be fiercely protected, even as Visa undergoes major upgrades to its systems on a regular basis, a process Inovant CEO John Partridge likens to changing the engines on a 747 in mid-flight.

But in a recent conversation with Executive Editor Dan Briody, Dreyer opened up long enough to give us a glimpse at Visa’s overall security philosophies. He also explained the value of separating the IT arm of the company out as a subsidiary. And how the advent of Advanced Authorization, a fraud detection program the company rolled out last year that assigns a risk score to each transaction, is translating into big bucks for Visa and its member banks. An edited version of his remarks follows.

Next page: Visa’s IT Subsidiary