Automation cannot come at the cost of accountability; trust has to be embedded into the architecture: Rishi Chhabra, Visa India

India’s digital payments story is often told through the lens of scale, billions of transactions, hundreds of millions of users, and an ecosystem that has leapfrogged traditional banking infrastructure. But beneath this headline growth lies a quieter, more complex challenge and that is trust. As digital payments surge, so does digital fraud, forcing the ecosystem to rethink how security, speed, and user experience can coexist.

For Rishi Chhabra, Country Manager at Visa India, this moment represents a defining inflection point. “If you ask me whether Visa is a payments network, a technology company, or a trust infrastructure, the honest answer is, all of the above,” he says. “Our responsibility is to make sure that every payment interaction is secure, reliable, and trusted, regardless of how or where it happens.”

Visa’s roots as a technology company stretch back more than six decades globally and over forty years in India. Yet the nature of that technology has transformed radically. From early card-based transactions to today’s mobile-first, app-driven economy, the payments landscape has expanded in form factors and complexity. With that expansion, Chhabra notes, has come a parallel evolution among bad actors. “As digital payments have exploded, fraud has naturally followed. Bad actors are also using advanced technologies, including AI. Our job is to stay ahead of that curve.”

At the heart of Visa’s defence strategy is artificial intelligence operating at extraordinary scale. Visa Advanced Authorization, for instance, evaluates transactions in under 200 milliseconds, analysing hundreds of data signals before a payment is approved or declined. These signals range from location and device data to behavioural patterns and issuer intelligence, all processed in real time.

What differentiates this system, Chhabra explains, is not just speed or sophistication, but restraint. “AI can be a weapon or a shield,” he says. “We’ve been using AI for over 15 years, and in the last decade alone we’ve invested more than three billion dollars in it. But we strongly believe the final decision must rest with humans. Machines do the hard work, but control should always remain with issuers.”

That philosophy is reflected in tools like Visa Risk Manager, which provides issuers with a risk score derived from Visa’s global transaction intelligence, spanning more than 300 billion transactions annually, while leaving the final call in human hands. The goal, according to Chhabra, is not just to block fraud, but to minimise false positives. “A real transaction should feel effortless to the consumer. Security should protect, not punish.”

Nowhere is this balance more delicate than in India, where regulation and scale intersect in unique ways. Data localisation, in particular, has reshaped how global technology companies operate in the country. For Visa, compliance has been non-negotiable. “Every product and service we run in India is fully data-localised,” Chhabra states. “We don’t bring global solutions into the country unless they meet India’s regulatory expectations. Data sovereignty is foundational for us.”

Visa’s investments in local data centres, recovery mechanisms, and infrastructure resilience reflect this commitment. But security at scale is not just about where data resides, it’s also about how users authenticate themselves.

India has long been a global leader in two-factor authentication, with OTPs forming the backbone of digital payment security. Yet OTPs have also become a point of friction and vulnerability, particularly as social engineering attacks rise. Chhabra believes the next phase of authentication must be both stronger and simpler. “Biometric and device-based authentication is a leap forward,” he says. “It’s more secure, more frictionless, and far better from a consumer experience standpoint.”

Visa is actively working with issuers, merchants, and payment aggregators to roll out authentication mechanisms based on global standards. “Consumers want payments to be invisible,” Chhabra adds. “They want to enjoy the shopping experience, not struggle through the payment process.”

Tokenisation plays a critical role in enabling this vision. By replacing sensitive card details with unique digital tokens, Visa has created a secure foundation for tap-and-pay, in-app purchases, and cross-border transactions. In India alone, nearly half a billion cards have already been tokenised. “Once tokenisation is in place, device-based payments and seamless commerce become possible,” Chhabra explains. “It’s the bedrock of frictionless payments.”

Fraud prevention, however, is no longer limited to card-based transactions. With real-time and account-to-account payments gaining momentum, Visa has expanded its scope through strategic acquisitions such as Featurespace. The UK-based firm specialises in behavioural analytics for real-time fraud detection, an area Chhabra describes as increasingly critical. “We don’t just want to detect fraud on the Visa network. We want to help prevent fraud across payment types and networks,” he says.

Before deploying such capabilities in India, Visa conducts extensive back-testing using localised data and works closely with regulators. “Global intelligence is powerful, but it has to be adapted to local behaviour. You can’t simply overfit global models to India’s unique payment patterns.”

Looking further ahead, Visa is already preparing for a world where payments may no longer be initiated by humans at all. AI agents that compare prices, book travel, and complete transactions on behalf of consumers are quickly moving from concept to reality. “This is something we’ve been working on for over 18 months,” Chhabra reveals. “But none of it works without trust.”

To address this, Visa is developing what it calls a Trusted Agent Protocol, an infrastructure that allows merchants to verify that a transaction is being initiated by a consumer-authorised AI agent, not a malicious bot. Tokenisation, passkeys, and layered authentication form the security backbone of this emerging model. “Automation cannot come at the cost of accountability,” Chhabra emphasises. “Trust has to be embedded into the architecture itself.”

For India, where digital adoption moves at breathtaking speed, Visa’s approach is deliberately cautious. Pilots are underway globally, but scaling in India will require close regulatory alignment and robust safeguards. “We’re excited, but we’re also careful,” Chhabra says. “Security, identity protection, and liability frameworks must be right before anything goes live.”

As India’s digital payments ecosystem matures, the challenge is no longer just about enabling transactions, it’s about protecting an entire economy that increasingly runs on code. Visa’s role, as Chhabra sees it, is clear. “When you are the network, you have to protect everyone on it,” he says. “That responsibility never changes, only the technology does.”