Visa Inc., the self-proclaimed world leader in digital payments, has released its Fall 2023 edition of the Biannual Threats Report, which focuses on emerging fraud schemes targeting the global economy. The report highlights a significant increase in phishing schemes facilitated by generative AI tools, as well as a rise in enumeration and ransomware attacks.
Visa has been collaborating with law enforcement agencies worldwide to bring fraudsters to justice. Although the global fraud rate during the January – June 2023 period was lower than expected, Visa proactively blocked $30 billion in fraudulent transactions.
However, threat actors have successfully executed targeted and sophisticated fraud schemes, impacting specific institutions, technology, and processes. The report emphasizes that ransomware attacks are continuously evolving and becoming more prevalent. March 2023 set a record for the highest number of ransomware attacks in a single month, with nearly 460 attacks, representing a 91% increase compared to February 2023 and a 62% increase compared to the same period in 2022.
A ransomware report for 2023 reveals that the most common root causes of ransomware attacks are exploited vulnerabilities (36%) and compromised credentials (29%). Interestingly, ransomware attacks do not solely focus on payment data but also compromise any accessible data, including payment data and personally identifiable information.
Enumeration attacks, which impact both merchants and consumers, have seen a 40% increase in the past six months. Visa’s Visa Account Attack Intelligence has been instrumental in identifying these attacks in real-time and alerting merchants to prevent fraud.
The report indicates that Card-Not-Present merchants are a significant target, with online merchants accounting for 58% of total fraud and breach investigations. Brick-and-mortar merchants represent 20% of investigations, while ransomware and fraud schemes make up 7%.
During the past six months, there has been a notable increase in retail-specific fraud schemes. These include false, spoofed, or counterfeit merchants, where consumers are lured into ordering from seemingly authentic websites that steal their payment account information without delivering the ordered goods or services. Scammers have also developed fraudulent ads, known as malvertising, which prey on individuals’ interests to gather personal information. Flash-fraud scams, where threat actors establish a legitimate merchant before conducting a large number of fraudulent transactions using stolen payment account data, are on the rise. Additionally, a new crypto scam known as the “free gift” scam has emerged, in which fraudsters offer a free item through a pop-up window that ultimately enables unauthorized transfers of cryptocurrency from the victim to the fraudster.
Paul Fabara, Visa’s Chief Risk Officer, acknowledges the savvy tactics employed by fraudsters. However, Visa’s efforts through Visa Payment Fraud Disruption have resulted in significant crackdowns on cybercrime activities with the assistance of global law enforcement and government agencies. Several notable successes include the takedown of the major cybercrime platform Try2Check, which led to the arrest of its administrator, Denis Gennadievich Kulkov. Similarly, Operation Urban Justice in California targeted Electronic Benefit Transfer fraud, resulting in the arrest of 20 suspects believed to be part of an Eastern European crime syndicate. Additionally, an international law enforcement coalition led the Genesis Market Takedown, resulting in the arrest of 119 individuals involved in the cybercrime platform.
Visa’s Risk Operations Center, Payment Threat Intelligence team, and Risk and Identify Solutions all work tirelessly to ensure the safety of the global economy. From analyzing real-time transactions to compiling information about threats and improving authentication technology, Visa remains committed to protecting consumers and combating fraud.
Follow crowdfundingmagazine on Instagram: @crowdfundingmagazine_it