Evolving Fraud Techniques Aimed at the Payment System
Evolving Fraud Techniques Aimed at the Payment System

Image: Sigmund (unsplash)

According to a recent report from Visa, threat actors persistently leveraged technical vulnerabilities using a variety of deceptive methods.

This involved adopting malvertising and search engine optimization (SEO) methods to craft convincing phishing and social engineering campaigns. Additionally, they utilized the latest advanced language model (ALM) tools and increasingly aimed their strategies at authentication procedures.

Though the international fraud rate during January to June 2023 appeared lower than the anticipated levels, Visa revealed its proactive efforts in blocking a staggering $30 billion within that duration. Nevertheless, malicious actors managed to orchestrate complex fraud operations that affected specific institutions, technological platforms, and procedures.

Ransomware Tactics Witness Transformation The month of March 2023 broke previous records for ransomware assaults with an alarming 460 incidents. This was a 91% surge from February 2023 and a 62% rise compared to the same span in 2022. A study from 2023 highlighted that the leading causes of these ransomware incidents were exploited vulnerabilities (36%) and breached credentials (29%).

Interestingly, not all ransomware offensives directly target payment data. Many compromise any data they can access during their incursions, which could include payment details or personally identifiable information. The timeline under scrutiny revealed a 40% spike in enumeration attacks relative to the preceding half-year.

Online vendors accounted for a whopping 58% of all fraud and security breach investigations. Traditional retailers comprised 20%, and combined ransomware and fraud tactics made up 7%.

Significant Rise in Retail-focused Tactics Over the past half-year, retail-focused deceptions have notably increased, including:

  • Counterfeit Merchant Sites: Buyers are lured through web platforms mimicking popular retailers. While these portals accept customer orders, they neither deliver the products nor the services. Instead, they illicitly acquire the consumers’ payment credentials.
  • Malvertising Proliferation: Certain deceitful actors craft phony advertisements intending to extract personal details. These ads exploit SEO techniques to lure potential victims by promoting items they might genuinely be interested in.
  • Burst-out Frauds: Here, malicious actors set up genuine-looking retail platforms and process minimal genuine transactions to gain trust. Having achieved a trustworthy transaction history, these entities suddenly execute a plethora of illicit transactions, often tapping into pilfered payment details, and vanish soon after gaining access to the funds.
  • Cryptocurrency Deception: A recent retail deception involves offering a “complimentary gift” via a pop-up prompt requesting transaction validation. Once the user approves, a malevolent script runs, deploying a harmful NFT, enabling the culprits to access the user’s crypto wallet and execute unauthorized digital currency transfers.

Combatting Digital Deceit Over the past half-year, Visa’s endeavors, with the support of international legal entities and governmental bodies, have led to substantial actions against online malpractices.

Visa’s efforts culminated in the capture of digital fraudsters globally. For instance, in May 2023, collaboration with the US Secret Service led to the dismantling of a significant digital offense platform named Try2Check. Additionally, an initiative named Operation Urban Justice was initiated in California focusing on EBT deception, resulting in the capture of 20 individuals linked to an Eastern European illicit group. April 2023 witnessed a global legal coalition bringing down the Genesis Market, with 119 culprits associated with the online deception platform apprehended.

The Chief Risk Officer at Visa, Paul Fabara, remarked on the achievements, emphasizing the importance of staying ahead of cunning fraudsters. Visa’s proactive approach, demonstrated by preventing frauds worth $30 billion in the past six months, showcases their commitment to leveraging technological advancements to ensure security.