Criminals Reverting to Old-School Tactics with New Twists, Visa’s State of Scams Report Shows
Visa has released its State of Scams: Fall 2024 Biannual Threats Report, revealing a resurgence in physical theft and emerging fraud patterns. Despite $11 billion invested in technology, criminals are targeting consumers through various schemes including digital pickpocketing and government impersonation scams, which caused over $20 million in losses in early 2024. The report highlights several threats: authentication bypass scams enhanced by AI, gas station fraud shifting to CEMEA region, enumeration attacks targeting merchants, token provisioning fraud, and sophisticated ransomware attacks showing a 24% increase in targeting third-party providers, though overall attempts decreased by 12.3%.
Visa ha pubblicato il suo rapporto semestrale sui rischi delle frodi: Stati delle Frodi, autunno 2024, rivelando un ritorno al furto fisico e nuovi modelli di frode emergenti. Nonostante un investimento di $11 miliardi in tecnologia, i criminali stanno prendendo di mira i consumatori attraverso vari schemi, tra cui il furto digitale e le frodi da impersonificazione governativa, che hanno causato perdite superiori a $20 milioni all'inizio del 2024. Il rapporto evidenzia diverse minacce: frodi di bypass dell'autenticazione potenziate dall'IA, frodi nelle stazioni di servizio che si spostano nella regione CEMEA, attacchi di enumerazione contro i commercianti, frodi nel provisioning di token e attacchi ransomware sofisticati che mostrano un aumento del 24% nel mirare ai fornitori di terze parti, sebbene i tentativi complessivi siano diminuiti del 12,3%.
Visa ha publicado su informe semestral sobre el estado de las estafas: Amenazas de Otoño 2024, revelando un resurgimiento del robo físico y patrones de fraude emergentes. A pesar de $11 mil millones invertidos en tecnología, los criminales están atacando a los consumidores a través de varios esquemas, incluyendo el hurto digital y estafas de suplantación gubernamental, las cuales causaron pérdidas superiores a $20 millones a principios de 2024. El informe destaca varias amenazas: estafas de elusión de autenticación potenciadas por IA, fraude en estaciones de servicio que se traslada a la región CEMEA, ataques de enumeración dirigidos a comerciantes, fraude en el aprovisionamiento de tokens y ataques de ransomware sofisticados que muestran un aumento del 24% en el objetivo a proveedores de terceros, aunque los intentos generales disminuyeron en un 12.3%.
비자는 2024년 가을 반기 위협 보고서에 대한 사기 현황을 발표하며, 물리적 도난과 새로운 사기 패턴의 재발을 밝혔습니다. $110억을 기술에 투자했음에도 불구하고 범죄자들은 디지털 소매치기 및 정부 사칭 사기와 같은 다양한 수법을 통해 소비자들을 겨냥하고 있으며, 이로 인해 2024년 초에 $2천만 이상의 손실이 발생했습니다. 보고서는 여러 가지 위협을 강조합니다: AI에 의해 강화된 인증 우회 사기, CEMEA 지역으로 이동하는 주유소 사기, 상인을 겨냥한 열거 공격, 토큰 프로비저닝 사기, 그리고 제3자 공급자를 겨냥한 정교한 랜섬웨어 공격이 24% 증가했지만 전체적인 시도는 12.3% 감소했다고 보고했습니다.
Visa a publié son rapport semestriel sur l'état des escroqueries : Menaces d'automne 2024, révélant une résurgence du vol physique et de nouveaux modèles de fraude émergents. Malgré un investissement de 11 milliards de dollars dans la technologie, les criminels ciblent les consommateurs par divers stratagèmes, y compris le vol numérique et les escroqueries de contrefaçon gouvernementale, qui ont causé plus de 20 millions de dollars de pertes au début de 2024. Le rapport met en avant plusieurs menaces : des escroqueries de contournement de l'authentification améliorées par l'IA, la fraude dans les stations-service se déplaçant vers la région CEMEA, des attaques d'énumération ciblant les commerçants, la fraude à la provision de codes et des attaques de ransomwares sophistiquées montrant une augmentation de 24% dans la cible des fournisseurs tiers, bien que les tentatives globales aient diminué de 12,3%.
Visa hat seinen Halbjahresbericht über Betrugsrisiken veröffentlicht: Betrugsstatus Herbst 2024, der ein Wiederaufleben von physischen Diebstählen und aufkommenden Betrugsmustern aufzeigt. Trotz einer Investition von $11 Milliarden in Technologie zielen Kriminelle auf Verbraucher durch verschiedene Betrugsmaschen, einschließlich digitalem Taschendiebstahl und Regierungsnachahmungsbetrug, die Anfang 2024 Verluste von über $20 Millionen verursacht haben. Der Bericht hebt mehrere Bedrohungen hervor: KI-verbesserte Betrügereien zur Umgehung der Authentifizierung, Betrug an Tankstellen, der in die CEMEA-Region wechselt, Enumerationsangriffe auf Händler, Token-Bereitstellungbetrug und ausgeklügelte Ransomware-Angriffe, die einen Anstieg von 24% bei der Zielrichtung von Drittanbietern zeigen, obwohl die Gesamtversuche um 12,3% zurückgegangen sind.
- Invested $11 billion in technology and infrastructure over past five years
- Network security improvements forcing criminals to revert to less sophisticated methods
- Government impersonation scams caused over $20 million in losses in Q1 2024
- 90% increase in cash payment losses from government impersonation scams (2022-2023)
- 24% increase in ransomware attacks targeting third-party providers
- Single ransomware attack affected 2,620 organizations and 77.2 million individuals
Insights
The report reveals significant shifts in payment fraud tactics that could impact financial institutions and payment processors. The $11 billion investment by Visa in security infrastructure highlights the growing importance of fraud prevention in the payments industry. Key concerns include the rise of physical theft methods, with criminals adapting traditional tactics for the digital age through "digital pickpocketing."
The emergence of authentication bypass scams and the 90% increase in government impersonation fraud losses represent substantial risks to financial institutions. The evolution of enumeration attacks targeting specific sectors and the sophisticated ransomware threats to third-party providers indicate heightened cybersecurity risks. These trends suggest increased operational costs for financial institutions and potential revenue impacts from fraud losses.
The diversification of fraud tactics presents a complex challenge for payment processors and financial institutions. The shift in gas station fraud from Americas to CEMEA regions demonstrates the global nature of these threats. The
The delayed token cashout strategy and the targeting of third-party providers, affecting over 77.2 million individuals, suggest sophisticated criminal enterprises are adapting to bypass traditional security measures. These trends could lead to increased compliance costs and potential regulatory scrutiny for financial institutions.
Latest Visa Biannual Threats Report highlights emerging scams targeting consumers, merchants and financial institutions.
“Visa invested
Key themes highlighted in the report include:
- The resurgence of physical theft: Scammers are going back to basics with an increase of physical theft over the past six months, capitalizing on the window between the theft and the victim’s awareness. After a theft, the most common ways the criminals are capitalizing on their theft by purchasing gift cards or physical goods to resell, or even using the card number online for money transfers. Similarly, in March of 2023, Visa identified an emerging threat dubbed “digital pickpocketing,” where cybercriminals use a mobile point-of-sale device to tap against unsuspecting consumers’ wallets and initiate a payment, often in crowded areas.
-
Government impersonation scams: Consumers are falling victim to scams where fraudsters pose as representatives from the government, including agencies like the USPS, the FBI and the IRS. In the first three months of 2024, the average government impersonation scam victim in the
U.S. lost$14,000 US . Additionally, between 2022 and 2023, there was$20 million 90% increase in losses from cash payments due to government impersonation scams1. As government impersonation scams move towards cash, Visa predicts that banks will see an increase in large cash withdrawals by customers at ATMs.
- The rise of authentication bypass scams: Looking for a way to get around two-factor authentication, fraudsters are doubling down on one-time-password phishing scams, which allow criminals access to full account funds and information via increasingly convincing texts, emails or phone calls. These scams have grown more convincing in part due to the prevalence of Gen AI.
While many of the scams highlighted in the report target consumers, the research contains key takeaways for financial institutions and merchants as well.
-
Gas station fraud: After a successful small authorization, fraudsters are making large fuel purchases at gas stations using accounts that do not have enough money to cover the total. In the past six months, activity has significantly shifted from targeting issuers in the
U.S. ,Latin America andCaribbean to issuers inCentral Europe ,Middle East andAfrica , showing how these scams spread globally.
- Enumeration: Merchants continue to be targeted by cybercriminals who test payment data with scale and speed, leading them to access consumer account information. Enumeration, or automatic testing of common payment data to guess account numbers, remains a top threat to the payment ecosystem, with significant fraud occurring in the year after a successful enumeration attack. Industries most impacted over the past year include restaurants, government services, and charitable and social service organizations.
- Token provisioning fraud: Tokenization remains one of the safest ways to pay, but as the technology gains momentum, scammers have taken to obtaining tokens illegitimately—and cashing out under the radar of financial institutions. Recently, Visa has noted a marked delay in when cybercriminals choose to cashout compromised accounts, hoping to evade detection after initial provisioning fraud.
-
Ransomware: More sophisticated ransomware attacks are affecting more companies and individuals. Although there was an overall decrease of
12.3% in attempted ransomware attacks seen during the period of this report, there was a24% increase in targeting of third-party providers like cloud or web hosting services, creating the opportunity for more fraud per attack. Just one attack to a third-party provider affected an estimated 2,620 organizations along with 77.2 million individuals, making these third-party providers a prime target for criminals2.
This report also marks the first edition published under the newly expanded Payment Fraud Disruption team, now part of the Payment Ecosystem Risk and Control (PERC) team, which works to protect the Global Payment Ecosystem against threats and abuse by transforming risk controls, leveraging intelligence-driven solutions, and upholding Visa’s Rules and Standards.
The full report can be found HERE. To find out more about how Visa works to prevent fraud and protect the payments ecosystem, visit visa.com/security.
About Visa
Visa (NYSE: V) is a world leader in digital payments, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive. We believe that economies that include everyone everywhere, uplift everyone everywhere and see access as foundational to the future of money movement. Learn more at Visa.com.
____________________
1 Visa Biannual Threats Report Fall 2024
2 Visa Biannual Threats Report Fall 2024
View source version on businesswire.com: https://www.businesswire.com/news/home/20241023398641/en/
Media Contact
Meg Omecene
momecene@visa.com
Source: Visa
FAQ
How much did Visa invest in technology and infrastructure in the past five years?
What was the total loss from government impersonation scams in early 2024?
What is the percentage increase in ransomware attacks on third-party providers according to Visa's report?
What is digital pickpocketing according to Visa's State of Scams report?
