Visa Research Highlights Emerging Fraud Schemes in Retail and eCommerce
- Visa proactively blocked $30 billion in fraud during January - June 2023
- Visa's efforts resulted in crackdowns on cybercrime activities and arrests of fraudsters
- Ransomware attacks increased by 91% in March 2023 compared to February 2023
- Enumeration attacks increased by 40% in the past six months
Latest edition of Visa Biannual Threats Report Show Increasingly Sophisticated Fraud Landscape for Consumers.
While the global fraud rate trended lower than normal expected fraud levels during the report’s time period (January – June 2023), Visa shared that it helped to proactively block
-
Ransomware attacks continue to evolve and grow in prevalence. March 2023 surpassed prior ransomware attack records for the most attacks in one month with nearly 460 attacks; a
91% increase over February 2023 numbers and62% higher compared to the same period in 2022. A 2023 ransomware report identified that exploited vulnerabilities were the most common (36% ) root cause of ransomware attacks, followed by compromised credentials (29% ). Interestingly, ransomware attacks and related threat actors do not always target payment data specifically but will compromise any data accessible during their attacks including payment data or personal identifiable information. -
Enumeration attacks continue to impact merchants and consumers alike. The period covered in this study saw a
40% increase in enumeration attacks over the previous six months. Visa used its Visa Account Attack Intelligence to identify these attacks in real time to alert merchants and stop fraud in its tracks. -
Card-Not-Present merchants emerge as bigger target. Online merchants were responsible for
58% of total fraud and breach investigations, while brick and mortar merchants made up20% , and ransomware/fraud scheme made up7% .
Retail-specific schemes saw a measurable uptick during the past six months, including:
- False, spoofed, or counterfeit merchants: Consumers are being targeted through websites that seem like their favorite merchants. These sites are established to take customers' orders but do not fulfill the goods or services ordered and instead steal customers’ payment account information.
- The rise of malvertising: Some scammers are developing fake ads to try to garner personal information. Victims of these schemes are targeted with search engine-optimized scams that prey on what they might be interested in legitimately purchasing.
- Flash-fraud scams: Flash fraud merchants, also known as bust-out schemes, which is when threat actors establish a legitimate merchant and process a small number of legitimate payments to establish credibility, are also on the rise. Once a satisfactory payment processing history is established, the seller suddenly submits a large number of fraudulent transactions—often using stolen payment account data – and quickly disappears after they obtain the funds from the stolen accounts.
- Free gift scams: An emerging crypto scam in the retail space is the “free gift” scam, where bad actors offer a “free gift” through a pop-up window asking the victim to confirm the transaction. When clicked, the malicious payload is executed, which includes a file with malicious NFT, allowing fraudsters to communicate with the victim’s wallet and authorize cryptocurrency transfers from the victim’s wallet to the fraudster’s.
“While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be,” said Paul Fabara, Chief Risk Officer at Visa. “The same way criminals take advantage of technology advances, so does Visa, and the
While the threat landscape is more complicated than ever, consumers can take solace in the ways Visa is working to protect them. Visa Payment Fraud Disruption's efforts over the past six months have resulted in significant crackdowns on cybercrime activities with help from global law enforcement and government agencies.
Visa also helped bring fraudsters to justice around the world. In May 2023, the US Secret Service took down a major cybercrime platform called Try2Check. Its administrator, Denis Gennadievich Kulkov, faces 20 years in prison. A local enforcement action called Operation Urban Justice was launched in
From Visa’s Risk Operations Center, which triages and analyzes real-time transactions globally around the clock to ensure threats, are identified appropriately, to Visa’s Payment Threat Intelligence team which compiles robust information about the threats targeting the economy, to Visa’s Risk and Identify Solutions, which help improve authentication technology and reduce false declines, Visa is constantly working to ensure the global economy is safe.
About Visa Inc.
Visa (NYSE: V) is a world leader in digital payments, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive. We believe that economies that include everyone everywhere, uplift everyone everywhere and see access as foundational to the future of money movement. Learn more at Visa.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230907056353/en/
Meg Omecene
momecene@visa.com
Source: Visa Inc.