Visa has published the Biannual Threats Report for Fall 2023. It highlights emerging frauds and scams that threaten the economy on a global scale. The report suggests a significant increase in phishing scams, now backed by generative AI tools. This Visa report also points out an uptick in enumeration and ransomware incidents. Additionally, it outlines Visa’s collaboration with law enforcement agencies worldwide to curb fraudsters.
Despite the global fraud rate trending lower than anticipated levels during the reporting period (January – June 2023), Visa disclosed its proactive efforts in averting $30 billion worth of fraudulent activities during this timeframe. However, threat actors managed to execute targeted and sophisticated fraud schemes that impacted specific institutions, technologies, and processes.
Visa Report – Key Takeaways
- Ransomware attacks are on a concerning surge and are becoming increasingly complex. In its latest report, Visa suggests that companies need better cybersecurity to fight ransomware.
- The report highlights that consumers are an easy target for them. By targeting vulnerable emotions and showing “trust,” they perpetrate fraudulent activities, causing significant financial losses.
- Another fascinating insight from the report is the fraudsters’ changing tactics. They employ new schemes like “pig butchering” and Flash frauds integrated with advanced AI to persuade.
- Through significant investments in technology and innovation, Visa demonstrates its commitment to combating fraud. With a dedicated global team and swift response mechanisms to detect and neutralize threats, Visa aims to safeguard consumers and the payments ecosystem.
Visa’s Spring 2024 Biannual Threats Report Insights
Image source
Visa has recently released its Spring 2024 Biannual Threats Report, which sheds light on the payment risks impacting individuals and businesses globally. The report highlights a trend where cybercriminals are increasingly targeting the vulnerable aspect of the payment system. In the past five years, Visa has dedicated over $10 billion to technology and innovation to address these threats and protect consumers.
The reports suggest that the frequency and complexity of attacks are rising. In March 2023, these attacks peaked, with 460 incidents reported in just one month. This represented an uptick of 91% from February 2023 and a 62% increase compared to the period in the previous year. As per a 2023 report, exploiting vulnerabilities emerged as the primary method of attack, constituting 36% of ransomware incidents.
Following closely were incidents involving compromised login credentials, accounting for 29% of the cases. It’s worth noting that cybercriminals operating ransomware are not solely after payment information, but they also target any information they can find, including payment specifics and personal data. Additionally, there has been a rise in enumeration attacks, with a 40% surge, in the last six months, impacting both businesses and customers. Visa has quickly identified these threats through its Visa Account Attack Intelligence, which issues alerts to merchants to help prevent fraudulent activities.
Source: – Visa Payment Fraud Disruption
The focus of targets is shifting, with online or keyed-in transaction merchants now becoming more frequently targeted. They accounted for 58% of the total fraud and breach investigations. Traditional store merchants constituted 20%, and ransomware or fraud schemes comprised 7% of the cases.
Consumers are increasingly becoming the primary targets for scammers, who exploit heightened emotions to facilitate fraudulent activities. Despite a decrease in individual scam reports from June to December, the total monetary losses have risen, indicating that scammers are employing more effective—and costly—scams. A recent Visa survey also revealed that over one-third of surveyed adults opted not to report scams perpetrated against them, suggesting that the actual losses could surpass estimates.
The report sheds light on various consumer scams, such as inheritance scams, “pig butchering” scams, triangulation fraud, and humanitarian and relief scams, resulting in substantial financial losses for victims. Visa’s dedicated team is tirelessly monitoring and disrupting fraud schemes, with their swift response being vital in protecting consumers. Here’s a look at some of the scams highlighted in the Spring Threats report:
- Pig Butchering Scam
A pig butchering scam is a deceitful scheme that operates over an extended period. Scammers utilize fictitious online personas to deceive victims into investing money. Typically, scammers establish trust by feigning accidental receipt of the victim’s contact information and then introducing a fraudulent investment opportunity. Through persuasion, victims are convinced to invest additional funds, which scammers collect via digital payment platforms or cryptocurrencies.
When victims attempt to withdraw their funds, the fraudulent platform either provides excuses or imposes hefty fees, ultimately revealing the scam. According to Visa’s report, pig butchering scams, enhanced by AI for more convincing tactics, have resulted in billions of dollars in consumer losses. Additionally, 10% of surveyed adults have fallen victim to a pig butchering scam.
- Inheritance Scams
Inheritance scams are a fraudulent tactic wherein a scammer poses as a lawyer, banker, or foreign official, asserting that the victim has inherited a substantial sum from a deceased relative.
The victim is then prompted to pay an initial fee to access their inheritance, purportedly covering legal fees, taxes, and other transfer expenses. According to Visa’s report, 15% of surveyed US adults have been targeted in inheritance scams.
- Flash-fraud scams
These “bust-out” schemes involve threat actors setting up a seemingly legitimate merchant. Initially, they process a few genuine payments to build trust. Once credibility is established, they execute fraudulent transactions, often using stolen payment data. Subsequently, they vanish swiftly after pocketing the funds from the compromised accounts.
- Triangulation Fraud
This type of fraud occurs in e-commerce when a buyer purchases an item online. The fraudster buys the same item from another seller using the buyer’s stolen credit card details. The fraudster ships the item to the buyer, who is typically unaware of the fraudulent transaction. These scams can cost merchants up to $1 billion monthly.
Source: – Visa Payment Fraud Disruption
Paul Fabara, Visa’s Executive Vice President and Chief Risk Officer, highlighted that Visa employs a global, around-the-clock team dedicated to identifying and countering fraudulent tactics used by malicious actors. Their efficiency in detecting and neutralizing threats is notable, with the average response time to shut down an attack being minutes rather than hours or days. Their goal is to maximize consumer protection. By raising awareness about these evolving scams, they aim to empower consumers to become an additional layer of defense in the ongoing fight against fraud.
In addition to individual targets, threat actors exploit organizations and networks, leveraging new technologies to exploit vulnerabilities. Organizational fraud trends include supply chain and third-party service campaigns, increased adoption of artificial intelligence by fraudsters, an 83% surge in Purchase Return Authorization (PRA) fraud attacks, and a staggering 300% increase in ransomware incidents from June to December 2023. Visa anticipates continued targeting of critical infrastructure by ransomware threat actors.
By closely integrating people and technologies, Visa has developed procedures to reduce and forestall attacks on the payments ecosystem. Visa collaborates with all participants in the payment ecosystem to detect any vulnerable data and promptly inform affected stakeholders.
About Visa
Visa Inc. (Visa) is a global digital payment technology company catering to various clients, including commercial and individual customers, government bodies, merchants, and financial institutions. It is pivotal in facilitating worldwide e-commerce through digital payment solutions and information exchange. Visa’s transaction processing network, VisaNet, handles the clearing, authorization, and settlement of payment transactions while also managing the routing of payment data.
Its offerings encompass payment cards, mobile payment solutions, merchant services, transaction processing, and various digital services to support large enterprises and local businesses. With operations spanning the Americas, Asia-Pacific, Europe, Africa, and the Middle East, Visa is headquartered in San Francisco, California, USA.
Conclusion
Visa’s Spring 2024 Biannual Threats Report provides a comprehensive overview of the evolving landscape of fraud and scams plaguing the global economy. Highlighting the alarming surge in ransomware attacks, phishing schemes, and enumeration incidents, the report underscores the critical need for robust cybersecurity measures and heightened consumer awareness. Despite proactive efforts to thwart fraudulent activities, threat actors continue to execute sophisticated schemes, impacting specific institutions and technologies.
The emergence of new scams like “pig butchering” and inheritance scams, propelled by advanced AI techniques, further accentuates the need for adaptive fraud prevention strategies. Visa’s commitment to combating fraud through significant technological investments and its swift response mechanisms and global collaboration underscores its dedication to safeguarding consumers and the payments ecosystem from evolving threats.
