Visa's biannual report highlights evolving scams and financial threats


Visa has released its State of Scams: Fall 2024 Biannual Threats Report, revealing recent developments in scams and threats targeting banks and consumers

Visa has released its State of Scams: Fall 2024 Biannual Threats Report, revealing recent developments in scams and threats targeting banks and consumers. One major trend is the resurgence of physical theft, with scammers capitalising on the delay before a theft is detected.

In the period after a card is stolen, criminals often make quick purchases, such as gift cards or resalable goods, and may even initiate online money transfers using stolen card information. A related threat identified by Visa, termed ‘digital pickpocketing,’ involves using mobile point-of-sale devices in crowded areas to charge unsuspecting consumers. There has also been an uptick in scams where fraudsters pose as government officials from agencies such as USPS, FBI, or IRS.

In early 2024, losses from these impersonation scams averaged USD 14,000 per victim, with a total of USD 20 million reported in losses. As cash payments increase, Visa expects banks may notice a rise in larger cash withdrawals at ATMs as part of these scams. Criminals are also bypassing two-factor authentication via sophisticated phishing tactics that involve sending convincing messages through various channels.

This trend has been fuelled in part by advancements in generative AI, making fraudulent messages more believable and potentially compromising full account access. Gas station fraud, enumeration, and token provisioning The report outlines other scams affecting merchants and consumers alike: Gas Station Fraud: Fraudsters are using low-balance accounts for small authorisations before making larger fuel purchases. This tactic has spread internationally, particularly affecting issuers in Central Europe, the Middle East, and Africa.  Enumeration Attacks: Cybercriminals continue using enumeration, which tests potential payment data combinations to guess account numbers.

This threat remains significant for industries like restaurants and charitable services.  Token Provisioning Fraud: Although tokenization is among the most secure payment methods, fraudsters are exploiting this technology to cash out funds covertly, evading early detection by delaying the use of compromised accounts. Ransomware and third-party vulnerabilities Ransomware attacks have grown more sophisticated, with fraudsters increasingly targeting third-party service providers, such as cloud and web hosting services. While the report indicates a 12.3% decrease in overall ransomware attempts, attacks on third-party providers increased by 24%, affecting thousands of organisations and millions of individuals through a single breach.

This report marks the first edition under Visa's expanded Payment Fraud Disruption team, now part of the Payment Ecosystem Risk and Control (PERC) team, dedicated to protecting the global payment system through advanced risk controls and intelligence-driven responses. Source: Link .


Oct 25, 2024 13:44
Original link