Latest fraud schemes targeting the payments ecosystem

Threat actors continued to exploit technical misconfigurations through various fraud schemes, according to a new report from Visa.

payment data compromise

These include the use of malvertising and search engine optimization (SEO) techniques to cultivate compelling and effective phishing and social engineering campaigns, the utilization of emerging advanced language model (ALM) technologies, and the increased targeting of authentication processes.

While the global fraud rate trended lower than normal expected fraud levels during the report’s time period (January – June 2023), Visa shared that it helped to proactively block $30 billion in those time periods. However, threat actors were successful in conducting targeted and sophisticated fraud schemes impacting specific institutions, technology, and processes.

Ransomware attacks continue to evolve

March 2023 surpassed prior ransomware attack records for the most attacks in one month with nearly 460 attacks; a 91% increase over February 2023 numbers and 62% higher compared to the same period in 2022. A 2023 ransomware report identified that exploited vulnerabilities were the most common (36%) root cause of ransomware attacks, followed by compromised credentials (29%).

Interestingly, ransomware attacks and related threat actors do not always target payment data specifically but will compromise any data accessible during their attacks including payment data or personal identifiable information. The period covered in the study saw a 40% increase in enumeration attacks over the previous six months.

Online merchants were responsible for 58% of total fraud and breach investigations, while brick and mortar merchants made up 20%, and ransomware/fraud scheme made up 7%.

Notable surge in retail-specific schemes

Retail-specific schemes saw a measurable uptick during the past six months, including:

  • False, spoofed, or counterfeit merchants: Consumers are being targeted through websites that seem like their favorite merchants. These sites are established to take customers’ orders but do not fulfill the goods or services ordered and instead steal customers’ payment account information.
  • The rise of malvertising: Some scammers are developing fake ads to try to garner personal information. Victims of these schemes are targeted with search engine-optimized scams that prey on what they might be interested in legitimately purchasing.
  • Flash-fraud scams: Flash fraud merchants, also known as bust-out schemes, which is when threat actors establish a legitimate merchant and process a small number of legitimate payments to establish credibility, are also on the rise. Once a satisfactory payment processing history is established, the seller suddenly submits a large number of fraudulent transactions—often using stolen payment account data – and quickly disappears after they obtain the funds from the stolen accounts.
  • Free gift scams: An emerging crypto scam in the retail space is the “free gift” scam, where bad actors offer a “free gift” through a pop-up window asking the victim to confirm the transaction. When clicked, the malicious payload is executed, which includes a file with malicious NFT, allowing fraudsters to communicate with the victim’s wallet and authorize cryptocurrency transfers from the victim’s wallet to the fraudster’s.

Crackdowns on cybercrime activities

Visa’s efforts over the past six months have resulted in significant crackdowns on cybercrime activities with help from global law enforcement and government agencies.

Visa also helped bring fraudsters to justice around the world. In May 2023, the US Secret Service took down a major cybercrime platform called Try2Check. A local enforcement action called Operation Urban Justice was launched in California targeting Electronic Benefit Transfer (EBT) fraud, which led to the arrest of 20 suspects believed to be part of an Eastern European crime syndicate. In April 2023, an international law enforcement coalition led the Genesis Market Takedown, arresting 119 people involved with the cybercrime platform.

“While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be,” said Paul Fabara, Chief Risk Officer at Visa. “The same way criminals take advantage of technology advances, so does Visa, and the $30 billion of fraud prevented in the last six months alone is a great testament to that.”

Don't miss