With global trade returning to pre-pandemic levels, fraudsters are once again looking for vulnerabilities in the security systems of physical in-store payment points. However, nearly three-quarters of the fraud and data breaches identified by Visa’s international risk team involved e-commerce players — mostly social engineering, malware and phishing attacks. Owners of cryptocurrencies are also at risk: a new malware targeting virtual wallets is being used against them in the form of a browser extension and a cryptobridge service.
“As in-person commerce returns to pre-pandemic levels, crooks are back to exploiting the physical points of vulnerability in stores, while continuing to capitalize on e-commerce through malware, ransomware and phishing attacks, among others,” says Paul Fabara, Chief Risk Officer at Visa.
In collaboration with Visa, two new global studies were released on October 6, the Visa Biannual Threats Report and MIT Technology Review Insights study “Moving Money in a Digital World”. They highlight new and already known threats to the post-pandemic economy.
Nearly three-quarters of the fraud and data breaches investigated by Visa’s international risk team involved e-commerce players — mostly social engineering and ransomware attacks. Digital skimming attacks targeting e-commerce platforms and third-party code integration are very common.
These attacks shed light on the need for strict security measures on merchant websites and payment pages, ensuring that external code is not injected into sensitive cardholder environments. In fact, 42% of respondents in the Massachusetts Institute of Technology survey “Moving Money in a Digital World | MIT Technology Review” say that security measures are important to their customers, with 59% admitting that cyber security threats are the biggest challenge to the expansion of digital payments. Many prioritize advanced security features such as digital tokens (32%), artificial intelligence and advanced authorization (43%).
In addition to traditional currency attacks, attackers are using new tactics to trick cryptocurrency users, including new wallet-targeting malware in the form of a browser extension for digital currency users, as well as innovations in phishing and social engineering schemes. Cryptobridge services are also a threat. Between January and February 2022, cybercriminals made off with more than $400 million in three major thefts exploiting vulnerabilities in various bridge services.
While cybercrime persists, Visa has stepped up its efforts to combat fraud. Over the past five years, the company has invested more than $9 billion in network security.