Visa Research Highlights Emerging Fraud Schemes in Retail and eCommerce
Latest edition of Visa Biannual Threats Report Show Increasingly Sophisticated Fraud Landscape for Consumers.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230907056353/en/
While the global fraud rate trended lower than normal expected fraud levels during the report’s time period (January –
Ransomware attacks continue to evolve and grow in prevalence.
March 2023surpassed prior ransomware attack records for the most attacks in one month with nearly 460 attacks; a 91% increase over February 2023numbers and 62% higher compared to the same period in 2022. A 2023 ransomware report identified that exploited vulnerabilities were the most common (36%) root cause of ransomware attacks, followed by compromised credentials (29%). Interestingly, ransomware attacks and related threat actors do not always target payment data specifically but will compromise any data accessible during their attacks including payment data or personal identifiable information.
Enumeration attacks continue to impact merchants and consumers alike. The period covered in this study saw a 40% increase in enumeration attacks over the previous six months.
Visaused its Visa Account Attack Intelligence to identify these attacks in real time to alert merchants and stop fraud in its tracks.
- Card-Not-Present merchants emerge as bigger target. Online merchants were responsible for 58% of total fraud and breach investigations, while brick and mortar merchants made up 20%, and ransomware/fraud scheme made up 7%.
Retail-specific schemes saw a measurable uptick during the past six months, including:
- False, spoofed, or counterfeit merchants: Consumers are being targeted through websites that seem like their favorite merchants. These sites are established to take customers' orders but do not fulfill the goods or services ordered and instead steal customers’ payment account information.
- The rise of malvertising: Some scammers are developing fake ads to try to garner personal information. Victims of these schemes are targeted with search engine-optimized scams that prey on what they might be interested in legitimately purchasing.
- Flash-fraud scams: Flash fraud merchants, also known as bust-out schemes, which is when threat actors establish a legitimate merchant and process a small number of legitimate payments to establish credibility, are also on the rise. Once a satisfactory payment processing history is established, the seller suddenly submits a large number of fraudulent transactions—often using stolen payment account data – and quickly disappears after they obtain the funds from the stolen accounts.
- Free gift scams: An emerging crypto scam in the retail space is the “free gift” scam, where bad actors offer a “free gift” through a pop-up window asking the victim to confirm the transaction. When clicked, the malicious payload is executed, which includes a file with malicious NFT, allowing fraudsters to communicate with the victim’s wallet and authorize cryptocurrency transfers from the victim’s wallet to the fraudster’s.
“While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be,” said
While the threat landscape is more complicated than ever, consumers can take solace in the ways