Visa Inc . (NYSE:V) released its Fall 2023 Biannual Threats Report on Thursday, revealing an increase in emerging fraud schemes such as phishing, ransomware, and enumeration attacks. The report also highlighted the company's collaborative efforts with global law enforcement to combat fraud.
The study period from January to June 2023 saw a significant rise in phishing schemes using generative AI tools. Ransomware attacks also showed a marked increase, with March 2023 recording nearly 460 attacks, a 91% surge compared to February 2023 and a 62% increase from the same period in 2022. The most common cause of ransomware attacks was exploited vulnerabilities (36%), followed by compromised credentials (29%).
Enumeration attacks, which impact both merchants and consumers, increased by 40% over the previous six months. Visa utilized its Visa Account Attack Intelligence to identify these attacks in real time, alerting merchants to stop fraud immediately.
Online merchants were accountable for 58% of total fraud and breach investigations. In contrast, brick-and-mortar merchants made up only 20%, with ransomware and fraud schemes accounting for a further 7%. Consumers were increasingly targeted by counterfeit merchants who established websites resembling legitimate ones to steal customers' payment account information.
The report also highlighted the rise of malvertising - fake ads developed by scammers to collect personal information. Flash fraud scams were also growing, where threat actors establish legitimate merchants and process a few genuine payments to build credibility before submitting a large number of fraudulent transactions.
Despite these threats, Visa said that it managed to proactively block $30 billion in fraud during the report's time period. "While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be," said Paul Fabara, Chief Risk Officer at Visa.
The company noted that its Payment Fraud Disruption's efforts over the past six months have resulted in significant crackdowns on cybercrime activities with help from global law enforcement and government agencies. In May 2023, the US Secret Service took down a major cybercrime platform called Try2Check, leading to the arrest of its administrator, Denis Gennadievich Kulkov. Other enforcement actions led to the arrest of suspects believed to be part of an Eastern European crime syndicate and 119 people involved with the cybercrime platform Genesis Market.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.