As technology continues to fortify digital payment systems, fraudsters are adapting, combining old-school criminal methods with new-age strategies to exploit unsuspecting consumers, merchants, and financial institutions. Visa’s State of Scams: Fall 2024 Biannual Threats Report sheds light on these evolving threats, revealing key insights into how criminals are targeting vulnerabilities in the payment ecosystem.
The Return of Physical Theft with a Digital Edge
One surprising revelation in the report is the resurgence of physical theft. Criminals are leveraging a victim’s delayed awareness post-theft to quickly cash in by purchasing gift cards, reselling physical goods, or using stolen card numbers for online transactions. A notable innovation is “digital pickpocketing,” where cybercriminals discreetly use mobile point-of-sale devices to initiate unauthorized payments in crowded spaces, showing how traditional crime merges with technology.
Government Impersonation Scams: A Costly Deception
Scams that impersonate representatives of government entities, such as the Internal Revenue Service or the United States Postal Service, have become a pervasive problem. Losses incurred as a result of such frauds doubled between the years 2022 and 2023. Those who were victimized were forced to withdraw significant sums of money, with the average amount of money lost reaching $14,000. By employing this strategy, fraudsters demonstrate how they take advantage of fear and authority in order to change their focus to cash-based scams.
Authentication Bypass: Breaking Through Digital Defenses
Phishing tactics are becoming increasingly sophisticated, which fraudsters are using to circumvent two-factor authentication. In order to obtain one-time passwords and gain unauthorized access to customer accounts, hackers use generative artificial intelligence to design emails, texts, and phone calls that are convincing-looking. In light of this, it is clear that fraud in the digital era is becoming increasingly sophisticated.
A sprawling data center with rows of glowing servers, one server with a bright red ‘LOCKED’ screen displayed, a digital skull icon on a holographic interface, a network of web-like connections being severed, moody lighting with vibrant accents.
Gas Station Fraud and Global Trends
This type of fraud, in which con artists take advantage of very minor payment authorizations in order to make larger purchases, is on the rise at petrol stations. The fact that this activity, which was originally mostly centered in the Americas, is now extending to Central Europe, the Middle East, and Africa highlights the fact that payment fraud is a global phenomenon now.
Token Provisioning and Enumeration Scams
Despite the fact that tokenization continues to be an effective security solution, con artists are discovering ways to acquire tokens in an unauthorized manner. Enumeration attacks, which include the automated checking of payment data in order to discover legitimate account numbers, are another type of attack that poses a substantial risk to both customers and merchants. Charitable groups and government agencies were disproportionately impacted, showing vulnerabilities in sectors that appeared to be well protected.
Ransomware and Third-Party Targets
Although the number of ransomware attacks has reduced overall, there has been a rise in the number of attacks that target third-party providers such as cloud and web hosting services, which has increased the potential damage. The devastating reach of these schemes is demonstrated by the fact that a single ransomware outbreak in 2024 affected 77.2 million individuals.
What Can We Learn?
Visa’s report serves as a stark reminder that while payment systems grow more secure, the human element remains the weakest link. Consumers, merchants, and financial institutions must stay vigilant:
- For Consumers: Be cautious of unsolicited emails or calls asking for sensitive information. Always verify communication with government agencies or financial institutions directly.
- For Merchants: Regularly update security systems and train employees to recognize enumeration and other cyber threats.
- For Financial Institutions: Enhance fraud detection systems and educate customers about emerging threats like digital pickpocketing and token fraud.
Visa’s $11 billion investment in technology underscores the commitment to building a safer payment ecosystem. However, the fight against fraud is a shared responsibility. By staying informed and vigilant, we can collectively minimize risks and safeguard financial transactions.
For more information on Visa’s efforts to combat fraud, visit visa.com/security.