Although the global fraud rate was below expected levels in the first half of the year, threat actors managed to evade safeguards leading fraud to spike across multiple categories, according to a Visa report.
Between January and June, the San Francisco-based card giant tracked an uptick in fraud in ransomware attacks, enumeration attacks and card-not-present fraud, according to the most recent edition of its biannual threats report. Among retail-specific crimes, the company highlighted the rise of counterfeit and spoofed merchants, malicious advertisers, flash-fraud scams and free gift scams, according to the Sept. 7 report.
“While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be,” Visa’s Chief Risk Officer Paul Fabara said in a statement. “The same way criminals take advantage of technology advances, so does Visa, and the $30 billion of fraud prevented in the last six months alone is a great testament to that.”
Ransomware attacks spiked in March, soaring 91% over February numbers and 62% year-over-year, Visa said in its report. The top root causes of ransomware attacks were exploited vulnerabilities (36%) and compromised credentials (29%), according to the report.
Enumeration attacks jumped 40% during the January to June time period, compared to the previous six months, Visa said. As for card-not-present fraud, more than half (58%) of the fraud and breach investigations stemmed from online merchants. However, brick-and-mortar retailers comprise 20% of card-not-present fraud.
Visa did not disclose how much malicious advertising, spoofed or counterfeit merchant fraud, flash-fraud scams or free gift scams it had detected. It only noted that these categories had seen “a measurable uptick during the past six months.”
The rise in artificial intelligence is contributing to the increase in some fraud amid an overall decline. As artificial intelligence “continues to proliferate in the market and new use cases evolve, merchants and consumers alike may experience new challenges in identifying and preventing scams,” Michael Jabbara, vice president and global head of fraud services at Visa, told Payments Dive via a spokesperson.
While ransomware is not a new tactic for threat actors, they are using ChatGPT and advanced language models to “create malware that can act as file stealers while evading detection or generating malware capable of encrypting an entire device,” Jabbara said in the statement. “ChatGPT and other ALMs have lowered the barrier to entry for those with limited programming abilities or technical skill and carry out attacks.”
As of now, Visa continues to see a disproportionate increase in attacks targeting e-commerce, Jabbara added. “We found that merchants in this sector were impacted by 58% of the total fraud and breach investigations and 7% for ransomware fraud schemes,” he continued in the statement.
While counterfeit merchant attacks involve creating fake sites to steal customer information, malicious advertising attacks use fake ads to gather consumers’ payment information, Visa explained. Flash fraud involves tricking merchants into processing legitimate transactions and then processing a large number of illegitimate transactions using stolen payment information.
Meanwhile, free gift scams swindle victims by offering them a free gift in a pop-up window that actually links to a “malicious payload” that includes a file with harmful non-fungible tokens, enabling cybercriminals to transfer cryptocurrency from the victim’s digital wallet to their wallet, according to Visa.
As Visa tracks rising fraud, the company has separately said that its fees support its cybercrime prevention strategy. Though the company said in its report that the global fraud rate “trended lower than normal” during the first half of the year, it noted in a September blog post that cybercrime is at record highs. The fees helped to support its fraud prevention infrastructure, Visa has explained in the past.
Research suggests that card issuers’ efforts to mitigate fraud are beginning to pay off. A December 2022 issue of the industry publication Nilson Report noted that the international card fraud losses for sellers, issuers and acquirers will reach $397.40 billion during the next decade, down from the previous predicted loss of $408.50 billion.