Cyber criminals have been taking advantage of payments vulnerabilities and using artificial intelligence to accelerate the pace of their wrong-doing, according to a biannual threats report from Visa. 

In the report published last month that covers the first half of the year, Visa identified multiple payment fraud techniques that posed risks to companies and consumers: fraudulent purchase return transactions; ransomware and data breach attacks; digital skimming attacks; and impersonation scams.

The card network giant also said fraudsters are increasingly discussing the use of artificial intelligence for payment fraud in underground forums. 

The company has invested $11 billion over the past five years in technology and other infrastructure improvements aimed at making its systems more secure, according to the press release.

The report dissected “emerging threats and scams targeting banks and consumers, including a surprising resurgence of small-scale physical crime,” Visa said in an Oct. 23 press release accompanying the report. “As payments become safer, fraudsters are reverting to tried-and-true tactics that target the weakest link in the ecosystem: consumers,” Visa’s chief risk and client services officer, Paul Fabara, said in the release.

Among the vulnerabilities threat actors are exploiting are purchase and return authorizations that go awry, which involves payment companies wrongly approving transactions. For the first six months of the year through June, the number of such fraud investigations Visa has opened has spiked 81% compared to the prior six-month period, per the report. Each of these attacks has resulted in “potential losses” of $184,000 for Visa’s card issuing partners, the report said.

To execute ransomware and data breach attacks, the fraudsters have been increasingly targeting third-party vendors, Visa noted in its report. While the company logged a 12.3% drop in individual ransomware and data breach incidents tracked by its internal staff for the six months studied, the card network recorded a 24% jump in attacks against third-party service providers, the report said.

Visa’s report noted that digital skimming attacks, which use malicious code to steal sensitive customer information from business websites, have remained consistent for the first half of the year, but the report predicts that this fraud category will rise during the upcoming holiday shopping season. Visa also identified advanced social engineering techniques scammers are using to defraud retailers’ digital wallet services by creating complex impersonation schemes and taking advantage of authentication data, such as one-time passcodes.

Law enforcement assistance

Visa touted its efforts to assist law enforcement agencies in pursuit of fraudsters exploiting payment vulnerabilities. In April, the company said it assisted the U.S. Secret Service and local law enforcement officials in “Operation April Fools” which resulted in the arrests of 33 suspects in California, alleged to be committing electronic benefit transfer (EBT) fraud. 

Visa also assisted the FBI in investigating 22 suspects accused of buying and using stolen payment cards stolen from an unnamed, large North American retailer as part of a 2021 case. In February of this year, 20 defendants were convicted of using gift, credit and debit card information stolen in a cyber attack, which amounted to $25 million, per the report. 

In addition to publicizing its law enforcement collaborations, Visa also passed along tips from federal agencies regarding how consumers can protect themselves. Criminals exploiting EBT cards typically target point-of-sale systems or ATMs, where scammers install skimming devices to take consumers’ payment card numbers. The U.S. Secret Service advises cardholders to check card readers for skimmers that could take their information, especially in tourist areas. The agency also recommends covering ATM keypads when entering their PIN, because some fraudsters install pinhole cameras near the keypad to steal PIN codes, the report said. 

Future threats

Visa anticipates another form of fraud known as “enumeration” will remain popular among criminals. In that fraud, criminals use computer programs to guess common payment identifiers for online transactions, testing account numbers, security codes and expiration dates until they determine a correct set.

The card network also suspects gas station card fraud, prepaid card tricks and purchase return authorization schemes will persist, per the report. 

Cloud storage companies, remote software providers, file transfer services and other third-party vendors will also remain prime targets for ransomware attacks, the report said.

Plus, Visa anticipates that phishing emails will become increasingly more misleading and realistic.

Though Visa has tracked fewer digital skimming cases in the first half of the year, Visa predicted a rise in such attacks coinciding with the holiday shopping season. As retailers’ online transaction volumes spike, bad actors will attempt to hack into large quantities of sensitive customer and payment information from companies’ websites, according to the report.

In addition to assisting law enforcement in pursuing criminal suspects, Visa and its competitor, Mastercard, have recently made acquisitions to bolster their cybersecurity operations. In September, Mastercard bought the cybersecurity firm Recorded Future for $2.65 billion, a move it made after collaborating with the company on an artificial intelligence service that notifies banks of compromised credit and debit cards. Later that month, Visa acquired the British cybersecurity for Featurespace for an undisclosed sum to “complement and strengthen Visa’s portfolio of fraud detection and risk-scoring solutions.”