Visa’s Fall 2023 Biannual Threats Report reveals growing threats in the form of AI-powered phishing, enumeration attacks, and ransomware, despite a lower-than-expected overall global fraud rate. Visa proactively blocked $30 billion in potential fraud during the reporting period.
8 September 2023 – Visa Inc., a globally recognized leader in digital payments, has released its Biannual Threats Report for Fall 2023, shedding light on the evolving landscape of fraud schemes that pose a threat to the global economy. The report underscores a substantial surge in phishing schemes empowered by generative AI tools, an alarming increase in enumeration attacks, and the persistent menace of ransomware. Visa’s collaborative efforts with law enforcement agencies worldwide to apprehend fraudsters are also showcased.
During the reporting period of January to June 2023, global fraud rates remained below the expected levels, thanks to Visa’s proactive measures, which thwarted a staggering $30 billion in potential fraud. However, the report highlights the success of sophisticated and targeted fraud schemes that have adversely impacted specific entities, technologies, and processes.
Ransomware attacks continue to evolve, reaching record levels in March 2023 with nearly 460 attacks – a 91% surge compared to February 2023 and a 62% increase from the same period in the previous year. Exploited vulnerabilities accounted for 36% of ransomware attacks, closely followed by compromised credentials at 29%. Interestingly, ransomware attacks, while a grave concern, do not exclusively target payment data; they compromise any accessible data, including payment information and personal identifiable data.
Enumeration attacks, which affect both merchants and consumers, have seen a worrisome 40% increase over the previous six months. Visa’s Visa Account Attack Intelligence has been pivotal in swiftly identifying and halting these attacks.
Furthermore, the report indicates a growing focus on Card-Not-Present (CNP) merchants, with online vendors being responsible for 58% of total fraud and breach investigations. Brick-and-mortar businesses constituted 20% of these investigations, while ransomware and fraud schemes made up 7%.
Retail-specific fraud schemes have witnessed a noticeable upswing in recent months. These include false, spoofed, or counterfeit merchant websites targeting unsuspecting consumers, malvertising through deceptive ads, flash-fraud scams that deceive by establishing credibility before conducting large-scale fraudulent transactions, and the emergence of crypto scams disguised as “free gift” offers.
Paul Fabara, Visa’s Chief Risk Officer, acknowledged the company’s satisfaction with the lower-than-expected fraud rate but emphasized the ongoing adaptability of fraudsters. Visa’s steadfast commitment is evidenced by its prevention of $30 billion in fraud in just the last six months.
Visa’s relentless pursuit of security extends to its collaboration with law enforcement agencies worldwide, leading to significant crackdowns on cybercrime activities. Several high-profile arrests, including the takedown of Try2Check, Operation Urban Justice targeting EBT fraud, and the Genesis Market Takedown involving 119 arrests, underscore Visa’s global commitment to combatting cybercrime.
Visa’s multi-layered security approach, encompassing real-time transaction monitoring, payment threat intelligence, and identity solutions for enhanced authentication technology and reduced false declines, reaffirms its dedication to safeguarding the global economy.