The digital revolution has brought about significant advancements in consumer experiences, but it has also given rise to new opportunities for cybercriminals. Advanced computing, open banking, software-as-a-service (SaaS) models, and the emergence of crypto and blockchain have all created openings for fraudsters. Moreover, the availability of large language model applications like ChatGPT is providing cybercriminals with even more sophisticated tools.
Visa, a leading global payments technology company, is vigilant in tracking and analyzing top payment ecosystem threats. They aim to understand how threat actors are leveraging both traditional and new attack methods. While the digital commerce environment remains a prime target for cybercriminals, physical threats such as skimming on ATM and point-of-sale terminals continue to persist.
One example of a crafty fraud technique is the use of counterfeit cards at checkout. Despite the widespread adoption of EMV chips, which have significantly reduced in-person fraud at point-of-sale terminals, some fraudsters exploit the fallback reading of a card’s magnetic stripe. This forces the transaction to be conducted with the mag-stripe, generating a response from the issuing bank that an acquirer or processor may interpret as an approval. Consequently, the fraudster can walk away with fraudulently purchased goods. This highlights the importance of properly handling response codes within a transaction.
Another area of concern is the potential threat to encryption posed by quantum computing. While artificial intelligence can be used to detect fraud in real time, cybercriminals can also leverage this technology to compromise modern-day encryption. As quantum computing becomes more accessible and scalable, cybercriminals are amassing large amounts of encrypted personally identifiable information (PII) in anticipation of prominent encryption methods being compromised. The National Institute of Standards and Technology (NIST) has already published the first set of standards for quantum-resistant cryptographic algorithms, and it is estimated that 20 billion devices will need upgrades or replacement over the next 20 years to adopt quantum-safe encryption.
The exponential growth of data in the open banking era has also brought challenges in securing customer information. Fraudsters are purchasing stolen customer credentials on the Dark Web and using synthetic identity fraud to open fraudulent accounts. Synthetic identity fraud involves using legitimate data elements from different individuals to create a fictitious person. The payments ecosystem has witnessed an increasing trend in one-time-password (OTP) bypass schemes, which have been detected across various global regions.
In the software-as-a-service (SaaS) world, every node within the ecosystem is a potential vulnerability. Threat actors increasingly target service providers, who may have weaker security profiles compared to the organizations they serve. Even closely cooperating entities can pose risks, as demonstrated by a recent data breach where a digital-only bank suffered a breach through a service provider connected via an API. Establishing a robust third-party monitoring program is crucial in such an environment to prevent unauthorized access to sensitive data.
Blockchain technology, which offers various benefits for conducting business, is also susceptible to exploitation by fraudsters. Crypto-related scams, social engineering, and ransomware attacks have become prevalent within the crypto space. For example, phishing campaigns targeting crypto users have become more sophisticated, with fraudsters sending emails that appear to be from legitimate crypto exchanges. Clicking on malicious links leads victims to spoofed websites, where their account details are stolen, resulting in the theft of their assets. Cybercriminals can even leverage ChatGPT and other language models to craft highly targeted and convincing phishing messages.
As technology continues to advance, security professionals need to anticipate how threat actors will exploit these innovations for more complex and sophisticated fraud attacks. Conducting regular assessments of security controls, educating internal stakeholders and customers about their roles in maintaining security, and equipping them with knowledge and tools to recognize and respond to threats are critical in staying ahead of cybercriminals.
In conclusion, while the digital revolution has brought significant innovation to consumer experiences, it has also created new opportunities for cybercriminals. Companies like Visa are actively monitoring and analyzing threats in the payment ecosystem to understand how fraudsters are evolving their tactics. It is crucial for businesses and individuals to remain vigilant, continually update their security measures, and educate themselves on the latest fraud techniques to protect against potential threats.