The payments ecosystem has always had to consider cybersecurity carefully, but since the rapid expansion of digital payments (thanks, in part to the pandemic), it’s become critical. Particularly as cybercriminals and hackers have also become more sophisticated in their methods.
This was one of the threats, highlighted by Visa in their bi-annual threats report. Here are four others that they see are particularly impacting the global payments ecosystem in 2022.
Cryptocurrency fraud
As the interest in cryptocurrencies surged during 2021, cybercriminals increased their use of phishing campaigns and social engineering tactics to steal funds. They have also continued to innovate and to increase the sophistication of their tactics.
Technical misconfigurations
Threat actors continue to exploit technical misconfigurations to conduct fraud. For example, hackers in North America, Latin America and the Caribbean have been using automated fuel dispenser (AFD) fraud schemes. This means they can take advantage of a misconfiguration of authorisation advice following the US $1 authorisation check (a mandated and standard process during AFD transactions) to make transactions of amounts much higher than the account balance on the payment account that was being used.
Digital skimming
These attacks involve cybercriminals deploying malicious code onto a merchant website. This will harvest payment account data via their checkout pages as the buyer enters their data into the checkout form. These attacks are enabled, often due to misconfigurations or lack of security controls on the merchant’s side.
Geopolitical influences
Whilst the payments ecosystem has not experienced unusually disruptive concerted attacks, consumers need to be aware of phishing attacks targeting individuals. These usually involve fake charities asking for donations to support Ukrainian businesses and refugees. As the situation continues to unfold, there will likely be other security threats coming into the picture.