Visa (NYSE: V) released the Spring 2024 Edition of its Biannual Threats Report, which outlines the top payment threats impacting consumers and businesses around the world.
The report points to increasingly organized, sophisticated threat actors “targeting the most vulnerable point in the payments’ ecosystem: humans.”
Paul Fabara, Chief Risk and Client Services Officer, Visa, said:
“With the use of Generative AI and other emerging technologies, scams are more convincing than ever, leading to unprecedented losses for consumers. Visa is uniquely positioned to address these threats, with investments in tech and innovation reaching over $10 billion over the past five years. These investments, in addition to our ongoing education and top talent, allow us to stay ahead of scams and protect consumers.”
Consumers are increasingly targeted “by scammers, who rely on heightened emotions to create fraud opportunities.”
While the number of individual scam reports from June to December decreased, the total money lost increased, “indicating scammers are targeting victims with more effective – and costly – scams.”
According to another recent Visa survey, “more than one-third of adults surveyed decided not to report scams committed against them1, suggesting the losses are higher than reported.”
Top consumer scams highlighted in the Spring Threats report include:
- “Pig butchering” scams: Capitalizing on holidays like Valentine’s Day and New Year’s Eve through social media and dating sites, scammers lure victims into online relationships and convince them to invest in fake cryptocurrency trading platforms.
- Leveraging AI to create more convincing campaigns, pig butchering scams have led to billions of dollars of losses for consumers2. Per Visa’s study, 10 percent of surveyed adults have been targeted in a pig butchering scam1.
- Inheritance scams: Victims are notified about an inheritance left by a long-lost relative, often coming from a seemingly legitimate law firm or other professional entity. Red flags include secrecy, urgency, requests for personal information, and the need for an initial payment to secure future gains. 15 percent of U.S. adults surveyed by Visa have been targeted in inheritance scams1.
- Humanitarian relief scams: Capitalizing on tragic current events, these scams exploit calls for donations across social media to defraud unsuspecting donors.
Triangulation fraud: Threat actors create illegitimate online storefronts offering in-demand products at a low cost to collect payment information. Legitimate merchants fulfill the online order, but payment information is already compromised. Triangulation scams cost merchants up to $1 billion in a single month3.
Fabara said:
“Visa has a dedicated team that works around the clock globally to monitor and disrupt the tactics bad actors use to commit fraud. With our average time between identifying and shutting down an attack measured in minutes versus hours or days, we are doing all we can to help keep consumers safe. We hope building awareness of these emerging scams will help consumers fight fraud as another line of defense in the battle against fraudsters.”
In addition to cardholders, threat actors are continually probing organizations and networks for complex weaknesses, “leveraging new technologies to exploit vulnerabilities with far-reaching impacts.”
Organizational fraud trends impacting the ecosystem include:
- Supply chains and third-party services are increasingly targeted with campaigns designed to maximize the impact of a single breach.
- Artificial Intelligence (AI) has been increasingly adopted by fraudsters, allowing them to identify vulnerabilities within fraud controls implemented by banks.
- Purchase Return Authorization (PRA) fraud attacks increased 83 percent over the previous five-month period, with each successful attack leading to approximately $115,000 in potential fraud losses to banks.
- Ransomware cases increased 300 percent from June to December 2023 when compared to the same period in 2022. Visa forecasts that ransomware threat actors will continue to target critical infrastructure, including financial organizations.