With the rise in digital payments comes a series of questions and concerns, including how to protect and secure those payments and financial data — especially as cyberattacks become more frequent. Businesses and consumers in emerging markets especially are popular targets for these types of attackers, many of whom are not as scam-savvy as they believe. A recent survey (pdf) conducted by Visa found that 90% of individuals in the Central Europe, Middle East and Africa region are likely to miss warnings of fraud.

Visa’s Regional Risk Officer for CEMEA, Charles Lobo (Linkedin), Global Head of Fraud Services Michael Jabbara (LinkedIn), and Head of Products and Solutions at Visa Europe, Mehret Habteab (LinkedIn), dove into the reasons behind the rise in scams and attacks on financial transactions in recent years, and how it works to combat them, during a media roundtable on the sidelines of its annual CEMEA security summit earlier this month.

By the numbers: Global data breaches increased 20% y-o-y in 2023, writes the Harvard Business Review, with ransomware gang activity in the Middle East surging a whopping 77%. The global cost of cybercrime is set to reach USD 10.5 tn in 2024, Visa forecasts. To put this in perspective, if it were a sovereign nation, it would be the world’s third largest economy, Jabbara said at the roundtable.

MOST COMMON SCAMS-

The financial system in CEMEA has seen an estimated USD 1 tn in financial losses due to cyberattacks in 2023, according to Visa’s survey. Its latest Spring 2024 report (pdf) on top payment threats in the world cited pig butchering scams — combining deepfakes and phishing with investment scams — as one of the most common scams over the past period, alongside inheritance scams, humanitarian relief scams, and triangulation fraud, which involves the creation of fake websites and businesses that promote bargains.

There has also been an increase in purchase return authorization attacks, as well as a 67% increase in ransomware attacks as a service; a 71% increase in brute force attacks at financial institutions, where hackers try out a huge amount of card numbers with the intention of guessing an accurate one; and a 33% increase in transaction laundering, according to Lobo.

WHY WE’RE SEEING MORE FRAUD-

While fraud is actually falling the more digital payments grow as companies work to secure transactions, fraudsters are becoming more sophisticated in how they target and attack consumers, Lobo said. The more complex financial ecosystem of today’s world has evolved beyond the classic “four-party model” — comprising a card issuer, an acquirer to process transactions, a merchant, and a consumer — which has, in turn, made it more difficult to secure transactions.

“We’ve seen 50% growth in payment facilitators who claim to bring more merchants,” Lobo said, adding that this adds a need for more outsourcing control, KYC, and vetting.

“The amount of data going around is growing in the hundreds of percentages,” Lobo said. The use of deepfakes and generative AI is rising in tandem as cyberattackers look to harvest some of that data, he added.

WHAT CAN BE DONE?

Visa managed to block some USD 40 bn in online fraud last year, according to its report. The company has invested USD 10 bn over the past five years into tech and innovation to help it mitigate those risks, it added.

One tool in their repository is the very tool that attackers use to breach payments and transactions: generative AI. The company has been developing a predictive model that uses genAI and network data to identify enumeration activity before it results in fraud, dubbed Visa Account Attack Intelligence (VAAI). “My hypothesis is that, when we roll VAAI out, it will do to enumeration fraud what the chip did to counterfeit fraud,” Jabbara said at his keynote address at the summit, Gadget reports. “Essentially. it will eliminate it.”

The tool will be available in the CEMEA region next year, after it is rolled out in the US this year, Jabbara said.

Visa also uses a cloud-based surveillance platform — HawkAI — to investigate suspicious incidents, Gadget added.

Leave a comment

Your email address will not be published. Required fields are marked *