It’s a fact of the payments world that fraudsters are adept at watching and following consumer behavior to maintain their criminal revenue flow. Just as consumers have returned to shopping in stores, criminals have returned to the point-of-sale, albeit without neglecting their online activities.
That’s the summation from Visa Inc., which issued an update Thursday on the evolution of fraud since the peak months of the pandemic. Skimming, for example, increased 176% in the June-to-November 2021 period over the previous 12 months.
“The key interesting thing we saw is this dramatic shift in how consumers were paying,” Michael Jabbara, Visa head of fraud services, tells Digital Transactions News, referencing how consumers moved to online commerce during the peak period of the Covid-19 pandemic. “That shift proved to be sticky.”
Now, however, as the pandemic’s worst economic impact recedes, consumers have been making more in-store purchases. “The fraud has shifted along with it,” Jabbara says. “Fraudsters have a good pulse on where consumers are going.” That means point-of-sale devices in convenience stores and automated fuel dispensers (POS devices at gas pumps), are now two favorites for criminals, he says.
Jabbara says fraudsters have sustained their activities in card skimming. “Over time, the threat has remained consistent,” he says. “That doesn’t mean digital commerce has been ignored. They are very good at multitasking.” Approximately three-fourths of the incidents Visa tracked came from the card-not-present channel, he adds.
Still, fraudsters target card-present transactions. In one attack that lasted from mid-December 2021 to February 2022, the criminals used magstripe data to provision mobile devices and “conducted payment entry mode 91 (contactless, using magnetic-stripe data rules) transactions at various grocery stores” in Europe, Visa says in its June Biannual Threats Report. Another attack in February saw criminals use compromised magstripe data to target large North American retailers with in-store fraudulent purchases.
Despite not having valid card verification values for these transactions, which meant authorization requests were initially declined because of that, criminals found a processing misconfiguration that resulted in the acquirer or merchant mishandling the authorization response code declines as approvals, enabling the fraudulent purchases, Visa says in the report.
Criminals, too, are targeting cryptocurrency. There is new malware focused on browser-extension wallets for crypto users and new phishing and social-engineering schemes, Visa says. While some of these fraud attacks are unique to crypto, Jabbara says the procedures to counter them are being adapted to emerging use cases.
Overall, tapping more data to better authenticate users as payment authorizations are in process can help against the fraud, he says. It’s not enough to know if the transaction alone is good. Parties must also ensure the transaction is being made by a cardholder who is who he says he is, Jabbara says. Visa is adapting to this shift and looking at how these data sources can be correlated to yield better information about transactions, he says.