Visa fraud expert outlines the many faces of payment ecosystem fraud

2023-03-29 04:00

For context, digital skimming attacks occur when threat actors deploy malicious code onto a merchant website where they target their checkout pages to scrape and harvest consumer payment account data, such as primary account number, card verification value, expiration date and personally identifiable information.

Cryptocurrency bridge services were a favored target for threat actors in 2022 and from January through early October 2022, the cryptocurrency ecosystem experienced 13 separate bridge attacks totaling $2B. What can payment processors and e-commerce merchants do to help protect themselves against enumeration attacks?

Enumeration, which is the programmatic testing of common payments data elements to predict payment credentials, continues to be one of the top threats in the payment's ecosystem.

Does Visa have further insights as to how processors and merchants can protect themselves against enumeration attacks?

To combat enumeration, issuing and acquiring banks can take a number of actions - for example, acquiring banks can also take measure to protect merchant credentials and transactions but using Point-to-Point Encryption, issuing strong user IDs and passwords for payment gateway portals, and more.

Issuing banks can diligently monitor for common indicators of enumeration, such as repeated CVV2 failures, invalid expiration data and invalid PAN. What changes do you anticipate in the fraud threat landscape over the next few years? What should CISOs be worried about?

News URL

https://www.helpnetsecurity.com/2023/03/29/michael-jabbara-visa-digital-skimming-attacks/

#fraud #payment #visa