SECURITY AND TRUST Why hackers are prioritizing account data attacks in digital payments

Over the last year, we've noticed a continued shift in the tactics used by hackers. While Visa blocked 85 percent more presumed fraud during the kickoff to the holiday season this year versus last, fraudsters are prioritizing the hacking and fraudulent use of account data rather than focusing solely on payments data.

This trend was highlighted by our Visa Payments Ecosystem Risk and Controls (PERC) Team in the latest Visa Biannual Threat Report (Fall 2024) as we work together as a global team and in collaboration with our ecosystem partners to proactively protect businesses and consumers from these threats.

The hacker's evolving strategy

Hackers have evolved, moving upstream from payments data to account data. This means they are targeting usernames, passwords, social security numbers and email addresses to create synthetic identities — fake identities that can pass verification checks since they are built from real peoples’ personal info.

The shift fraudsters are taking from targeting payments data to account data is an important tactic for a business’ cybercrime and fraud organizations to be aware of and for consumers to understand. The targets are the same, but the methodologies and intensity are different.

The complexity and sophistication of fraudsters

Fraudsters are incredibly knowledgeable about the payments landscape. They understand the intricacies of payments processes and know how to exploit even the smallest gaps in security. For instance, they can manipulate the system to approve transactions inadvertently if certain fields are not populated correctly. This level of sophistication is why it's essential for businesses to continuously optimize their security configurations.

Furthermore, these fraudsters operate like businesses, with their own chief risk officers who set the risk appetite. They avoid high-risk targets such as hospitals and government infrastructure to minimize media attention and law enforcement response.

This professionalization of cybercrime operations is a testament to the increasing complexity of the threat landscape.

How are hackers accessing digital payments account data?

Fraudsters are laser-focused on breaching consumers (buyers and sellers) through a variety of methods to access account data, including social engineering, phishing scams and digital skimming attacks.

Social engineering and phishing scams: Fraudsters are utilizing sophisticated social engineering tactics and phishing scams to trick consumers into revealing sensitive information. This method is effective because it preys on human biases and emotional triggers.

Digital skimming attacks: Hackers inject malicious code onto the checkout pages of merchant websites to harvest payments account data and personally identifiable information (PII) entered by customers. We’ve seen this type of attack has become more prevalent as ecommerce continues to grow.

Staying proactive in protecting account data

At Visa, we monitor cybercrime and fraud threats daily and understand that threat actors continue to exploit vulnerabilities within the payments ecosystem. Particularly, they target point of sale (POS) networks and devices to gain access to sensitive payments data.

Our team at Visa has also identified several new tactics used by threat actors to perpetrate digital skimming attacks and extract compromised payments account data from compromised webpages. One of these tactics, involves threat actors successfully redirecting legitimate consumer DNS web traffic from the victim ecommerce merchant’s checkout webpage to a phishing landing page to steal payments account data.

We also look to dismantle the actual infrastructure used to carry out these attacks. When we start to see common linkages among accounts being used for malicious activity, we trace it back, assess how these accounts are created, identify the points of vulnerability and shut them down in partnership with law enforcement.

Innovation to protect the payments ecosystem

Understanding the evolving strategies of hackers is crucial for businesses and consumers alike. By staying informed and proactive, we can better protect ourselves from these sophisticated threats.

At Visa, we are committed to safeguarding the payments ecosystem and helping businesses and consumers navigate this ever-changing landscape. Through the close integration of people and technologies, Visa has developed processes to mitigate and prevent payments ecosystem attacks.

Upon the identification of potential egregious fraud attacks Visa conducts extensive processes to determine the best methods to block and prevent further fraud and minimize impact to legitimate transactions.

We engage the global payments ecosystem, ranging from financial institutions such as issuers and acquirers, third-party agents including integrators/resellers and all merchant levels to help ensure any at risk data is identified and impacted stakeholders are notified.

This is all in a day at Visa. We will continue to closely monitor threat actor strategies for new and novel scam tactics as threat actors evolve while we develop innovative solutions to proactively protect businesses, consumers and the great payments ecosystem.