Visa Inc., a world leader in digital payments, revealed its Holiday Edition Threats Report, which anticipates heightened scam activity during the holiday season across both card-present (CP) and card-not-present (CNP) transactions. The new report identifies popular fraud tactics expected between November 2023 and January 2024 due to the rapid increase in eCommerce activities and in-person spending across retail and hospitality.
Historical data and transactions show threat actors prey on consumers during the holiday season. Visa’s data shows that for the top merchant categories targeted by fraudsters, 2022 holiday fraud rates increased 11% over their non-holiday fraud rate and saw an increase of 8% over the previous year during this time.
The Holiday Edition Threats Report warns that threat actors will seek to exploit consumers’ increased interest and urgency in finding deals and one-of-a-kind gifts.
“Crooks prepare all year for the holiday shopping season, taking advantage of increased activity and consumers who let their guard down searching for the perfect gift,” Paul Fabara, Chief Risk Officer at Visa Inc. said in a press statement. Adding “At Visa, we are committed to security and reliability, with a promise of 24/7 threat monitoring, even during the busiest time of the year.”
Highlights of the report’s findings include:
- Phishing and Social Engineering: The advancement of artificial intelligence (AI) over the past year allows threat actors to create highly customized phishing campaigns, making it harder for consumers to spot fakes. Fraudsters also create phishing websites, often using malvertising (malicious advertising) and other illicit search engine optimization (SEO) tactics on retail or service websites to entice victims.
- OTP Bypass and Provisioning Fraud: Visa identified many one-time-passcode (OTP) bypass schemes to gain access to cardholders’ accounts. In this scheme, OTP templates are sent to the consumers that appear to be associated with the desired purchase.
- Physical Theft: Threat actors may attempt to physically steal payment cards and/or phones from unsuspecting consumers in crowded retail stores, shopping malls, or parking lots.
Visa Inc. also unveiled a list of habits consumers can follow to practice safe and secure shopping. Visa’s habits for good security hygiene can guide consumers who are planning to shop this holiday/festive season on best practices to stay safe. Key highlights from Visa’s tips include:
- Shop from Reputable Retailers: Stick to trusted and well-known retailers. If you’re considering a purchase from a store you’re not familiar with, do some research to check their reputation and authenticity.
- Secure Your Personal Information: Make sure the website uses secure technology. When at the checkout, the website address should start with ‘https://’. The ‘s’ stands for secure and means that your data is being encrypted and sent over a secure connection.
- Always Check Details in the OTP Message: Before entering the OTP, verify the purpose of the OTP (e.g., is it for a purchase or issuance of a device token) and review the purchase details such as the merchant name, and transaction amount. Finally, you should not disclose your OTPs over the phone, email, or messenger.
- Avoid Public Wi-Fi for Shopping: Public Wi-Fi networks are often unsecured, which makes it easier for hackers to steal your information. Always use a secure, private internet connection when you’re making purchases.
- Beware of Deals That Are Too Good to Be True: Offers on websites and in unsolicited emails can often sound too good to be true, especially extremely low prices on hard-to-get items. Consumers should be suspicious of such deals, as they often are.
At Visa, security and reliability are a top priority year-round. Over the past five years, the digital payments company has invested more than USD$10 billion in technology, including to reduce fraud and increase network security. More than a thousand dedicated specialists protect Visa’s network from malware, zero-day attacks, and insider threats 24x7x365. In fact, in the first six months of 2023, Visa helped to proactively block USD$30 billion in fraud, preventing many from ever knowing they were at risk of a potentially fraudulent transaction.
The company is highly encouraging consumers to stay alert during this festive season and think about where they are shopping and who they are sharing their information with to keep it safe.
Top merchant categories include home improvement and supply, telecommunications, business-to-business, healthcare, automotive, entertainment, education and government, lodging, insurance, airlines, and drug stores and pharmacies.