Visa issues holiday season warning; urges users to exercise caution amid rising cyber threats

Visa Inc., a world leader in digital payments, this week urged its users to exercise caution when carrying out financial transactions as it anticipates threat actors will use advanced schemes to exploit consumers’ information during the holiday season.

The Holiday Edition Threats Report by Visa pointed out that popular fraud tactics are expected between November 2023 and January 2024 due to the rapid increase in eCommerce activities and in-person spending across retail and hospitality. The heightened scam activity is for both card-present (CP) and card-not-present
(CNP) transactions.  

“Sri Lankan consumers are increasingly using online payment gateways, making various purchases from e commerce sites globally and locally. This growing trend means that consumers need to be more vigilant and mindful of online safety when making transactions during the season,” Visa said in a statement.
While historical data and transactions show that threat actors prey on consumers during the holiday season, Visa’s data shows that for the top merchant categories targeted by fraudsters, 2022 holiday fraud rates increased 11 percent over their non-holiday fraud rate and saw an increase of 8 percent over the previous year during this time.

The Holiday Edition Threats Report warns that threat actors will seek to exploit consumers’ increased interest and urgency in finding deals and one-of-a-kind gifts. 
“Crooks prepare all year for the holiday shopping season, taking advantage of increased activity and consumers who let their guard down searching for the perfect gift,” said Paul Fabara, Chief Risk Officer, Visa. “At Visa, we are committed to security and reliability, with a promise of 24/7 threat monitoring, even during the busiest time of the year. Consumers can rest easy this holiday season knowing Visa’s team of experts is working around the clock to stop fraud it its tracks,” Fabara added, sharing some of the schemes users should be aware of.
With the increase in online shopping, there’s a greater opportunity for scammers to successfully compromise account data from eCommerce merchants and monetise it.

The advancement of artificial intelligence (AI) over the past year provides threat actors with the ability to create highly customized phishing campaigns, making it harder for consumers to spot fakes. Fraudsters are creating phishing websites, often using malvertising (malicious advertising) and other illicit search engine optimization (SEO) tactics on retail or service websites to entice victims.  
Further, with the increase in foot traffic at brick-and-mortar merchants and ATMs, threat actors will likely target ATM and POS terminals with skimming attacks.

Visa also shared that there are many one-time-passcode (OTP) bypass schemes to gain access to cardholders’ accounts. In this scheme, OTP templates are sent to the victims that appear to be associated with desired purchase.
Lastly, threat actors may attempt to physically steal payment cards and/or phones from unsuspecting consumers in crowded retail stores, shopping malls, or parking lots.