The COVID-19 cybercrime surge, and how to tackle it
The incredible pace of digital adoption during the COVID-19 pandemic brought many benefits to consumers around the globe, but there has been one unintended consequence: increased cybercrime.
The frequency and severity of cybercrime attacks across the globe rose steeply in 2020. According to Visa’s analysis, during the pandemic, the threat of cyberattacks increased tenfold on some days1. If the impact of cybercrime were measured in the same way as we measure the gross domestic product (GDP) of nations, then with a value of $6 trillion it would be the third largest economy, after the US and China.2
“As the digital opportunity grows, there is more opportunity for the bad guys to come in,” explains Hector Rodriguez, Senior Vice President and Regional Risk Officer, Visa CEMEA. “Cybercrime is an industry. Probably one of the most sophisticated industries in existence, with syndicates that operate worldwide.”
A universal threat
Many of the consumers who shopped or banked online for the first time during the coronavirus pandemic were unaware of the scale of the risk. A recent report by LexisNexis3, which analysed 24.6 billion transactions in July through December 2020 showed that under-25s are most vulnerable to fraud attacks while over-75s are the second most vulnerable, losing the most money.4
Hector explains: “This digital expansion has created lots of first-time users who have no experience with online payments. Fraudsters operate with a level of sophistication that you would not believe. There is now a lot of pressure on financial institutions and governments to build awareness, not just of how to use digital technologies but how to stay safe while using them.”
The changing face of cybercrime
Cybercriminals are nothing if not resourceful. When governments around the world begin launching their coronavirus support schemes, the fraudsters were quick to create multiple scams to make fraudulent claims, steal company data or bamboozle consumers out of their money.
While bots and malware remain a threat, one of the most dangerous forms of cybercrime today is social engineering. This wide-ranging form of fraud involves the procurement of personal data, which is then used to defraud an individual or company.
“Through a combination of different engagements, such as phone calls and social media, fraudsters slowly gather all the information they need to complete financial transactions,” explains Charles Lobo, Vice President, Risk, Visa CEMEA. “On the first call, they get your name, on the second, the name of your bank, then they call posing as your bank to get account information. They remain persistent as it can take multiple calls to get what they need.”
“There’s a reason why it’s called ‘engineering’,” adds Lobo. “These scams are so convincing. Even well-informed folks with their guard up are falling for these scams. I’ve known of a schoolteacher who gave a scammer their one-time password over 20 times. This is the reality.”
Fighting back against the cybercriminals
Whilst constituents of the financial industry – banks, financial institutions, card schemes and regulators – are well organized in combatting fraud and other challenges to the integrity of the financial system, criminals are always evolving their methods and approaches” says Lobo. “Therefore, we all must act in a collaborative manner, jointly building strong mechanisms to combat fraud.”
Over the past five years, Visa alone has invested $9bn5 in tackling the growing cyber threat, with 800 cybersecurity specialists globally. It has pioneered solutions such as Click To Pay6, which allows consumers to make digital purchases with a single click without compromising data security.
It is vital that every organisation within electronic payments ecosystem makes cybercrime a priority in 2021, says Hector. “You may have a pressing need to adopt digital payments but make sure that you assess any partners that you work with carefully. That partnership has to be well founded with a good awareness of cyber security on both sides. How does your customer come onto your platform? Where does their data go? Everyone needs this heightened awareness of cyber security.”
Beyond awareness, it is important to take advantage of the myriad security tools available. CEMEA has amongst the lowest fraud rates in the world because of the region’s early adoption of security measures such as chip and pin. Today, smart authentication methods using artificial intelligence and biometric data – such as facial recognition or fingerprint IDs - can help to thwart cybercriminals.
“Biometrics don’t just improve security, they also create unique and wonderful experiences for customers,” says Rodriguez. “I recently met a merchant in Ukraine who uses biometrics at their store. The customer scans in and they are then welcomed by name as the merchant brings out the products they ordered online.”
Yet the heightened security must not impact the consumer experience, Lobo warns. “All the methods we adopt must be foolproof and frictionless. You don’t want to load up the transaction with a whole bunch of checks and balances that slow the transaction down, making it unwieldy or difficult for the customer. You have to find the right balance when creating secure payments.”
United we stand
The impact of cybercrime is set to rise to $10.5 trillion by 2025, up from $3 trillion in 20157. The threat will continue to evolve in order to take advantages of any weaknesses in the digital chain, warns Lobo. “The message is clear,” he says. “As cybercrime accelerates alongside digital adoption, the need to boost awareness at a faster pace is pressing.”
“We need to make sure that people and businesses do not fall for the schemes and traps being laid for them. Every single organization that is involved in digital commerce – be it the mom’n’pop grocery store or the delivery app or the mega webstores – must be educated about the risks. We must continue to work together to combat cybercrime.”
Four actions to tackle cybercrime
- Educate - education is key if we are to limit the risk of cybercrime as digital payments continue to become more prevalent. Companies must be clear about what consumers need to know to protect themselves, and what to do if they experience fraud or cyber crime
- Communicate - strategic communication with customers is vital to build trust and drive awareness. It is only through clear channels of communication that an early warning alert system can be established
- Collaborate - companies need to work alongside governments to ensure that consumer protection is the primary concern. Cross-sector partnerships help to standardize consumer protection against fraud and protect data integrity
- Partner – organisations must ensure they only choose partners with robust cyber protection capabilities in place. Ask the tough questions at the outset of a relationship and demand access to the best available tools to combat cybercrime
1 Visa European Narrative Q2 2021
2 Cyber warfare report 2021 https://1c7fab3im83f5gqiow2qqs2k-wpengine.netdna-ssl.com/wp-content/uploads/2021/01/Cyberwarfare-2021-Report.pdf
3 SecurityMagazine: Cybercrime report finds young adults and adults over 75 most vulnerable to fraud attacks - https://www.securitymagazine.com/articles/94684-cybercrime-report-finds-young-adults-and-adults-over-75-most-vulnerable-to-fraud-attacks
5 Visa: Investing in the ecosystem - https://usa.visa.com/visa-everywhere/blog/bdp/2019/12/24/investing-in-the-1577207091483.html
6 Finextra: Card schemes to take Click to Pay standard global - https://www.finextra.com/newsarticle/36173/card-schemes-to-take-click-to-pay-standard-global
All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.