What were the major fraud and security threats in 2022?

This month, Visa’s global Payment Fraud Disruption team has published their biannual report looking at the top payment ecosystem threats, covering the period from June – November 2022.

During this period, malicious actors continue to use established fraud schemes, often tweaking them to make them more effective, while also developing new tactics for targeting the payments ecosystem.

In Europe, some of the trends we saw in the second half of 2022 were:

Skimming attacks are becoming more common.

We’ve seen a major uptick in skimming over the past six months. In fact, skimming cases increased 174% globally between June-November 2022 compared to December 2021-May 2022, and this is an increasing problem in Europe too. Digital skimming is when threat actors deploy malicious code onto a merchant website targeting their checkout pages to steal account data entered by consumers. These attacks are often the result of misconfigurations or lack of security controls, and merchants of every size can help prevent these attacks by ensuring their software is up to date.

We are seeing more malware embedded in eCommerce websites.

Over the past six months, our eCommerce Threat Disruption (eTD) capability identified 29% more malware-infected merchant websites across the Europe region.

Enumeration attacks in Europe are on the decline

Enumeration, which is the programmatic, automated testing of common payment elements via ecommerce transactions to effectively guess the full payment credentials, remains among the top threats to the payment ecosystem. While the US remains the most heavily targeted region, here we’ve seen a 2% decline in attacks targeting EU acquirers in the last six months, and a 23.6% drop in attacks on EU issuers.

Providing a secure payments environment is even more important in a digital-first world, and Visa combines unmatched global strength with detailed local knowledge to be best in class at protecting people and businesses across Europe from new and emerging threats.

We have invested over $10 billion (£8 billion) in technology and infrastructure, including for fraud prevention and cyber security in the last five years, and we take an aggressive and multi-layered approach to combat the rising threat of malware, social engineering and brute force attacks by organised, well-funded and global criminal enterprises.

The full report can be found here.