Visa Sees Digital Payment Threats Evolving Post-Pandemic
Visa Inc. today published reports that indicated a sharp rise in fraud committed in person as the COVID-19 pandemic continues to wane. The past year saw a 176% increase in physical skimming of devices such as automated teller machines (ATMs) and point-of-sale terminals, according to the report.
Created in collaboration with MIT Technology Review Insights, the report also noted that attacks against e-commerce platforms conducted by targeting third-party components are still fairly common.
Michael Jabbara, global head of fraud services for Visa, said it’s apparent that cybercriminals are becoming more adept at compromising the software supply chains of e-commerce vendors that frequently make use of a wide range of plug-ins to add additional functionality. However, the level of scanning for vulnerabilities that occurs as those plug-ins are created is inconsistent, he added.
Nearly three-fourths of fraud and data breach cases investigated by Visa’s Global Risk team involved e-commerce merchants, the report noted.
A full 59% of 265 executives surveyed by MIT Technology Review Insights identified cybersecurity threats as the biggest challenge to expanding reliance on digital payments. Another 43% said security measures are important for their customers, with special emphasis being placed on artificial intelligence (AI) and enhanced authorization (43%) along with digital tokens (32%).
Visa claims to have blocked more than $4.2 billion in fraudulent payments volume in the last 12 months using real-time monitoring infused with AI. The payments processor has also invested more than $9 billion in network security.
It’s clear that security issues impacting software supply chains are especially rife in e-commerce application environments. The challenge, of course, is that given the sensitivity of the data being processed by these applications, they become a primary target for cybercriminals targeting not only backend applications but also the endpoints used to collect that data. Making sure that data stays secure will require organizations to maintain much greater operational awareness of how that data is processed and secured, said Jabbara.
The payments card industry has long enforced its own Payment Card Industry Data Security Standard (PCI DSS) that requires merchants to implement a wide range of security controls. This has sparked a certain level of resentment among merchants because the cost of complying with PCI DSS requirements is substantial, especially for retailers than tend to operate on razor-thin margins. However, in the absence of those controls, it’s unlikely that consumers would be inclined to purchase nearly as many products and services online. In fact, if cybersecurity controls fail to keep pace with the tactics cybercriminals use, the multi-billion dollar e-commerce engine that drives a global digital economy might easily falter.
Cybersecurity professionals, as a rule, typically prefer to have at least some compliance baseline for cybersecurity controls in place, but most realize that such baselines really only define the bare minimum of security that is actually required. The challenge is finding a way to implement additional layers of security without placing too much of an undue burden on the customer. Despite all the inherent risks, business leaders generally believe the rewards still far outweigh the risks, even as the volume and sophistication of cyberattacks continue to increase.
