Fraud Schemes in Retail and E-Commerce Armenian Merchants Should Be Mindful of
07.11.2024 | 15:06 Home / News / Visa Voice /
Earning a customer’s trust and loyalty takes time, but in today’s digital age, where privacy concerns loom large, that hard-earned trust can vanish in an instant. A single data breach can break consumer confidence and leave merchants not only with financial losses but also with the task of rebuilding their reputation.
The spring 2024 edition of Visa’s Biannual Threats Report investigated top payment threats impacting consumers and businesses around the world. The findings show that merchants are especially vulnerable to so-called triangulation fraud, where criminals create illegitimate online storefronts offering in-demand products at a low cost to collect payment information. Legitimate merchants fulfill the online order, but payment information is already compromised. According to a 2023 assessment, triangulation scams cost merchants up to $1 billion in a single month.
With the use of Generative AI and deepfakes on the rise in Armenia and worldwide, scams are getting more convincing than ever, leading to unprecedented losses. However, there are proactive steps merchants can take to mitigate the risk of a breach. Here are some common schemes you should be aware of.
Ransomware
This type of malware permanently blocks access to a victim's personal data unless a ransom is paid. A major ransomware attack on a US chain of hotels and casinos in 2023 left guests unable to use hotel keycards, slot machines, ATMs, and credit card machines, paralyzing the work of facilities.
Enumeration attacks
Fraudsters use automated testing on e-commerce transactions to effectively guess the full payment account number, CVV2, and/or expiration date behind an online transaction. Visa Account Attack Intelligence (VAAI) uses machine learning to help identify enumeration attacks and notify affected merchants to block the attack.
Digital skimming attacks
Fraudsters harvest consumer payment account data, such as primary account number, CVV2, expiration date, and personal information, by deploying malicious code onto merchant websites.
Gift card fraud
Visiting brick-and-mortar retailers, fraudsters will steal physical gift cards directly from store racks and then physically manipulate the barcode. When a customer purchases the gift card and loads funds at the register, the funds are sent to the threat actor.
Purchase return authorization (PRA) attacks
Fraudsters either compromise legitimate merchants or onboard fake merchants to large e-commerce marketplaces and initiate purchase return authorizations when there was in fact no initial purchase.
Tips to prevent fraud
Here are some strategies for merchants to mitigate the rising threat of fraud:
• Constantly monitor for new and emerging security technology that can help your business mitigate fraud, and make sure to run updates on security software.
• Use strict cardholder authentication controls to ensure a customer is a legitimate cardholder.
• Implement multi-factor authentication (MFA) on all administrator and employee accounts, especially accounts with access to sensitive card information.
• Provide each admin user with their own user credentials. User accounts should also only access permissions vital to their job.
• Turn on heuristics (behavioral analysis) on anti-malware to search for suspicious behavior and update anti-malware applications.
• Secure remote access with strong passwords and ensure only necessary individuals have permission to use it.
Visa technology is on guard
Visa fraud disruption efforts have resulted in significant crackdowns on cybercrime. In 2023 alone, Visa cybersecurity professionals, technology, and processes have prevented 80 million fraudulent transactions worth $40 billion globally. Learn more about how Visa can protect your business at Visa.com/security.
Views 2729
The spring 2024 edition of Visa’s Biannual Threats Report investigated top payment threats impacting consumers and businesses around the world. The findings show that merchants are especially vulnerable to so-called triangulation fraud, where criminals create illegitimate online storefronts offering in-demand products at a low cost to collect payment information. Legitimate merchants fulfill the online order, but payment information is already compromised. According to a 2023 assessment, triangulation scams cost merchants up to $1 billion in a single month.
With the use of Generative AI and deepfakes on the rise in Armenia and worldwide, scams are getting more convincing than ever, leading to unprecedented losses. However, there are proactive steps merchants can take to mitigate the risk of a breach. Here are some common schemes you should be aware of.
Ransomware
This type of malware permanently blocks access to a victim's personal data unless a ransom is paid. A major ransomware attack on a US chain of hotels and casinos in 2023 left guests unable to use hotel keycards, slot machines, ATMs, and credit card machines, paralyzing the work of facilities.
Enumeration attacks
Fraudsters use automated testing on e-commerce transactions to effectively guess the full payment account number, CVV2, and/or expiration date behind an online transaction. Visa Account Attack Intelligence (VAAI) uses machine learning to help identify enumeration attacks and notify affected merchants to block the attack.
Digital skimming attacks
Fraudsters harvest consumer payment account data, such as primary account number, CVV2, expiration date, and personal information, by deploying malicious code onto merchant websites.
Gift card fraud
Visiting brick-and-mortar retailers, fraudsters will steal physical gift cards directly from store racks and then physically manipulate the barcode. When a customer purchases the gift card and loads funds at the register, the funds are sent to the threat actor.
Purchase return authorization (PRA) attacks
Fraudsters either compromise legitimate merchants or onboard fake merchants to large e-commerce marketplaces and initiate purchase return authorizations when there was in fact no initial purchase.
Tips to prevent fraud
Here are some strategies for merchants to mitigate the rising threat of fraud:
• Constantly monitor for new and emerging security technology that can help your business mitigate fraud, and make sure to run updates on security software.
• Use strict cardholder authentication controls to ensure a customer is a legitimate cardholder.
• Implement multi-factor authentication (MFA) on all administrator and employee accounts, especially accounts with access to sensitive card information.
• Provide each admin user with their own user credentials. User accounts should also only access permissions vital to their job.
• Turn on heuristics (behavioral analysis) on anti-malware to search for suspicious behavior and update anti-malware applications.
• Secure remote access with strong passwords and ensure only necessary individuals have permission to use it.
Visa technology is on guard
Visa fraud disruption efforts have resulted in significant crackdowns on cybercrime. In 2023 alone, Visa cybersecurity professionals, technology, and processes have prevented 80 million fraudulent transactions worth $40 billion globally. Learn more about how Visa can protect your business at Visa.com/security.
