As the holiday season approaches, it's crucial for financial institutions to be aware of the various threats that consumers may face. The 2024 Holiday Threats Report by Visa Payment Ecosystem Risk and Control (PERC), highlights the key risks and provides valuable insights on how to safeguard against them.
What fraudsters want
For the 2024 holiday season, we anticipate fraudsters will take advantage of holiday-specific spending such as travel and in-demand goods and services. There are various methods that scammers will typically use to steal cardholder information, including:
- Account takeover: Fraudsters often use phishing and social engineering tactics to trick victims into providing one-time passcodes (OTPs) and other sensitive data, allowing them to bypass account authentication and take over accounts.
- Theft of data: Scammers steal payment data and personal information through methods such as phishing, fake websites, and malware. This stolen data is then used for fraudulent activities.
- Theft of funds: Using stolen data and account takeover techniques, scammers withdraw funds, buy goods to resell, or transfer money. They also create fake online stores to steal money from unsuspecting victims.
Top 5 ways fraudsters will try to get what they want this holiday season
- Phishing and social engineering: This tactic involves scammers pretending to be trustworthy entities to steal sensitive information. There are four main types to watch for:
- Email phishing: Scams include fake deals, discounted travel offers, and spoofed emails from well-known brands.
- Phone phishing: Common scams involve bank impersonation, utility service impersonation, and charity donation scams.
- Text message phishing: Scams include package delivery notifications, prize giveaways, and financial account problem alerts.
- Social engineering: Scams include seasonal job offers, fake charities, and year-end flexible spending account schemes.
- Scam merchants: Fraudsters create fake merchants and advertise heavily discounted popular items on social media to lure shoppers to their websites. A significant number of holiday shoppers have experienced fraud from such purchases.
- Holiday travel scams: Scammers create fake travel websites, send phishing emails impersonating airline officials, and use malicious advertising to promote fake customer service sites.
- Malicious holiday apps: Scammers create new apps or imitate legitimate ones that, when downloaded, infect devices and steal sensitive data.
- Physical theft: Fraudsters physically steal payment cards or phones in crowded places, target ATMs and point-of-sale (POS) terminals with skimming attacks and use mobile point-of-sale devices for fraudulent contactless transactions.
How to protect yourself and your cardholders from scams
Encourage your cardholders to be vigilant this holiday season and implement a few key safeguards, such as:
- Avoiding unsolicited links and being cautious on social media
- Enabling multi-factor authentication, as well as anti-phishing protection on your web browser and using unique, strong passwords for different accounts
- Signing up for purchase alerts, reviewing financial statements regularly, and contacting the bank directly rather than following guidance from an email, phone call, or text message you received
- Avoiding uncommon payment methods like wire transfers, cryptocurrency, or sending cash
- Verifying website URLs or apps and using legitimate sites or platforms
- Staying aware of physical surroundings and reporting suspicious devices at ATMs or POS terminals
Resources for community financial institutions
To help protect consumers, Visa clients can:
- Subscribe to the Visa Biannual Threats Reports or the Pressure Gauge Monthly Report for the latest insights and updates. To subscribe, send an email with your name and client BID to paymentintelligence@angee-stonehouse
- Download the 2024 Holiday Threat Report available on Visa Access (VOL)