With hybrid online frauds likely to increase in 2024, financial institutions, payment processors, merchant services companies, and other stakeholders should allocate the required business resources to secure themselves, according to the Recorded Future report. Hybrid threats refer to threats in which malicious elements combine two or more methods to conduct fraud.
The “implications are alarming” as the stolen cards, analyzed by Recorded Future, led to $9.4 billion in preventable fraud losses for card issuers and $35 billion in potential chargeback fees for merchants and acquirers in 2023.
“Even more alarming is that fraudsters in 2023 increasingly used refined social engineering tactics (via phishing and scams) and sophisticated cyber-based tools and fraud schemes (such as 3D Secure 3DS bypass software and scrupulous new account fraud NAF workflows) to bypass rules-based fraud detection programs and enact their fraud schemes,” the report noted.
The report was prepared by Insikt Group, which is Recorded Future’s threat research division. The report’s findings are based on data analysis from several sources, including the dark web and Clearnet sources, such as dark web carding shops, dark web marketplaces, dark web forums, Telegram Messenger channels, and open source reporting, among others.
The surge in payment fraud comes after the 2022 edition of the Recorded Future report revealed a 24% year-on-year drop in card-not-present payment card records posted across the dark web carding shops in 2022. The cybercrime ecosystem started recovering in 2023 after a crackdown by Russian law enforcement agencies on cybercriminals, the report said.
The recovery is leading to the introduction of several new techniques, including Google Tag Manager GTM, Telegram Messenger, and attack-carrier domains (legitimate websites abused by threat actors) as attack infrastructure. This is expected to increase in 2024.
Significantly, cybercriminals started using AI workflows to carry out fraud schemes. AI will likely emerge as “yet another front” in 2024 for fraudsters to circumvent fraud controls set up by organizations to prevent fraud, according to the Recorded Future report. Several experts believe that AI is emerging as a weapon of choice for cyber threat actors.
Mitigating online fraud
The increasing complexity of the cyberattacks means that the stakeholders need to think of new and innovative ways to mitigate the threats. A key reason for the success of fraudsters is that financial institutions typically have different business units to address cyber and fraud risks. Improved coordination between the fraud teams and cybersecurity threat intelligence teams is one of the ways financial institutions can address the threats.
Another way to address this is to take advantage of the dark web intelligence reporting to determine if fraudsters are targeting your business and then take appropriate measures.
The growing sophistication of online fraud means that organizations have to stay one step ahead of the fraudsters. Investing in the latest methods is the need of the hour as fraudsters are likely to continue refining their techniques and methods.