With hybrid online frauds likely to increase in 2024, financial institutions, payment processors, merchant services companies, and other stakeholders should allocate the required business resources to secure themselves, according to the Recorded Future report. Hybrid threats refer to threats in which malicious elements combine two or more methods to conduct fraud.
The “implications are alarming” as the stolen cards, analyzed by Recorded Future, led to $9.4 billion in preventable fraud losses for card issuers and $35 billion in potential chargeback fees for merchants and acquirers in 2023.
“Even more alarming is that fraudsters in 2023 increasingly used refined social engineering tactics (via phishing and scams) and sophisticated cyber-based tools and fraud schemes (such as 3D Secure 3DS bypass software and scrupulous new account fraud NAF workflows) to bypass rules-based fraud detection programs and enact their fraud schemes,” the report noted.
The report was prepared by Insikt Group, which is Recorded Future’s threat research division. The report’s findings are based on data analysis from several sources, including the dark web and Clearnet sources, such as dark web carding shops, dark web marketplaces, dark web forums, Telegram Messenger channels, and open source reporting, among others.
The surge in payment fraud comes after the 2022 edition of the Recorded Future report revealed a 24% year-on-year drop in card-not-present payment card records posted across the dark web carding shops in 2022. The cybercrime ecosystem started recovering in 2023 after a crackdown by Russian law enforcement agencies on cybercriminals, the report said.
The recovery is leading to the introduction of several new techniques, including Google Tag Manager GTM, Telegram Messenger, and attack-carrier domains (legitimate websites abused by threat actors) as attack infrastructure. This is expected to increase in 2024.
