On 6 December 2021, the European Payments Council published the 2021 Payment Threats and Fraud Trends Report to create awareness on payment threats and fraud trends and help payment stakeholders decide on possible actions to prevent fraud.
The following conclusions regarding payment threats and fraud enablers may be derived from this report:
- Social engineering attacks and phishing attempts are increasing and more frequently leading to authorised push payments fraud. Awareness campaigns are still important countermeasures against social engineering, they should be targeted towards individual and corporate customers, as well as employees.
- Malware remains a major threat, ransomware has been increasing during the past year, requiring new mitigating measures. Service providers’ customer relation departments should inform customers of measures including proper maintenance of own devices.
- Advanced persistent threats are considered as a potential high risk for payment infrastructures and network related payment ecosystems. Measures against this should begin with security defence-in-depth strategy and architecture and also include advanced security data analytics.
- Denial of service numbers are not increasing, however, they are still frequently targeting the financial sector. This is a contribution of botnets and due to the high volume of infected consumer devices, severe threats remain. To combat botnets technical countermeasures can be adopted but cybercrime dedicated laws, user awareness and enhanced cooperation is also required.
- A fraudulent payment transaction is often followed by the use of monetisation channels such as immediate cash withdrawals, a purchase with no trace or a transfer. Raising customer awareness and implementing monitoring and stopping measures should be used as mitigating actions.