The European Payments Council has released a new report on the security threats and fraud within the payment landscape over the past year.
This new edition covers a range of areas including the different types of threats such as social engineering, malware, mobile device related attacks, and advanced persistent threats, among others. It also separates the issues between the different payment types including card-related fraud, ATMs, and virtual currencies.
Overall, the report found that there was a shift from malware attacks to social engineering attacks, over the past year. However, malware was still predominantly used on companies which has been successful.
Social engineering attacks, which targets individuals to accidently reveal information, credentials, or system access, and phishing attempts are still very prominent in the market and is often used alongside malware. While these attacks have typically been targeted to consumers, retailers and SMEs, over the last year, company executives, employees, financial institutions and payment infrastructures have become preferred targets.
Within malware, random attacks have been growing in popularity due to their profitability and more protection gaps compared to traditional banking trojans.
Advanced persistent threats are targeted to specific individuals or company systems and use specific knowledge on the target. The European Payments Council has found that this method has increased for payment fraud. However, anti-virus software, and automated behavioural-based detection tools can help to improve incident response and attack detection.
One ‘phenomenon’ the Council has noticed to appear in the market is ‘cybercrime-as-a-service’. This is a model which lets criminals that do not possess the skills or knowledge to carry out a certain attack to access a service to do it for them.
Advice given by the council for PSPs is to keep up with threats tactics and campaigns by monitoring attacks occurring with other providers.
In the report, the council outlines that an integral way to mitigate risks and lower fraud within the payments space is through the sharing of fraud intelligence and information on incidents among PSPs. Alongside this, it would like to see new mechanisms implemented to enables cybersecurity prosecution within the European Union and internationally.
The full report is available to read on the European Payments Council website.