Growing cyberattacks blamed for keeping small firms offline

Loading Article...

For the best experience, please enable JavaScript in your browser settings.

The research released in a recent media briefing further shows the e-commerce ecosystem is currently grappling with three main types of digital attacks. These include digital skimming which happens when attackers deploy malicious code onto a merchant website that targets the checkout pages of these merchants and harvests the payment account data for their own gains.

"Digital skimming attacks are often the result of misconfigurations or lack of security controls within a merchant's environment, which enables threat actors to exploit such misconfigurations and successfully deploy the malicious skimming code," adds the update.

The firm also noted that enumeration (or also so-called account testing) became a disturbing type of attack for many card issuers over a similar period in the region. "It is aimed to identify the right combination of payment credentials details, which can be reused in a real e-commerce merchant to commit fraud."

Social engineering was also commonly cited where nearly three-fourths of fraud and data breach cases investigated by Visa's global risk team detected e-commerce merchants often defrauded through social engineering to fall for ransomware attacks.

"Threat actors often contact cardholders and claim to be an employee from the cardholder's bank. In these schemes the actors generally call the cardholders, or send an SMS text, alleging that the cardholder's account was involved in fraud and prompting the cardholder to either call back a provided number or provide sensitive information to the threat actors. The result is the compromise of sensitive user account data."

Visa sub-Saharan Africa Senior Director and Head of Risk Irene Auma noted that the increasingly sophisticated attacks shine the light on the need for stringent security controls in the digital commerce ecosystem.

"As merchants move online, so are fraudsters. Merchants will need to update their fraud prevention strategies and if in-house expertise is not available, merchants should turn to proven, reputable partners that can produce outcomes aligned to their business goals and interests."