payments

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

FBI reports over $262M lost to account takeover (ATO) fraud this year, targeting various sectors through social engineering and phishing. Cybercriminals impersonate financial institutions to steal sensitive information and funds. Users are advised to monitor accounts and protect personal information. The rise of AI in phishing tactics is linked to increased holiday scams, with significant vulnerabilities exploited across e-commerce platforms. A shift towards sophisticated purchase scams is noted, involving authorized payments by victims, complicating fraud detection.

https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html

Technology Protects Retailers, Issuers, and Consumers From CNP Fraud

Card-not-present (CNP) fraud significantly impacts merchants, especially in e-commerce, with most of the financial liability falling on retailers. Solutions like Safecypher’s dynamic security code use temporary CVVs visible only in secure banking apps, offering two-factor authentication at purchase and preventing unauthorized use even with stolen card details. Results from the Irish Post Office show this approach eliminated CNP fraud when adopted by customers.

https://www.marketingtechnews.net/news/cnp-fraud-foiled-by-banking-app-mfa/

How Consumers See Card Threats

Many card users lack recent security awareness, with a J.D. Power survey revealing that a third haven't taken protective measures in 90 days. 24% faced fraud, mainly Gen Z (41%) and financially strapped consumers (40%). Only 45% reported prompts from issuers for security actions. As fraud losses may total $403.88 billion globally over the next decade, institutions stress consumer responsibility in fraud prevention.

https://www.paymentsdive.com/news/consumers-want-more-card-fraud-protection-survey/806174/

Sturnus: Mobile Banking Malware Bypassing WhatsApp, Telegram and Signal Encryption

Sturnus is a newly identified Android banking trojan capable of bypassing encrypted messaging apps like WhatsApp, Telegram, and Signal. It monitors communications by capturing screen content, harvests banking credentials via fake login screens, and allows extensive remote control of infected devices, including real-time screen viewing and activity injections. Currently in a pre-deployment phase, it primarily targets users in Southern and Central Europe, focusing on high-value applications. The malware's architecture incorporates advanced evasion techniques, including code obfuscation and complex communication protocols, posing significant threats to financial security and privacy.

https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal

Concerned About Identity Theft? This May Be the First Sign You’re in Trouble

TLDR: Small unauthorized charges on bank statements, termed “phantom payments,” may indicate identity theft. Regularly review your transactions monthly; be wary of unfamiliar merchants. Protect your information and report suspicious activity to your bank and credit agencies if theft is suspected.

https://www.fool.com/retirement/2025/11/20/concerned-about-identity-theft-this-may-be-the-fir/

Afterpay Confronts New Fraud Type

Fraudsters are colluding as fake merchants and consumers to exploit Afterpay's buy now, pay later services, leading to significant losses. This emerging fraud type leverages synthetic identities and artificial intelligence to create false profiles. Experts warn that as buy now, pay later options expand to high-ticket items, such scams may increase, making it critical for payment services to enforce stringent checks on merchants.

https://www.paymentsdive.com/news/afterpay-confronts-new-fraud-type/805103/

Better Business Bureau Issues Warning About ‘ghost Tapping’ Scam. Here’s Why You May Not Even Be Aware if You’ve Been a Victim of This Trend

Ghost tapping scam exploits contactless payments. Scammers charge unsuspecting victims large amounts through “tap-to-pay” without consent. Methods include bumping into people or posing as vendors. Victims may not realize until seeing charges. Stay vigilant: use RFID-blocking wallets, verify merchants, enable transaction alerts, and report suspicious activity swiftly.

https://moneywise.com/news/better-business-bureau-issues-warning-about-ghost-tapping

Synthetic Identity Theft On The Rise

Synthetic identity theft, a growing credit card fraud method, involves creating fake identities rather than stealing existing ones. This rise follows the Equifax data breach, exposing personal information of 143 million consumers. Reports show this fraud accounts for up to 20% of unpaid credit card loans and cost banks over $6 billion in 2016. Law enforcement is now focusing on this issue as banks face increasing concerns over synthetic fraud.

https://www.pymnts.com/news/security-and-risk/2017/synthetic-identity-theft-equifax/

Cops Cuff 18 Suspects Over $345M Credit Card Fraud Scheme

Eighteen people have been arrested in a global operation targeting three networks suspected of large-scale credit card fraud and money laundering. The criminals used stolen data from millions of cardholders worldwide to create fake online subscriptions for adult and streaming services, resulting in $345 million in losses. The scheme involved insiders at payment processing companies and relied on shell companies to conceal activity. Authorities coordinated across 30 countries, searched dozens of properties, and seized millions in assets. The fraudulent activity was halted in 2021, and investigations continue.

https://www.bankinfosecurity.com/cops-cuff-18-suspects-over-345m-credit-card-fraud-scheme-a-29935

Massive Surge of NFC Relay Malware Steals Europeans’ Credit Cards

NFC relay malware significantly increased in Eastern Europe, with over 760 malicious Android apps identified stealing credit card data. This malware utilizes Android’s Host Card Emulation to capture payment information and perform unauthorized transactions without the card present. It first appeared in Poland and has spread to several countries. Security experts advise Android users to avoid installing risky apps, check permissions, and utilize built-in anti-malware tools.

https://www.bleepingcomputer.com/news/security/massive-surge-of-nfc-relay-malware-steals-europeans-credit-cards/

New Cybersecurity Survey 2025: AI, Scam Fears and Fraud Risks

Mastercard is a global payments technology company offering various credit, debit, and prepaid cards with security and payment solutions. A recent survey reveals many consumers feel more insecure about online safety than home security, with significant anxiety about cyber threats and AI-generated scams. Younger generations are more susceptible to online fraud but express confidence in their threat detection abilities. Trust and security are critical for digital economies, and collaboration between human intuition and AI is essential for effective cybersecurity.

https://www.mastercard.com/global/en/news-and-trends/stories/2025/consumer-cybersecurity-survey.html

Iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

TL;DR: Attackers exploit payment iframes using malicious overlays, compromising credit card data security. Traditional defenses like CSP and X-Frame-Options fail; real-time monitoring and more robust strategies are essential to protect against evolving threats. A six-step defense approach, including strict CSP, iframe monitoring, and secure postMessage handling, is recommended for effective protection.

https://thehackernews.com/2025/09/iframe-security-exposed-blind-spot.html

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud Via NFC Relay Attacks

SuperCard X is a new Android malware platform enabling NFC relay attacks, allowing criminals to commit ATM and PoS fraud by intercepting and relaying card details. Targeting Italian banking customers, it employs social engineering tactics through fake apps and deceptive messages that prompt victims to install malicious software. The malware captures card data and relays it to external servers for unauthorized transactions. SuperCard X utilizes sophisticated techniques, including custom app versions and secure communication methods, posing significant financial risks to payment systems. Users are urged to avoid unknown apps and enable protections against malware.

https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

Stripe API Skimming Campaign Unveils New Techniques for Theft

Cybersecurity researchers at Jscrambler reported a new skimming attack exploiting the Stripe API to steal payment information from e-commerce sites. The method involves injecting malicious JavaScript into checkout pages to capture customer payment details in real-time before they reach Stripe's processing system. This technique poses significant risks to online merchants, with 49 compromised businesses identified so far. To mitigate risks, businesses should monitor for unexpected changes in JavaScript, network requests, and implement real-time webpage monitoring and secure iFrame solutions.

https://www.infosecurity-magazine.com/news/stripe-api-skimming-campaign-new/

Arrests in Tap-to-Pay Scheme Powered by Phishing

Chinese nationals arrested for tap-to-pay fraud using mobile wallets linked to phishing scams. They bought gift cards with stolen credit card info, traveling across states. Authorities recovered over $23,000 in gift cards. Scammers utilize a custom Android app for transactions, leveraging stolen data acquired through sophisticated phishing techniques. This highlights vulnerabilities in mobile wallet security and the evolving tactics of cybercriminals.

https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/

Scroll to Top