Cybersecurity in payments: stay ahead of threats

• The growing threat
• What is cybersecurity?
• How does cybersecurity work?
• How can you strengthen your cybersecurity?
• What cybersecurity solutions does Visa offer?
• Use cases
• FAQs

Digital commerce has brought huge opportunities for growth, but the rapid adoption of new interconnected technologies has seen a surge in sophisticated cybersecurity and payment fraud threats. With traditional prevention tactics no longer enough to protect payment systems, security strategies must evolve to anticipate and disrupt attacks before they occur.

Visa Protect takes a proactive approach to tackling cyber threats that target transactions, using network intelligence, real-time threat detection and advanced data analytics, to help detect, prevent and eliminate risks across the payment journey — from account creation and authentication to authorization and dispute resolution.

Globally, card-not-present (CNP) fraud now accounts for roughly 89% of all fraud and is projected to cost the industry more than $62.9 billion by 2027 — underscoring the urgency for advanced cyber-fraud defenses. Let’s look at what cybersecurity means in the context of payment fraud. We’ll identify trends and risks, highlight solutions and best practices and show how Visa Protect fits into this ecosystem.

Cybersecurity is the practice of protecting digital systems, networks and data from unauthorized access, online attacks and other digital threats. In terms of payments and financial services, it’s about keeping every transaction and every piece of customer information secure.

As digital payments grow — through real-time payments, open banking and application programming interfaces (APIs) — there are more ways for bad actors to try to break in. That’s because each digital link is a potential entry point for criminals to steal credentials, take over accounts or launch ransomware attacks. For example, APIs help ensure frictionless transactions by enabling systems to exchange data and connect services (such as banks, fintechs and merchants), but they could also be exploited by attackers who identify weak authentication, poor configuration or exposed data.

Cybersecurity encompasses both preventative and responsive measures to help ensure safe, reliable and trustworthy payment experiences. This includes using strong authentication, encrypting data, monitoring systems for suspicious activity and responding quickly to incidents.

What are the top cybersecurity risks today?

Today’s most pressing cybersecurity risks include credential theft, account takeover, digital skimming and real-time payment fraud. Many attacks begin with phishing or social engineering, where fraudsters trick employees or consumers into revealing login details or authorizing fraudulent transactions.

Real-time payment (RTP) fraud has become one of the fastest-growing threats, impacting 45% of merchants worldwide, while refund/policy abuse has surged for 57% of merchants, with 22% reporting a 50% or greater increase over the past year.

Data breaches continue to fuel criminal networks by exposing large volumes of sensitive payment information. Stolen card numbers and banking credentials are traded on the dark web, used in fraudulent transactions or leveraged in ransomware attacks to freeze systems and demand payouts. Enumeration attacks — where criminals test stolen or guessed payment details across multiple websites — are also on the rise, putting both businesses and consumers at risk.

Ultimately, fraudsters exploit weaknesses in people, processes and technology — targeting vulnerabilities to cause financial loss, regulatory fines, reputational damage and reduced customer trust. Here’s how these risk areas develop and why addressing them is critical to maintaining secure, trusted digital transactions:

Threat category 1: People-related security errors

Human error remains one of the biggest cybersecurity risks. Employees or partners may click malicious links, share credentials or be tricked by phishing, deepfakes or impersonation scams. A lack of awareness and training increases the likelihood of these incidents.

Threat category 2: Vulnerabilities arising from process-related weaknesses

Outdated, inconsistent or poorly managed processes create gaps. Common issues include delayed patching, weak vendor onboarding, inadequate backup testing and misuse of payment or refund policies.

Threat category 3: Risks associated with technology gaps and exposures

Unpatched systems, misconfigured cloud services, insecure APIs and legacy infrastructure expand the attack surface. Exposed IoT or connected devices, along with open cloud storage, remain a frequent entry point for cybercriminals.

Cybersecurity risks impact every participant in the payment ecosystem — including merchants, banks, fintechs and processors — leading to financial losses, reputational damage, regulatory fines and customer attrition.

The top five emerging trends in payments cybercrime

1. AI-driven cyberattacks: These cyberattacks leverage artificial intelligence (AI) to be significantly faster, larger-scale and more sophisticated than traditional methods, making them difficult to detect and counter.

• Sophisticated phishing: AI is used to generate highly convincing phishing emails, messages and websites that bypass traditional security filters. These attacks utilize natural language processing to create personalized content that mimics legitimate communications, which can greatly increase their difficulty to detect.
• Automated vulnerability discovery: AI tools are deployed to scan systems for weaknesses and identify zero-day vulnerabilities and potential entry points in networks at unprecedented speeds.
• Deepfakes and data poisoning: Criminals create ‘deepfakes’ (AI-generated audio or video content that mimics real individuals) for use in fraudulent activities. They also corrupt AI training data through ‘data poisoning’, in other words, compromising system integrity and potentially causing applications to fail.

2. Adaptive malware programs: AI-powered malware programs, such as BlackMamba, represent a major cyber threat because of their ability to dynamically change their code, pattern or attack method in real-time to evade detection and exploit system vulnerabilities.

• Polymorphism: Allows malware to change its structure, such as file signatures, to avoid detection by signature-based antivirus software.
• Environment awareness: Adaptive malware modifies execution paths and adapts to the target system’s defenses to bypass firewalls.
• Autonomous decision-making: These programs use machine learning (ML) to prioritize high-value targets or optimize infection speed.

3. Ransomware attacks: Fast-evolving ransomware attacks are increasingly directed at the payments lifecycle to hack critical technologies and steal data.

• Commandeering critical systems: Cybercriminals use malware to commandeer business-critical technologies, such as customer databases and financial systems, before demanding a large ransom to give up operative control.
• Data theft and extortion: In addition to disabling core systems, perpetrators may steal private account data and threaten to publish or sell this information unless ransom demands are met.
• Ransomware-as-a-Service (RaaS): This business model allows cybercriminals to offer ransomware software to other criminals or affiliates, who then carry out attacks in exchange for a share of the profits.

4. AI-powered social engineering attacks: Social engineering, where individuals are manipulated into divulging confidential information, has evolved dramatically with AI integration.

• Convincing communications: Unlike traditional phishing attempts, which often contain glaring errors, modern AI-crafted messages are highly convincing because they are generated to reflect an individual’s speaking style, writing style and relevant personal details — they present as a human-like conversation.
• Exploiting social media: Sites hosting massive amounts of user-provided data are targets for hackers. Users often disclose personal identifying information (such as workplace details or travel plans) that cybercriminals can exploit.

5. E-skimming attacks on payment accounts: Also known as digital skimming, e-skimming scrutinizes payment account details like account numbers, CVV2 and expiration dates.

• Malicious code injection: Attackers inject malicious code into a merchant’s eCommerce systems.
• Data harvesting: The process of capturing payment card details as they are entered during checkout.
• Network access: When hackers access compromised servers, they can move around within the merchant’s wider network. The responsibility for combating these attacks generally falls on merchants and their vendors to ensure updated cybersecurity protocols are effectively deployed.

Cyber threats are evolving faster than traditional tools like firewalls and antivirus software can handle. To stay secure, organizations must shift from reactive protection to proactive defense and from siloed teams to integrated cybersecurity and fraud teams. Here's what you can do to ensure detection, prevention and continuous monitoring:

1. Build an integrated cybersecurity and fraud strategy: Cybersecurity and fraud prevention should not operate in isolation. Uniting these teams helps identify suspicious activities — such as an account takeover — as both fraud and security threats. This enables faster, more effective responses across payment systems, from transaction monitoring to incident management.

2. Establish a cybersecurity strategy framework

• Design your overarching cyber-risk architecture, which should include governance, policies, roles and vendor management.
• Define the assets, exposures, threat models and regulatory obligations (PCI DSS is applicable globally, PSD2 is specific to the EU) you need to consider.
• Diagnose your current position and test how robust it is through vulnerability assessments, penetration testing, gap analysis and threat modeling.
• Defend by deploying layered controls (technical, process, human), monitoring continuously and responding to incidents. Then refine your approach based on threat intelligence.

3. Adopt a zero-trust approach: Remember: never trust, always verify. Every user, device and application must be authenticated and monitored. Implement multi-factor authentication, conditional access and behavioral analysis tools (like device fingerprinting and anomaly detection) to spot unusual activity before it becomes a breach.

4. Address the human factor: Phishing, deepfakes and impersonation scams can bypass even the best technology. Regular employee training, credential hygiene and simulated phishing campaigns can help reduce these risks and increase security awareness.

5. Seek specialist support: Many smaller merchants lack dedicated security teams or advanced monitoring capabilities, making them prime targets. Partnering with trusted providers, managed security services or payment networks helps close these gaps.

Built on layers of risk scoring, data exchange, network-wide visibility and proactive intelligence, Visa Protect addresses cyber threats across the payment lifecycle:

• Enumeration Defense: Enumeration attacks involve unauthorized individuals attempting to uncover valid card credentials. Enumeration Defense uses Visa Account Attack Intelligence (VAAI) to block suspected enumeration activity on behalf of an issuer based on defined thresholds.
• Visa Advanced Authorization (VAA): Typically used by financial institutions to optimize fraud management, VAA generates a risk score for each transaction by analyzing the network for emerging fraud patterns and identifying transactions that do not fit individual usage patterns.
• Cybersecurity Advisory Practice: Visa’s Cybersecurity Advisory Practice helps clients strengthen their digital defenses with proactive, intelligence-led protection. Through proactive vulnerability testing, Visa identifies and assesses weaknesses in applications and infrastructure before attackers can exploit them.

In addition, by leveraging solutions like Visa Secure, it’s possible to help prevent eCommerce threat disruptions such as card-not-present (CNP) fraud through advanced authentication and real-time risk analysis.

Visa Consulting and Analytics (VCA) advisory services provides support to formulate cybersecurity strategies (via the VCA Six-Step Methodology), risk governance and compliance assessment. VCA offers tailored expertise in areas such as strategy, product, portfolio management, risk and cybersecurity maturity assessments.

With Visa as a strategic partner, you can leverage our global scale, network intelligence and risk-scoring infrastructure to strengthen your cybersecurity strategy.

Cyberfusion Centers power cybersecurity

Visa’s commitment to innovation is powered by three state-of-the-art Cyberfusion Centers, providing 24x7 global coverage and analyzing over 21 billion events daily. This infrastructure blocks more than 500 million attacks per month, reinforcing security worldwide.

To illustrate its capabilities, when NexGen Gaming, Inc.* faced rising account takeovers, fake accounts and false declines, Visa Protect’s solutions helped secure the customer journey. By combining advanced authentication, AI-driven decisioning and risk-based rules from Visa and partners, NexGen Gaming, Inc. was able to reduce fraud, minimize manual reviews and improve authorization accuracy — delivering safe and seamless experiences for legitimate customers.

*This use case is fictional and intended for illustrative purposes only. It contains depictions of a capability currently in the process of development or deployment and should be understood as a representation of the potential features of the fully developed solution. The final version of this capability may or may not contain any of the features described in this presentation.