Understanding fraud trends during COVID-19
By Gord JamiesonFeatures Data Security fraud phishing scams visa
Canadian consumers are embracing digital payments in the COVID-19 era. In fact, a staggering 79 per cent of consumers have adapted their shopping methods due to the pandemic, with nearly 76 per cent of Canadians using contactless payments at the point of sale1, and 42 per cent shopping online whenever possible2. While presenting enormous opportunity for digital-first retailers, these new behaviours are not without risks.
Fraudsters have sought opportunities to exploit changes in how people pay for goods and services. About three in 10 Canadian businesses have reported experiencing a spike in the volume of cyberattacks since the start of COVID-193. In turn, we are seeing more than half of organizations implementing new security procedures to ensure transactions remain trusted and secure, directly in response to COVID-194.
COVID-19 presents the fraudster with new opportunities
This new era of fraud is marked by more sophisticated attempts to trick people into sharing sensitive information. Across Canada, we have seen an increase in fraud attempts like phishing, romance frauds and account enumeration, where fraudsters exploit the gaps which existed pre-pandemic and intensified their attempts during the crisis. According to a recent survey by the Canadian Federation of Independent Business (CFIB), nearly a quarter of businesses experienced cyberattacks since March 2020, with five per cent saying the attacks against them were successful (that’s about 61,000 small and medium-size businesses)5. More than 80 per cent of those businesses that experienced a cyberattack said it was through email scams and phishing attempts6.
Phishing has grown much more complex throughout the pandemic. It now includes a number of variants beyond email phishing, such as spear phishing — attacks targeting a specific victim with personalized communication — and voice phishing scams, as well as spoofed websites. Impersonations can be made to appear like family, friends, colleagues, or even government officials. According to Statistics Canada, one in three Canadians have experienced a phishing attack since the start of the pandemic7.
Fraudsters are also taking advantage of the ongoing crisis by crafting COVID-19 related phishing campaigns, using common terms like coronavirus, vaccine and financial relief to confuse and trick people into handing over personal information. About 14 per cent of Canadians reported at least one phishing attack related to COVID test results, a potential cure for the virus or about the Canada Emergency Response Benefit8. Despite their prevalence, phishing scams can be easy to avoid if you know how to detect them. Visit Visa.ca for tips on how to avoid phishing scams.
With lockdown and social distancing measures, more people have been flocking to online dating apps in search of romance and companionship. That’s led to an increase in romance scams, where fraudsters will convince you to enter a virtual, online relationship so they can gain your trust and affection9. In many cases, the fraudster will claim to be a professional business person or military personnel travelling or stationed abroad. Once trust is gained, fraudsters will begin asking for money for travel, a medical emergency or family assistance10. Romance scams were the No. 1 fraud affecting Canadians in 2020, based on dollar amount (resulting in $18.5M loss)11. For tips on how to detect online romance scams, see here.
Cybercriminals are taking advantage of big data and artificial intelligence to find and exploit new vulnerabilities. Through automated testing of common payment fields, also known as account enumeration, these cybercriminals are able to successfully monetize e-commerce transactions, resulting in hundreds of millions of dollars in fraud losses across the payments ecosystem. There are a number of mitigation techniques that merchants can apply, to help bolster their websites and ensure they’re not susceptible to enumeration attacks. These include CAPTCHA (a tool used to differentiate between automated users and real users), enhanced authentication, anomaly detection and velocity monitoring, among others. Find out more about these best practices here.
The ecosystem responded well
In parallel to this pandemic-stricken year in which time often seemed to stand still, global economies moved quickly in ways that accelerated change, bringing lasting impact to consumer behaviour, fraud patterns and risk mitigation needs. As one of the world’s leading markets in adopting digital technology, Canada’s strong digital payment infrastructure helped contribute positively to our economy.
In the past year, Visa focused our expertise and resources in ways to help financial institutions, merchant partners, governments and consumers navigate these seismic shifts. While most businesses were already investing in technology-led security systems, the pandemic kicked this into overdrive.
Nearly three in four (73 per cent) Canadian consumers want to ensure that new shopping measures intended to protect their health don’t increase their vulnerability to fraud due to their shopping online more12. In response, Canadian businesses have been embracing technology solutions, driving investment in new tools such as security and fraud protection (41 per cent)13.
Looking ahead at a post-COVID world
Looking ahead to the rest of the year, consumer habits born from the pandemic will likely become the new normal, and many of the changes in digital payments will continue. More importantly, the experiences of last year will likely accelerate innovation and force companies to learn from their mistakes to ensure they are not repeated in the years ahead.
About the author: Gord Jamieson is a Senior Business Leader at Visa and serves as the head of Canada Risk. Prior to joining Visa, Jamieson served as a member of the Royal Canadian Mounted Police for 20 years. In that capacity, he has investigated organized crime involvement in forged credit card manufacturing and distribution. Jamieson has held positions as both the President and Vice-President of the Central Canada Chapter of the International Association of Financial Crimes Investigators (IAFCI) and presently is a member of the IAFCI Board of Advisors.
1VisaNet Data, December 2020 (75.7% of Canadians using contactless payments at the point of sale)
2Visa Back To Business Study, December 2020
3CIRA Cybersecurity Report 2020
4CIRA Cybersecurity Report 2020
5Canadian Federation of Independent Business Cyberfraud in Small Business Report, February 2021
6Canadian Federation of Independent Business Cyberfraud in Small Business Report, February 2021
8Stats Can Report, October 2020
9Canadian Anti-Fraud Center, February 2021
10Canadian Anti-Fraud Center Law Enforcement Fraud Prevention Toolkit, February 2021
11Canadian Anti-Fraud Center Law Enforcement Fraud Prevention Toolkit, February 2021
12Visa Back To Business Study, December 2020
13Visa Back To Business Study, December 2020
Print this page