European Payments Council report: 2017 payment threats and fraud trends
The “2017 Payment Threats and Fraud Trends Report” by the European Payments Council (EPC) provides an overview of the most important threats in the payments landscape, including:
- denial-of-service (DoS) attacks,
- social engineering and phishing,
- malware,
- advanced persistent threats (i.e. sophisticated targeted malicious attacks aimed to a specific individual, company, system or software, based on some specific knowledge regarding the target),
- mobile device related attacks,
- botnets (i.e. a network of private computers infected with malicious software and controlled as a group),
- threats related to cloud services and big data,
- threats related to internet of things (IoT).
It further contains an early warning concerning threats related to virtual currencies.
For each threat, apart from a definition and description, an analysis is made on the impact and context and suggested controls and mitigations are described. A summary listing the threats with the main controls and mitigation measures is provided in an annex.
The report further contains a section that elaborates on fraud related to payment instruments (cards, SEPA Credit Transfers and SEPA Direct Debits), while general conclusions are presented in the final section.
The report attempts to create awareness in order to allow stakeholders involved with payments to decide on possible actions in this respect.
Click here to read the full report (PDF file).