Vipin Surelia, VISA on mitigating cyber frauds this tax filing season – ET CISO
https://etimg.etb2bimg.com/thumb/msid-111000270,imgsize-68548,width-1200,height=765,overlay-etciso/cybercrime-fraud/vipin-surelia-visa-on-mitigating-cyber-frauds-this-tax-filing-season.jpg
The Reserve Bank of India’s annual report last year highlighted the severity of digital fraud. With 6,659 reported cases amounting to Rs 276 crore, it’s evident that such frauds pose a substantial threat. Tactics used by cybercriminals have evolved, becoming more sophisticated and harder to identify. This makes consumers more vulnerable, including younger people who are assumedly more comfortable with technology.
“Common threat vectors associated with online tax filing scams include phishing emails, theft of card details, fake websites, and malware. Fraudsters are also working harder to impersonate customers using stolen credentials, phishing and advanced AI to make fraudulent payments. Establishing new accounts with stolen or synthetic identities has also gained popularity. Transactions from these accounts are perceived as legitimate since the credentials aren’t fraudulent, even though the underlying accounts and identities are,” Vipin Surelia, VP & Head of Risk, VISA said.
Fraudsters are increasingly resorting to deceptive tactics, such as offering fake customer support, cashback links, or emails, aiming to trick unsuspecting consumers into installing malware, screen mirroring, or remote access apps. Visa anticipates spikes in phishing attacks targeting individuals’ personal and financial information, as well as fraudulent filings designed to claim tax refunds. Such activities can lead to financial losses for individuals and businesses and carry the threat of reputational damage.
During the tax filing period, individuals and businesses face various threats, including data breaches that jeopardize sensitive information like tax returns and financial records. Fraudsters and cybercriminals exploit this vulnerability leading to delayed refunds or legal issues for the victims. Business Email Compromise (BEC) attacks pose another major risk, as cybercriminals impersonate executives or employees to deceive individuals into making unauthorized payments or disclosing sensitive information.
Emerging techniques used by cybercriminals
Of late, there are accounts of cybercriminals leveraging AI to fabricate lifelike images and convincing videos to impersonate taxpayers to steal their refunds. They scour publicly available sources, legal & illegal databases, and resort to email phishing to gather personal information, such as pictures, addresses and employment status. They exploit this data to file fake tax returns before legitimate ones are filed. AI enables these fraudsters to create fakes more quickly and use more sophisticated techniques to bypass security measures.
“There’s also been a rise in vishing scams, where attackers call victims posing as representatives of banks or financial institutions. Using either real individuals impersonating the bank or prerecorded messages, they typically pretend there are issues with the individual’s account or recent payments, aiming to coax sensitive information out of them,” Surelia highlighted.
How is Visa protecting citizen data?
Payment providers are enhancing fraud management solutions. Visa, for example, blocked US$7.2 billion worth of fraudulent payments across 122 million transactions in a 12-month period ending November 2022. Visa, in collaboration with the RBI and the ecosystem, is driving the adoption of tokenization in India to boost trust and participation in digital commerce. This aims to streamline authentication methods, ensuring a seamless and secure payment experience.
As tokenization technology evolves in India, it is driving innovation in commerce experiences. By enhancing security measures, tokenization can enable diverse payment experiences like contactless transit payments, digital B2B operations and frictionless subscription payments. The integration of advanced security measures like biometric authentication further reinforces trust and control, paving the way for a robust and rapidly expanding digital economy in India.
Furthermore, Tokenization devalues data and prevents the sharing of personal financial information with third-party vendors, along with robust redressal mechanisms. Besides implementing tokenization, Surelia shared that they are innovating with advanced authorization technologies that analyze up to 500 unique risk factors to detect fraud in real-time, making fraud detection faster, more efficient, and far more accurate.
“Securing taxpayer data demands continuous vigilance, regular updates to security protocols, education regarding best practices, and the implementation of robust security measures at every stage of the process. At Visa, we continuously enhance our security measures, including the deployment of fraud detection algorithms, real-time monitoring systems, and close collaboration with clients and law enforcement agencies. By adopting such proactive strategies, along with client and consumer education and awareness, we aim to mitigate the risk associated with fraudulent activities in payments,” Surelia concluded.