Hackers bent on targeting digital payment platforms, says Visa

Hackers have been relentless in targeting digital payment platforms to steal money, especially as tools enabling them to do so have become more easily accessible, an official of global card services Visa said.

Louis Smith, Visa head of risk for Southeast Asia, told the Inquirer that digital payments—which have been on the rise because of online shopping and e-commerce in general—have remained a “lucrative target” for cybercriminals.

“If you do a temperature check on how many people still get scammed or have details stolen, it is still there,” he said, noting that hackers have been taking advantage of the shift to digitalization.

“I think they are more interested than ever because the barrier to entry has been lowered so much,” Smith added.

The Visa official explained the perpetrators can now access the dark web to buy ransomware, card number generator, deepfake tools and other software they can use to launch their digital attacks.

“You literally click it, put it in a basket and then check out,” he said. “It’s scary how easy it is.”In addition, Smith said some of these online black market places have a helpline if hackers “get stuck with the steps on how to get the ransomware deployed.”

Ransomware attack is a fraudulent activity whereby hackers hold an entity’s data or system hostage until a ransom is paid.

In a recent report, cybersecurity firm Kaspersky noted that Philippine enterprises have remained vulnerable to cyberattacks as they received the most financial phishing threats in Southeast Asia. These digital attacks are targeted at e-commerce, banking and payment systems.

Kaspersky detected and blocked over 163,000 attacks or about 36 percent of the total digital threats of its kind in the region.

This was followed by Malaysia with 27 percent and Indonesia with 21 percent. In total, the cybersecurity firm foiled around 456,000 financial phishing attacks in the region last year.In phishing, hackers trick unsuspecting victims into providing personal information. It is usually launched via emails and mobile messages embedded with suspicious links leading to fake websites.