The latest report from the European Payments Council provides an overview of the most important threats in the payments market, as well as various types of fraud.
Threats covered include social engineering and phishing, malware, Advanced Persistent Threats (APTs), mobile device related attacks, Distributed Denial of Service (DDoS) attacks, botnets and threats related to cloud services, big data, Internet of Things (IoT) and virtual currencies.
Each type of threat is described, the impact and context is analysed and controls and mitigations are suggested (summarised in a matrix in Annex II).
Fraud is analysed in terms of payment methods - cards, ATMs, credit transfers, direct debit - as well as helpful explanations of how ill-gotten gains are laundered through 'mule' schemes.
The main attack focus over the past year has shifted slightly away from malware to social engineering attacks, except for attacks against companies where malware appears to be the prevalent methodology. Social engineering attacks, phishing and vishing attempts are still increasing and they remain instrumental often in combination with malware.