2024支付威胁与欺诈趋势报告

EPC162-24/Version1.0/ Date issued:22November 2024Public www.epc-cep.eu1/72©2024Copyright European Payments Council (EPC) AISBL:This document is public and may be copiedor otherwise distributed provided attribution is made and the text is not useddirectly as a source of profit Report 2024Payment Threats and Fraud Trends EPC162-24Version1.0Date issued:22/11/2024 Abstract This new edition of the threatstrends report reflects the recent developmentsconcerning securitythreats and fraud in the payments landscape over the past year. Report2024Payments Threats and Fraud TrendsEPC162-24/Version1.0 Table of Contents Executive Summary....................................................................................................................5About this document...........................................................................................................................5Conclusions..........................................................................................................................................51Document Information.........................................................................................................91.1Scope and Objectives.................................................................................................................91.2Audience....................................................................................................................................91.3Contributors...............................................................................................................................91.4References..................................................................................................................................91.5Definitions and Abbreviations.................................................................................................102Focus on Recent Attack Trends...........................................................................................153Payment Threats and Fraud Landscape...............................................................................173.1Fraud Techniques.....................................................................................................................173.1.1Social Engineering..........................................................................................................173.1.2Malware.........................................................................................................................193.1.3Advanced Persistent Threats (APT)................................................................................233.1.4Distributed Denial of Service (DDoS).............................................................................273.1.5Botnets...........................................................................................................................323.1.6Third-party compromise, supply chain attacks and outages.........................................363.1.7Monetisation Channels..................................................................................................393.2Fraud per Payment-Relevant Process......................................................................................433.2.1Introduction...................................................................................................................433.2.2On-boarding and Provisioning.......................................................................................433.2.3Payment request and invoicing processes.....................................................................463.2.4Payment Initiation & Authentication.............................................................................493.2.5Payment Execution........................................................................................................493.2.6Mobile Wallets for Identification and Authentication...................................................513.3Fraud unique to Specific Payment Instruments......................................................................533.3.1SEPA Schemes................................................................................................................533.3.2Card Scheme..................................................................................................................583.3.3Mobile Wallets for Card Payments................................................................................664Liability Shift Discussions related to Specific Fraud Types...................................................695Annex I–Summary Threats versus Controls and Mitigations..............................................71 Table 1 Bibliography...........................................................................................................................10Table 2 Definitions.............................................................................................................................13Table 3 A