Protecting the Payments Ecosystem During Seasonal Fraud Peaks

As the holiday season approaches, so does a surge in fraud attempts. Scammers are quick to exploit the festive rush, targeting both online and in-person shoppers with increasingly sophisticated schemes.

Visa’s Payment Ecosystem Risk and Control (PERC) team has identified the most common scams and outlined practical steps that clients can use to protect customers and maintain trust during this season.

1. Holiday Travel Scams

With millions travelling, scammers create fake travel sites, send phishing emails about flight cancellations, and post non-existent holiday rentals. Victims may lose money or have their payment data stolen.

Stay safe:

• Verify travel providers’ URLs and book through reputable platforms.

• Be cautious of deals that seem too good to be true.

• Avoid paying outside official channels.

2. Phishing and Social Engineering

Fraudsters use emails, phone calls, and text messages that appear to come from trusted organisations to trick people into sharing sensitive information. During the holidays, these attacks often reference shopping deals, travel, or urgent account issues. Seasonal job scams and fake charity appeals are also on the rise.

Stay safe:

• Don’t click on suspicious links or provide personal information in response to unsolicited messages.

• Enable multi-factor authentication on accounts.

• Research charities before donating and be wary of job offers that seem too good to be true.

3. Scam Merchants

Fake online shops and spoofed websites lure shoppers with heavily discounted goods, especially popular or luxury items. During the holiday season, the number of these  fake sites are expected to increase due to more online shopping. Scammers steal payment data and personal information, as well as receiving funds into their accounts. Scammers also spoof well-known brand websites and use search engine optimisation (SEO) techniques to appear higher in search results, tricking shoppers into believing they are making legitimate purchases.

Stay safe:

• Only shop on trusted websites—look for “https://” and check for spelling errors in URLs.

• Use a debit or credit card whenever possible as this payment method carries zero liability, facilitates more expedient fraud resolution, and more advanced fraud protection.

• Set up purchase alerts with your card issuer.

4. Malicious Holiday-Themed Apps

Fraudsters develop festive apps like Santa trackers or holiday games that contain malware. These apps can steal login credentials and payment information.

Stay safe:

• Download apps only from trusted sources and check reviews.

• Make sure device software up to date.

• Do not click on unsolicited links and remain vigilant of the URLs you are visiting.

5. Physical Theft of Payment Cards and Phones

Crowded shops and travel hubs are prime spots for pickpockets. Scammers may also use skimming devices on ATMs or point-of-sale terminals due to increased shopping. They place devices called "skimmers" on terminals to steal payment card data. In crowded stores, scammers can install skimmers unnoticed, hiding the installation behind large items or distractions. Another method used to steal money is "digital pickpocketing," where scammers use mobile point-of-sale devices to conduct fraudulent contactless transactions by tapping against a victim’s purse, wallet or pocket.

Stay safe:

• Keep wallets and phones secure and in sight.

• Report lost or stolen cards immediately.

• Watch for suspicious devices at ATMs and tills.

• In an event of a stolen payment card, take advantage of identity and credit monitoring.

Fraudsters are constantly adapting, but so are the tools and advice available. By leveraging Visa’s guidance and implementing these best practices, clients can stay ahead of emerging threats, protect their customers and ensure a safer holiday season.