Chinese phishing groups are now sending scam SMS messages about unclaimed tax refunds and rewards points, aiming to steal payment card data. They create fake e-commerce sites that look legitimate, making it difficult for consumers to spot the fraud until it's too late. Experts warn that this increase in scams often coincides with the holiday shopping rush.

TikTok is enhancing its security measures to improve shopper trust and experience, aiming to make in-stream shopping more appealing to Western consumers. The platform has ramped up efforts to remove counterfeit products and streamline reporting processes for intellectual property violations. Despite rising interest, many Western users remain cautious about shopping on social media.

Juspay is partnering with Visa to introduce Click to Pay in Brazil, aiming to reduce cart abandonment and enhance transaction security in e-commerce. The service allows customers to complete purchases with a single click, using tokenized credentials, thereby simplifying the checkout process. Advanced biometric authentication will also be incorporated for added security.

Hundreds of e-commerce sites have been compromised in a supply-chain attack that allowed malware to execute malicious code in visitors' browsers, potentially stealing sensitive payment information. The attack involved at least three software providers and may have affected up to 1,000 sites, with the malware remaining dormant for six years before activation. Security firm Sansec reported limited global remediation efforts for the affected customers, including a major multinational company.

Google has introduced the Agent Payments Protocol (AP2) to facilitate secure agent-led transactions in e-commerce, garnering support from over 60 organizations. AP2 uses cryptographically signed digital contracts called Mandates to ensure user authorization and accountability during transactions, addressing security concerns associated with AI agents handling payment details. The protocol supports various payment methods and is available for organizations to implement through Google's public GitHub repository.