A leading payments industry news source for more than 17 years. Glenbrook curates the news and keeps you abreast of the important daily headlines in payments.

Search Payments News

May 23, 2024

On the web

November 29, 2023

On the web

November 14, 2023

On the web

June 22, 2023

On the web

Info-Stealing Malware Is Harvesting ChatGPT Credentials

Bank Info Security

"Compromised chatbot credentials are being bought and sold by criminals who frequent underground marketplaces for stolen data, security researchers warn. The alert comes as global use of ChatGPT and rival artificial intelligence offerings continues to surge despite worries from some employers that the chatty bots could blab sensitive information and as regulators voice privacy concerns."

April 3, 2023

On the web

Invoice Fraud: the Latest Tactic of Gangs Out to Hijack Your Holiday

The Guardian

"It was to be a poignant break for Tim Moore and his extended family. They planned to scatter his mother’s ashes on the Caribbean island of Montserrat, where she had lived for 18 years. Moore contacted a local holiday lettings agent and selected a villa to rent for the 12-day stay. But as soon as the price was agreed, a hacker intercepted the email exchange with the agent, and tricked Moore into paying $5,000 (£4,040) to a rogue account. The money was never seen again, and Moore had to stump up a second time to secure the villa through the agent."

February 10, 2023

On the web

February 9, 2023

On the web

'PixPirate' Banking Trojan Targets Brazilian Pix Users

Govinfosecurity

An advanced Android banking Trojan is targeting Brazilian adopters of an instant payment platform known as Pix, marking another foray by the South American country's criminal underground into digital larceny. Researchers at Italian fintech security firm Cleafy say they encountered the Trojan around the start of this year. They call the Trojan "PixPirate" - Pix being the instantaneously successful system for transferring money between bank accounts launched by the Central Bank of Brazil in November 2020.

January 31, 2023

On the web

January 26, 2023

On the web

Is Once-Yearly Pen Testing Enough for Your Organization?

The Hacker News

ny organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development:...

January 24, 2023

On the web

Haptic Authentication for Blind, Low-Vision Users Tested by US, Canadian Academics

Biometric Update

A new method for authenticating blind and low-vision (BLV) users via haptic vibrations has been tested by researchers at the University of Waterloo and the Rochester Institute of Technology. Called OneButtonPIN, the new method is described in a study published in the Proceedings of the ACM on Human-Computer Interaction journal and aims to make authentication more user-friendly and secure for BLV individuals.

January 23, 2023

On the web

Ransomware Victims are Refusing to Pay, Tanking Attackers’ Profits

Ars Technica

Two new studies suggest that ransomware isn't the lucrative, enterprise-scale gotcha it used to be. Profits to attackers' wallets, and the percentage of victims paying, fell dramatically in 2022, according to two separate reports. Chainalysis, a blockchain analysis firm that has worked with a number of law enforcement and government agencies, suggests in a blog post that based on payments to cryptocurrency addresses it has identified as connected to ransomware attacks, payments to attackers fell from $766 million in 2021 to $457 million last year.

January 17, 2023

On the web

French Security Giant Joins EU Identity Wallet Pilot

Mobile ID World

The France-based security giant IDEMIA has announced that it will be part of a consortium that will pilot EU Digital Identity Wallet prototypes. IDEMIA is joining the so-called “POTENTIAL Consortium”, which will comprise 148 participants from 19 European Union states as well as Ukraine. IDEMIA’s official announcement offered few details about POTENTIAL, but explained that its pilot would be focused on six use cases for the EUIDW: “Electronic Government services”, “Account opening”, “SIM registration”, “Mobile Driving Licence”, “Remote Qualified Electronic Signature”, and “Electronic Prescription”.

November 21, 2022

On the web

Why QR Codes Are the Next Cybersecurity Battlefield

Technology Solutions That Drive Business

The use of QR codes has become part of our everyday lives. Invented in 1994 in the manufacturing industry, the QR code sank into obscurity for years, only to make a comeback during the pandemic. Today, touchless payment systems and contactless restaurant ordering are easy with smartphones and these codes.

Consumers value the convenience of being able to conduct activities without getting into close contact with other people. According to research by Scantrust, many also believe that QR codes make brands appear more trustworthy. Gartner sees the trend c­ontinuing: By 2024, 80 percent of order, checkout and payment services will be contactless.

Sure enough, cybercriminals have spotted an opportunity. They exploit weaknesses by substituting malicious codes for legitimate ones, directing users to fraudulent websites or embedding malicious software in mobile devices. Because a QR code obscures the underlying URL, users can’t tell whether the code will take them to the correct destination. In fact, a MobileIron survey found that while 69 percent of users believe they can identify a bad URL by looking at it, only 37 percent can spot a malicious QR code based on its pattern.

August 9, 2022

On the web

IDEX Biometrics and Reltime to Launch Next-Generation Web3 Biometric Card

PR Newswire

“IDEX Biometrics ASA and Reltime AS are pleased to announce a strategic partnership to jointly develop and market the world’s first next-generation, Web3 biometric payment card including cold storage and digital asset wallets, combined with digital identification. This all-in-one, EMV1 compliant biometric payment card is anticipated to reach the market in the first half of 2023. The biometric solution based on IDEX Biometrics sensor technology will enable EMV compliant payments alongside Reltime’s global Web3 financial ecosystem’s unique “check-out” feature. Securing fiat and digital asset transactions with an extra, secure layer of authentication, the smart card will also include other unique features. Moreover, this secure Web3 Cold Storage Payment and ID Card will support other Web3, NFT and digital asset formats, meeting the needs of people around the world to safeguard their valuable digital assets from being stolen or lost, while securely storing them offline, without the interference of any intermediaries.”

July 29, 2022

On the web

Singpass Incorporates Digital Identity Card, Saves $36 Per Onboarding, Considers Decentralization

Biometric Update

Singapore’s digital identity scheme, Singpass, adds new features and service integrations as penetration reaches 97 percent of eligible residents, according to Kendrick Lee, director of National Digital Identity at the Government Technology (GovTech) agency. Global partnerships and a reduction in minimum age could see it being used by more people in more places.

July 15, 2022

On the web

Selfie Biometric Authentication Apps Rolled Out by India, New Zealand Governments

Biometric Update

“It is now possible for Aadhaar digital ID account holders to verify their identity using their phone when accessing some services thanks to a mobile face biometric authentication app from the Unique Identification Authority of India. The face authentication platform, called Aadhaar FaceRD, means users do not necessarily need to carry their physical cards. Their identity can be verified using the FaceRD on their smart phones, writes Mint. The FaceRD app captures faces for authentication,” according to Mint. The app was developed by the ID authority.”

July 14, 2022

On the web

Will EU Digital Identity Drop the Unique Identifier?

Biometric Update

“The European Commission may be changing its mind about its proposed requirement for all European Union member states to incorporate unique identifiers in digital IDs that become part of the bloc’s interoperable ID structure. Proposals to remove the mandate are being considered by the committee overseeing legislative development, and a Commission spokesperson has told news outlet Euractiv that a single identifier is negotiable. A persistent, or lifelong, unique identifier could be used to track individuals across any government database. While the first-look regulation on identity in 2014 was based on privacy by design, the Commission has added persistent identifiers for eIDAS 2.0, being developed.”

July 11, 2022

On the web

Australia’s Major Banks Look to Dynamic CVV to Combat Payment Fraud

IT News

“Three of the ‘Big Four’ Australian banks have turned to dynamic card verification value (CVV) functionality to combat online payment fraud and boost digital consumer protections. The CVC or CVV is traditionally a static, three-digit number found on the back of a physical debit or credit card that acts as an additional layer of verification or security when a customer is transacting online. The advent of digital payment cards means new dynamic verification options are now possible.  NAB, ANZ and Westpac have all introduced dynamic CVV, also known as dynamic card verification code (CVC), which sees the three verification digits of a digital payment card routinely change for greater online security.”

July 6, 2022

On the web

Peru Issues 7M Digital ID Cards With id3 Biometrics, NXP Chips

Biometric Update

“Fingerprint biometric algorithms from id3 Technologies are being used in Peru’s new digital identity cards, after being selected by NXP Semiconductors, according to a company announcement. Id3’s match-on-card fingerprint algorithm is being embedded in the Peruvian national electronic identity card (DNIe). The card will be used for secure, efficient access to public services. Peru’s government envisions the digital ID being used for secure electronic transactions and electronic voting, id3 says.”

Giesecke+Devrient Acquires Valid’s Payment and Identity Solutions Business in the U.S.

G+D

“Giesecke+Devrient (G+D), a global security technology group, today announced the acquisition of the payment and identity solutions business of Valid USA. With this step, G+D aims to accelerate growth in the U.S., one of the world’s largest payment and identity markets. G+D customers will benefit from the enlarged business size in the face of persistent industry-wide supply chain challenges. G+D and Valid, headquartered in Brazil, today signed an Asset Purchase Agreement (APA) for the acquisition of Valid’s payment and identity solutions business in the U.S. by G+D. This includes the three manufacturing facilities in Downers Grove (Illinois), Bolingbrook (Illinois) and Fort Wayne (Indiana), which collectively employ more than 400 people as well as parts of the Valid USA headquarters in Lisle (Illinois).”

July 1, 2022

On the web

Santander Warns of 87% Surge in Celeb Crypto Scams

Infosecurity Magazine

“A leading high street lender has urged social media users to beware of cryptocurrency fraud after predicting a double-digit year-on-year surge in celebrity-endorsed cases in 2022. Santander claimed this week that there was a 61% increase in the number of cases it dealt with between Q4 2021 and Q1 2022, with the average cost of such scams increasing 65% year-on-year in the first quarter to reach £11,872. It warned of an 87% surge in cases by the end of 2022 compared to 2021 figures, with users typically tricked into investing in fraudulent schemes by spoofed celeb endorsements online.”

June 29, 2022

On the web

Veriff Identity Verification Solutions Now Available to Twisto’s Buy Now, Pay Later Clients

PR Newswire

“Veriff, a global identity verification provider, today announced its partnership with Twiso, A Zip Company, a buy now, pay later (BNPL) business, to provide identity verification (IDV) services for online merchants. With this partnership, Veriff expedites the IDV process for Twisto customers, while ensuring compliance with know your customer (KYC) regulations.  Veriff’s AI-powered identity verification technology is now available through Twisto’s platform, enabling consumers to quickly and seamlessly verify their identities. Veriff provides best-in-class KYC verification with its video-first technology and offers an extra layer of protection for users through location verification.”

June 21, 2022

On the web

Why Paper Receipts are Money at the Drive-Thru

Krebs On Security

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

June 9, 2022

On the web

More Crooks Tapping ‘Synthetic Identity Fraud’ to Commit Financial Crimes

PC Magazine

“Identity theft remains a popular way for cybercriminals to ruin your credit score. But to steal even more and evade detection, a growing number of crooks are resorting to what’s called “synthetic identity fraud,” which involves creating fake personas to dupe lending agencies…To stop synthetic identity fraud, the US is developing the Electronic Consent Based Social Security Number Verification service, which is capable of checking whether a Social Security number matches known records.”

June 6, 2022

On the web

Payments Platform Stripe Launches Authentication Feature

ITP.net

“Stripe, a financial infrastructure platform for businesses, today announced the launch of a delegated authentication feature to improve payment conversion rates in Europe. Stripe businesses can now have their customers authenticate purchases right inside a checkout flow. Wise is the first card issuer to implement the feature. As a result, cardholders will no longer be redirected to their Wise app when authenticating purchases from millions of Stripe businesses. Instead, they will be able to use any biometric authentication method supported by the device they’re on, without ever leaving the checkout flow.”

April 12, 2022

On the web

April 5, 2022

On the wires

April 4, 2022

On the wires

March 30, 2022

On the wires