A leading payments industry news source for more than 17 years. Glenbrook curates the news and keeps you abreast of the important daily headlines in payments.

Search Payment News

January 26, 2023

On the web

Is Once-Yearly Pen Testing Enough for Your Organization?

The Hacker News

ny organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development:...

January 24, 2023

On the web

Haptic Authentication for Blind, Low-Vision Users Tested by US, Canadian Academics

Biometric Update

A new method for authenticating blind and low-vision (BLV) users via haptic vibrations has been tested by researchers at the University of Waterloo and the Rochester Institute of Technology. Called OneButtonPIN, the new method is described in a study published in the Proceedings of the ACM on Human-Computer Interaction journal and aims to make authentication more user-friendly and secure for BLV individuals.

January 23, 2023

On the web

Ransomware Victims are Refusing to Pay, Tanking Attackers’ Profits

Ars Technica

Two new studies suggest that ransomware isn't the lucrative, enterprise-scale gotcha it used to be. Profits to attackers' wallets, and the percentage of victims paying, fell dramatically in 2022, according to two separate reports. Chainalysis, a blockchain analysis firm that has worked with a number of law enforcement and government agencies, suggests in a blog post that based on payments to cryptocurrency addresses it has identified as connected to ransomware attacks, payments to attackers fell from $766 million in 2021 to $457 million last year.

January 17, 2023

On the web

French Security Giant Joins EU Identity Wallet Pilot

Mobile ID World

The France-based security giant IDEMIA has announced that it will be part of a consortium that will pilot EU Digital Identity Wallet prototypes. IDEMIA is joining the so-called “POTENTIAL Consortium”, which will comprise 148 participants from 19 European Union states as well as Ukraine. IDEMIA’s official announcement offered few details about POTENTIAL, but explained that its pilot would be focused on six use cases for the EUIDW: “Electronic Government services”, “Account opening”, “SIM registration”, “Mobile Driving Licence”, “Remote Qualified Electronic Signature”, and “Electronic Prescription”.

November 21, 2022

On the web

Why QR Codes Are the Next Cybersecurity Battlefield

Technology Solutions That Drive Business

The use of QR codes has become part of our everyday lives. Invented in 1994 in the manufacturing industry, the QR code sank into obscurity for years, only to make a comeback during the pandemic. Today, touchless payment systems and contactless restaurant ordering are easy with smartphones and these codes.

Consumers value the convenience of being able to conduct activities without getting into close contact with other people. According to research by Scantrust, many also believe that QR codes make brands appear more trustworthy. Gartner sees the trend c­ontinuing: By 2024, 80 percent of order, checkout and payment services will be contactless.

Sure enough, cybercriminals have spotted an opportunity. They exploit weaknesses by substituting malicious codes for legitimate ones, directing users to fraudulent websites or embedding malicious software in mobile devices. Because a QR code obscures the underlying URL, users can’t tell whether the code will take them to the correct destination. In fact, a MobileIron survey found that while 69 percent of users believe they can identify a bad URL by looking at it, only 37 percent can spot a malicious QR code based on its pattern.

August 9, 2022

On the web

IDEX Biometrics and Reltime to Launch Next-Generation Web3 Biometric Card

PR Newswire

“IDEX Biometrics ASA and Reltime AS are pleased to announce a strategic partnership to jointly develop and market the world’s first next-generation, Web3 biometric payment card including cold storage and digital asset wallets, combined with digital identification. This all-in-one, EMV1 compliant biometric payment card is anticipated to reach the market in the first half of 2023. The biometric solution based on IDEX Biometrics sensor technology will enable EMV compliant payments alongside Reltime’s global Web3 financial ecosystem’s unique “check-out” feature. Securing fiat and digital asset transactions with an extra, secure layer of authentication, the smart card will also include other unique features. Moreover, this secure Web3 Cold Storage Payment and ID Card will support other Web3, NFT and digital asset formats, meeting the needs of people around the world to safeguard their valuable digital assets from being stolen or lost, while securely storing them offline, without the interference of any intermediaries.”

July 29, 2022

On the web

Singpass Incorporates Digital Identity Card, Saves $36 Per Onboarding, Considers Decentralization

Biometric Update

Singapore’s digital identity scheme, Singpass, adds new features and service integrations as penetration reaches 97 percent of eligible residents, according to Kendrick Lee, director of National Digital Identity at the Government Technology (GovTech) agency. Global partnerships and a reduction in minimum age could see it being used by more people in more places.

July 15, 2022

On the web

Selfie Biometric Authentication Apps Rolled Out by India, New Zealand Governments

Biometric Update

“It is now possible for Aadhaar digital ID account holders to verify their identity using their phone when accessing some services thanks to a mobile face biometric authentication app from the Unique Identification Authority of India. The face authentication platform, called Aadhaar FaceRD, means users do not necessarily need to carry their physical cards. Their identity can be verified using the FaceRD on their smart phones, writes Mint. The FaceRD app captures faces for authentication,” according to Mint. The app was developed by the ID authority.”

July 14, 2022

On the web

Will EU Digital Identity Drop the Unique Identifier?

Biometric Update

“The European Commission may be changing its mind about its proposed requirement for all European Union member states to incorporate unique identifiers in digital IDs that become part of the bloc’s interoperable ID structure. Proposals to remove the mandate are being considered by the committee overseeing legislative development, and a Commission spokesperson has told news outlet Euractiv that a single identifier is negotiable. A persistent, or lifelong, unique identifier could be used to track individuals across any government database. While the first-look regulation on identity in 2014 was based on privacy by design, the Commission has added persistent identifiers for eIDAS 2.0, being developed.”

July 11, 2022

On the web

Australia’s Major Banks Look to Dynamic CVV to Combat Payment Fraud

IT News

“Three of the ‘Big Four’ Australian banks have turned to dynamic card verification value (CVV) functionality to combat online payment fraud and boost digital consumer protections. The CVC or CVV is traditionally a static, three-digit number found on the back of a physical debit or credit card that acts as an additional layer of verification or security when a customer is transacting online. The advent of digital payment cards means new dynamic verification options are now possible.  NAB, ANZ and Westpac have all introduced dynamic CVV, also known as dynamic card verification code (CVC), which sees the three verification digits of a digital payment card routinely change for greater online security.”

July 6, 2022

On the web

Peru Issues 7M Digital ID Cards With id3 Biometrics, NXP Chips

Biometric Update

“Fingerprint biometric algorithms from id3 Technologies are being used in Peru’s new digital identity cards, after being selected by NXP Semiconductors, according to a company announcement. Id3’s match-on-card fingerprint algorithm is being embedded in the Peruvian national electronic identity card (DNIe). The card will be used for secure, efficient access to public services. Peru’s government envisions the digital ID being used for secure electronic transactions and electronic voting, id3 says.”

Giesecke+Devrient Acquires Valid’s Payment and Identity Solutions Business in the U.S.

G+D

“Giesecke+Devrient (G+D), a global security technology group, today announced the acquisition of the payment and identity solutions business of Valid USA. With this step, G+D aims to accelerate growth in the U.S., one of the world’s largest payment and identity markets. G+D customers will benefit from the enlarged business size in the face of persistent industry-wide supply chain challenges. G+D and Valid, headquartered in Brazil, today signed an Asset Purchase Agreement (APA) for the acquisition of Valid’s payment and identity solutions business in the U.S. by G+D. This includes the three manufacturing facilities in Downers Grove (Illinois), Bolingbrook (Illinois) and Fort Wayne (Indiana), which collectively employ more than 400 people as well as parts of the Valid USA headquarters in Lisle (Illinois).”

July 1, 2022

On the web

Santander Warns of 87% Surge in Celeb Crypto Scams

Infosecurity Magazine

“A leading high street lender has urged social media users to beware of cryptocurrency fraud after predicting a double-digit year-on-year surge in celebrity-endorsed cases in 2022. Santander claimed this week that there was a 61% increase in the number of cases it dealt with between Q4 2021 and Q1 2022, with the average cost of such scams increasing 65% year-on-year in the first quarter to reach £11,872. It warned of an 87% surge in cases by the end of 2022 compared to 2021 figures, with users typically tricked into investing in fraudulent schemes by spoofed celeb endorsements online.”

June 29, 2022

On the web

Veriff Identity Verification Solutions Now Available to Twisto’s Buy Now, Pay Later Clients

PR Newswire

“Veriff, a global identity verification provider, today announced its partnership with Twiso, A Zip Company, a buy now, pay later (BNPL) business, to provide identity verification (IDV) services for online merchants. With this partnership, Veriff expedites the IDV process for Twisto customers, while ensuring compliance with know your customer (KYC) regulations.  Veriff’s AI-powered identity verification technology is now available through Twisto’s platform, enabling consumers to quickly and seamlessly verify their identities. Veriff provides best-in-class KYC verification with its video-first technology and offers an extra layer of protection for users through location verification.”

June 21, 2022

On the web

Why Paper Receipts are Money at the Drive-Thru

Krebs On Security

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

June 9, 2022

On the web

More Crooks Tapping ‘Synthetic Identity Fraud’ to Commit Financial Crimes

PC Magazine

“Identity theft remains a popular way for cybercriminals to ruin your credit score. But to steal even more and evade detection, a growing number of crooks are resorting to what’s called “synthetic identity fraud,” which involves creating fake personas to dupe lending agencies…To stop synthetic identity fraud, the US is developing the Electronic Consent Based Social Security Number Verification service, which is capable of checking whether a Social Security number matches known records.”

June 6, 2022

On the web

Payments Platform Stripe Launches Authentication Feature

ITP.net

“Stripe, a financial infrastructure platform for businesses, today announced the launch of a delegated authentication feature to improve payment conversion rates in Europe. Stripe businesses can now have their customers authenticate purchases right inside a checkout flow. Wise is the first card issuer to implement the feature. As a result, cardholders will no longer be redirected to their Wise app when authenticating purchases from millions of Stripe businesses. Instead, they will be able to use any biometric authentication method supported by the device they’re on, without ever leaving the checkout flow.”

April 12, 2022

On the web

April 5, 2022

On the wires

April 4, 2022

On the wires

March 30, 2022

On the wires

March 29, 2022

On the wires

Very Good Security (VGS) Extends VGS Payment Optimization With Network Tokens

Very Good Security (VGS), the modern standard for secure storage, exchange, and optimization of the world’s payment data, today announced that the VGS Payment Optimization suite now offers Network Tokens, a new feature that enhances the security of payment transactions while minimizing fraud and improving approval rates. A network token is a unique randomly generated identifier issued and unlocked only by a card network such as Visa or Mastercard. This secure token can then be used in lieu of a primary account number (PAN), enabling the processing of payment transactions without exposing sensitive card account data.”

March 28, 2022

On the web

FCC Puts Kaspersky on Security Threat List, Says It Poses “unacceptable Risk”

Ars Technica

“The Federal Communications Commission on Friday determined that security products from Kaspersky posed an unacceptable risk to US national security and added the company to a covered list of other firms not eligible for FCC funds. The move adds Kaspersky to the same covered list that Huawei and ZTE landed on in 2021 . Besides its Moscow headquarters, the company’s founder, Eugene Kaspersky, attended a KGB-sponsored technical college and has long been accused of having ties to Russian military and intelligence services.”

March 15, 2022

On the web

ASM Global and PopID Partner on Biometric Payments and Ticketing for Stadiums

Biometric Update

PopID and venue management company ASM Global are kicking off a biometric ticketing and payment system that employs facial verification at the Pechanga Stadium in San Diego, California. The stadium will use PopID’s ‘PopPay,’ a contactless biometric payment option that grants access to payments with a selfie of the user. PopPay works by having a person enroll on their phone and submitting a photo and payment option to open an account.”

March 11, 2022

On the web

Biometrics Is Most Popular for Onboarding in Only One Country — Survey

Biometric Update

“Buried in a new marketing-driven survey about the importance of consumers’ retail digital experience, is a surprising insight into the importance of biometric security. Of 14 nations (plus Puerto Rico) surveyed around the world, consumers in only two, Hong Kong and Brazil, prefer to verify their identity with biometrics when they open an online account according to credit-reporting firm TransUnion.”

March 7, 2022

On the web

February 28, 2022

On the web

February 9, 2022

On the web

Pakistan to Launch National Digital Identity Wallet

NFCW

“Citizens of Pakistan will soon be able to apply for, store and display a digital version of their national identity card in a digital ID wallet on their smartphone using an updated version of the country’s Pak-ID mobile app. Pakistan’s National Database and Registration Authority (NADRA) launched Pak-ID in September 2021, enabling citizens to apply for a physical ID card remotely by using their Android or iOS device to scan supporting documents and capture biometric data including their fingerprint and a photograph of their face to verify their identity.”

January 26, 2022

On the wires

1Password and Brex Partner to Optimize Secure Online Payments

“The new integration will help businesses protect critical financial information and identities. Online purchases can be made quickly – in two clicks – and securely, as information stored in a customer’s Brex vault will be automatically synced with 1Password, ensuring users always have access to the most up-to-date version of their Brex virtual cards. If a card is compromised, customers can delete their card from both the 1Password or Brex dashboard to ensure no further payments are processed. For customers with heightened security concerns, the new integration enables the creation of a single-use card, ensuring a card can only be used once and eliminating the risk of online card theft.”