Security

Anyone Can Trick AI Bots into Spilling Passwords

Bankinfo Security

"It doesn't take a skilled hacker to glean sensitive information anymore: cybersecurity researchers found that all you need to trick a chatbot into spilling someone else's passwords is "creativity."

Industry Security

IMF, World Bank and BIS in First ‘Tokenisation’ Collaboration

Reuters

"Three of the world's cornerstone institutions - the International Monetary Fund, the World Bank and the Bank for International Settlements - are to work together for the first time to "tokenise" some of the financial instruments that underpin their global work, a BIS official said."

Tags: Tokenization

Security

Badge Granted Patent for Biometric Public Key Providing Revocable Credentials

Biometric Update

"Enterprise identity authentication software maker Badge has been awarded a U.S. patent for a biometric public key system that enables revocable credentials."

Tags: Authentication

Industry Security

Info-Stealing Malware Is Harvesting ChatGPT Credentials

Bank Info Security

"Compromised chatbot credentials are being bought and sold by criminals who frequent underground marketplaces for stolen data, security researchers warn. The alert comes as global use of ChatGPT and rival artificial intelligence offerings continues to surge despite worries from some employers that the chatty bots could blab sensitive information and as regulators voice privacy concerns."

Security

Invoice Fraud: the Latest Tactic of Gangs Out to Hijack Your Holiday

The Guardian

"It was to be a poignant break for Tim Moore and his extended family. They planned to scatter his mother’s ashes on the Caribbean island of Montserrat, where she had lived for 18 years. Moore contacted a local holiday lettings agent and selected a villa to rent for the 12-day stay. But as soon as the price was agreed, a hacker intercepted the email exchange with the agent, and tricked Moore into paying $5,000 (£4,040) to a rogue account. The money was never seen again, and Moore had to stump up a second time to secure the villa through the agent."

Security

Avast Threat Report: Consumers Plagued with Refund Fraud, Tech Support Scams and Adware

Avast Threat Report: Consumers Plagued with Refund Fraud, Tech Support Scams and Adware

Avast, a leader in digital security and privacy, and a brand of Gen™, saw an increase in threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, during Q4 of the calendar year 2022.

Security

'PixPirate' Banking Trojan Targets Brazilian Pix Users

Govinfosecurity

An advanced Android banking Trojan is targeting Brazilian adopters of an instant payment platform known as Pix, marking another foray by the South American country's criminal underground into digital larceny. Researchers at Italian fintech security firm Cleafy say they encountered the Trojan around the start of this year. They call the Trojan "PixPirate" - Pix being the instantaneously successful system for transferring money between bank accounts launched by the Central Bank of Brazil in November 2020.

Companies Security

Trulioo Launches New Global Identity Verification Platform

Trulioo

Trulioo has launched an industry-defining global identity platform for person and business verification. The Trulioo platform showcases the company’s expertise and innovation in helping businesses worldwide build trusted user experiences while achieving regulatory compliance and optimizing growth.

Tags: Identity Trulioo

Security

Is Once-Yearly Pen Testing Enough for Your Organization?

The Hacker News

ny organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development:...

Tags: Cybersecurity

Security

Haptic Authentication for Blind, Low-Vision Users Tested by US, Canadian Academics

Biometric Update

A new method for authenticating blind and low-vision (BLV) users via haptic vibrations has been tested by researchers at the University of Waterloo and the Rochester Institute of Technology. Called OneButtonPIN, the new method is described in a study published in the Proceedings of the ACM on Human-Computer Interaction journal and aims to make authentication more user-friendly and secure for BLV individuals.

Tags: Authentication

Security

Ransomware Victims are Refusing to Pay, Tanking Attackers’ Profits

Ars Technica

Two new studies suggest that ransomware isn't the lucrative, enterprise-scale gotcha it used to be. Profits to attackers' wallets, and the percentage of victims paying, fell dramatically in 2022, according to two separate reports. Chainalysis, a blockchain analysis firm that has worked with a number of law enforcement and government agencies, suggests in a blog post that based on payments to cryptocurrency addresses it has identified as connected to ransomware attacks, payments to attackers fell from $766 million in 2021 to $457 million last year.

Tags: Ransomware

Security

French Security Giant Joins EU Identity Wallet Pilot

Mobile ID World

The France-based security giant IDEMIA has announced that it will be part of a consortium that will pilot EU Digital Identity Wallet prototypes. IDEMIA is joining the so-called “POTENTIAL Consortium”, which will comprise 148 participants from 19 European Union states as well as Ukraine. IDEMIA’s official announcement offered few details about POTENTIAL, but explained that its pilot would be focused on six use cases for the EUIDW: “Electronic Government services”, “Account opening”, “SIM registration”, “Mobile Driving Licence”, “Remote Qualified Electronic Signature”, and “Electronic Prescription”.

Tags: Identity

Security

Why QR Codes Are the Next Cybersecurity Battlefield

Technology Solutions That Drive Business

The use of QR codes has become part of our everyday lives. Invented in 1994 in the manufacturing industry, the QR code sank into obscurity for years, only to make a comeback during the pandemic. Today, touchless payment systems and contactless restaurant ordering are easy with smartphones and these codes.

Consumers value the convenience of being able to conduct activities without getting into close contact with other people. According to research by Scantrust, many also believe that QR codes make brands appear more trustworthy. Gartner sees the trend c­ontinuing: By 2024, 80 percent of order, checkout and payment services will be contactless.

Sure enough, cybercriminals have spotted an opportunity. They exploit weaknesses by substituting malicious codes for legitimate ones, directing users to fraudulent websites or embedding malicious software in mobile devices. Because a QR code obscures the underlying URL, users can’t tell whether the code will take them to the correct destination. In fact, a MobileIron survey found that while 69 percent of users believe they can identify a bad URL by looking at it, only 37 percent can spot a malicious QR code based on its pattern.

Security

IDEX Biometrics and Reltime to Launch Next-Generation Web3 Biometric Card

PR Newswire

“IDEX Biometrics ASA and Reltime AS are pleased to announce a strategic partnership to jointly develop and market the world’s first next-generation, Web3 biometric payment card including cold storage and digital asset wallets, combined with digital identification. This all-in-one, EMV1 compliant biometric payment card is anticipated to reach the market in the first half of 2023. The biometric solution based on IDEX Biometrics sensor technology will enable EMV compliant payments alongside Reltime’s global Web3 financial ecosystem’s unique “check-out” feature. Securing fiat and digital asset transactions with an extra, secure layer of authentication, the smart card will also include other unique features. Moreover, this secure Web3 Cold Storage Payment and ID Card will support other Web3, NFT and digital asset formats, meeting the needs of people around the world to safeguard their valuable digital assets from being stolen or lost, while securely storing them offline, without the interference of any intermediaries.”

Tags: Biometrics

Security

Singpass Incorporates Digital Identity Card, Saves $36 Per Onboarding, Considers Decentralization

Biometric Update

Singapore’s digital identity scheme, Singpass, adds new features and service integrations as penetration reaches 97 percent of eligible residents, according to Kendrick Lee, director of National Digital Identity at the Government Technology (GovTech) agency. Global partnerships and a reduction in minimum age could see it being used by more people in more places.

Tags: Authentication

Security

Selfie Biometric Authentication Apps Rolled Out by India, New Zealand Governments

Biometric Update

“It is now possible for Aadhaar digital ID account holders to verify their identity using their phone when accessing some services thanks to a mobile face biometric authentication app from the Unique Identification Authority of India. The face authentication platform, called Aadhaar FaceRD, means users do not necessarily need to carry their physical cards. Their identity can be verified using the FaceRD on their smart phones, writes Mint. The FaceRD app captures faces for authentication,” according to Mint. The app was developed by the ID authority.”

Tags: Biometrics

Security

Will EU Digital Identity Drop the Unique Identifier?

Biometric Update

“The European Commission may be changing its mind about its proposed requirement for all European Union member states to incorporate unique identifiers in digital IDs that become part of the bloc’s interoperable ID structure. Proposals to remove the mandate are being considered by the committee overseeing legislative development, and a Commission spokesperson has told news outlet Euractiv that a single identifier is negotiable. A persistent, or lifelong, unique identifier could be used to track individuals across any government database. While the first-look regulation on identity in 2014 was based on privacy by design, the Commission has added persistent identifiers for eIDAS 2.0, being developed.”

Tags: Identity

Security

Australia’s Major Banks Look to Dynamic CVV to Combat Payment Fraud

IT News

“Three of the ‘Big Four’ Australian banks have turned to dynamic card verification value (CVV) functionality to combat online payment fraud and boost digital consumer protections. The CVC or CVV is traditionally a static, three-digit number found on the back of a physical debit or credit card that acts as an additional layer of verification or security when a customer is transacting online. The advent of digital payment cards means new dynamic verification options are now possible.  NAB, ANZ and Westpac have all introduced dynamic CVV, also known as dynamic card verification code (CVC), which sees the three verification digits of a digital payment card routinely change for greater online security.”

Security

Peru Issues 7M Digital ID Cards With id3 Biometrics, NXP Chips

Biometric Update

“Fingerprint biometric algorithms from id3 Technologies are being used in Peru’s new digital identity cards, after being selected by NXP Semiconductors, according to a company announcement. Id3’s match-on-card fingerprint algorithm is being embedded in the Peruvian national electronic identity card (DNIe). The card will be used for secure, efficient access to public services. Peru’s government envisions the digital ID being used for secure electronic transactions and electronic voting, id3 says.”

Tags: Identity

Security

Giesecke+Devrient Acquires Valid’s Payment and Identity Solutions Business in the U.S.

G+D

“Giesecke+Devrient (G+D), a global security technology group, today announced the acquisition of the payment and identity solutions business of Valid USA. With this step, G+D aims to accelerate growth in the U.S., one of the world’s largest payment and identity markets. G+D customers will benefit from the enlarged business size in the face of persistent industry-wide supply chain challenges. G+D and Valid, headquartered in Brazil, today signed an Asset Purchase Agreement (APA) for the acquisition of Valid’s payment and identity solutions business in the U.S. by G+D. This includes the three manufacturing facilities in Downers Grove (Illinois), Bolingbrook (Illinois) and Fort Wayne (Indiana), which collectively employ more than 400 people as well as parts of the Valid USA headquarters in Lisle (Illinois).”

Tags: Identity

Security

Santander Warns of 87% Surge in Celeb Crypto Scams

Infosecurity Magazine

“A leading high street lender has urged social media users to beware of cryptocurrency fraud after predicting a double-digit year-on-year surge in celebrity-endorsed cases in 2022. Santander claimed this week that there was a 61% increase in the number of cases it dealt with between Q4 2021 and Q1 2022, with the average cost of such scams increasing 65% year-on-year in the first quarter to reach £11,872. It warned of an 87% surge in cases by the end of 2022 compared to 2021 figures, with users typically tricked into investing in fraudulent schemes by spoofed celeb endorsements online.”

Security

Veriff Identity Verification Solutions Now Available to Twisto’s Buy Now, Pay Later Clients

PR Newswire

“Veriff, a global identity verification provider, today announced its partnership with Twiso, A Zip Company, a buy now, pay later (BNPL) business, to provide identity verification (IDV) services for online merchants. With this partnership, Veriff expedites the IDV process for Twisto customers, while ensuring compliance with know your customer (KYC) regulations.  Veriff’s AI-powered identity verification technology is now available through Twisto’s platform, enabling consumers to quickly and seamlessly verify their identities. Veriff provides best-in-class KYC verification with its video-first technology and offers an extra layer of protection for users through location verification.”

Tags: Authentication

Security

Why Paper Receipts are Money at the Drive-Thru

Krebs On Security

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

Security

More Crooks Tapping ‘Synthetic Identity Fraud’ to Commit Financial Crimes

PC Magazine

“Identity theft remains a popular way for cybercriminals to ruin your credit score. But to steal even more and evade detection, a growing number of crooks are resorting to what’s called “synthetic identity fraud,” which involves creating fake personas to dupe lending agencies…To stop synthetic identity fraud, the US is developing the Electronic Consent Based Social Security Number Verification service, which is capable of checking whether a Social Security number matches known records.”

Tags: Verification

Security

Payments Platform Stripe Launches Authentication Feature

ITP.net

“Stripe, a financial infrastructure platform for businesses, today announced the launch of a delegated authentication feature to improve payment conversion rates in Europe. Stripe businesses can now have their customers authenticate purchases right inside a checkout flow. Wise is the first card issuer to implement the feature. As a result, cardholders will no longer be redirected to their Wise app when authenticating purchases from millions of Stripe businesses. Instead, they will be able to use any biometric authentication method supported by the device they’re on, without ever leaving the checkout flow.”

Tags: Authentication Biometrics

Security

NEC, Hitachi Biometrics Planned for Payments, Hospitality Check-in in Japan

Biometric Update

“NEC has partnered with Osaka Metro to bring face biometrics-powered payments to retail stores, starting with a pop-up shop it operates, Sora News reports . The new payment system relies on NEC’s I:Delight system , which also enables authentication of individuals wearing a mask by combining face and iris biometrics.”

Tags: Biometrics

Security

Early Warning Announces Authentify®, a New Identity Verification Service

“Early Warning Services, LLC and seven of the largest banks in the U.S. today introduce Authentify®, a new identity verification service for consumers and businesses. While on a participating business’ website or app, consumers can choose to be redirected to log into their online or mobile banking experience. The consumer can then share their bank-trusted data with that company, helping them streamline their identity verification process.”

Tags: Account verification

Security

Visa and PopID Form Partnership to Launch Facial Verification Payments in the Middle East

“PopID, a consumer authentication service, and Visa (NYSE: V ), the world’s leader in digital payments, announced a partnership to collaborate on launching facial verification payment acceptance in the Middle East region.  The goal of the partnership is to provide cardholders with new safe, secure, and innovative ways to pay.”

Tags: Facial recognition

Global Security

Cashfree Payments Launches Aadhaar Verification, Automates Customer KYC for Businesses

“Leading payments and API banking solutions company, Cashfree Payments today announced that it has launched Aadhaar Verification as a part of its Verification suite. This feature is an addition to the suite which provides authentication of bank accounts, PAN, UPI and IFSC.”

Security

Apple Launches the First Driver’s License and State ID in Wallet With Arizona

“Apple announced that Arizona is the first state to offer driver’s license and state ID in Wallet. Arizonans can add their driver’s license or state ID to Wallet, and tap their iPhone or Apple Watch to seamlessly and securely present it at select TSA security checkpoints in Phoenix Sky Harbor International Airport.”

Tags: Digital ID