“Payment card fraud losses worldwide exceeded $32 billion in 2021, of which nearly $12 billion was in the US, according to the Nilson Report, the leading trade publication covering the global payment card industry. Losses to fraud worldwide increased by 14% in 2021. Over the next 10 years, the industry is projected to lose an accumulated $397 billion worldwide, with $165 billion coming from the US. The US accounted for 37% of worldwide losses to card fraud in 2021 even though it only accounted for 23% of card spending at merchants and cash transactions at ATMs combined. Higher fraud losses in the US were attributable to a 25% increase in purchases made by credit cards after a 9% drop in 2020. Also impacting fraud in the US was the continued growth in card-not-present transactions such as those that occur when spending online. Online purchases leave merchants more vulnerable to fraud.”

“Marketplaces, even cybercriminal ones, are subject to the laws of supply and demand. Like more reputable merchants, purveyors of stolen goods have been hit by the coronavirus pandemic. As COVID-19 ravaged the world this year—forcing businesses to close and people to stay at home—demand for stolen credit card data has dropped on dark web shops.”

“Hackers are abusing Google Analytics so that they can more covertly siphon stolen credit card data out of infected ecommerce sites, researchers reported on Monday. Payment card skimming used to refer solely to the practice of infecting point-of-sale machines in brick-and-mortar stores. The malware would extract credit card numbers and other data. Attackers would then use or sell the stolen information so it could be used in payment card fraud.”

“The American Cancer Society’s online store has become the latest victim of credit card-stealing malware. Security researcher Willem de Groot found the malware on the organization’s store website, buried in obfuscated code designed to look like legitimate analytics code. The code was designed to scrape credit card payments from the page, like similar attacks targeting British Airways , Ticketmaster , AeroGarden and Newegg .”

““Bluetana,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.”

“For many years and until quite recently, credit card data stolen from online merchants has been worth far less in the cybercrime underground than cards pilfered from hacked brick-and-mortar stores. But new data suggests that over the past year, the economics of supply-and-demand have helped to double the average price fetched by card-not-present data, meaning cybercrooks now have far more incentive than ever to target e-commerce stores.”

“Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device hidden inside the contactless payment terminal of the pump, which appears to act as a Bluetooth hub that wirelessly gathers card data from multiple compromised pumps at a given filling station.”

“Fallback fraud is an activity that typically comes and goes fairly quickly after a nation converts to EMV chip card payments, but it has stuck around longer than usual in the United States, ACG said. But issuers are getting smarter about identifying and thwarting it, according to Goldman. “They’re looking at dollar amounts, they’re looking at velocity thresholds [the number of transactions in a given time period], any sort of prior fallback activity on the same account,” Goldman tells Digital Transactions News.”

“The 22 lines of code are targeted to export the data entered in the BA website’s payment form to the malicious server when the “submit” button was clicked by a customer, with the data being sent as a JSON object. As a result, the transaction would go through for the customer without any errors, while the attackers received a full copy of the customer’s payment information despite the payment apparently being over a secure session. The attackers also added a “touchend” callback to the script, which made the attack functional for users of BA’s mobile app—which called the same, modified script.”

“Riskified founders CEO Eido Gal and CTO Assaf Feldman told “Globes” that in a world in which the scale of credit card fraud is growing at a dizzying pace, e-commerce websites are often forced to reject credit cards because of the slightest suspicion, even if the customer is as pure as the driven snow. They says that Riskified is offering merchants two things: it not only promises to increase the number of deals approved; it also undertakes that in any deal that turns out to involve fraud, it will give the merchant a full refund of what he or she has paid.”

“Fiserv, Inc. (NASDAQ: FISV), a leading global provider of financial services technology solutions, announced today it has partnered with Rippleshot, a fraud analytics firm, to offer Card Risk Office℠ Fraud Warning, an early breach detection solution that allows financial institutions to identify potential fraud events 30-60 days prior to network alerts.”

“THIS WEEK, SAKS Fifth Avenue, Saks Off 5th, and Lord & Taylor department stores—all owned by The Hudson’s Bay Company—acknowledged a data breach impacting more than five million credit and debit card numbers. The culprits? The same group that’s spent the last few years pulling off data heists from Omni Hotels & Resorts, Trump Hotels, Jason’s Deli, Whole Foods, Chipotle: A mysterious group known as Fin7.”

“On March 28, 2018, a notorious hacking JokerStash syndicate, also known as Fin7 announced the latest breach of yet another major corporation, with more than five million stolen payment cards offered for sale on the dark web. Several large financial institutions have confirmed that all tested records had been used before at Saks Fifth Avenue, Saks Fifth Avenue OFF 5TH, a discounted offset brand of luxury Saks Fifth Avenue stores, as well as Lord & Taylor stores.”

““While Aldi payment terminals in the United States are capable of accepting more secure chip-based card transactions,” writes security researcher Brian Krebs. “The company has yet to enable chip payments (although it does accept mobile contactless payment methods such as Apple Pay and Google Pay). This is important because these overlay skimmers are designed to steal card data stored on the magnetic stripe when customers swipe their cards.””