A leading payments industry news source for more than 17 years. Glenbrook curates the news and keeps you abreast of the important daily headlines in payments.

Search Payments News

January 26, 2023

On the web

Is Once-Yearly Pen Testing Enough for Your Organization?

The Hacker News

ny organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development:...

May 10, 2021

On the wires

You Are Worth $1,000 on the Dark Web, New Study by Privacy Affairs Finds

“The Dark Web sees personal information sold to this day. In 2020, organizations like NASA, McDonald’s, Visa, MasterCard, Microsoft, and Google have experienced security breaches, leading to theft of credit card details, online banking logins, and social media credentials. Later, all this information can be found sold on the Dark Web. PrivacyAffairs.com collected hundreds of examples of data being sold and reported the prices on their Dark Web Price Index … In the United States, the average annual expense for dealing with cybercrime increased by 29% in 2018, reaching $27.4 million. Credit card details are sold on the Dark Web from $14-$30, which include the card number, associated dates, and CVV. Personal data such as an address, email, and phone number may also be included.”

March 18, 2021

On the web

More Than $4 Billion in Cybercrime Losses Reported to FBI in 2020 – CyberScoop


“American victims reported $4.2 billion in losses as a result of cybercrime and internet fraud to the FBI in 2020, a roughly 20% uptick in the money known to be lost to scammers in 2019, the bureau said in a new report.  The FBI’s Internet Crime Complaint Center, the organization through which U.S. citizens and businesses report financial losses from hackers, said in its annual report released Wednesday that it received an average of more than 2,000 complaints per day through 2020.”

March 16, 2021

On the web

A Hacker Got All My Texts for $16


“The method of attack, which has not been previously reported or demonstrated in detail, has implications for cybercrime, where criminals often take over target’s phone numbers in order to harass them, drain their bank account, or otherwise tear through their digital lives. The attack also brings up issues around private, corporate, and national security, where once a hacker gains a foothold on a victim’s phone number, they may be able to intercept sensitive information or personal secrets.”

March 8, 2021

On the wires

February 23, 2021

On the wires

LexisNexis Risk Solutions Cybercrime Report Finds Young Adults and Adults Over 75 Most Vulnerable to Fraud Attacks

“LexisNexis® Risk Solutions released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for cybercriminals around the world, particularly as they targeted new online users. Analysis shows that the under 25 age group is most vulnerable to fraud attacks while the oldest age group is second most vulnerable and loses the most money.”

December 22, 2020

On the web

Thousands of fraudsters are selling via Shopify, analysis finds

Financial Times

“Tens of thousands of sellers are using the ecommerce platform Shopify to scam consumers and sell counterfeit goods, after the company’s rapid growth has left it exposed to fraudsters. According to the ecommerce authentication service FakeSpot, which analysed more than 120,000 Shopify sites, as many as 21 per cent posed a risk to shoppers.”

December 14, 2020

On the web

November 30, 2020

On the web

Banks See Billion-Dollar Cyber Costs Soaring Even Higher in 2021

Bloomberg (paywall)

“Big banks and other financial firms predict the cost of warding off cyber criminals will keep climbing in 2021 as they work to secure digital financial services popularized by the pandemic. Cybersecurity topped the list of expected budget increases in a survey of technology spending conducted by Deloitte & Touche LLP, with 64% of executives at financial firms around the globe forecasting a rise. Part of the survey results was made available to Bloomberg News in advance of the December release.”

November 2, 2020

On the wires

Mastercard Launches AI-Powered Solution To Protect The Digital Ecosystem

“Mastercard today announced Cyber Secure, a first-of-its-kind, AI-powered suite of tools that allows banks to assess cyber risk across their ecosystem and prevent potential breaches. With these capabilities, banks can identify and prioritize threats and vulnerabilities throughout their cyber environment. Additionally, acquiring banks can help merchants understand their own cyber risk, preventing hundreds of millions of dollars in potential fraud.”

August 27, 2020

On the web

North Korean hackers ramp up bank heists: U.S. government cyber alert


“North Korean hackers are tapping into banks around the globe to make fraudulent money transfers and cause ATMs to spit out cash, the U.S. government warned on Wednesday. A technical cybersecurity alert jointly written by four different federal agencies, including the Treasury Department and FBI, said there had been a resurgence in financially motivated hacking efforts by the North Korean regime this year after a lull in activity.”

June 12, 2020

On the wires

Increased Use of Mobile Banking Apps Could Lead to Exploitation

“The FBI advises the public to be cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent. Cyber actors target banking information using banking trojans, which are malicious programs that disguise themselves as other apps, such as games or tools. When the user launches a legitimate banking app, it triggers the previously downloaded trojan that has been lying dormant on their device. The trojan creates a false version of the bank’s login page and overlays it on top of the legitimate app. Once the user enters their credentials into the false login page, the trojan passes the user to the real banking app login page so they do not realize they have been compromised.”

May 14, 2020

On the wires

Mastercard and Enel X to Establish Fintech-Cyber Innovation Lab in Israel

“Mastercard and Enel X are launching a new lab in Israel to advance innovations in financial technology and cybersecurity for the payments and energy ecosystem globally. The lab will partner with start-up companies to test and develop products and solutions, with a particular focus on digital security, fintech platforms, digital authentication and financial inclusion. The lab is being established in partnership with the Government of Israel, following a competitive tender launched by the Israel Innovation Authority (IIA), which aims to advance innovations within the fintech and cyber sectors by accelerating growth of the country’s start-up ecosystem.”

May 12, 2020

On the web

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

“Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.”

May 11, 2020

On the wires

Mastercard Provides Free Cybersecurity Tools for Small Businesses in Canada

“As small businesses across Canada cope with ongoing social distancing requirements, many are quickly moving their activities online and facing greater exposure to cyber threats. To help small businesses protect their operations, Mastercard today announced that RiskRecon, a Mastercard company, is providing Canadian small businesses free cybersecurity assessments through December 31, 2020.”

April 9, 2020

On the web

Fintech Company Survived Ransomware Attack Without Paying Ransom


“As the malware quickly spread, locking up server after server, Finastra’s information security team evaluated its dwindling options before settling on the nuclear one: The company pulled all potentially infected servers offline. First, hundreds, then thousands, came down. The attack ground to a halt—as did critical parts of Finastra’s business. In an instant, services for many of Finastra’s customers went dark.”

Travelex Paid Hackers Multimillion-Dollar Ransom Before Hitting New Obstacles

Wall Street Journal (pay wall)

“Travelex, known for its ubiquitous foreign-exchange kiosks in airports and tourist sites around the world, was shut down by a computer virus that infiltrated its networks early this year. It responded by paying the hackers the equivalent of $2.3 million, according to a person familiar with the transaction. Travelex’s payment of the ransom, and the amount, hasn’t previously been reported, though the company confirmed the ransomware attack shortly after it occurred.”

December 16, 2019

On the web

CULedger Completes Blockchain Identity Pilot With Three US Credit Unions

FinTech Futures

“CULedger claims that MyCUID users can verify their identity by using a biometric function on their smart phone, such as voice, fingerprint or facial recognition. The vendor says that data from its pilot indicated that the average time to verify a member’s identity had been reduced from the industry average of more than 50 seconds to ten or less. “As financial cooperatives, credit unions are more inclined to work together than their bank counterparts in order to best serve their members’ needs,” said John Ainsworth, president and CEO of CULedger.”

July 29, 2019

On the web

Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds


“Security researchers have found a way to bypass that limit on Visa cards. Their hack, which isn’t limited to U.K. cards, could let opportunistic crooks drain accounts with a single tap, and they claim they don’t even need to steal the credit card . And little on Visa’s side is being done to address this fresh fraud threat. Forbes let the researchers—Leigh-Anne Galloway and Tim Yunusov from cybersecurity company Positive Technologies—try it out on a personal Visa card. They extracted three successful payments of £31 ($38). On their own cards they made contactless payments as high as £101, though it’s possible more could be stolen with just a tap.”

April 19, 2019

On the web

India Expected to Surpass the UK for Second Place in Payment Card Fraud


“Due to a booming cybercrime scene, India is expected to surpass the UK in 2019 and become the second-most targeted country for payment card fraud, behind the undisputed leader, the US.According to cybercrime statistics compiled by cyber-security firm Gemini Advisory, over 3.2 million Indian payment card records have been compromised and posted for sale online in 2018, a big jump from the previous year, when details for only 800,000 Indian payment cards had been posted on cybercrime forums.”

January 2, 2019

On the web

In a year of data breaches, India’s massive biometric programme finally found legitimacy


“Having enrolled over 1.22 billion Indians till November, the project saw several breaches and multiple accounts of data leaks being reported this year, intensifying fears about its security. There was even an instance of a senior official, out to prove a point about Aadhaar’s security, being left red-faced. The project also had a tragic side to it as several reports of starvation deaths across the country were traced back to the ID programme’s faulty implementation.”

December 10, 2018

On the web

Banks Attacked through Malicious Hardware Connected to the Local Network

Schneier on Security

“Each attack can be divided into several identical stages. At the first stage, a cybercriminal entered the organization’s building under the guise of a courier, job seeker, etc., and connected a device to the local network, for example, in one of the meeting rooms. Where possible, the device was hidden or blended into the surroundings, so as not to arouse suspicion.”

December 5, 2018

On the web

What’s Wrong With Your Venmo Account, and How to Fix It

Wall Street Journal (paywall)

“Few social-media experiences have made me cringe more than viewing my “friend” list on the peer-to-peer payment app Venmo for the first time. Seeing the names of people I’d been on dates with years ago was jarring. Seeing someone I’d blocked on Facebook was unsettling. Seeing names I didn’t recognize and couldn’t find in my contacts was baffling. But one name horrified me above all others: my former therapist.”

October 18, 2018

On the web

October 8, 2018

On the web

Emerging Field of Social Physics Shows Promise in Cybercrime Detection

Wall Street Journal CIO Journal

“As long as the data involves human activity, regardless of the type of data or the demographics of the users, similar behavioral dynamics apply. These patterns can be used to detect emerging behavioral trends before they can be observed by other data analytics techniques. And among those trends in which social physics may prove useful: cyber criminal activities.”

August 27, 2018

On the web

Payments News

Give us your email address or link to our RSS feed and we’ll push the daily Payments News headlines to you.

Glenbrook Payments Boot camp®

Register for the next Glenbrook Payments Boot Camp®

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot Camps tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

Glenbrook Press

Comprehensive books that detail the systems and innovations shaping the payments industry.