“Stolen credit card data is always a hot item for sale on the Dark Web, particularly if the package includes not just the card number but the expiration date and CVV code. To crack down on fraud, card vendors have long since turned away from stripe-only cards to those with embedded security chips that not only use encryption to secure transactions but are more difficult to clone. A recent report from cyber intelligence provider Cybersixgill looks at the current state of credit card fraud on the Dark Web. For its “Underground Financial Fraud H1 2022 report,” Cybersixgill found that more than 4.5 million stolen payment cards were up for sale on the Dark Web during the first half of 2022. Though this number is a significant drop of 68% from the more than 14 million such cards discovered during the last half of 2021, this still represents a substantial amount of fraud. Almost half (45%) of the cards for sale on underground markets were issued in the United States.”

“As the pandemic drove consumers online en masse to make purchases, consumer anxiety around fraud saw a considerable spike, according to a new survey by Marqeta , the global modern card issuing platform. The company surveyed 2,000 consumers across the United States and United Kingdom about their experiences and attitudes toward payment fraud and how they felt about the threat of fraud in the aftermath of COVID-19.”

“Wirecard employees hauled millions of euros of cash out of the group’s Munich headquarters in plastic bags over a period of years, according to former employees, suggesting that the payments company was looted even more brazenly than previously known. The once high-flying fintech, which at its peak was worth €24bn, went bust last summer in one of Germany’s biggest accounting frauds. It collapsed after discovering that €1.9bn of corporate cash did not exist and that parts of its business in Asia were a sham.”

“Access to reliable online security has never been more critical for businesses today. In fact, 81% of business owners experienced payments fraud last year, according to a recent survey by J.P. Morgan and the Association for Financial Professionals (AFP®). To help businesses protect against potential threats, JPMorgan Chase today introduced Fraud Protection Services, a new digital hub with enhanced fraud prevention tools that helps small and mid-sized clients protect their businesses and manage money safely.”

“Approximately 900 customers of 7-Eleven Japan have lost a collective of ¥55 million ($510,000) after hackers hijacked their 7pay app accounts and made illegal charges in their names. The incident was caused by an appalling security lapse in the design of the company’s 7pay mobile payment app, which 7-Eleven Japan launched in the country on Monday, July 1. The 7pay mobile app was designed to show a barcode on the phone’s screen when customers reach the 7-Eleven cashier counters. The cashier scans the barcode, and the bought goods are charged to the user’s 7pay app and the customer’s credit or debit cards that have been saved in the account.”

“A Lithuanian man and his associates found a bold way to steal from Facebook and Google, according to his guilty plea last week: They asked for money via email. More specifically, they sent fraudulent invoices to the California-based tech giants. The invoices were apparently good enough to persuade Google, which is owned by Alphabet, and Facebook to wire a total of more than $100 million for them from 2013 to 2015, according to the Justice Department…According to the F.B.I., crimes that involve deceiving companies via email have grown more common — and much more sophisticated — in recent years, resulting in billions of dollars in losses.”

“Aaron Cole, 30, spoke out in an interview with KGW-TV on Wednesday, detailing the sophisticated plot that defrauded his family after the sale of their home in Oregon City, outside of Portland. Known as ‘spoofing’, the increasingly popular scam uses emails that appear to be from a trusted sender to convey phony bank routing information and dupe individuals or companies out of thousands or even millions of dollars. Cole was swindled last week, shortly after closing on the sale of his family’s home of six years, a three-bedroom ranch.”

“According to the Daily Telegraph, ministers have become increasingly concerned about the impact of fraud in recent months, with attacks on more than 1,300 TSB customers after the bank’s IT meltdown in April. The bank’s chief executive Paul Pester stepped down earlier this month.”

“With cross-channel fraud, a fraudster steals personal information about a user from one channel, and then uses that information to commit fraud in another. Here’s an example. Fraudsters frequently use social engineering scams to trick a user into granting access to an online account, like a banking account. Once in, the fraudster has easy access to a user’s connected credit card information. Fraudsters copy the user’s credit card number and its expiration date. From there, it’s a simple next step to card-not-present fraud. With basic credit card information, fraudsters can make purchases online, racking up thousands in charges.”

“Given their rapid spread and growth, this question urgently needs answering. As part of its ongoing CFI Fellows Program, CFI asked Patrick Traynor, professor at the University of Florida’s Department of Computer Information Science & Engineering (CISE) to find out. Traynor and his team of computer science researchers looked at the security of online fintech applications using a collection of both automated and manual standard analysis techniques widely available in the computer science toolkit. They examined the apps and websites of 52 digital apps, mainly digital lenders, from all across the world to see how they handle user data.”

“Security flaws in mobile point-of-sale (mPOS) devices from vendors including Square, SumUp, iZettle, and PayPal have been disclosed by researchers.  Thursday at the Black Hat conference in Las Vegas, security experts from Positive Technologies said that vulnerabilities present in mPOS machines could allow unscrupulous merchants to raid the accounts of customers or attackers to steal credit card data.”

“A food market in China has been targeted by scammers who used fake QR codes to divert mobile payments into their own account, according to a local newspaper report. Three men have been arrested on suspicion of printing out small pieces of paper with the QR codes on them and then sticking them over 60 codes used by traders in Nanjing, the capital of Jiangsu province, late last week, Xiandai Kuaibaoreported on Monday.”