Security

Networked Bot Attacks Increase As Human-Initiated Attack Levels Fall

“LexisNexis® Risk Solutions today released the findings of its latest Cybercrime Report, which covers the first half of 2021. This edition of the biannual report reveals that bot attack volumes grew 41% year over year with human-initiated attacks falling 29%. The report confirms earlier trend patterns showing the financial services industry and media businesses bear the brunt of increased automated bot network attacks.”

Security

French Government Selects IDEMIA for the National Digital ID Program

“The updated French national eID card (CNIe) was launched in August 2021, and will enable French citizens to complete online transactions using their smartphone. Citizens will receive an authentication request on their smartphone. They will then place their CNIe on the back of their phone, which will communicate using Near-Field Communication technology. The mobile app will securely read and authenticate the personal data held in the card’s chip. Citizens will need to provide their consent before authentication.”

Tags: Digital ID

Companies Security

Apple Reveals First US States Working to Adopt Digital Apple Wallet IDs

9to5Mac

“After first announcing that iOS 15 would bring support for digital IDs via Apple Wallet back at WWDC in June, the first US states that will lead the adoption of the new standard have been named. There are 8 states announced for now that are committed to using Apple Wallet IDs and interestingly, they’re probably not the ones you’d guess. The first of the 8 to launch will be Arizona and Georgia and Apple also says it is already talking with “many more states” about adopting IDs in Apple Wallet.”

Tags: Apple Digital ID

Security

Amazon’s Palm Print Recognition Raises Concern Among U.S. Senators

Reuters

“Three U.S. senators, including Democrat Amy Klobuchar who chairs the Senate Judiciary Committee’s antitrust panel, wrote a letter to Amazon.com Inc (AMZN.O) to express concern about its palm print recognition system, Klobuchar’s office said Friday. Amazon began rolling out biometric technology at its Whole Foods stores around Seattle in April, letting shoppers pay for items with a scan of their palm. The system, called Amazon One, lets customers link a credit card to their palm print.”

Tags: Biometrics

Risk Security

T-Mobile Investigating Claim of Stolen Personal Data for Sale

CNET

“T-Mobile is looking into a post on a forum that claimed to be selling the personal data of more than 100 million people swiped from the mobile carrier’s servers. The data breach included information such as Social Security numbers, phone numbers, names, physical addresses and driver license information, according to Vice , which reported the security breach claim earlier on Sunday. The forum post doesn’t mention T-Mobile by name, but the seller told Vice’s Motherboard that the data came from T-Mobile servers.”

Tags: Data breach

Security

Regulators Urge Banks to Strengthen Customer Authentication

American Banker

“U.S. financial regulators are calling on banks to strengthen their authentication processes to better protect customer accounts and information systems. The Federal Financial Institutions Examination Council on Wednesday issued new guidance for how financial institutions can properly employ an authentication process for customers, employees and third parties as the number of access points to information systems has expanded along with mobile computing and smartphone applications.”

Tags: Authentication

Risk Security

Thwarting Authorized Push Payment Fraud

bankinfosecurity

“Behavioral biometrics can play an important role in mitigating the risk of authorized push payment fraud, says Reed Luhtanen, executive director at the U.S. Faster Payments Council. This biometrics technology involves, for example, “analyzing how one holds a particular device or how you are moving the mouse,” Luhtanen explains. Artificial intelligence can help analyze previous behavior patterns to determine if the right person is involved in the payment, he adds.”

Tags: Authorized push payment fraud (APP) Behavioral biometrics

Deals Security

Feedzai Adds Behavioral Biometrics to Fraud Prevention Platform With Revelock Acquisition | Biometric Update

Biometric Update

“Revelock has been acquired by Feedzai to integrate its advanced behavioral biometric platform into what the latter says will be the world’s largest Financial Intelligence Network (FIN) for secure cashless transactions. The integrated platform will be offered to financial institutions and merchants around the world to detect financial crime and proactively prevent it. The addition of biometrics for highly granular risk assessment boosts security while maintaining privacy and providing a fast customer experience, according to the announcement.”

Tags: Biometrics

Security

Amazon Will Pay You $10 in Credit for Your Palm Print Biometrics

TechCrunch

“How much is your palm print worth? If you ask Amazon, it’s about $10 in promotional credit if you enroll your palm prints in its checkout-free stores and link it to your Amazon account. Last year, Amazon introduced its new biometric palm print scanners, Amazon One , so customers can pay for goods in some stores by waving their palm prints over one of these scanners. By February, the company expanded its palm scanners to other Amazon grocery, book and 4-star stores across Seattle.”

Tags: Biometrics

Security

BioCatch Enters Implementation Stage of Strong Customer Authentication (SCA) for Payment Services Directive (PSD)2, Launches SCA Compliance Awareness Events

“BioCatch, the global leader in behavioural biometrics announced it has entered the implementation stage of its offering that will enable financial institutions to leverage BioCatch’s behavioural biometric-based solution to support their journey to compliance with PSD2’s implementation of Strong Customer Authentication (SCA), a regulation that requires multi-factor authentication for online transactions. BioCatch’s behavioural biometrics industry best-practices solution improves banks and financial institutions’ customer experience by applying machine learning to provide superior consumer protection while reducing friction in the digital journey.”

Tags: Behavioral biometrics

Reports Security

Remote Authentication Fraud: Are You Who You Say You Are? – FedPayments Improvement

“Heightening the need for greater attention to authentication fraud, the COVID-pandemic increased demand for more consumers to enroll in online or mobile (digital) accounts to make remote payments. In fact, average U.S. consumer e-commerce spending was 36% of total spending in December 2020, up from just 26% in March 2020. [1] Unfortunately, fraudsters have noticed the shift, too – and they are changing the targets of their fraud attacks accordingly. To help address remote authentication fraud, the Fed recently published Remote Authentication Landscape and Authentication Methods , the first of three research briefs planned for this summer.”

Tags: Authentication

Security

Socure Unveils Industry’s First BNPL-Specific Solution, Extending Its Leadership in Identity Verification and Trust for Alternative Payment Providers

“Socure , the leading platform for digital identity verification and trust, today announced the introduction of the first identity verification and fraud solution purpose-built for the Buy Now, Pay Later (BNPL) industry. The solution leverages the technology and data currently used by more than 100 top BNPL providers, alternative payment providers, fintechs, banks, and credit card issuers. Socure developed the solution using deep identity and transaction data that enables multiple leading BNPL providers to attract new merchants, power their growth by converting more qualified shoppers in real time, and reduce loss rates.”

Tags: Identity Verification

Security

Worldline Adds Handprint Biometrics for Mobile Payments

American Banker

“The payments technology provider Worldline is adding a handprint biometric digital ID to its authentication system through a partnership with the French fintech A3BC. By combining technologies with A3BC (whose name stands for Anything Anywhere Anytime Biometric Connection), Worldline seeks to protect mobile phones from intrusion through a two-factor authentication process that would include the biometrics.”

Tags: Biometrics

Security

Eftpos Rolls Out Secure Digital Identity Exchange for Australian Consumers

NFCW

“Australia’s Eftpos national debit card system has launched a digital identity exchange solution that enables consumers to share personal information held by trusted digital ID providers in a wide range of use cases, from opening an online account and making online payments to accessing government services or providing proof of age. Eftpos ConnectID allows users to authenticate their identity with merchants, hotels, hospitals, insurers, government departments and other organisations by linking to a verified digital ID such as one registered with their bank or on Australia Post’s Digital iD platform.”

Tags: Digital ID

Security

US Credit Union to Let Customers Authenticate Banking Transactions With Mobile Driving Licence

NFCW

“Utah Community Credit Union (UCCU) is to become the first financial institution in the US state to let its customers use Utah’s mobile driving licence (mDL) as a legal form of identification for all banking transactions. The Utah mDL enables users to provide digital proof of their identity by tapping their mobile device on an NFC reader or by showing a QR code for scanning. The state is launching an mDL pilot with a limited number of participants this month with plans to expand the trial to a further 10,000 motorists later this year.”

Tags: Digital ID

Security

US Credit Union to Let Customers Authenticate Banking Transactions With Mobile Driving Licence

NFCW

“Utah Community Credit Union (UCCU) is to become the first financial institution in the US state to let its customers use Utah’s mobile driving licence (mDL) as a legal form of identification for all banking transactions. The Utah mDL enables users to provide digital proof of their identity by tapping their mobile device on an NFC reader or by showing a QR code for scanning.”

Security

How Cyber Sleuths Cracked an ATM Shimmer Gang

krebsonsecurity

“In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.”

Security

This Will Be the New BBVA Cards That Will Use Your Fingerprints

Entrepreneur

“BBVA Mexico presented its new line of Aqua credit and debit cards on Monday, which will be devoid of printed training to give its users greater security and will work with their fingerprints. These plastics, which will be offered to all users who already have a debit or credit card from the institution, will work with biometrics and will be made of sustainable material. In this way there will be no information that could put the user at risk and helps to avoid fraud.”

Tags: Biometrics

Companies Security

You’ll Soon Be Able to Use Your IPhone As ID at the Airport

The Verge

“Apple has announced a forthcoming update to its Wallet app that will allow you to use your iPhone as digital identification in select US airports. The company showed how you’ll be able to scan your driver’s license or state ID in participating US states, which will then be encrypted and stored in the iPhone’s secure enclave. The company says it’s working with the TSA to enable the iPhone to be used as identification at airport security checkpoints. As well as secure ID, Apple says it’s working to allow hotels to distribute room card keys via Apple Wallet, allowing you to collect a room key before you arrive at a hotel. Home keys and work keys were also announced as coming to the Wallet app. The new keys feature is also coming to Apple Watch, Apple says .”

Tags: Apple Digital ID

Deals Security

Capital One Ventures Invests in Socure Digital Identity Analytics | Biometric Update

Biometric Update

“Socure has boosted Capital One’s digital identity trust to increase card approval rates and slash false positives for its U.S. card team, leading the financial institution’s venture arm Capital One Ventures to make a strategic investment in the company. Socure recently became the latest unicorn biometrics with a $100 million funding round that included several other large financial institutions. The latest investment is expected to support Socure’s plans for continued expansion of its identity verification and biometrics across all consumer-facing verticals, including financial services, online gaming, healthcare, telco, e-commerce and on-demand services.”

Tags: Digital ID

Deals Security

Identity Verification Company Trulioo Lands $394M

VentureBeat

“Online identity verification platform Trulioo has closed a $394 million series D round of funding at a $1.75 billion valuation, coming at a time when businesses across the spectrum have had to embrace digital transformation due to the global pandemic. Similar to how the need for electronic signatures has skyrocketed due to pretty much every activity going online over the past year, companies have also had to rapidly transition to technologies that allow them to verify that their users are who they say they are, without relying on in-person meetings. This is particularly pertinent in highly-regulated industries such as financial services.”

Tags: Verification

Deals Security

Mitek Acquires ID R&D to Lead Fight Against Biometric Identity Fraud

“Mitek (NASDAQ: MITK), a global leader in digital identity verification, today announced that it has acquired ID R&D , an award-winning provider of artificial intelligence (AI)-based voice and face biometrics and liveness detection. Shareholders of ID R&D will be entitled to receive up to $49 million in Mitek stock and cash as consideration. ID R&D’s pioneering facial and voice biometric capabilities provide increased protection against today’s most sophisticated identity theft and increasingly dangerous fraud techniques, such as deepfakes and synthetic voice augmentation.”

Tags: Biometrics Identity

Security

EU set to unveil digital wallet fit for post-Covid life

FT

“The EU is set to unveil detailed plans for a bloc-wide digital wallet on Wednesday following requests from member states to find a safe way for citizens to access public and private services online. The digital wallet would securely store payment details and passwords and allow citizens from all 27 countries to log into local government websites or pay utility bills using a single recognised identity, said people with direct knowledge of the plans. The EU-wide app, which can be accessed via fingerprint or retina scanning among other methods, will also serve as a vault where users can store official documents such as a driver’s licence.”

Tags: Digital ID

Deals Security

LoginID Announces Investment From Visa to Accelerate FIDO-certified Strong Customer Authentication

“LoginID , a FIDO-certified authentication provider, today announced additional investment from Visa on the heels of its $6M seed round from veteran payment and fintech entrepreneurs. The investment amount from Visa is undisclosed. Customers are readily accepting the use of biometrics to make payments and other transactions in a secure and convenient way. According to an April 2021 pymnts.com report , 18 billion payment transactions will be verified using biometrics in 2021. Visa recognizes that strong authentication solutions from companies like LoginID help promote its vision to improve integrity around payments – both reducing fraud and helping merchants meet global regulatory and compliance demands.”

Tags: Authentication

Deals Security

Stripe Newsroom: Stripe Acquires Bouncer to Help Businesses With Fraud Prevention

“Stripe, a global technology company that builds economic infrastructure for the internet, announced today it has acquired Bouncer , a company building card authentication technology to reduce fraud during online transactions. Bouncer’s team and technology will join Stripe to further enhance the capabilities of Radar, Stripe’s powerful, machine-learning-based fraud prevention tool. Bouncer’s card scanning and risk technology is used to help online businesses reduce fraud and authenticate cards. Bouncer will be integrated into Stripe Radar, a fraud prevention tool whose machine learning models are trained on purchases made at millions of companies around the world every day.”

Tags: Authentication

Risk Security

Hackers Using Text Messaging to Target Retailers

PaymentsSource

“The most sophisticated cyberattacks can begin with something as simple as a text message. It’s more common in retail than in other industries for the attacker to use text messaging to trick a retail employee into initiating a money transfer, according to the 2021 Verizon Data Breach Investigations Report… With criminals motivated to seek retail targets as a way to cash in on exposed payment card data and personal information, Verizon cited system intrusion, social engineering and basic web application attacks as being the most common in 77% of the retail breaches. Through the work of 83 contributing organizations, the Verizon investigators analyzed 79,635 security incidents across various industries, of which 29,207 met standards for further research — with 5,258 being confirmed breaches highlighted for data in this year’s report.”

Tags: Phishing Social engineering

Security

LoginID Launches FIDO-certified WordPress Plugin for Passwordless Authentication

“LoginID Inc., creators of the FIDO-powered passwordless authentication solution LoginID, announced today the launch of its WordPress plugin . The plugin is free to install, and enables websites powered by WordPress to install strong passwordless authentication in five clicks. The solution also helps WordPress websites align to emerging and existing compliance regulations, such as PSD2 and GDPR. Developing a plugin that enables passwordless authentication will bolster the security for potentially over 35 million websites powered by WordPress. With this plugin, WordPress-created websites, in just five clicks, can integrate a customizable, quick, easy and regulatory-compliant way to authenticate their users.”

Tags: Passwordless

Security Tech

Amazon’s Palm-reading Payment Tech Is Now Available in New York City | Engadget

Engadget

“You no longer have to shop in Washington state to use Amazon’s palm-reading technology . MarketWatch reports that Amazon has introduced One to New York City, making the biometric authentication available in the Amazon Go store at 11 West 42nd Street. It functions just like it did before. Once you’ve signed up, you just need to hover your palm above a reader to enter the store and approve your purchases. You don’t have to touch a thing besides the goods you’re buying.”

Tags: Biometrics

Security

You Are Worth $1,000 on the Dark Web, New Study by Privacy Affairs Finds

“The Dark Web sees personal information sold to this day. In 2020, organizations like NASA, McDonald’s, Visa, MasterCard, Microsoft, and Google have experienced security breaches, leading to theft of credit card details, online banking logins, and social media credentials. Later, all this information can be found sold on the Dark Web. PrivacyAffairs.com collected hundreds of examples of data being sold and reported the prices on their Dark Web Price Index … In the United States, the average annual expense for dealing with cybercrime increased by 29% in 2018, reaching $27.4 million. Credit card details are sold on the Dark Web from $14-$30, which include the card number, associated dates, and CVV. Personal data such as an address, email, and phone number may also be included.”

Tags: Cybersecurity

Risk Security

Request for Proposal to Find a Service Provider to Establish and Maintain the EPC MISP Instance

“The European Payments Council (EPC), as a scheme manager, endeavours to adequately address fraud risks in the context of its Single Euro Payments Area (SEPA) payment schemes. Therefore, in February 2021, the EPC decided to develop a SEPA-wide “Malware Information Sharing Platform” (“MISP”) instance for real-time fraud information sharing with direct browser access by all SEPA payment scheme participants. Today, the EPC launches a public request for proposal to find a reliable independent service provider to which the EPC can outsource the management and the maintenance of the EPC MISP instance.”

Tags: Malware