Risk

Head Of Telemarketing Operation Charged In $19 Million Credit Card Laundering Scheme

“Audrey Strauss, the United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced the arrest today of STEVEN SHORT, the former head of E.M. Systems & Services, LLC, and affiliated companies (“E.M. Systems”), on charges of fraudulently obtaining credit card processing services for his deceptive Florida-based telemarketing operation.”

Tags: Money laundering

Risk

Kaseya Ransomware Attack: 1,500 Companies Affected, Company Confirms | ZDNet

ZDNet

“Enterprise tech firm Kaseya has confirmed that around than 1,500 businesses were impacted as a result of an attack on its remote device management software, which was used to spread ransomware.  It appears that the attackers carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya’s VSA software against multiple managed service providers (MSP) – and their customers.”

Tags: Ransomware

Risk

New Outseer Fraud & Payments Report Confirms Massive Increase in Brand Abuse Cyber Attacks, Jumping 158% From Q1 2020

“Phishing attacks designed to harvest user credentials represented 25% of all attack types for the quarter, followed by rogue mobile apps at 21%. Although the share of rogue mobile apps decreased slightly from the previous quarter, it is worth noting that this attack type increased by 14% in the same quarter vs. 2020. At just 7% of mix, Trojan Horse attacks injecting malware designed to harvest sensitive information and user credentials dropped again as threat actors have shifted fraud strategies to Brand Abuse.”

Tags: Ecommerce fraud

Risk

Ransomware Gangs Get Paid Off As Officials Struggle for Fix

AP NEWS

“If your business falls victim to ransomware and you want simple advice on whether to pay the criminals, don’t expect much help from the U.S. government. The answer is apt to be: It depends. “It is the position of the U.S. government that we strongly discourage the payment of ransoms,” Eric Goldstein, a top cybersecurity official in the Department of Homeland Security, told a congressional hearing last week. But paying carries no penalties and refusing would be almost suicidal for many companies, especially the small and medium-sized. Too many are unprepared. The consequences could also be dire for the nation itself. Recent high-profile extortive attacks led to runs on East Coast gas stations and threatened meat supplies .”

Tags: Ransomware

Risk

Hit By a Ransomware Attack? Your Payment May Be Deductible

Bloomberg

“As ransomware attacks surge, the FBI is doubling down on its guidance to affected businesses: Don’t pay the cybercriminals. But the U.S. government also offers a little-noticed incentive for those who do pay: The ransoms may be tax deductible. The IRS offers no formal guidance on ransomware payments, but multiple tax experts interviewed by The Associated Press said deductions are usually allowed under law and established guidance. It’s a “silver lining” to ransomware victims, as some tax lawyers and accountants put it. But those looking to discourage payments are less sanguine. They fear the deduction is a potentially problematic incentive that could entice businesses to pay ransoms against the advice of law enforcement. At a minimum, they say, the deductibility sends a discordant message to businesses under duress.”

Tags: Ransomware

Risk

Tax Refunds and Stimulus Checks Delayed by Identity Fraud Crossfire

CNBC

“It’s unclear how many taxpayers’ refunds have been delayed during the 2021 filing season. But it’s an issue for a growing number of Americans. The IRS flagged 5.2 million tax refunds for fraud last year, a nearly 50% increase over 2019, according to the Taxpayer Advocate Service, an independent organization within the IRS. Of those, about 1.9 million were flagged for identity screening. (The rest were earmarked for income verification.) Basically, the IRS wants to ensure a crook isn’t using a taxpayer’s identity to claim a tax refund. The agency mails letters (either a 5071C or 6331C letter ) to taxpayers if it suspects foul play. The IRS can’t process a tax return or issue a refund until the person responds. However, most flagged returns aren’t fraudulent. In 2019, 63% of the refunds vetted for identity theft turned out to be legitimate, according to the Taxpayer Advocate Service.”

Tags: Identity verification

Risk

Stripe Newsroom: Stripe Launches Stripe Identity, an Identity Verification Tool to Increase Trust Online

“Stripe today announced the launch of Stripe Identity, the easiest way for internet businesses to securely verify the identities of users from over 30 countries. As more economic activity happens online, the need for internet businesses to establish and maintain high levels of trust increases commensurately. Online businesses frequently need to verify the identities of their users to comply with age requirements or “Know Your Customer” (KYC) laws—and to increase trust and safety by reducing fraud, preventing account takeovers, and stopping bad actors.”

Tags: Identity verification

Risk

Santander Pushes Back at Which? Over APP Scam Reimbursement Rates

Finextra Research

“Santander has pushed back against calls from Which? for banks to publish figures on the proportion of customers they refund for authorised push payment (APP) fraud, arguing that looking at reimbursement rates in isolation could present a “misleading” picture. APP scams have been on the rise during the Covid-19 pandemic, with losses hitting nearly half a billion pounds in 2020.Many of the UK’s biggest banks and building societies are signed up a voluntary code, which is based on the principle that blameless victims of bank transfer scams should be reimbursed their losses.”

Tags: Authorized push payment fraud (APP)

Risk

HSBC UK Launches Fraud Awareness App for Businesses

Finextra Research

“HSBC has launched a fraud awareness app to provide businesses with up-to-the-minute news on emerging scams. As well as sending users notifications on new scams and fraud tactics, the free app also includes advice and tips on how to avoid falling victim to fraud and provides real-life stories from customers…Developed in concert with business clients, the app is being released to all businesses – whether HSBC clients or not – after a six-month pilot trial which received positive feedback from users.”

Tags: Risk management

Risk

AmEx Expands Its Fraud Detection Application to Three Major Platforms

Digital Transactions

“In an effort to stymie card-not-present fraud, which has been on the rise during the Covid-19 pandemic, American Express Co. on Wednesday announced its Enhanced Authorization fraud-detection application is being made available to three major platforms—those of Accertify Inc., Microsoft Corp., and Riskified Ltd.—via an application programming interface…AmEx’s software enables merchants to share digital attributes that can help validate a transaction and cardholder, such as the customer’s email, Internet protocol and shipping address, and phone number. Including such attributes in a fraud screen, along with other data gathered by AmEx, can reduce online fraud by as much as 60% and increase approval rates by an average of 50 basis points, AmEx says.”

Tags: Ecommerce fraud

Deals Risk

Forter Raises $300M on a $3B Valuation to Combat E-commerce Fraud

TechCrunch

“E-commerce is on the rise, but that also means the risk, and occurrence, of e-commerce fraud is, too. Now, Forter , one of the startups building a business to tackle that malicious activity, has closed $300 million in funding — a sign both of the size of the issue, and its success in tackling it to date. The new funding, a Series F, values Forter at $3 billion — notable not least because the funding is coming only about six months since Forter’s previous round , a $125 million Series E that valued it at over $1.3 billion.”

Tags: Ecommerce fraud

Deals Risk

Sift to Acquire Chargeback, Providing Merchants With Complete Protection Against Payment Fraud

“Sift , the leader in Digital Trust & Safety, today announced that it has signed a definitive agreement to acquire Chargeback , the pioneer in real-time dispute management for merchants. The two companies are coming together as both e-commerce growth and payment fraud are accelerating, and as the Fraud Economy—the sophisticated and interconnected network of cybercriminals and their methods—has rapidly expanded.”

Tags: Ecommerce fraud

Risk

Phishing Attacks on the Financial Sector Increased 45% in 2020, Akamai Report Finds

Digital Transactions

“While some parts of the economy slowed in 2020, criminals paid no mind to that as their phishing attacks against companies in the financial sector increased 45% over 2019 to 3.4 billion, Akamai Technologies Inc. found in its “State of the Internet / Security report: Phishing for Finance” released Wednesday. Overall, Akamai tallied 193.5 billion credential-stuffing attacks globally in 2020. In credential stuffing , criminals pull data from a database containing valid passwords and usernames and attempt to get into a consumer’s online accounts, without much operator action.”

Tags: Phishing

Risk Security

Hackers Using Text Messaging to Target Retailers

PaymentsSource

“The most sophisticated cyberattacks can begin with something as simple as a text message. It’s more common in retail than in other industries for the attacker to use text messaging to trick a retail employee into initiating a money transfer, according to the 2021 Verizon Data Breach Investigations Report… With criminals motivated to seek retail targets as a way to cash in on exposed payment card data and personal information, Verizon cited system intrusion, social engineering and basic web application attacks as being the most common in 77% of the retail breaches. Through the work of 83 contributing organizations, the Verizon investigators analyzed 79,635 security incidents across various industries, of which 29,207 met standards for further research — with 5,258 being confirmed breaches highlighted for data in this year’s report.”

Tags: Phishing Social engineering

Risk Systems

Binance Faces Probe by U.S. Money-Laundering and Tax Sleuths

Bloomberg

“Binance Holdings Ltd. is under investigation by the Justice Department and Internal Revenue Service, ensnaring the world’s biggest cryptocurrency exchange in U.S. efforts to root out illicit activity that’s thrived in the red-hot but mostly unregulated market. As part of the inquiry, officials who probe money laundering and tax offenses have sought information from individuals with insight into Binance’s business, according to people with knowledge of the matter who asked not to be named because the probe is confidential.”

Tags: Cryptocurrencies Money laundering

Risk

Payment Fraud Fears Grow; 65% of Consumers More Concerned About Fraud Than Before COVID-19, According to New Marqeta Survey

“As the pandemic drove consumers online en masse to make purchases, consumer anxiety around fraud saw a considerable spike, according to a new survey by Marqeta , the global modern card issuing platform. The company surveyed 2,000 consumers across the United States and United Kingdom about their experiences and attitudes toward payment fraud and how they felt about the threat of fraud in the aftermath of COVID-19.”

Tags: Payments fraud

Risk Security

Request for Proposal to Find a Service Provider to Establish and Maintain the EPC MISP Instance

“The European Payments Council (EPC), as a scheme manager, endeavours to adequately address fraud risks in the context of its Single Euro Payments Area (SEPA) payment schemes. Therefore, in February 2021, the EPC decided to develop a SEPA-wide “Malware Information Sharing Platform” (“MISP”) instance for real-time fraud information sharing with direct browser access by all SEPA payment scheme participants. Today, the EPC launches a public request for proposal to find a reliable independent service provider to which the EPC can outsource the management and the maintenance of the EPC MISP instance.”

Tags: Malware

Risk

Wirecard employees removed millions in cash using shopping bags

FT

“Wirecard employees hauled millions of euros of cash out of the group’s Munich headquarters in plastic bags over a period of years, according to former employees, suggesting that the payments company was looted even more brazenly than previously known. The once high-flying fintech, which at its peak was worth €24bn, went bust last summer in one of Germany’s biggest accounting frauds. It collapsed after discovering that €1.9bn of corporate cash did not exist and that parts of its business in Asia were a sham.”

Tags: Payments fraud

Risk

WSJ News Exclusive | Ransomware Targeted by New Justice Department Task Force

Wall Street Journal

“The Justice Department has formed a task force to curtail the proliferation of ransomware cyberattacks, in a bid to make the popular extortion schemes less lucrative by targeting the entire digital ecosystem that supports them. In an internal memorandum issued this week, Acting Deputy Attorney General John Carlin said ransomware poses not just an economic threat to businesses but “jeopardizes the safety and health of Americans.” By identifying ransomware as a priority, the task force will increase training and dedicate more resources to the issue, seek to improve intelligence sharing across the department, and work to identify “links between criminal actors and nation-states,” according to the memorandum.”

Tags: Ransomware

Domains Risk

Forter Partners With Flutterwave to Drive ECommerce Growth Across Africa and Beyond

“Forter , the leader in e-commerce fraud prevention, has announced a partnership with Flutterwave, Africa’s leading payments technology company. The partnership, the first of its kind in Africa, will enable merchants to accurately identify legitimate buyers from fraudsters, resulting in increased transaction approvals and reduced friction in the purchasing experience, all without the fear of fraud.”

Tags: Ecommerce fraud Remote Commerce

Deals Domains Risk

Signifyd Closes $205M Investment in Commerce Protection

“With the $205 million funding round that Signifyd announced today, the fraud and consumer abuse leader is among the companies that will lead ecommerce into a new era marked by new consumer habits and new requirements for retailers…In the years since, they have consistently extended the sort of guaranteed protection Signifyd provides merchants. The company’s move now to extend its identity-centric commerce protection and payment optimization deeper into the payment journey is the next logical step in what Ramanand and Liberty set out to do.”

Tags: Ecommerce fraud Remote Commerce

Companies Risk

PayPal Rolls Out New Fraud Management Tools for Merchants | ZDNet

ZDNet

“PayPal is launching a new suite of fraud management features for mid-market and enterprise businesses that aims to help combat the rise in online payments fraud brought on by the pandemic… According to PayPal, its new Fraud Protection Advanced service uses device fingerprinting, machine learning and analytics to help businesses identify, investigate, resolve and mitigate fraudulent transactions. The technology allows for real-time data modeling to help businesses spot shifting fraud patterns, and enables high fraud decisioning performance that can lead to lower chargebacks and false declines.”

Tags: Ecommerce fraud PayPal

Risk

How Online Scammers Fooled One of Africa’s Biggest Fintech Startups

Quartz

“In Nigeria, for example, Paystack requires prospective customers to submit the bank verification number (BVN) of any director or trustee, the certificate of registration from the Corporate Affairs Commission, the Nigerian agency responsible for the registration of for-profit and nonprofit organizations, and a corporate bank account. Similar requirements also apply to Ghana and South Africa where the company has extended its service. It’s not entirely clear whether Paystack failed to properly vet the scammers, or whether current rules are not stringent enough to detect dubious customers.”

Tags: Ecommerce fraud

Risk Security

Rabobank and ABN Amro Target Privacy-friendly Data Analysis

Finextra Research

“ABN Amro and Rabobank are working with research outfit TNO to test technology that lets banks share data used for detecting financial crime while still respecting clients’ privacy. The partners are experimenting with ways of monitoring transactions between clients at different banks without sharing the risk scores that they assign their customers.”

Risk

Federal Reserve System Announces Industry-Recommended Definition of Synthetic Identity Fraud

“The Federal Reserve today announced an industry-recommended definition of synthetic identity fraud, which was developed by a focus group of fraud experts in response to a widespread issue: differing definitions in use make it difficult to identify and address this type of fraud…The industry-recommended definition of synthetic identity fraud (SIF) is the use of a combination of personally identifiable information (PII) to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.”

Tags: Synthetic identity

Risk Security

MobiKwik Investigating Data Breach After 100M User Records Found Online

TechCrunch

“MobiKwik said on Tuesday it was investigating claims of data breach after a website claimed to have exposed private information of nearly 100 million users of the Indian mobile payments startup . Over the weekend, a site on the dark web claimed it had 8.2 terabytes of MobiKwik user data. The data included phone numbers, email addresses, scrambled passwords, transactions logs and partial payment card numbers. The website also claimed that it had “know your customer” (KYC) documents (government-issued Aadhaar card or PAN ID) of 3.5 million users, and each visit to the website displayed four random images from the data dump.”

Tags: Data breach

Risk

APP Fraud Continues to Rise As Criminals Target Bank Customers Online

Finextra Research

“The amount of money lost to victims of authorised push payments fraud in the UK rose to £479 million in 2020, as criminals used the Covid-19 pandemic to target people online. The APP fraud losses documented by UK Finance are up five per cent on the previous year, with the number of cases increasing by 22% to almost 150,000 in 2020.Banks were able to return £206.9 million of the losses from APP fraud to victims, over three quarters more than the sum returned in 2019.”

Tags: Push payment fraud

Risk

Covid-related Fraud Has Cost Americans $382 Million

CNBC

“Fraud linked to the Covid pandemic has cost Americans $382 million, according to the Federal Trade Commission. As of Tuesday, more than 217,000 people had filed a coronavirus-related fraud report with the agency since January 2020, according to federal data. The median loss was $330.   However, losses skewed higher for seniors — $500 for people in their 70s and $900 for those in their 80s.”

Tags: Identity theft

Risk

Crypto-Friendly Fintech Wirex Temporarily Pauses Recruiting New UK Customers

“The Fintech company Wirex has announced its decision to voluntarily pause new UK customers of its popular app as of 24th March 2021. The pause is a temporary measure and follows constructive dialogue with the Financial Conduct Authority (FCA), the UK regulator.  From this date, Wirex will temporarily pause accepting new clients who are resident in the UK. The company – which serves nearly 3.5 million customers worldwide – will dedicate resources to further strengthen its 5AMLD (Fifth Anti-Money Laundering Directive) compliance protocols, conforming with the updated best practice guidelines set by the UK regulator.”

Tags: Money laundering

Deals Risk

Leading Financial Risk Management Platform Feedzai Raises $200 Million Growth Investment Led by KKR

“Feedzai , the world’s leading cloud-based financial risk management platform, today announced a $200 million Series D investment round led by leading global investment firm KKR , with participation from existing investors Sapphire Ventures and Citi Ventures…Feedzai’s platform is used by the world’s leading financial institutions, payment providers, and merchants to manage the risk of financial crime while enabling an optimized experience for end-users. The core of Feedzai’s offering is its artificial intelligence and machine learning platform, which processes customer and third-party data to identify, assess, and accelerate the remediation of potential threats.”