Risk

How the Pandemic Helped Drive a Startling Increase in Identity Theft Losses

Digital Transactions

“Some 47% of U.S. adults have reported identity theft over the past two years, while the fraud’s toll ballooned to $712.4 billion in 2020, up 42% from 2019, according to a report released Tuesday by Aite Group, a Boston-based research and consulting firm, and sponsored by Giact, an Allen, Texas-based financial-services security firm. The startling rise in this fraud stems at least in part from the onrush of e-commerce transactions and other card-not-present activity following the arrival of the coronavirus pandemic in March last year, earlier reports have said .”

Tags: Identity theft

Risk

Checkout Skimmers Powered by Chip Cards

KrebsOnSecurity

“Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely.”

Tags: Skimming

Risk Security

McDonald’s, Sift Partner on International Mobile Ordering

www.qsrweb.com

“McDonald’s has partnered with digital trust and safety provider, Sift , to safeguard and streamline the customer experience on the QSR’s mobile app in select countries across Europe, Asia, Africa and Oceania, a news release said. Through the partnership, McDonald’s will have access to Sift’s machine-learning technology and global data network for customers using its mobile order-ahead and contactless payment options, which have both increased in popularity since the pandemic.”

Risk

Synthetic IDs Are Key to Solving Fraud’s Whack-a-mole Game

American Banker

“Credit card and bank account fraud have soared during the pandemic, with fraudsters intercepting consumer data via retail and banking disruptions and worsening synthetic ID fraud. Lenders say synthetic ID fraud risk will be their top area of concern for the next two years, according to a new study by Aite Group, with nearly three-quarters of institutions ranking it as a top challenge.”

Tags: Synthetic identity

Risk

Citibank Just Got a $500 Million Lesson in the Importance of UI Design

Ars Technica

“A federal judge has ruled that Citibank isn’t entitled to the return of $500 million it sent to various creditors last August. Kludgey software and a poorly designed user interface contributed to the massive screwup. Citibank was acting as an agent for Revlon, which owed hundreds of millions of dollars to various creditors. On August 11, Citibank was supposed to send out interest payments totaling $7.8 million to these creditors.”

Risk Security

Bluetooth Overlay Skimmer That Blocks Chip

KrebsOnSecurity

“As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.”

Tags: Skimming

Risk Security

Malicious Script Steals Credit Card Info Stolen by Other Hackers

BleepingComputer

“A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer. Credit card skimmers (aka payment card skimmers or Magecart scripts) are JavaScript scripts that cybercrime groups known as Magecart groups inject into hacked e-commerce sites as part of web skimming (also known as e-skimming) attacks.”

Tags: Skimming

Risk

New Data Shows FTC Received 2.2 Million Fraud Reports From Consumers in 2020

“The Federal Trade Commission received more than 2.1 million fraud reports from consumers in 2020, according to newly released data, with imposter scams remaining the most common type of fraud reported to the agency. Online shopping was the second-most common fraud category reported by consumers, elevated by a surge of reports in the early days of the COVID-19 pandemic. Internet services; prizes, sweepstakes, and lotteries; and telephone and mobile services rounded out the top five fraud categories.”

Tags: Ecommerce fraud

Risk

Capital One Fined $290M for ‘willful’ Anti-money-laundering Failures

American Banker

“Capital One Financial has been hit with a $290 million penalty after admitting to the U.S. Treasury Department that it willfully violated anti-money laundering requirements between 2008 and 2014. The problems, which involved a unit that served cash-checking businesses and has since been shut down, were first revealed years ago. But documents released Friday by Treasury’s Financial Crimes Enforcement Network contained new details, including Capital One’s admission that it failed to file suspicious activity reports even when it knew about criminal charges against specific customers.”

Tags: Money laundering

Risk

German Police Take Down ‘World’s Largest Darknet Marketplace’

Barrons

“A German-led police sting has taken down the “world’s largest” darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware, prosecutors said Tuesday. At the time of its closure, DarkMarket had nearly 500,000 users and more than 2,400 vendors worldwide, as the coronavirus pandemic leads much of the street trade in narcotics to go online.”

Risk

Money Laundering Via Author Impersonation on Amazon?

KrebsOnSecurity

“Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish.”

Tags: Money laundering

Risk

Scammers Have Taken $36 Billion in Fraudulent Unemployment Payments From American Workers

CNBC

“The U.S. has pumped billions of dollars into the unemployment system since the spring — a magnet for criminals that’s led to surging theft and fraud attacks. This has contributed to at least $36 billion being taken from out-of-work Americans.  Now, the federal government and states are clamping down. The $900 billion Covid relief package signed last month adds steps for workers to prove their eligibility for benefits.”

Tags: Identity theft

Risk

U.S. Congress bans anonymous shell companies

Reuters

“The U.S Senate on Friday passed a bill overhauling anti-money laundering rules and banning anonymous shell companies, a victory for law enforcement and rights groups which have long sought changes to make it easier to police illicit money flows. The bill requires most companies to report their true beneficial owners to the government, allows greater information sharing between law enforcement and regulators, and authorizes the use of new suspicious activity monitoring tools.”

Tags: Money laundering

Risk

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

“Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.”

Tags: Ransomware

Risk Systems

Criminals getting smarter in use of digital currencies to launder money

Reuters

“Criminals are becoming more sophisticated in their use of cryptocurrencies to launder money, with hundreds of millions of dollars of dirty funds last year flowing through digital wallets that allow users to hide their trail, according to Elliptic. At least 13% of all criminal proceeds in bitcoin passed through privacy wallets – which make it harder to track cryptocurrency transactions – in 2020, up from 2% in 2019, according to a study by the digital currency forensics firm.”

Tags: Cryptocurrencies Money laundering

Risk

A hacker is selling access to the email accounts of hundreds of C-level executives

ZDNet

“A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week.”

Tags: Business Email Compromise (BEC)

Risk

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

“Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.”

Tags: Phishing

Deals Risk

Forter raises $125 million at a $1.3 billion valuation to combat ecommerce fraud with AI

VentureBeat

“Forter , an automated fraud detection platform for ecommerce , has raised $125 million in a series E round that values the company at over $1.3 billion. The raise comes as ecommerce transactions surge under pandemic-driven lockdowns. But the throngs of people jumping online to shop have opened the floodgates to fraud . Recent data suggests digital fraud attacks have doubled in 2020, while the U.K. reported that financial fraud attempts rose by up to a third as the country entered lockdown.”

Tags: Ecommerce fraud

Deals Risk

Nasdaq to Acquire Verafin, Creating a Global Leader in the Fight Against Financial Crime

“Nasdaq, Inc. (Nasdaq: NDAQ), a global technology company, and Verafin , an industry pioneer in anti-financial crime management solutions, today announced that they have entered into a definitive agreement for Nasdaq to acquire Verafin for US$2.75 billion in cash, subject to customary adjustments. The agreement will combine Verafin’s comprehensive suite of anti-financial crime management products with Nasdaq’s reach and established regulatory technology leadership to create a global SaaS leader in the fight against financial crime, a worldwide problem that demands innovative action.”

Tags: Money laundering

Risk

Criminals launder coronavirus relief money, exploit victims through popular apps

CNBC

“Criminals are laundering illegally obtained funds meant for Covid-19 relief through the most popular apps for legally sending and receiving money, law enforcement officials say. Cash App, Venmo, Zelle and PayPal have become portals to easily move money, making transactions more difficult to trace.”

Tags: Money laundering

Companies Risk

Keyno, Michigan State University Federal Credit Union, and Visa Launch Pilot Program Offering New Approach to Online Payment Security

“With e-commerce increasing sharply in the midst of the COVID-19 pandemic, a less positive trend has followed – an increase in fraud related to online and in-app purchases. Keyno, maker of CVVkey™ technology that uses dynamic card verification value 2 (CVV2) code technology, today announced a pilot program with Michigan State University Federal Credit Union (MSUFCU) and Visa to help prevent card-not-present fraud.”

Tags: Card fraud Visa

Risk Security

Fraud Prevention Made Even Stronger with the Launch of LexisNexis Emailage

“LexisNexis® Risk Solutions today announced the availability of LexisNexis® Emailage® , a powerful fraud risk scoring solution fueled by email intelligence to help companies balance a seamless user experience with robust fraud detection and prevention capabilities. This solution helps solve both of these challenges by allowing organizations to confidently assess risk, approve transactions faster and more effectively outsmart quickly changing fraud tactics within digital transactions.”

Risk Security

Ticketmaster fined £1.25m over payment data breach

BBC

“Ticketmaster UK has been fined £1.25m for failing to keep its customers’ personal data secure. The fine was issued by the Information Commissioner’s Office (ICO) following a cyber-attack on the Ticketmaster website in 2018. The ICO said personal information and payment details had potentially been stolen from more than nine million customers in Europe. Ticketmaster said it would appeal against the ruling. An investigation found a vulnerability in a third-party chatbot built by Inbenta Technologies, which Ticketmaster had installed on its online payments page.”

Tags: Data breach

Risk

Acuant Launches Acuant®GO No Code IDV and KYC Solutions for Agile Digital Transformation

“Acuant , a leading global provider of identity verification solutions, today announced the launch of Acuant®GO , a suite of no code solutions. Acuant®GO delivers the power of the Acuant’s Trusted Identity Platform at lightning speed. It is the fastest way to go-to-market and deploy mobile and web identity verification and KYC/AML that meet regulatory, business and customer needs.”

Tags: Identity verification

Risk

LexisNexis® Risk Solutions Delivers Fraud Detection Capabilities and Insight into Identity Event and Application Activity through New LexisNexis® Fraud Intelligence Product

“LexisNexis® Risk Solutions today announced LexisNexis® Fraud Intelligence , the newest addition to the company’s suite of fraud and identity products. LexisNexis Fraud Intelligence is a non-FCRA solution that helps organizations mitigate new account fraud risk by bringing together identity events and consumer application activity to arrive at a comprehensive, powerful score that offers complete view of identity. The new tool limits friction for legitimate consumers because it can identify applications in real-time that are most likely fraudulent.”

Tags: Identity verification

Risk

This new malware uses remote overlay attacks to hijack your bank account

ZDNet

“Researchers have uncovered a new form of malware using remote overlay attacks to strike Brazilian bank account holders. The new malware variant, dubbed Vizom by IBM, is being utilized in an active campaign across Brazil designed to compromise bank accounts via online financial services.”

Tags: Malware

Risk

Card details for 3 million Dickey’s customers posted on carding forum

ZDNet

“The card details of more than three million customers of Dickey’s Barbecue Pit, the largest barbecue restaurant chain in the US, have been posted this week on a carding and fraud marketplace known as Joker’s Stash. The discovery was made by Gemini Advisory, a cyber-security firm that tracks financial fraud.”

Tags: Card fraud Data breach

Risk

How one family’s nightmare illustrates the growing threat of real estate wire fraud

CNBC

“The couple was hit by what is known as real estate wire fraud, an increasingly common crime. According to the FBI, consumers have lost more than $220 million in schemes like this thus far in 2020, a 13% increase from the same period last year.”

Tags: Wire fraud

Risk

Privacy watchdog to probe Klarna after email backlash

BBC

“The data protection watchdog said numerous people had made it aware of a marketing email Klarna had sent out. It was followed by a message the email had been sent in error, and they had not been added to a marketing database. But recipients asked how the firm had their email address in the first place.”

Tags: Privacy

Risk

When Your Last $166 Vanishes: ‘Fast Fraud’ Surges on Payment Apps

NYTimes

“In the pandemic, people have flocked to instant payment apps like Cash App, PayPal’s Venmo and Zelle as they have wanted to avoid retail bank branches and online commerce has become more ingrained. To encourage that shift, the payment apps have added services like debit cards and routing numbers so that they work more like traditional banks. But many people are unaware of how vulnerable they can be to losses when they use these services in place of banks. Payment apps have long had fraud rates that are three to four times higher than traditional payment methods such as credit and debit cards, according to data from the security firms Sift and Chargeback Gurus.”

Tags: Push payment fraud