Risk Security

Malicious Script Steals Credit Card Info Stolen by Other Hackers

BleepingComputer

“A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer. Credit card skimmers (aka payment card skimmers or Magecart scripts) are JavaScript scripts that cybercrime groups known as Magecart groups inject into hacked e-commerce sites as part of web skimming (also known as e-skimming) attacks.”

Tags: Skimming

Security

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

KrebsOnSecurity

“ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure.”

Security

Payments Pioneer’s Vision: Use AI to Link Digital ID, Banks

PaymentsSource

“Will Graylin’s new company OV Loop wants to use artificial intelligence — including the platform it just inherited with its PayFi acquisition — to connect digital ID to in-app payments, making it easier for banks to work with third-party wallets.”

Tags: Digital ID

Security

BNP Paribas to Offer Biometric Payment Cards to Premier Card Customers

NFCW

“BNP Paribas Visa Premier card customers will soon have the option of upgrading to a biometric payment card for an additional fee of €24 (US$29) a year, the French bank has revealed. The biometric card is equipped with a sensor that enables users to authenticate payments of any amount with their fingerprint rather than a PIN, although the card will retain a PIN authentication option.”

Tags: Biometrics

Security

Checkbook Partners With Plaid to Enable Seamless Enterprise Onboarding

“Checkbook.io , a payments processor specializing in sending push payments, today announced a partnership with Plaid, a data network powering thousands of digital financial tools, so that Plaid’s customers can use Checkbook’s payment rails to instantly verify their customer accounts when initiating payments.”

Tags: Account verification

Deals Security

Equifax Announces Definitive Agreement to Acquire Kount

“Equifax ® (NYSE: EFX ) a global data, analytics and technology company has signed a definitive agreement to acquire Kount, a provider of Artificial Intelligence (AI)-driven fraud prevention and digital identity solutions, for $640 million. As global digital transformation accelerates, driving customer interactions to digital channels in record numbers, businesses require new ways to establish digital identity trust in real time to fight the growing problem of online fraud while reducing customer friction.”

Tags: Digital ID

Security

The Company That Processes Payments for Amazon and Swiggy Has Reported a Data Leak of Over 100 Million Debit and Credit Cardholders

Business Insider

“In what could be a major data breach, information of over 100 million debit and credit card users from payments processor Juspay has leaked on the dark web. Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip among others.The leaked data is in the form of a data dump and has been leaked through a compromised server of Juspay. Juspay has confirmed the data leak in its official blog post, outlining the details of the breach.”

Tags: Data security

Regulation Security

Privacy Watchdog Releases Damning Report Into Massive Desjardins Data Breach

Finextra Research

“A data breach at Desjardins – the largest ever in the Canadian financial services sector – was caused by a series of gaps in administrative and technological safeguards, according to an investigation by the Office of the Privacy Commissioner of Canada (OPC).”

Tags: Cybersecurity

Security

Thousands of fraudsters are selling via Shopify, analysis finds

Financial Times

“Tens of thousands of sellers are using the ecommerce platform Shopify to scam consumers and sell counterfeit goods, after the company’s rapid growth has left it exposed to fraudsters. According to the ecommerce authentication service FakeSpot, which analysed more than 120,000 Shopify sites, as many as 21 per cent posed a risk to shoppers.”

Tags: Cybersecurity

Security

Microsoft and McAfee Headline Newly-formed ‘Ransomware Task Force’

ZDNet

“A group made up of 19 security firms, tech companies, and non-profits, headlined by big names such as Microsoft and McAfee, have announced on Monday plans to form a new coalition to deal with the rising threat of ransomware. Named the Ransomware Task Force (RTF), the new group will focus on assessing existing technical solutions that provide protections during a ransomware attack.”

Security

Database Containing Personal Information of Over 270,000 Ledger Customers Released on RaidForums

The Block

“A database containing the personal information of over 270,000 Ledger customers has been published on RaidForums, a marketplace for buying, selling, and sharing hacked information. The database, reviewed by The Block, contains the emails, physical addresses, and phone numbers of Ledger hardware wallet buyers.”

Tags: Data security

Security

Suspected Russian hackers spied on U.S. Treasury emails – sources

Reuters

“Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg.”

Tags: Cybersecurity

Security

Worldpay from FIS and Visa Collaborate to Strengthen Digital Commerce Security and Convenience

“FIS ® (NYSE: FIS) today launched its token management service, offering online merchants and partners access to Visa Token Service to protect their payments environment and strengthen their digital commerce strategy. The service provides clients with access to industry-leading tokenization capabilities from Visa, which can help reduce risk of data theft while helping to retain customers through uninterrupted commerce and enhancing card not present authorization rates.”

Tags: Tokenization

Companies Security

Adyen and Microsoft Launch Network Token Optimization

“Adyen (AMS: ADYEN), the global payments platform of choice for many of the world’s leading companies, expands its collaboration with Microsoft to accelerate payments innovation for both companies with the launch of Adyen Network Token Optimization. Adyen is one of the first payment platforms to enable tokenized payments across multiple schemes and to offer automated optimization of the use of tokens to increase authorization rates. By adopting Network Token Optimization, merchants like Microsoft are able to realize significantly more revenue due to increased authorization rates.”

Tags: Adyen Tokenization

Security

Banks See Billion-Dollar Cyber Costs Soaring Even Higher in 2021

Bloomberg (paywall)

“Big banks and other financial firms predict the cost of warding off cyber criminals will keep climbing in 2021 as they work to secure digital financial services popularized by the pandemic. Cybersecurity topped the list of expected budget increases in a survey of technology spending conducted by Deloitte & Touche LLP, with 64% of executives at financial firms around the globe forecasting a rise. Part of the survey results was made available to Bloomberg News in advance of the December release.”

Tags: Cybersecurity

Companies Global Security

Mastercard introduces contactless payment on SBI Card App

“Mastercard and SBI Cards & Payment Services Ltd. (SBI Card) today announced the launch of contactless payments on the SBI Card app. This is the first-ever app of a credit card issuer in India to use Mastercard’s tokenization platform, Mastercard Digital Enablement Service (MDES), that allows payment credentials to be securely tokenized and stored in mobile devices. With this service in place, SBI Card Mastercard cardholders need not carry physical cards and can transact at any contactless point of sale terminal using their mobile.”

Tags: India Mastercard Tokenization

Security

SmartMetric, Maker of Biometric Secured Credit and Debit Cards, Reports Projected $57.080 Trillion in Card Transactions by 2023 With $35.67 Billion in Card Fraud Losses

“SmartMetric, Inc. (OTCQB: SMME) reports fraud losses worldwide reached $27.85 billion in 2018 and are projected to rise to $35.67 billion in five years and $40.63 billion in 10 years according to The Nilson Report, the leading global card and mobile payments trade publication…SmartMetric has embedded a fully functional fingerprint scanner inside the standard chip-based credit and debit card. It allows the card to be locked and only able to be used following the legitimate cardholder touching the sensor on the card’s surface triggering a sub second fingerprint scan and match with the users pre-stored fingerprint stored inside the card.”

Tags: Biometrics

Companies Security

Mastercard and Optus Bring Digital Identity to the Australian Telecommunications Industry

“Mastercard and Optus today announced a strategic partnership to provide customers a simpler and more secure way to prove their identity online and in-store. In using ID , the Mastercard digital identity service, Optus will strengthen its identity verification and authentication process while retaining its best-in-class, digital-first customer experience.”

Tags: Digital ID Mastercard

Risk Security

Fraud Prevention Made Even Stronger with the Launch of LexisNexis Emailage

“LexisNexis® Risk Solutions today announced the availability of LexisNexis® Emailage® , a powerful fraud risk scoring solution fueled by email intelligence to help companies balance a seamless user experience with robust fraud detection and prevention capabilities. This solution helps solve both of these challenges by allowing organizations to confidently assess risk, approve transactions faster and more effectively outsmart quickly changing fraud tactics within digital transactions.”

Risk Security

Ticketmaster fined £1.25m over payment data breach

BBC

“Ticketmaster UK has been fined £1.25m for failing to keep its customers’ personal data secure. The fine was issued by the Information Commissioner’s Office (ICO) following a cyber-attack on the Ticketmaster website in 2018. The ICO said personal information and payment details had potentially been stolen from more than nine million customers in Europe. Ticketmaster said it would appeal against the ruling. An investigation found a vulnerability in a third-party chatbot built by Inbenta Technologies, which Ticketmaster had installed on its online payments page.”

Tags: Data breach

Domains Security

PAAY and Bluefin Join Forces to Dramatically Advance Remote Commerce Security

“Bluefin, the leader in encryption and tokenization payment and data security, and PAAY, innovator in consumer authentication, announced today a new security solution set that eliminates the threat of hackers and online fraud, while providing regulatory compliance. The solution set combines 3DS, hardware-based encryption, and vaultless tokenization to provide merchants a liability shift, strong customer authentication, data confidentiality, and compliance with the General Data Protection Regulation (GDPR) and the Payment Services Directive 2 (PSD2).”

Tags: 3D Secure Remote Commerce

Global Security

Ten Spanish companies join forces to promote digital identity using blockchain technology

“Ten leading Spanish companies are working together to develop a self-managed digital identity model with blockchain technology, which will bring Spain to the fore in this kind of development.  The project, including Banco Santander, Bankia, BME, CaixaBank, Inetum, Liberbank, Línea Directa Aseguradora, Mapfre, Naturgy and Repsol, and also the Alastria consortium, will give users control over their personal data, making digital identity self-managed by each person in a secure and reliable manner a reality.”

Tags: Identity Spain

Security

Mastercard Launches AI-Powered Solution To Protect The Digital Ecosystem

“Mastercard today announced Cyber Secure, a first-of-its-kind, AI-powered suite of tools that allows banks to assess cyber risk across their ecosystem and prevent potential breaches. With these capabilities, banks can identify and prioritize threats and vulnerabilities throughout their cyber environment. Additionally, acquiring banks can help merchants understand their own cyber risk, preventing hundreds of millions of dollars in potential fraud.”

Tags: Cybersecurity

Companies Security

Mastercard, IDEMIA and MatchMove Pilot Fingerprint Biometric Card in Asia to Enhance Security and Safety of Contactless Payments

“Mastercard has teamed up with IDEMIA, the global leader in Augmented Identity, and MatchMove, a Singapore-based fintech, on their first pilot in Asia of a biometric card that uses a fingerprint to authorize transactions at in-store payment terminals. The card, with the product name F.CODE Easy, takes the seamless and intuitive experience of biometric authentication from a smartphone to a smart card. It makes transactions more convenient, safe and secure by eliminating the need for a cardholder to provide a PIN number or signature, thereby reducing touch points in public places.”

Tags: Biometrics Mastercard

Security

Amazon One Lets You Pay with Your Palm

The Verge

“Amazon is unveiling its own palm recognition technology today that will be used initially to turn your hand into a personal credit card inside the company’s physical retail stores. Amazon One uses the palm of your hand to identify you, using a combination of surface-area details like lines and ridges, alongside vein patterns to create a “palm signature.””

Tags: Biometrics

Security

Shopify Says Two Support Staff Stole Customer Data from Sellers

TechCrunch

“Shopify has confirmed a data breach, in which two “rogue members” of its support team stole customer data from at least 100 merchants. In a blog post, the online shopping site said that its investigation so far showed that the two employees, who have since been fired, were “engaged in a scheme to obtain customer transactional records of certain merchants.” Shopify said it had referred the matter to the FBI.”

Tags: Data security

Security

1Password and Privacy.com Partner to Automatically Provide Unique Payment Credentials

“Two companies founded on security and privacy are partnering to make online payments quicker and safer. Leading password manager 1Password and virtual card platform Privacy.com today announced an API integration  that lets users create virtual cards in their browser quickly and safely when they need to make a payment.”

Tags: Data security

Security

In China, Paying With Your Face Is Hard Sell

Wall Street Journal (paywall)

“Ant Group Co., which revolutionized China’s payments industry , is learning how hard it is to separate people from their mobile phones. Three years ago, the financial-technology giant controlled by billionaire Jack Ma embarked on an ambitious and costly effort to install facial-recognition devices at retailers that would allow people to make payments by smiling at a screen without having to use their phones.”

Tags: Facial recognition

Security

Peasypay: The European Solution for Biometric Payments by EIT Digital

“PeasyPay, a startup launched by EIT Digital, is letting people pay by just showing their faces and taking a picture of the palm of their hands. The system was first rolled out in Budapest and is currently being piloted in Guadalajara, Spain. Slovenia and the UK will follow. No wallet, smartphone or credit card needed. European customers will be able to enter a shop, choose what they want and pay without having any of the above with them.”

Tags: Biometrics

Security

Banks Work with Fintechs to Counter ‘Deepfake’ Fraud

Financial Times

“Banks and fintech groups are setting up partnerships to combat the use of doctored video and audio content by fraudsters, as research shows such ‘deepfake’ crimes are the biggest worry among customers. HSBC this week became the latest bank to sign up to a biometric identification system, developed by technology firm Mitek and offered through a partnership with Adobe. It will be introduced by HSBC’s US retail banking operation to check the identities of new customers, using live images and electronic signatures. Chase, ABN Amro, Caixa Bank, Mastercard and Anna Money are among those that have incorporated Mitek’s biometric checks.”

Tags: Biometrics Identity