Security

North Korean hackers ramp up bank heists: U.S. government cyber alert

Reuters

“North Korean hackers are tapping into banks around the globe to make fraudulent money transfers and cause ATMs to spit out cash, the U.S. government warned on Wednesday. A technical cybersecurity alert jointly written by four different federal agencies, including the Treasury Department and FBI, said there had been a resurgence in financially motivated hacking efforts by the North Korean regime this year after a lull in activity.”

Tags: Cybersecurity

Reports Security

GIACT® Releases Report on Securing Faster Payments, Account Validation

“GIACT®, the leader in helping companies positively identify and authenticate customers, today announced a new report, Securing Faster Payments: Addressing the Account Validation Rule, on the rapid growth of ACH payments, the latest fraud trends surrounding faster payments as well as how to secure ACH transactions. The report comes in advance of Nacha’s upcoming WEB Debit Account Validation Rule, slated to take effect on March 19, 2021, and serves as a guide on how to apply proper account validation measures.”

Tags: Account validation

Security

235M Instagram, TikTok, and YouTube profiles exposed in database breach

TNW

“A databased containing scraped data of nearly 235 million social media users from Instagram, TikTok, and YouTube was exposed without any password protection. It contained user information such as names, contact info, images, and stats about followers. Web scraping is a technique of gathering data from web pages in an automated manner. While it’s not illegal, social media companies prohibit this practice to protect user data.”

Tags: Data security

Security

Marqeta Adds 3D Secure to Its Platform, Providing Customizable Authentication for Online Fraud Mitigation

“Marqeta, the world’s first global modern card issuing platform, announced the release of its new 3D Secure solution. Marqeta 3D Secure will not only help card issuers meet regulatory requirements of Strong Customer Authentication (SCA) under the Payment Services Directive 2 (PSD2) in certain markets, it will also enable these issuers to create tailored cardholder authentication experiences that can help reduce online fraud.”

Tags: 3D Secure

Security

Restaurants & Retailers in Pasadena Establish Nation’s First Pay-by-Face Network

“With California imposing strict restrictions to stem the spread of COVID-19, a number of restaurant and retail store owners in the city of Pasadena have quietly established the nation’s first dense “face-pay” network. These small business owners have embraced an advanced facial recognition technology that lets their customers make secure, hands-free purchases using only their faces.”

Tags: Facial recognition

Security

Instagram Faces Lawsuit Over Illegal Harvesting of Biometrics

Bloomberg (paywall)

“Facebook Inc. is facing new allegations that it illegally harvests the biometric data of users, this time in a lawsuit that targets the company’s photo-sharing app Instagram. Last month, the social media company offered to pay $650 million to settle a lawsuit in which it was accused of illegally collecting biometric data through a photo-tagging tool provided to Facebook users. In the new lawsuit, filed Monday in state court in Redwood City, California, the company is accused of collecting, storing and profiting from the biometric data of more than 100 million Instagram users, without their knowledge or consent.”

Tags: Biometrics

Global Security

Face Verification Technology to Allow SingPass Holders to Sign up for DBS Digital Banking Services Using a Selfie

CNA

“SingPass holders will be able to sign up for DBS’ digital banking services by taking a picture of themselves through the use of face verification technology, following a rise in digital banking amid the COVID-19 pandemic. The pilot programme aims to benefit more than 1 million DBS customers who are SingPass holders and do not use digital banking services, the bank and Government Technology Agency of Singapore (GovTech) said in a news release on Wednesday (Jul 29).”

Tags: Facial recognition Singapore

Security

Germany to Begin Rollout of Open National Digital Identity Service ‘Later This Year’

NFC World

“German consumers with a Galaxy S20 mobile phone will be the first to be able to use a new government-backed service that allows citizens to securely store their national ID on an embedded secure element in their smartphone, Samsung has announced. The smartphone maker is working with the German Federal Office for Information Security (BSI), Bundesdruckerei and Deutsche Telekom Security “to develop a hardware-based security architecture that allows citizens to securely store their National ID on their smartphone as an eID,” the company says.”

Tags: Identity

Security

Accuity and Encompass Corporation Partner to Improve KYC Risk Assessments

“Accuity, the leading global provider of financial crime screening, payments and Know Your Customer (KYC) solutions, and Encompass Corporation, a fast-growing provider of intelligently automated KYC solutions, have announced a strategic partnership to help customers streamline KYC processes, improve the quality of risk assessments and reduce the costs of compliance.”

Tags: KYC

Security

EU Court Blocks Data Pact Amid Fears Over U.S. Surveillance

Bloomberg

“The European Union ’s top court struck down a key method used by Facebook Inc. and other companies to transfer data across the Atlantic amid fears over potential U.S. surveillance. Thursday’s decision by the EU Court of Justice on the so-called Privacy Shield means thousands of businesses that ship commercial data to the U.S. risk turmoil in their day-to-day activities. While a separate contract-based system to transfer data was approved, the judges’ doubts about American data protection also plunge that alternative method into legal uncertainty.”

Tags: Data security

Companies Security

Paytm Video KYC: Paytm Introduces In-app Video KYC

The Times of India

“Paytm Payments Bank Ltd (PPBL) will allow account-holders to complete their KYC formalities over mobile video. This follows the Reserve Bank of India’s decision to allow video KYC for completing the process remotely using the bank’s mobile application.  Customers can connect using a vide call between 9 am and 8 pm without leaving their homes or having any bank representatives come over during the pandemic.”

Tags: KYC Paytm

Security

Google Chrome Is Working on Biometric Authentication for Payment Autofill

Android Police

“A few months ago, we spotted Chrome working on Windows Hello integration for payment autofill authentication, sparing you from digging out your physical card to enter your CVC over and over. We’ve now found out that Windows isn’t the only place where Google wants to make access to payment cards easier and more tightly integrated. The company is also working on system-wide authentication for Android (and possibly Chrome OS, Linux, and macOS). Sadly, the feature isn’t fully live on any iteration of Chrome for Android yet.”

Tags: Authentication Biometrics

Companies Security

Visa Token Service Issues Its 1 Billionth Token

“Visa Inc. today announced that the company has now issued more than 1 billion tokens worldwide through Visa Token Service (VTS), marking a major milestone in its proprietary offering to help accelerate eCommerce innovation and make payments more secure. Visa Token Service replaces a cardholder’s 16-digit Visa account number with a secure token that protects the underlying card number from fraudsters.”

Tags: Tokenization Visa

Deals Security

Payfone raises $100M for its mobile phone-based digital verification and ID platform

TechCrunch

“As an increasing number of daily and essential services move to digital platforms — a trend that’s had a massive fillip in the last few months — having efficient but effective ways to verify that people are who they say they are online is becoming ever more important. Now, a startup called Payfone, which has built a B2B2C platform to identify and verify people using data (but no personal data) gleaned from your mobile phone, has raised $100 million to expand its business.”

Tags: Verification

Companies Security

Mastercard Powers Faster, Seamless Online Shopping Experiences for Amazon Customers

“Today, Mastercard announced that Amazon customers in 12 countries across North America, Latin America, Middle East and Europe will have their stored card credentials tokenized. By replacing a consumer’s physical card number with a token, payment information is unique to each individual transaction and can be used only by the merchant that requested it. Amazon will begin using Mastercard tokens for transactions through 2020.”

Tags: Amazon Mastercard Tokenization

Security

Increased Use of Mobile Banking Apps Could Lead to Exploitation

“The FBI advises the public to be cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent. Cyber actors target banking information using banking trojans, which are malicious programs that disguise themselves as other apps, such as games or tools. When the user launches a legitimate banking app, it triggers the previously downloaded trojan that has been lying dormant on their device. The trojan creates a false version of the bank’s login page and overlays it on top of the legitimate app. Once the user enters their credentials into the false login page, the trojan passes the user to the real banking app login page so they do not realize they have been compromised.”

Tags: Cybersecurity

Global Security Tech

CaixaBank Rolls Out Facial Recognition ATMs Across Spain

NFC World

“Spain’s CaixaBank is to deploy ATMs equipped with facial recognition technology nationwide “with the goal of offering a better user experience and greater security in transactions, particularly in the context of Covid-19”. “The system is the first launched by a financial institution on a global level that allows users to withdraw money by simply recognising them from the image captured by the terminal’s camera, meaning they do not have to manually enter their PIN,” the bank says.”

Tags: ATM Facial recognition Spain

Security Systems

Ondot To Provide Visa With Tokenization Services Through Its Card App To Support Digital Wallets And eCommerce

“Ondot Systems, the digital card services platform for credit and debit issuers, today announced its collaboration with Visa Token Service, enabling the company to begin tokenizing credential-on-file digital payments on behalf of their clients for an additional level of security. By teaming up with Visa, Ondot is able to provide tokenization services through the company’s Card App interface in order to support the use of Visa cards through digital wallets.”

Tags: Cards Tokenization

Security

Payment App Data Breach Exposes Millions of Indians’ Data

Infosecurity Magazine

“A major data breach at mobile payment app Bharat Interface for Money ( BHIM ) has exposed the personal and financial data of millions of Indians. The breach occurred after BHIM failed to securely store vast swathes of data collected from users and businesses during a sign-up campaign. On April 23, researchers at vpnMentor made the alarming discovery that all the data related to the campaign was publicly accessible after being stored in a misconfigured Amazon Web Services S3 bucket.”

Tags: Data security

Domains Security

FBI warns about attacks on Magento online stores via old plugin vulnerability

ZDNet

“The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers’ payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October, last year .”

Tags: Data security Remote Commerce

Domains Security

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

“A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.”

Tags: Government Payments

Companies Security

Mastercard and Enel X to Establish Fintech-Cyber Innovation Lab in Israel

“Mastercard and Enel X are launching a new lab in Israel to advance innovations in financial technology and cybersecurity for the payments and energy ecosystem globally. The lab will partner with start-up companies to test and develop products and solutions, with a particular focus on digital security, fintech platforms, digital authentication and financial inclusion. The lab is being established in partnership with the Government of Israel, following a competitive tender launched by the Israel Innovation Authority (IIA), which aims to advance innovations within the fintech and cyber sectors by accelerating growth of the country’s start-up ecosystem.”

Tags: Cybersecurity Mastercard

Companies Security

Visa Token Service to Add 28 New Partners to Strengthen Digital Payment Security Globally

“Visa Inc. (NYSE:V) today announced that 28 new partners will be joining Visa Token Service as credential-on-file (COF) token requestors. These new partners will help make digital transactions more secure by tokenizing both one-time and recurring payments made with Visa credentials. Tokenization replaces a cardholder’s 16-digit Visa account number with a token that only Visa can unlock, protecting the underlying card number from fraudsters.”

Tags: Tokenization Visa

Security

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

“Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.”

Tags: Cybersecurity

Companies Security

Mastercard Provides Free Cybersecurity Tools for Small Businesses in Canada

“As small businesses across Canada cope with ongoing social distancing requirements, many are quickly moving their activities online and facing greater exposure to cyber threats. To help small businesses protect their operations, Mastercard today announced that RiskRecon, a Mastercard company, is providing Canadian small businesses free cybersecurity assessments through December 31, 2020.”

Tags: Cybersecurity Mastercard

Security Standards

Cross-Industry Coalition Advances Digital Trust Standards

“The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it will host the Trust over IP (ToIP) Foundation, an independent project to enable trustworthy exchange and verification of data between any two parties on the Internet. The ToIP Foundation will provide a robust, common standard that gives people and businesses the confidence that data is coming from a trusted source, allowing them to connect, interact and innovate at a speed and scale not possible today. The ToIP Foundation will use digital identity models that leverage interoperable digital wallets and credentials and the new W3C Verifiable Credentials standard to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.”

Tags: Data security W3C

Security

New York payments startup exposed millions of credit card numbers

TechCrunch

“A massive database storing millions of credit card transactions has been secured after spending close to three weeks exposed publicly to the internet. The database belongs to Paay, a card payments processor based in New York. Like other payment processors, the company verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions. But because there was no password on the server, anyone could access the data inside.”

Tags: Data security

Security

Fintech Company Survived Ransomware Attack Without Paying Ransom

bloomberg

“As the malware quickly spread, locking up server after server, Finastra’s information security team evaluated its dwindling options before settling on the nuclear one: The company pulled all potentially infected servers offline. First, hundreds, then thousands, came down. The attack ground to a halt—as did critical parts of Finastra’s business. In an instant, services for many of Finastra’s customers went dark.”

Tags: Cybersecurity

Security

Travelex Paid Hackers Multimillion-Dollar Ransom Before Hitting New Obstacles

Wall Street Journal (pay wall)

“Travelex, known for its ubiquitous foreign-exchange kiosks in airports and tourist sites around the world, was shut down by a computer virus that infiltrated its networks early this year. It responded by paying the hackers the equivalent of $2.3 million, according to a person familiar with the transaction. Travelex’s payment of the ransom, and the amount, hasn’t previously been reported, though the company confirmed the ransomware attack shortly after it occurred.”

Tags: Cybersecurity

Security

This Startup Is Helping Local Stores ID Customers During COVID-19

Street Fight

“Pure play ecommerce outlets have spent years developing systems to manage transactions and verify customer identities, but most retailers on Main Street are accustomed to seeing shoppers in person and visually checking IDs. A San Francisco-based startup called Persona is offering to help those local businesses adapt by giving away its online ID verification service for free during the COVID-19 crisis.”

Tags: Identity