Societe Generale is to offer customers the opportunity to replace their current Visa cards with a Motion Code card from Oberthur that replaces the three-figure CVV code on the rear of a card with a small screen display that automatically changes periodically.(more…)
The rapid digitization of consumers and enterprises will increase the cost of data breaches to USD 2.1 trillion globally by 2019 from USD 500 billion in 2015 – affecting mainly large banks, retailers and federal agencies as per Forbes Inc. One of the recent cyberattacks that happened at one of Australia’s largest banks in 2016 was done by a malware attack using an Android mobile application. The virus presented a fake version of the login screen and intercepted the username or account number and password. The sophistication of this malware enabled it to intercept the two-factor authentication (learn more here) code sent by banks. (more…)
We knew this was coming when the Federal Reserve issued guidance applying the Customer Identification Program (CIP) to prepaid cards in March of this year. Customers are able to reload prepaid cards, use direct deposit and in some cases, receive overdraft protection, which the federal agency determined enough for it to be considered an account relationship. And now that reloadable prepaid cards are considered an account relationship, it’s not surprising that the Consumer Financial Protection Bureau recently issued new rules requiring fraud protection support for those using them. (more…)
Citibank announces the launch of Touch ID Sensor authentication service in Hong Kong, allowing for a full suite of mobile banking services, including transaction, investment and enquiry, to be performed via its Citi Mobile® App on the iOS platform with iPhone 5s or later models1.(more…)
Since the borders of AI application across industries have not been discovered yet, let’s look at a matter of fighting sophisticated crime schemes, in particular, money laundering. The economic effects of money laundering are vast and highly destructive since money laundering is a problem not only in the world’s major financial markets and offshore centers, but also for emerging markets – any country integrated into the international financial system is at risk. (more…)
In the light of a recent heist of the Bangladesh Bank account from the New York Federal Reserve that resulted in cybercriminals making off with $81 million, many in investment banking are questioning whether there is a need to review financial software to improve cybersecurity measures within their institutions. (more…)
Money has been the most instrumental tool invented by humans till date and it has seen big developments in the last couple of years through technological advancement with respect to money transfers. While globalization and innovation in technology have helped in facilitating large sums of money quickly, it has also helped in rapid money laundering which amounts to between 2–5% of global gross domestic product (GDP) which is equivalent to the fifth largest economy in the world according to the United Nations. (more…)
The EU (European Union) PSD2 (Payment Services Directive 2), which will apply from January 2018, aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.(more…)
Courtesy of its billion-dollar acquisition of security innovator Trusteer in 2013, IBM willadd behavioral biometric analysis to its digital banking fraud prevention solution, IBM Security Trusteer Pinpoint Detect, the company announced on Thursday. “Given enough time and resources, cyber criminals can defeat passwords and security questions,” VP of Strategy for IBM Security, Ravi Srinivasan said. With the addition of behavioral biometric technology, IBM’s security solution will be that much more effective against fraudsters using stolen credentials to get unauthorized access to bank accounts. (more…)
In the parallel universe of Ethereum Classic, the DAO saga continues with the DAO hacker, whose IP may have recently been identified, converting almost 100,000 ETC into 144.92992187 bitcoin, worth almost $100,000. (more…)
cronis, a technology firm synonymous with backup and recovery software has announced a new storage solution called Acronis Storage, wherein data will be secured and authenticated with Ethereum’s public blockchain. (more…)
VocaLink, the global payment partner to banks, corporates and governments, today launched “The Millennial Influence”, a report examining the payments behavior of millennials (i.e. those aged between 18-35) in the United States.(more…)
Banking customers can now securely access their financial information in real-time and safely conduct almost any financial transaction with popular Virtual Personal Assistants (VPAs), using only the sound of their voice.(more…)
Yesterday’s attack on the internet domain directory Dyn, which took major sites like Twitter and Paypal offline, was historic in scale. But the motivation for the attack may seem opaque, since no valuable information seems to have been stolen. A group called New World Hackers is claiming credit, but giving conflicting accounts of their motives—and security experts have called them “impostors.”
So why else might someone have done it? This class of hack, known as a distributed denial of service (DDoS) attack, has been around for a while. And while many DDoS attacks are indeed motivated by politics, revenge, or pettytrolling, there’s frequently money involved.
For instance, DDoS attacks are often used as leverage for blackmail. Once a hacking group has a reputation for being able to field a large and dangerous botnet to knock servers offline, they can demand huge ‘protection’ payments from businesses afraid of facing their wrath. In fact, they don’t even have to do the hacking in the first place—in one recent case, someone posing as a notorious cabal merely emailedblackmail messages and managed to pocket tens of thousands of dollars before they were exposed.
In the current case, there are rumors that Dyn was a target of extortion attempts before the attack. And the hackers behind what may be the biggest DDoS attack in history could demand a pretty penny to leave other companies alone. A wave of impostors will likely give it a shot, too.
There’s another, even darker money-driven application of DDoS attacks—industrial sabotage. Companies seeking to undermine their competition can hire hackers to take the other guys offline. DDoS services are often contracted through so-called “booter” portals where anyone can hire a hacker’s botnet in increments as small as 15 minutes. Researchers found last year that three of the most prominent booter services at the time had over 6,000 subscribers in total, and had launched over 600,000 attacks. (And despite the criminal reputation of Bitcoin, by far the largest method used to pay for DDoS-for-hire was Paypal.)
But it’s unlikely that this was some sort of hit called in by a competitor of Dyn—that tactic seems to primarily appeal to already-shady dealers, including online gambling operations.
For more on security, watch our video.
Finally, DDoS attacks can serve as a kind of smokescreen for more directly lucrative crimes. While a security team is struggling to deal with an army of zombie DVRspummeling their system, attackers can grab passwords, credit card numbers, or identity information.
In weighing possible explanations for Friday’s attack, it’s important to note the massive scale of the thing. Even if their claims of responsibility aren’t credible, New World Hackers’ description of about 1.2 terabits of data per secondthrown at Dyn’s servers is both vaguely plausible and utterly mind-boggling. That’s around twice as powerful as the huge 620 gigabit per second attack that knocked out a single website, Krebs on Security, last month. Dyn has also described the attack as sophisticated, arriving in three separate waves that targeted different parts of their systems.
That kind of operation could have been pulled off by a gang of kids doing it for kicks—and maybe that’s the scarier scenario. But such a massive undertaking suggests bigger, and possibly more lucrative, motivations.
As the second day of FinDEVr 2016 comes to an end and attendants brush through business cards collected from interesting encounters, there are quite a few things one will certainly take out from the event. (more…)
DocuSign built a $3 billion valuation by providing a simple way to execute an electronic signature. That has worked well as far as it goes, but in order to separate from the growing pack of competitor companies, it announced today that it’s allowing users to add a payment to be collected digitally at signing. (more…)
On the surface, starting an ecommerce business seems pretty straightforward. However, merchants face a litany of issues to deal with, including fraud. For small businesses, fraud protection can be an expensive service that gives little information to make corrective actions. Stripe has spent years developing and fine-tuning its in-house fraud detection service, and today, it’s making that available to its customers. (more…)
Today LexisNexis Risk Solutions releases its comprehensive Millennial Study: Privacy vs. Customer Experience report, which charts the digital consumer preferences and behaviors of Millennials in seven global markets—the U.S., U.K., Germany, Hong Kong, Malaysia, Mexico and Brazil. (more…)