March 30, 2015

Retailer “To Do” List

New Survey of Retailers Has Security and Upgrading Point-of-Sale Payment Systems as Top Priorities Boston Retail Partners, an independent consulting firm, recently surveyed more than 500 retailers. Even a quick glance at the survey’s results suggests that top-of-mind subjects for retailers are protecting customer data from breaches, the shift in liability for those breaches from banks and credit card companies to retailers and upgrading point-of-sale systems to take advantage of EMV and NFC technologies. In his story on digitaltransactions.net, Kevin Woodward details results of the…

March 27, 2015

The Anthem Tipping Point

The Anthem security breach is a tipping point for all businesses and individuals that use the Internet to conduct their day-to-day business. The ramifications of more than 80 million personal identities in the hands of cybercriminals will result in the loss of untold millions of dollars to anyone and everyone that becomes a victim of this crime for many years to come. Rather than dwell on the negatives of this event, let’s turn our attention to what good may come out of it. Anthem’s misfortunes…

Time Will Tell Whether Apple Watch Increases Fraud by Making It Easier and Cheaper to Use Stolen Data for In-Store Purchases Using Apple Pay on iPhone 6 and stolen credit card numbers, cybercriminals have been buying high-end goods at brick-and-mortar stores, especially Apple stores. Experts have a one word description for this fraud — “rampant.” If things look bad now, Al Sacco in his piece on cio.com says just wait until Apple Watch is released in April. The following has been excerpted from Sacco article…

Senator Proposes New Rules of the Road for Connected Cars That Leave Drivers Open to Invasions of Privacy and Cyberattack When Ralph Nader’s Unsafe at Any Speed was published half a century ago accusing car manufacturers of resistance to spending money on safety, it caused a sea change in the auto industry. No. Not amphibious cars. But, it did lead to mandatory seat belt laws and the introduction of a host of other safety features. Recently Sen. Ed Markey of Massachusetts released a report on…

Latest Study by French Telecom Equipment Company Alcatel-Lucent Shows 2014 Was a Banner Year for Bad Guys. The Motive Security Labs division of Alcatel-Lucent recently published a report that found mobile device malware infections increased 25 percent compared with a 20 percent increase in 2013. Extrapolated out that comes to 16 million infected devices. In his piece on zdnet.com, Leon Spencer highlights major findings from the report, officially titled, Motive Security Labs malware report – H2 2014. The following has been excerpted from Spencer’s zdnet.com…

March 23, 2015

Browser Beware

Ponemon Survey of 645 Information Tech Companies Says Half of All Malware Was the Result of Web Browsers That Weren’t Secure Less than a third of respondents thought major browsers had “effective security tools for blocking web-borne malware.” And, close to 70 percent of IT professionals thought browser-borne malware was getting worse and was “a more significant threat today than [just] 12 months ago.” These were among the observations brought to light in the Ponemon study as reported by Cory Bennett on thehill.com. The following…

March 19, 2015

Yah Who?

Yahoo Offers Optional On-Demand Password-Free Email Login. Now Unnecessary for Users to Remember Passwords to Login. Last year, Yahoo suffered a massive hack that compromised Yahoo Mail usernames and passwords. In response to that attack, writes Samantha Murphy Kelly on mashable.com (link to article), “[Yahoo wanted] to provide a safe, encrypted way to keep accounts secure.” How Yahoo’s password-free login works Murphy writes that the “new on-demand login feature…sends…a specialized code to [users’] mobile devices to gain access. The code is generated only for that…

Picture this: you head to your favourite restaurant for dinner – a place you visit often and are well known. After a delicious meal you try to pay the bill, only to be marched out to the cashpoint in the rain, as your credit cards have been rejected. Sound humiliating? Loyal online shoppers are currently being subjected to this exact type of treatment. Every day, retailers turn away valuable business because their web fraud systems lack the intelligence to identify that they are genuine customers.…

Extended Mobile App Reputation and Device Analysis Enables Businesses to Meet Latest Payment Card Industry Data Security Standards ThreatMetrix’s latest TrustDefender Mobile release, the mobile software development kit (SDK), helps ThreatMetrix customers identify fraudulent behavior and reduce friction for transactions originating from mobile apps. Android and iOS devices In addition to Android, the release extends ThreatMetrix’s industry-leading Mobile App Reputation and Integrity capability to iOS devices. Dean Weinert, ThreatMetrix director of mobile products, on stopping malware apps from different vendors “One of the challenges our…

Tour Explains How EMV Technology’s Benefits Outweigh Costs of Implementation Following on the heels of American Express’s “Small Merchant EMV Assistance Program,” a $10 million campaign to speed up adoption of EMV payment terminals, Visa is launching its own “Small Business Chip Education Tour.” The idea behind both tours is to get small merchants on-board with EMV, which has faced resistance from some merchants because they can’t see the cost versus benefits of adopting the new technology. One huge cost could be in NOT implementing…

Alex Yucel, Man Behind Software Used to Steal Payment Card Data and Passwords from Thousands Pleads Guilty. Faces up to 10 Years. The 24-year-old Yucel, who co-created and sold Blackshades, pleaded guilty to one count of hacking as part of a plea agreement telling the court he “aided and abetted others by knowingly transmitting a program…which caused damage to a computer over the Internet without authorization.” According to a pymnts.com article, Yucel actually caused quite a bit of damage. The following has been excerpted from…

At ThreatMetrix® we’ve been banging on about the importance of context-based, friction-free fraud prevention for years. We also predicted some months ago that mobile fraud would reach around half of all recorded cases by the end of the year, and have been alerting organizations to the fact that account creation fraud is becoming increasingly popular amongst the criminal fraternity. It’s fascinating, therefore, to see all of these trends intersecting with the recent problems the Apple Pay ecosystem seems to be having with scammers in the…

March 13, 2015

Faster is Safer

Fast Same Day Payments Key ACH Security Issue for NACHA, the Electronics Payments Association Not all that familiar with NACHA? Okay, it used to be called the National Automated Clearing House Association. But, there’s no point in trying to remember what the acronym stands for since these days the organization only goes by NACHA. We don’t know why, but since it’s one less acronym to have to remember we’re not going to complain about it. Anyway, NACHA manages the development, administration and governance of the ACH (Automated…

ThreatMetrix’s Director of Product Marketing, Ken Jochims Interview on Pymnts.com on “10 Ways to Leave Cybercriminals in the Dust” In advance of the Merchant Risk Council, March 23-26, in Las Vegas, where you’ll find ThreatMetrix at Booth 119, Ken Jochims did a far-ranging interview with pymnts.com on preventing the “new era” of cybercrime, where hackers go straight to the banks instead of the banks’ customers. He discussed ThreatMetrix’s multilayered (yet frictionless) approach to defense, which is detailed in a new ThreatMetrix whitepaper. The following has…

Payment Card Network’s “Visa Checkout” Online Payment Service to Deploy Token Technology Visa is enabling the use of tokens, which are mathematical codes that transform sensitive consumer information such as 16-digit credit card numbers into encrypted codes that are useless to criminals. More than 110 merchants around the world will be able to use Visa Checkout starting in April. Thad Rueter on internetretailer.com quotes Visa as saying that “In 2015… some of the largest e-commerce merchants [will] deploy Visa Token Service, using tokens to process…