April 27, 2015
Seems like there’s no end to payments fraud and payment card data breaches that are affecting an array of merchants from time to time. Fighting cyber-criminals is not an easy task, and staying ahead of them is becoming increasingly more difficult. Using traditional methodologies is no longer the ideal strategy. Cyber-criminals are devising new methods to keep track of digital trails, making it difficult for even updated security tools to detect their activities. Here are some recent cases of payments fraud that have come to light:
The point-of-sale systems provider recently detected a malware-related breach that has affected some of the merchants that the company serves. The malware was spread across certain point-of-sale systems and avoided detection by security software running on those POS systems. Harbortouch has not revealed any details of the payment card information that might have been affected by the malware attack. However, the company has claimed that the malware itself has not affected its own networks, and there is no vulnerability in the POS hardware either.
White Lodging, a hotel management company, reported a number of Marriott hotels being affected by a credit card data breach. Customers who used their credit cards at these select hotel locations between July 3, 2014 and Feb 6, 2015 may have been affected by the breach. However, the point-of-sale systems have not been affected as per reports. To mitigate the issue, White Lodging is providing a year of complimentary fraud resolution and identity protection services to affected customers.
Kaspersky reported $300 million bank heist
Earlier this year, Kaspersky Labs reported a malware hack that affected banks in the US, Japan, Russia, and Europe, leading to theft of millions of dollars since 2013. As per Karpersky’s reports, more than 100 banks across 30 nations have been affected by the breach with $300 million already stolen. The cybercriminals seemingly attacked bank computers and remotely installed surveillance software to track payment behaviors. Millions of dollars had been siphoned into dummy accounts set up in advance by the criminals.
But there are companies which are fighting hard and devising new techniques to counter fraudulent tools that are creating nightmares in the merchant space.
Here are some organizations devising new techniques and taking new initiatives to curb fraud:
Verifone & Thales
Thales is a leading player in critical information systems and cybersecurity. Verifone is now using Thales’ nShield hardware security modules (HSMs) for its end-to-end payment encryption solution – VeriShield Total Protect – to provide robust, high speed, scalable crypto to protect card holder data, whether transmitted from a card or mobile device, right from the moment of capture. Thales HSMs provide a highly secure, high speed, and scalable solution in Verifone’s end-to-end encryption architecture, which reduces the risk of payment card data compromise within a merchant’s retail environment. The protection of payment card data by encrypting it from Verifone’s secure payment terminals all the way to the Thales HSMs also dramatically reduces the number of applicable Payment Card Industry (PCI) controls, simplifying the deployment environment for the merchant.
Early Warning & BioCatch
Early Warning, a leading fraud prevention and risk management company, has collaborated with BioCatch which deals with behavioral biometrics, authentication, and malware detection. Through this collaboration, and Early Warning’s consortium model, financial services organizations (FSOs) can now gain and share behavioral intelligence to improve visibility of digital threats to reduce new account fraud and account takeover while simultaneously improving their users’ experience. Early Warning’s new offering transparently maps criminal behavior in the digital ecosystem, distinguishing the human from the non-human. It is used for new account enrollment as well as existing account logins and sessions.
See BioCatch in action below -
NICE is a leading provider of financial crime, risk, and compliance solutions for the financial services industry. NICE Actimize's Card Fraud solutions provide an enhanced layer of protection for mobile wallets, pre-paid cards, and a full view of monetary and non-monetary transactions. NICE Actimize's suite of fraud management solutions takes a holistic approach to fraud prevention, evaluating the full context of customer transactions, including both monetary and non-monetary events (such as card provisioning, service transactions, and enrolments), and provides risk assessments at the customer level. The Actimize Integrated Fraud Management (IFM) suite enables financial institutions to protect themselves and their customers from fraud across multiple payment channels including; debit and pre-paid card, mobile and online banking, electronic payments such as wires and ACH, check fraud, and contact center fraud.