E-commerce has skyrocketed in 2020, but so have transaction disputes. Ryan Battles of EY explains the cause, the impact, as well as how merchants can reduce incidents of this so-called "friendly" fraud.
A recently uncovered point-of-sale malware called "ModPipe" is targeting Oracle software used by thousands of restaurants and other businesses in the hospitality industry, according to researchers at ESET. This backdoor can then steal sensitive data, such as cardholder names.
COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
The COVID-19 pandemic has shifted the dynamic of card fraud in favor of the fraudsters due to the massive increase of online transactions, says Andrei Barysevich of the fraud intelligence company Gemini Advisory. And many fraudsters are using more sophisticated tools, including anti-fingerprinting technology.
A flaw in how contactless cards from Visa - and potentially other issuers - have implemented the EMV protocol can be abused to bypass PIN verification for high-value transactions, ETH Zurich researchers warn. But Visa says the exploits would be "impractical for fraudsters to employ" in real-world attacks.
Some payment card fraud detection systems that rely on artificial intelligence are now less effective because of changes in consumers' habits during the COVID-19 pandemic, says Rene Perez of Jack Henry & Associates, who offers insights on needed adjustments.
Implementing an adaptive, risk-based authentication process for remote system access is proving effective as more staff members work from home during the COVID-19 pandemic, says Ant Allan, a vice president and analyst at Gartner.
The IcedID banking Trojan has been updated with additional evasion techniques, including a password-protected attachment, keyword obfuscation and a DLL file that acts as a second-stage downloader, according to Juniper Threat Labs.