Accourt Payments Specialists » Fraud Data Sharing https://www.accourt.com payments specialists Thu, 18 Apr 2024 20:09:55 +0000 en-GB hourly 1 http://wordpress.org/?v=4.2.1 Top 8 future cyber security threats to the financial services sector https://www.accourt.com/top-8-future-cyber-security-threats-to-the-financial-services-sector/ https://www.accourt.com/top-8-future-cyber-security-threats-to-the-financial-services-sector/#comments Thu, 18 Jun 2015 10:00:16 +0000 http://www.accourt.com/?p=2994 Financial services providers must better prepare for the threat that new technologies pose to their cyber security strategies or risk damaging customer and investor confidence. Cyber-crime within the financial services industry has reached unprecedented *levels and currently costs the global economy £266 billion each year. As companies increasingly adapt to emerging technologies, such as digital […]

The post Top 8 future cyber security threats to the financial services sector appeared first on Accourt Payments Specialists.

]]>
Financial services providers must better prepare for the threat that new technologies pose to their cyber security strategies or risk damaging customer and investor confidence.

Cyber-crime within the financial services industry has reached unprecedented *levels and

A handgrenade made out of keyboard keys

Top 8 future cyber security threats to the financial services sector

currently costs the global economy £266 billion each year. As companies increasingly adapt to emerging technologies, such as digital wallet service Apple Pay and Near Field Communication (NFC), the likelihood of hacks and data security breaches is rising.

Neil Cross, Managing Director of Advanced 365, explains, “The financial services industry must find a balance between embracing innovation to establish a competitive advantage whilst meeting needs for greater compliance and cyber security in order to survive. At present, too many firms are preparing for yesterday’s threat instead of updating their strategies to defend against tomorrow’s.”

Cross outlines below the top eight technology threats that financial services firms will face in the future.

  1. Botnet attacks – The Botnet (robots and networks) of Things is a group of computers or internet-connected devices that have been hacked to commit fraud or attack servers. Industry experts estimate that botnet attacks have contributed to the loss of millions of pounds from financial institutions. Mass adoption of the Internet of Things will only exacerbate security challenges as it introduces billions of potential new bots.
  2. Self-mutating computer virus – ‘Pandoras’ are regarded as the next generation of self-mutating computer virus attacks. They are designed to destabilise, confuse and destroy critical electronic infrastructures essential to the financial services industry. From a strategic perspective, they can be used as both offensive and defensive security mechanism.
  3. Near Field Communication (NFC) – NFC allows two devices within a short distance of each other to exchange data. It is increasingly being adopted by banks to introduce new products and facilitate mobile payments. Customers are susceptible to aggressive avatar-based attacks which rely on advanced digital creation assembled from stolen aspects of an individual’s identity.
  4. Payments technology – Mass market adoption of new mobile payments technologies, such as Apple Pay and Google Wallet, is expected to occur by the end of 2016. Hackers are intensifying their efforts as companies and consumers increasingly adopt these new systems and related fraud cases in the United States are already totalling millions of dollars.
  5. Biohacking – Biohacking applies to advanced techniques that use science and technology to affect human performance and could be a target for radical security breaches. Smart implants will be used for identification and authentication of individuals which include the ability to access buildings and activate mobile phones, in addition to making bank transactions to replace smartphone PIN codes.
  6. Big data and the cloud – In ten years’ time, most of the world’s data will move through or be stored in the cloud at some stage. This is expected to result in more sophisticated data security attacks targeting cloud infrastructures, shifting from device-based to cloud-based botnets, hijacking distributed processing power.
  7. Mobile – 80% of internet connections could originate from a mobile platform by 2025. Industry experts predict that mobile devices will no longer be used to crack a phone code or steal data from a device itself. Instead they will be targeted by cyber criminals as a catalyst for obtaining additional data resources that can be accessed via the cloud.
  8. Bring Your Own Device (BYOD) – Heavily regulated industries are struggling with the risks introduced by allowing employees to bring their own devices. A 2014 survey of financial services respondents by PwC revealed that 44% said employees represented the highest and most likely source of security incidents. This figure is 9% higher compared with the all industries’ average.

Cross adds, “Financial services providers must adapt to the new world and the demands it places on their organisation. Businesses that fail to demonstrate a greater awareness of emerging technological challenges and transform their notion of security could fall prey to damaging breaches.”

The post Top 8 future cyber security threats to the financial services sector appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/top-8-future-cyber-security-threats-to-the-financial-services-sector/feed/ 0
One in four UK consumers would share their DNA with their bank to secure financial information https://www.accourt.com/one-in-four-uk-consumers-would-share-their-dna-with-their-bank-to-secure-financial-information/ https://www.accourt.com/one-in-four-uk-consumers-would-share-their-dna-with-their-bank-to-secure-financial-information/#comments Wed, 17 Jun 2015 10:00:26 +0000 http://www.accourt.com/?p=2991 A new mobile identity whitepaper from Telstra reveals the majority of United Kingdom (UK) consumers using mobile banking applications want their mobile devices to instantly recognise them via biometrics, such as fingerprint and voiceprint, instead of having to prove who they are with passwords and usernames. According to Telstra’s “Mobile Identity – The Fusion of Financial Services, […]

The post One in four UK consumers would share their DNA with their bank to secure financial information appeared first on Accourt Payments Specialists.

]]>
A new mobile identity whitepaper from Telstra reveals the majority of United Kingdom (UK) consumers using mobile banking applications want their mobile devices to instantly recognise them via biometrics, such as fingerprint and voiceprint, instead of having to prove who they are with passwords and usernames.

According to Telstra’s “Mobile Identity – The Fusion of Financial Services, Mobile and Identity” report, with smartphones now the primary channel used by Gen X and Gen Y to access and manage their finances, expectations around how financial institutions manage mobile identity are being transformed.

Willingness to Share Personal Information with Financial Services Institution

Willingness to Share Personal Information with Financial Services Institution

“For the last six months, we’ve spoken to consumers and banks all over the world, in an effort to understand how our relationship with our smartphone is affecting our relationship with our financial institutions,” said Rocky Scopelliti, Global Industry Executive for Banking, Finance & Insurance, Telstra.

“What we uncovered is that when it comes to mobile banking applications, consumers no longer believe in just the safety of passwords and usernames.

“Instead, two-thirds of UK consumers think that using biometrics – such as voice, fingerprint, iris and facial recognition – would be more secure and help reduce the risks of fraud.

Willingness to Share Personal Information with Financial Services Institution (by Net Worth $ (Total Investments & Assets – Debt))

Willingness to Share Personal Information with Financial Services Institution (by Net Worth $ (Total Investments & Assets – Debt))

“In fact, one in four UK consumers would even consider sharing their DNA with their financial institution, if it meant it would make authentication easier and their financial and personal information more secure,” he said.

According to the research, while factors such as interest rates and ease of accessing funds used to be the most important considerations when selecting a financial institution, today, more than half of UK consumers cite the security of their finances and personal information their top priority, together with their institutions’ reputation for security.

Despite this, the report found that only a third of UK consumers were ‘very satisfied’ with their institutions’ authentication methods, with one third willing to pay an extra £11 GBP per annum for more sophisticated mobile security measures.

Identity Theft (Global)

Identity Theft (Global)

“Our research shows consumers are using their mobile banking applications in some really cutting edge ways, so they’re expecting much more than ever before from their financial services providers in terms of security, innovation and functionality.

“In fact, Gen X and Gen Y has become so dependent on their smartphones to access their financial services, that it’s led to a behavioral state we are calling ‘no-finapp-phobia’ – the fear of being without financial applications,” he said.

In the UK, Nationwide and NatWest customers are the most satisfied with the identity and authentication methods offered and are accordingly, the most likely to recommend them.

“With our consumption of financial services intrinsically linked with the mobile device, our mobile identity is the key to unlock trust with our service provider.

“For ‘no-finapp-phobic’ Gen X and Gen Y consumers it’s time to create mobile identity solutions that instantly recognise them for who they are,” Mr Scopelliti concluded.

For more information on Telstra’s Mobile Identity – The Fusion of Financial Services, Mobile and Identity whitepaper click here.

The post One in four UK consumers would share their DNA with their bank to secure financial information appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/one-in-four-uk-consumers-would-share-their-dna-with-their-bank-to-secure-financial-information/feed/ 0
Criminals receive 1,425% ROI from Cybercrime https://www.accourt.com/criminals-receive-1425-roi-from-cybercrime/ https://www.accourt.com/criminals-receive-1425-roi-from-cybercrime/#comments Tue, 16 Jun 2015 13:59:25 +0000 http://www.accourt.com/?p=2987 Trustwave has released the 2015 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2014. The report discloses how much criminals can profit from malware attacks, which data they target, how they get inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are […]

The post Criminals receive 1,425% ROI from Cybercrime appeared first on Accourt Payments Specialists.

]]>
Trustwave has released the 2015 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2014.

The report discloses how much criminals can profit from malware attacks, which data they target, how they get

Cybercrime compromises by Industry

Cybercrime compromises by Industry

inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are targeting and where the majority of victims are located. It also reveals the most commonly used exploits, most prevalent malware families and more.

Trustwave experts gathered the data from 574 breach investigations the company’s SpiderLabs team conducted in 2014 across 15 countries in addition to proprietary threat intelligence gleaned from the company’s five global Security Operations Centers, security scanning and penetration testing results, telemetry from security technologies distributed across the globe and industry-leading security research.

2015 Trustwave Global Security Report: Key Highlights

  • Return on investment: Attackers receive an estimated 1,425% return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment)
  •  Weak application security: 98% of applications tested by Trustwave in 2014 had at least one vulnerability. The maximum number of vulnerabilities Trustwave experts found in a single application was 747. The median number of vulnerabilities per application increased 43% in 2014 from the previous year.
  • The password problem: “Password1″ was still the most commonly used password. 39% of passwords were eight characters long. The estimated time it took Trustwave security testers to crack an eight-character password was one day. The estimated time it takes to crack a ten-character password is 591 days.
  • Where victims reside: Half of the compromises Trustwave investigated occurred in the United States (a nine percentage point decrease from 2013).
  • Who criminals target: Retail was the most compromised industry making up 43% of Trustwave’s investigations followed by food and beverage (13%) and hospitality (12%).
  • Top assets compromised:  42% of investigations were of e-commerce breaches. Forty were of point-of-sale (POS) breaches. POS compromises increased seven percentage points from 2013 to 2014, making up 33% of Trustwave’s investigations in 2013 and 40% in 2014. E-commerce compromises decreased 13 percentage points from 2013 to 2014.
  • Data most targeted: In 31% of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that’s needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45% in 2013) meaning attackers shifted their focus back to payment card data.
  • Lack of self-detection: The majority of victims, 81%, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.
  • How criminals break in: Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94% of POS breaches.
  • Spam on the decline: Spam volume continues to decrease making up 60% of total inbound mail (compared to 69% in 2013 and more than 90% at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.
Industry breakdown of IT environments compromised by Cybercrime

Industry breakdown of IT environments compromised by Cybercrime

“To defend against today’s sophisticated criminals, businesses must see attacks from their front windshield instead of their rear view mirror,” said Trustwave Chairman, Chief Executive Officer and President Robert J. McCullen. “By providing a wealth of current, actionable data breach trends and threat intelligence, our 2015 Trustwave Global Security Report helps businesses identify what’s coming so that they can engage the people, processes and technologies needed to thwart cybercrime attacks that can generate close to a 1,500 return on investment.”

Download a complimentary copy of the full 2015_TrustwaveGlobalSecurityReport

The post Criminals receive 1,425% ROI from Cybercrime appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/criminals-receive-1425-roi-from-cybercrime/feed/ 0
Online fraud – an unrelenting, unforgiving battleground… https://www.accourt.com/online-fraud-an-unrelenting-unforgiving-battleground/ https://www.accourt.com/online-fraud-an-unrelenting-unforgiving-battleground/#comments Wed, 01 Apr 2015 13:59:07 +0000 http://www.accourt.com/?p=2887 The recent release of the annual UK fraud figures describes an interesting picture of some successes and some areas for continued concern and renewed action. First, the headline successes. Fraud conducted in the face-to-face retail environment continues to show a healthy decline trend (down 14% on the previous year) with card ID theft (down 19%) […]

The post Online fraud – an unrelenting, unforgiving battleground… appeared first on Accourt Payments Specialists.

]]>
The recent release of the annual UK fraud figures describes an interesting picture of some successes and some areas for continued concern and renewed action.

First, the headline successes. Fraud conducted in the face-to-face retail environment continues to show a healthy decline trend (down 14% on the previous year) with card ID theft (down 19%) and cheques (down 35% off a rapidly decreasing base) also showing notable declines.  These figures show an industry that continues to tackle some of the key fraud issues head-on, however, there are still significant challenges that need to be addressed, writes Vaughan Collie, Partner, Accourt – Payments Specialists.

On the downside, e-commerce and online banking continue to be areas of material concern.

E-commerce fraud has increased by 14%, continuing its worrying upward trend. These figures show an above average fraud-to-sales ratio (i.e. a common industry indicator of how much fraud loss is experienced for every unit of sales) in an industry where online commerce continues to grow exponentially and, with the increasing popularity of commerce through mobile devices such as smartphones and tablets, this remains an area of significant concern.

Annual fraud losses on UK-issued cards 2008 to 2014

Annual fraud losses on UK-issued cards 2008 to 2014 (Source FFA UK)

Online banking fraud has also shown an eye-watering increase of 48%.  One of the key drivers of this is a criminal element adept at basic, low-tech social engineering, preying on unsuspecting, sometimes gullible and vulnerable consumers – making this type of fraud relatively difficult to defend against (especially with legacy fraud management products and techniques).  This is primarily due to the ability of the criminals to bypass the safeguards put in place by the banks and other financial institutions once they’ve stolen sensitive information and/or credentials from consumers via these social engineering techniques.

It is not difficult to see the common element between the highest impact fraud losses is the underlying online ecosystem.  This ecosystem remains popular with criminals due to its inherent detachment from face-to-face interactions (often perceived as more risky) and relatively easy attack scalability coupled with, perhaps most importantly, the relative ease of exploiting human fallibility, especially in technology-enabled channels.

Fortunately, there are a number of advanced tools and techniques that service providers in the online ecosystem can employ to detect, mitigate against and, ultimately, stop future attacks.  However, there are so many products and services available in the market place and this makes it extremely difficult to determine which products, services, tools and techniques are most appropriate and effective at addressing the prevailing threats.  Many of the products and services have been available for a long time and have failed to adapt to the rapidly changing landscape of threats.  Technology and products that used to be good not that long ago are now less effective.

Annual online, telephone banking and cheque losses 2008 to 2014

Annual online, telephone banking and cheque losses 2008 to 2014 (Source FFFA UK)

Furthermore, the P&L challenge to fraud managers is (rightly) changing dramatically.  Whereas fraud management was traditionally seen as a necessary cost of doing business, with very limited ability and budget to materially and positively impact an organisation’s fortunes, modern technologies and best practices enable dynamic fraud managers to positively contribute to the bottom line, but without adversely impacting the organisation’s fraud profile.  Done right, this means that an organisation is able to, for example, enable authorisation of more good sales volume and/or decrease the friction of consumer interactions – all without adversely impacting that organisation’s risk and fraud profile.

How can Accourt help?

  • As a vendor/product independent organisation, Accourt advises on and conducts many vendor and product evaluations, particularly in the payments fraud management ecosystem.
  • Accourt is at the forefront of the emerging and break-through fraud detection and management technologies across all geographies.  With a bedrock understanding of payments across the entire payments value chain, Accourt is consistently able to cut through to and isolate the core value and differentiators of market products, thereby objectively distilling market-leaders from the rest.
  • Accourt’s focus is always an integrated approach, most effectively combining the product and operational aspects of the undertaking to its clients’ benefit.
  • Recognising that many organisations cannot decommission existing products, Accourt has significant practical and pragmatic experience in how to engineer a complementary fit of newer products and technologies alongside the existing legacy.
  • The focus on omni-channel commerce and customer service has further challenged legacy products in the fraud management ecosystem.  Accourt is able to independently identify and advise on those products that have managed to overcome and address this challenge.
  • Coupled with industry-leading fraud management knowledge and experience, Accourt is steeped in deep operational knowledge and experience of chargeback optimisation and implementation.  An integrated approach to fraud and chargeback management generally returns greater operational and financial benefit than a ‘silo’ approach.

The post Online fraud – an unrelenting, unforgiving battleground… appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/online-fraud-an-unrelenting-unforgiving-battleground/feed/ 0
25% of phishing attacks in 2014 targeted financial data https://www.accourt.com/25-phishing-attacks-2014-targeted-financial-data/ https://www.accourt.com/25-phishing-attacks-2014-targeted-financial-data/#comments Fri, 13 Feb 2015 12:40:47 +0000 http://www.accourt.com/?p=2711 The Kaspersky Lab study ‘Financial Cyber Threats in 2014’ reports that 28.8% of phishing attacks in 2014 were intended to steal financial data from users. While carrying out their scams, cyber criminals have shifted their focus from bank brands to payment systems and online shopping sites. Cybercriminals used the names of well-known banks in 16.3% […]

The post 25% of phishing attacks in 2014 targeted financial data appeared first on Accourt Payments Specialists.

]]>
The Kaspersky Lab study ‘Financial Cyber Threats in 2014’ reports that 28.8% of phishing attacks in 2014 were intended to steal financial data from users. While carrying out their scams, cyber criminals have shifted their focus from bank brands to payment systems and online shopping sites.

  • Cybercriminals used the names of well-known banks in 16.3% of attacks; in 2013, the level of bank phishing was 22.2%
  • In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02% of detections in the Payment Systems category), PayPal (30.03% of detections) and American Express (24.6%)
  • The names of well-known online shopping sites were used in 7.3% of attacks (6.5% in 2013)
  • In 5.1% of cases, Kaspersky Lab’s protection technologies were triggered by phishing pages mentioning payment systems, which is 2.4 percentage points more than in 2013
  • The proportion of financial phishing detected on Mac systems increased by 9.6 percentage points compared to the previous year, representing 48.5% of all instances in which the anti-phishing component of Kaspersky Lab security products for Mac OS X was triggered
Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014

Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014

Phishing is a type of Internet fraud that is used by cybercriminals to lure users into providing their data (account logins and passwords and other personal information) by creating fake web pages to imitate popular online resources.

Last year, the proportion of financial phishing to all phishing attacks fell by 2.7 percentage points compared to 2013, primarily due to a decrease in the level of banking phishing. At the same time, there was proportionally more phishing targeting other financial categories.

In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02% of detections in the Payment Systems category), PayPal (30.03% of detections) and American Express (24.6%). A the same time, in 2014 detections for phishing pages mentioning PayPal saw their share fall by 14.09 percentage points compared to 2013.

Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014 - Payment Systems

Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014 – Payment Systems

Amazon remains the most commonly-attacked brand in the Online Shopping category – 31.7% of attacks in this category used phishing pages mentioning Amazon. However, this is 29.41 percentage points less than in the previous year.

“The rise in financial phishing that we saw in the past has naturally drawn a response from the brands most frequently abused in phishing scams – they are beginning to tackle phishing distribution channels, especially email spam, more actively,” says Nadezhda Demidova, web content analyst at Kaspersky Lab.

“That leads to a reduction in the levels of phishing that targets some of the larger brands. However, cybercriminals immediately responded by targeting new ‘markets’. For example, in 2014 we saw a large number of phishing scams based on websites that sell plane tickets. These are targets that used to be seen fairly infrequently in phishing scams.”

Kaspersky Lab experts have also recorded an increase in the proportion of financial phishing attacks against Mac OS X users. Overall, about 48.5% of all phishing attacks detected on computers with Kaspersky Lab security products for Mac installed on them were designed to steal financial data. In particular banks were mentioned in 29% of attacks, payment systems in 11.21% and online shopping sites in 8.32% of attacks.

You can find information on other changes in the 2014 financial cyberthreats landscape in the full text of the report on Securelist.com

Modern phishing websites are getting more and more sophisticated, making them very hard for users to recognise. That is why we recommend using an Internet security solution with an advanced anti-phishing technology in place.

The anti-phishing module is included in key Kaspersky Lab products for home and corporate users, as well as Kaspersky Fraud Prevention – a platform created specifically to protect banks from online financial fraud. Its three components – anti-phishing databases, Kaspersky Security Network and heuristic analyser – provide robust protection against phishing. The module’s effectiveness has been confirmed by independent test labs.

The post 25% of phishing attacks in 2014 targeted financial data appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/25-phishing-attacks-2014-targeted-financial-data/feed/ 0