Accourt Payments Specialists » Fraud Management https://www.accourt.com payments specialists Thu, 18 Apr 2024 20:09:55 +0000 en-GB hourly 1 http://wordpress.org/?v=4.2.1 Top 8 future cyber security threats to the financial services sector https://www.accourt.com/top-8-future-cyber-security-threats-to-the-financial-services-sector/ https://www.accourt.com/top-8-future-cyber-security-threats-to-the-financial-services-sector/#comments Thu, 18 Jun 2015 10:00:16 +0000 http://www.accourt.com/?p=2994 Financial services providers must better prepare for the threat that new technologies pose to their cyber security strategies or risk damaging customer and investor confidence. Cyber-crime within the financial services industry has reached unprecedented *levels and currently costs the global economy £266 billion each year. As companies increasingly adapt to emerging technologies, such as digital […]

The post Top 8 future cyber security threats to the financial services sector appeared first on Accourt Payments Specialists.

]]>
Financial services providers must better prepare for the threat that new technologies pose to their cyber security strategies or risk damaging customer and investor confidence.

Cyber-crime within the financial services industry has reached unprecedented *levels and

A handgrenade made out of keyboard keys

Top 8 future cyber security threats to the financial services sector

currently costs the global economy £266 billion each year. As companies increasingly adapt to emerging technologies, such as digital wallet service Apple Pay and Near Field Communication (NFC), the likelihood of hacks and data security breaches is rising.

Neil Cross, Managing Director of Advanced 365, explains, “The financial services industry must find a balance between embracing innovation to establish a competitive advantage whilst meeting needs for greater compliance and cyber security in order to survive. At present, too many firms are preparing for yesterday’s threat instead of updating their strategies to defend against tomorrow’s.”

Cross outlines below the top eight technology threats that financial services firms will face in the future.

  1. Botnet attacks – The Botnet (robots and networks) of Things is a group of computers or internet-connected devices that have been hacked to commit fraud or attack servers. Industry experts estimate that botnet attacks have contributed to the loss of millions of pounds from financial institutions. Mass adoption of the Internet of Things will only exacerbate security challenges as it introduces billions of potential new bots.
  2. Self-mutating computer virus – ‘Pandoras’ are regarded as the next generation of self-mutating computer virus attacks. They are designed to destabilise, confuse and destroy critical electronic infrastructures essential to the financial services industry. From a strategic perspective, they can be used as both offensive and defensive security mechanism.
  3. Near Field Communication (NFC) – NFC allows two devices within a short distance of each other to exchange data. It is increasingly being adopted by banks to introduce new products and facilitate mobile payments. Customers are susceptible to aggressive avatar-based attacks which rely on advanced digital creation assembled from stolen aspects of an individual’s identity.
  4. Payments technology – Mass market adoption of new mobile payments technologies, such as Apple Pay and Google Wallet, is expected to occur by the end of 2016. Hackers are intensifying their efforts as companies and consumers increasingly adopt these new systems and related fraud cases in the United States are already totalling millions of dollars.
  5. Biohacking – Biohacking applies to advanced techniques that use science and technology to affect human performance and could be a target for radical security breaches. Smart implants will be used for identification and authentication of individuals which include the ability to access buildings and activate mobile phones, in addition to making bank transactions to replace smartphone PIN codes.
  6. Big data and the cloud – In ten years’ time, most of the world’s data will move through or be stored in the cloud at some stage. This is expected to result in more sophisticated data security attacks targeting cloud infrastructures, shifting from device-based to cloud-based botnets, hijacking distributed processing power.
  7. Mobile – 80% of internet connections could originate from a mobile platform by 2025. Industry experts predict that mobile devices will no longer be used to crack a phone code or steal data from a device itself. Instead they will be targeted by cyber criminals as a catalyst for obtaining additional data resources that can be accessed via the cloud.
  8. Bring Your Own Device (BYOD) – Heavily regulated industries are struggling with the risks introduced by allowing employees to bring their own devices. A 2014 survey of financial services respondents by PwC revealed that 44% said employees represented the highest and most likely source of security incidents. This figure is 9% higher compared with the all industries’ average.

Cross adds, “Financial services providers must adapt to the new world and the demands it places on their organisation. Businesses that fail to demonstrate a greater awareness of emerging technological challenges and transform their notion of security could fall prey to damaging breaches.”

The post Top 8 future cyber security threats to the financial services sector appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/top-8-future-cyber-security-threats-to-the-financial-services-sector/feed/ 0
One in four UK consumers would share their DNA with their bank to secure financial information https://www.accourt.com/one-in-four-uk-consumers-would-share-their-dna-with-their-bank-to-secure-financial-information/ https://www.accourt.com/one-in-four-uk-consumers-would-share-their-dna-with-their-bank-to-secure-financial-information/#comments Wed, 17 Jun 2015 10:00:26 +0000 http://www.accourt.com/?p=2991 A new mobile identity whitepaper from Telstra reveals the majority of United Kingdom (UK) consumers using mobile banking applications want their mobile devices to instantly recognise them via biometrics, such as fingerprint and voiceprint, instead of having to prove who they are with passwords and usernames. According to Telstra’s “Mobile Identity – The Fusion of Financial Services, […]

The post One in four UK consumers would share their DNA with their bank to secure financial information appeared first on Accourt Payments Specialists.

]]>
A new mobile identity whitepaper from Telstra reveals the majority of United Kingdom (UK) consumers using mobile banking applications want their mobile devices to instantly recognise them via biometrics, such as fingerprint and voiceprint, instead of having to prove who they are with passwords and usernames.

According to Telstra’s “Mobile Identity – The Fusion of Financial Services, Mobile and Identity” report, with smartphones now the primary channel used by Gen X and Gen Y to access and manage their finances, expectations around how financial institutions manage mobile identity are being transformed.

Willingness to Share Personal Information with Financial Services Institution

Willingness to Share Personal Information with Financial Services Institution

“For the last six months, we’ve spoken to consumers and banks all over the world, in an effort to understand how our relationship with our smartphone is affecting our relationship with our financial institutions,” said Rocky Scopelliti, Global Industry Executive for Banking, Finance & Insurance, Telstra.

“What we uncovered is that when it comes to mobile banking applications, consumers no longer believe in just the safety of passwords and usernames.

“Instead, two-thirds of UK consumers think that using biometrics – such as voice, fingerprint, iris and facial recognition – would be more secure and help reduce the risks of fraud.

Willingness to Share Personal Information with Financial Services Institution (by Net Worth $ (Total Investments & Assets – Debt))

Willingness to Share Personal Information with Financial Services Institution (by Net Worth $ (Total Investments & Assets – Debt))

“In fact, one in four UK consumers would even consider sharing their DNA with their financial institution, if it meant it would make authentication easier and their financial and personal information more secure,” he said.

According to the research, while factors such as interest rates and ease of accessing funds used to be the most important considerations when selecting a financial institution, today, more than half of UK consumers cite the security of their finances and personal information their top priority, together with their institutions’ reputation for security.

Despite this, the report found that only a third of UK consumers were ‘very satisfied’ with their institutions’ authentication methods, with one third willing to pay an extra £11 GBP per annum for more sophisticated mobile security measures.

Identity Theft (Global)

Identity Theft (Global)

“Our research shows consumers are using their mobile banking applications in some really cutting edge ways, so they’re expecting much more than ever before from their financial services providers in terms of security, innovation and functionality.

“In fact, Gen X and Gen Y has become so dependent on their smartphones to access their financial services, that it’s led to a behavioral state we are calling ‘no-finapp-phobia’ – the fear of being without financial applications,” he said.

In the UK, Nationwide and NatWest customers are the most satisfied with the identity and authentication methods offered and are accordingly, the most likely to recommend them.

“With our consumption of financial services intrinsically linked with the mobile device, our mobile identity is the key to unlock trust with our service provider.

“For ‘no-finapp-phobic’ Gen X and Gen Y consumers it’s time to create mobile identity solutions that instantly recognise them for who they are,” Mr Scopelliti concluded.

For more information on Telstra’s Mobile Identity – The Fusion of Financial Services, Mobile and Identity whitepaper click here.

The post One in four UK consumers would share their DNA with their bank to secure financial information appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/one-in-four-uk-consumers-would-share-their-dna-with-their-bank-to-secure-financial-information/feed/ 0
Criminals receive 1,425% ROI from Cybercrime https://www.accourt.com/criminals-receive-1425-roi-from-cybercrime/ https://www.accourt.com/criminals-receive-1425-roi-from-cybercrime/#comments Tue, 16 Jun 2015 13:59:25 +0000 http://www.accourt.com/?p=2987 Trustwave has released the 2015 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2014. The report discloses how much criminals can profit from malware attacks, which data they target, how they get inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are […]

The post Criminals receive 1,425% ROI from Cybercrime appeared first on Accourt Payments Specialists.

]]>
Trustwave has released the 2015 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2014.

The report discloses how much criminals can profit from malware attacks, which data they target, how they get

Cybercrime compromises by Industry

Cybercrime compromises by Industry

inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are targeting and where the majority of victims are located. It also reveals the most commonly used exploits, most prevalent malware families and more.

Trustwave experts gathered the data from 574 breach investigations the company’s SpiderLabs team conducted in 2014 across 15 countries in addition to proprietary threat intelligence gleaned from the company’s five global Security Operations Centers, security scanning and penetration testing results, telemetry from security technologies distributed across the globe and industry-leading security research.

2015 Trustwave Global Security Report: Key Highlights

  • Return on investment: Attackers receive an estimated 1,425% return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment)
  •  Weak application security: 98% of applications tested by Trustwave in 2014 had at least one vulnerability. The maximum number of vulnerabilities Trustwave experts found in a single application was 747. The median number of vulnerabilities per application increased 43% in 2014 from the previous year.
  • The password problem: “Password1″ was still the most commonly used password. 39% of passwords were eight characters long. The estimated time it took Trustwave security testers to crack an eight-character password was one day. The estimated time it takes to crack a ten-character password is 591 days.
  • Where victims reside: Half of the compromises Trustwave investigated occurred in the United States (a nine percentage point decrease from 2013).
  • Who criminals target: Retail was the most compromised industry making up 43% of Trustwave’s investigations followed by food and beverage (13%) and hospitality (12%).
  • Top assets compromised:  42% of investigations were of e-commerce breaches. Forty were of point-of-sale (POS) breaches. POS compromises increased seven percentage points from 2013 to 2014, making up 33% of Trustwave’s investigations in 2013 and 40% in 2014. E-commerce compromises decreased 13 percentage points from 2013 to 2014.
  • Data most targeted: In 31% of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that’s needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45% in 2013) meaning attackers shifted their focus back to payment card data.
  • Lack of self-detection: The majority of victims, 81%, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.
  • How criminals break in: Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94% of POS breaches.
  • Spam on the decline: Spam volume continues to decrease making up 60% of total inbound mail (compared to 69% in 2013 and more than 90% at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.
Industry breakdown of IT environments compromised by Cybercrime

Industry breakdown of IT environments compromised by Cybercrime

“To defend against today’s sophisticated criminals, businesses must see attacks from their front windshield instead of their rear view mirror,” said Trustwave Chairman, Chief Executive Officer and President Robert J. McCullen. “By providing a wealth of current, actionable data breach trends and threat intelligence, our 2015 Trustwave Global Security Report helps businesses identify what’s coming so that they can engage the people, processes and technologies needed to thwart cybercrime attacks that can generate close to a 1,500 return on investment.”

Download a complimentary copy of the full 2015_TrustwaveGlobalSecurityReport

The post Criminals receive 1,425% ROI from Cybercrime appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/criminals-receive-1425-roi-from-cybercrime/feed/ 0
Card fraud increases as stolen cards used once every 20 seconds https://www.accourt.com/card-fraud-increases-as-stolen-cards-used-once-every-20-seconds/ https://www.accourt.com/card-fraud-increases-as-stolen-cards-used-once-every-20-seconds/#comments Wed, 15 Apr 2015 12:00:50 +0000 http://www.accourt.com/?p=2903 British businesses were hit by card fraud once every 20 seconds in March, with Worldpay warning that small businesses are likely to have been hackers’ biggest targets. Worldpay saw over 133,000 fraudulent transactions worth £10 million reported in March alone, leaving businesses out of pocket as fraudsters purchased goods and services using stolen card details. […]

The post Card fraud increases as stolen cards used once every 20 seconds appeared first on Accourt Payments Specialists.

]]>
British businesses were hit by card fraud once every 20 seconds in March, with Worldpay warning that small businesses are likely to have been hackers’ biggest targets.

Worldpay saw over 133,000 fraudulent transactions worth £10 million reported in March alone, leaving businesses out of pocket as fraudsters purchased goods and services using stolen card details. Over 67% of all fraudulent transactions happened online, while purchases made over the phone or by mail accounted for 19% of the total.

“Technology to guard against card counterfeiting and fraud has come a long way, yet the rates of attack are truly alarming. Card details are the weakest links in consumers’ and businesses’ defences and the one area that fraudsters know to hone in on,” comments Tim Lansdale, Head of Payment Security at Worldpay.

This graph shows the number of investigations into card breaches (i.e. known breaches) amongst Worldpay customers, by business PCI DSS level during 2011-2014. There were a total of 140 investigations held during this period.

This graph shows the number of investigations into card breaches (i.e. known breaches) amongst Worldpay customers, by business PCI DSS level during 2011-2014. There were a total of 140 investigations held during this period.

Businesses that fail to protect their payment systems are not only left out of pocket when goods are purchased using stolen card details but also face paying for the investigation into the breach and the stiff industry penalties which inevitably follows. They are also likely to face bad publicity, which can swiftly erode the years of trust customers have built up in a business and can lead to even more lost custom in future.”

Small businesses, which accounted for 85.7% of all card data breaches, last year, make easy prey for the more advanced cyber hackers. By contrast, Worldpay has seen a 179% increase in payment security compliance amongst the UK’s biggest businesses, as the boardrooms of larger, better resourced companies look to bulk up their security in line with the card payment industry standards.

Causes of card data breaches

Causes of card data breaches

Regardless of business size, the clean-up costs of being targeted by hackers and suffering a card data breach can run to tens of thousands of pounds. A standard small business forensic investigation into a card data breach costs £11,250 on average and typically attracts at least a £8,000 industry penalty, not including the costs of lost goods and damage to reputation. Worldpay has seen larger businesses pay up to £100,000 for the forensic investigation alone.

“Prevention is clearly better than the cure when it comes to getting hacked. The UK’s largest companies have made great strides to improve their payment security but small businesses are still falling behind and being targeted as a result. Businesses of all shapes and sizes should be taking the necessary measures to protect themselves and their customers and employees,” said Lansdale.

Industries affected by card data breaches

Industries affected by card data breaches

Download the report here

Advice to businesses: How to avoid being a victim:

Card data breaches:

  1. Check you meet the card industry’s standards for keeping card data safe, and that your third party suppliers do too.
  2. Install all the latest patches for servers, operating systems, applications, and frameworks (Java, .NET etc.), to protect your ecommerce website.
  3. Change online system log-ins from the default, and use strong passwords that hackers cannot guess.

Fraud:

  1. Ask your payment processor about online protection, such as Verified by Visa, to make ecommerce payments safer from fraud.
  2. Be wary of high value or unusual orders from a customer you do not know, particularly if the product can be resold easily.
  3. Use the Address Verification Service, to match the customer’s delivery address with the billing address of the card owner.

The post Card fraud increases as stolen cards used once every 20 seconds appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/card-fraud-increases-as-stolen-cards-used-once-every-20-seconds/feed/ 0
Online fraud – an unrelenting, unforgiving battleground… https://www.accourt.com/online-fraud-an-unrelenting-unforgiving-battleground/ https://www.accourt.com/online-fraud-an-unrelenting-unforgiving-battleground/#comments Wed, 01 Apr 2015 13:59:07 +0000 http://www.accourt.com/?p=2887 The recent release of the annual UK fraud figures describes an interesting picture of some successes and some areas for continued concern and renewed action. First, the headline successes. Fraud conducted in the face-to-face retail environment continues to show a healthy decline trend (down 14% on the previous year) with card ID theft (down 19%) […]

The post Online fraud – an unrelenting, unforgiving battleground… appeared first on Accourt Payments Specialists.

]]>
The recent release of the annual UK fraud figures describes an interesting picture of some successes and some areas for continued concern and renewed action.

First, the headline successes. Fraud conducted in the face-to-face retail environment continues to show a healthy decline trend (down 14% on the previous year) with card ID theft (down 19%) and cheques (down 35% off a rapidly decreasing base) also showing notable declines.  These figures show an industry that continues to tackle some of the key fraud issues head-on, however, there are still significant challenges that need to be addressed, writes Vaughan Collie, Partner, Accourt – Payments Specialists.

On the downside, e-commerce and online banking continue to be areas of material concern.

E-commerce fraud has increased by 14%, continuing its worrying upward trend. These figures show an above average fraud-to-sales ratio (i.e. a common industry indicator of how much fraud loss is experienced for every unit of sales) in an industry where online commerce continues to grow exponentially and, with the increasing popularity of commerce through mobile devices such as smartphones and tablets, this remains an area of significant concern.

Annual fraud losses on UK-issued cards 2008 to 2014

Annual fraud losses on UK-issued cards 2008 to 2014 (Source FFA UK)

Online banking fraud has also shown an eye-watering increase of 48%.  One of the key drivers of this is a criminal element adept at basic, low-tech social engineering, preying on unsuspecting, sometimes gullible and vulnerable consumers – making this type of fraud relatively difficult to defend against (especially with legacy fraud management products and techniques).  This is primarily due to the ability of the criminals to bypass the safeguards put in place by the banks and other financial institutions once they’ve stolen sensitive information and/or credentials from consumers via these social engineering techniques.

It is not difficult to see the common element between the highest impact fraud losses is the underlying online ecosystem.  This ecosystem remains popular with criminals due to its inherent detachment from face-to-face interactions (often perceived as more risky) and relatively easy attack scalability coupled with, perhaps most importantly, the relative ease of exploiting human fallibility, especially in technology-enabled channels.

Fortunately, there are a number of advanced tools and techniques that service providers in the online ecosystem can employ to detect, mitigate against and, ultimately, stop future attacks.  However, there are so many products and services available in the market place and this makes it extremely difficult to determine which products, services, tools and techniques are most appropriate and effective at addressing the prevailing threats.  Many of the products and services have been available for a long time and have failed to adapt to the rapidly changing landscape of threats.  Technology and products that used to be good not that long ago are now less effective.

Annual online, telephone banking and cheque losses 2008 to 2014

Annual online, telephone banking and cheque losses 2008 to 2014 (Source FFFA UK)

Furthermore, the P&L challenge to fraud managers is (rightly) changing dramatically.  Whereas fraud management was traditionally seen as a necessary cost of doing business, with very limited ability and budget to materially and positively impact an organisation’s fortunes, modern technologies and best practices enable dynamic fraud managers to positively contribute to the bottom line, but without adversely impacting the organisation’s fraud profile.  Done right, this means that an organisation is able to, for example, enable authorisation of more good sales volume and/or decrease the friction of consumer interactions – all without adversely impacting that organisation’s risk and fraud profile.

How can Accourt help?

  • As a vendor/product independent organisation, Accourt advises on and conducts many vendor and product evaluations, particularly in the payments fraud management ecosystem.
  • Accourt is at the forefront of the emerging and break-through fraud detection and management technologies across all geographies.  With a bedrock understanding of payments across the entire payments value chain, Accourt is consistently able to cut through to and isolate the core value and differentiators of market products, thereby objectively distilling market-leaders from the rest.
  • Accourt’s focus is always an integrated approach, most effectively combining the product and operational aspects of the undertaking to its clients’ benefit.
  • Recognising that many organisations cannot decommission existing products, Accourt has significant practical and pragmatic experience in how to engineer a complementary fit of newer products and technologies alongside the existing legacy.
  • The focus on omni-channel commerce and customer service has further challenged legacy products in the fraud management ecosystem.  Accourt is able to independently identify and advise on those products that have managed to overcome and address this challenge.
  • Coupled with industry-leading fraud management knowledge and experience, Accourt is steeped in deep operational knowledge and experience of chargeback optimisation and implementation.  An integrated approach to fraud and chargeback management generally returns greater operational and financial benefit than a ‘silo’ approach.

The post Online fraud – an unrelenting, unforgiving battleground… appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/online-fraud-an-unrelenting-unforgiving-battleground/feed/ 0
Can we trust cryptocurrencies? https://www.accourt.com/can-trust-cryptocurrencies/ https://www.accourt.com/can-trust-cryptocurrencies/#comments Tue, 24 Feb 2015 17:01:31 +0000 http://www.accourt.com/?p=2717 It is a truth universally acknowledged, that a currency system seeking successful adoption must be in want of trust. Trust that a representation of value, such as a paper note, is backed by real value or a genuine obligation to repay; trust that those representations will be accepted by others as such; and trust that […]

The post Can we trust cryptocurrencies? appeared first on Accourt Payments Specialists.

]]>
It is a truth universally acknowledged, that a currency system seeking successful adoption must be in want of trust. Trust that a representation of value, such as a paper note, is backed by real value or a genuine obligation to repay; trust that those representations will be accepted by others as such; and trust that the representations of value are not counterfeit.

Early currencies were actual coins made of precious metals, which people trusted to have an intrinsic

cyber security image

Can we trust Cryptocurrencies?

value that they could use to obtain goods or services. Today, most countries use fiat currencies which have no intrinsic value and are not tied to any physical value such as precious metals. Instead, fiat currencies are backed by government guarantee – entirely lacking in physicality and intrinsic value, fiat currency demands ultimate trust.

The identity of those involved in a transaction (and the ability to verify such identity) is invariably a key component of this trust equation. In order for the fiat currency system to function, the currency issuer and each of the key players in a payment chain must be trustworthy to ensure that the currency is not counterfeit and that the currency will not be stolen before reaching its final destination.

But in the deliberately anonymous world of cryptocurrencies, where value is established by algorithms and verified by the electronic transfer of data, how can trust be established without proof of identity? In light of the widely reported vulnerability of e-wallets, can we ever truly establish the same trust in cryptocurrencies that we have in our own fiat ones today?

The answer perhaps lies in an appreciation that the trust deficit will only be met once there is sufficient confidence in the technology which underpins the currency and the key market players in cryptocurrency transactions are held to a high level of accountability. In fiat transactions today, “money” must pass through many hands before reaching its final destination. When you pay for your shopping with a credit card, your personal details are collected by the shop, transmitted to their acquiring bank that then transmits your details again to your card issuing bank. After initial approval, these details are transmitted along this chain once more before the funds are actually released.

This chain demonstrates a number of potential points for a security breach. Despite this, society generally trusts in the system because the banks and payment processors are regulated and we can feel secure in knowing that the parties involved are required to enforce a high level of security. Even if a breach occurs, we know that the parties involved will be held accountable and trust that we as participants will have the opportunity for redress.

Cryptocurrencies, on the other hand, are entirely decentralised and value passes directly from payer to payee. Quite clearly, there are far fewer potential points for a security breach along the Bitcoin payment chain that solely consists of a payer and a payee. There has also never been a recognised security breach or defrauding of the actual Bitcoin ledger, known as the Blockchain, to date. The Blockchain is considered to be extremely secure as it publically records every transaction that is ever made.

For a system that seems to be so secure in its technology to be plagued with instances of hacking and fraud (most recently the hack of the popular Chinese Bitcoin exchange Bter), the real trust issue lies with the gatekeepers between cryptocurrencies and their traditional fiat relations.

Cryptocurrency-related businesses that act as interfaces with fiat currencies, such as exchanges and payment processors, are largely unregulated by any regulator worldwide. They have also been the generators of the largest reported hacks to date, causing widespread mistrust in the system and extreme volatility in cryptocurrency pricing. However, this mistrust stems from the lack of accountability of the cryptocurrency-related businesses that are able to operate without any required disclosure of identity or location.

To condemn cryptocurrencies as a whole based on the poor security of a few rogue market players would be tantamount to condemning a fiat currency because of a few bank thefts. If currency is stolen from a bank, its security is increased. Consequently, when a cryptocurrency exchange is compromised, it should follow that the solution should be increasing the security of exchanges. However, unless and until the loss falls on the exchange, there is no incentive on the exchange to change its behaviour.

Indeed, it is only when the behavioural and organisational standards are enforced by industry or national regulators that the collective conduct and security of the cryptocurrency industry will be elevated. When responsible conduct of participants is required, confidence in the market will follow. It is therefore in the best interests of most cryptocurrency-related businesses to support the push for regulation and instil trust in the wider currency platform.

It is only by learning how to play this trust game effectively that cryptocurrencies have any real shot at viability: if consumers feel able to trust in the industry that has thus far been plagued by hacks and security breaches, cryptocurrencies could even revolutionise the way we live.

It should therefore be a truth universally acknowledged that a cryptocurrency exchange in possession of fortunes, must be in want of good regulation.

The post Can we trust cryptocurrencies? appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/can-trust-cryptocurrencies/feed/ 0
25% of phishing attacks in 2014 targeted financial data https://www.accourt.com/25-phishing-attacks-2014-targeted-financial-data/ https://www.accourt.com/25-phishing-attacks-2014-targeted-financial-data/#comments Fri, 13 Feb 2015 12:40:47 +0000 http://www.accourt.com/?p=2711 The Kaspersky Lab study ‘Financial Cyber Threats in 2014’ reports that 28.8% of phishing attacks in 2014 were intended to steal financial data from users. While carrying out their scams, cyber criminals have shifted their focus from bank brands to payment systems and online shopping sites. Cybercriminals used the names of well-known banks in 16.3% […]

The post 25% of phishing attacks in 2014 targeted financial data appeared first on Accourt Payments Specialists.

]]>
The Kaspersky Lab study ‘Financial Cyber Threats in 2014’ reports that 28.8% of phishing attacks in 2014 were intended to steal financial data from users. While carrying out their scams, cyber criminals have shifted their focus from bank brands to payment systems and online shopping sites.

  • Cybercriminals used the names of well-known banks in 16.3% of attacks; in 2013, the level of bank phishing was 22.2%
  • In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02% of detections in the Payment Systems category), PayPal (30.03% of detections) and American Express (24.6%)
  • The names of well-known online shopping sites were used in 7.3% of attacks (6.5% in 2013)
  • In 5.1% of cases, Kaspersky Lab’s protection technologies were triggered by phishing pages mentioning payment systems, which is 2.4 percentage points more than in 2013
  • The proportion of financial phishing detected on Mac systems increased by 9.6 percentage points compared to the previous year, representing 48.5% of all instances in which the anti-phishing component of Kaspersky Lab security products for Mac OS X was triggered
Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014

Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014

Phishing is a type of Internet fraud that is used by cybercriminals to lure users into providing their data (account logins and passwords and other personal information) by creating fake web pages to imitate popular online resources.

Last year, the proportion of financial phishing to all phishing attacks fell by 2.7 percentage points compared to 2013, primarily due to a decrease in the level of banking phishing. At the same time, there was proportionally more phishing targeting other financial categories.

In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02% of detections in the Payment Systems category), PayPal (30.03% of detections) and American Express (24.6%). A the same time, in 2014 detections for phishing pages mentioning PayPal saw their share fall by 14.09 percentage points compared to 2013.

Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014 - Payment Systems

Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014 – Payment Systems

Amazon remains the most commonly-attacked brand in the Online Shopping category – 31.7% of attacks in this category used phishing pages mentioning Amazon. However, this is 29.41 percentage points less than in the previous year.

“The rise in financial phishing that we saw in the past has naturally drawn a response from the brands most frequently abused in phishing scams – they are beginning to tackle phishing distribution channels, especially email spam, more actively,” says Nadezhda Demidova, web content analyst at Kaspersky Lab.

“That leads to a reduction in the levels of phishing that targets some of the larger brands. However, cybercriminals immediately responded by targeting new ‘markets’. For example, in 2014 we saw a large number of phishing scams based on websites that sell plane tickets. These are targets that used to be seen fairly infrequently in phishing scams.”

Kaspersky Lab experts have also recorded an increase in the proportion of financial phishing attacks against Mac OS X users. Overall, about 48.5% of all phishing attacks detected on computers with Kaspersky Lab security products for Mac installed on them were designed to steal financial data. In particular banks were mentioned in 29% of attacks, payment systems in 11.21% and online shopping sites in 8.32% of attacks.

You can find information on other changes in the 2014 financial cyberthreats landscape in the full text of the report on Securelist.com

Modern phishing websites are getting more and more sophisticated, making them very hard for users to recognise. That is why we recommend using an Internet security solution with an advanced anti-phishing technology in place.

The anti-phishing module is included in key Kaspersky Lab products for home and corporate users, as well as Kaspersky Fraud Prevention – a platform created specifically to protect banks from online financial fraud. Its three components – anti-phishing databases, Kaspersky Security Network and heuristic analyser – provide robust protection against phishing. The module’s effectiveness has been confirmed by independent test labs.

The post 25% of phishing attacks in 2014 targeted financial data appeared first on Accourt Payments Specialists.

]]>
https://www.accourt.com/25-phishing-attacks-2014-targeted-financial-data/feed/ 0