Security News

RSA, a global cybersecurity leader delivering Business-Driven Security solutions to help organizations manage digital risk, announces the general availability of RSA Adaptive Authentication for eCommerce version 20.5. In this version, RSA Adaptive Authentication for eCommerce implements the latest features available in the EMV 3D-Secure v2.2 protocol, adds new authentication flows to support transactions where the cardholder is not in session, and introduces new capabilities that significantly enhance the customer's checkout experience.

In Q4 of 2019, advanced, multi-step attacks attempting to evade fraud defenses using a blend of automated and human-driven attacks have been detected. While automated attacks are still prevalent across most industries, the notable rise in human-driven attacks is attributed to fraudsters leveraging what Arkose Labs define as "Sweatshop-like workers" to enhance attacks.

A trio of Australians has been charged with identity theft that netted AU$11 million - ill-gotten loot they allegedly ripped off by hacking into businesses and modifying their payrolls, pension payments and credit card details. New South Wales police reportedly said that the unidentified 31-year-old man allegedly stole more than 80 personal and financial profiles so as to use them in identity fraud in South Australia from early 2019, and then in NSW from August 2019.

Having recently received just such a bombardment at one of the larger IAM conferences, I was curious at how well zero trust applies to fraud prevention. Although the zero trust framework is gaining momentum in the enterprise, its basic concepts have been the mainstay of fraud prevention in industries like insurance, finance and retail for a very long time.

LexisNexis Risk Solutions, part of RELX, announced it has entered into an agreement to acquire Emailage, a global provider of fraud prevention and risk management solutions. LexisNexis Risk Solutions already has an established commercial partnership with Emailage to offer email risk assessment to customers around the world.

Google Chrome extension developers have been left high and dry for weeks as the company struggles to cope with a spike in fraud on the Chrome Web Store. Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users.

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store. "Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items," Simeon Vincent, extensions developer advocate at Google, explains.

On Saturday, Google temporarily disabled the ability to publish paid Chrome apps, extensions, and themes in the Chrome Web Store due to a surge in fraud. "Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users," said Simeon Vincent, developer advocate for Chrome Extensions, in a post to the Chromium Extensions forum.

Aleksai Burkov, a Russian cybercriminal responsible for over $20m in credit card fraud, pleaded guilty last week for access device fraud, identity theft, computer intrusion, wire fraud, and money laundering, after being indicted four years ago for operating a carding website called Cardplanet. This website, which ran from 2009 until 2013, served as a forum for cybercriminals to buy and sell credit card details stolen from victims.