Security News

All modern contactless cards that make use of the Visa protocol, including Visa Credit, Visa Debit, Visa Electron, and V Pay cards, are affected by the security flaw, but the researchers posited it could apply to EMV protocols implemented by Discover and UnionPay as well. As a result, the Card Transaction Qualifiers used to determine what CVM check, if any, is required for the transaction can be modified to inform the PoS terminal to override the PIN verification and that the verification was carried out using the cardholder's device such as a smartwatch or smartphone.

Hungary is among numerous countries in Eastern Europe poised for an explosion in real-time payments growth, with several Hungarian banks and intermediaries leveraging ACI's unrivalled Real-Time Payments solution to capitalize on the expected rise in digital transaction volumes. Long-standing customer OTP Bank is leveraging ACI's Real-Time Payments solution to connect to the scheme; the solution offers a complete range of capabilities for processing real-time payments, including origination, processing, clearing, fraud detection and connectivity-all on a single platform.

Biometric payment cards with an integrated fingerprint sensor make contactless payments more convenient, more secure and hygienic. Infineon Technologies and Fingerprint Cards have joined forces to enable mass deployment of this emerging solution.

A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup "Group," access the group's member details and even redirect Meetup payments to an attacker-owned PayPal account.

Two high-risk vulnerabilities in Meetup, a popular online service that's used to create groups that host local in-person events, allowed attackers to easily take over any Meetup group, access all group functions and assets, and redirect all Meetup payments/financial transactions to their PayPal account. What's more, attackers could create a worm to take over all meetings on the site - including private ones - and do all of these things.

Cybercriminals could be stealing data from payment cards with EMV chips and using it to create magnetic stripe cards which they can use for card-present transactions, cybersecurity firm Gemini Advisory reported on Thursday. This enables cybercriminals who can steal EMV card data to encode that data on a magnetic stripe, inserting the iCVV instead of the CVV that is expected to be on the magnetic stripe.

Based on responses from 1,000 U.S. cardholders who are familiar with contactless credit/debit card or "Tap and pay" technology, a new Entrust Datacard survey reveals that 75% of U.S.-based payment cardholders prefer contactless cards as their primary payment method over chip insert, card swipe, mobile pay and cash. According to the survey's results, 83% of respondents believe contactless cards are here to stay and 61% believe it's at least somewhat of a priority to have a contactless feature on their credit or debit card.

RSA announces that NewDay has selected and deployed RSA Adaptive Authentication for eCommerce to deliver advanced fraud protection for digital payments and address the requirements of the EMV 3-D Secure protocol. RSA Adaptive Authentication for eCommerce helps card issuers and payments processors prevent more than 95 percent of fraud in card-not-present e-commerce transactions and provide a frictionless authentication and shopping experience for cardholders.

There has been a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020, according to Abnormal Security. According to the report, invoice and payment fraud attacks increased more than 75 percent in the first three months of 2020.

An especially popular type of BEC attack is one that uses invoice or payment fraud to steal money from the targeted organization. In the first three months of 2020, invoice and payment fraud BEC attacks increased more than 75%. But the rise was even more pronounced from April to May. Over that period, the volume of these types of BEC campaigns shot up by 200% per week, with a 36% jump in the number of organizations hit by these attacks.