Security News

RSA announces that NewDay has selected and deployed RSA Adaptive Authentication for eCommerce to deliver advanced fraud protection for digital payments and address the requirements of the EMV 3-D Secure protocol. RSA Adaptive Authentication for eCommerce helps card issuers and payments processors prevent more than 95 percent of fraud in card-not-present e-commerce transactions and provide a frictionless authentication and shopping experience for cardholders.

There has been a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020, according to Abnormal Security. According to the report, invoice and payment fraud attacks increased more than 75 percent in the first three months of 2020.

An especially popular type of BEC attack is one that uses invoice or payment fraud to steal money from the targeted organization. In the first three months of 2020, invoice and payment fraud BEC attacks increased more than 75%. But the rise was even more pronounced from April to May. Over that period, the volume of these types of BEC campaigns shot up by 200% per week, with a 36% jump in the number of organizations hit by these attacks.

Futurex's VirtuCrypt financial cloud HSM service supports financial services organizations' critical payment systems cryptography and key management needs in the cloud. VirtuCrypt cloud HSMs are the industry's first financial cloud cryptographic solution with native Amazon Web Services support.

The Federal Reserve published the FraudClassifier model - a set of tools and materials to help provide a consistent way to classify and better understand the magnitude of fraudulent activity and how it occurs across the payments industry. The model was developed by the Fraud Definitions Work Group, which was comprised of Federal Reserve and payments industry fraud experts.

Leading technology, finance and nonprofit companies join forces to announce the launch of PayID, a universal payment ID to simplify the process of sending and receiving money globally - across any payment network and any currency. GoPay, Ripple, Blockchain.com, BitPay, Brave, Flutterwave, Mercy Corps and others have collaborated on the development of PayID through the Open Payments Coalition, a multinational alliance of industry leaders.

The PCI Security Standards Council has updated the standard for payment devices to enable stronger protections for cardholder data. The PCI PIN Transaction Security Point-of-Interaction Modular Security Requirements 6.0 enhances security controls to defend against physical tampering and the insertion of malware that can compromise card data during payment transactions.

Brit cycling equipment shop Wiggle confirmed to The Reg today it was delinking customers' payment cards from their accounts, two weeks after first receiving complaints that orders were appearing on customers' accounts that they had not made themselves. Ross Clemmow, CEO at Wiggle, told The Reg: "[W]e understand a small number of customers' login details have been acquired outside of Wiggle's systems and some have been used to gain access to Wiggle accounts and purchases made.

A Magecart credit-card skimmer was used to attack online customers of the retailer Claire's for a month and a half, according to researchers. "Following common Magecart malpractice, payment skimmers were injected and used to steal customer data and cards," according to Sansec.

Kenenty Hwan Kim, aka Myung Kim, 64, pleaded guilty [PDF] in a Texas court this week to one count of conspiracy to commit money laundering. Using an email address very similar to Chance's, Kim asked Solid Bridge to send a $210,000 check for an invoice to an address in Washington state.