Security News

An especially popular type of BEC attack is one that uses invoice or payment fraud to steal money from the targeted organization. In the first three months of 2020, invoice and payment fraud BEC attacks increased more than 75%. But the rise was even more pronounced from April to May. Over that period, the volume of these types of BEC campaigns shot up by 200% per week, with a 36% jump in the number of organizations hit by these attacks.

Futurex's VirtuCrypt financial cloud HSM service supports financial services organizations' critical payment systems cryptography and key management needs in the cloud. VirtuCrypt cloud HSMs are the industry's first financial cloud cryptographic solution with native Amazon Web Services support.

The Federal Reserve published the FraudClassifier model - a set of tools and materials to help provide a consistent way to classify and better understand the magnitude of fraudulent activity and how it occurs across the payments industry. The model was developed by the Fraud Definitions Work Group, which was comprised of Federal Reserve and payments industry fraud experts.

Leading technology, finance and nonprofit companies join forces to announce the launch of PayID, a universal payment ID to simplify the process of sending and receiving money globally - across any payment network and any currency. GoPay, Ripple, Blockchain.com, BitPay, Brave, Flutterwave, Mercy Corps and others have collaborated on the development of PayID through the Open Payments Coalition, a multinational alliance of industry leaders.

The PCI Security Standards Council has updated the standard for payment devices to enable stronger protections for cardholder data. The PCI PIN Transaction Security Point-of-Interaction Modular Security Requirements 6.0 enhances security controls to defend against physical tampering and the insertion of malware that can compromise card data during payment transactions.

Brit cycling equipment shop Wiggle confirmed to The Reg today it was delinking customers' payment cards from their accounts, two weeks after first receiving complaints that orders were appearing on customers' accounts that they had not made themselves. Ross Clemmow, CEO at Wiggle, told The Reg: "[W]e understand a small number of customers' login details have been acquired outside of Wiggle's systems and some have been used to gain access to Wiggle accounts and purchases made.

A Magecart credit-card skimmer was used to attack online customers of the retailer Claire's for a month and a half, according to researchers. "Following common Magecart malpractice, payment skimmers were injected and used to steal customer data and cards," according to Sansec.

Kenenty Hwan Kim, aka Myung Kim, 64, pleaded guilty [PDF] in a Texas court this week to one count of conspiracy to commit money laundering. Using an email address very similar to Chance's, Kim asked Solid Bridge to send a $210,000 check for an invoice to an address in Washington state.

Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research.

While the rate of fraud for ACH payments is relatively low, there is always a risk of bad actors whenever money is moving. When it comes to securing your money transfers, here is everything you need to know about assessing the risks involved in ACH payments.