Security News
The U.S. Department of the Treasury this week issued an advisory to warn companies that facilitate ransomware payments of the potential legal implications resulting from sending money to sanctioned entities. The Treasury Department's Office of Foreign Assets Control says there has been a rise in ransomware attacks on U.S. organizations, which has resulted in an increase in the demand for ransomware payments.
Password manager 1Password and virtual card platform Privacy.com announced an API integration that lets users create virtual cards in their browser quickly and safely when they need to make a payment. Starting today, users can create, use and save Privacy Cards directly within their 1Password extension whenever they're needed.
This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. To obtain unauthorized funds from a third-party credit card, the first mobile phone is used to scan the necessary data from the credit card and transfer it to the second phone.
PCI Pal announced the addition of Speech Recognition capability for both its Agent Assist and IVR Payment solutions. With this new feature, PCI Pal users now have the option of allowing callers to securely speak their sensitive card details while PCI Pal processes the data and prevents it from entering the company's environment.
All modern contactless cards that make use of the Visa protocol, including Visa Credit, Visa Debit, Visa Electron, and V Pay cards, are affected by the security flaw, but the researchers posited it could apply to EMV protocols implemented by Discover and UnionPay as well. As a result, the Card Transaction Qualifiers used to determine what CVM check, if any, is required for the transaction can be modified to inform the PoS terminal to override the PIN verification and that the verification was carried out using the cardholder's device such as a smartwatch or smartphone.
Hungary is among numerous countries in Eastern Europe poised for an explosion in real-time payments growth, with several Hungarian banks and intermediaries leveraging ACI's unrivalled Real-Time Payments solution to capitalize on the expected rise in digital transaction volumes. Long-standing customer OTP Bank is leveraging ACI's Real-Time Payments solution to connect to the scheme; the solution offers a complete range of capabilities for processing real-time payments, including origination, processing, clearing, fraud detection and connectivity-all on a single platform.
Biometric payment cards with an integrated fingerprint sensor make contactless payments more convenient, more secure and hygienic. Infineon Technologies and Fingerprint Cards have joined forces to enable mass deployment of this emerging solution.
A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup "Group," access the group's member details and even redirect Meetup payments to an attacker-owned PayPal account.
Two high-risk vulnerabilities in Meetup, a popular online service that's used to create groups that host local in-person events, allowed attackers to easily take over any Meetup group, access all group functions and assets, and redirect all Meetup payments/financial transactions to their PayPal account. What's more, attackers could create a worm to take over all meetings on the site - including private ones - and do all of these things.
Cybercriminals could be stealing data from payment cards with EMV chips and using it to create magnetic stripe cards which they can use for card-present transactions, cybersecurity firm Gemini Advisory reported on Thursday. This enables cybercriminals who can steal EMV card data to encode that data on a magnetic stripe, inserting the iCVV instead of the CVV that is expected to be on the magnetic stripe.