Security News
Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground's most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019.
Attackers using Ryuk and Sodinokibi - aka REvil - are increasingly "Focusing their attacks on large companies where they can attempt to extort the organization for a seven-figure payout," it says, noting that the average Ryuk ransom payment last quarter was $780,000. One commonality across all types of tools is that attackers overwhelmingly continue to demand ransom payments in bitcoins.
New York state senators have proposed two bills that would require government agencies to tell ransomware attackers to get lost. We've seen mayors in US cities resolve to eschew paying ransom to get their systems back from attackers, but New York is the first state to make a move in that direction - and to back it up with actual legislation.
Aleksey Burkov, a Russian national who was extradited to the U.S. from Israel in November, pleaded guilty Thursday to federal charges related to owning and operating a site called "Cardplanet," which trafficked in stolen payment card data, according to the Justice Department. Burkov, 29, pleaded guilty to charges that included access device fraud; conspiracy to commit computer intrusion, identity theft, wire and access device fraud; and money laundering.
Faster payments are the new reality in more than 40 countries, and this innovation is benefiting consumers and businesses alike. Criminals are also enjoying the speed and non-refutable nature of these transfers, and in many deployments faster payments quickly translates to faster fraud.
Paysafe, a leading specialized payments platform, has expanded its omni-channel payments offering through the launch of the Cloud SDK from Handpoint, a pioneer in defining integrated payments. Complementing the existing Handpoint APIs and SDKs used by Paysafe clients with Android, iOS, and desktop apps, the Cloud SDK allows independent software vendors with cloud-based platforms to provide businesses with enhanced in-person payments.
Dixons Retail is facing a £500,000 penalty from the Information Commissioner's Office after a hacker installed malware that infected thousands of point of sale tills and scooped up 5.6 million payment card details. The ICO told us that in addition to the aforementioned personal financial data, Dixons had initially found that roughly 10 million non-financial records had also been pilfered from the retailer's internal servers and exfiltrated.
"Payment players will need to get their data houses in order, given that we anticipate the introduction of new payment rails and open solutions in 2020, as well as a sustained increase in cross-border transaction volume." "Payment tokens help make transactions safer by eliminating the transfer of actual payment data for e-commerce and mobile payments and can deliver a seamless yet secure digital payment experience."The updated 3-D Secure specification enables real-time exchange of 10 times more contextual data between merchants and financial institutions to improve decision-making.
A researcher has found two new methods that payment card number thieves are using to try to stay under the radar. The attackers are sometimes referred to as Magecart, a name for a slew of groups that steal payment card numbers.
Houston, Texas-based dining, hospitality and gaming company Landry's revealed recently that it had discovered a piece of malware designed to steal payment card information on its systems. Following a payment card breach that hit the company's restaurants in 2015, Landry's started using a payment processing solution that relies on end-to-end encryption to protect sensitive information on point-of-sale terminals.