Security News

Multiple npm packages are being used in an ongoing malicious campaign dubbed LofyLife to infect Discord users with malware that steals their payment card information. "All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign 'LofyLife'."

PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. This Help Net Security video introduces the most important PCI DSS 4.0 changes.

Thales has announced what it claims is the "World's first" payment card to include an onboard fingerprint sensor, promising improved security and usability - and an end to contactless payment limits. The Thales Gemalto Biometric Sensor Payment card, the company explained, replaces the traditional PIN with an on-card fingerprint sensor and requires no modifications to existing point-of-sale payment terminals.

This new card, which integrates a biometric sensor, provides users with increased security and convenience. The contactless biometric card simplifies proximity payments and also provides an essential level of privacy and confidence.

A so-called "Pen-tester" for the financial cybergang known as FIN7 will spend seven years in the slammer after being convicted for payment-card theft. FIN7 is a well-known threat that's been circulating since at least 2015.

The U.S. Justice Department this week announced indictments against 22 individuals who allegedly purchased and used payment cards stolen from a national retail chain. Using point-of-sale malware installed at multiple retail locations of the target company, threat actors stole information of over three million payment cards, including credit, debit, and gift cards used at over 400 of the company's retail stores.

The Swarmshop cyber-underground "Card shop" has been hit by hackers, who lifted the site's database of stolen payment-card data and leaked it online. Card shops, are online cybercriminal forums where stolen payment-card data is bought and sold.

Samsung Electronics, Mastercard, Samsung Card, have signed a memorandum of understanding to develop a biometric card that features a built-in fingerprint scanner to authorize transactions securely at in-store payment terminals. The biometric authentication capability allows safer interactions with reduced physical contact points by eliminating the need to enter a PIN on a keypad. It also adds an extra layer of security to currently available credit cards by verifying the cardholder's identity via a unique fingerprint.

Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure protocol used for authorizing online card transactions. 3DS adds a layer of security for online purchases using credit or debit cards.

HUBUC announces the launch of payment cards underpinned by MOTION CODE, a dynamic CVV technology from IDEMIA for online shopping across Europe. HUBUC is a novel embedded financial services provider that offers a number of payment capabilities, including card issuance, from a single platform, integrating the IDEMIA MOTION CODE server.