Security News
The U.S. Justice Department this week announced indictments against 22 individuals who allegedly purchased and used payment cards stolen from a national retail chain. Using point-of-sale malware installed at multiple retail locations of the target company, threat actors stole information of over three million payment cards, including credit, debit, and gift cards used at over 400 of the company's retail stores.
The Swarmshop cyber-underground "Card shop" has been hit by hackers, who lifted the site's database of stolen payment-card data and leaked it online. Card shops, are online cybercriminal forums where stolen payment-card data is bought and sold.
Samsung Electronics, Mastercard, Samsung Card, have signed a memorandum of understanding to develop a biometric card that features a built-in fingerprint scanner to authorize transactions securely at in-store payment terminals. The biometric authentication capability allows safer interactions with reduced physical contact points by eliminating the need to enter a PIN on a keypad. It also adds an extra layer of security to currently available credit cards by verifying the cardholder's identity via a unique fingerprint.
Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure protocol used for authorizing online card transactions. 3DS adds a layer of security for online purchases using credit or debit cards.
HUBUC announces the launch of payment cards underpinned by MOTION CODE, a dynamic CVV technology from IDEMIA for online shopping across Europe. HUBUC is a novel embedded financial services provider that offers a number of payment capabilities, including card issuance, from a single platform, integrating the IDEMIA MOTION CODE server.
ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. There are dozens of online shops that sell so-called "Card not present" payment card data stolen from e-commerce stores, but most source the data from other criminals.
"As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces," said researchers in a Friday analysis. Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020.
A cybercrime group known for targeting e-commerce websites unleashed a "Multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. The ultimate goal of the attack, the researchers noted, was to steal payment and user data via several attack vectors and tools to deliver the malware.
Australia will develop the capability to use payment records in the service of coronavirus contact tracing. A National Contact Tracing Review released last Friday called for a raft of information technology responses to the pandemic, on grounds that containment of the novel coronavirus will be needed even after a vaccine emerges.
Texas-based precious metals dealer JM Bullion has informed some customers that their payment card information may have been stolen by cybercriminals, but the disclosure came months after the breach was discovered. The company claims on its website that customer information is kept secure through "256-bit SSL encryption" and that it does not have access to payment card information as it's processed by a third party.