NEWS

BLOCKCHAIN & DIGITAL CURRENCY
CASH & CARD TALK
ELECTRONIC PAYMENTS
SECURITY & COMPLIANCE
MASTHEAD
ABOUT

A. Lyle Elias
ATMIA Founding Director

---

SPONSORS

ASSOCIATIONS

SECURITY & COMPLIANCE

Jack Henry Announces Plan for New Financial Crimes Platform; Press Release
 
Jack Henry™ announced the development of Jack Henry Financial Crimes Defender™, the company's next-generation financial crimes platform. The comprehensive platform, planned to launch in early 2023, will deliver community and regional financial institutions the enhanced capabilities they need, including AI/ML, to gain visibility into fraud across all channels to better protect their institutions and accountholders' financial health.   (Read More)
 
iOS 16.1 to let users delete Wallet app amid antitrust concerns over Apple Pay; 9TO5Mac
 
Apple on Tuesday surprised developers with the release of both iOS 16.0 beta 7 and iPadOS 16.1 beta 1. And while neither update comes with significant changes, it seems that Apple will soon let users delete the Wallet app from their devices with iOS 16.1.   (Read More)
 
US Payments Forum Summer Market Snapshot: The Future of Contactless, Faster Payments and Evolving Fraud Concerns; US Payments Forum
 
The U.S. Payments Forum, a subsect of the Secure Technology Alliance, today released its latest Market Snapshot. It provides an overview of the state of the industry including contactless payments’ role in the post-pandemic economy, digital wallet growth, alternative payment rails and mounting fraud concerns. The snapshot also explores advancements in faster payments, open payments for electric vehicle (EV) charging, PCI DSS compliance standards and current challenges facing the payments stakeholdership.   (Read More)

U.S. consumer watchdog to scrutinize crypto payments, Big Tech moves into finance; REUTERS
 
The top U.S. consumer watchdog plans to scrutinize the use of cryptocurrencies for real-time payments and ramp up oversight of Big Tech companies as they expand into the traditional financial sector, its director told Reuters.   (Read More)
 
NCUA Board Issues Proposed Rule on Cyber Incident Reporting Requirements; Press Release
 
The NCUA Board approved a proposed rule(opens new window) that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.   (Read More)
 
Fraud.net included in FedNow Payments Service Provider Showcase; Press Release
 
Fraud.net, a leading platform of comprehensive and customizable fraud prevention and risk management solutions, was recently included in the Federal Reserve’s FedNowSM Payments Service Provider Showcase as a solution provider for fraud prevention.   (Read More)

FIS Increases Approval Rates and Decreases eCommerce Fraud Liability for Merchants with Guaranteed Payments; Press Release
 
Financial technology leader FIS® (NYSE: FIS) announced today the launch of its Guaranteed Payments solution, becoming the only payments processor to offer a fully integrated solution designed to guarantee merchants increased eCommerce transaction approval rates and eliminate the financial liability of chargebacks due to fraudulent purchases.   (Read More)
 
New RBI Circular Creates Panic In The 'Buy Now Pay Later' Sector; SWARAJYA
 
An RBI letter asking "All Non-Bank Pre-Paid Instruments (PPI) Issuers" to cease issuing cards has led to the 'buy now pay later' (BNPL) sector expressing concerns.   (Read More)
 
U.S. consumer watchdog to review 'excessive' credit card late payment fees; REUTERS
 
The top U.S. consumer watchdog on Wednesday said it had begun a review of "excessive" credit card fees and asked card issuers for data on revenue and expenses in a bid to stamp out abuses and boost competition.   (Read More)

UK’s Digital Watchdogs Take a Closer Look at Algorithmic Processing; BusinessNewsWales
 
This “algorithmic processing” is commonplace and often beneficial, underpinning many of the products and services we use in everyday life. From detecting fraudulent activity in financial services to connecting us with friends online or translating languages at the click of a button, these systems have become a core part of modern society.   (Read More)
 
Fraugster launches a new Alternative Credit Decisions solution to support BNPLs and Enterprise merchants to approve more customers without increasing credit risk; Press Release
 
Alternative Credit Decisions gives Fraugster customers access to AI enriched data that increases approval rates, reduces credit bureau costs and provides industry and region specific insight   (Read More)
 
Nigeria’s cryptocurrency problem has central bank scrambling; African Business
 
When early in April the Central Bank of Nigeria (CBN) fined six top banks a total of N1.3bn ($3.1m) for violating its directive against facilitating transactions in cryptocurrencies, it was the latest sign that the country’s crypto problem won’t easily go away.   (Read More)

U.S. consumer chief Chopra to revisit rules around credit card fees, abuses; Reuters
 
The U.S. consumer watchdog will revisit its rules around credit card fees in a bid to stamp out abuses, discourage excessive late fees and boost competition, the agency's director told Congress on Wednesday, confirming a Reuters April report.   (Read More)
 
Mastercard launches next-generation identity technology with Microsoft to help more consumers shop online safely; Press Release
 
Mastercard on Monday announced the launch of an enhanced identity solution designed to improve the online shopping experience and tackle digital fraud in a new collaboration with Microsoft Corp.   (Read More)
 
UK Government publishes approach to the regulation of Stablecoins; LEXOLOGY
 
On 4 April 2022, Her Majesty’s Treasury (the Treasury) published its response (the Response) to its consultation and call for evidence on the UK’s regulatory approach to cryptoassets, stablecoins and distributed ledger technology in financial markets (the Consultation).   (Read More)

GoCardless launches open banking-powered fraud prevention tool; Press Release
 
GoCardless, a leader in direct bank payment solutions, has launched Verified Mandates in the UK, a feature within its global bank pay platform which combines the Account Information Services (AIS) capabilities of open banking with direct debit to stop fraud before it happens.    (Read More)
 
Apple sends new offer to Dutch antitrust authority over dating apps payments, racks up 9th fine; TechCrunch
 
Apple has been fined again in the Netherlands over an antitrust order related to dating apps. The order requires it to allow local dating apps to be able to use third-party payment technologies if their developers wish, rather than being locked to only being able to use Apple’s in-app payment API for iOS.   (Read More)
 
CMA writes to Barclays and Lloyds over open banking API breaches; Finextra
 
The UK's Competition and Markets Authority has written to Barclays and Lloyds about a series of failures to make accurate and comprehensive data on its products and services available through open APIs.   (Read More)

How Ukraine’s Banking System and FX Market Will Work from 24 February 2022 Under Martial Law Throughout Ukraine; Press Release
 
The National Bank of Ukraine has passed a Resolution outlining how Ukrainian banks will operate now that martial law has been imposed throughout the country. Martial law is a special regime under which:   (Read More)
 
EMVCo reveals plans to extend specifications and testing programmes; NFCW
 
EMVCo is to launch an initiative to evaluate the role of wireless technologies not yet covered in its specifications — including Wi-Fi, ultra wideband (UWB), Bluetooth Low Energy (BLE) and mobile data — in creating “flexible and convenient payment experiences”, the technical body’s annual report reveals.   (Read More)
 
FBI to form digital currency unit, Justice Dept taps new crypto czar; REUTERS
 
The U.S. Justice Department has tapped a seasoned computer crimes prosecutor to lead its new national cryptocurrency enforcement team and announced on Thursday that the FBI is launching a unit for blockchain analysis and virtual asset seizure.   (Read More)

Apple submits plans to allow alternative payment systems in S.Korea - regulator; REUTERS
 
South Korea's telecommunications regulator said that Apple Inc (AAPL.O) had submitted plans to allow third-party payment systems on its App Store to comply with a law banning major app store operators from forcing software developers to use their payments systems.   (Read More)

Card industry faces $400B in fraud losses over next decade, Nilson says; Payments Dive
 
Card fraud over the next decade will cost the industry a collective $408.50 billion in losses globally, according to an annual report from the industry research firm Nilson Report. By 2030, when total payment card volume is expected to hit a whopping $79.14 trillion, the industry will lose an estimated $49.32 billion to fraud.   (Read More)
 
Over $10 billion was stolen in DeFi-related theft this year. Here’s how to protect yourself from common crypto scams; CNBC
 
It’s been a big year for digital assets. With growing interest in the space and mainstream acceptance, the value of the cryptocurrency market briefly surpassed $3 trillion in November, and top coins like bitcoin and ether hit all-time highs.  (Read More)
 
FinCEN Seeks Comments on Modernization of U.S. AML/CFT Regulatory Regime; Press Release
 
FinCEN is issuing a request for information (RFI) seeking comments on ways to streamline, modernize, and update the anti-money laundering and countering the financing of terrorism (AML/CFT) regime of the United States.  FinCEN is particularly interested in comments on ways to modernize risk-based AML/CFT regulations and guidance, issued pursuant to the Bank Secrecy Act (BSA) so that they, on a continuing basis, protect U.S. national security in a cost-effective and efficient manner.  Today’s RFI also supports FinCEN’s efforts to conduct a formal review of BSA regulations and related guidance, which is required by Section 6216 of the Anti-Money Laundering Act of 2020.  FinCEN will report to Congress the findings of the review, including administrative and legislative recommendations.     (Read More)

Payment Choice Act wins bipartisan backing; Payments Dive
 
New Jersey Democrat Rep. Payne is trying to preserve cash as a form of payment and collecting support across the aisle, even as the possibility of a U.S. digital dollar gains traction.   (Read More)
 
In a boon for the open banking industry, the FCA scraps ‘90-day’ rule; AltFi
 
Consumers will no longer need to reauthenticate permissions with Account Servicing Payment Service Providers every 90 days if accessing account information through a third-party provider.   (Read More)
 
Behind ‘Buy Now, Pay Later’ U.S. Boom, Federal Regulator Looms; Bloomberg
 
As more Americans are expected to purchase gifts through buy now, pay later services this holiday season, the nation’s consumer finance watchdog can turn to tools in existing law to soften the edges of the largely unsupervised industry.   (Read More)

FATF Crypto Guidance Looks to Bring Industry in Line With Banks; Coindesk
 
Global anti-money laundering (AML) agency the Financial Action Task Force (FATF) has released its updated guidance for firms that handle cryptocurrency and virtual assets.   (Read More)
 
BofA Launches Account Validation To Assist Clients With Fraud Prevention: Press Release
 
Bank of America announced the launch of Account Validation, a fraud prevention service for corporate and public sector clients. Prior to initiating an electronic credit or debit payment, a client using Account Validation, can verify the status of an account and authenticate the account owner. Account Validation is supported by Early Warning Services, LLC (EWS), a fintech company that provides identity, risk and payment solutions to financial institutions. Early Warning is owned by seven U.S. financial institutions, including Bank of America.   (Read More)
 
FBI Raids Chinese Point-of-Sale Giant PAX Technology; KrebsonSecurity
 
U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations.   (Read More)

LexisNexis® Risk Solutions Study Reveals Sharp Rise of Financial Crime Compliance Costs, Now Nearly $49.9 Billion Per Year for Financial Institutions in the United States and Canada; Press Release
 
LexisNexis® Risk Solutions revealed the results of its annual True Cost of Financial Crime Compliance Study for the U.S. and Canada. The total projected cost of financial crime compliance for the region in 2021 is approximately $49.9 billion, up 19% from 2020 and up 58% compared to 2019. The new edition of the survey illustrates the sharp increase in financial crime compliance costs, compared with both the pre- and early pandemic timeframes. This rise is attributed in part to labor costs, increasing regulations and evolving criminal threats.    (Read More)
 
Australia accredits Eftpos as its first private digital identity exchange; NFCW
 
The Australian government has accredited Eftpos as the first private sector digital identity exchange operator under the country’s Trusted Digital Identity Framework (TDIF), enabling the use of the payments network’s ConnectID solution across a wide range of online transactions that require digital ID verification.    (Read More)
 
China’s central bank says all cryptocurrency-related activities are illegal, vows harsh crackdown; CNBC
 
In a Q&A posted to its website, the People’s Bank of China said services offering trading, order matching, token issuance and derivatives for virtual currencies are strictly prohibited. Overseas crypto exchanges providing services in mainland China are also illegal, the PBOC said.    (Read More)

Australia considering new laws for Apple, Google, WeChat digital wallets; REUTERS
 
The Australian government is considering new laws that would tighten the regulation of digital payment services by tech giants such as Apple and Alphabet's Google.   (Read More)
 
UK to overhaul privacy rules in post-Brexit departure from GDPR; The Guardian
 
Britain will attempt to move away from European data protection regulations as it overhauls its privacy rules after Brexit, the government has announced.   (Read More)
 
EMVCo Publishes EMV® 3-D Secure UI/UX Guidelines; Press Release
 
Global technical body EMVCo has published EMV® 3-D Secure (EMV 3DS) UI/UX Design Guidelines to help card issuers, banks, merchants and solution providers optimise the EMV 3DS payment authentication experience for e-commerce consumers. The guidelines are publicly available on the EMVCo website in an easy-to-use interactive format.   (Read More)

Stripe Must Face Consumer Privacy Claims Over Data on Purchases; Bloomberg
 
Stripe Inc. must face claims from consumers that the payment processing platform invaded their privacy under California law by collecting data on purchases and sharing it with merchants and customers.    (Read More)
 
Oman to make it mandatory for all merchants to accept cashless payments; NFCW
 
All merchants and other commercial enterprises across the Sultanate of Oman will be obligated to offer customers the option of making cashless payments for goods and services from 1 January 2022.   (Read More)
 
BioCatch Enters Implementation Stage of Strong Customer Authentication (SCA) for Payment Services Directive (PSD)2, Launches SCA Compliance Awareness Events; Press Release
 
BioCatch, the global leader in behavioural biometrics announced it has entered the implementation stage of its offering that will enable financial institutions to leverage BioCatch’s behavioural biometric-based solution to support their journey to compliance with PSD2’s implementation of Strong Customer Authentication (SCA), a regulation that requires multi-factor authentication for online transactions. BioCatch’s behavioural biometrics industry best-practices solution improves banks and financial institutions’ customer experience by applying machine learning to provide superior consumer protection while reducing friction in the digital journey.   (Read More)

Eftpos rolls out secure digital identity exchange for Australian consumers; NFCW
 
Australia’s Eftpos national debit card system has launched a digital identity exchange solution that enables consumers to share personal information held by trusted digital ID providers in a wide range of use cases, from opening an online account and making online payments to accessing government services or providing proof of age.    (Read More)
 
VTB and Visa test 'pay-by-glance'; Finextra
 
Russia's VTB is working with Visa and a local fintech to let restaurant customers make payments by looking at a camera.   (Read More)
 
CFPB Provides Guidance on Unauthorized Transfers; Financial services Law Advisor
 
Recent technological developments in banking and other financial services, combined with the effects of the pandemic, have led consumers to increasingly adopt digital payment solutions. At the same time, reports of digital fraud1 and disputed electronic funds transfers (EFTs) are on the rise.   (Read More)

The financial pickle facing Elon Musk’s Las Vegas Loop system; TechCrunch
 
E-commerce is on the rise, but that also means the risk, and occurrence, of e-commerce fraud is, too. Now, Forter, one of the startups building a business to tackle that malicious activity, has closed $300 million in funding — a sign both of the size of the issue and its success in tackling it to date.    (Read More)
 
PayPal Turns to Arkose Labs for Online Fraud and Abuse Protection on Honey Platform; Press Release
 
Arkose Labs, provider of online fraud and abuse prevention technology, today announced a collaboration with PayPal to prevent security threats and fight fraud on its Honey shopping and rewards platform. Honey by PayPal is a suite of free tools to help people save time and money when shopping online. From notifying shoppers when a price drops on select items, to helping them find the lowest price, Honey provides shoppers with the information that they need to shop with confidence. Honey has helped millions of people find more than $1 billion in savings in the past year.    (Read More)
 
Sift to Acquire Chargeback, Providing Merchants With Complete Protection Against Payment Fraud; Press Release
 
Sift, the leader in Digital Trust & Safety, announced that it has signed a definitive agreement to acquire Chargeback, the pioneer in real-time dispute management for merchants. The two companies are coming together as both e-commerce growth and payment fraud are accelerating, and as the Fraud Economy—the sophisticated and interconnected network of cybercriminals and their methods—has rapidly expanded.    (Read More)

China Warns Large Tech Firms as Industry Faces Rising Oversight; The Wall Street Journal
 
China is reining in the ability of the country’s internet giants to use big data for lending, money-management and similar businesses, ending an era of rapid growth that authorities said posed dangers for the financial system.  (Read More)
 
Are you sure about the safety of that QR code? Techradar.pro
 
It is predicted that by 2022, over five billion QR codes will have been scanned or accessed by mobile devices.  A QR code is an additional form of contactless communication that, once scanned, either relays information or directs an individual to another online source, website or application. QR code adoption has increased with the contactless way of life that many of us have had to adjust to, especially during the worldwide pandemic.   (Read More)
 
NFC Forum releases specifications for secure data transfer between NFC devices; NFC World
 
The NFC Forum has released two specifications that set out a standardised cryptographic framework for enabling secure data transfer between NFC mobile devices and the development of applications using a secure communications channel between paired NFC devices.   (Read More)

FTC shuts down savings app Beam under tentative settlement; CNBC
 
Beam the mobile savings app that imploded last year after a CNBC investigation revealed dozens of customers were unable to get their money out has been shut down for good under a tentative settlement with the Federal Trade Commission.   (Read More)
 
China proposes global rules for central bank digital currencies; REUTERS
 
China proposed a set of global rules for central bank digital currencies on Thursday, from how they can be used around the world to highly sensitive issues such as monitoring and information sharing.   (Read More)
 
Huawei gains payment license after latest acquisition; KrASIA
 
Huawai has gained a mobile payment license in China after buying Shenzhen Xunlian Zhifu Network from Shanghai Wo Rui Ou Information Technology Co., Ltd., China Securities Journal reported on Sunday.   (Read More)

SMEs can now use facial recognition to apply for DBS online banking accounts; The Straits Times
 
SINGAPORE - Small and medium-sized enterprise (SME) owners now simply need to face a camera to authenticate and verify their information while setting up a corporate account online with DBS Bank.   (Read More)
 
The Federal Reserve suffers widespread disruption to payment services; CNN Business
 
New York (CNN Business) The Federal Reserve suffered a widespread disruption in multiple payment services Wednesday, including a system that banks and businesses rely on to zip trillions of dollars around the financial system each day.   (Read More)
 
LexisNexis Risk Solutions Cybercrime Report Finds Young Adults and Adults Over 75 Most Vulnerable to Fraud Attacks; Press Release
 
LexisNexis® Risk Solutions released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for cybercriminals around the world, particularly as they targeted new online users. Analysis shows that the under 25 age group is most vulnerable to fraud attacks while the oldest age group is second most vulnerable and loses the most money. The stark risk at both ends of the age spectrum emphasizes the importance for companies to protect both new-to-digital and vulnerable customers when transacting online in 2021. The report also provides a full year review which highlights how 2020 saw an overall decline in human-initiated attacks, while bot attacks accelerated.     (Read More)

Google will soon allow gambling apps on the Play Store in the US; engadget
 
Android users in regions other than the UK, Ireland, France and Brazil will soon be able to find and download real-money gambling apps from the Play Store. Google has updated its program policy allowing apps that “enable or facilitate online gambling” in 15 more countries, including the US, starting on March 1st. In addition to making gambling applications available on the Play Store, the change in policy will also allow ads promoting real-money gambling to be served to users in those regions.   (Read More)
 
BNP Paribas to offer biometric payment cards to premier card customers; NFCW
 
BNP Paribas Visa Premier card customers will soon have the option of upgrading to a biometric payment card for an additional fee of €24 (US$29) a year, the French bank has revealed.   (Read More)
 
Payment Innovation: You Can Now Track International Payments Like Parcels; The FinTech Times
 
iBanFirst, a global financial services provider delivering solutions across banking borders, has launched its ‘Payment Tracker’ – a real-time payment-tracking service that sets new transparency standards for the payments industry. Rolled out to both payers and payees, this unique feature provides live updates on the status of international payments at any stage of the fund transfer process. The ‘Payment Tracker’ also highlights potential roadblocks or delays along the payment’s journey.   (Read More)

Mastercard Loses $18.6 Billion Class Action Court Ruling; Bloomberg
 
Mastercard Inc. faces the prospect of a 14 billion-pound ($18.6 billion) U.K. class action -- the largest of its kind -- after losing another battle at the country’s highest court over illegal swipe fees.   (Read More)
 
Banks See Billion-Dollar Cyber Costs Soaring Even Higher in 2021; Bloomberg
 
Big banks and other financial firms predict the cost of warding off cyber criminals will keep climbing in 2021 as they work to secure digital financial services popularized by the pandemic.  (Read More)
 
UPDATE 2-Indian central bank committee recommends reshaping domestic banking industry; REUTERS
 
A working group at India’s central bank has recommended a series of changes that could transform the country’s banking landscape by paving the way for large industrial conglomerates to set up banks.  (Read More)

COVID-19 spurred a rise in FinTech. Now regulators are catching up; World Economic Forum
 
COVID-19 has accelerated the digitization of everything from education to the workplace to grocery shopping. The financial services industry is no exception to this, with financial technology (fintech) playing a critical role in reducing coronavirus risks associated with exchanging cash, helping micro, small and medium enterprises (MSMEs) and supporting financial inclusion in developing markets during the pandemic and beyond.   (Read More)
 
Mastercard Partners with Atlantis to Expand Digital First Program in India; Press Release
 
Addressing the growing demand for digital payment solutions for everything, from buying coffee to ordering groceries, Mastercard today in partnership with Atlantis announced the expansion of the Digital First Program in India. Mastercard is partnering with Atlantis, a financial technology company headquartered in Singapore, to provide users with a technology solution that will enable them to enjoy a best-in-class digital banking experience.   (Read More)
 
QR Codes Reach the Next Stage of Development for Payments: Fraud Detection; Digital Transactions
 
With merchant adoption of contactless payment solutions accelerating due to the Covid-19 pandemic, Incognia, a provider of fraud-detection applications, announced an app Tuesday to detect Quick Response code fraud.   (Read More)

Real demand for open banking as user numbers grow to more than two million; Open Banking
 
The Open Banking Implementation Entity (OBIE), the body set up by the Competition and Markets Authority (CMA) to deliver open banking in the UK, has today announced that over two million customers are now using open banking-enabled products*. This represents a significant upswing in the use of the innovative banking technology despite the disruptive effects of the COVID-19 pandemic.   (Read More)
 
JPMorgan Chase Rolls Out New Digital Hub, Tools to Protect Businesses Against Fraud; Press Release
 
Access to reliable online security has never been more critical for businesses today. In fact, 81% of business owners experienced payments fraud last year, according to a recent survey by J.P. Morgan and the Association for Financial Professionals (AFP®). To help businesses protect against potential threats, JPMorgan Chase today introduced Fraud Protection Services, a new digital hub with enhanced fraud prevention tools that helps small and mid-sized clients protect their businesses and manage money safely.   (Read More)
 
Shopify says two support staff stole customer data from sellers; TechCrunch
 
Shopify has confirmed a data breach, in which two “rogue members” of its support team stole customer data from at least 100 merchants. In a blog post, the online shopping site said that its investigation so far showed that the two employees, who have since been fired, were “engaged in a scheme to obtain customer transactional records of certain merchants.”   (Read More)

North Korean hackers ramp up bank heists: U.S. government cyber alert; Reuters
 
North Korean hackers are tapping into banks around the globe to make fraudulent money transfers and cause ATMs to spit out cash, the U.S. government warned on Wednesday.   (Read More)
 
New ACI Worldwide Data Shows Nearly 50 Percent of Major Fuel Merchants are Currently Unprepared to Meet Extended EMV Deadline; Press Release
   
New data from ACI Worldwide, a leading global provider of real-time digital payment software and solutions, highlights that as of July 2020, nearly 50 percent (47%) of major fuel merchants are unprepared to meet EMV automated fuel dispenser (AFD) compliance by the new April 2021 deadline (extended from October 2020) with less than half their stores fully upgraded. The survey indicated that 33 percent are unlikely to meet the April 2021 deadline, at which point fraud liability is expected to shift from card issuers to fuel merchants.  (Read More)
 
GIACT® Releases Report on Securing Faster Payments, Account Validation; Press Release
 
GIACT®, the leader in helping companies positively identify and authenticate customers, today announced a new report, Securing Faster Payments: Addressing the Account Validation Rule, on the rapid growth of ACH payments, the latest fraud trends surrounding faster payments as well as how to secure ACH transactions. The report comes in advance of Nacha's upcoming WEB Debit Account Validation Rule, slated to take effect on March 19, 2021, and serves as a guide on how to apply proper account validation measures.  (Read More)

Exclusive: India found cybersecurity lapses at National Payments Corp in 2019 - government document; Reuters
 
NEW DELHI (Reuters) - A government audit of India’s flagship payments processor last year found more than 40 security vulnerabilities including several it called “critical” and “high” risk, according to an internal government document seen by Reuters.   (Read More)
 
Is Your Chip Card Secure? Much Depends on Where You Bank; KrebsonSecurity
 
Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.    (Read More)
 
Leading Canadian Financial Services Firms Moving to Adopt the FDX Technical Standards for Secure Financial Data Sharing: Press Release
 
Financial Data Exchange, LLC (FDX) has officially launched in Canada, with 31 organizations leading the country’s financial services ecosystem in joining FDX and taking part in its mission to develop a secure, common, interoperable, flexible and royalty-free industry standard for financial data sharing.    (Read More)

Apple’s App Store Rules Scrutinized in U.S. Antitrust Probe; Bloomberg
 
About a year into a U.S. antitrust investigation of Apple Inc., Justice Department lawyers are scrutinizing rules that require many app makers to use the company’s payment system, according to people familiar with the matter.   (Read More)
 
Wirecard auditors face legal action after collapse of scandal-hit payments firm; CNBC
 
The German shareholders’ association SdK said Friday that it had filed a criminal complaint against auditors at EY. SdK’s complaint targets two current employees and one former employees of Wirecard’s long-time auditor.   (Read More)
 
Brazil suspends WhatsApp's new payments system; Reuters
 
Brazil’s central bank effectively suspended a newly-launched system allowing users of Facebook Inc’s WhatsApp messaging service to send money via chats, ordering Visa and Mastercard to halt payments and transfers via the system.  (Read More)

Google confirms new voice-confirmation feature for purchases in Assistant; Android Police
 
A new setting to allow Voice Match to confirm purchases made through the Google Assistant has been spotted in the Assistant's Payments and Security settings pane. We've confirmed with Google that the new feature is part of an early but limited pilot that allows you to authorize purchases in a handful of categories with just your voice via the Assistant. Piles of Google's support documents have been recently updated to reference the feature.   (Read More)
 
WorldRemit Partners With Onfido to Deliver a Simple, and Faster Verification Process for Customers; Press Release
 
WorldRemit has today announced a new partnership with Onfido, the global identity verification and authentication company, to make it easier and quicker for customers to open an account with WorldRemit, to send money abroad.     (Read More)
 
Experian Announces Breakthrough Solution in the Fight Against Synthetic Identity Fraud; Press Release
 
To combat a growing threat that’s expected to drive $48 billion in annual online payment fraud losses by 2023,1 Experian® today announced the launch of Sure Profile™. Experian is the first company with an offering to combat synthetic identity fraud that is integrated into the credit profile with market-leading assurance. With Sure Profile, Experian is putting “skin-in-the-game” by sharing fraud losses with the lender if the losses occur on assured profiles.    (Read More)

Treasury Plans to Reclaim Stimulus Payments Sent to Deceased; Bloomberg
 
The U.S. Treasury Department is planning to instruct people whose deceased relatives received coronavirus stimulus payments to return the money to the federal government, according to a department spokesman.   (Read More)
 
Federal Reserve Board announces interim final rule to delete the six-per-month limit on convenient transfers from the "savings deposit" definition in Regulation D; Federal Reserve
 
The Federal Reserve Board on Friday announced an interim final rule to amend Regulation D (Reserve Requirements of Depository Institutions) to delete the six-per-month limit on convenient transfers from the "savings deposit" definition. The interim final rule allows depository institutions immediately to suspend enforcement of the six-transfer limit and to allow their customers to make an unlimited number of convenient transfers and withdrawals from their savings deposits at a time when financial events associated with the coronavirus pandemic have made such access more urgent.    (Read More)
 
Monzo leapfrogs Revolut by applying for US banking licence; The Telegraph
 
Monzo has applied for a banking licence in the US, a key step in the journey to being able to offer its full range of banking services in the country.     (Read More)

Russian banks act to decontaminate cash; finextra

Russian authorities have moved to limit the number of banknotes in circulation and push consumers into using digital payments in an effort to control the spread of Covid-19.      (Read More)

Russians Shut Down Huge Card Fraud Ring; KrebsonSecurity
 
Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade. (Read More)
 
Singapore, Australia to collaborate on digital economy initiatives; ZDNet
 
Singapore and Australia have wrapped up negotiations on a digital economy pact that will see both nations collaborate on multiple fronts, including artificial intelligence (AI), cross-border data flow, and e-payments. The trade agreement aims to provide a framework to facilitate "deeper cooperation" to "shape" international rules and establish interoperability between digital systems.      (Read More)

New German legislation allows access to the iPhone's NFC antenna; Bird&Bird
 
As part of the implementation of the fifth Anti-Money Laundering Directive (AMLD5), the German Parliament has decided to require providers of technical infrastructures, such as Apple in relation to the Near Field Communication (NFC) antenna contained in iPhones, to grant access to those technical infrastructures to payment service providers (PSPs). This new legal requirement is applicable since 1 January 2020.    (Read More)
 
Fintech has finally cracked the US banking sector; Quartz
 
Varo Money is poised to become a full-fledged bank, making it the first of a new wave of fintech upstarts to win that approval in the US. The company’s long and expensive journey through a thick barrier of regulation is a reason why America’s banks have repelled the tech disruption sweeping through other industries.    (Read More)
 
CDR Rules formalise open banking data standards - Banks will share your data from 1 July; ACS Informationage
 
Momentum is finally building for the July 1 introduction of transformative Consumer Data Right (CDR) legislation after the Australian Competition and Consumer Commission (ACCC) released detailed guidelines about the information banks will be required to give you when you ask for it.   (Read More)

Plan Now to Attend the First U.S. Security Conference Dedicated to the ATM Channel; Press Release
 
In recognition of the need for increased collaboration and a venue for sharing new ideas and technologies, ATMIA and the ATM Security Association (ASA) will jointly host the first-ever ATMIA U.S. Security 
 
Conference.  Plan now to join your industry colleagues June 10-11, 2020 at the Hilton Minneapolis, in Minneapolis, MN.  Although the focus will be on the U.S. ATM security landscape, emerging threats and global concerns will be incorporated into the agenda.       (Read More)
 
A thousand EU financial firms plan to open UK offices after Brexit; Fintech Futures
 
More than a thousand banks, asset managers, payments companies and insurers in the European Union plan to open offices in post-Brexit Britain so they can continue serving UK clients, according to the regulatory consultancy, Bovill in a statement issued on Monday.   (Read More)
 
IDology's ExpectID to Offer Integrated Global Capabilities, Enabling Secure and Frictionless Identity Verification Across Borders; Press Release
 
IDology, a GBG company, today announced that its ExpectID solution will incorporate additional countries from North America, South America and Europe. By internationalizing the leading identity verification platform, multi-national organizations will be able to verify and authenticate more customers safely, in real time and without friction.      (Read More)

On the First Day of Christmas Shopping, the Bots Came to Town in Droves; Digital Transactions
 
Bots operated by criminals did more than leave lumps of coal for merchants and consumers this holiday shopping season. During Black Friday week, criminals used mobile devices to create new accounts to mimic new customers and initiate transactions through an established and seemingly genuine account, according to LexisNexis Risk Solutions.   (Read)
 
Eye on Gas Stations: Networks Reject Delay in EMV Liability Shift; Visa Warns of Malware Attacks; Digital Transactions
 
Gas stations and convenience stores won’t be getting an extension of the upcoming October 2020 fuel-pump EMV liability shifts, according to a merchant trade group. Meanwhile, Visa is warning of malware-based attacks against fuel retailers that invade their point-of-sale systems.   (Read)
 
Airport and Payment Facial Recognition Systems Fooled by Masks and Photos, Raising Security Concerns; Fortune
 
Masks and simple photographs are enough to fool some facial recognition technology, highlighting a major shortcoming in what is billed as a more effective security tool.     (Read)

Anti-money laundering software startup TookiTaki raises $11.7 million in additional Series A funding; TechCrunch
 
TookiTaki, a startup that develops machine learning-based financial compliance software, announced today it has raised a $11.7 million in additional Series A funding, led by Viola Fintech and SIG Asia Investment, with participation from Normura Holdings. Existing investors Illuminate Financial, Jungle Ventures and SEEDs Capital also returned for the extension, which brings TookiTaki’s total Series A (first announced in March) to $19.2 million.   (Read More)
 
Hidden Cam Above Bluetooth Pump Skimmer; Krebs on Security
 
Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices.   (Read More)
 
Payment Card Fraud Losses Reach $27.85 Billion; Press Release
 
Fraud losses worldwide reached $27.85 billion in 2018 and are projected to rise to $35.67 billion in five years and $40.63 billion in 10 years according to The Nilson Report, the leading global card and mobile payments trade publication.     (Read More)

iovation Financial Services Report: Fraudsters Go Mobile 50% of Time, Security and Privacy Drive Consumer Banking Choices; Press Release
 
iovation, a TransUnion (NYSE:TRU) company, today announced the results of its “2019 Financial Services Fraud and Consumer Trust Report” at Money 20/20 USA. The report includes the analysis of tens of billions of global online financial services transactions that iovation and TransUnion have screened for fraud, as well as a survey of 1,604 consumers.   (Read More)
 
American Cancer Society’s online store infected with credit card stealing malware; TechCrunch
 
The American Cancer Society’s online store has become the latest victim of credit card-stealing malware. Security researcher Willem de Groot found the malware on the organization’s store website, buried in obfuscated code designed to look like legitimate analytics code. The code was designed to scrape credit card payments from the page, like similar attacks targeting British Airways, Ticketmaster, AeroGarden and Newegg.   (Read More)
 
Cachet Financial Reeling from MyPayrollHR Fraud; KrebsonSecurity
 
When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.  (Read More)

The Gift-Card Budget; The Atlantic
 
Brenda Mayrack never intended to become an unclaimed-property czar. Even among legal specialties, the field is particularly obscure: During law school at the University of Wisconsin, she remembers hearing only a 10-minute lecture introducing the topic at the end of her trusts-and-estates class. But as the director of Delaware’s unclaimed-property office, Mayrack now oversees a fund of $540 million a year, forgotten by people from Paris to San Francisco and then held temporarily by the state.   (Read More)
 
The spy in your wallet: Credit cards have a privacy problem; The Washington Post
 
In a privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data.    (Read More)
 
RBI to ease two-factor authentication for recurring payments up to Rs 2,000; ENTRACKR
 
The Reserve Bank of India (RBI) released a circular yesterday, allowing the processing of e-mandate on all kinds of cards (debit, credit) Prepaid Payment Instruments (PPIs), including wallets recurring payments of low values. This will allow users to give standing instructions to service providers to charge their credit/debit cards or PPIs without additional authentication    (Read More)

Bitpoint Exchange Hacked for $32 Million in Cryptocurrency; Coindesk
 
According to a CoinDesk Japan report on Friday, Bitpoint halted all services including trading, deposit and withdrawal of all crypto assets on Friday morning after it noticed irregular withdrawal from its hot wallet on Thursday.  (Read More)
 
Federal Reserve System White Paper Examines the Effects of Synthetic Identity Payments Fraud; Press Release
 
Synthetic identity payments fraud is a fast-growing but little-understood problem that affects individuals, financial institutions, government agencies, and private industry. The severity of this type of fraud is documented in a new white paper (PDF) released today by the Federal Reserve System.  (Read More)
 
Brits care more about online payment security than convenience; Press Release
 
Two thirds (66%) of people rate safe and secure payments as most important in the online checkout process, with only one in ten being most concerned about speed or simplicity. Security ranked highest across all age groups, and was a particular concern for over 55s (75%) compared to just over half of 18-24 and 25-34 year old’s (52% and 53% respectively).   (Read More)

Alleged Cybercrime Kingpin Who Tried To Steal $100 Million From 44,000 PCs Charged; Forbes
 
A cyber kingpin who masterminded a criminal conspiracy that broke into 44,000 computers and likely stole millions of dollars has been apprehended, the FBI and global law enforcement partners claimed Thursday morning.  (Read More)
 
New research: How Effective is Basic Hygiene at Preventing Hijacking; Google Security Blog
 
Every day, we protect users from hundreds of thousands of account hijacking attempts. Most attacks stem from automated bots with access to third-party password breaches, but we also see phishing and targeted attacks. Earlier this year, we suggested how just five simple steps like adding a recovery phone number can help keep you safe, but we wanted to prove it in practice. (Read More)
 
GDPR Hits One-Year Mark: Time to whip your compliance strategy into shape; Chain Store Age
 
After massive data breaches at some of the largest retailers, more than 70% of U.S. shoppers are worried about how brands use and collect their personal data. But while tech giants, like Facebook and Google, are under a strict microscope to comply with consumer privacy and law enforcement, other companies have flown under the radar.  (Read More)

Alipay to Spend USD448 Million Plugging New Face Scanner; YiCaiGlobal
 
Ant Financial's ubiquitous mobile payment platform Alipay has launched its latest facial recognition tool and said it plans to spend CNY3 billion (USD448 million) promoting the new system across China.  (Read More)
 
India expected to surpass the UK for second place in payment card fraud; ZDNet
 
Due to a booming cybercrime scene, India is expected to surpass the UK in 2019 and become the second-most targeted country for payment card fraud, behind the undisputed leader, the US.  (Read More)
 
NatWest unveils biometric payment system for businesses; CNBC
 
NatWest has launched biometric payment approval technology for business and commercial customers. The bank said the system enabled its customers to make payments, via an app, using Apple’s Face ID or Touch ID. (Read More)

Three Things Every Payments Professional Needs to Know About PSD2; TechNative
 
If 2018 was the year of GDPR, 2019 is the year of European Payment Services Directive (PSD2) – particularly for those working in the payments, banking or retail sectors.  (Read More)
 
Bountiful Stolen Personal Data Fuels Unrelenting Online Fraud Attacks, Forter Says; Digital Transactions
 
How bad is the problem? Fraud grew in 2018 in every online merchant segment tracked by New York City-based Forter. Fraud attacks increased 79% for food-and-beverage merchants, followed by electronics at 73%; digital goods, 66%; apparel and accessories, 47%; and at 19% each for jewelry and luxury, and travel.  (Read More)
 
How hackers pulled off a $20 million bank heist; ARS Technical's
 
In January 2018 a group of hackers, now thought to be working for the North Korean state-sponsored group Lazarus, attempted to steal $110 million from the Mexican commercial bank Bancomext. That effort failed. But just a few months later, a smaller yet still elaborate series of attacks allowed hackers to siphon off 300 to 400 million pesos, or roughly $15 to $20 million from Mexican banks. Here's how they did it.  (Read More

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions; Krebs-on-Security
 
A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.  (Read More)
 
A Devilishly Clever Trojan Plagues Banks, Card Issuers, Online Retailers, And Many More, IBM Says; Digital Transactions
 
As if retailers and merchants didn’t have anything else to worry about, a malware threat called IcedID wants to set itself off as a special type, says a researcher at IBM Corp.  (Read More)
 
Zcash Discloses Vulnerability That Could Have Allowed 'Infinite Counterfeit' Cryptocurrency; Fortune
 
On March 1 of last year, Ariel Gabizon was tidying up a presentation he was preparing to deliver the following day at a financial cryptography conference on the Caribbean island of Curaçao when he spotted a seemingly small mathematical mistake that could, he realized, jeopardize billions of dollars in capital.   (Read More)

Apple Phone Phishing Scams Getting Better; KrebsonSecurity
 
A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.  (Read More)
 
The era of astronomical credit card rewards is waning; Quartz
 
At first glance, the credit card points game seems like an equitable exchange. By repeatedly using certain cards, consumers get rewarded in the form of points to book free flights, rewards like airport lounge access, and bonuses in the form of tens of thousands of points when they meet a minimum spend. Banks and card providers get more big-spending consumers, who end up paying more annual fees, interest charges, and transaction fees. (Read More)
 
FTC Hearings #9: Data Security
 
The ninth FTC hearing on Competition and Consumer Protection in the 21st Century took place last week at the Constitution Center and focused on data security. The two day hearing addressed a range of topics in data security with presentations and panels on data breaches, incentives to invest in data security, consumer demand for data security, the U.S. approach to consumer data security, and FTC data security enforcement.  (Read More)

The 21 of the biggest data breaches that companies faced this year; Business Insider
 
t seems like every week, a new company has to notify its customers that their data may have been compromised, and personal information may have been affected. Data breaches can happen for a variety of reasons. Some companies are hacked. Data can be mishandled or sold to third parties. Holes in a website's security system can leave information unprotected. (Read More)
 
Is Facial-Recognition Technology Hurting Apple Pay? Digital Transactions
 
Adoption and usage rates for the mobile wallets from Apple Inc., Alphabet Inc. (Google), and Samsung Electronics Co. Ltd. have been far from stellar, but now evidence is emerging that Apple’s decision a year ago to ditch fingerprint identification on its newest smart phones in favor of facial-recognition technology could be making it even harder for Apple Pay to win mass consumer acceptance.  (Read More)
 
Risk, fintechs and regs spark real-time payment reforms in U.K. PaymentsSource
 
The rise of digital payments, new non-bank competition, fraud challenges, a need for improved resilience and the changed regulatory environment are spurring two major updates to the U.K.'s faster payments system. (Read More)

E-commerce site is infected not by one, but two card skimmers; ARS Technica
 
Payment card skimming that steals consumers’ personal information from e-commerce sites has become a booming industry over the past six months, with high-profile attacks against Ticketmaster, British Airways, Newegg, and Alex Jones’ InfoWars, to name just a few. In a sign of the times, security researcher Jérôme Segura found two competing groups going head to head with each other for control of a single vulnerable site.  (Read More)
 
Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims; RISKIQ
 
On September 6th, British Airways announced it had suffered a breach resulting in the theft of customer data. In interviews with the BBC, the company noted that around 380,000 customers could have been affected and that the stolen information included personal and payment information but not passport information.   (Read More)
 
ATM hacking report: Scenarios from 2018 ATM hacks; Payments Cards & Mobile
 
In January 2018, the US Secret Service, as well as major ATM vendors Diebold Nixdorf and NCR, issued urgent warnings about the threat of ATM hacking and attacks. These warnings were notable because of the nature of the threat: criminals were said to be planning to plant malware on ATMs or connect special devices to control cash dispensing.   (Read More)

ASC X9 Launches New Security Study Groups on Public Key Infrastructure (PKI) and Transport Layer Security (TLS); Press Release
 
The Accredited Standards Committee X9 Inc. (X9) has formed new study groups that aim to improve security and safeguard privacy for the financial services industry in two related areas: one will look into issues regarding Public Key Infrastructure (PKI) Certificate Authorities and the other will research concerns related to use of the Transport Layer Security (TLS) protocol. Participants in both new initiatives are sought.  (Read More)
 
As an E-Commerce Payment Spec Goes out for Comment, ‘Commercial Applications’ Could Emerge by Early Spring; Digital Transactions
 
With a major new—and somewhat controversial—e-commerce standard now entering a 45-day comment phase, the payments industry is likely to have at least some “commercial applications” ready by early spring, the top executive in charge of Visa Inc.’s implementation tells Digital Transactions News.  (Read More)
 
Verifone Introduces the First PCI-Compliant Full Touchscreen Feature for the Blind and Visually Impaired; Press Release
 
Verifone today announced the introduction of Navigator, the first-of-its-kind payment feature with a fully integrated touchscreen to earn certification for accessibility and usability by the Royal National Institute of Blind People (RNIB), a United Kingdom-based charity. Further, Navigator meets PCI requirements – an information security standard mandated and administered by the Payment Card Industry Security Standards Council to reduce credit card fraud.  (Read More)

Crowdfunding platform Indiegogo turns to Onfido for ID verification tech; Fintech Futures
 
Indiegogo has turned to identity verification specialist Onfidoto help keep its crowdfunding platform fraud-free, reports David Penn at Finovate.   (Read More)
 
Paytm is testing face recognition tool for payments; Economic Times 
 
If Apple taught Indian consumers to unlock its new phones with a twitch of their eyes, Paytm is working on introducing facial recognition to enable digital payments.   (Read More)
 
Credit Freezes are Free: Let the Ice Age Begin; Krebs-on-Security
 
It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history.   (Read More)

PCI SECURITY STANDARDS COUNCIL UPDATES PIN SECURITY STANDARD; Press Release 
 
The PCI Security Standards Council (PCI SSC) published PCI PIN Security Requirements and Testing Procedures version 3.0, the PCI Security Standard for the secure management, processing and transmission of PIN data at ATMs and attended and unattended point-of-sale (POS) terminals. PCI SSC is also developing a program to train and qualify security assessors to support implementation of the PCI PIN Security Standard, to be available in 2019. (Read More)
 
The U.S. Treasury Fintech Report and the OCC Fintech Announcement: What They Mean for Banks and Fintechs; Wolters Kluwer
 
On July 31, 2018, the U.S. Treasury released its 223-page report on Nonbank Financial, Fintech and Innovation (the “Treasury Fintech Report”).[1] And on the same day, the Office of the Comptroller of the Currency (the “OCC”) announced that it was accepting applications for special purpose national bank charters from fintechs.  (Read More)

Barclays Seeks Twin Blockchain Patents for Banking Services; coindesk
 
The U.S. Patent and Trademark Office published two applications by the U.K.'s second-largest bank Thursday, both of which revolve around account security. Perhaps most notably, however, was an application for a patent which outlined a blockchain-platform which could facilitate cryptocurrency transfers. The bank also proposed streamlining know-your-customer processes by storing identifying information on a private blockchain.    (Read More)
 
PayPal's Venmo App Exposes Most Transactions via Its API; Bleeping Computer
 
The vast majority of Venmo transactions are being logged in a public API accessible to anyone, according to the recent investigation of a privacy advocate.
The reason this happens is because the Venmo app's default settings are set to "Public" for all users.       (Read More)
 
IBM studies data breach impact; Mobile Payments Today
 
The study found that hidden costs in data breaches — e.g., lost business, negative impact on reputation and employee time spent on recovery — can be a huge factor. In a "mega breach" of 1 million or more records, one-third of the cost derived from lost business.       (Read More)

Worldpay Tests Dynamic CVV Cards in Anticipation of Broader Availability; Digital Transactions
 
Worldpay Inc. is adding another tool for financial institutions in their efforts to curtail the pricey and nuisance-laden aftereffects of rampant data breaches. The company’s solution comes in the form of credit and debit cards that use a dynamic card-verification value.    (Read More)
 
Wells Fargo Bans Cryptocurrency Purchases on Its Credit Cards; Bloomberg
 
Wells Fargo joins Citigroup Inc., JPMorgan Chase & Co. and Bank of America Corp., which limited cryptocurrency purchases on their credit cards in February, citing market volatility and credit risks. Lenders have said they’re worried they’d be left on the hook if a borrower lost money on a digital currency bet and couldn’t repay.    (Read More)
 
Retailers and ATM Networks Form New Coalition to Address Payments Security; Press Release
 
The National Retail Federation, other retail groups and two of the nation’s best-known ATM networks announced today that they have formed a new coalition intended to improve the security of the U.S. electronic payments system ranging from credit and debit cards to emerging technology.     (Read More)

CanPay Continues To Blaze Cannabis Trail With Ecommerce Integration; Press Release
 
CanPay, the first legitimate debit payment solution for the cannabis industry, today announced it processes ecommerce payments, bringing greater convenience, safety, and efficiencies to retailers and their customers. In addition to expanding payments online, CanPay has doubled the number of states it operates in nationwide to 14, including New York, Pennsylvania, Massachusetts, New Hampshire, Michigan and New Mexico, serves 10's of thousands of users across 120 retail dispensaries, and integrates with leading POS systems OMMPOS and LeafLogix.   (Read More)
 
Future Apple biometric security may include scanning veins in a user's face; appleinsider
 
Apple's Face ID could become even more secure in the future, after the revelation the iPhone X producer has explored the possibility of scanning the pattern of veins in a user's face as another form of biometric authentication, one that could potentially tell identical twins apart.  (Read More)
 
Supreme Court strikes down sports betting ban: What happens next; Yahoo Finance
 
On Monday, the Supreme Court struck down the Professional and Amateur Sports Protection Act (PASPA), the 1992 federal law that banned sports betting basically everywhere in America other than Nevada. In a 6-3 decision in the case of Murphy vs NCAA et al, the court deemed PASPA unconstitutional.  (Read More)

An old law brings a fresh compliance challenge to faster payments; PaymentsSource
 
Article 4A of the Uniform Commercial Code does not govern debit transactions or consumer transactions, but understanding Article 4A is crucial to understanding electronic transfers.   (Read More)
 
Stripe debuts Radar anti-fraud AI tools for big businesses, says it has halted $4B in fraud to date; TechCrunch
 
Cybersecurity continues to be a growing focus and problem in the digital world, and now Stripe is launching a new paid product that it hopes will help its customers better battle one of the bigger side-effects of data breaches: online payment fraud. Today, Stripe is announcing Radar for Fraud Teams, an expansion of its free AI-based Radar service that runs alongside Stripe’s core payments API to help identify and block fraudulent transactions.   (Read More)
 
FICO Amplifies Financial Crime Protection with New Suite of Solutions; Press Release
 
At its FICO® World 2018 conference in Miami Beach, analytics software firm FICO unveiled several solution upgrades that will help banks, lenders, fintechs and other institutions fight financial crime. These solutions bring unparalleled efficiency and machine learning capabilities to fraud, risk and compliance professionals.     (Read More)

Anti-Fraud Specialist Ethoca Rolls out a Tripartite Defense Against E-Commerce Chargebacks; Digital Transactions
 
The rising problem of e-commerce fraud and related issues like false declines is prompting anti-fraud software companies to roll out solutions. On Thursday, Ethoca Inc. launched a new service with three lines of defense that the Toronto-based company says can potentially eliminate 90% of e-commerce chargebacks.    (Read More)
 
The peculiarities of the US financial system make it ideal for money laundering; QUARTZ
 
The lifeblood of criminal enterprises all over the world is revenue. Money fuels terrorists, transnational criminal organizations, and crooked kleptocrats. These criminals need to launder their ill-gotten gains. Although this dirty money often comes from the most corrupt, unstable countries in the world, it often ends up—ironically—in the United States.    (Read More)
 
PCI Council Cuts Its QIR Program Fee And Shortens Training Time; Digital Transactions
 
The PCI Security Standards Council is making changes to its qualified integrators and resellers certification program by reducing the fee to $100, making the certification an individual one, and shortening the training-course time, the council announced Wednesday.    (Read More)

Chase ‘Glitch’ Exposed Customer Accounts; Krebs on Security
 
Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by an internal “glitch” Wednesday evening that did not involve any kind of hacking attempt or cyber-attack.   (Read More)
 
Fingerprint Cards introduces new generation fingerprint sensor; Cards International
 
The new single-chip, single-die solution eliminates the need for a companion chip while delivering the performance benefits of the dual-chip platform.    (Read More)
 
U.S. Treasury says Latvian bank commits "institutionalized money laundering"; LMS.LV
 
The extraordinary speech by Treasury Under Secretary Sigal Mandelker in front of the Securities Industry and Financial Markets Association Anti-Money Laundering & Financial Crimes Conference in New York went on to say; "ABLV has institutionalized money laundering as a pillar of the bank’s business practices. Illicit financial activity at the bank includes transactions for parties connected to UN-designated entities, some of which are involved in North Korea’s procurement or export of ballistic missiles. In addition, ABLV has facilitated transactions for corrupt politically exposed persons and has funneled billions of dollars in public corruption and asset stripping proceeds through shell company accounts.  ABLV failed to mitigate the risk stemming from these accounts, which involved large-scale illicit activity connected to Azerbaijan, Russia, and Ukraine."    (Read More)

Aadhaar adds fresh security layer with 16-digit ‘Virtual ID'; The Times of India
 
Unique Identification Authority of India (UIDAI) on Wednesday unveiled a fresh layer of security — a 'Virtual ID' to prevent your Aadhaar from being shared — as it sought to address privacy and security concerns. It also added a safety feature to ensure only need-based sharing of information, by way of a limited KYC, even as it asserted that the system and data were safe.    (Read More)
 
The rise in mobile technology and the quest for verifiable identities; The Paypers
 
An impenetrable layer of trust needs to be built into digital devices so that businesses and consumers can trust each other online as easily as we do face-to-face. With two-thirds of the global population owning mobile phones, it’s one of the most rapidly growing technologies, making it more important than ever for mobile and online transactions to promote privacy and financial inclusion.   (Read More)
 
iOS Security Update – January 2018; Press Release
 
Updated Apple iOS Security white paper for January 2018 adds detail and addresses Apple Pay Cash.    (Read More)
 
Trump Administration Seeks to Change Rules on Bank Lending to the Poor; The Wall Street Journal
 
The Trump administration plans to unveil a major revision to decades-old banking rules that mandate lending to low-income borrowers.    (Read More)

Thales and Gemalto create a world leader in digital security; Press Release
 
Patrice Caine, Thales’s Chairman and Chief Executive Officer, commented: “The acquisition of Gemalto marks a key milestone in the implementation of Thales’s strategy. Together with Gemalto’s management, we have big ambitions based on a shared vision of the digital transformation of our industries and customers.   (Read More)
 
Artificial intelligence and financial crime: machines can’t replace humans – British regulator; KYC360
 
The use of artificial intelligence (AI) in bank compliance departments can be highly effective, however it has limitations and remains a work in progress, according to Rob Gruppetta, head of financial crime at the UK’s Financial Conduct Authority.   (Read More)
 
PSD2: regulation as a catalyst for innovation; Banking Technology
 
PSD2, the new European Directive on Payment Services in the Internal Market, comes into force on 13 January 2018. It aims to open up the European payments market to greater competition and transparency, but Christian Schaefer, global head of payments, cash management, Deutsche Bank, believes its effect will be more far-reaching, acting as a catalyst for innovation not just in payments, but in the wider financial services market.    (Read More)

Cybersecurity Concerns for Retailers, Major Credit Card Issuers; Press Release
 
SecurityScorecard, the leader in security ratings, today released its annual 2017 Retail & E-Commerce Cybersecurity Report.  The report provides a comprehensive analysis of cybersecurity vulnerabilities across 1,924 companies from January 2017 through October of 2017. As retailers prepare to focus on sales during the holiday season, merchants, major credit card issuers, and others in the retail industry are failing to keep up with critical security processes and security controls needed to protect shoppers.     (Read More)
 
Identity Theft Concerns Not Expected to Chill Holiday Shopping: Discover Survey; Press Release
 
Despite concerns about identity theft and fraud, consumers don’t plan to curb their holiday shopping. An independent survey commissioned by Discover found that while 62 percent of consumers are very or moderately concerned about identify theft or fraud this holiday season, a large majority, 73 percent, say concerns over recent data breaches won’t affect how they’ll go about their holiday shopping. Discover has commissioned its annual holiday shopping survey since 2004.     (Read More)
 
Schneier: It's Time to Regulate IoT to Improve Cyber-Security; eWeek
 
The time has come for the U.S. government and other governments around the world, to start regulating Internet of Things (IoT) security, according to Bruce Schneier, CTO of IBM's Resilient Systems.     (Read More)

Aadhaar to face Supreme Court scrutiny, govt says won’t extend deadline; LiveMint
 
The stage is set for a judicial scrutiny of the centre’s 12-digit unique identification project, Aadhaar, by the country’s apex court. On Monday, the Supreme Court referred all Aadhaar cases to a five-judge Constitution bench to be formed by the end of November.   (Read More)
 
Prepaid cards for overseas payments; LiveMint
 
This month, when the Reserve Bank of India (RBI) released new guidelines for e-wallets and prepaid instruments (PPIs), it allowed some e-wallets and prepaid cards to be used for international transactions. However, there remain many limitations.   (Read More)
 
Consumers and Banks in the PSD2 Era; Mobey Forum
 
When PSD2 comes into effect in 2018, the unprecedented regulatory upheaval will compel banks to explore new business models, commercial strategies and operational practices.   (Read More)

Deloitte Breach Affected All Company Email, Admin Accounts; KrebsonSecurity
 
Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted “very few” clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system.   (Read More)
 
Big banks back Canada’s $150m digital ID system; Banking Technology
 
Canada’s big banks have joined the charge for a CA$185 million ($150 million) digital identity supercluster bid that plans to solve the identification challenges of the digital economy.    (Read More)
 
U.K. Labour Urges May to Cap Credit Card Interest Payments; Bloomberg
 
The U.K. Labour Party urged Prime Minister Theresa May to cap interest payments on credit-card loans to help families trapped in a “debt spiral.”     (Read More)

Australia blames bitcoin for rise in organised crime; Finextra
 
The growth of online banking and digital currencies haver been cited as the main causes of a massive rise in organised crime in Australia's financial sector according to the country's criminal intelligence agency.       (Read More)
 
10 Reasons Why Central Banks Will Miss the Cryptocurrency Renaissance; Coindesk
 
It's a familiar trend, one that happened in communications (internet), and that is now playing out in energy (solar), manufacturing (3D printing) and finance (cryptocurrency) – power and control are moving into the hands of the individual and away from nation states.      (Read More)
 
Face ID Described as iPhone 8's 'Crown Jewel', Unlocking Device in 'A Few Hundred Milliseconds'; MacRumors
 
The front-facing 3D sensor on Apple's upcoming iPhone 8 will be the device's "crown jewel," able to unlock the iPhone 8 in a "few hundred milliseconds" to give users quick access to their smartphone and quickly authenticate Apple Pay purchases.       (Read More)

How Hackers Cash Out Thousands of Bitcoins Received in Ransomware Attacks; The Hacker News
 
Digital currencies have emerged as a favourite tool for hackers and cyber criminals, as digital currency transactions are nearly anonymous, allowing cyber criminals to use it in underground markets for illegal trading, and to receive thousands of dollars in ransomware attacks—WannaCry, Petya, LeakerLocker, Locky and Cerber to name a few.    (Read More)
 
FIDO Tightens Authentication's Leash; Federal Reserve Bank of Atlanta
 
Our blog often covers user authentication challenges confronting financial institutions and merchants. We feel this topic is essential given that consumers are increasingly going online to make payments and their passwords tend to be weak. Financial institutions and merchants face a difficult balancing act. They must be confident that their authentication tools effectively confirm the legitimacy of the individual attempting a transaction, but they also have to make sure these tools don't create a bad experience for the customer.     (Read More)
 
TNS Survey Reveals Major Payment Data Security Concerns among Consumers; Press Release
 
A survey* commissioned by Transaction Network Services (TNS) has found that 85% of adults in the US, UK and Australia believe the number of criminals trying to steal credit and debit card data is increasing.     (Read More)

How the High-Risk Processing Industry Can Combat the Costly Surge in Card Testing Fraud; PointofSale.com
 
In the years since I co-founded eMerchantBroker we’ve seen the introduction of EMV standards help reduce the incidence of fraud in card-present environments. Unfortunately, as predicted, this tightening of security has caused fraudsters to migrate to the online world. According to Radial’s eCommerce Fraud Technology Lab, in the last year, fraud in the online space has increased 30%. And, they also report that in Q1 of 2017, a new problem has emerged. The rate of credit card testing has increased by 200%.      (Read More)
 
Banks Ready for Launch of European Anti-Money-Laundering Directive;    Reuters
 
A network of dummy online stores offering household goods has been used as a front for internet gambling payments, a Reuters examination has found. The seven sites, operated out of Europe, purport to sell items including fabric, DVD cases, maps, gift wrap, mechanical tape, pin badges and flags. In fact, they are fake outlets, part of a multinational system to disguise payments for the $40 billion global online gambling industry, which is illegal in many countries and some U.S. states.   (Read More)
 
Single digital identity could erase pain of doing frequent online transactions; Financial Post
 
In 1993, the New Yorker published a cartoon, of two hounds in a room, one of them typing on a keyboard. “On the Internet,” he tells the other canine, “nobody knows you’re a dog.” Nearly a quarter century later, we still haven’t solved that basic problem.  (Read More)

EU executive asks bank watchdog to rethink 'screen scraping' ban; Reuters
 
The European Union's financial services chief said on Friday he will ask the bloc's banking watchdog to rethink its proposed ban on "screen scraping" or financial technology firms directly accessing bank accounts.   (Read More)
 
Tipping point for Apple Pay as majority of UK tills accept limitless payments; The Telegraph
 
The majority of Apple Pay tills in the UK can now accept mobile payments above £30, bringing the tech giant's vision of replacing the wallet a step closer.   (Read More)
 
Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division; KrebsonSecurity
 
Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.   (Read More)

Nothing new in UK Government t cyber security survey; Enterprise Time
 
The 2017 UK Govt produced Cyber Security Breaches Survey is out and it says nothing new. Across 66 pages it repeats what businesses and the industry already know. Businesses are under prepared, under skilled and prone to cyber security breaches. What is worrying is that this is a situation that is not getting better.  (Read More)
 
Microsoft replaces the password with a phone-based log-in; engadget
 
Microsoft's Authenticator app can now save you a step when logging into anything that requires a Microsoft Account. According to a blog post from the company's identity division, Microsoft has just flipped the switch on a new phone sign-in feature that skips the password entry part entirely.   (Read More)
 
InterContinental Hotel Chain Breach Expands; KrebsOnSecurity
 
In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across some 5,000 hotels worldwide owned by InterContinental Hotels Group (IHG). In February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.   (Read More)
 
Two members of ATM skimming ring plead guilty to bank fraud; ars Technica
 
Joel Abel Garcia, a 35-year-old from the Bronx, New York, became the third member of an alleged ring of automated teller machine "skimmers" to plead guilty today in the US District of New Jersey to the charge of conspiracy to commit bank fraud. Another member of the group—Victor Hanganu, a Romanian citizen living in Bayside, New York—pleaded guilty to the same charge on April 10. Eleven others have been charged in the conspiracy, which targeted PNC and Bank of America ATMs in New Jersey from March 2015 until June of 2016. Another Romanian, Radu Marin, pleaded guilty on March 29.   (Read More)

Mobile device malware report reveals all-time high in mobile device infections; Payments Cards & Mobile
 
The latest Threat Intelligence Report reveals a new all-time high in mobile device malware infections, a sharp increase in compromised smartphones and major IoT device security vulnerabilities.  (Read More)
 
Biometric Brits suffer from password fatigue, Equifax; IBS Intelligence
 
56% of Brits would prefer to use a biometric security method over traditional options like passwords to log into their financial accounts online, according to Equifax research. A survey, conducted by YouGov and involving 2,059 people, found that 33% would prefer to use fingerprint recognition as a security method to access their accounts. A further 13% would like to use iris scanners, 7% facial recognition, and 3% voice recognition.  (Read More)
 
MAS to roll out national KYC utility for Singapore; Finextra
 
The Monetary Authority of Singapore (MAS) is piloting a national know-your-customer (KYC) utility for financial services, based on the MyInfo digital identity service, jointly developed by the Ministry of Finance and GovTech, the lead agency for digital and data strategy in Singapore.  (Read More)

Apple acquires Israel’s face recognition startup RealFace; Vertex Report
 
Apple has acquired RealFace, a Tel Aviv-based startup that specializes in face recognition technology, marking Cupertino’s fourth acquisition in Israel. The report comes from the financial website Calcalist (via TimesOfIsrael), stating the deal to be worth a couple million dollars.  (Read More)
 
The Clearing House calls for overhaul of AML practices; Finextra
 
US bank lobby group The Clearing House has called for an overhaul of how its members deal with AML requirements, arguing that they should spend less time and money on submitting suspicious activity reports and instead concentrate on using more innovative methods to thwart money laundering and terrorist financing.  (Read More)
 
Fujitsu Announces Biometric Authentication Platform for the IoT; MobileIDWorld
 
Fujitsu has developed a new authentication platform for the IoT that would verify users’ identities through the biometric scanning features of their smartphones.  (Read More)
 
PCI SSC issues multi-factor authentication guidance; Contactless Intelligence
 
Attackers continue to compromise valid credentials to access company networks and steal data. To help organizations combat this growing threat, the PCI Security Standards Council (PCI SSC) has issued guidance on what they consider to be the proper use of multi-factor authentication for preventing unauthorized access to computers and systems that process payment transactions.  (Read More)

Western Union admits to aiding wire fraud, to pay $586 million fine; Reuters
 
Western Union Co, the world's biggest money-transfer company, agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday.   (Read More)
 
Bosch, Cisco, Gemalto and More: Tech Giants Team Up For Blockchain-IoT; CoinDesk 
 
The Internet of Things (IoT) – the vast web of connected devices which is becoming a fundamental part of the technological infrastructure that surrounds us – brings both huge potential and great risk.  (Read More)
 
Solving the Card Not Present false decline puzzle; Payments Cards & Mobile
 
In recent years, the payments industry has started to view the growing Card Not Present fraud problem through an entirely different lens. Today, the overwhelming consensus is that the Card Not Present fraud problem, while increasingly costly, ultimately drives a much larger card acceptance problem.   (Read More)

Rollback Poised to Reshape Financial Services Regulation in 2017; Press Release
 
Bloomberg BNA’s 2017 Financial Services Outlook explores the potential impact President-elect Trump and a Republican-controlled Congress will have on financial services regulation and enforcement. Bloomberg BNA editors and reporters explore how a rollback of the Dodd-Frank Act might unfold and how priorities at the SEC, CFPB and other agencies are likely to shift. Our experts also examine the emerging regulation of financial technology and whether 2017 could be a breakout year for blockchain.       (Read More)
 
Mastercard, Visa work to make mobile pay safer; Mobile Commerce
 
Financial institutions Mastercard and Visa have banded together to make mobile and digital payments safer on either of their mobile pay platforms in an effort for wide spread adoption.     (Read More)
 
Geoswift Adopts Thomson Reuters Suite of Risk and Compliance Solutions; Press Release
 
Geoswift, a leading provider of cross-border payment solutions between China and the rest of the world has adopted Thomson Reuters risk and compliance solutions Transaction Monitoring with Screening Deployed and World-Check. The selection demonstrates the organisation's ongoing commitment to ensure its business operations meet stringent regulatory frameworks and maintain world class regulatory standards.     (Read More)

Security and Convenience When Shopping Online: Does Monopoly or Competition Keep Us Safer?  Project DisCO
 
Next time you are queuing to pay at the supermarket, and possibly cursing why the queue is so long and there aren’t more tills open, remember that it could be much worse: much, much worse.  (Read More)
 
Massive year-long credit card breach reported at Madison Square Garden; ABC 7 NY
 
The venue said it found signs of external unauthorized access in the last week of October. It would have impacted some customers who used their credit card to purchase merchandise and/or food/drink items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theatre (in Chicago) between November 9, 2015 and October 24, 2016.   (Read More)
 
U.S. is the Global Fraud Hotspot, with Online Fraud Attempts Expected to Increase 43% During Peak Holiday Season Due to EMV Shift; Press Release
 
As the busy holiday shopping season approaches, global retailers can expect a 12 percent growth in online fraudulent activity in the upcoming holiday season, compared with the same period last year—and lower ticket prices on fraudster-targeted gifts and products, according to new benchmark data from ACI Worldwide (NASDAQ: ACIW). The data*, based on hundreds of millions of transactions from retailers globally, provides actionable insights that merchants can leverage to protect against fraudulent activity this holiday season.   (Read More)

FIDO Alliance Announces New Authentication Specification Effort with EMVCo to Bring Added Security and Convenience to Mobile Payments; Press Release
 
The new effort builds on FIDO's existing partnership with W3C to provide a standard way for mobile wallet providers and payment application developers to support on-device cardholder verification (CDCVM) with biometrics or other authenticators    (Read More)
 
As EMVCo prepares to unveil a major update to the 3-D Secure specification for authenticating online transactions, Visa says that it expects to set a migration deadline for European merchants of April 2018; Finextra
 
As EMVCo prepares to unveil a major update to the 3-D Secure specification for authenticating online transactions, Visa says that it expects to set a migration deadline for European merchants of April 2018.     (Read More)
 
ETA Releases Guidance to Payment Facilitators with Voluntary Industry Best Practices; Press Release
 
The Electronic Transactions Association (ETA), the global trade association representing the payments technology world, released new Payment Facilitator Guidelines offering guidance and practices to these new entrants regarding settlement, registration, funding delays, fraud, security, and related issues.      (Read More)

Wells Fargo Claws Back Millions From CEO After Scandal; The Wall Street Journal
 
CEO John Stumpf to forfeit $41 million in unvested equity awards, forgo salary during investigation; former retail banking head Carrie Tolstedt to forfeit $19 million in unvested equity awards  (Read More)
 
Yahoo Breach Raises Questions About Password Resets; The Wall Street Journal
 
Questions are swirling around a move by Yahoo Inc., after a massive data breach, to urge users to change their email passwords manually, rather than deploy an automatic reset of all passwords across the board.  (Read More)

Samsung Pay hack lets attackers skim cards to make fraudulent payments; The Verge
 
Contactless mobile payments come as standard in Samsung's latest Galaxy smartphones, but a hacker has found a way to intercept their signals. In a presentation given at Defcon, Salvador Mendoza outlined a number of attacks targeting Samsung Pay, with the smartphone maker responding that it knew about this flaw, but that such attacks are "extremely difficult" to pull off.   (Read More)
 
How to properly secure cryptocurrencies exchanges; Ledger
 
The Blockchain Graveyard is a list of Bitcoin exchanges which have been hacked. It is growing constantly, not only sabotaging the general public trust in cryptocurrencies, but also ruining companies, customers and investors alike.   (Read More)
 
Password Hacking Forces Big Tech Companies to Act; The Wall Street Journal
 
In the past few months, hackers have taken over the social-media accounts of  Facebook Inc.  Chief Executive  Mark Zuckerberg, Google CEO  Sundar Pichai and  Twitter Inc. ’s CEO, Jack Dorsey. Behind the scenes, security teams at every major technology company—and many smaller firms, too—are scrambling to protect others from the same fate.   (Read More)
 
Computer researchers claim to have found yet another flaw in the upgrade to the chip-based credit cards in the United States; CNN Money
 
The chip on these credit cards have been praised for making them nearly impossible to counterfeit. While the cards also contain a magnetic strip, that strip is supposed to tell the payment machine to use the chip. But there's a relatively easy way to knock down that safeguard.    (Read More)

Software flaw puts mobile phones and networks at risk of complete takeover; ars TECHNICA
 
A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday.   (Read More)
 
Five trends that businesses should assess and take action on to mitigate fraud; Press Release
 
Experian has published its first annual global fraud report covering the convergence of growth strategies and fraud prevention. The report, Global Business Trends: Protecting Growth Ambitions Against Rising Fraud Threats, is designed as a guide for senior executives and fraud prevention professionals, offering new insights on how the alignment of strategies for business growth and fraud prevention can help a business grow revenues while managing risks in an increasingly virtual world.  (Read More)
 
Criminals plant banking malware where victims least expect it; ars TECHNICA
 
A criminal gang recently found an effective way to spread malware that drains online bank accounts. According to a blog post published Monday, they bundled the malicious executable inside a file that installed a legitimate administrative tool available for download.  (Read More)

Using Visa’s Intelligent Analytics, Gas Retailers See a Reduction in Fraud; Press Release
 
Visa Inc., the global leader in payments, today reported on results of Visa Transaction Advisor (VTA), a service that extends the power of Visa’s global risk intelligence to fuel merchants, helping to reduce fraud at the gas pump. More than 35,000 gas stations are actively using the service in the U.S. On average, Visa Transaction Advisor users have seen fraud decline by more than half – a 54 percent decline in counterfeit fraud rates and a 51 percent decline in lost and stolen fraud chargeback rates.    (Read More)
 
Card Fraud Costing Issuers $10.9 Billion Annually, Indicates New LexisNexis Risk Solutions Study; Press Release
 
LexisNexis® Risk Solutions released a comprehensive card issuer fraud study, Issuers Confront Application Fraud and Account Takeover in a Post-EMV U.S., that assigns a dollar value to direct losses from card fraud. It also details current modes of fraud and the effects these have on credit, debit, and prepaid card issuers' ability to mitigate card fraud. The study reports that issuers experience $10.9 billion in direct annual losses to card fraud overall.    (Read More)
 
Paragon Application Systems Deploys Next Generation Testing Strategy with VirtualATM; Press Release
 
Paragon Application Systems (Paragon), the leading independent testing services provider for the financial services industry, today introduced VirtualATM®, a powerful simulator designed to replace physical ATM hardware in the test environment. With VirtualATM, customers can conduct automated testing of the entire software stack from anywhere in the world, saving time, money and manpower.    (Read More)

ATM is a New Skimmer: Crooks Bring ATMs on Their Side; Press Release
 
Kaspersky Lab has announced research about a Russian-speaking Skimer group that forces ATMs to assist them in stealing users’ money. Researchers discovered that instead of installing skimmer devices onto an ATM, they could turn the whole ATM into a skimmer itself. Discovered in 2009, Skimer was the first malicious program to target ATMs, and now, the cybercriminals have resurfaced, reusing the malware as an advanced threat to banks and their customers around the globe.  (Read More)
 
CDT and Fitbit Develop Guidelines for Privacy and Research for Wearables Industry; Press Release
 
 In a first of its kind partnership with a wearables company, Fitbit (NYSE: FIT) invited the Center for Democracy & Technology (CDT), a leading advocacy group dedicated to protecting global online civil liberties, into its research labs to explore how privacy and ethics come into play in the research and development (R&D) process. The result of this collaboration is a report that offers guidance on privacy-protective and ethical internal research procedures for wearable technology companies.   (Read More)
 
Citi Launches Voice Biometrics Authentication for Asia Pacific Consumer Banking Customers ; Press Release
 
Voice biometrics authentication has been implemented in Taiwan with Australia, Hong Kong and Singapore to follow in the upcoming weeks. It will be rolled out throughout the region in 2016 and 2017 to cover all 12 of Citi’s consumer banking markets in Asia Pacific that represent more than half of the bank’s 19 consumer markets globally.    (Read More)

Understanding ISO 20022;  ISO 20022 Education and Promotion Work Group  of the Remittance Coalition’s Vendor Forum
 
Many organizations currently use legacy X.12 Electronic Document Interchange (EDI) standards to enable automated, electronic exchange of key business information associated with payment processing – e.g., invoice and remittance information, deduction and adjustment codes, and more. EDI standards provide significant value to entities that have implemented them. However, these standards are based on dated technology and are expensive and difficult to implement – especially for smaller and newer businesses. Corporates can benefit from ISO 20022 as a means to simplify and standardize their treasury operations.    (Read More)
 
HID Global Enters Market for Citizen IDs on Mobile Phones; Press Release
 
HID Global®, a worldwide leader in secure identity solutions, today announced it has entered the market for mobile citizen IDs that can be carried on smartphones, leveraging the success of the company’s award-winning solutions that have proven the benefits of mobility across a wide variety of secure identity applications.     (Read More)
 
EverCompliant Becomes First Solution Capable of Detecting Transaction Laundering On Mobile Applications; Press Release
 
By revealing hidden unreported mobile applications, URLs and payment environments, EverCompliant helps its customers ensure that merchants are operating in a lawful and compliant manner when processing transactions on mobile apps      (Read More)

Agencies Release Guidance to Issuing Banks on Applying Customer Identification Program Requirements to Holders of Prepaid Cards; Press Release
 
The guidance applies to banks, savings associations, credit unions, and U.S. branches and agencies of foreign banks (collectively "banks"). The guidance clarifies that a bank's CIP should apply to the holders of certain prepaid cards issued by the institution as well as holders of such prepaid cards purchased under arrangements with third-party program managers that sell, distribute, promote, or market the prepaid cards on the bank's behalf.    (Read More)

Payment Processor Involved in The Tax Club Telemarketing Scheme Settles FTC Charges; Press Release
 
Capital Payments LLC, an Independent Sales Organization (ISO), has agreed to settle Federal Trade Commission charges that it enabled a telemarketing scheme called The Tax Club to use merchant accounts to process consumers’ credit card payments. The Tax Club allegedly bilked consumers who were trying to start a home-based business.   (Read More)
 
Western Union Urges Consumers to Stay Alert for IRS Impersonation Phone Scam; Press Release
 
The Western Union Company (NYSE: WU), a leader in global payment services, urges consumers to stay alert for an aggressive and growing IRS impersonation phone scam targeting taxpayers.    (Read More)

More than 100 FIDO Certified Products Fuel Global Adoption of FIDO Strong Authentication; Press Release
 
The FIDO® (Fast IDentity Online) Alliance (https://www.fidoalliance.org/), creators of the only cross-industry strong authentication technology standard, today announced that more than 100 solutions are now FIDO® Certified. Hundreds of millions of end-users’ desktop and mobile apps have FIDO-enabled authentication protection available from leading service providers, including Google, PayPal, Samsung, Bank of America, NTT DOCOMO, Dropbox, and GitHub. Another milestone achieved with today’s announcement is that FIDO authentication is now enabled on devices from the top five global handset manufacturers.   (Read More)
 
Intel Launches Skylake vPro With Intel Authenticate; AnandTech
 
Intel’s vPro technology has been around for quite a while now, and with every new processor generation they seem to always add more features under the vPro umbrella. For a comprehensive look at what is existing now, check out the vPro launch for Broadwell. With Skylake, Intel is trying to tackle the challenge of securing computers, and the need for complex passwords. Passwords are a big pain point in the enterprise because people don’t like to make difficult passwords, and sharing passwords can be a big problem. Social engineering and more complex attack vectors can render passwords the easiest way to get into a company’s data.   (Read More)

National Security Implications of Virtual Currency; Press Release
 
This report examines the feasibility for non-state actors, including terrorist and insurgent groups, to increase their political and/or economic power by deploying a virtual currency (VC) for use in regular economic transactions.   (Read More)
 
SWIFT announces global payments innovation initiative; Press Release
 
Delivering a new standard in cross-border payments - SWIFT announces a global payments innovation initiative to dramatically improve the customer experience in correspondent banking by increasing the speed, transparency and predictability of cross-border payments.   (Read More)

How Carders Can Use eBay as a Virtual ATM; KrebsonSecurity
 
How do fraudsters “cash out” stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder.  (Read More)
 
Fractals Delivers Intelligent Card and eBanking Fraud Detection for the Enterprise; Press Release
 
NCR Corporation (NYSE: NCR), the global leader in consumer transaction technologies, has released the latest version of its Fractals enterprise fraud detection solution, which delivers new eBanking fraud detection, powerful new fraud management features and an enhanced user interface. This new release incorporates many additions built in response to requests from the Fractals customer base, highlighting NCR’s commitment to delivering solutions that truly meet the needs of its user community.  (Read More)

Banks: Card Breach at Hilton Hotel Properties; KrebsonSecurity

Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Hilton says it is investigating the claims.     (Read More)   

EMV's 12 Elephant Fail and the Case for Contactless; Linkedin

It’s been a long anticipated issue with EMV – the time it takes to “dip” a card compared to the much accustomed “swipe”. It’s not so much the time it takes, it’s more that it’s dead time – you have nothing to do but stare at a POS display waiting for the acknowledgement that you’re able to take the card out again. Time stands still as you wait for a beep or a flashing light or confetti or something. Perceived wisdom is that that this is about four seconds.  (Read More)

New ACI Worldwide Survey: 6 out 10 U.S. Consumers with Credit Cards are Not Ready for EMV; Press Release

With less than a month before the EMV liability shift, many consumers have neither received new chip-enabled cards nor are generally aware of EMV    (Read More)  

The FTC Has the Authority to Enforce Data Security: FTC v. Wyndham Worldwide Corp; TeachPrivacy Blog

The U.S. Court of Appeals for the 3rd Circuit just affirmed the district court decision in FTC v. Wyndham Worldwide Corp., No. 14-3514 (3rd. Cir. Aug. 24, 2015).  The case involves a challenge by Wyndham to an Federal Trade Commission (FTC) enforcement action emerging out of data breaches at the Wyndham.   (Read More)

Next-Gen Cybersecurity Is All About Behavior Recognition; Techcrunch

There are many ways a criminal could potentially acquire this information; for example, they could use weak passwords to fraudulently log in to a given system, or find an application vulnerability in the backend to find stored data. Breaches like this are startlingly common, and many go unreported in the news.   (Read More)

CFPB Orders Citibank to Pay $700 Million in Consumer Relief for Illegal Credit Card Practices; Press Release

The Consumer Financial Protection Bureau (CFPB) has ordered Citibank, N.A. and its subsidiaries to provide an estimated $700 million in relief to eligible consumers harmed by illegal practices related to credit card add-on products and services. Roughly 7 million consumer accounts were affected by Citibank’s deceptive marketing, billing, and administration of debt protection and credit monitoring add-on products.    (Read More)

CVS Probes Card Breach at Online Photo Unit; Krebs-on-Security

Nationwide pharmacy chain CVS has taken down its online photo center CVSphoto.com, replacing it with a message warning that customer credit card data may have been compromised. The incident comes just days after Walmart Canada said it was investigating a potential breach of customer card data at its online photo processing store.  (Read More)

Governor Jerome H. Powell calls for a safer payments system; The Federal Reserve

At the Federal Reserve Bank of Kansas City Conference, "The Puzzle of Payments Security: Fitting the Pieces Together to Protect the Retail Payments System", Kansas City, Missouri  (Read More)

Data Encryption In The Cloud: Square Pegs In Round Holes, DARKReading

Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. "Format-preserving" encryption could change all that. (Read More)

Target settlement with MasterCard fails to get bank support; Associated Press  

A $19 million deal between Target and MasterCard to settle lawsuits stemming from the retailer's massive pre-Christmas 2013 data breach has been scrapped, because it failed to get enough support from the affected banks and credit unions. (Read More)

Docomo Seeks to Make Passwords Unnecessary; Wireless Week

Japanese carrier NTT Docomo is searching to phase out passwords. Specifically, the carrier on Monday announced that it has become a board member with the Fast IDentity Online (FIDO) Alliance, an international nonprofit organization driving the effort to standardize online authentication based on things like iris scanning. (Read More)

Apple Pay cashes in on security campaign as PayPal sags; Mobile Commerce Daily

Apple Pay has grabbed the competitive edge away from online payments pioneer PayPal just six months after the former’s launch, pointing to improved consumer understanding of mobile device security features and Apple’s success in communicating these improvements to the market, according to a 451 Research survey.  (Read More)

New Cards for Medicare Recipients Will Omit Social Security Numbers; The New York Times

Concerned about the rising prevalence and sophistication of identity theft, most private health insurance companies have abandoned the use of Social Security numbers to identify individuals. The federal government even forbids private insurers to use the numbers on insurance cards when they provide medical or drug benefits under contract with Medicare.   (Read More)

Target agrees to pay $10 mln to settle lawsuit from data breach; Reuters

Target Corp has agreed to pay $10 million in a proposed settlement of a class-action lawsuit related to a huge 2013 data breach that consumers say compromised their personal financial information, court documents show.  (Read More)

Banks still trying, failing to deflect fraud onto Apple Pay; iMore

There is absolutely no reason for anyone using Apple Pay to be concerned at all about using Apple Pay. It's important to keep saying that because publications keep making it a point to link Apple Pay and "fraud" in their headlines. It's important because those publications are spreading fear, uncertainty, and doubt about Apple Pay — which makes mobile payments more accessible and secures the very data often used to actually commit fraud — to the people for whom it is most beneficial.  (Read More)

Anthem Breach May Have Started in April 2014; KrebsonSecurity

Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion. (Read More)

Lessons from an erroneous fraud alert; CreditCards.com

As I swiped my credit card to pay for $750 in groceries on a four-day church beach retreat two states away, I envisioned all the rewards points going onto my new Bank of America Visa card -- it pays 2 percent cash back on purchases made at grocery stores. My church would reimburse me for the groceries and I could treat myself to a meal out with the $15 cash back. It would be a small, but appreciated, compensation for several days of cooking and sleep deprivation with teenagers. (Read More)

Capital One's Well-Designed "Suspicious Activity" Email Alert; netbanker

I've used Capital One's credit card fairly actively for the past 4 or 5 years. And they've rarely, if ever, declined a charge (and there has never been any fraud on the card). The last fraud message I can find in my email was in December 2011 (see last screenshot). But apparently our travel combined with extra holiday spending finally caused the banks' fraud system to flag our account, rejecting a $100+ Target purchase a few days after Christmas. (Read More)

PayGate Introduces Enhanced Online Fraud Protection in Global Partnership; Payments Afrika

E-commerce payment services provider PayGate says its new partnership with global fraud prevention company ReD, an ACI Worldwide company, will give added protection to South African online merchants. (Read More)

Mobile Payments Security Depends on a Complicated Chain; PaymentsSource

Following the disclosure by a name brand retailer that their point-of-sale (POS) system had been breached, shoppers outside one of the retailer’s brick and mortar locations unanimously told a television reporter that cash was the safest way to pay in-person. (Read More)

Mobile payment processor hacked; The Hill 

A breach revealed Tuesday has exposed the vulnerabilities of yet another link in the electronic payment process. (Read More)

Bebe Stores Confirms Credit Card Breach; KrebsonSecurity

In a statement released this morning, women’s clothier chain bebe stores inc. confirmed news first reported on this blog Thursday: That hackers had stolen customer card data from stores across the country in a breach that persisted for several weeks last month.  (Read More)

Banks’ Lawsuits Against Target for Losses Related to Hacking Can Continue; Bits

A federal judge on Tuesday handed an early victory to banks in their effort to recoup losses from a major breach last year at Target. More than 40 million credit cards were compromised in the incident.  (Read More)

New wave of credit card fraudsters opt for in-store pickup option; ars technica

Walmart and other retailers who allow in-store pickup of Web purchases are being targeted by cybercriminals using credit card breach data, according to security researchers. Credit card breaches are the gift that keeps on giving—to Eastern European cybercriminals, at least. Taking advantage of the loosened security that comes with the holiday gift-buying rush, recent traffic on underground card fraud websites indicates that payment card fraud rings are using data from major retail system breaches in a campaign of fraudulent online purchases.  (Read More)    

MEDIA PARTNERS

---