FORTUNE: Banks Put Hacked Credit Cards on Watch Lists to Help Reduce Fraud Costs

Share Button

hacked credit cardsFortune Magazine penned an article recently, on how banks are putting hacked credit cards on ‘watch lists’, rather than canceling them immediately, thereby helping banks (and therefore their end users), reduce the overall cost of fraud to an organization. Read more

Leveraging DMARC to Combat Growing Spear Phishing and Insider Attacks

Share Button

growing spear phishingFor the greater part of 2015, both the FBI and the U.S. Secret Service have issued warnings that 2015 could be the year of Spear Phishing. Recently, the U.S. Secret Service issued a new bulletin, warning again that they are seeing a “significant increase in the frequency, sophistication, and fraud losses” associated with these new attacks. Read more

New .bank gTLD Launching Today Requires DMARC—Will It Matter?

Share Button

.bank gTLDAfter much effort on behalf of a coalition of organizations and individuals to build security requirements around the generic top-level domain (gTLD) “.bank”, banks will be able to register their unique gTLD starting today (June 24). Now it’s up to the financial services institutions themselves to ensure that customers and organizations benefit from the domain, which advocates assert is more secure than .com. Read more

Silver Linings to LastPass Hack

Share Button

LastPass HackLast night, password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users’ email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords.

 

Read more

OPM Breach: From Bad to Worse

Share Button

OPM BreachLast week, millions of government employees were probably quite nervous to hear that their personal data had been stolen by hackers (likely from China), who gained access to a trove of data from the Office of Personnel Management. This week, the same office is opening up even more government employees to more risk, based on their response to the breach. The OPM announced that they will notify all impacted individuals by email, which makes not only the affected individuals, but also anyone else who is worried that they might be affected, now a ripe target for a phishing attack.

Read more

HCE, APIs and Mobile Payment Apps – A New Opportunity for Fraudsters

Share Button

digital_walletOver the past six months, there have been a number of changes in the way the big payment and mobile technology players have approached security for payment apps. Read more

Can Smartphones Solve ATM Skimming?

Share Button

ATM SkimmingATM skimming remains a big business for organized crime rings. According to a recent article in ATMMarketplace.com, card skimming accounted for more than $2 billion in losses. One new approach that banks are exploring to mitigate this particular vector of fraud, is the notion of using smartphones as a second factor of authentication since most people always have their phone with them. But the question remains: can smartphones solve the growing problem of skimming or do they have their own particular vulnerabilities that might present a new avenue for hackers? Read more

Games With A Purpose – Fraud

Share Button

Games With A Purpose - FraudHuman-based Computation Games, also known as Games with a Purpose, have been used by the software industry to accomplish tasks that although trivial for human beings, still pose a big challenge for even the most advanced computing mechanisms. GWAPs take advantage of the human willingness to collaborate or simply desire to have fun in order to collectively solve large-scale computational problems through online games. Read more

Preventing Fraud is a Business Decision

Share Button

Preventing Fraud In my experience as a fraud prevention consultant, I constantly have discussions with financial institutions and with different profiles of fraud prevention managers. Each with its own way of visualizing fraud and thus its own strategy to reduce it. The fact is that regardless of the institution and the fraud managers’ profile, there are three key considerations to be given before deciding how to deal with fraud, keeping in mind that it is virtually impossible to eliminate. Read more

Webinar: Who is Using Your Domain for Phishing & Spam?

Share Button

Phishing costs businesses over $2 Billion in losses every year, but email remains a critical communication channel. DMARC (Domain Message Authentication Reporting and Conformance) is a free standard that stands to change all that by providing visibility into email flows, telling email receivers to delete spoofed messages, and ensuring that only legitimate emails are delivered to inboxes from protected domains. Read more