As a security provider focused solely on fraud detection and prevention, Easy Solutions has a unique perspective on fraud as it occurs around the world. Trends like the adoption of digital payment services and mobile device use vary by geography, and have a direct influence on fraud. Here are five trends we are watching in Europe that will impact fraud in both the short- and long-term. Read more
I recently shared my thoughts with Dark Reading on why email is worth saving. In the piece, we ask ‘What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available?’ It is, it’s called the DMARC specification, and we should be using it. Read more
We’ve rolled out some new updates to our DetectID product line, including updates to our push authentication to provide you with a more secure and streamlined two-factor experience. Read more about a few of the updates below:
QR Code Registration Option
DetectID now offers device registration using QR codes for soft token and push authentication. QR Code generation and delivery is supported on the iOS and Android platforms through an SDK or the DetectID app. The QR Code is scanned automatically, using the camera on the device, and the token is immediatelyimported and ready to use for receiving instant push authentication messages.
DMS now supports the use of the DMARC draft specification for its customer base. DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance” (http://www.dmarc.org/), is an e-mail authentication and reporting standard that provides organizations with an unmatched view of the health of their outbound e-mail channel. DMS support for this standard means that our customers can block even more fraudulent messages and stop additional attacks.
With the latest retail breach at Home Depot, attention has again turned to credit card black markets, the clearinghouses that sell these stolen cards to the highest bidder. These are no fly-by-night operation. In fact, the largest of these markets have some sophisticated features that any e-commerce site would tout, including:
• integrated Bitcoin funding
• good customer support
• good commerce features
Over the last year, there have been countless debates over the hows and whys of the massive retail breaches the world has witnessed—including those affecting major chains such as Target, Neiman Marcus and P.F. Chang’s, just to name a few. Undoubtedly, the 2014 Faces of Fraud Survey results were deeply impacted by these incidents as banking and security leaders are just starting to deal with the consequences. Read more
On Monday, the US-CERT (United States Computer Emergency Readiness Team) issued an updated advisory, warning that the ‘Backoff’ Point-of-Sale malware continues to evolve. And just today, UPS confirmed that it is the newest likely victim of Backoff. US-CERT has now seen five variants of ‘Backoff’, each with notable modifications, and the malware has been found in at least three separate forensic investigations. They note that the variants are largely undetected by AV vendors, and recommend that in lieu of such protection, organizations should monitor for ‘indicators of compromise’ (IOCs) to determine if they have been infected. Read more
The latest in a recent string of lawsuits between businesses and their commercial banks is the case of Tennnessee Electric Company vs. TriSummit Bank. In the complaint, Tennessee Electric alleges in six counts, from gross negligence to fraud, that TriSummit didn’t honor its agreement to protect the security of ACH initiated payroll transactions. Read more
The Snifula family of malware has been making a name for itself recently in Japan, targeting multi-national and smaller regional financial institutions alike. The effectiveness of this kind of malware is putting banks at risk in other parts of the world too, including North and South America. Our research indicates that most financial institutions in the Western hemisphere have already been attacked by some variant of Snifula.
Last week, reports flooded security forums and publications highlighting an increase in the rate of a fraud attack named Operation Emmental.
The threat type was first noticed by security companies approximately 5 months ago, but the recent rise in successful attacks against mobile banking users has been alarming and underlined the effectiveness of the attack. The fact that the majority of the successful attacks were aimed at Swiss banks led to the name of Operation Emmental, referring to the Swiss cheese containing holes, suggesting imperfections in security.