Historical ID theft bust|
Dubbed "Operation Swiper," a two-year investigation has led to the largest identity theft bust of its kind in U.S. history. Authorities have arrested 111 people that are believed to be members of five different ID theft and credit card fraud rings responsible for generating $13 million in illicit profits. Using trusted insiders (including bank tellers and retail and restaurant workers) to steal personal and financial data, the fraudsters created counterfeit credit cards which were passed on to organized shopping "teams" who went on coast-to-coast shopping sprees. InformationWeek has the latest details on this prolific crime (that should have been detected sooner). Are you screening your bank employees thoroughly for any red flags that could prevent this type of insider theft?
Quick route for stealing IDs
Car shopping can be tedious and expensive. Most consumers will complete credit applications to finance the purchase of a new vehicle. The process of shopping for the best lender with the lowest rate used to be tedious as well for car dealers. That process has been simplified with credit application software and web portals, such as RouteOne, that allow dealers to pull consumers' credit reports from the three major credit reporting agencies and shop around for financing. It also provides a quicker route for cyber ID thieves to access the same financial data on car buyers when those systems are breached, reports Krebs on Security.
ZeuS goes P2P
The infamous banking trojan ZeuS is a lot like the acclaimed Energizer Bunny...it may run low on energy at times but keeps going and going and going. The latest version of the malicious malware discovered by the creator of ZeuS Tracker includes peer-to-peer (P2P) functionality. The new ZeuS variant queries a built-in list of IP addresses to make contact with other infected systems and download updated configuration files from them. It can also remotely check which version of the malware is running on remote PCs and download an updated version. InfoWorld has more on this persistent threat that researchers say may be harder to track and take down.
Virtual credit card app
Technology provides the "want it now" generation with myriad opportunities to fulfill their need for self gratification. U.S. Bank has launched a new virtual credit card app that helps retailers accept and approve credit instantly for consumers using their mobile phones. Currently being piloted with outdoor sports retailer Recreational Equipment (REI) as an iPhone only app, the virtual card app will be offered to additional retailers and Android users in the near future. Bank Systems & Technology has the details.
Mobile money bagmen
The person designated to collect money for old school criminals (the Mob) was referred to as the bagman. Today, cybercrime - a multi billion-dollar industry - is where the money is. According to the Third Quarter 2011 Community Powered Threat Report released by AVG, cybercriminals are outsourcing their money collection activities to mobile phone operators. Read more about this and other notable cybercrime trends at Help Net Security.
Fighting back against fraud
Fraud has been hitting banks, corporations and consumers hard, but banks are fighting back with device identification, risk profiling and device reputation - an online fraud detection method that examines a PC or other device for unwanted behavior or suspicious activity. According to a recent study conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC), 36% of fraud attempts against the financial institutions polled were thwarted in 2010 compared to only 20% in 2009. Infosec Island has more on the study. And in the UK, online banking fraud losses dropped 32% the first half of this year, reports Techworld.
Lock out fraud
For every $100 worth of credit and debit card transactions, the U.S. loses 9 cents to fraud, while the global average is 4.5 cents, according to The Nilson Report released last week. Diebold is helping consumers protect their accounts against card fraud with a new mobile banking security tool. Using MobiTransact® Card Lock, consumers can lock down their credit or debit cards with a simple text message when possible fraudulent transactions are detected. Card Lock enables users to send Short Message Service (SMS) text message commands that control the usage status of their ATM debit cards. Texting specific lock commands to a designated number, users can prevent their cards from being used at an ATM or POS terminal. ATM Marketplace has the details.
ATM cash for phones
There is an old proverb that goes "Every convenience brings its own inconveniences along with it." Consumers turn to the convenience of ATMs and self-service kiosks to withdraw funds, exchange coins for cash or gift cards (Coinstar), rent movies (Redbox) and other retail uses. Now mobile phone users can recycle their portable devices and get immediate cash at an ecoATM, which uses visual recognition software to inspect the device and has the ability to detect if the phone will boot before making users a cash offer. Techcrunch has the details. With all the personal data contained on today's mobile devices, is the assurance from these ecoATMs that personal data from collected phones is erased really viable? In this case, we think the risks of data loss outweigh the convenience of instant cash for unwanted phones.
To scan or not to scan
The misconception about cost savings and lack of trust in their employees is preventing many mid-tier banks (those between $1 billion and $50 billion in assets) from moving to document imaging. A survey conducted by FIS Consulting Services found that only 13 percent of the institutions polled are digitizing greater than 75 percent of their files. Bank Systems & Technology has more on the survey. Is your institution taking advantage of the efficiency and convenience of document imaging - and securing digitized images properly?
and Dan Fisher
in a 2-hour
November 16, 2011
Consumer and Small Business RDC Mobile Capture… Deposits on the Move!
If your financial institution is about to offer or considering extended remote deposit capture for small businesses and consumers, you need to be aware of the unique added risks involved in that market. Regulators will expect you to have completed a thorough risk analysis and prepared a risk mitigation program for the expanded client base. This webinar will review the risks that consumers and small businesses present, and provide the information you need to ensure you'll be able to analyze and manage the risks to protect your institution.
Order the CD ROM of the program now.
Payment Card Industry Data Security Policy Template
On the lighter side ...
The hackers are after our data. What could we possibly do to stop the attacks?