Payments security task force |
Payments technology is evolving rapidly with advancements in e-commerce, mobile payments, and other cutting-edge data technologies, and security is at the forefront of it all. An assembly of bankers from financial institutions across the country have come together to form a joint task force led by the ABA (American Bankers Association). The Payment Systems Task Force will work toward developing safe and efficient payment technologies provided by banks that will afford enhanced security for consumers, reports Finextra. Stay tuned for more on this group's efforts toward increasing card security.
Banks have digital advantage
Consumers have a growing interest in digital wallets and mobile payment technologies, and in who they trust to provide those services. A survey of 6,000 consumers conducted by business advisory firm Alix Partners in December found that banks have a significant advantage over nonbank players when it comes to consumer trust.
Consumers interested in using a digital wallet rate their primary bank highest in safeguarding their personal information and would choose the bank as their preferred provider over digital or retailer providers. Bank Systems & Technology has more on the survey that shows how banks should leverage consumers' trust to get into - or stay in - the race for the digital wallet.
À la carte cards and accounts
Underground carding shops are a dime a dozen. Named after the underweb's most notorious carder, Badb.su distinguishes itself from the myriad of underground carding shops by its slick interface and lower-than-average prices. It offers an a-la-carte, card-checking service that allows buyers to gauge the validity of stolen cards, has its own bug bounty program and advises users to avoid using Internet Explorer. Krebs on Security has the details and screenshots of the site selling what could be your consumers' stolen data to cybercriminals.
Another tricky bank trojan
Security solutions provider M86 Security Labs has uncovered a banking trojan targeting 137 financial organizations around the globe. The attacks started with recent spam campaigns luring victims to compromised WordPress-based websites that, in turn, led users to pages infected with the Phoenix exploit kit, which downloads a trojan known as Cridex, Carberp or Dapato. Once installed on the victim's machine, the tenacious trojan takes over and collects information that could enable cybercriminals to make fraudulent transactions. The malware flies under the radar of all but 10 of the 43 anti-virus programs. Infosecurity has the details.
Hacktivists hit by hackers
And then there are the "bad" guys who get hit by the other bad guys. Hackers duped hacktivist group Anonymous supporters into installing the ZeuS botnet. Security researchers from Symantec report that hackers modified a link on PasteBin for a distributed denial-of-service (DDoS) attack tool, directing users to a ZeuS trojan instead. In addition to performing the DoS attacks, the modified ZeuS-laden download also steals banking and email credentials. InformationWeek has the details.
Visa shutting down spammers
Businesses that process card transactions need banks to process their transactions - that includes cybercriminals. A study conducted last year found that a total of 13 banks (including a major US bank) had processed spam transactions with the majority of those serviced by just three banks. Despite the study, there has been little effort by banks to remove accounts used by spammers - until now. Working with the International Anti-Counterfeiting Coalition, which investigates and reports complaints related to fraudulent transactions, Visa contacts the banks holding the accounts used by the spammers and forces them to shut down the accounts. Help Net Security has more on Visa's efforts to fight back against spam and fraud.
Gaping holes in bank apps
A study of the structural quality of applications conducted by software analysis company Cast Software reveals that customer-facing bank applications contain structural holes that could lead to outages, data corruption and unauthorized breaches. The second annual CRASH (Cast Report on Application Software Health) report examined 745 enterprise software applications in 160 organizations across industries, including the banking industry, wherein older, back-end applications usually sit on mainframes with little to no exposure to the internet. The disparity of the structural soundness occurs when newer, customer-facing apps provide exposure to the internet and open the door for hackers to come in, reports Bill Curtis, SVP of Cast and co-author of the CRASH report. Bank Systems & Technology has more on the CRASH report and how to fill in the security holes in banking applications.
Mobile payments burgeoning by billions
Has your institution jumped on the mobile payments bandwagon yet? If not, they might want to think about catching that ride. The increasing use of mobile devices as an alternative to payment cards is one of the fastest growing segments of the mobile commerce market. A new study by Juniper Research forecasts that global NFC (near field communications) payment transactions will soar to nearly $74 billion within the next three years. Juniper's Mobile Commerce Markets report also predicts significant growth in other non-NFC segments, such as banking and money transfers. TechCrunch has the details.
And the award goes to...
The Academy of Motion Picture Arts and Sciences Oscar Awards is the Super Bowl of the film industry held each year in February. Awards are presented for outstanding individual or collective efforts in up to 25 categories. Email security solution provider Agari announces its first Annual Sumo Awards to "dishonor" the biggest contributors and enablers of phishing attacks against the banking industry. To find out what schemes led the attacks against the financial industry in four leading categories, go to Help Net Security.
Updates, Patches and Alerts...
US-CERT: Current Activity
Threatpost: Adobe issues emergency fix for Flash Player vulnerabilities
ZDNet: Google patches 14 high risk Chrome browswer holes
Sophos: 25 Verisign Trusted shops found to have XSS holes
Spring Ahead This Weekend
Daylight Saving Time begins Sunday, March 11th. Remember to set your clocks ahead one hour. Don't forget desktops, laptops, mobile devices, cameras, security recorders and devices with clocks that don't have DST automatic adjustment capabilities. Don't forget the vault timers! Set them to open one hour earlier. This is also a good time to change smoke detector batteries. Send reminders to your colleagues with a BOL e-Card.