A flaw in how contactless cards from Visa - and potentially other issuers - have implemented the EMV protocol can be abused to bypass PIN verification for high-value transactions, ETH Zurich researchers warn. But Visa says the exploits would be "impractical for fraudsters to employ" in real-world attacks.
Diebold Nixdorf and NCR have issued patches for ATM software vulnerabilities that could enable a hacker with physical access to the devices to commit deposit forgery, according to the Carnegie Mellon University CERT Coordination Center.
Diebold Nixdorf, a major manufacturer of ATMs, has issued an alert about "jackpotting" or "cash-out" attacks that are draining cash from its machines in several European countries. What makes these attacks unusual?
The notorious carder marketplace Joker's Stash is advertising a fresh batch of 400,00 stolen payment cards issued by both South Korea and U.S. banks, warns Group-IB. It says that on average, stolen APAC payment card data sells for five times more than stolen U.S. payment card data.
Faster payments are the new reality in more than 40 countries, and this innovation is benefiting consumers and businesses alike. Criminals are also enjoying the speed and non-refutable nature of these transfers, and in many deployments faster payments quickly translates to faster fraud.
This does not have to be the...
Starting Jan. 1, State Bank of India will no longer accept magnetic stripe debit card transactions and will accept only EMV chip-based cards in compliance with an RBI mandate, which is designed to help prevent card fraud, including skimming and cloning.
The notorious Joker's Stash cybercrime marketplace, which specializes in selling stolen payment card data, has a new listing for 1.3 million credit and debit cards, almost all of which appear to have been issued by Indian banks, reports threat intelligence firm Group-IB.
Cybercrime is surging thanks, in part, to the availability of inexpensive hacking tools and services. A recent look by security firm Armour at black market offerings finds stolen payment card data, RDP credentials, ransomware and DDoS services are widely available for sale.
The EU Payment Services Directive (PSD2),
presents any business that processes online
payments or provides account related services
in the European Economic Area (EEA) with the
challenge of balancing the Strong Customer
Authentication (SCA) requirements with a seamless
To gain competitive...
Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.
Despite India's move to EMV-chip payment cards, ATM fraud continues to take place. Experts say risk of skimming is not eliminated with chip cards if they still have magnetic stripe and ATMs continue to read these stripes.
Although the Reserve Bank of India mandated that banks complete the shift from magnetic stripe debit and credit cards to EMV chip-and-PIN cards by Jan. 1 to help reduce fraud, there's still plenty of work to be done.
So far, police have not found evidence that a major organized hacking group was responsible for the Cosmos Bank heist, which involved the theft of $13.5 million through ATMs and unauthorized SWIFT transactions. What steps should banks take to avoid becoming the next cyber heist victim?
What security strategies do financial organizations need to consider in the new PSD2 landscape? PSD2 outlines security requirements in three key areas.
Download this whitepaper and learn how to:
Secure customer interactions with third-party providers and banks;
Secure API transactions and account...