Payment security standards like Europay, MasterCard and Visa (EMV), Host Card Emulation (HCE), and Point-to-Point Encryption (P2PE) have been given much attention and discussion this year. With Apple Pay, we now have a new hype payment security solution called Tokenization.
As IOS8 was made available last month, numerous organizations have jumped on Touch ID fingerprint bandwagon and updated with their application with Touch ID support. I think this is a step in the right direction as passwords are slowly becoming a thing of the past and have shown to be easily hacked by most hackers. Not only are passwords weak protection against breaches, they are also hard to memorize especially with volume of password a single person has to remember and the different and often complex configurations sites require today. Read more
Apple Pay went live yesterday. And while there has been much talk about how it’s going to disrupt the payment system, and how easy it will be to use, security is once again being overlooked in the urgency for speed and convenience above all else. Read more
We’ve rolled out some new updates to our DetectID product line, including updates to our push authentication to provide you with a more secure and streamlined two-factor experience. Read more about a few of the updates below:
QR Code Registration Option
DetectID now offers device registration using QR codes for soft token and push authentication. QR Code generation and delivery is supported on the iOS and Android platforms through an SDK or the DetectID app. The QR Code is scanned automatically, using the camera on the device, and the token is immediatelyimported and ready to use for receiving instant push authentication messages.
On Monday, the US-CERT (United States Computer Emergency Readiness Team) issued an updated advisory, warning that the ‘Backoff’ Point-of-Sale malware continues to evolve. And just today, UPS confirmed that it is the newest likely victim of Backoff. US-CERT has now seen five variants of ‘Backoff’, each with notable modifications, and the malware has been found in at least three separate forensic investigations. They note that the variants are largely undetected by AV vendors, and recommend that in lieu of such protection, organizations should monitor for ‘indicators of compromise’ (IOCs) to determine if they have been infected. Read more
Over the last two years, we have seen a tremendous increase in mobile malware, which grew 167 percent in the past year, according to the June 2014 McAfee Labs Threat Report.
Here are two major reasons why mobile malware is increasingly the preferred method of attack for fraudsters:
1. As EMV technology is deployed in the US, the amount of fraud attributed to counterfeit cards will decrease.
2. Telecommunications providers will no longer allow premium text message services to bill customers, lowering the volume of fraud via premium SMS messages.
Mobile Banking offers considerable promise for true interaction with customers as well as key differentiators to attract gen Y consumers. Simple and stronger authentication is key to manage risk and to ensure continued success in the mobile market.
The first generation of strong authentication for mobile typically utilized the same authentication factors as the online banking channel. This approach was mostly driven by the need to go to market quickly and also cost considerations. The most common method at that time was to use traditional static challenge questions.
A year after the Twitter-AP event, new security vulnerabilities and breaches (Heartbleed, Target, to name a few) continue to be in the weekly headlines. Organizations affected by those events have taken some measures to prevent them from happening again, and the largest financial services companies are investing heavily in cyber security. JPMorgan Chase, the nation’s largest financial institution, recently announced they are investing in additional layers of security, to the tune of $250 million annually and 1,000 people dedicated to the effort. Other organizations with high-value data and assets should follow that trend, and make a real assessment of their current solutions to see if they really help them combat cyber attacks and fraud in an effective way.
In the wake of the most recent FFIEC guidance published in 2011, many financial institutions and service providers have undertaken very expensive and time-consuming projects to replace the traditional challenge questions and answers that they previously used as a security measure. One of the more popular solutions suggested as an alternative was to provide out-of-band authentication via a second independent device. Mobile phones were the natural fit as that independent device, since the typical consumer’s high usage of SMS texting would make it easy to incorporate into their banking routine.
Mobile banking presents an attractive way for banks to improve their relationships with their customer, serving them wherever they go. But with major security breaches and fraud incidents making headlines, financial institutions are taking steps to address the growing problems of advanced persistent threats and fraud in online and mobile banking channel. Read more