Happy New EMV Year! That’s right, 2015 marks the beginning of a big year for the retail and payment industry as it marches toward the mandatory October 1, 2015 deadline for EMV implementation in an effort to help reduce fraud in the U.S. Given some of the major retail breaches over the last year, many feel this deadline can’t come soon enough. However, this transition will be an enormous one, and many expect to see several hiccups, or in the spirit of the season, a few holiday bulbs broken, along the way. Read more
The latest release of Easy Solutions’ DetectID authentication platform has enhanced its push authentication technology to include more options and features, making it the most convenient, intelligent and trusted mobile two-factor solution on the market. The new features in this latest version include: Read more
Payment security standards like Europay, MasterCard and Visa (EMV), Host Card Emulation (HCE), and Point-to-Point Encryption (P2PE) have been given much attention and discussion this year. With Apple Pay, we now have a new hype payment security solution called Tokenization.
As IOS8 was made available last month, numerous organizations have jumped on Touch ID fingerprint bandwagon and updated with their application with Touch ID support. I think this is a step in the right direction as passwords are slowly becoming a thing of the past and have shown to be easily hacked by most hackers. Not only are passwords weak protection against breaches, they are also hard to memorize especially with volume of password a single person has to remember and the different and often complex configurations sites require today. Read more
Apple Pay went live yesterday. And while there has been much talk about how it’s going to disrupt the payment system, and how easy it will be to use, security is once again being overlooked in the urgency for speed and convenience above all else. Read more
We’ve rolled out some new updates to our DetectID product line, including updates to our push authentication to provide you with a more secure and streamlined two-factor experience. Read more about a few of the updates below:
QR Code Registration Option
DetectID now offers device registration using QR codes for soft token and push authentication. QR Code generation and delivery is supported on the iOS and Android platforms through an SDK or the DetectID app. The QR Code is scanned automatically, using the camera on the device, and the token is immediatelyimported and ready to use for receiving instant push authentication messages.
On Monday, the US-CERT (United States Computer Emergency Readiness Team) issued an updated advisory, warning that the ‘Backoff’ Point-of-Sale malware continues to evolve. And just today, UPS confirmed that it is the newest likely victim of Backoff. US-CERT has now seen five variants of ‘Backoff’, each with notable modifications, and the malware has been found in at least three separate forensic investigations. They note that the variants are largely undetected by AV vendors, and recommend that in lieu of such protection, organizations should monitor for ‘indicators of compromise’ (IOCs) to determine if they have been infected. Read more
Over the last two years, we have seen a tremendous increase in mobile malware, which grew 167 percent in the past year, according to the June 2014 McAfee Labs Threat Report.
Here are two major reasons why mobile malware is increasingly the preferred method of attack for fraudsters:
1. As EMV technology is deployed in the US, the amount of fraud attributed to counterfeit cards will decrease.
2. Telecommunications providers will no longer allow premium text message services to bill customers, lowering the volume of fraud via premium SMS messages.
Mobile Banking offers considerable promise for true interaction with customers as well as key differentiators to attract gen Y consumers. Simple and stronger authentication is key to manage risk and to ensure continued success in the mobile market.
The first generation of strong authentication for mobile typically utilized the same authentication factors as the online banking channel. This approach was mostly driven by the need to go to market quickly and also cost considerations. The most common method at that time was to use traditional static challenge questions.
A year after the Twitter-AP event, new security vulnerabilities and breaches (Heartbleed, Target, to name a few) continue to be in the weekly headlines. Organizations affected by those events have taken some measures to prevent them from happening again, and the largest financial services companies are investing heavily in cyber security. JPMorgan Chase, the nation’s largest financial institution, recently announced they are investing in additional layers of security, to the tune of $250 million annually and 1,000 people dedicated to the effort. Other organizations with high-value data and assets should follow that trend, and make a real assessment of their current solutions to see if they really help them combat cyber attacks and fraud in an effective way.