Home Depot Breach: Time to Value of Black Market Cards Changes as Banks and Retailers Improve Detection

With the latest retail breach at Home Depot, attention has again turned to credit card black markets, the clearinghouses that sell these stolen cards to the highest bidder. These are no fly-by-night operation. In fact, the largest of these markets have some sophisticated features that any e-commerce site would tout, including: • integrated Bitcoin funding • …

Read more

2014 Faces of Fraud Survey: The Results

Over the last year, there have been countless debates over the hows and whys of the massive retail breaches the world has witnessed—including those affecting major chains such as Target, Neiman Marcus and P.F. Chang’s, just to name a few. Undoubtedly, the 2014 Faces of Fraud Survey results were deeply impacted by these incidents as …

Read more

US-CERT Updates Point-of-Sale Warnings – ‘Backoff’ Malware Variants Continue to Evolve

On Monday, the US-CERT (United States Computer Emergency Readiness Team) issued an updated advisory, warning that the ‘Backoff’ Point-of-Sale malware continues to evolve. And just today, UPS confirmed that it is the newest likely victim of Backoff. US-CERT has now seen five variants of ‘Backoff’, each with notable modifications, and the malware has been found …

Read more

Malware Snifula Targets Banks in North & Latin America Using Windows Certificate Store API Functions

The Snifula family of malware has been making a name for itself recently in Japan, targeting multi-national and smaller regional financial institutions alike. The effectiveness of this kind of malware is putting banks at risk in other parts of the world too, including North and South America. Our research indicates that most financial institutions in …

Read more

Hard Cheese –Defending against Multi vector, Combined, Intelligent Attacks like Operation Emmental

Last week, reports flooded security forums and publications highlighting an increase in the rate of a fraud attack named Operation Emmental. The threat type was first noticed by security companies approximately 5 months ago, but the recent rise in successful attacks against mobile banking users has been alarming and underlined the effectiveness of the attack. …

Read more

Webinar: FFIEC Announces Cybersecurity Assessments. Is Your Bank Prepared?

Cybersecurity risks remain the same for all financial institutions, regardless of size or resources. The FFIEC recently announced that examiners will be conducting “state of cybersecurity assessments” this summer, specifically targeting community banks. Examiners want to ensure that cybersecurity is engrained into the culture of all financial institutions, and that management is well aware of …

Read more

What Do Bitcoin and other Digital Currencies Mean for Fraud?

I write this post with mixed feelings about the adoption and use of crypto and digital currencies. For those who might not know, cryptocurrencies like Bitcoin, Dogecoin and others offer digital online wallets of virtual money. Initially envisioned as irreversible ‘peer-to-peer’ trustless exchanges, these currencies claim to offer the possibility of anonymous transactions between strangers, …

Read more