Security & Fraud Archives | PYMNTS.com https://www.pymnts.com/news/security-and-risk/2024/liability-remains-murky-despite-reduction-united-kingdom-push-payments-fraud-fine/ What's next in payments and commerce Wed, 04 Sep 2024 21:02:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.1 https://www.pymnts.com/wp-content/uploads/2022/11/cropped-PYMNTS-Icon-512x512-1.png?w=32 Security & Fraud Archives | PYMNTS.com https://www.pymnts.com/news/security-and-risk/2024/liability-remains-murky-despite-reduction-united-kingdom-push-payments-fraud-fine/ 32 32 225068944 Liability Remains Murky Despite Reduction in UK Push Payments Fraud Fine https://www.pymnts.com/news/security-and-risk/2024/liability-remains-murky-despite-reduction-united-kingdom-push-payments-fraud-fine/ Wed, 04 Sep 2024 21:02:24 +0000 https://www.pymnts.com/?p=2081393 It’s said in jurisprudence that hard cases make bad law. Bad laws have the unintended consequences of hurting society, encouraging bad behavior, or both. In payments, and in the United Kingdom, the hard choices of what to do about authorized push payment (APP) fraud are translating into bad law, or at least bad regulatory policies […]

The post Liability Remains Murky Despite Reduction in UK Push Payments Fraud Fine appeared first on PYMNTS.com.

]]>
It’s said in jurisprudence that hard cases make bad law.

Bad laws have the unintended consequences of hurting society, encouraging bad behavior, or both.

In payments, and in the United Kingdom, the hard choices of what to do about authorized push payment (APP) fraud are translating into bad law, or at least bad regulatory policies that don’t go far enough to establish liability and impose penalties accordingly.

The Payment Systems Regulator (PSR) is slashing the reimbursement mandates faced by banks and payment companies as soon as next month. Under the previous proposals, these firms would have been on the hook for a maximum of 415,000 British pounds (about $545,000), but they will now have to pay a maximum of 85,000 pounds (about $112,000). Nothing is etched in stone yet, as a consultation period is in place this month.

The rationale behind the new APP fraud caps was published by the regulator Wednesday (Sept. 4), and the final policy position from last year details what to expect.

In terms of the impact, the PSR noted that last year — out of over 250,000 cases — there were 18 instances of people being scammed for more than 415,000 pounds and 411 instances of more than 85,000 pounds.

“The analysis also highlighted that almost all high value scams are made up of multiple smaller transactions, reducing the effectiveness of transaction limits as a tool to manage exposure,” the PSR said.

“The proposed new cap will still see over 99% of claims (by volume) covered,” it added.

However, the PSR also noted: “For larger firms who have been operating under the voluntary CRM code for a number of years, the adjustment will be smaller, but some smaller firms have a much bigger adjustment to make.”

The read-across here is that the burden of compliance will be borne perhaps more urgently by smaller companies, with the built-in assumption that they are, in fact, to blame for the fraud.

Cost and Benefit Analysis

The PSR also published a cost benefit analysis that estimated that a maximum claim limit of 85,000 pounds would reduce the level of APP scam reimbursement by about eight percentage points relative to a limit of 415,000 pounds. It concluded that the lower level of reimbursement (benefit) is balanced out by the reduced cost to payment service providers (PSPs).

It also noted that there would be a “small decrease” in PSP incentives to prevent APP fraud, as well as a “small decrease” in “moral hazard” and “prudential risk and reduction in competition and innovation.”

“We have listened to industry concerns about the prudential impact of our proposed policy,” the PSR said in the analysis. “We continue to seek to understand this impact and acknowledge the uncertainty about the impact of our initial 415,000-pound limit on the solvency of firms, particularly smaller PSPs. We are therefore making a conservative assumption that a maximum claim limit of 85,000 pounds may reduce firms’ liability (relative to the current 415,000-pound limit) and mitigate their prudential risk.”

The October deadline is rushing toward the banks and PSPs, and they will have to scramble to reconfigure their fraud-battling frameworks and their transaction analysis. That means real costs will be incurred over the span of a few weeks.

But the question remains as to the moral hazard that will still exist and whether more rigor is needed to create a set of standards or frameworks for establishing liability and imposing fines accordingly. At the moment, the regulation is a blunt instrument that assumes banks and PSPs are at fault. The moral hazard is that consumers, with the knowledge in the back of their minds that the banks and payment firms will be on the hook for fraud, might send their payments without thinking as hard as they might or should about who is on the receiving end. The “sender beware” model would suddenly become less urgent.

For the scammers, the lure of the first-party fraud scheme — where they effectively pose as victims and get reimbursed — is a risk too, especially with artificial intelligence-powered fraudsters capable of tricking many people into doing things they probably shouldn’t. We’ve already seen evidence of slower payments in the U.K. as this regulation looms large.

More careful consideration of the regulation is required — lest the unintended consequences become consequential indeed.

The post Liability Remains Murky Despite Reduction in UK Push Payments Fraud Fine appeared first on PYMNTS.com.

]]>
2081393
OCC’s Hsu: Agility and Teamwork Critical as Banks Confront New Risks https://www.pymnts.com/news/security-and-risk/2024/office-comptroller-currency-michael-hsu-agility-teamwork-critical-banks-confront-new-risks/ Wed, 04 Sep 2024 15:41:18 +0000 https://www.pymnts.com/?p=2081147 Banks are confronting new, digital risks, and guarding against them demands a more agile, teamwork-focused approach. Michael Hsu, acting Comptroller of the Currency, said in a Tuesday (Sept. 3) speech before the Joint European Banking Authority and European Central Bank International Conference that within financial services, “digitalization … has brought great benefits, but has also […]

The post OCC’s Hsu: Agility and Teamwork Critical as Banks Confront New Risks appeared first on PYMNTS.com.

]]>
Banks are confronting new, digital risks, and guarding against them demands a more agile, teamwork-focused approach.

Michael Hsu, acting Comptroller of the Currency, said in a Tuesday (Sept. 3) speech before the Joint European Banking Authority and European Central Bank International Conference that within financial services, “digitalization … has brought great benefits, but has also increased the risk surface for cyberattacks. At the same time, hackers, money launderers and fraudsters have become much more sophisticated. Controls and systems that were effective a couple of years ago may not be effective today.”

This week, Intellicheck CEO Bryan Lewis told PYMNTS: “We are at about four times the level of data that has been breached this year to date compared to last year. So, it is definitely a problem.”

The PYMNTS Intelligence report “Leveraging AI and ML to Thwart Scammers” found that 43% of the fraudulent transactions that financial institutions report are authorized fraud. Beyond the increased risk of cyberattacks, per Hsu, the “sheer breadth” of various banking relationships also leads to vulnerabilities.

Proliferation of Partnerships and Extended Risks

“Particularly challenging is the proliferation of bank partnerships and arrangements with nonbank third parties, who in turn often partner and rely on fourth parties,” said Hsu, adding that “the dynamic nature of interactions between banks and nonbank financial institutions and technology firms (FinTechs), which compete, support and rely on banks to varying degrees, has led to an increasingly complex nexus between banking and commerce.”

Against that backdrop, Hsu pointed to the practice of bank supervision as a “craft” — reliant on technology but also aided by a “nimble ‘team of teams’ approach” that examines liquidity, market and cyber risks across a cohort of banks.

This holistic, horizontal approach has been discussed within PYMNTS’ coverage.

Featurespace founder Dave Excell told PYMNTS in July that banks and financial institutions can combat fraud more effectively when they share information. Multi-enterprise dialogue can catch scams that might slip through when looking at activity at a single bank.

The Federal Reserve also has been developing a scam classifier model and creating frameworks for data sharing between institutions, he said.

Nick Fleetwood, head of data services at Form3, told PYMNTS in January that a “collaborative network” can help build and constantly refine robust information flows that help safeguard banks.

“[I]f you have everyone contributing to a data model, you’re able to score risk in real time” based on a consortium effort,” he said.

This holistic approach lets financial institutions determine whether to let a payment go through, or whether to raise new prompts to slow things down and make sure the account holders are genuine.

Intellicheck’s Lewis told PYMNTS in April that Intellicheck is actively exploring a consortium approach to fighting digital identification fraud, envisioned as an interoperable network where financial institutions can share trust and verification outcomes.

The post OCC’s Hsu: Agility and Teamwork Critical as Banks Confront New Risks appeared first on PYMNTS.com.

]]>
2081147
Report: UK Regulator Makes Massive Cut to Fraud Reimbursement Plan https://www.pymnts.com/news/security-and-risk/2024/report-uk-regulator-makes-massive-cut-to-fraud-reimbursement-plan/ Wed, 04 Sep 2024 10:47:17 +0000 https://www.pymnts.com/?p=2080343 The U.K.’s payment regulator is reportedly making a drastic cut to its fraud reimbursement plan. Banks and payment companies in England would have had to reimburse victims of scams up to £415,000 ($544,000), but will now have to pay a maximum of £85,000 ($111,000), the Financial Times reported Wednesday (Sept. 4), citing sources familiar with […]

The post Report: UK Regulator Makes Massive Cut to Fraud Reimbursement Plan appeared first on PYMNTS.com.

]]>
The U.K.’s payment regulator is reportedly making a drastic cut to its fraud reimbursement plan.

Banks and payment companies in England would have had to reimburse victims of scams up to £415,000 ($544,000), but will now have to pay a maximum of £85,000 ($111,000), the Financial Times reported Wednesday (Sept. 4), citing sources familiar with the matter. 

The move follows pressure from the banking/payments sector on the Payment Systems Regulator (PSR) to scale back the reimbursement plan, set to go into effect Oct. 7.  According to the FT, a consultation on the new limit is expected to be announced as soon as Wednesday.

The report also notes that the PSR says it will release findings on how much of recent payment fraud was on individual transactions of more than £85,000. However, the regulator declined to say whether it would reduce the proposed threshold for mandatory reimbursement by banks from £415,000.

A spokesperson for the PSR told PYMNTS the regulator would answer questions after the release of its findings Wednesday morning.

The PSR had called for the reimbursement plan following a surge in authorized push payment (APP) fraud, which refers to cases when someone is duped into sending money from their bank account to a fraudster pretending to be a legitimate payee.

Such fraud cost U.K. residents $433 million last year, according to a report issued by the PSR in August.  That was a 12% drop from the prior year, although the volume of fraud cases increased by the same amount.

Industry groups such as the Payments Association had been lobbying the PSR to hold off on imposing the new measure for at least a year.

Riccardo Tordera-Ricchi, head of policy and government relations at the association, said in June that if the planned APP fraud reimbursement changes proceeded as planned, “the prudential risk and requirements to participate in the U.K. payments market will increase significantly.”

“It will also result in an increase in cost and friction of real-time payments and a decrease in investment into the U.K. FinTech market due to higher risks of failure and lower profitability,” Tordera-Ricchi added.

However, the PSR was committed to going forward with its plan as recently as August 21.

“We have extensively consulted on these measures for over two years and continue to engage closely with the industry to ensure timely and effective implementation,” Kate Fitzgerald, head of policy at PSR, told Bloomberg News at the time.

Dan McLoughlin, Fraud and Security Specialist at Lynx, told PYMNTS he was disappointed by the decision.

“Dropping the value of reimbursement so dramatically takes away a big part of banks’ financial motivation to prevent fraud,” he said. “While most APP fraud cases will still be covered by the regulation, the dropping shows an unwillingness from banks to accept responsibility and make tough decisions. It takes away their drive to invest in robust fraud detection and prevention systems, which ultimately safeguard consumers.”

The post Report: UK Regulator Makes Massive Cut to Fraud Reimbursement Plan appeared first on PYMNTS.com.

]]>
2080343
FTC Reports Tenfold Increase in Scams Involving Bitcoin ATMs https://www.pymnts.com/news/security-and-risk/2024/ftc-reports-tenfold-increase-in-scams-involving-bitcoin-atms/ Tue, 03 Sep 2024 18:28:07 +0000 https://www.pymnts.com/?p=2080138 As bitcoin ATMs have been installed in more locations, they have become a “payment portal for scammers,” the Federal Trade Commission (FTC) said in a Tuesday (Sept. 3) data spotlight. The amount of money consumers lost to scams involving bitcoin ATM machines increased tenfold between 2020 and 2023, rising from $12 million to $114 million, according to the […]

The post FTC Reports Tenfold Increase in Scams Involving Bitcoin ATMs appeared first on PYMNTS.com.

]]>
As bitcoin ATMs have been installed in more locations, they have become a “payment portal for scammers,” the Federal Trade Commission (FTC) said in a Tuesday (Sept. 3) data spotlight.

The amount of money consumers lost to scams involving bitcoin ATM machines increased tenfold between 2020 and 2023, rising from $12 million to $114 million, according to the article.

The total for 2024 is on pace to top that of 2023, as the FTC’s data shows that this year’s reported bitcoin ATM fraud losses through June amounted to $66 million.

The FTC added that this amount probably reflects only a fraction of the total losses, because most frauds are not reported.

Scammers are increasingly using bitcoin ATMs as part of their government impersonation, business impersonation and tech support scams, the FTC said in a Tuesday press release.

“The lies told by scammers vary, but they all create some urgent justification for consumers to take cash out of their bank accounts and put it into a bitcoin ATM,” the FTC said in the release. “As soon as consumers scan a QR code provided by scammers at the machine, their cash is deposited straight into the scammer’s crypto account.”

Among this year’s bitcoin ATM fraud losses, people over the age of 60 were more than three times as likely as younger adults to report losing money to these scams, according to the release.

Across all ages, the median loss reported in the first half of 2024 was $10,000, per the release.

Consumers can avoid these scams by never clicking on links or responding directly to unexpected calls, messages or computer pop-ups; talking with someone they trust before doing anything else after seeing these communications; never withdrawing cash in response to unexpected calls or messages; and ignoring anyone who says they must use a bitcoin ATM, buy gift cards or move money to protect their money or solve a problem, the release said.

Crypto has become a top payment method for many types of scams, the FTC said in the data spotlight, adding: “Widespread access to [bitcoin ATMs (BTMs)] has helped make this possible.”

The FTC said in May that it has been flooded by reports of impersonation scams in which consumers are taken in by scammers purporting to represent some of today’s leading companies.

The post FTC Reports Tenfold Increase in Scams Involving Bitcoin ATMs appeared first on PYMNTS.com.

]]>
2080138
Intellicheck CEO Warns: Every Data Breach Is a Step Closer to Someone Else Stealing Your Life https://www.pymnts.com/news/security-and-risk/2024/intellicheck-ceo-warns-every-data-breach-is-a-step-closer-to-someone-else-stealing-your-life/ https://www.pymnts.com/news/security-and-risk/2024/intellicheck-ceo-warns-every-data-breach-is-a-step-closer-to-someone-else-stealing-your-life/#comments Tue, 03 Sep 2024 08:02:27 +0000 https://www.pymnts.com/?p=2078427 In the wrong hands, digital footprints can turn into a blueprint for fraud. Particularly as identity theft proliferates and becomes more sophisticated, data breaches are increasingly turning personal and business information into a goldmine for cybercriminals looking for their next payday. “We are at about four times the level of data that has been breached […]

The post Intellicheck CEO Warns: Every Data Breach Is a Step Closer to Someone Else Stealing Your Life appeared first on PYMNTS.com.

]]>
In the wrong hands, digital footprints can turn into a blueprint for fraud.

Particularly as identity theft proliferates and becomes more sophisticated, data breaches are increasingly turning personal and business information into a goldmine for cybercriminals looking for their next payday.

“We are at about four times the level of data that has been breached this year to date compared to last year,” Intellicheck CEO Bryan Lewis told PYMNTS CEO Karen Webster. “So, it is definitely a problem.”

Every data breach is a step closer to someone else living your life. As cybercriminals ramp up their own attacks and tactics, technology must evolve to stay ahead of new attack vectors and fraud techniques, something typically easier said than done. Data breaches are not just becoming more frequent; they are also compromising vast amounts of sensitive information, including personal identification details that can easily be exploited for identity theft.

“If you go to these sites where you can now go steal somebody’s identity, you can plug in everything right down to a driver’s license number,” explained Lewis, stressing that identity theft is no longer just a concern for financial institutions; it has permeated all aspects of daily life.

A particularly concerning case is the National Public Data breach, where 2.9 billion records were compromised. The breach is especially worrying because the organization specializes in background checks, meaning the stolen data includes not just Social Security numbers, but also employment histories, addresses, alias names and other personal details that can be used to create a complete and convincing identity profile, Lewis said.

The implications of such breaches are far-reaching, in large part because the sheer volume of new data being added to criminal repositories on the dark web only serves to lower the cost of purchasing stolen identities, making identity theft more accessible to criminals.

Read also: Intellicheck CEO: Fraudsters Using AT&T’s Call Log Breach to Build Consumer Profiles

The Rising Threat of Perfectly Fabricated Identities

One of the most frightening aspects of modern identity theft is the potential for criminals to create government-issued identities using stolen data. With the right combination of information, a criminal could theoretically pass the typical screening processes and obtain a legitimate ID.

While it may still be challenging to pull off such a feat, Lewis explained that the ease with which criminals can now access detailed personal information makes it increasingly possible.

He underscored that the traditional methods of verifying identity, such as knowledge-based authentication and physical checks using black lights, are becoming less effective in the face of these sophisticated threats. Knowledge-based questions, once seen as a robust security measure, are now vulnerable due to the proliferation of personal data. With criminals having access to detailed information about a person’s life, including previous addresses and even dorm room numbers, it has become easier for them to answer these questions correctly and bypass security measures.

“The stuff that used to be hard to know is now becoming prolific, and everybody has it and knows it,” Lewis said. “My particular bank, they still rely on a black light to check if the ID is real or not. Which, maybe it makes me think I should change my bank because that just does not work.”

In response to the growing threat of identity theft, businesses and financial institutions must adopt more proactive measures to protect their customers’ identities.

The consequences of identity theft can be particularly severe in high-stakes transactions, and for businesses operating in such environments, it is essential to invest in advanced identity verification technologies and ensure their processes are robust enough to detect even the most sophisticated attempts at fraud. Consumers, too, must be vigilant in protecting their identities, choosing to do business with companies that prioritize security and take the necessary precautions to safeguard their personal information.

Lewis emphasized the importance of moving beyond outdated methods and instead focusing on verifying the authenticity of government-issued IDs. This involves not just checking the physical plastic, but also examining the data encoded in the barcodes on IDs, which is much harder to fake.

See also: The $400 Million Problem: Intellicheck CEO Details the Cost of Fake IDs

The Evolving Landscape of Identity Theft: Emerging Solutions

One promising approach to the evolving threat of identity theft is the development of identity scores, similar to credit scores, which would provide a measure of how trustworthy a person’s identity is based on various inputs.

Lewis noted that this could include data from government-issued IDs, behavioral patterns and other relevant information. By creating a comprehensive profile of an individual’s identity, businesses can better assess the risk of fraud and take appropriate action to protect themselves and their customers.

As the battle against identity theft intensifies, technology will play a role in helping businesses stay ahead of criminals. Machine learning and artificial intelligence are already being used to enhance the accuracy of identity verification processes, ensuring that even the most convincing fake IDs can be detected.

Lewis explained that the digital signatures and subdirectories within the barcodes of IDs are not publicly available, making them difficult for fraudsters to crack. This is where businesses must focus their efforts, he stressed, by ensuring that they are thoroughly checking the authenticity of IDs before relying on them for important transactions.

Additionally, the adoption of mobile driver’s licenses and other forms of digital identification is gaining traction to secure personal identities further. Although the rollout is still in its early stages, these technologies represent a promising future where identity verification is more secure and less susceptible to fraud.

“Building up a fake me is very easy to do, but working with other parties to say, ‘Here is what we trust,’ and putting the puzzle together will enable all of us to trust more,” Lewis said. “That, I think, is what will happen in the future.”

The post Intellicheck CEO Warns: Every Data Breach Is a Step Closer to Someone Else Stealing Your Life appeared first on PYMNTS.com.

]]>
https://www.pymnts.com/news/security-and-risk/2024/intellicheck-ceo-warns-every-data-breach-is-a-step-closer-to-someone-else-stealing-your-life/feed/ 1 2078427
Singapore Considers Bill Allowing Police to Stop Transfers to Scammers https://www.pymnts.com/news/security-and-risk/2024/singapore-considers-bill-allowing-police-stop-transfers-scammers/ Fri, 30 Aug 2024 14:13:47 +0000 https://www.pymnts.com/?p=2078213 Singapore is considering a bill that would allow police to order banks to temporarily prevent people from sending money to scammers. The country’s Ministry of Home Affairs (MHA) is seeking public comment on the proposed Protection from Scams Bill after seeing that some victims of scams voluntarily transfer money even after being warned by police, […]

The post Singapore Considers Bill Allowing Police to Stop Transfers to Scammers appeared first on PYMNTS.com.

]]>
Singapore is considering a bill that would allow police to order banks to temporarily prevent people from sending money to scammers.

The country’s Ministry of Home Affairs (MHA) is seeking public comment on the proposed Protection from Scams Bill after seeing that some victims of scams voluntarily transfer money even after being warned by police, banks or family that they were being scammed, the MHA said in a Friday (Aug. 30) press release.

This commonly happens in cases of internet love scams and impersonation scams, according to the release.

“In the first half of 2024, 86% of reported scams were the result of self-effected transfers,” MHA said in the release. “The scammers did not gain direct control of the victims’ accounts, but manipulated them into transferring their monies to the scammers.”

While Singapore’s banks offer tools customers can use to protect themselves from scams — such as a “Kill-Switch” that lets customers freeze their bank accounts if they suspect they’ve been compromised and a “Money Lock” that allows them to set aside money that cannot be transferred by online means — police have no power to stop people from voluntarily sending money to scammers, the release said.

The Protection from Scams Bill would allow police to issue restriction orders (ROs) only in cases of scams conducted via calls, text messages or online communications; would cover money transfers and all credit facilities; and would allow ROs to be issued for 28 days at a time, per the release.

“ROs will only be issued if the police have reason to believe that the individual is being targeted by a scammer and may make transfers to the scammer within the foreseeable future, and after other options to convince the victim have been exhausted and have failed,” the MHA said in the release.

It was reported in 2020 that cyber thieves posing as Singapore government agencies and universities stole $749,000 worth of goods after tricking companies into delivering them. The victims of these purchase order scams received emails from senders identifying themselves as a procurement officer, agreed to send the items, and then received no payments.

In the United States, the Federal Trade Commission (FTC) said in May that it has been flooded with reports of impersonation scams in which consumers were taken in by scammers purporting to represent some of today’s leading companies. The scammers prompted consumers to share their credit card information to renew nonexistent service plans, resolve fake security breaches or deliver nonexistent sweepstakes winnings.

Online romance scams or confidence scams are also common. In these schemes, perpetrators create fake identities, gain the victim’s affection and trust, and then drain their bank accounts by requesting money.

The post Singapore Considers Bill Allowing Police to Stop Transfers to Scammers appeared first on PYMNTS.com.

]]>
2078213
Lumen: Chinese Hacking Group Breached 4 US Companies https://www.pymnts.com/news/security-and-risk/2024/lumen-chinese-hacking-group-breached-4-united-states-companies/ Tue, 27 Aug 2024 19:41:58 +0000 https://www.pymnts.com/?p=2064998 Hackers tied to China breached four U.S. companies, according to cybersecurity researchers. Lumen’s Black Lotus Labs said in a Tuesday (Aug. 27) blog post that the group Volt Typhoon found a server vulnerability at the startup Versa Networks that allowed it to hack the four companies. It also hacked a company in India, Bloomberg reported […]

The post Lumen: Chinese Hacking Group Breached 4 US Companies appeared first on PYMNTS.com.

]]>
Hackers tied to China breached four U.S. companies, according to cybersecurity researchers.

Lumen’s Black Lotus Labs said in a Tuesday (Aug. 27) blog post that the group Volt Typhoon found a server vulnerability at the startup Versa Networks that allowed it to hack the four companies. It also hacked a company in India, Bloomberg reported Tuesday.

“Given the severity of the vulnerability, the sophistication of the threat actors, the critical role of Versa Director servers in the network, and the potential consequences of a successful compromise, Black Lotus Labs considers this exploitation campaign to be highly significant,” the blog post said.

Lumen shared its findings with Versa in late June, Bloomberg reported. Versa said it issued an emergency patch for the bug at the end of June but only began flagging the issue widely to clients in July after one of them notified Versa of a breach.

Versa said the customer failed to follow the proper guidelines on how to protect its systems through measures like firewall rules, according to the report.

Earlier this year, FBI Director Christopher Wray warned that the Chinese government’s attempts to virtually attack American infrastructure had reached new levels. He mentioned Volt Typhoon by name. The group last year was revealed to be dormant inside U.S. critical infrastructure, with malware that needed to be triggered to disrupt that infrastructure.

“It’s the tip of the iceberg,” Wray said at the time. “…It’s one of many such efforts by the Chinese.”

In other cybersecurity news, there was a “possible cyberattack” last week at the Port of Seattle, which operates the Seattle-Tacoma International Airport.

The incident came weeks after the July Microsoft outage that sidelined critical systems around the world, although that disruption came as a result of a software glitch by CrowdStrike, not the actions of cybercriminals.

“Still, both incidents serve as an uncomfortable illustration of just how brittle the connected economy’s core internet structure can be, particularly when faced with stressors,” PYMNTS wrote Monday (Aug. 26). “But as the world goes increasingly digital, the risk of online systems being targeted by cybercriminals who want to disrupt operations, steal data or ransom sensitive information is only growing.”

The post Lumen: Chinese Hacking Group Breached 4 US Companies appeared first on PYMNTS.com.

]]>
2064998
Nigeria Targets Online Scams Following Meta Crackdown https://www.pymnts.com/news/security-and-risk/2024/nigeria-targets-online-extortion-scams-following-meta-crackdown/ https://www.pymnts.com/news/security-and-risk/2024/nigeria-targets-online-extortion-scams-following-meta-crackdown/#comments Mon, 26 Aug 2024 13:30:20 +0000 https://www.pymnts.com/?p=2063768 Nigeria is reportedly eager to combat online extortion scams following a crackdown by Meta. The country’s Economic and Financial Crimes Commission is willing to work with global law enforcement to stop suspects based in Nigeria, a spokesperson for the watchdog said, per a Financial Times report published Monday (Aug. 26). “There’s no safe haven for anyone […]

The post Nigeria Targets Online Scams Following Meta Crackdown appeared first on PYMNTS.com.

]]>
Nigeria is reportedly eager to combat online extortion scams following a crackdown by Meta.

The country’s Economic and Financial Crimes Commission is willing to work with global law enforcement to stop suspects based in Nigeria, a spokesperson for the watchdog said, per a Financial Times report published Monday (Aug. 26).

“There’s no safe haven for anyone committing such crimes in Nigeria as far as the EFCC is concerned,” said commission spokesperson Dele Oyewale, according to the report.

His comments came after Meta pulled more than 63,000 fake accounts from Instagram, including what it called a “coordinated network” of 2,500 accounts tied to 20 users, for their role in “sextortion” scams, the report said.

In these scams, fraudsters pose as young women and typically target younger men and boys, soliciting sexually explicit images from them and then extorting money from their victims by threatening to make the images public. In the worst cases, victims have died by suicide, the report said.

“Financial sextortion is a rising and very serious threat targeting our minors nationwide,” Cheyvoryea Gibson, special agent in charge of the FBI in Michigan, where one of the most extreme sextortion cases happened, said in a statement in April, per the report.

The increase in this kind of criminal activity is happening amid a larger uptick in online fraud and scam cases.

Speaking earlier this month with PYMNTS, Featurespace Chief Operating Officer Tim Vanderham noted that “when you think about the billions and billions of dollars that come from scams globally,” the money made from ill-gotten gains dwarfs the revenues of some of the largest businesses around the world.

The interview came against the backdrop of a report by The Wall Street Journal on the rise of “scam dens,” which operate essentially as business centers with sophisticated setups, complete with separate departments for training fraudsters, “onboarding” unwitting victims and KPIs used to determine whether certain scams are working.

“Along the way, fraudsters are proving adept at using artificial intelligence to develop relationships and trust on the part of their victims, preying on human emotions and making off with individuals’ life savings and retirement holdings, draining their bank accounts with brazen speed, notably through authorized push payments,” PYMNTS wrote.

The post Nigeria Targets Online Scams Following Meta Crackdown appeared first on PYMNTS.com.

]]>
https://www.pymnts.com/news/security-and-risk/2024/nigeria-targets-online-extortion-scams-following-meta-crackdown/feed/ 1 2063768
Galileo: Banks Need to Predict Customer Experience to Combat Fraud https://www.pymnts.com/news/security-and-risk/2024/galileo-banks-must-predict-customer-experience-combat-fraud/ Mon, 26 Aug 2024 08:00:24 +0000 https://www.pymnts.com/?p=2063054 Forget everything you knew about fraud and fraudsters. Financial institutions must grapple with the dual challenge of countering increasingly sophisticated fraud attacks as fraudsters harness artificial intelligence and machine learning technologies. The flip side is ensuring that the customer experience is seamless through the entire journey with the bank. Max Spivakovsky, senior director of strategy […]

The post Galileo: Banks Need to Predict Customer Experience to Combat Fraud appeared first on PYMNTS.com.

]]>
Forget everything you knew about fraud and fraudsters.

Financial institutions must grapple with the dual challenge of countering increasingly sophisticated fraud attacks as fraudsters harness artificial intelligence and machine learning technologies. The flip side is ensuring that the customer experience is seamless through the entire journey with the bank.

Max Spivakovsky, senior director of strategy and operations, global payments risk management and onboarding at Galileo, told PYMNTS in an interview that banks walk a tightrope as they deliver digital services and payments choices to their end customers while guarding against scammers and cybercriminals.

That balancing act mandates that FIs use both proactive and reactive approaches, and technological tools, as they defend themselves while creating a personalized, convenient customer experience, he said.

“The legacy solutions just don’t work anymore,” he told PYMNTS. “Leveraging a single tool used to be the ‘paramount’ strategy of fraud mitigation years ago, but now it’s just not applicable … the FIs must think about fighting fraud with a holistic perspective.”

The holistic perspective can pay dividends while protecting the FI from financial losses and reputational risk, he said.

“The client experience drives the engagement, and utilization of [banking] apps and programs,” he said.

Increased engagement translates into longer-lived, stickier relationships, more deposits at the bank and willingness to try new services and products.

Asked what a proactive strategy might entail, Spivakovsky said banks should ideally be able to predict the customer experience and shifts in customer spending patterns so they can tailor new offers in context. Reactive approaches contend with fraud that has already happened and include the need to inform customers in real time, through in-app notifications and other outreach efforts, of the steps they must take to protect themselves.

No Need to Go It Alone

All of this costs time and money, especially if banks try to do it in-house.

But “financial institutions don’t have to build or manage these tools alone,” said Spivakovsky. “There’s always support.”

The financial services industry is moving away from the days when banks took charge of everything, keeping all data and processes on-premises. Now the shift is toward relying on FinTechs and other providers to get real-time fraud prevention in place and to identify emerging fraud and scam patterns before they wind up hurting banks and their customers while improving the customer experience, he said.

Each side of the equation — the bank and the FinTech/solution provider — can bring their respective strengths to the relationship. For FinTechs, banks bring knowledge of exactly who their customers are and how they want to tailor a given customer relationship. The FinTechs, in turn, can and do offer platforms that can be adjusted for any client and improve the payments experience so that card transactions, ACH and faster payments are all enabled in an omnichannel fashion.

Taking the example of card payments, Spivakovsky noted that platforms serving banks must be able to tackle real-time decisioning and signals that can determine if plastic or virtual cards can (or even should) be issued to would-be customers across individual and commercial use cases. FIs seeking to protect clients and safely take new clients on board have been turning to FinTechs and consortiums to take care of the know your customer (KYC) and know your business (KYB) processes that happen in the background and battle the rising tide of synthetic fraud.

“AI, machine learning, large language modeling will help us better combat fraud by making fraud detection more precise, while at the same time proving more adaptive to the new threats,” he told PYMNTS. “Understanding the client experiences and what exactly the clients are trying to achieve will help us to be much more proactive in the ways we would like to engage the customer within their digital journey.”

The post Galileo: Banks Need to Predict Customer Experience to Combat Fraud appeared first on PYMNTS.com.

]]>
2063054
Telegram Founder Arrested in France in Cybercrime Probe https://www.pymnts.com/news/security-and-risk/2024/telegram-founder-arrested-in-france-in-cybercrime-probe/ Sun, 25 Aug 2024 20:38:09 +0000 https://www.pymnts.com/?p=2063497  Telegram’s founder has reportedly been arrested in France as part of a cybersecurity investigation. Pavel Durov, the Russian-born billionaire behind the popular messaging app, was detained at Le Bourget airport outside Paris and taken into custody shortly after landing on a private jet late Saturday (Aug. 24), Reuters reported. According to the report, a police […]

The post Telegram Founder Arrested in France in Cybercrime Probe appeared first on PYMNTS.com.

]]>
 Telegram’s founder has reportedly been arrested in France as part of a cybersecurity investigation.

Pavel Durov, the Russian-born billionaire behind the popular messaging app, was detained at Le Bourget airport outside Paris and taken into custody shortly after landing on a private jet late Saturday (Aug. 24), Reuters reported.

According to the report, a police source said the arrest was part of a preliminary investigation into whether Telegram allowed a range of criminal activity on its platform due to a lack of moderators. The probe is also looking into a lack of cooperation with police on the part of the company, the source said.

The report said a cybersecurity gendarmerie unit and France’s national anti-fraud police unit are leading the investigation, with an investigative judge who specializes in organized crime.

The company stated on  X Sunday (Aug. 25), saying that it abides by European laws, including the Digital Services Act, and that its moderation conforms to industry standards.

“It is absurd to claim that a platform or its owner are responsible for abuse of that platform,” the company said. “Almost a billion users globally use Telegram as means of communication and as a source of vital information. “We’re awaiting a prompt resolution of this situation. Telegram is with you all.”

Earlier this year, Telegram announced it was pivoting to crypto payments for its advertisers, and crypto payouts for content creators using its app, using the Open Network (better known as the TON Blockchain), and its native cryptocurrency, Toncoin.

“We chose the TON Blockchain because it has low fees, high transaction speeds — and holds a record for the number of transactions it can process per second,” the messaging app said in a statement announcing the roll-out.

Earlier this year, Durov told the Financial Times he was considering taking the Dubai-based Telegram public, also noting the company had 900 million users, and is making “hundreds of millions of dollars” in revenues from advertising and premium subscription services.

“We are hoping to become profitable next year, if not this year,” he said in his first public interview since 2017.

Durov, who owns 100% of Telegram, said the platform had “been offered $30 billion-plus valuations” from possible investors, including “global late-stage tech funds.” However, the company has no plans to sell while considering a potential initial public offering (IPO).

“The main reason why we started to monetise is because we wanted to remain independent,” he said. “Generally speaking, we see value in [an IPO] as a means to democratize access to Telegram’s value.”

The post Telegram Founder Arrested in France in Cybercrime Probe appeared first on PYMNTS.com.

]]>
2063497