EMV: It's Always Been About Reducing Fraud

EMV: It's Always Been About Reducing Fraud

Silicon Valley Bank Plans to Expand Chip Card Program

Mikeknsah: Information Security News Update!

Repost:

The combined global effect of the identity theft fraudsters that swindled at least $9 million from 8,000 victims in a period of 15 years (Atlanta, GA) and a 16 month period ID theft crime costing over $13 million across Africa, Asia, Europe, the Middle-East, and the United States (Queens, NY) may cause those opposing the Europay, MasterCard, Visa (EMV) standard to rethink their stance on the chip and PIN card technology. According to Pradeep Moudgal, who oversees global cards and merchant services for Silicon Valley Bank (SVB) in California, chip and PIN card technology migration by U.S. financial institutions will be expensive. However, considering the cost already inflicted on the accountholders and the issuing banks, what more evidence is needed to convince the U.S. card issuers to support EMV and implement chip and PIN. No one knows.  

The vast majority of ID theft crimes are attributed to the magnetic stripes on the back of the cards, says Avivah Litan, a Gartner analyst. This Achilles heel of the global card industry could finally be eliminated with the implementation of chip and PIN card technology. As the first U.S. commercial bank to implement EMV, SVB is proving that fact as it rolled out EMV cards with its elite business cardholders. Following that will be SVB’s more affluent clienteles who travel overseas.

The embarrassment of card rejection overseas and increased global ID security vulnerability, in the long run, far outweigh the cost of chip and PIN card technology implementation. Moreover, the reduction of ID theft fraud, as evidenced in the U.K. and some parts of Europe and Asia, should be a strong motivating factor to those in the U.S. still gauging the cost and benefits of the new technology. If chip and PIN could become a positive tool to mitigate cybercrime, financial fraud, identity theft, information security threats, etc., why not give it a shot. Any takers?

Reference:

http://www.bankinfosecurity.com/p_print.php?t=a&id=4187

Stopping Fraud Before It Happens Saves Organizations A Ton Of Headache

Mikeknsah: Information Security News Update!


Stopping Fraud Before It Happens Saves Organizations the Headache of Cleanup Costs.

According to ACEF Staff writers, "Anti-fraud professionals know that while it’s best to catch fraud as soon as possible, it’s even better to stop fraud before it happens — which is why active fraud prevention is a critical part of anti-fraud strategies for organizations of any size."

With the advent of cyber fraud gaining so much press attention globally, the banking industry, in particular, is better served by paying great attention to what the unethical hackers are doing behind the scenes and who is their biggest target. Unfortunately, globalization has made the job of the fraudsters much easier than ever, and near impossible to detect. Even the best and robust network technologies are having challenges preventing the persistent attackers from gaining access into the banks core database to do exploits.

Therefore, the best approach to avoid spending millions of dollars to clean up the impact of fraud rests on doing whatever it takes to prevent it from happening at all. One of the best ways to achieve this is having continuous dialogue with the employees and providing cutting edge awareness training regularly. In the end, the greatest threat in the Cybersecurity space - the human connection - will be highly minimized and mitigate fraud risks, if strategic effort is made by C level management strive to raise employees awareness of the impact and cost of fraud before it happens opposed to after fraud has occurred.

Retrieved from:

https://acfeinsights.squarespace.com/acfe-insights/save-your-organization-a-headache-by-stopping-fraud-before-it-happens

September 21, 2019

How Will EMV Implementation Protect the Consumers?

Alas, with the implementation of the EMV in the United States, the Credit Card industry and merchants can breathe some sigh of relief. At least it is better late than never as the wise saying goes. For the most part, Europe and other countries embraced EMV with open arms but the U.S. fought really hard to keep it from its shores. In the end, the cybersecurity threats, barrage of high profile breaches, and its impact on the average American pressured the U.S to finally accept EMV implementation.

According to PCI and Credit Card Fraud experts in the industry, EMV is the best way forward. However, Citizens Financial Group Tim Webb offered to the contrary that the chip-based cards and the usage of signature instead of PIN will not help protect the U.S. consumer from fraud. 

But with the success of the encrypted computer chips in nations that have EMV standard instead of magnetic stripes, the EMV acceptance will substantially grow in the U.S. within the next few years according to Eric Chabrow in his October 2014 article: EMV Rollout: Are PINs Essential? Most experts also contend that chip-based cards "provide far better security than magnetic stripes cards, but that the e-commerce will be a major front where fraud will substantially grow." 

Whatever the short-term outcome, the future of EMV globally is bright and the U.S will benefit immensely from its implementation.

See also:

Expect a Fraud Surge During EMV Rollout  

Cyber Attack Is Real!

Anyone living on this planet would agree with the fact that Cyber Attack has become a daily occurrence impacting every facet of our lives.

U.S. Banks Hit with Massive and Intensifying Cyber-attacks

Cyber Attacks on U.S. Banks Expose Computer Vulnerability

U.S. banks are hit with massive and intensifying cyber-attacks

Cyber-attackers are at it again. But this time, the magnitude of the attack is massive. The victims include the great and mighty banks in the US; namely JPMorgan Chase, Well Fargo, Bank of America, Citigroup, U.S. Bancorp, and PNC Financial Services Group. Rodney Joffe, senior vice president at Neustar, Sterling, Virginia-based security firm puts it very well by saying “the nature of this attack is sophisticated enough or large enough that even the largest of the financial institutions would find it difficult to defend against.”

According to cybersecurity specialists, the recent escalation of cyber-attacks has “overpowered some of the most sophisticated computer defenses of U.S. banks.” The extent of the impact of the threat also got the attention of not only the entire financial institutions, but also the White House, U.S. Congress, and every financially related enterprise. For example, sources close the Obama administration and security expert helping to trace the attack said “the attacks, which originate outside the U.S., have been the subject of several closed-door meetings at the White House.”

Could this incident have some connection with the You Tube video depicting Prophet Muhammad? That question is being sorted out by the authorities. However, the fact that “a group calling itself Izz ad-Din al-Quassam Cyber Fighters claimed responsibility for the assault in a statement posted to the website pastebin.com” may give some indication as to who is behind these well planned attacks. Also, banks are declining to comment for fear of premature conclusions. The banks major concern going forward is about what they could suffer if “an organization with more resources” should launch attacks. It is indeed a test of the banking industry computer networks and the integrity of their intrusion detection technology. Even though these banks were forewarned about the attacks, yet the banks were unable to handle the DDoS attacks, according to Atif Mushtag, senior staff scientist with California-based security firm, FireEye, Inc.

It is my hope that given the magnitude the impact of the attack on these banks and its effect of financial consumers’ confidence, more cyber-attack deterrent measures would be implemented within the financial institutions systems. It should also be a good lesson for the Federal authorities, such as the FBI, NSA, and the DoD.

Retrieved September 28, 2012, from

http://www.bloomberg.com/news/2012-09-28/cyber-attacks-on-u-s-banks-expose-computer-vulnerability.html

 

Time To Finish Up: Lessons Learned!

Information Security News Update!

My first experience blogging has been very exciting and rewarding. My final take: I plan on researching for an opportunity to be a regular contributor on cyber-security and cyber-crime issues in the financial sector.

The first couple of weeks were a little shaky due to the fact that I needed to get my feet wet in the blogging arena. Once the dust settled and the kinks were smoothened out, it became so much fun to read and blog on the various topics that I found interesting.

Throughout the blogging weeks I wrote about a variety of topics. However, most of my blog materials were about the financial/banking industry cyber-crimes from Bankinfosecurity.com website. The topics covered hacking, viruses, ID theft, credit card skimming, cyber fraud, information security threats and ways to combat them, etc.

Initially, I did not choose to write on these topics but cyber-crime in the financial sector picked my interest as I began to read about how it impacted my current field of work, and the millions of dollars being lost due to financial cyber-crimes around the world. Also, as the course progressed I gained better insight about cyber security issues. Another source that I used was Networkworld News website.

I feel that this type of blog is a very useful tool and a great learning experience for information security and banking industry professionals. One of the lessons I learned was that my materials sources kept me abreast of current issues in the cyber security & cyber-crime world. It also made me more aware about how the Federal, States, and local authorities are combating cyber security frauds and financial cyber-crimes.

Skimming Stopped by Bank, Merchants

Pay-at-the-Pump Scheme Launches 10-Month Spree

Combating Pay-At-The-Pump Skimming

Some years ago, words like skimming, phishing, spamming, etc., were not common in the electronic world vocabularies. How the world has changed electronically is amazing. The more sophisticated technologies get, the men/women of the information age underworld get even super sophisticated at challenging the advancements and pose more cyber threats.

The financial/banking industry is one of the most vulnerable areas susceptible to different types of attack. Probably because “money is king” as the saying goes, therefore systems, devices, or persons that have access to it must be more prone to attacks.

Gray Taylor, a security and compliance expert for National Associations of Convenience Stores (NACS) says it bluntly; “the U.S. payment system is broken …, the magnetic stripe is the culprit.” Recently in Orlando, FL, a U.S. District court charged two suspected fraudsters for credit cards pay-at-the-pump skimming. The skimming fraud resulting in thousands of dollars spanned over 10 months of numerous fraudulent retail transactions with 175 credit cards at least. The good news is that the fraudsters were finally busted by a retail store’s surveillance and “banks’ transactional fraud-detection systems” when the suspects were making a $73,500 purchase. Other skimming crimes were committed at gas stations in Orlando suburbs.

Some of the banks that were victims included Chase and American Express. These cases are examples indicating that hacking and skimming U.S.-based magnetic-stripe accounts by criminals are growing. According to Jeff Lenard, NACS spokesperson, “pay-at-the-pump skimming is an issue the convenience-store and petrol industries are taking seriously.” To help retailers mitigate potential security breaches, NACS has launched WeCare Decals, tamper-evident labels for quick identification. They also recommended that retailers install video cameras for better surveillance, inspect pumps regularly to monitor tampering, and change pump dispenser locks because the older pump locks have same keys and inspection and collaboration are the best response to POS attacks. Hopefully the “WeCare Decal” mechanism and other recommendations would provide some desperately needed solution to curb magnetic-stripe cards skimming fraud.

http://www.bankinfosecurity.com/articles.php?art_id=4225&opg=1

http://www.bankinfosecurity.com/articles.php?art_id=4218&search_keyword=skimming+stopped+by+bank%2C+merchant&search_method=exact