May 19th, 2016 by Elma Jane
Transaction laundering, the new face of payment fraud is increasing and getting popular in the world of e-commerce.
Studies revealed that there are as many as 6% to 10% of additional unauthorized e-commerce sites that banks may be processing without their consent or awareness. A digital version of money-laundering, engaging in illicit commerce while using legal means to get paid.
Transaction laundering is another form of money-laundering and it is illegal.
Detecting fraudsters are becoming a major challenge not only for banks but financial service organizations like payment service providers as well. There have been dozens of cases where legitimate-looking websites were caught selling illegal products.
Acquirers, banks, and other institutions focused on websites as the central of transaction laundering while the mobile era has opened up a new ground for scammers to operate in. They provide new opportunities for fraudsters to do their work by routing payments for illicit goods and services through their own legitimate front accounts.
Mobile wallet apps, NFC chips, and payment apps are some of the new ways payments are being collected. Not to mention opening up an on-line storefront using web tools, which anyone can do is very easy.
Micro-merchants expansion of doing business on-line and the greater reach they have now to mobile technology, business opportunities for scammers doing transaction laundering have never been better.
It is important for the industry to know what is happening, and how great the risks are. It’s a new challenge for the payments industry, learning and educating ourselves on those dangers is a priority.
Posted in Best Practices for Merchants Tagged with: banks, e-commerce, financial service, fraud, merchants, mobile technology, mobile wallet, nfc, payment, payment service providers, payments industry, transaction
November 19th, 2015 by Elma Jane
Cyphort Advance Malware Defense, the next generation Advanced Persistent Threat (APT) defense company, recently analyzed the top financial malware threats cybercriminals are using to target electronic payment systems. This will raise awareness of the dangers they present.
Most dangerous financial malware threats of 2015:
Zeus – Since debuting in 2007, this malware has infected tens of millions of computers worldwide. Financial service professionals consider it to be the most severe threat to online banking.
SpyEye – This Trojan horse has infected 1.4 million computers worldwide. Banking information is stolen using a keylogger application, and the bot can take screenshots of a victim’s machine.
Torpig – This botnet is spread using a Trojan horse called Mebroot. Torpig steals targeted login credentials to access bank accounts. It is difficult to detect because it hides its files and encrypts its logs.
Vawtrak – This a relatively new Trojan that can spread itself via social media, email and file transfer protocols. Its unique feature is that it can hide evidence by changing the balance shown to the victim.
Bebloh – This malware targets login credentials to intercept online transactions and breach financial systems.
Shylock – Attacks European banks via Man-in-the-Browser exploits. Worldwide, it has infected 60,000 computers using Microsoft Windows.
Dridex – Malicious code is executed via email attachments and Microsoft Word documents that contain macros that can download a second-stage payload, which can then download and execute the Trojan.
Dyre – Relies on malicious PDF attachments that can exploit unpatched versions of Adobe Reader. The email subject line will be misspelled and read “Unpaid invoic” or contain the attachment “Invoice621785.pdf.” Once the document is opened, Dyre can obtain bank account credentials.
Financial malware has been around for more than a decade, it is quickly evolving in sophistication, to make sure your organization is protected from financial malware, Cyphort recommends the following:
- Keep system and applications patched.
- Educate employees to be careful when visiting websites with popups. If a person does need to go to such a site, do so from a non-Windows platform.
- Adopt a new defense paradigm that continually monitors, diagnoses and mitigates attacks.
Posted in Best Practices for Merchants Tagged with: bank, banking, electronic payment systems, financial, financial service, financial systems, online transactions, payment
May 9th, 2014 by Elma Jane
Facebook is apparently ready to become a person-to-person (P2P) money transfer network. The clear decision to launch a money transfer service in the region can be seen as a test bed for Facebook’s larger ambitions of becoming a payments hub for its 1 billion user base. Facebook was only weeks away from gaining regulatory approval in Ireland for its remittance platform FT quoted unnamed sources. Facebook’s P2P platform will be geared to facilitating migrant remittances, with the goal of expanding its payment presence in emerging markets such as India. Facebook makes the bulk of its revenue from advertising, but 10 percent of its profits reportedly come from in-game payments for online and mobile games, such as Zynga’s popular FarmVille.
From WhatsApp to what’s next
Facebook’s February 2014 acquisition of mobile messaging service WhatsApp for $19 billion clarified the social network’s strategy. The WhatsApp acquisition and the expected P2P network launch as part of the first phase of Facebook’s deeper immersion into payments.
Tech giants face up to payments
When comparing the payment strategies of tech giants Google Inc., Apple Inc. and Facebook, the latter two competitors as having bigger potential upsides than Google. Facebook and Apple (via iTunes) already have established financial relationships with millions of users who have attached funding mechanisms – debit and credit cards – to their social media accounts. As primarily a search engine, Google is playing catch up to persuade its users to set up Google Wallet accounts.
In May 2013, Google launched its own P2P network by integrating Google Wallet with Gmail accounts, so that wallet users can facilitate money transfers via email. More recently, reports have surfaced indicating Google plans to extend Google Wallet to its wearable technology solution Google Glass. But the success of such ventures rests on users’ confidence with Google as a financial service provider.
Facebook as having a brighter financial services future than Apple. Apple’s reach is limited to consumers who have iPhones and iPads, whereas Facebook is not tied to any branded mobile devices, it is a very ubiquitous offering. It could apply to anybody with any type of phone or tablet.
Eventually, tech companies like Facebook will need to partner with payment businesses in order to expand into the merchant-centric brick-and-mortar world. The mobile POS solution provider, a business unit of global POS terminal manufacturer Ingenico SA, would be an ideal partner for Facebook. If they extend what they do from P2P payments to more of a wallet purchasing capability for their users, then the next step could very easily be an extension of that into servicing the merchant side.
Posted in Financial Services, Mobile Payments, Smartphone Tagged with: Apple Inc.Facebook, consumers, credit cards, debit, device, financial service, financial service provider, Gmail accounts, Google Glass, Google Inc., Google Wallet accounts, ingenico, iPads, iPhones, iTunes, merchant-centric brick-and-mortar, migrant remittances, mobile, Mobile Devices, mobile games, mobile messaging service, mobile pos, mobile POS solution, mobile POS solution provider, money transfer, money transfer network, money transfer service, network, online, p2p, P2P network, P2P payments, P2P platform, payment businesses, payments, payments hub, phone, POS terminal, remittance, remittance platform, search engine, service provider, social media, social media accounts, social networks, tablet, wearable technology
