Risk
May 19th, 2016 by Elma Jane

Transaction laundering, the new face of payment fraud is increasing and getting popular in the world of e-commerce.

Studies revealed that there are as many as 6% to 10% of additional unauthorized e-commerce sites that banks may be processing without their consent or awareness. A digital version of money-laundering, engaging in illicit commerce while using legal means to get paid.

Transaction laundering is another form of money-laundering and it is illegal.
Detecting fraudsters are becoming a major challenge not only for banks but financial service organizations like payment service providers as well. There have been dozens of cases where legitimate-looking websites were caught selling illegal products.

Acquirers, banks, and other institutions focused on websites as the central of transaction laundering while the mobile era has opened up a new ground for scammers to operate in. They provide new opportunities for fraudsters to do their work by routing payments for illicit goods and services through their own legitimate front accounts.

Mobile wallet apps, NFC chips, and payment apps are some of the new ways payments are being collected. Not to mention opening up an on-line storefront using web tools, which anyone can do is very easy.

Micro-merchants expansion of doing business on-line and the greater reach they have now to mobile technology, business opportunities for scammers doing transaction laundering have never been better.

It is important for the industry to know what is happening, and how great the risks are. It’s a new challenge for the payments industry, learning and educating ourselves on those dangers is a priority.

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , ,

Malware
November 19th, 2015 by Elma Jane

Cyphort Advance Malware Defense, the next generation Advanced Persistent Threat (APT) defense company, recently analyzed the top financial malware threats cybercriminals are using to target electronic payment systems. This will raise awareness of the dangers they present.

Most dangerous financial malware threats of 2015:

Zeus – Since debuting in 2007, this malware has infected tens of millions of computers worldwide. Financial service professionals consider it to be the most severe threat to online banking.

SpyEye – This Trojan horse has infected 1.4 million computers worldwide. Banking information is stolen using a keylogger application, and the bot can take screenshots of a victim’s machine.

Torpig – This botnet is spread using a Trojan horse called Mebroot. Torpig steals targeted login credentials to access bank accounts. It is difficult to detect because it hides its files and encrypts its logs.

Vawtrak – This a relatively new Trojan that can spread itself via social media, email and file transfer protocols. Its unique feature is that it can hide evidence by changing the balance shown to the victim.

Bebloh – This malware targets login credentials to intercept online transactions and breach financial systems.

Shylock – Attacks European banks via Man-in-the-Browser exploits. Worldwide, it has infected 60,000 computers using Microsoft Windows.

Dridex – Malicious code is executed via email attachments and Microsoft Word documents that contain macros that can download a second-stage payload, which can then download and execute the Trojan.

Dyre – Relies on malicious PDF attachments that can exploit unpatched versions of Adobe Reader. The email subject line will be misspelled and read “Unpaid invoic” or contain the attachment “Invoice621785.pdf.” Once the document is opened, Dyre can obtain bank account credentials. 

Financial malware has been around for more than a decade, it is quickly evolving in sophistication, to make sure your organization is protected from financial malware, Cyphort recommends the following: 

  1. Keep system and applications patched.
  2. Educate employees to be careful when visiting websites with popups. If a person does need to go to such a site, do so from a non-Windows platform.
  3. Adopt a new defense paradigm that continually monitors, diagnoses and mitigates attacks.

Posted in Best Practices for Merchants Tagged with: , , , , , , ,

May 9th, 2014 by Elma Jane

Facebook is apparently ready to become a person-to-person (P2P) money transfer network. The clear decision to launch a money transfer service in the region can be seen as a test bed for Facebook’s larger ambitions of becoming a payments hub for its 1 billion user base. Facebook was only weeks away from gaining regulatory approval in Ireland for its remittance platform FT quoted unnamed sources. Facebook’s P2P platform will be geared to facilitating migrant remittances, with the goal of expanding its payment presence in emerging markets such as India. Facebook makes the bulk of its revenue from advertising, but 10 percent of its profits reportedly come from in-game payments for online and mobile games, such as Zynga’s popular FarmVille.

From WhatsApp to what’s next

Facebook’s February 2014 acquisition of mobile messaging service WhatsApp for $19 billion clarified the social network’s strategy. The WhatsApp acquisition and the expected P2P network launch as part of the first phase of Facebook’s deeper immersion into payments.

Tech giants face up to payments

When comparing the payment strategies of tech giants Google Inc., Apple Inc. and Facebook, the latter two competitors as having bigger potential upsides than Google. Facebook and Apple (via iTunes) already have established financial relationships with millions of users who have attached funding mechanisms – debit and credit cards –  to their social media accounts. As primarily a search engine, Google is playing catch up to persuade its users to set up Google Wallet accounts.

In May 2013, Google launched its own P2P network by integrating Google Wallet with Gmail accounts, so that wallet users can facilitate money transfers via email. More recently, reports have surfaced indicating Google plans to extend Google Wallet to its wearable technology solution Google Glass. But the success of such ventures rests on users’ confidence with Google as a financial service provider.

Facebook as having a brighter financial services future than Apple. Apple’s reach is limited to consumers who have iPhones and iPads, whereas Facebook is not tied to any branded mobile devices, it is a very ubiquitous offering. It could apply to anybody with any type of phone or tablet.

Eventually, tech companies like Facebook will need to partner with payment businesses in order to expand into the merchant-centric brick-and-mortar world. The mobile POS solution provider, a business unit of global POS terminal manufacturer Ingenico SA, would be an ideal partner for Facebook. If they extend what they do from P2P payments to more of a wallet purchasing capability for their users, then the next step could very easily be an extension of that into servicing the merchant side.

Posted in Financial Services, Mobile Payments, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,