DOCSLIB.ORG

2019 Payments Threats and Fraud Trends Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
2019 Payments Threats and Fraud Trends Report 2019 Payment Threats and Fraud Trends Report EPC302-19 /Version 1.0 / Date issued: 9 December 2019 © 2019 Copyright European Payments Council (EPC) AISBL: This document is public and may be copied or otherwise distributed provided attribution is made and the text is not used directly as a source of profit www.epc-cep.eu 1 / 91 Report 2019 Payment Threats and Fraud Trends EPC302-19 Version 1.0 Date issued: 9 December 2019 November 2019 Abstract This new edition of the threats trends report reflects the recent developments concerning security threats and fraud in the payments landscape over the past year. www.epc-cep.eu 2 / 91 Report 2019 Payments Threats and Fraud Trends EPC302-19 / Version 1.0 Table of Contents Executive Summary .................................................................................................................... 6 1 Document information ......................................................................................................... 8 1.1 Structure of the document ........................................................................................................ 8 1.2 References.................................................................................................................................. 8 1.3 Definitions .................................................................................................................................. 9 1.4 Abbreviations ........................................................................................................................... 13 2 General .............................................................................................................................. 16 2.1 About the EPC .......................................................................................................................... 16 2.2 Vision ........................................................................................................................................ 16 2.3 Scope and objectives................................................................................................................ 16 2.4 Audience .................................................................................................................................. 16 3 Main threats ...................................................................................................................... 17 3.1 Introduction ............................................................................................................................. 17 3.2 Social Engineering .................................................................................................................... 17 3.2.1 Definitions ...................................................................................................................... 17 3.2.2 Fraud Description ........................................................................................................... 17 3.2.3 Impact & Context ........................................................................................................... 18 3.2.4 Suggested Controls and Mitigation ................................................................................ 20 3.2.5 Final Considerations/Conclusions .................................................................................. 22 3.3 Malware ................................................................................................................................... 22 3.3.1 Definition ........................................................................................................................ 22 3.3.2 Fraud Description ........................................................................................................... 23 3.3.3 Impact & Context ........................................................................................................... 24 3.3.4 Suggested Controls and Mitigation ................................................................................ 25 3.3.5 Final Considerations/Conclusions .................................................................................. 26 3.4 Advanced Persistent Threats (APTs) ........................................................................................ 27 3.4.1 Definition ........................................................................................................................ 27 3.4.2 Fraud description ........................................................................................................... 28 3.4.3 Impact & context ............................................................................................................ 32 3.4.4 Suggested Controls and Mitigation ................................................................................ 34 3.4.5 Final Considerations/Conclusions .................................................................................. 37 3.5 Mobile device related attacks .................................................................................................. 38 www.epc-cep.eu 3 / 91 Report 2019 Payments Threats and Fraud Trends EPC302-19 / Version 1.0 3.5.1 Attacks Targeting the Mobile Device ............................................................................. 40 3.5.2 SIM swapping ................................................................................................................. 49 3.5.3 Final Considerations/Conclusions .................................................................................. 51 3.6 Denial of Service ....................................................................................................................... 52 3.6.1 Definition ........................................................................................................................ 52 3.6.2 Fraud Description ........................................................................................................... 52 3.6.3 Impact & Context ........................................................................................................... 54 3.6.4 Suggested Controls and Mitigation ................................................................................ 54 3.6.5 Final Considerations/Conclusions .................................................................................. 56 3.7 Botnets ..................................................................................................................................... 57 3.7.1 Definition ........................................................................................................................ 57 3.7.2 Fraud Description ........................................................................................................... 57 3.7.3 Impact & Context ........................................................................................................... 58 3.7.4 Suggested Controls and Mitigation ................................................................................ 59 3.7.5 Final Considerations/Conclusions .................................................................................. 60 3.8 Cloud Services and Big Data ..................................................................................................... 60 3.8.1 Definitions ...................................................................................................................... 60 3.8.2 Fraud Description ........................................................................................................... 61 3.8.3 Impact & Context ........................................................................................................... 61 3.8.4 Suggested Controls and Mitigation ................................................................................ 62 3.8.5 Final Considerations/Conclusions .................................................................................. 63 3.9 Internet of Things (IoT) ............................................................................................................ 64 3.9.1 Definition ........................................................................................................................ 64 3.9.2 Fraud Description ........................................................................................................... 64 3.9.3 Impact & Context ........................................................................................................... 64 3.9.4 Suggested Controls and Mitigation ................................................................................ 65 3.9.5 Final Considerations/Conclusions .................................................................................. 65 3.10 Virtual currencies .................................................................................................................. 65 3.10.1 Introduction ................................................................................................................ 65 3.10.2 Types of Fraud ............................................................................................................ 66 3.10.3 Impact and Context .................................................................................................... 68 3.10.4 Suggested Controls and Mitigations ........................................................................... 68 3.10.5 Final Considerations/Conclusions ............................................................................... 68 4 Payment fraud ..................................................................................................................
Load more

Recommended publications
  • Submission of the Citizen Lab (Munk School of Global Affairs and Public Policy, University of Toronto) to the United Nations
    Submission of the Citizen Lab (Munk School of Global Affairs and Public Policy, University of Toronto) to the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression on the surveillance industry and human rights February 15, 2019 For all inquiries related to this ​submission​, please contact: Dr. Ronald J. Deibert Director, the Citizen Lab, Munk School of Global Affairs and Public Policy Professor of Political Science, University of Toronto [email protected] Contributors to this report: Siena Anstis, Senior Legal Advisor, Citizen Lab Dr. Ronald J. Deibert, Professor of Political Science; Director, Citizen Lab Jon Penney, Research Fellow, Citizen Lab; Associate Professor and Director, Law & Technology Institute, Schulich School of Law Acknowledgments: We would also like to thank Miles Kenyon (Communications Specialist, Citizen Lab) and Adam Senft (Operations Manager, Citizen Lab) for their support in reviewing this submission. 1 Table of Contents Executive Summary 3 About the Citizen Lab 5 Citizen Lab Research on the Use of Private Surveillance Technology Against Human Rights Actors 6 1. NSO Group’s Pegasus 6 The case of Ahmed Mansoor in the United Arab Emirates 7 Targeting civil society, journalists, politicians, and others in Mexico 7 Mapping Pegasus infections and the case of Omar Abdulaziz in Canada 8 Additional cases of targeting 8 2. Cyberbit’s PC Surveillance System 9 3. FinFisher and FinSpy 9 4. Hacking Team’s Remote Control System 10 Common Trends among Private Companies in the Surveillance Industry 11 ​ 1. Sales to states with poor human rights records 11 ​ 2.
    [Show full text]
  • Voice Phishing Attacks
    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 07 | July 2020 www.irjet.net p-ISSN: 2395-0072 Voice Phishing Attacks Ujjwal Saini Student BSC HONS (Computer Science) Hansraj College Delhi University --------------------------------------------------------------------------***------------------------------------------------------------------ Abstract - Voice Phishing also known as vishing is a type of criminal fraud in which a fraudster or a bad guy use some social engineering techniques to steal the personal and sensitive information of a person over telephone lines. This research paper gives a brief information about the term voice phishing what exactly it is, describes the modus operandi that is used by these fraudsters nowadays. This paper also includes some case studies or some examples that are common in present times that based on survey. This paper also brief you the protective measures that a user can take to safeguard his/her personal information 1. INTRODUCTION Voice Phishing/Vishing is a technique in which a scammer or an attacker uses fraudulent calls and trick the user to give their personal information. Basically vishing is new name to an older scam i.e. telephone frauds which includes some new techniques to steal information from a user. Vishing is similar to fishing in which a fisher catch fishes in their trap similarly in vishing attacker catch user to give their personal information. Vishing frequently involves a criminal pretending to represent a trusted institution,
    [Show full text]
  • 2020 Identity Theft Statistics | Consumeraffairs
    2020 Identity Theft Statistics | ConsumerAffairs Trending Home / Finance / Identity Theft Protection / Identity theft statistics Buyers Guides Last Updated 01/16/2020 News Write a review 2020Write a review Identity theft statistics Trends and statistics about identity theft Learn about identity theft protection by Rob Douglas Identity Theft Protection Contributing Editor In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses. According to the FTC’s “Consumer Sentinel Network Data Book,” the most common categories for fraud complaints were imposter scams, debt collection and identity theft. Credit card fraud was most prevalent in identity theft cases — more than 167,000 people reported a fraudulent credit card account was opened with their information. Identity theft trends in 2019 In the next year, the Identity Theft Resource Center (ITRC) predicts identity theft protection services will primarily focus on data breaches, data abuse and data privacy. ITRC also predicts that https://www.consumeraffairs.com/finance/identity-theft-statistics.html 2020 Identity Theft Statistics | ConsumerAffairs consumers will become more knowledgeable about how data breaches work and expect companies to provide more information about the specific types of data breached and demand more transparency in general in data breach reports. Cyber attacks are more ambitious According to a 2019 Internet Security Threat Report by Symantec, cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud. Cybercrime groups like Mealybug, Gallmaker and Necurs are opting for off-the-shelf tools and operating system features such as PowerShell to attack targets. Supply chain attacks are up 78% Malicious PowerShell scripts have increased by 1,000% Microsoft Office files make up 48% of malicious email attachments Internet of Things threats on the rise Cybercriminals attack IoT devices an average of 5,233 times per month.
    [Show full text]
  • Cyber Threats to Mobile Phones Paul Ruggiero and Jon Foote
    Cyber Threats to Mobile Phones Paul Ruggiero and Jon Foote Mobile Threats Are Increasing Smartphones, or mobile phones with advanced capabilities like those of personal computers (PCs), are appearing in more people’s pockets, purses, and briefcases. Smartphones’ popularity and relatively lax security have made them attractive targets for attackers. According to a report published earlier this year, smartphones recently outsold PCs for the first time, and attackers have been exploiting this expanding market by using old techniques along with new ones.1 One example is this year’s Valentine’s Day attack, in which attackers distributed a mobile picture- sharing application that secretly sent premium-rate text messages from the user’s mobile phone. One study found that, from 2009 to 2010, the number of new vulnerabilities in mobile operating systems jumped 42 percent.2 The number and sophistication of attacks on mobile phones is increasing, and countermeasures are slow to catch up. Smartphones and personal digital assistants (PDAs) give users mobile access to email, the internet, GPS navigation, and many other applications. However, smartphone security has not kept pace with traditional computer security. Technical security measures, such as firewalls, antivirus, and encryption, are uncommon on mobile phones, and mobile phone operating systems are not updated as frequently as those on personal computers.3 Mobile social networking applications sometimes lack the detailed privacy controls of their PC counterparts. Unfortunately, many smartphone users do not recognize these security shortcomings. Many users fail to enable the security software that comes with their phones, and they believe that surfing the internet on their phones is as safe as or safer than surfing on their computers.4 Meanwhile, mobile phones are becoming more and more valuable as targets for attack.
    [Show full text]
  • (Automated Teller Machine) and Debit Cards Is Rising. ATM Cards Have A
    Consumer Decision Making Contest 2001-2002 Study Guide ATM/Debit Cards The popularity of ATM (automated teller machine) and debit cards is rising. ATM cards have a longer history than debit cards, but the National Consumers League estimates that two-thirds of American households are likely to have debit cards by the end of 2000. It is expected that debit cards will rival cash and checks as a form of payment. In the future, “smart cards” with embedded computer chips may replace ATM, debit and credit cards. Single-purpose smart cards can be used for one purpose, like making a phone call, or riding mass transit. The smart card keeps track of how much value is left on your card. Other smart cards have multiple functions - serve as an ATM card, a debit card, a credit card and an electronic cash card. While this Study Guide will not discuss smart cards, they are on the horizon. Future consumers who understand how to select and use ATM and debit cards will know how to evaluate the features and costs of smart cards. ATM and Debit Cards and How They Work Electronic banking transactions are now a part of the American landscape. ATM cards and debit cards play a major role in these transactions. While ATM cards allow us to withdraw cash to meet our needs, debit cards allow us to by-pass the use of cash in point-of-sale (POS) purchases. Debit cards can also be used to withdraw cash from ATM machines. Both types of plastic cards are tied to a basic transaction account, either a checking account or a savings account.
    [Show full text]
  • Towards Mitigating Unwanted Calls in Voice Over IP
    FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Towards Mitigating Unwanted Calls in Voice Over IP Muhammad Ajmal Azad Programa Doutoral em Engenharia Electrotécnica e de Computadores Supervisor: Ricardo Santos Morla June 2016 c Muhammad Ajmal Azad, 2016 Towards Mitigating Unwanted Calls in Voice Over IP Muhammad Ajmal Azad Programa Doutoral em Engenharia Electrotécnica e de Computadores June 2016 I Dedicate This Thesis To My Parents and Wife For their endless love, support and encouragement. i Acknowledgments First and foremost, I would like to express my special gratitude and thanks to my advisor, Professor Dr. Ricardo Santos Morla for his continuous support, supervision and time. His suggestions, advice and criticism on my work have helped me a lot from finding a problem, design a solution and analyzing the solution. I am forever grateful to Dr. Morla for mentoring and helping me throughout the course of my doctoral research.. I would like to thanks my friends Dr. Arif Ur Rahman and Dr. Farhan Riaz for helping in understanding various aspects of research at the start of my Ph.D, Asif Mohammad for helping me in coding with Java, and Bilal Hussain for constructive debate other than academic research and continuous encouragements in the last three years. Of course acknowledgments are incomplete without thanking my parents, family members and loved ones. I am very thankful to my parents for spending on my education despite limited resources. They taught me about hard work, make me to study whenever I run away, encourage me to achieve the goals, self-respect and always encourage me for doing what i want.
    [Show full text]
  • Personal On-Line Payments
    Kenneth N. Kuttner and James J. McAndrews Personal On-Line Payments • Personal on-line payment systems— he rapid growth of e-commerce and the Internet has led to Internet-based systems for making small retail Tthe development of new payment mechanisms capable payments—have recently emerged as an of tapping the Internet’s unique potential for speed and alternative to cash, checks, and credit cards. convenience. A recent and especially successful example of such a development is the personal on-line payment: • All these systems use the web to convey a mechanism that uses web and e-mail technologies to 1 payment information, but they differ in the facilitate transfers between individuals. type of accounts they access: In proprietary In a typical transaction of this type, the payer accesses the account systems, funds are transferred payment provider’s web site to initiate a funds transfer. The between special-purpose accounts payer enters information about the transfer along with maintained by a nonbank provider; in bank- payment delivery instructions. Notification of the transfer is sent to the payee by e-mail; confirmation by the payee also account-based systems, funds are transferred occurs via e-mail. The payment provider’s computer then between demand deposit accounts at banks. transfers the funds. The first on-line payment systems were created by dot-com Increased acceptance of this payment • start-ups in 1999, and their usefulness quickly became method will depend on effective risk control apparent in on-line auctions. These systems grew out of the and improved settlement arrangements limitations of retail payment instruments in meeting the needs among nonbank providers, a group that of auction participants.
    [Show full text]
  • Vishing Countermeasures
    Vishing (and “SMiShing”) Countermeasures Fraud Investigation & Education FIS www.fisglobal.com Vishing Countermeasures Vishing…What is it? Vishing also called (Voice Phishing) is the voice counterpart to the phishing scheme. Instead of being directed by an email to a website, the user is asked to make a telephone call. The call triggers a voice response system that asks for the user’s personal identifiable information to include: Plastic card number, Expiration date, CVV2/CVC2, and/or PIN number. To date, there have been two methods of this technique that have been identified. The first method is via “Email blast”. The email blast has the exact same concept of phishing email that includes false statements intended to create the impression that there is an immediate threat or risk to the financial account of the person who receives the email. Instead of Weblink, there is a number provided that instructs the person to call and provide their personal identifiable information. Example of a vishing email: 800.282.7629 [email protected] 2 © 2010 FIS. and its subsidiaries. Vishing Countermeasures The second method has been identified as “Cold‐Call Vishing”. With this method, the fraudsters use both a war dialer program with a VoIP (Voice over Internet Protocol) technology to cover a specific area code(s). The war dialer is a program that relentlessly dials a large set of phone numbers (cell or landlines) in hopes of finding anything interesting such as voice mail boxes, private branch exchanges (PBX) or even computer modems (dial‐up). VoIP is a technology that allows anyone to make a call using a broadband internet connection instead of a regular phone line.
    [Show full text]
  • We Are All Rwandans”
    UNIVERSITY OF CALIFORNIA Los Angeles “We are all Rwandans”: Imagining the Post-Genocidal Nation Across Media A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Film and Television by Andrew Phillip Young 2016 ABSTRACT OF DISSERTATION “We are all Rwandans”: Imagining the Post-Genocidal Nation Across Media by Andrew Phillip Young Doctor of Philosophy in Film and Television University of California, Los Angeles, 2016 Professor Chon A. Noriega, Chair There is little doubt of the fundamental impact of the 1994 Rwanda genocide on the country's social structure and cultural production, but the form that these changes have taken remains ignored by contemporary media scholars. Since this time, the need to identify the the particular industrial structure, political economy, and discursive slant of Rwandan “post- genocidal” media has become vital. The Rwandan government has gone to great lengths to construct and promote reconciliatory discourse to maintain order over a country divided along ethnic lines. Such a task, though, relies on far more than the simple state control of media message systems (particularly in the current period of media deregulation). Instead, it requires a more complex engagement with issues of self-censorship, speech law, public/private industrial regulation, national/transnational production/consumption paradigms, and post-traumatic media theory. This project examines the interrelationships between radio, television, newspapers, the ii Internet, and film in the contemporary Rwandan mediascape (which all merge through their relationships with governmental, regulatory, and funding agencies, such as the Rwanda Media High Council - RMHC) to investigate how they endorse national reconciliatory discourse.
    [Show full text]
  • Effects of Automated Teller Machine on the Performance of Nigerian Banks
    American Journal of Applied Mathematics and Statistics, 2014, Vol. 2, No. 1, 40-46 Available online at http://pubs.sciepub.com/ajams/2/1/7 © Science and Education Publishing DOI:10.12691/ajams-2-1-7 Effects of Automated Teller Machine on the Performance of Nigerian Banks Jegede C.A.* Department of Accounting and finance, Lagos State University, Ojo, Nigeria *Corresponding author: [email protected] Received August 07, 2013; Revised August 24, 2013; Accepted February 07, 2014 Abstract This study investigates the effects of ATM on the performance of Nigerian banks. Available studies have concentrated on the significant dimensions of ATM (automated teller machine) service quality and its effect on customer satisfaction with a bias against ATM producers. The study is motivated by the astronomical challenges confronting the proliferation of ATM infrastructure and attendant financial losss to banks which are often under- reported. Also, there are serious debate on the relevance of ATM technology as most countries in the world are moving away from the virus technology to the more secured chip cards free of credit and debit frauds. Questionnaire was used to collect the data from a convenience sample of 125 employees of five selected banks in Lagos State with interswitch network. Therefore, data collected through the questionnaire were analyzed statistically by using the Software Package for Social Science (SPSS Version 20.0 for Student Version) and chi-square technique. The results indicate that less than the benefits, the deployment of ATMs terminals have averagely improved the performance of Nigerian banks because of the alarming rate of ATM fraud.
    [Show full text]
  • DOCUMENT RESUME ED 052 058 SE 012 062 AUTHOR Kohn, Raymond F. Environmental Education, the Last Measure of Man. an Anthology Of
    DOCUMENT RESUME ED 052 058 SE 012 062 AUTHOR Kohn, Raymond F. TITLE Environmental Education, The Last Measure of Man. An Anthology of Papers for the Consideration of the 14th and 15th Conference of the U.S. National Commission for UNESCO. INSTITUTION National Commission for UNESCO (Dept. of State), Washington, D.C. PUB DATE 71 NOTE 199p. EDRS PRICE EDRS Price MF-$0.65 HC-$6.58 DESCRIPTORS Anthologies, *Ecology, *Environment, EnVironmental Education, Environmental Influences, *Essays, *Human Engineering, Interaction, Pollution IDENTIFIERS Unesco ABSTRACT An anthology of papers for consideration by delegates to the 14th and 15th conferences of the United States National Commission for UNESCO are presented in this book. As a wide-ranging collection of ideas, it is intended to serve as background materials for the conference theme - our responsibility for preserving and defending a human environment that permits the full growth of man, physical, cultural, and social. Thirty-four essays are contributed by prominent authors, educators, historians, ecologists, biologists, anthropologists, architects, editors, and others. Subjects deal with the many facets of ecology and the environment; causes, effects, and interactions with man which have led to the crises of today. They look at what is happening to man's "inside environment" in contrast to the physical or outside environment as it pertains to pollution of the air, water, and land. For the common good of preserving the only means for man's survival, the need for world cooperation and understanding is emphatically expressed. (BL) U.S. DEPARTMENT OF HEALTH. EDUCATION & WELFARE OFFICE OF EDUCATION THIS DOCUMENT HAS BEEN REPRO- DUCED EXACTLY AS RECEIVED FROM THE PERSON OR ORGANIZATION ORIG- INATING IT.
    [Show full text]
  • AUTOMATED TELLER MACHINE (Athl) NETWORK EVOLUTION in AMERICAN RETAIL BANKING: WHAT DRIVES IT?
    AUTOMATED TELLER MACHINE (AThl) NETWORK EVOLUTION IN AMERICAN RETAIL BANKING: WHAT DRIVES IT? Robert J. Kauffiiian Leollard N.Stern School of Busivless New 'r'osk Universit,y Re\\. %sk, Net.\' York 10003 Mary Beth Tlieisen J,eorr;~rd n'. Stcr~iSchool of B~~sincss New \'orl; University New York, NY 10006 C'e~~terfor Rcseai.clt 011 Irlfor~i~ntion Systclns lnfoornlation Systen~sI)epar%ment 1,eojrarcl K.Stelm Sclrool of' Busir~ess New York ITuiversity Working Paper Series STERN IS-91-2 Center for Digital Economy Research Stem School of Business Working Paper IS-91-02 Center for Digital Economy Research Stem School of Business IVorking Paper IS-91-02 AUTOMATED TELLER MACHINE (ATM) NETWORK EVOLUTION IN AMERICAN RETAIL BANKING: WHAT DRIVES IT? ABSTRACT The organization of automated teller machine (ATM) and electronic banking services in the United States has undergone significant structural changes in the past two or three years that raise questions about the long term prospects for the retail banking industry, the nature of network competition, ATM service pricing, and what role ATMs will play in the development of an interstate banking system. In this paper we investigate ways that banks use ATM services and membership in ATM networks as strategic marketing tools. We also examine how the changes in the size, number, and ownership of ATM networks (from banks or groups of banks to independent operators) have impacted the structure of ATM deployment in the retail banking industry. Finally, we consider how movement toward market saturation is changing how the public values electronic banking services, and what this means for bankers.
    [Show full text]