DOCSLIB.ORG

2019 Payments Threats and Fraud Trends Report

2019 Payments Threats and Fraud Trends Report

2019 Payment Threats and Fraud Trends Report EPC302-19 /Version 1.0 / Date issued: 9 December 2019 © 2019 Copyright European Payments Council (EPC) AISBL: This document is public and may be copied or otherwise distributed provided attribution is made and the text is not used directly as a source of profit www.epc-cep.eu 1 / 91 Report 2019 Payment Threats and Fraud Trends EPC302-19 Version 1.0 Date issued: 9 December 2019 November 2019 Abstract This new edition of the threats trends report reflects the recent developments concerning security threats and fraud in the payments landscape over the past year. www.epc-cep.eu 2 / 91 Report 2019 Payments Threats and Fraud Trends EPC302-19 / Version 1.0 Table of Contents Executive Summary .................................................................................................................... 6 1 Document information ......................................................................................................... 8 1.1 Structure of the document ........................................................................................................ 8 1.2 References.................................................................................................................................. 8 1.3 Definitions .................................................................................................................................. 9 1.4 Abbreviations ........................................................................................................................... 13 2 General .............................................................................................................................. 16 2.1 About the EPC .......................................................................................................................... 16 2.2 Vision ........................................................................................................................................ 16 2.3 Scope and objectives................................................................................................................ 16 2.4 Audience .................................................................................................................................. 16 3 Main threats ...................................................................................................................... 17 3.1 Introduction ............................................................................................................................. 17 3.2 Social Engineering .................................................................................................................... 17 3.2.1 Definitions ...................................................................................................................... 17 3.2.2 Fraud Description ........................................................................................................... 17 3.2.3 Impact & Context ........................................................................................................... 18 3.2.4 Suggested Controls and Mitigation ................................................................................ 20 3.2.5 Final Considerations/Conclusions .................................................................................. 22 3.3 Malware ................................................................................................................................... 22 3.3.1 Definition ........................................................................................................................ 22 3.3.2 Fraud Description ........................................................................................................... 23 3.3.3 Impact & Context ........................................................................................................... 24 3.3.4 Suggested Controls and Mitigation ................................................................................ 25 3.3.5 Final Considerations/Conclusions .................................................................................. 26 3.4 Advanced Persistent Threats (APTs) ........................................................................................ 27 3.4.1 Definition ........................................................................................................................ 27 3.4.2 Fraud description ........................................................................................................... 28 3.4.3 Impact & context ............................................................................................................ 32 3.4.4 Suggested Controls and Mitigation ................................................................................ 34 3.4.5 Final Considerations/Conclusions .................................................................................. 37 3.5 Mobile device related attacks .................................................................................................. 38 www.epc-cep.eu 3 / 91 Report 2019 Payments Threats and Fraud Trends EPC302-19 / Version 1.0 3.5.1 Attacks Targeting the Mobile Device ............................................................................. 40 3.5.2 SIM swapping ................................................................................................................. 49 3.5.3 Final Considerations/Conclusions .................................................................................. 51 3.6 Denial of Service ....................................................................................................................... 52 3.6.1 Definition ........................................................................................................................ 52 3.6.2 Fraud Description ........................................................................................................... 52 3.6.3 Impact & Context ........................................................................................................... 54 3.6.4 Suggested Controls and Mitigation ................................................................................ 54 3.6.5 Final Considerations/Conclusions .................................................................................. 56 3.7 Botnets ..................................................................................................................................... 57 3.7.1 Definition ........................................................................................................................ 57 3.7.2 Fraud Description ........................................................................................................... 57 3.7.3 Impact & Context ........................................................................................................... 58 3.7.4 Suggested Controls and Mitigation ................................................................................ 59 3.7.5 Final Considerations/Conclusions .................................................................................. 60 3.8 Cloud Services and Big Data ..................................................................................................... 60 3.8.1 Definitions ...................................................................................................................... 60 3.8.2 Fraud Description ........................................................................................................... 61 3.8.3 Impact & Context ........................................................................................................... 61 3.8.4 Suggested Controls and Mitigation ................................................................................ 62 3.8.5 Final Considerations/Conclusions .................................................................................. 63 3.9 Internet of Things (IoT) ............................................................................................................ 64 3.9.1 Definition ........................................................................................................................ 64 3.9.2 Fraud Description ........................................................................................................... 64 3.9.3 Impact & Context ........................................................................................................... 64 3.9.4 Suggested Controls and Mitigation ................................................................................ 65 3.9.5 Final Considerations/Conclusions .................................................................................. 65 3.10 Virtual currencies .................................................................................................................. 65 3.10.1 Introduction ................................................................................................................ 65 3.10.2 Types of Fraud ............................................................................................................ 66 3.10.3 Impact and Context .................................................................................................... 68 3.10.4 Suggested Controls and Mitigations ........................................................................... 68 3.10.5 Final Considerations/Conclusions ............................................................................... 68 4 Payment fraud ..................................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    91 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us