DOCSLIB.ORG

2018 Payment Threats and Fraud Trends Report (EPC211-18V1.0)

2018 Payment Threats and Fraud Trends Report (EPC211-18V1.0)

EPC211-18 Version 1.0 1 December 2018 [x] Public – [] Internal Use – [] Confidential – [ ] Strictest Confidence Distribution: 2018 PAYMENT THREATS AND FRAUD TRENDS REPORT This new edition of the threats trends report reflects the Abstract recent development concerning security threats and fraud in the payments landscape over the past year. Document EPC211-18 Reference Issue Version 1.0 Date of Issue 1 December 2018 European Payments Council. Cours Saint-Michel 30A, B-1040 Brussels. This document is public and may be copied or otherwise distributed provided attribution is made and the text is not used directly as a source of profit. Conseil Européen des Paiements AISBL– Cours Saint-Michel 30A, B-1040 Brussels Tel: +32 2 733 35 33 Fax: +32 2 736 49 88 Enterprise N° 0873.268.927 www.epc-cep.eu [email protected] Table of Contents Executive Summary ........................................................................................... 5 1 Document information .................................................................................. 7 1.1 Structure of the document ....................................................................... 7 1.2 References ............................................................................................. 7 1.3 Definitions ............................................................................................. 8 1.4 Abbreviations ....................................................................................... 11 2 General .................................................................................................... 14 2.1 About the EPC ...................................................................................... 14 2.2 Vision .................................................................................................. 14 2.3 Scope and objectives ............................................................................ 14 2.4 Audience ............................................................................................. 14 3 Main threats today ..................................................................................... 16 3.1 Social Engineering ................................................................................ 16 3.1.1 Definition ....................................................................................... 16 3.1.2 Fraud Description ............................................................................ 16 3.1.3 Impact & Context ............................................................................ 19 3.1.4 Suggested Controls and Mitigation ..................................................... 20 3.1.5 Final Considerations/Conclusions ....................................................... 21 3.2 Malware ............................................................................................... 21 3.2.1 Definition ....................................................................................... 22 3.2.2 Fraud Description ............................................................................ 23 3.2.3 Impact & Context ............................................................................ 23 3.2.4 Suggested Controls and Mitigation ..................................................... 24 3.2.5 Final Considerations/Conclusions ....................................................... 26 3.3 Advanced Persistent Threats (APTs) ........................................................ 26 3.3.1 Definition ....................................................................................... 26 3.3.2 Fraud description ............................................................................ 27 3.3.3 Impact & context ............................................................................ 31 3.3.4 Suggested Controls and Mitigation ..................................................... 32 3.3.5 Final Considerations/Conclusions ....................................................... 34 3.4 Mobile device related attacks.................................................................. 35 3.4.1 Attacks Targeting the Mobile Device .................................................. 37 3.4.2 SIM swapping ................................................................................. 43 3.4.3 Final Considerations/Conclusions ....................................................... 45 3.5 Denial of Service .................................................................................. 46 3.5.1 Definition ....................................................................................... 46 3.5.2 Fraud Description ............................................................................ 46 3.5.3 Impact & Context ............................................................................ 48 3.5.4 Suggested Controls and Mitigation ..................................................... 49 3.5.5 Final Considerations/Conclusions ....................................................... 50 EPC211-18v1.0 2018 Payment Threats and Fraud Trends Report Page 2 of 91 3.6 Botnets ............................................................................................... 51 3.6.1 Definition ....................................................................................... 51 3.6.2 Fraud Description ............................................................................ 51 3.6.3 Impact & Context ............................................................................ 53 3.6.4 Suggested Controls and Mitigation ..................................................... 59 3.6.5 Final Considerations ........................................................................ 62 3.7 Cloud Services and Big Data .................................................................. 63 3.7.1 Definitions ...................................................................................... 63 3.7.2 Fraud Description ............................................................................ 63 3.7.3 Impact & Context ............................................................................ 64 3.7.4 Suggested Controls and Mitigation ..................................................... 64 3.7.5 Final Considerations/Conclusions ....................................................... 66 3.8 Internet of Things (IoT) ......................................................................... 66 3.8.1 Definition ....................................................................................... 66 3.8.2 Fraud Description ............................................................................ 67 3.8.3 Impact & Context ............................................................................ 67 3.8.4 Suggested Controls and Mitigation ..................................................... 67 3.8.5 Final Considerations/Conclusions ....................................................... 68 3.9 Virtual currencies .................................................................................. 68 3.9.1 Introduction ................................................................................... 68 3.9.2 Types of Fraud ................................................................................ 69 3.9.3 Impact and context ......................................................................... 72 3.9.4 Suggested controls and mitigations ................................................... 72 3.9.5 Conclusions and final considerations .................................................. 73 3.10 Multi-vector attacks .............................................................................. 73 4 Payment fraud ........................................................................................... 74 4.1 Card related fraud ................................................................................. 74 4.1.1 Definition ....................................................................................... 74 4.1.2 Card Fraud Scenarios ....................................................................... 74 4.1.3 Current and New Payment Card Fraud Trends ..................................... 75 4.1.4 Suggested Controls and Mitigation ..................................................... 77 4.1.5 Final Considerations/Conclusions ....................................................... 78 4.2 ATM Fraud ........................................................................................... 78 4.2.1 Definition ....................................................................................... 78 4.2.2 Fraud description ............................................................................ 79 4.2.3 Current and new ATM fraud trends .................................................... 79 4.2.4 Suggested Controls and Mitigation ..................................................... 80 4.2.5 Final Considerations/Conclusions ....................................................... 81 4.3 SEPA Credit Transfer (including instant) and Direct Debit fraud .................. 81 5 Conclusions ............................................................................................... 83 Annex I – SEPA Payment Instruments ................................................................ 87 Annex II – Summary Threats versus Controls and Mitigations ................................ 89 EPC211-18v1.0 2018 Payment Threats and Fraud Trends Report Page 3 of 91 List of Tables Table 1: Bibliography ..................................................................................... 8 Table

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    91 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us