Monday, December 15, 2008

Something Phishy About This

A recently published report dealing with phishing and crimeware trends in Q2 2008 indicates a marked increase in the activity of cybercriminals seeking to steal sensitive financial data from consumers who manage their finances online.

Phishing, essentially defined as a criminal mechanism designed to steal consumers’ personal identity data and financial account credentials, has two major components, which according to the report manifest conflicting tendencies. Social engineering-based phishing activities – which uses false emails to direct online customers to false websites which mimic legitimate business and agencies websites – have declined slightly; however, the report indicates that technical subterfuge phishing schemes – which download crimeware directly onto PCs to steal credentials and intercept consumers’ online account user names and passwords – have registered a sharp increase. The report thus indicates that the number of crimeware-spreading URLs at the end of Q2 2008 grew 258 percent compared to the end of Q2 2007. Also, the number of malicious application variants identified by the company which drew the report registered a record high of 442 in May 2008, up 105 percent from May 2007.

The report also highlights that the number of brands – that is, financial service providers – targeted by phishing attacks is on the rise, and that fraudsters are investing in advanced IT infrastructures and marketing tools in order to conduct targeted phishing campaigns. Favorite targets for phishers are the websites of distressed financial institutions, with criminals seeking to take advantage of the confusion surrounding various mergers and takeovers to trick consumers into revealing their account data. Finally, the report indicates that in Q2 2008, the industry sectors mostly targeted by phishing schemes were the financial sector (52 percent of phishing attacks), followed by the auction and payment service providers, which were at the receiving end of 25 percent and 18 percent of phishing attacks, respectively.

The Q2 2008 Phishing Activity Trends Report was drawn by the Anti-Phishing (APWG), an industry, law enforcement and government coalition focused on eliminating identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware in general.

Reblog this post [with Zemanta]

Online Fraud Up...Down Under

Card Fraud is on the rise globally and Australia is no exception.  In the land down under, card fraud jumped 45 per cent to more than $131 million in 2007-08 with most of the growth coming from suspect online payments.   Figures released by industry body the Australian Payments Clearing Association (APCA) show 361,000 fraudulent credit card transactions occurred in the year to June 30. This translates to $50.19 in fraud for every $1000 spent on credit cards, up from $38.62 in the previous year.

Also, as is the case everywhere, the bulk of these were Card Not Present (CNP) transactions, "where the card holder and retailer do not meet face to face."  According to APCA, almost $63.5 million in 211,000 transactions was lost in this way, the APCA figures show.

If you’re the proprietor of Android's Dungeon & Baseball Card, how do you know it’s Rod Flanders buying all those Itchy and Scratchy comics and not Bart?
  The short answer is "you don't."  (unless your customer is using HomeATM Personal Swiping Device)

The stee
p rise in fraud is a major worry for banks and credit card providers, which have been pushing for new security standards in Australia, including the recent introduction of PIN numbers for credit cards for over-the-counter transactions.  (see "More on Australia's PEN or PIN Program)

Water finds the path of least resistance and apparently, fraud, like water, has the same tendencies.  The crackdown on bricks and mortar fraud is believed to have driven more crime to the internet, where transactions are harder to police and fraudsters can remain anonymous.  It is of utmost importance secure online transactions as online shopping becomes the norm.  (see Australian eCommerce Enjoying Bonanza)

As I've stated myriad times, CNP transactions become CP (Card Present) transactions upon using HomeATM's Personal Swiping Device.  HomeATM's device also securely encrypts all  transactions and the HomeATM user NEVER needs to enter their PAN (personal account number) which, according to most users is a convenience aspect, (just swipe your card) but more importantly, is a security aspect as well.

People swipe their card in the store, (it's what makes it a CP transaction,) so if CNP transactions are mired in fraud, then it seems to be a no-brainer to have the consumer swipe their card at home.  I

In the past, part of the problem was the cost of a Personal Swiping Device.  HomeATM has gotten the price to a point whereby this is a non-issue.  The more secure the transaction, the lower the interchange rate.  CP is more secure than CNP, thus it has lower interchange.  Card Present/PIN, being even more secure, enjoys the lowest processing fees of all.

Reblog this post [with Zemanta]

Disqus for ePayment News