Rippleshot Blog

The Identity Theft Resource Center (ITRC) and CyberScout issued a new report stating that the number of U.S. data breaches reached an all-time high last year, totaling 1,093. This is a 40% increase from 2015 – quite a substantial increase indicating that rising concerns around cybercrime isn’t just hype, it’s a growing epidemic across not only the U.S but also across the globe.

Cybersecurity is clearly a hot topic of discussion as cyberattacks grow in scale and continue to impact all industries. While it is safe to say that most individuals, financial institutions, business organizations, etc., are all hyperaware of the growing online security threats, a new report from Gemalto indicates that consumers hold organizations - not themselves - chiefly accountable for protecting their personal data, and thus are primarily at fault when it comes to data breaches.

Just a few short months ago, NACHA put in motion a multi-year multi-phase plan to make ACH payments settle in the same day they’re originated. This past September, ACH credits were first made available for same day settlement, with the receiving depository financial institution (RDFI) making the funds available by the end of their processing day. In phases two and three of this rollout, debits will also be settled same day, and funds made available at 5:00pm local time for the RDFI. It goes without saying that as the time available to settle payments decreases, the opportunity for fraud increases, but it’s also important to understand what exactly “same day” means, what opportunities for fraud detection are available, and what the landscape for ACH fraud looks like moving forward.

This article was first published in Let's Talk Payments on January 5th.

The year 2016 saw the aftermath of EMV implementation impacting financial institutions, merchants and consumers across the US. Though many expected to see a number of positive benefits from EMV, those benefits didn’t include a reduction in the number of merchant compromises or fraudulent activity.

As 2017 kicks off, we’ve taken a look back at the key trends in the fraud and data breach space over the past year – what we learned and what’s to come in 2017.

The continued rise in e-commerce fraud as an expected result of the EMV implementation has put a laser focus on existing fraud solutions in the industry - and their shortcomings. 3D Secure was created over fifteen years ago as a way to increase security for online payments, but has seen its fair share of criticism from all parts of the payment spectrum. In October, EMVCo released the long awaited updated specifications for 3D Secure 2.0. Follow along as we highlight what’s new, important and noteworthy in this much anticipated release.

Have you ever looked at your computer or phone in awe, and considered the possibility that it may be smarter than you? Although the philosophical debate surrounding the nature of intelligence has waged on for decades, the advent of machine learning has caused it to suddenly resurface. After all, when a computer can comb through years of company data and solve a complex problem within seconds, it is hard to not give heed to the argument that technology is smarter. Regardless of whether or not intelligence can be measured, the final answer is that neither is smarter, and both must work effectively together in order to find solutions to tomorrow's problems. Follow the Rippleshot Team as we discuss the origins of machine learning, its implications for the future, and how you can leverage its power to benefit your institution.

Although version 3.2 of the PCI Data Security Standard (PCI DSS) was released over half a year ago, its impact will stretch much further into the future. In a way, the strategic introduction of the standard is the most noteworthy element about it. There are a few essential changes, but the projected runway provides more than enough time for organizations to brace themselves. As Payment Card Industry Security Standards Council's CTO Troy Leach stated in an interview, he believes the postponed update will give organizations the time they need to effectively implement security processes that help mitigate against cyberattacks. However, this does not mean that companies are off the hook, as today’s “most advanced” security technology can become a vulnerability to exploit for tomorrow’s cyber criminals. Follow along as the Rippleshot Team looks at The Key Highlights of PCI DSS 3.2.

It’s safe to say that 2016 has been a year of heightened turmoil for the payments and security industry. With the aftermath of EMV implementation, a sharp rise in data breaches, and unprecedented fraud losses by issuers, we know that this year has kept you busy. The good news is, we’re here to help. In order to save you time, we have compiled a list of key statistics that paint the bigger picture of the industry as a whole. Follow the Rippleshot Team as we take you through the Top 11 Stats of 2016.

A hidden gem, the Monthly Complaint Report by the Consumer Financial Protection Bureau (CFPB) helps uncover problem areas impacting the financial products and services industry in the eyes of the consumer. Whether it be consumer loans, bank accounts/ services, payment cards, debt collection, payday loans, or fraud, the CFPB has handled over 930,700 consumer complaints as of July 2016, including 24,500 in June itself. Through a careful compilation and analysis of such consumer complaints, the CFPB has been able to discern a “high-level snapshot of trends in consumer complaints”. Follow the Rippleshot Team as we review highlights from the report and discuss customer sentiments surrounding financial products and services.

We knew this was coming when the Federal Reserve issued guidance applying the Customer Identification Program (CIP) to prepaid cards in March of this year. Customers are able to reload prepaid cards, use direct deposit and in some cases, receive overdraft protection, which the federal agency determined enough for it to be considered an account relationship. And now that reloadable prepaid cards are considered an account relationship, it’s not surprising that the Consumer Financial Protection Bureau recently issued new rules requiring fraud protection support for those using them.

We know it’s hard to believe, but sometimes even your beloved customers have malicious intentions. According to a newly published whitepaper by Radial, the majority of eCommerce fraud originates from cyber criminals, who use compromised payment data to make unauthorized transactions, and make managing eCommerce fraud extremely challenging. Merchants are forced to constantly balance risk exposure with customer disturbances, heavily invest in fraud detection technologies, and dedicate resources to preventing fraud. However, what happens when the customer is the one committing fraud? Commonly known as “friendly fraud”, this type of first party fraud is when customers transact online, and then claim their purchase was unauthorized. Follow the Rippleshot Team as we quantify how much friendly fraud has been costing merchants (quick teaser- billions), and the steps merchants should take to avoid it.

During March, the Rippleshot Team covered the top locations and trends of e-commerce fraud in a previous blog post, outlining where both the fraudsters and victims of fraud were located. Much of our focus was on warning financial institutions that EMV implementation was not the cure-all to fraud, as fraud, and its impact of customers, was not going anywhere. Some listened, while some countered that their “fraud losses were lower than ever because of EMV”. So although we don’t like to say we told you so…we told you so. Experian’s latest report, published right around the 1-year anniversary of the EMV liability shift, projects 2016 e-commerce fraud attack rates to be at least 15% higher than last year’s total. Learn the Top 10 Riskiest Zip Codes for shipping and billing fraud in our latest blog- “The Where and What of E-Commerce Fraud”.

In early September, New York Governor Andrew Cuomo introduced new regulation that would make the state the first in the nation to enforce a cybersecurity program for financial institutions. While some have compared the regulation to the FFIEC (Federal Financial Institutions Examination Council)’s Cybersecurity Assessment Tool and guidelines, the proposed regulation would actually go much farther in its quest to ensure all financial institutions in NY are prepared for and are doing their best to prevent cyber attacks.

2 years ago, security professional and evangelist David Holmes dubbed 2014 as the “The Year of the Mega-Breach”, and reasonably so, as multiple headlines featured news of massive data breaches at Home Depot, J.P. Morgan Chase, and eBay. However, the following year had a roster of mega-breaches that made the previous year’s incidents pale in comparison, causing the term to quickly become obsolete. After a holistic review of the data breaches that have occurred throughout the current year, the Rippleshot Team has decided to resurrect the concept- with a little twist. Follow along as we discuss why 2016 is “The Year Of The SMB Breach”, how data breaches can be catastrophic to small to mid-size businesses (SMBs), and what implications SMB breaches have for the overall cybersecurity industry.

Bad news. Ransomware is back with a newfound vengeance. Many of us know ransomware to be a notorious form of malware that prevents users from accessing their own systems, either by locking a user from a system entirely (locker ransomware), or encrypting user files on an affected system (crypto-ransomware). In either case, users are forced to pay a ransom in order to restore functionality and access, many times to the tune of thousands of dollars. Although ransomware dates back to 1989, its practice has ebbed and flowed in its prevalence over the years. However, it is clear that 2016 has seen a marked increase in the frequency, cost, and effectiveness of ransomware incidents. Follow the Rippleshot Team as we document the return of ransomware and its impact on the cybersecurity landscape of 2016.