Rippleshot Blog

The Evolution of Credit Card Fraud Patterns

Posted by Anna Kragie on Feb 14, 2020 12:26:32 PM

Tracking credit card fraud trends is a standard practice for any financial institution. When tracking that data, it's important to have context of what the last few years looked like, and what that means for future trends across the fraud ecosystem. What's important to track is what types of card fraud are mot prevalent (CP vs. CNP fraud), the rate at which credit card fraud is growing and who it is impacting most. 

Knowing how credit card fraud patterns are evolving can help your financial institution know which tools your team needs to proactively get ahead of these rapidly-growing problems. We break down four key trends: 

Read More

ITRC Data Breach Report: Breaches up 17%, Exposed PII Records Down 41%

Posted by Anna Kragie on Feb 7, 2020 12:46:40 PM

The Identity Theft Resource Center's annual report confirmed what we already knew about the state of data breaches: They continue to rise significantly, year-after-year. There is a bit of good news, however, within the ITRC's report: The number of PII and sensitive PII records exposed continues to drop. 

“This year’s report paints a mixed view of the landscape as we continue to work with businesses and consumers alike to thwart cyber criminals and contain their damage,” said Matt Cullina, CyberScout’s EVP of Strategic Partnerships and Managing Director of Global Markets.

Read More

Wawa Customer Breached Card Data Reportedly Being Sold On Dark Web

Posted by Anna Kragie on Jan 30, 2020 12:03:13 PM

Critical payment and credit card data from the Wawa convenience store breach has reportedly made its way to the dark web. Multiple reports, including Krebs on Security and Gemini Advisory, indicate that card data from more than  30 million Wawa customers was listed for sale Jan. 27 on the cybercriminal dark web forum Joker’s Stash.

Wawa acknowledged the reports, and released a statement saying it has "alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information." Wawa said it is working with federal law enforcement to determine the scope of the exposed Wawa-specific customer payment card data.

Read More

Topics: Fraud

ABA Report: CNP Fraud Losses Rise Sharply In Two Years

Posted by Anna Kragie on Jan 17, 2020 7:00:00 AM

A newly published report from the American Bankers Association reveals key themes across the banking ecosystem: Fraudsters keep targeting old habits, while newer trends are gaining traction quicker than ever. 

The ABA's report showed is that popular fraud trends like check fraud and deposit account fraud continue to contribute to overall fraud losses — accounting for roughly $2.5 billion collectively. The report also details how point-of-sale debit card fraud trends have been shifting over the past few years. When comparing 2016 to 2018 figures, data indicates that POS debit card fraud from counterfeit frauds now accounts for 25% of the losses, compared to 47% in 2016. Looking at card-not-present transactions (CNP), those losses are account for 42% of counterfeit fraud, when compared to a 30% loss in 2016. 

Despite the gloomy outlook on many of the fraud figures, the report indicated some bright spots for financial institution leadership.

Read More

Topics: Fraud

Inside the Landry's Data Breach: What You Need to Know

Posted by Anna Kragie on Jan 10, 2020 2:48:46 PM

Another major data breach was announced this week. This time it was Landry’s Inc., a Houston-based company that owns and operates more than 600 restaurants, hotels, casinos and entertainment destinations. According to what has been publicly reported, malware was installed on Landry’s’ payment processing system servers, and was used to exfiltrate customers’ card numbers, expiration dates and internal verification codes.

Data Breach Alert: Inside the Landry's Payment Data Breach

Read More

Topics: Data Breach Statistics

Holiday Shopping Weekend Data: Suspicious Transactions Rose 29%

Posted by Anna Kragie on Dec 13, 2019 11:41:33 AM

Midway through December, data indicates holiday fraud is rising sharply as expected.

The latest data from Digital Transactions indicates that over the five-day holiday shopping period there was a 29% increase in suspected fraud when compared with the same time period in 2018. This uptick in fraud comes with increased holiday spending, particularly online. 

Black Friday brought in $7.4 billion in just e-commerce sales, with Cyber Monday clocking in a record $9.4 billion. That was a 20% increase in spending from 2018, according to Adobe Analytics. For suspicious transactions Black Friday appeared to be the most impactful day of all, accounting for both the most fraud and legitimate sales (26% of the four-day total).

It's clear fraudsters are following shopper's habits. As more and more shoppers spend online, so does the amount of fraudulent attempts across CNP channels.

Read More

Are You Ready For The Holiday Card Fraud Rush?

Posted by Anna Kragie on Dec 6, 2019 1:15:43 PM

The uptick in holiday shopping card fraud leaves financial institutions in a tough position: Manage the fallout from higher declines or take on additional fraud risk to minimize cardholder disruption. Getting proactive about holiday card fraud can alleviate that burden.

To help you keep your cardholders protected, we've brought back our team's tips on how to manage incidents during this peak fraud season.

Read More

Topics: Fraud

What Financial Institutions Should Know About the Macy's Online Data Breach

Posted by Anna Kragie on Nov 22, 2019 11:47:44 AM

News broke this week that Macy's online payment portal on its ecommerce site was hacked by Magecart, a cyber criminal group known for injecting payment card skimmers into ecommerce websites. From what's been reported, we know payment data stolen was submitted by shoppers onto payment/checkout pages. 

Macy’s reported that it received an alert about "a suspicious connection between macys.com and another website,” which led to an immediate investigation. The hacker group reportedly injected computer code onto two pages at macys.com: The checkout page if credit card data was entered and an order was placed, and the wallet page of a shopper’s account page.

The questions left for financial institutions is what can they do about it, how can they protect their cardholders and how can they protect themselves in the future? We answer those questions in our latest breach alert. 

Click here to get your copy of our full report: Inside the macys.com Online Card Breach

Read More

Study: Consumers Blame Financial Institutions After Card Compromised

Posted by Anna Kragie on Nov 15, 2019 7:00:00 AM

A new industry study about consumer perception around fault over card compromises is a good reminder for financial institution leaders about what their cardholders are concerned about most this holiday shopping season. 

A November 2019 study from Terbium Labs titled "How Fraud Stole Christmas" details that a majority of consumers, or 68%, responded in a survey that they would hold their financial institution "at least partly responsible for fraudulent activity, regardless of how the compromise occurred." Even if the merchant was the source of the breach, consumer perception over how their bank or credit union is protecting them appears to play a role in who a cardholder is most likely to point the finger at after an incident occurs.

Read More

Rippleshot Gives Community Banks and Credit Unions Competitive Edge with AI-Driven Fraud Protection

Posted by Anna Kragie on Nov 5, 2019 8:00:00 AM

Rippleshot is excited to announce Rules Assist™, an AI-driven decision rules analytics solution to empower community banks and credit unions in the fight against emerging fraud trends.

E-commerce fraud now accounts for roughly 75% of all card fraud, causing financial institutions to race to keep up with fraudsters. In response, top Fortune 500 financial institutions have embedded artificial intelligence and machine learning into their core business models. The four biggest banks in the U.S. budgeted a collective $38.4 billion for innovation and technology in 2019 alone.

Faced with more limited resources, community banks and credit unions often lack the technological edge to keep pace with innovations that greatly impact customer experience. Rippleshot Rules Assist was developed to address technology gaps smaller financial institutions face in their back office to efficiently protect their customers. Financial institutions will be able to cost effectively leverage AI and Machine Learning within their existing infrastructure without adding IT resources or staff. 

Read More

Topics: Rippleshot News, Machine Learning, Data Analytics

Financial Institution Tips: Protecting Customers From Holiday Card Fraud

Posted by Anna Kragie on Nov 1, 2019 7:00:00 AM

With Halloween behind us, it's time to start thinking about what's next: The holiday rush. For banks and credit union leaders, this means thinking about the holiday card fraud rush that comes along with the increased card spend activity.

With more holiday shopping taking place online, CNP fraud continues to rise. E-commerce, or CNP, fraud is 81 percent more likely to occur than in-store, or card-present fraud. As seen every holiday season, we anticipate a surge in fraud this year. The holiday season is also a busy time for fraudsters who prey on financial institutions who are reluctant to decline a transaction or re-issue cards in order to lessen customer impact.

Being prepared to combat holiday card fraud means proactively preparing long before the storm hits. As a refresher for 2019, we’ve brought back our team’s tips on what issuers can do to manage incidents during this peak fraud.

Read More

Breach Notification Law Adds Biometrics, Passport Data

Posted by Anna Kragie on Oct 25, 2019 7:00:00 AM

California has set a new precedent for breach notification laws that is continuing to gain ground nationwide. A bill was signed into law by Gov. Gavin Newsom that adds passports and biometric data ad part of the PII covered by California’s data breach notification law. 

California now joins15 additional states that require notification if a resident’s fingerprint or other biometric information is breached. The other states include: Arizona, Colorado, Delaware, Illinois, Iowa, Louisiana, Maryland, Nebraska, New Mexico, New York, North Carolina, South Dakota, Wisconsin, Wyoming and Washington.

“Now, California law will require companies to treat consumers’ passport numbers and unique biometric data with the same security that they would a credit card or Social Security number — if you collect it, you must protect it,” California Attorney General Xavier Becerra said.

This addition to the data breach notification law follows trends across the country that aim to crack down on how quickly businesses and government organizations must alert customers about their personal data being compromised. Conversations about how data breach legislation will impact how banks and credit unions approach consumer privacy and protecting personal credentials is an ongoing topic in Congress as well.

Read More

Why Community Banks and Credit Unions Need AI and Machine Learning

Posted by Anna Kragie on Oct 17, 2019 7:00:00 AM

The push for greater digitization across the financial services ecosystem has created another challenge for financial institutions: New channels for fraudsters to exploit and monetize. 

Banks must keep up with customer demand and offer more to compete, but they must also be mindful of the security measures needed to keep up with these trends. This has left many FIs with a Catch-22. Fraud trends are changing as fraudsters get more sophisticated in the methods they use to breach personal and financial data.

Big banks are proactively working to get ahead of fraudsters, but many smaller institutions are still relying on time-consuming, manual methods to spot fraud patterns — or count on their call centers to alert them when fraud occurs. This approach involves a lot of upfront time, money and analysis, only to fall short in being able to accurately pinpoint where an organization's biggest risks and how to get ahead of those trends. 

 The bigger banks with deep pockets are gaining a FinTech edge with teams of data scientists and sophisticated software tools to keep their fraud detection tools aligned with what the market demands. Smaller FIs know to compete they must embrace new technologies such as AI and machine learning. But knowing how and where to start can be the biggest hurdle.

Read More

Topics: Fraud

Inside CUNA's 'Stop The Data Breaches' Congressional Push

Posted by Anna Kragie on Sep 27, 2019 7:00:00 AM

As we approach the 10th month of the year, it's clear that 2019's data breach statistics will once again be one for the record books. The Credit Union National Association (CUNA) has made addressing this rapidly-growing problem part of its mission as it continues to push the U.S. Congress to pass meaningful data security legislation.

Last month, CUNA created ‘Stop the Data Breaches’ MAP campaign (member activation program) directed "credit unions to make Congress aware that there cannot be data privacy without data security." Earlier this month, CUNA continued on its mission with additional updates to the campaign.

“Credit unions already know that they bear the costs of these data breaches, so the goal of the campaign is to educate credit unions members about the issue in order to have them reach out to their Members of Congress to demand action,” said Adam Engelman, CUNA’s director of federal grassroots and programs. “Congress has indicated they are aware of the privacy issue, our mission is to get them to realize we cannot have privacy without security, and we need a data security standard for all entities that handle sensitive consumer information.”

Read More

How to Educate Your Customers When A Data Breach Occurs

Posted by Anna Kragie on Sep 20, 2019 7:00:00 AM

Data breaches are happening more frequently and when they are occurring the number of impacted consumers is growing. Not to mention, the scope is widening as droves of sensitive data is filling the dark web for fraudsters to monetize for their next big fraud scheme. This story is all too familiar for banks and credit unions leaders today.

At Rippleshot, we're in the business of proactively protecting our customers from the impact of data breaches, card fraud and other incidents that put your customer's data at risk. We're here to help you protect your own customers. We also recognize the reality that data breaches happen when gaps exist in other organization's security protocols, which can leave your own customer's sensitive data vulnerable. That's why we're also here: To help you educate your customers and members when the next big data breach happens — and what to do about it.

Below are our tips to bookmark to remind yourself what steps you should take when that next data breach occurs. True customer service means giving your customers actionable steps to ensuring they're protected. Learn how you protect your organization and your customer's trust with our 10 tips.

Read More