Rippleshot Blog

As payment technology evolves, so does the techniques of hackers. Gas stations skimming fraud has been one of the hot topics that continually falls onto the list of latest and greatest ways that fraudsters compromised payment card data at the pump. This is going to continue being a major topic of discussions across the financial services ecosystem long after the EMV deadline sets in for gas stations in October 2020.

This week, reports surfaced about gas station skimmer fraud. This issue made headlines after Krebs on Security reported about a memo sent out by the U.S. Secret Service. Krebs initially reported that the skimmers discovered were part of new bluetooth and SMS technology that were being used to steal payment data from consumer's devices. Krebs updated his report to include some clarifications after getting more information from sources close to the matter. He concluded that skimming fraud did occur, but not through SMS-enabled devices. 

As we detailed in our recap of 2018’s data breaches last week, patterns are shifting as fraudsters look for new ways to monetize data through more targeted, wide-reaching attacks that gathers more personal information in each sweep. Less breaches, but bigger impact — that was the story of 2018.

What the Identity Theft Resource Center’s report detailed about 2018 was that the number of personal records exposed more than doubled in 2018. Exposed PII records rose 126%. To be more specific, this was a sharp increase from 197,612,748 records exposed to 446,515,334 records exposed.

This aligns with what we shared in our State of Card Fraud: 2018 report we detailed why fraud is going to continue to get worse before it gets better. With new threats emerging at a pace faster than most organizations can keep up with, data breaches have become the status quo. Managing the fallout from these breaches has become as important as detecting when they occur. That's the story that's emerging in 2019. 

As 2019 enters its second month, financial institutions are ready to move on from 2018, and are rapidly focusing on how to prepare and protect their customers from the next big wave of credit card fraud. As the trends show, it's going to get better before it gets worse. This has been the storyline that continues to play out year after year. 

But to fully prepare for the year ahead, it's worth taking a quick recap of how 2018's figures stacked up, including data on what fraudsters are targeting most. After all, last year's figures give valuable hints into what 2019's biggest data breach headaches will likely be. The latest data from the Identity Theft Resource Center (ITRC) breaks down which sectors were hit the hardest, along with details about the biggest threats to emerge in 2018.

It should be no surprise that payment fraud increased during the recent holiday season as this is the trend each year. What is noteworthy, based on the latest ACI Worldwide benchmark data report on this subject, is what's contributing to that increase.

The report indicates that cross-channel payment fraud increased 13 percent globally during the 2018 peak holiday season, with an increase in "buy online, pick up in-store" being a major target for fraudsters as card-present fraud becomes increasingly difficult. Card-not-present (CNP) fraud has also grown as a result.

The latest report from Juniper Research indicates that eCommerce retailers are in store for a storm of card-not-present (CNP) fraud over the next 5 years. 

The research indicates that retailers should expect to see CNP fraud losses around $130 billion between 2018 and 2023. More sophisticated fraudster techniques, coupled with a delayed rate at which merchants invest in the latest FDP solutions as eCommerce transactions increase, is what's contributing to the record-setting fraud loss estimates. 

The latest report to come out of the Marriott data breach was a mixed bag of good news, bad news. The good news?The breach doesn't appear to have impacted as many people as originally thought. The bad news? An estimated 5.25 million unencrypted passport numbers, along with an estimated 8.6 million encrypted credit cards were stolen.

From what's been publicly reported, of those estimated 8.6 million credit cards, all but 354,000 were expired. It's believed that  2,000 unencrypted card numbers may have been stolen as part of the data breach.

Banks have plenty on their holiday checklist. More than enough to check it once...or even twice. Being prepared to combat holiday card fraud means proactively preparing long before the storm hits. 

The holiday season is also a busy time for fraudsters who prey on customers and financial institutions who are reluctant to decline a transaction or re-issue cards.  As a refresher for 2018, we’ve brought back our team’s tips on what issuers can do to manage incidents during this peak fraud.

This week’s data breach news covers two massive data breaches that have garnered attention on a national and international scale: Equifax and Marriott.

The Equifax breach, believed to have impacted 148 million U.S. consumers, has made headlines since it was discovered in September of 2017. The latest report related to the incident comes from a 14-month congressional investigation that suggests that Equifax could have prevented the breach had they followed proper security measures.

“Equifax failed to fully appreciate and mitigate its cybersecurity risks,” the staff majority report said. “As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable.”

Equifax’s network allowed hackers to gain access to company data for 76 days, according to the House report. Lawmakers are still calling on Equifax to pay to make up for what’s been called a lack of preventative measures to stop the breach from occurring, including a breakdown in recommended security protocols.

Tracking card fraud trends is a task the Rippleshot team is all too familiar with.  As any financial institution leader knows, card fraud is complex, labor-intensive, ever-changing and shouldn't be tackled alone. This is why we like to remind you that we're in this fight together.

We're here to collaboratively fight fraud – with data. Our new report State of Card Fraud: 2018 won't help you directly combat the rise of data breaches, but it is packed with droves of stats and insights to arm FIs with a greater understanding of how the problem is changing, what's contributing to these changes and what we predict will define 2018's card fraud story. We also share our newly released data points on how much card fraud is costing FIs, and our own curated  benchmark insights into what others in the industry fear most when it comes to managing card fraud, reissuance costs and customer impact.

Did you know? October is Cybersecurity Awareness Month. In the financial ecosystem, there's no real need for this regular reminder as data security is always at top of mind for FIs. But a refresher never hurts.

As part of the ABA Cybersecurity Awareness Webinar Series, Rippleshot Co-Founder Canh Tran was the featured speaker in a webinar titled "State of Card Fraud 2018," on Wednesday, Oct. 17. As we head into the holiday season — when card fraud will likely see an another surge — catch this year's prominent fraud trends and how much they're costing banks. Tran shares Rippleshot’s yearly fraud trend data, insights and what’s next.

Catch the full ABA Webinar here.

Where is credit card fraud most rampant? Which states have the highest — and why? A new report provides some insight into these questions that every financial institution executive across the country should care about.

New data from the Federal Trade Commission’s Consumer Sentinel Data Book provides some insight into just how much credit card fraud is growing across the U.S. According to the latest data, in 2017, there were 133,015 reports of credit card fraud across the United States.. this is close to a 7% increase from the year prior.

This data aligns with the ITRC's 2017 data breach report, which indicated that 2017 hit an all-time-high of 1,579 data breaches — or a 48% increase from the year prior. ITRC data breach records indicate there has already been 864 breaches that have exposed a total of 34,174,633 records (as of As of Aug. 31, 2018).

It's impossible for a bank executive to pinpoint just one fraud risk to be concerned about. From synthetic identity and account takeover fraud to skimming, ATM and CNP fraud, the running list of methods fraudsters are capitalizing on grows each year.

A recent article by the American Bankers Association Banking Journal took a deeper dive into the top five fraud risks banks face today — sharing insight from Rippleshot Co-Founder Canh Tran. He discussed the rise of online fraud and how financial institutions can prepare themselves to take on fraudsters.

ATM fraud schemes are becoming all too familiar in the financial ecosystem. Once again, the U.S. Secret Service has issued an alert to financial institutions about a new form of ATM skimming that fraudsters are using to gain access to payment card details.

The latest alert relates to what's being referred to as "ATM wiretapping" that involves magnets and medical devices to siphon customer account data from the card reader. This latest news was reported by KrebsOnSecurity, which indicated that this alert was given to banks using a non-public system to warn FIs about this new trend that involves the cutting of "cupcake sized-holes" into ATMs to steal the payment data.

Synthetic fraud is estimated to cost lenders more than $6 billion annually — and by all accounts, this problem is going to get worse before it gets better.

But why is synthetic fraud ballooning – and why are financial institutions finding it increasingly harder to crack down on? A rise in data breaches in recent years has only complicated this problem even more.

To help keep FIs educated with the latest data available in the market — and share expert’s take on how this problem has been transforming — we’ve released a new white paper titled Inside Synthetic Fraud.

Consumers are growing increasingly concerned about how and where their personal credentials are being shared as a result of using FinTech apps —  particularly information linked to a banking or credit card account.

As more consumers turn toward FinTech apps to manage their finances, more indicate being concerned about the measures banks and credit unions are taking to safeguard their information. This data digs into how consumers feel about data privacy, interacting with FinTech apps and how FIs are using and storing that data.