In this week's recap, TreasureHunt malware steals card data direct from merchant POS systems, fuel pump payments set for major disruption and overhaul by 2020, retailers take to the Fed to try and lower debit card fees, hackers breach two major law firms, and the Rippleshot blog takes on the regulatory agencies' recent foray into cybersecurity issues.TreasureHunt Malware Steals POS Credit Card Data From Retailers
A new piece of custom-built malware is stealing payment card information directly from POS terminals. It seems to be specifically targeting smaller merchants who have yet to upgrade to EMV compliant terminals. While the first instance of TreasureHunt was deployed in 2014, the last year has seen increased prevalence of the malware, since fraudsters are trying to cash in before all merchants are EMV compliant.
Let’s Talk Payments breaks down fuel pump fraud, why it’s going to take them longer to upgrade their payment terminals, and which emerging payment solutions are gaining momentum in the space.
With many of their legal options exhausted, retailers turn to the Federal Reserve to try and set a lower cap on card swipe fees. The average swipe fee is currently $0.24 per transaction, which retailers feel is far too high for an industry which averages profits in the 1-4% area.
Earlier this week, two U.S. law firms, Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP announced they are investigating a breach of their systems this past summer. It is not yet clear what information the hackers stole, but the focus of the investigation is on whether the information was taken for the purpose of insider trading - a worry certainly not out of the question, given the case last year involving Ukrainian hackers.Rippleshot Content: Cybersecurity - The Hot New Topic in Regulatory Space
It’s been a hot couple of months for regulators and cybersecurity. Back in June, the FFIEC (Federal Financial Institutions Examination Council) introduced a new cybersecurity assessment and recommended guidelines for banks and credit unions. In August, a U.S. appeals court ruled that the FTC (Federal Trade Commission) has the authority to regulate corporate cybersecurity. And just a few weeks ago, Dwolla, a payment platform company, found itself the first ever data security target of the CFPB (Consumer Financial Protection Bureau), and was hit with $100,000 in fines. We review the details of each, and what this means for the future.
Get our weekly recaps in your inbox as soon as they're published by signing up below: