In this week's issue, the FBI issues a warning about EMV's security, America's Thrift Stores suffers a data breach, retail and healthcare premiums increase for cyber insurance, Uber exposes its users' information in another data breach and this week, we discuss the problems with score-based decline rules.
We’re now two weeks into the October EMV migration and more cardholders are beginning to receive their microchip-enabled credit and debit cards. Hundreds of millions payment cards that originally transacted using payment data stored on magnetic strips will have to be replaced. This past weekend, the FBI issued a press release warning of the security risks involving EMV cards. In the release, the FBI acknowledges that EMV cards are inherently more secure than the traditional magnetic stripe cards. However, the EMV technology does not prevent lost and stolen cards from being used fraudulently. With Chip-and-signature, it is possible to transact with a card online or over the telephone negating the usefulness of the chip.
Want to learn more about EMV and the impact it's going to have in the United States? Download a copy of our EMV-focused white paper here.
Charity store chain, America’s Thrift Stores, announced this week that it had been the target of a cyberattack, compromising its systems. According to Brian Krebs of KrebsOnSecurity, financial institutions began to see fraudulent transactions tied to cards that made purchases at America’s Thrift Stores. The breached retailer currently operates in five states with eighteen brick-and-mortar locations. In a statement issued by America’s Thrift Stores’ CEO, the data breach compromised any sales transactions between September 1 and September 27 of this year. After working with the U.S. Secret Service and a forensic investigator, it appears that security breach did not the personal information of its customers.
By the end of 2014, 43 percent of companies here in the U.S. had suffered a data breach. Some of these companies were fortunate enough to have a cyber insurance policy in place to offset the massive financial cost associated with a breach. Over the past two years, major insurance brokers have had to increase their cyber premiums due to a steady increase in data breaches. Organizations in the retail and healthcare industries appear to be hit the hardest from this, seeing a 32 percent increase in premiums during the first half of 2015. Insurers are rewarding retailers and other organizations that adopt newer technologies, such as two-factor authentication and tokenization.
Nearly seven months ago, Uber disclosed that its company had suffered a data breach, compromising the personal information of 50,000 of its current and former drivers. Uber is back in the spotlight after the company inadvertently compromised the personal information of almost 1,000 of its drivers. Uber created a new partner app that would allow its drivers to upload key documents such as proof of insurance, a copy of a driver's license, and other vehicle information. Due to a security vulnerability, Uber drivers were able to access the previously mention information of other Uber drivers across the country.
High-resolution photos of driver's licenses, insurance certificates and W-9 tax forms could be viewed and downloaded for fraudulent uses. Before the vulnerability was fixed by Uber, anyone could access these files after watching a 15-minute welcome video and submitting some contact information.
For this week’s Rippleshot content, we break down the main issues surrounding score-based declines rules that smaller financial institutions use daily. As we approach the 2015 holiday shopping season, maintaining a balanced false positive ratio vs. fraud capture relationship will be crucial for financial institutions. At its most basic level, banks and credit unions of all sizes have to make a decision. Capture more fraud but disturb more customers with transaction declines, or lower the false positives to reduce customer impact while capturing less fraud. We even included a FPR vs. Fraud Captured worksheet, which you can use to plot your own score-based rule performance!