Rippleshot Blog

Only two months into 2016, and the Identity Theft Resource Center is reporting nearly 1.7 million records have been exposed in data breaches thus far. And as we noted in last week’s newsletter, an increasing concern in the security space is the inevitable increase in card-not-present fraud, as e-commerce numbers continue to skyrocket and EMV adoption pushes fraudsters online. With e-commerce fraud at the top of everyone’s minds, Experian released a new report outlining the riskiest locations in the United States - both where the fraudsters are located, and where their victims are.

In this week's recap, Gemalto releases 2015 Breach Level Index findings, the Atlanta FRB makes 2016 payments predictions, Merchant Link lets us in on EMV's "dirty little secret," U.S. e-commerce sales continue to skyrocket, and Rippleshot VP of Operations Marci McCalmon hits the blog to explains what you need to know about encryption vs tokenization.

For thousands of years, humans have created secret codes to protect important information from others. Military secrets, formulas to create goods like silk, and personal information are seen throughout history as being masked to communicate so unintended recipients could not read the message.  There are two main ways to communicate information in secret; tokenization and encryption. The terms tokenization and encryption are often interchanged, yet they actually have very specific definitions. Let’s dig in deeper to find out more about the differences between the two.

In this week's recap, a viral Facebook post reveals a clever fraudster's new way of defrauding contactless cardholders on public transit, FIS & Paydiant launch cardless ATMs, a survey reveals interesting statistics around IT professionals and security, Obama names the chairs of his new cybersecurity commission, and Rippleshot CEO Canh Tran hits the blog to talk about the recent hospitality data breach trend.

Hackers are increasingly targeting the lodging and restaurant industries to steal customer card information.  According to a Trustwave study of data breaches in 24 countries, 38% occurred at hotels making it the most breached type of business.  In the last two years alone the industry has experienced several high profile breaches at well-known chains.  While the well-known chains have gathered the most attention, no doubt smaller hotels and motels are likely to have been targeted as well.  Most of those go undetected or unreported creating additional headaches for consumers whose card information has been stolen and for banks who need to mitigate the subsequent fraud losses.

In this week's recap, a recently discovered hacking group is rolling back ATM transactions to dupe banks, the White House seeks its first CISO, additional details are revealed in the DHS & FBI hack, a new survey reveals the dark future many businesses have resigned themselves to regarding breaches, and the Rippleshot team covers the increase in gas pump skimming.

We’ve long covered the issues with gas pump skimmers, and have consistently seen automated fuel dispensers (MCC 5542) show up in the most compromised merchant categories. But this history, combined with the extended deadline for gas stations to become EMV compliant, has led to them being an even bigger and easier target for hackers.

In this week's recap, Neiman Marcus suffers another data breach, a new report shows the scale of breaches due to human error, another study shows the lasting repercussions organziations face after a data incident, a closer inspection is done on consumer behavior after data breaches, and team Rippleshot covers the economic of breaches - from the hackers' point of view.

According to IT Governance, over 57 million records were exposed worldwide in data breaches in January of this year alone. The attacks are far from slowing down, but with the help of Palo Alto Networks and Ponemon’s most recent report, we are learning more about how hackers work, who they target and why.

In this week's issue, the FBI has warned the University Of Virginia of a data breach, fraudsters value stolen account information more so than payment card information, Wendy's is probing a potential data breach affecting its locations, a new survey shows that data breaches damage financial institutions, and for this week's Rippleshot content, we take a look at contactless payment cards and the fraud risk they currently pose.

As the payments ecosystem continues to evolve and improve through new innovation, consumers are looking for easier, faster and more convenient methods to conduct transactions. 

In this week's issue, TalkTalk data breach victims are being denied compensation, a cyber-insurer is being sued over an insurance policy, TaxAct acknowledges that a data breach has occured, a casino group has sued Trustwave over a 2013 data breach, and for this week's Rippleshot content, Rippleshot CEO Canh Tran gives an update on the mobile payment platforms. 

This article was first published on PaymentWeek

In the last six months, we have seen these platforms compete and sometimes struggle, for market share as more retailers and tech companies introduced their respective mobile payment platforms.

In this week's issue, a hacker is facing a 334 year sentence, scammers target Dell customers months after potential breach, the Dept. of Education is at risk for compromise, a phishing email targeting WhatsApp users is delivering malware and in this week's Rippleshot content, we look at ATM fraud trends and statistics.