Rippleshot Blog

The latest report to come out of the Marriott data breach was a mixed bag of good news, bad news. The good news?The breach doesn't appear to have impacted as many people as originally thought. The bad news? An estimated 5.25 million unencrypted passport numbers, along with an estimated 8.6 million encrypted credit cards were stolen.

From what's been publicly reported, of those estimated 8.6 million credit cards, all but 354,000 were expired. It's believed that  2,000 unencrypted card numbers may have been stolen as part of the data breach.

Banks have plenty on their holiday checklist. More than enough to check it once...or even twice. Being prepared to combat holiday card fraud means proactively preparing long before the storm hits. 

The holiday season is also a busy time for fraudsters who prey on customers and financial institutions who are reluctant to decline a transaction or re-issue cards.  As a refresher for 2018, we’ve brought back our team’s tips on what issuers can do to manage incidents during this peak fraud.

This week’s data breach news covers two massive data breaches that have garnered attention on a national and international scale: Equifax and Marriott.

The Equifax breach, believed to have impacted 148 million U.S. consumers, has made headlines since it was discovered in September of 2017. The latest report related to the incident comes from a 14-month congressional investigation that suggests that Equifax could have prevented the breach had they followed proper security measures.

“Equifax failed to fully appreciate and mitigate its cybersecurity risks,” the staff majority report said. “As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable.”

Equifax’s network allowed hackers to gain access to company data for 76 days, according to the House report. Lawmakers are still calling on Equifax to pay to make up for what’s been called a lack of preventative measures to stop the breach from occurring, including a breakdown in recommended security protocols.

Tracking card fraud trends is a task the Rippleshot team is all too familiar with.  As any financial institution leader knows, card fraud is complex, labor-intensive, ever-changing and shouldn't be tackled alone. This is why we like to remind you that we're in this fight together.

We're here to collaboratively fight fraud – with data. Our new report State of Card Fraud: 2018 won't help you directly combat the rise of data breaches, but it is packed with droves of stats and insights to arm FIs with a greater understanding of how the problem is changing, what's contributing to these changes and what we predict will define 2018's card fraud story. We also share our newly released data points on how much card fraud is costing FIs, and our own curated  benchmark insights into what others in the industry fear most when it comes to managing card fraud, reissuance costs and customer impact.

Did you know? October is Cybersecurity Awareness Month. In the financial ecosystem, there's no real need for this regular reminder as data security is always at top of mind for FIs. But a refresher never hurts.

As part of the ABA Cybersecurity Awareness Webinar Series, Rippleshot Co-Founder Canh Tran was the featured speaker in a webinar titled "State of Card Fraud 2018," on Wednesday, Oct. 17. As we head into the holiday season — when card fraud will likely see an another surge — catch this year's prominent fraud trends and how much they're costing banks. Tran shares Rippleshot’s yearly fraud trend data, insights and what’s next.

Catch the full ABA Webinar here.

Where is credit card fraud most rampant? Which states have the highest — and why? A new report provides some insight into these questions that every financial institution executive across the country should care about.

New data from the Federal Trade Commission’s Consumer Sentinel Data Book provides some insight into just how much credit card fraud is growing across the U.S. According to the latest data, in 2017, there were 133,015 reports of credit card fraud across the United States.. this is close to a 7% increase from the year prior.

This data aligns with the ITRC's 2017 data breach report, which indicated that 2017 hit an all-time-high of 1,579 data breaches — or a 48% increase from the year prior. ITRC data breach records indicate there has already been 864 breaches that have exposed a total of 34,174,633 records (as of As of Aug. 31, 2018).

It's impossible for a bank executive to pinpoint just one fraud risk to be concerned about. From synthetic identity and account takeover fraud to skimming, ATM and CNP fraud, the running list of methods fraudsters are capitalizing on grows each year.

A recent article by the American Bankers Association Banking Journal took a deeper dive into the top five fraud risks banks face today — sharing insight from Rippleshot Co-Founder Canh Tran. He discussed the rise of online fraud and how financial institutions can prepare themselves to take on fraudsters.

ATM fraud schemes are becoming all too familiar in the financial ecosystem. Once again, the U.S. Secret Service has issued an alert to financial institutions about a new form of ATM skimming that fraudsters are using to gain access to payment card details.

The latest alert relates to what's being referred to as "ATM wiretapping" that involves magnets and medical devices to siphon customer account data from the card reader. This latest news was reported by KrebsOnSecurity, which indicated that this alert was given to banks using a non-public system to warn FIs about this new trend that involves the cutting of "cupcake sized-holes" into ATMs to steal the payment data.

Synthetic fraud is estimated to cost lenders more than $6 billion annually — and by all accounts, this problem is going to get worse before it gets better.

But why is synthetic fraud ballooning – and why are financial institutions finding it increasingly harder to crack down on? A rise in data breaches in recent years has only complicated this problem even more.

To help keep FIs educated with the latest data available in the market — and share expert’s take on how this problem has been transforming — we’ve released a new white paper titled Inside Synthetic Fraud.

Consumers are growing increasingly concerned about how and where their personal credentials are being shared as a result of using FinTech apps —  particularly information linked to a banking or credit card account.

As more consumers turn toward FinTech apps to manage their finances, more indicate being concerned about the measures banks and credit unions are taking to safeguard their information. This data digs into how consumers feel about data privacy, interacting with FinTech apps and how FIs are using and storing that data.

As if financial institutions didn’t have enough fraud problems to worry about, there appears to be another growing trend in the hacker ecosystem that’s caught the attention of the FBI: ATM cash outs.

Like most fraud trends, ATM cash outs aren’t a new phenomenon, but they have been getting national attention this month after it was reported that cybercriminals are likely in the works to commit a global fraud scheme that’s commonly referred to as an ATM cash-out. These financial attacks allow for fraudsters to withdraw millions of dollars in hours, according to a report by Krebs on Security.

This scheme involves malware that allows the hackers to gain access to banks’ customer card data, along with network access, in order to execute the theft of funds from ATMs on a massive scale. These “cybercrime gangs” as they referred to are believed to use phishing tactics to break into a bank or payment card processor system. This involves removing fraud controls from banks that would stop limits on the number of customer ATM transactions/limits allowed daily.

A new study indicates there is a high level of disconnect between consumer trust over how organizations handle personal data, and how those companies perceive being equipped to fully protect that data.

The true weight from the massive Equifax data breach that’s believed to have impacted roughly 148 million Americans is going to be felt for years to come. One year later, there seems to plenty of questions as to how the company dealt with the aftermath, and what it is doing to prevent a breach of such magnitude from occurring again.

The Equifax breach has dominated headlines in the fraud ecosystem not just because of the total number of exposed records, but also because of the scope of what those records entailed. The nature of the sensitive details — including SSNs, credit card details and tax IDs — are what placed the incident on the list of worst corporate data breaches in the U.S.

So what’s happened in the year following Equifax’s discovery of the breach? Besides a lot of public criticism, and new leadership, there’s been a series of congressional hearings and investigations that have left the credit reporting agency in the hot seat since the incident was first reported.

The latest data breach report signals both good and bad news as it relates to the costs of breaches since 2017.

The bad news? Research from the Ponemon Institute and IBM Security shows losses related to data breaches have increased 6.4 percent in the past year. The good news? For those companies that were able to contain the breach within 30 days, their losses have been less significant.

The study, which reviewed the impact of data breaches on a global scale, specifically noted that U.S. companies saw the highest average data breach cost at $7.91 million. Compared to the global average of $3.86 billion, this figure is more than double in the U.S. For companies that were able to identify a breach and implement a remedy within a month or less, savings were roughly $1 million when compared with those who did not.

Gas station skimmers have been a heated topic across the fraud management ecosystem for years. Since the EMV chip card compliance deadline isn’t until October 2020  — roughly five years after the liability shift was implemented for merchants — this gap has left gas stations in the fraud spotlight.

Just last week, heading into the July 4th holiday, the U.S. Secret Service once again released warnings reminding consumers about the dangers of credit card fraud that can stem from gas station skimmers. In recent years, skimmers have been a rapidly-growing problem due to tech advancements that’s allowed them to be designed slimmer than a credit card — and cheaper to produce. With fraudsters’ ability to insert them seamlessly into machines with less obtrusive methods, this has led to an uptick in concerns from issuers in how to proactively confront this expensive problem.