Rippleshot Blog

Originally Posted Dec 11, 2020 by Alex Rolfe

Nearly half (40%) of merchants are reporting a rise in friendly fraud over the past 12 months, but the majority are struggling to challenge Google Pay and Apple Pay chargebacks successfully, research by Ravelin finds.

Consumers are growing increasingly concerned about how and where their personal credentials are being shared as a result of using FinTech apps —  particularly information linked to a banking or credit card account.

As more consumers turn toward FinTech apps to manage their finances, more indicate being concerned about the measures banks and credit unions are taking to safeguard their information. This data digs into how consumers feel about data privacy, interacting with FinTech apps and how FIs are using and storing that data.

At the end of April, US Payments Forum released its "Spring 2017 Market Watch Snapshot." The Forum is a cross-industry body created to address issues that require broad cooperation across the payments industry, including the introduction of EMV chip technology and other payment technologies in the U.S. Their report's top three topics of focus included merchant EMV chip adoption, clarifying CNP fraud status, and increasing focus on transit payments.

Here's a peek into US Payment Forum's recently released key insights on the subjects.

2 years ago, security professional and evangelist David Holmes dubbed 2014 as the “The Year of the Mega-Breach”, and reasonably so, as multiple headlines featured news of massive data breaches at Home Depot, J.P. Morgan Chase, and eBay. However, the following year had a roster of mega-breaches that made the previous year’s incidents pale in comparison, causing the term to quickly become obsolete. After a holistic review of the data breaches that have occurred throughout the current year, the Rippleshot Team has decided to resurrect the concept- with a little twist. Follow along as we discuss why 2016 is “The Year Of The SMB Breach”, how data breaches can be catastrophic to small to mid-size businesses (SMBs), and what implications SMB breaches have for the overall cybersecurity industry.

Bad news. Ransomware is back with a newfound vengeance. Many of us know ransomware to be a notorious form of malware that prevents users from accessing their own systems, either by locking a user from a system entirely (locker ransomware), or encrypting user files on an affected system (crypto-ransomware). In either case, users are forced to pay a ransom in order to restore functionality and access, many times to the tune of thousands of dollars. Although ransomware dates back to 1989, its practice has ebbed and flowed in its prevalence over the years. However, it is clear that 2016 has seen a marked increase in the frequency, cost, and effectiveness of ransomware incidents. Follow the Rippleshot Team as we document the return of ransomware and its impact on the cybersecurity landscape of 2016.

The landscape of fraud between 2015 to 2016 is best characterized as uncertain and dynamic. As government institutions such as the CFPB and FFIEC begin to play a bigger role in cybersecurity regulation, it has yet to be seen what data security protocols will be required of financial institutions. Also, pending legislation in Congress surrounding data security has the potential to determine federal standards of information security for merchants. Finally, with back-and-forth lawsuits between retailers, payment card networks, and issuers over disputes regarding EMV compliance and liability shift, nobody is exactly sure who will come out on top.

At Rippleshot, we understand how difficult it can be to juggle so many moving parts and develop actionable insights from them. That’s why we created a timeline for you to get up to speed on recent developments in card fraud and payments security.

A fiery debate has resurfaced between financial institutions, merchants, and consumer groups regarding the Data Security Act of 2015. The bipartisan bill introduced to Congress as H.R. 2205 by Representatives Randy Neugebauer and John Carney on May 1st, 2015 explicitly states two purposes: “to establish strong and uniform national data security and breach notification standards for electronic data” and “to expressly preempt any related State laws in order to provide the Federal Trade commission with authority to enforce such standards for entities covered under this Act.”

It’s been a hot couple of months for regulators and cybersecurity. Back in June, the FFIEC (Federal Financial Institutions Examination Council) introduced a new cybersecurity assessment and recommended guidelines for banks and credit unions. In August, a U.S. appeals court ruled that the FTC (Federal Trade Commission) has the authority to regulate corporate cybersecurity. And just a few weeks ago, Dwolla, a payment platform company, found itself the first ever data security target of the CFPB (Consumer Financial Protection Bureau), and was hit with $100,000 in fines. We review the details of each, and what this means for the future.

As the payments ecosystem continues to evolve and improve through new innovation, consumers are looking for easier, faster and more convenient methods to conduct transactions. 

This article was first published on PaymentWeek

In the last six months, we have seen these platforms compete and sometimes struggle, for market share as more retailers and tech companies introduced their respective mobile payment platforms.

As we start 2016 off, is security against data breaches on your company’s new year’s resolutions list? Over 750 data breaches were reported in 2015 and we will likely see an increase in quantity as well as impact in 2016. Experian recently released their annual Data Breach Industry Forecast and while breaches are expected to increase, who they are targeting and their methods are expected to change. Based on this report, we’ve created a helpful list of three things to add to your company’s new year’s resolutions for 2016.

We often hear about the hundreds of data breaches that hamper organizations every year and the impact cybercrime has on merchants, financial institutions and consumers. But rarely do we see the criminals behind these attacks identified by law enforcement, and it is an even rarer sight to see these criminals brought to justice. For many cases involving a data breach, it can take years to gather enough evidence for law enforcement to move forward with an investigation.

It has been almost a month since EMV’s adoption began here in the United States, and many consumers are still unaware of this massive change in the payment ecosystem. While you would be hard-pressed to find a payments expert who would classify the EMV shift as a disaster, when it rains, it pours.

We have yet to talk to a bank or credit union that isn’t employing real-time decline rules based around FICO Falcon or Visa VAA score bands - and with good reason. This solution has been around for an incredibly long time and is baked right into many existing risk management solutions. But payment card fraud is higher than it’s ever been - so what’s the problem?

Welcome to the second part of our blog series on cybersecurity and foreign affairs. Last week, we covered the recent data breaches and security incidents involving Russian-based hackers that have targeted organizations here in the United States, including the Internal Revenue Service (IRS) and the White House.