Rippleshot Blog

The landscape of fraud between 2015 to 2016 is best characterized as uncertain and dynamic. As government institutions such as the CFPB and FFIEC begin to play a bigger role in cybersecurity regulation, it has yet to be seen what data security protocols will be required of financial institutions. Also, pending legislation in Congress surrounding data security has the potential to determine federal standards of information security for merchants. Finally, with back-and-forth lawsuits between retailers, payment card networks, and issuers over disputes regarding EMV compliance and liability shift, nobody is exactly sure who will come out on top.

At Rippleshot, we understand how difficult it can be to juggle so many moving parts and develop actionable insights from them. That’s why we created a timeline for you to get up to speed on recent developments in card fraud and payments security.

A fiery debate has resurfaced between financial institutions, merchants, and consumer groups regarding the Data Security Act of 2015. The bipartisan bill introduced to Congress as H.R. 2205 by Representatives Randy Neugebauer and John Carney on May 1st, 2015 explicitly states two purposes: “to establish strong and uniform national data security and breach notification standards for electronic data” and “to expressly preempt any related State laws in order to provide the Federal Trade commission with authority to enforce such standards for entities covered under this Act.”

It’s been a hot couple of months for regulators and cybersecurity. Back in June, the FFIEC (Federal Financial Institutions Examination Council) introduced a new cybersecurity assessment and recommended guidelines for banks and credit unions. In August, a U.S. appeals court ruled that the FTC (Federal Trade Commission) has the authority to regulate corporate cybersecurity. And just a few weeks ago, Dwolla, a payment platform company, found itself the first ever data security target of the CFPB (Consumer Financial Protection Bureau), and was hit with $100,000 in fines. We review the details of each, and what this means for the future.

As the payments ecosystem continues to evolve and improve through new innovation, consumers are looking for easier, faster and more convenient methods to conduct transactions. 

This article was first published on PaymentWeek

In the last six months, we have seen these platforms compete and sometimes struggle, for market share as more retailers and tech companies introduced their respective mobile payment platforms.

As we start 2016 off, is security against data breaches on your company’s new year’s resolutions list? Over 750 data breaches were reported in 2015 and we will likely see an increase in quantity as well as impact in 2016. Experian recently released their annual Data Breach Industry Forecast and while breaches are expected to increase, who they are targeting and their methods are expected to change. Based on this report, we’ve created a helpful list of three things to add to your company’s new year’s resolutions for 2016.

We often hear about the hundreds of data breaches that hamper organizations every year and the impact cybercrime has on merchants, financial institutions and consumers. But rarely do we see the criminals behind these attacks identified by law enforcement, and it is an even rarer sight to see these criminals brought to justice. For many cases involving a data breach, it can take years to gather enough evidence for law enforcement to move forward with an investigation.

It has been almost a month since EMV’s adoption began here in the United States, and many consumers are still unaware of this massive change in the payment ecosystem. While you would be hard-pressed to find a payments expert who would classify the EMV shift as a disaster, when it rains, it pours.

We have yet to talk to a bank or credit union that isn’t employing real-time decline rules based around FICO Falcon or Visa VAA score bands - and with good reason. This solution has been around for an incredibly long time and is baked right into many existing risk management solutions. But payment card fraud is higher than it’s ever been - so what’s the problem?

Welcome to the second part of our blog series on cybersecurity and foreign affairs. Last week, we covered the recent data breaches and security incidents involving Russian-based hackers that have targeted organizations here in the United States, including the Internal Revenue Service (IRS) and the White House. 

In 2014, over 1 billion records were stolen due to data breaches and other security-related incidents. Some of the most well known brands here in the United States were the target of cyberattacks, making it nearly impossible to not be affected, or know of someone who had been.

There is just over one week left before the EMV liability shift takes place, and it’s looking like neither consumers nor merchants will be as prepared as expected. Though many experts have been claiming for months that the U.S. will be unlikely to hit the self-imposed October 1st deadline, recent surveys have shown a much more grim outlook.

In 2013, the Target data breach had everyone from consumers, businesses, financial institutions and those who sit somewhere in-between, trying to navigate following a catastrophic data theft. Consumers frustrated by the retailer’s data security standards attempted to bring Target to justice through class action lawsuits. However, a recent court ruling has made it much easier for organizations that suffer a data breach to be sued by affected customers. Up until late July, breached companies were able to use a legal rule to shield them from potential damages related to class action lawsuits.

The latest fraud scheme is targeting an unlikely audience of millennials, and using social media to do it. By hitting an audience of college students or recent graduates who are likely cash-strapped and living paycheck to paycheck, the fraudsters are cashing in - literally - on this group’s often outright desperation for a quick buck.

As we approached the end of 2014, dubbed “the year of the data breach”, the US had experienced a record high of 783 publicly announced data breaches. You could not turn on the TV, open a newspaper or surf the internet without hearing how globally recognized organizations like Home Depot, JPMorgan Chase, UPS, Target and many more fell victim to a breach. Consumers experienced data breach fatigue and started to become unfazed as breach after breach was uncovered. With the 2015 holiday season nearing, analysts are looking to see if 2014’s stretch of breaches will affect consumer shopping habits in 2015.