Rippleshot Blog

Originally Posted Feb 10, 2022 on The Paypers

João Moura, the CEO of Fraudio, discusses how AI models can outsmart merchant initiated fraud and help PSPs and acquirers onboard more merchants in order to grow faster, smarter, and safer

Originally Posted Jan 11, 2022 by Northwest Credit Union Association

When it comes to preventing card fraud, issuers need all the help they can get. Fortunately, credit unions have access to a variety of tools, resources, and expertise in their fight against fraudsters’ ever-changing tactics.

Card not present (CNP) fraud is the dominant type of payment fraud that Strategic Link partner CO-OP Financial Services is seeing among its credit unions’ portfolios, comprising over 80% of fraud incidents across both debit and credit.

One key contributor to this rise has been the increasingly bold use of BIN attacks, one of the most common types of CNP fraud.

Originally Posted Oct 4, 2021 by Polly Jean Harrison on The Fintech Times

 n.exchange, a cryptocurrency exchange specialising in fiat on- and off-ramp to make crypto investment user-friendly, unveils its crypto purchase credit card fraud attempt figures for 2019-2021. Its campaign to combat credit card fraud in cryptocurrency highlights a significant rise in fraudulent purchase attempts by cybercriminals using stolen card details, most of which was perpetrated from countries in the Western hemisphere.

Originally Posted Jan 24, 2022 on PYMNTS.com

Originally Posted Jan 8, 2022 by Gordon Kelly on Forbes

Last year saw the biggest hack in iPhone history, complete with individual horror stories from affected users. Now a haunting new discovery could make all iPhone attacks a lot worse.

Originally Posted Jan 21, 2022 by Chuck Brooks

The past two years has seen a rapid shift of work to remote and hybrid offices. The statistics show that hackers welcomed that shift and took advantage of the vulnerabilities and gaps in security by businesses.

Originally Posted Dec 11, 2020 by Alex Rolfe

Nearly half (40%) of merchants are reporting a rise in friendly fraud over the past 12 months, but the majority are struggling to challenge Google Pay and Apple Pay chargebacks successfully, research by Ravelin finds.

Consumers are growing increasingly concerned about how and where their personal credentials are being shared as a result of using FinTech apps —  particularly information linked to a banking or credit card account.

As more consumers turn toward FinTech apps to manage their finances, more indicate being concerned about the measures banks and credit unions are taking to safeguard their information. This data digs into how consumers feel about data privacy, interacting with FinTech apps and how FIs are using and storing that data.

At the end of April, US Payments Forum released its "Spring 2017 Market Watch Snapshot." The Forum is a cross-industry body created to address issues that require broad cooperation across the payments industry, including the introduction of EMV chip technology and other payment technologies in the U.S. Their report's top three topics of focus included merchant EMV chip adoption, clarifying CNP fraud status, and increasing focus on transit payments.

Here's a peek into US Payment Forum's recently released key insights on the subjects.

2 years ago, security professional and evangelist David Holmes dubbed 2014 as the “The Year of the Mega-Breach”, and reasonably so, as multiple headlines featured news of massive data breaches at Home Depot, J.P. Morgan Chase, and eBay. However, the following year had a roster of mega-breaches that made the previous year’s incidents pale in comparison, causing the term to quickly become obsolete. After a holistic review of the data breaches that have occurred throughout the current year, the Rippleshot Team has decided to resurrect the concept- with a little twist. Follow along as we discuss why 2016 is “The Year Of The SMB Breach”, how data breaches can be catastrophic to small to mid-size businesses (SMBs), and what implications SMB breaches have for the overall cybersecurity industry.

Bad news. Ransomware is back with a newfound vengeance. Many of us know ransomware to be a notorious form of malware that prevents users from accessing their own systems, either by locking a user from a system entirely (locker ransomware), or encrypting user files on an affected system (crypto-ransomware). In either case, users are forced to pay a ransom in order to restore functionality and access, many times to the tune of thousands of dollars. Although ransomware dates back to 1989, its practice has ebbed and flowed in its prevalence over the years. However, it is clear that 2016 has seen a marked increase in the frequency, cost, and effectiveness of ransomware incidents. Follow the Rippleshot Team as we document the return of ransomware and its impact on the cybersecurity landscape of 2016.

The landscape of fraud between 2015 to 2016 is best characterized as uncertain and dynamic. As government institutions such as the CFPB and FFIEC begin to play a bigger role in cybersecurity regulation, it has yet to be seen what data security protocols will be required of financial institutions. Also, pending legislation in Congress surrounding data security has the potential to determine federal standards of information security for merchants. Finally, with back-and-forth lawsuits between retailers, payment card networks, and issuers over disputes regarding EMV compliance and liability shift, nobody is exactly sure who will come out on top.

At Rippleshot, we understand how difficult it can be to juggle so many moving parts and develop actionable insights from them. That’s why we created a timeline for you to get up to speed on recent developments in card fraud and payments security.

A fiery debate has resurfaced between financial institutions, merchants, and consumer groups regarding the Data Security Act of 2015. The bipartisan bill introduced to Congress as H.R. 2205 by Representatives Randy Neugebauer and John Carney on May 1st, 2015 explicitly states two purposes: “to establish strong and uniform national data security and breach notification standards for electronic data” and “to expressly preempt any related State laws in order to provide the Federal Trade commission with authority to enforce such standards for entities covered under this Act.”

It’s been a hot couple of months for regulators and cybersecurity. Back in June, the FFIEC (Federal Financial Institutions Examination Council) introduced a new cybersecurity assessment and recommended guidelines for banks and credit unions. In August, a U.S. appeals court ruled that the FTC (Federal Trade Commission) has the authority to regulate corporate cybersecurity. And just a few weeks ago, Dwolla, a payment platform company, found itself the first ever data security target of the CFPB (Consumer Financial Protection Bureau), and was hit with $100,000 in fines. We review the details of each, and what this means for the future.

As the payments ecosystem continues to evolve and improve through new innovation, consumers are looking for easier, faster and more convenient methods to conduct transactions.