Category Archives: Credit card fraud

FBI 2020 Elder Fraud Report : 1 Billion loss

In 2020, IC3 received a total of 791,790 complaints with reported losses exceeding $4.1 billion. Based on the information provided in the complaints, approximately 28% of the total fraud losses were sustained by victims over the age of 60, resulting in approximately $1 billion in losses to seniors. This represents an increase of approximately $300 million in losses reported in 2020 versus what was reported by victims over 60 in 2019.

The initial contact in a lottery/sweepstakes scam is often a call, an email, a social media notification, or a piece of mail offering congratulations for winning a big contest, lottery, or sweepstakes the victim did not enter. To claim their prize, the victim is required to pay upfront fees and taxes. Subjects often request the payments be made via wire transfers or prepaid cards. Often, the scammers will ask for a victim’s banking information to transfer their winnings.

Read more in

CyberSecurity: All about mobile sim swap attack!

SIM Swap attack (aka SIM intercept attack ) is an identity theft where someone could impersonate your digital life & received all text messages etc in their own SIM. Just to clarify, Sim swap attack isn’t about swapping your physical sim.

How attacker achieve this?

In cybersecurity chain, The weakest link is human factor & attacker knows how easy it is to convince with someone. By nature, we trust other people or system as well. How hackers convince customer representative is called social engineering. Social engineering is all about pretending to be someone & convince to the person who can trust & provide valuable information. With the same technique, SIM swap could happen. In very simple terms, Attacker would pretend to be you & would convince to your telecom carriers to switching your SIM number to new SIM which owns by the attacker.

How dangerous it could be?

It is very bad for the victims when all your OTP, messages etc are received by someone. Lots of things could be done. most dangerous is when an attacker can gain access to your bank accounts, credit cards, all other sensitive information which depends on OTP & messages. Recent examples here. SIM swap! Man charged after million dollar cryptocurrency theft

What is the solution?

Well, In such cases, nothing much can be done except taking extra precaution. There are a few solutions like App-based two-factor authentication just like Text/Message based authentication. Your bank has two-factor authentication & OTP goes to your message. You could enable app based two-factor authentication like Google authenticator, Authy etc. App-based authentication generates an OTP & that OTP would be within the apps so someone needs to steal your device to get that OTP. 

Problem with app-based two-factor authentication is that it may not possible with every bank & still rely on text-based two-factor authentication.

Final Thought

Anything which is linked to your banking system needs security. If any loose point is vulnerable then the whole thing could be vulnerable. In cybersecurity, it is said that every vulnerability is exploitable.

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” 

― Stephane Nappo

CyberSecurity: EMV enabled credit cards does not stop fraud!

State bank of India asked their customer to get rid of a conventional swipe card and replace with EMV enabled chip cards. EMV Chips are considered to be safer & prevent credit/Debit cards fraud.

FYI: EMV stands for ‘Europay MasterCard Visa’ while the PIN is an acronym for the personal identification number.

Purpose of EMV

In theory, EMV should reduce fraud because every card transaction requires an encrypted connection between the chip card and the merchant’s point-of-sale terminal. EMV is meant to replace conventional swipe transactions that rely on magnetic strips, which contain data that is relatively easy for criminals to intercept and then copy on to a new card.

Reality of EVM

new report from the research firm Gemini Advisory has found that, of more than 60 million cases of credit card theft in the last 12 months, a whopping 93% of the stolen cards had the new chip technology.

This represents a major setback for the technology, known as the EMV standard, which is named after the companies (Europay, Mastercard and Visa) that created it.

“45.8 million…records [were] likely compromised through card-sniffing and point-of-sale (POS) breaches of businesses such as Saks, Lord & Taylor, Jason’s Deli, Cheddar’s Scratch Kitchen, Forever 21, and Whole Foods. To break it down even further, 90% or 41.6 million of those records were EMV chip-enabled,” states the report.

How fraud is still possible?

While the EMV standard is supposed to ensure the card data cannot be captured, many merchants are failing to properly configure their systems. This is the problem where banks & merchants are not configuring their systems and keep the system vulnerable.

What is the use of stolen Data?

There are multiple ways cybercriminals use stolen data. First & easy way is to sell these credit cards number in the dark web. A market full of criminals & isn’t public web or apps. The second method is that They create the replica of these cards & use it to withdraw money.

Reference:

http://fortune.com/2018/11/05/credit-card-chips-fail-to-halt-fraud-survey-says/