Merchants, Banks Confront Rising Friendly Fraud
Sometimes the biggest threats come from the foes who pose as friends, spinning tales that seem legitimate and often urgent. And then comes the realization:
You’ve been scammed.
Eric Kraus, V.P. and general manager of Fraud, Risk and Compliance Solutions at FIS, told PYMNTS that friendly fraud looms as a growing threat for merchants and banks alike.
Friendly fraud is another name for first party chargeback fraud, which occurs when a consumer buys something online through a card-based purchase, and then disputes the charges or requests a chargeback, having already received the item or the service that they bought. The conversation was held against the backdrop where merchants of all sizes say “friendly fraud” is the No. 1 fraud trend they are dealing with, representing a significant increase in loss exposure the past few years.
Then there’s “refund fraud” which also occurs after the transaction is completed. However in this scenario, the goods that have been purchased are not returned — or something else entirely is sent back to the merchant.
As he said, illustrating what might happen to an unwitting merchant:
“The last thing you want is to initiate a refund and then open up the iPad box and see that it’s empty.”
Friendly fraud, he said, has become a favorite of scammers in recent months, so much so that he said FIS has seen some eCommerce merchants estimate that 80% of their claims are tied to it.
“These scams are especially high in the digital goods space,” he said.
Banks and credit unions are also feeling the pinch. Disingenuous cardholders, he said, will try to make claims with their financial institutions (FIs), stating that their cards were stolen multiple times in a short period of time as an example.
In the digital age, the bad actors are also leveraging technology to help them launch attacks at scale, compromising point-of-sale devices and “testing” cards. To figure out if a stolen credit card number is valid, thieves sometimes attempt small purchases to see which cards get approved. The fraudster can then make larger purchases over time. Manually testing takes time, so criminals use botnets to run thousands of low-value transactions quickly.
Source…
Google exposes nine-month counter-terror hacking op by ‘friendly’ government, raising questions about what makes an ally — RT World News
A Google hacking team has exposed — and shut down — an expert counterterrorism hacking operation by a supposed US ally. While the report hid most details, it raised troubling questions on what constitutes an ally in cyberspace.
The tech giant’s Project Zero and Threat Analysis Group hacking teams uncovered and ultimately put an end to a counter-terrorism operation being run by a US ally, according to MIT Tech Review, which detailed the internal struggle at Google over whether to publicize the incident and what it implied for future cyber-espionage (apparently, all’s fair in love, war, and malware attacks).
Both Project Zero, which uncovers and exposes security vulnerabilities, and Threat Analysis Group, which tracks hacks believed to be run by governments, helped take down the “friendly” malware attack, which weaponized 11 zero-day vulnerabilities in the course of nine months. A zero-day vulnerability is a flaw that the software’s creator and user are unaware exists, a security issue that can be used as a backdoor and otherwise exploited until it is discovered.
Cropping up 11 times in nine months – more frequently than a typical zero-day exploit – the attack targeted devices powered by iOS, Android, and Windows. The exploits were innovative (MIT described them as “never-before-seen techniques”) and used infected websites as “watering holes” to deliver malware to unfortunate visitors. The infection process had been ongoing since early 2020.
Also on rt.com
Google researchers reveal exploit that let hackers ‘own’ iPhones REMOTELY – but waited 6 months to tell the world
MIT revealed on Friday that the hackers running the scheme were “actually Western government operatives actively conducting a counter-terrorism operation,” an unusual revelation given that tracing hacks to state-level actors is not the easy-to-grasp, cut-and-dried operation that US cybersecurity firms like CrowdStrike and FireEye like to describe when they speak with reporters.
Indeed, while Google’s Threat Analysis Group attributes hacks to states, Project Zero does not, though private security companies…
Boom In Demand For Friendly Hackers As 5G Approaches
As the number of online devices surges and superfast 5G connections roll out, record numbers of companies are offering handsome rewards to ethical hackers who successfully attack their cybersecurity systems.
The fast-expanding field of internet-connected devices, known as the “internet of things” (IoT) which includes smart televisions and home appliances, are set to become more widespread once 5G becomes more available — posing one of the most serious threats to digital security in future.
At a conference hosted by Nokia last week, “friendly hacker” Keren Elazari said that co-opting hackers — many of whom are amateurs — to hunt for vulnerabilities “was looked at as a trendy Silicon Valley thing six to eight years ago”.
But “bug bounty programmes” are now offered by organisations ranging from the Pentagon and banks such as Goldman Sachs to airlines, tech giants and thousands of smaller businesses.
The largest bug-bounty platform, HackerOne, has 800,000 hackers on its books and said its organisations paid out a record $44 million (38.2 million euros) in cash rewards this year, up 87 percent on the previous 12 months.
“Employing just one full-time security engineer in London might cost a company 80,000 pounds (89,000 euros, $106,000) a year, whereas we open companies up to this global community of hundreds of thousands of hackers with a huge diversity in skills,” Prash Somaiya, security solutions architect at HackerOne, told AFP.
“We’re starting to see an uptick in IoT providers taking hacking power seriously,” Somaiya said, adding that HackerOne now regularly ships internet-connected toys, thermostats, scooters and cars out to its hackers for them to try to breach.
“We already know from what has happened in the past five years that the criminals find very clever ways to utilise digital devices,”…
91 “child friendly” Android apps accused of exploitation
|