As new countries such as those in the Nordics embrace contactless payments, people are asking about the impact on fraud. We discussed this last month at the DT Fraud Conference 2017, where Peter Bayley from Visa and I debated some of the issues arising. The good news is that contactless doesn’t appear to increase fraud. But it could. The first thing to note here is that the type of fraud consumers worry about is hugely unlikely. This is “proximity intercept,” where a card’s signal is grabbed by a fraudster’s device. The fear of this is played on by the manufacturers of physical RFID wallets, and sometimes even by the media. It sounds plausible but has not proven to be a big problem. The more likely potential threat of contactless is actually more complicated, and involves “disowned” transactions where the consumer fails to recall a transaction; in extreme circumstances this can... [Read More]
As much of our lives and our spending has gone online, the criminal’s life has become exponentially easier and the risks of getting caught exponentially smaller. If I can capture enough information about you through your naivety — such as getting you to respond to a phishing e-mail, or through your lack of risk awareness by capitalising on your lack of up-to-date anti-malware — then I can “borrow” your credentials and re-use them without you knowing for hours, days, sometimes weeks or even months. And the chance of the trail leading back to me? Miniscule! FICO is the longest established and most respected defence against credit card fraud, with more than two-thirds of the world’s credit card payments protected by FICO® Falcon® Fraud Manager, which evaluates every card transaction in speeds faster than the blink of an eye. Despite Falcon’s success, though, some fraudulent transactions – and especially those where... [Read More]
Sometimes, even when a vulnerability is identified or a threat properly qualified, it is too late to do something about it. The crime has already taken place. This is the antithesis of the future seen in the Spielberg movie Minority Report, where seers expose “PreCrimes.” In today’s security world, we’re less likely to find something about to happen, or even something happening now, and more likely to find something that happened long ago. Here’s what I’m talking about. Earlier this year, IDG polled security “experts” to predict the “single biggest security threat of 2016”. The brief was to sum this risk up in just one sentence. My contribution was: “The biggest single security threat is cyber – more specifically, for business and political entities it is probably nation state espionage and APT (advanced persistent threat) actors.” It was a view, from the survey, shared by only about 8% of my... [Read More]
When FICO hosted the Business Continuity Institute Forum covering the South and East of England at our London offices last month, you might have expected technology to top the agenda. But what dominated the discussion among more than 40 business continuity and cyber security experts was not malware but “humanware” — that is, people. Social engineering remains one of the most effective ways to get past an organisation’s defenses. Most delegates had to concede that their business operations conventions probably led to inadvertent exposure. Look how easy it is: A common email address structure (firstname.surname@company.com) means a criminal only has to know someone’s name to target a successful mail. Outsourced IT support that routinely use remote access services to remediate staff IT problems means that staff are quite likely to permit “IT personnel” to access their systems. Visitor handling routines generally permit a well-presented and well-informed stranger to be provided... [Read More]
The recent spike in ATM compromises and fraud in the US reminds us that something we do all the time — getting cash from a cash machine — can be risky business. However, with so many different types of banks and ATMs, it can be challenging to decipher what is cause for concern and what is just a trustworthy ATM. Here are four signs that an ATM has been tampered with: 1. It looks different — perhaps it has an unfamiliar layout or appears much newer or shinier than the same bank’s ATMs next to it. Criminals are adept at placing card or cash capture devices and PIN compromise devices in or around ATMs to get quick access to consumer funds. Some even install entire false fronts to ATMs to capture people’s PINs and money. These are often so well disguised that they can be extremely difficult to detect, so... [Read More]
One of the greatest threats to any organization is the “rogue” employee who — for reasons of need, greed, threat or manipulation — finds themselves undertaking actions that are inappropriate, disreputable, dishonest or criminal, including fraud. If the rogue has a high level of authority, the risks are significantly increased. Of course, none of us want to think that the man or woman next to us, whom we might deal with on a regular basis, is performing insidious acts. There can be a real fear of disclosing our concerns in case we are wrong, and destroy our relationship with the alleged perpetrator or others around us. We may even fear being victimized by others, and damaging our career prospects, especially if the perpetrator is in a position of authority. Changing organizational culture to promote healthy challenge without retribution has long proven difficult. The Jimmy Savile review concluded that the BBC had... [Read More]
At a recent fraud conference I was exchanging contact with new business acquaintances and colleagues and it occurred to me how much trust that we place in people when we can see them face-to-face. Not once did I find myself looking at a card and wondering: “Is that really this person’s name?” or “Do they truly work for the company that they claim?” So why is that? Perhaps it is because many of us consider that we are a good judge of people when we can see them, how they look and how they behave. Perhaps it is also because of the safety of numbers: in a crowd of like-minded professionals it might be easy to fool a few but it is high risk trying to dupe everybody in terms of who you are and what you do. Organizations that specialize in penetration testing, however, will tell you how people... [Read More]
Sometimes when I visit banks I find myself looking at scribbled Post-it notes containing user name and password attached to PCs. I may also see a neatly typed record of the key code necessary to access a secure gate or door within easy sight of any external visitor. Is this bad cybersecurity? Sure. And it’s something we learn at home. We all lock our doors at night, but many of us leave the keys in the lock, or on the side close to the front door, where they’re easier for clever crooks to steal. So why do we leave keys at risk? Psychologists would have us believe it is for two reasons: We believe that criminals target “someone else”; and it’s more convenient. Hiding keys somewhere away from the door they are intended to lock might make greater security sense, but it is inconvenient to have to retrieve them when... [Read More]
“Don’t touch that!” was the chastising phrase Q said to James Bond. Technological advancement was to be treated carefully and with respect — lest it blow up in your face. How many of us have used the same phrase with our kids, sometimes even with their own toys? Take the remote control helicopters that looked so cool on the toy shelves and broke so quickly when the joystick was in the hands of an over-excited youth. Technology is fragile. Most of us learned to be wary when dealing with new gadgets. Is it any wonder then that we have created an age-based “techno gap”? Today the people who make you want to shout “Don’t touch that!” are more likely to be your parents. My parents eventually succumbed to a mobile phone a few years ago but it is one of those big button, big screen, basic feature phones — it’s... [Read More]
There has been a technical and moral debate raging on whether the evolution of artificial intelligence (AI) should be regulated or controlled. The fear is that machine-based learning could reach the “singularity” — the point at which smart machines can build other smart machines and present a threat to humanity. Many films – most famously the Terminator franchise – have explored the dark world of machines rising up against the human race. But today artificial intelligence promotes pause for thought not just among filmgoers but even amongst some of the world’s most eminent technologists and sociologists. Even those sounding the warning — such as Stephen Hawking — admit that so far AI has been a boon. When Siri was first introduced as a “virtual assistant” on the iPhone, it was seen by many as a gimmick, but the automated engagement took hold and there are now both Google and Microsoft... [Read More]
