While credit card security is improving, criminals have focused new efforts on e-commerce fraud, card not present fraud and new digital crime innovations. Our payments news roundup today looks at the latest trends in online security and cybercrime.

According to the Association for Financial Professionals (AFP), 75% of business experienced check fraud, up 4%Forrester reports 49% of global network security decision-makers experienced at least one data breach in 2016 and 55% of those involved employees or a third-party supplier.

20,000 Sottrade clients' data exposedExperian and BioCatch are targeting new account fraud with behavioral biometrics. Scottrade disclosed third-party vendor Genpact may have exposed data for 20,000 of its clients. Financial Fraud Action UK said e-commerce fraud grew 18% in 2016 to reach $386 million. A WeChat app ticket scam has cost Australia tourism businesses more than $350,000 and the amount could rise further.

Insurance giant Anthem obtained a court order to examine customer computers to prove their data loss was its fault, causing some clients to drop their lawsuits. Analytic software firm FICO said ATM fraud rose 70% in 2016 with 60% of cases occurring at non-bank ATM machines. During the past week, several high-profile database breaches occurred with retailers including UK payday firm Wonga and GameStop in the US.

Corporate Payments Fraud Hits Record Levels

http://www.pymnts.com/news/b2b-payments/2017/enterprise-corporate-payments-fraud-afp-survey-business-email-scam-compromise-check-technology-adoption/Research from the Association for Financial Professionals (AFP), outlined in its 2017 AFP Payments Fraud Survey, revealed what the AFP described as a “dramatic” increase in payments fraud hitting businesses compared to 2015.

According to the report, 75 percent of the companies hit by payments fraud fell victim to check fraud — up from 71 percent in 2015. Researchers noted that this upward trend is a reversal of earlier data that suggested check fraud within the enterprise was declining since 2010. Nearly the same amount (74 percent) said they were hit by the business email compromise scam last year — a whopping 10 percent increase compared to the year before.

“With the advancement of technology, organizations are more vulnerable to fraud attacks now than before, and business leaders need to equip their people and systems with the tools and resources needed to prevent fraud and alleviate the impact of an attack,” said AFP President and Chief Executive Jim Kaitz in a statement announcing the research. “Companies that offer mandatory training for all employees, particularly around cybersecurity, and that have a plan to respond to payments fraud will fare better than those that do not.” Via pymnts.com

Top Cybersecurity Threats In 2017

Forrester's cites top cybersecurity risksAccording to Forrester’s Global Business Technographics® Security Survey, 2016, an eye-opening 49% of global network security decision-makers report that they experienced at least one breach during the past 12 months. Of these respondents, 55% had suffered some manner of internal incident involving their own employee or third-party business partner.

Internal incidents can involve employees who simply make poor decisions regarding the handling and use of the firm’s sensitive data or employees who have malicious intent. These malicious insiders can also work in concert with external threat actors.

Fifty-six percent of firms that suffered at least one breach did so at the hands of external threat actors. To help S&R pros better defend against these external attacks, we will identify and analyze the top methods of infiltration. Via forrester.com

US ATM fraud surges despite chip-equipped cards

http://www.ibtimes.com.au/us-atm-fraud-surges-despite-chip-equipped-cards-1549324ATM fraud in the United States surged despite the nation’s move to EMV (Europay, MasterCard and Visa) chip-equipped cards. Based on a study by analytic software firm, FICO, the number of payment cards compromised at US ATMs and merchants climbed 70 percent last year.

The latest data also shows that the number of hacked card readers at ATMs, restaurants and merchants in the US rose 30 percent in 2016. The new figures follow a 546 percent increase in compromised ATMs from 2014 to 2015.

The figures cover only card fraud taking place at physical devices, not online card fraud. At least 60 percent of the compromises occurred at non-bank ATMs, like those in convenience stores. Other cases occurred at bank ATMs or point-of-sale (POS) devices, including card payment machines at retailers. Via ibtimes.com.au

Genpact error exposes personal information of 20,000 Scottrade customers

https://www.finextra.com/newsarticle/30408/genpact-error-exposes-personal-information-of-20000-scottrade-customersAmerican online brokerage Scottrade says a mistake by third-party vendor Genpact resulted in the sensitive information of around 20,000 customers being left exposed.

BPO outfit Genpact uploaded a dataset containing commercial loan application information from a B2B unit within Scottrade Bank to one of its cloud servers that did not have all the security protocols in place.

This meant that the information could be extracted by anyone, which is what happened. Fortunately, the person who found the data was security researcher Chris Vickery, who contacted Scottrade. Via finextra.com

UK E-commerce Fraud Jumps 18% in 2016

https://www.infosecurity-magazine.com/news/uk-ecommerce-fraud-jumps-18-in-2016/E-commerce payment fraud soared by 18% from 2015 to 2016, while online banking fraud dropped as cyber-criminals changed tactics to target users directly, according to Financial Fraud Action UK.

The payments industry body revealed e-commerce fraud for 2016 stood at nearly £309 million ($386 million), although this should be put in context of card spending also increasing by 18% over the period to £248 billion ($310 billion).

FFA UK put the rise in fraud down to an increase in breached data being made available on the darknet and the success of phishing and SMSishing scams designed to trick users into giving up their details.

On the face of it, there was better news for online banking, where related fraud losses dropped 24% to just £102 million ($127 million), while the number of cases increased slightly, by 2%. Via infosecurity-magazine.com

“It’s a standoff”: Tourism operators speak out over WeChat ticketing scam that’s costing them more than $400,000

http://www.smartcompany.com.au/industries/tourism/its-a-standoff-tourism-operators-speak-out-over-wechat-ticketing-scam-thats-costing-them-more-than-400000/Tourism businesses are speaking out about the financial and operational costs of a sophisticated ticketing scam operating through Chinese social media platform WeChat, which tourism bodies say runs deeper than the $400,000 it has already cost local operators.

This morning Fairfax reported local tourism attractions including Peninsula Hot Springs, Eureka Skydeck, Sovereign Hill in Victoria and the Sydney Harbour Bridge’s BridgeClimb have been forced to pay back hundreds of thousands of dollars in charge backs to legitimate credit card holders whose details have been used by the scammers to buy tickets to their venues.

Victorian Chamber of Commerce and Industry (VCCI) said as of the end of March, businesses have been stung to the tune of more than $350,000, but that number could be much larger. And tourism operators say the number of customers cases is increasing. Victorian Tourism Industry Council (VTIC) chief executive Brad Ostermeyer told SmartCompany this morning that “$400,00 is what we can legitimise” in terms of the cost so far, but it could be higher still. Via smartcompany.com.au

Experian tackles new account fraud with BioCatch behavioral biometrics

Experian and BioCatch target new account fraud BioCatch, the global leader in behavioral biometrics, announced today that it has teamed up with Experian, the leading global information services company, to integrate its behavioral biometric technology into the company’s fraud and identity platform, CrossCore™, to help prevent new account fraud for its users.

New account fraud, or deception that happens during the creation or alleged creation of new accounts, is a massive issue growing rapidly. According to industry analysts at Javelin, there were more than 1.5 million new account fraud victims in 2015 that accounted for $2.8 billion in losses. The number increased by 40 percent in 2016.

To prevent new account fraud, BioCatch maps criminal behavior throughout the initiation process. The company’s proprietary technology is able to distinguish between a real user and an impostor by recognizing normal user behavior and fraudster behavior, which includes Application Fluency, when actions show a fluency with the site and the process used to open a new account; Navigational Fluency, when advanced computer skills are used that are rarely seen among real users, like function keys and keyboard shortcuts, and Data Familiarity, when fraudsters submit victim’s data without intimate knowledge of the information, creating noticeable anomalies in data entry patterns. Via finextra.com

Payday loan firm hit by data breach

https://www.finextra.com/newsarticle/30411/payday-loan-firm-hit-by-data-breachWonga, a prominent UK payday loan firm, has warned 270,000 of its customers that their accounts may be at risk following a data breach.

The company reportedly discovered the breach last week but only realised that customers’ account details were at risk on Friday 7th and then began notifying them the following day. More than 245,000 UK customers have been notified in addition to 25,000 in Poland.

A company spokesperson told news website TechCrunch that “Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland. We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused”. Via finextra.com

GameStop Hack: Credit Cards and Data Possibly Breached

http://fortune.com/2017/04/07/gamestop-credit-card-hack/GameStop is investigating a potential security breach on its website involving customer data and credit cards. “GameStop recently received notification from a third-party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,” a company spokesperson wrote in an email to Fortune.

“That day a leading security firm was engaged to investigate these claims,” the statement continued. “GameStop has and will continue to work non-stop to address this report and take proper measures to eradicate any issue that may be identified.”

The breached data could include customer card numbers, expiration dates, names, addresses, and the three-digit card verification values (CVV2) typically found on the back of credit cards, according to sources who spoke to cybersecurity website Krebs on Security. Via fortune.com

Anthem to data breach victims: Maybe the damages are your own darned fault

http://www.networkworld.com/article/3187522/security/anthem-to-data-breach-victims-maybe-the-damages-are-your-own-darned-fault.htmlInsurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.

Some of the affected Anthem customers sued for damages they say resulted from the breach but then withdrew their suits after Anthem got a court order allowing the exams. The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.

“If that proved to be true, it would call into question whether the plaintiffs’ alleged injuries had truly been caused by the Anthem hack,” he writes. In other words,they failed to properly secure their personal devices, so the damages they suffered might have been their own fault, not Anthem’s. Via networkworld.com

(Gavel photo via Flicker)