Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Bank Security. Show all posts
Financial Security
Bank Security Credit Card Credit Card Fraud Credit Cards Cyber Security Digital Wallet Financial Security

Virtual Credit Cards: How They Work, Benefits, and Security Features

 

Virtual credit cards are digital versions of traditional credit cards, designed to enhance security in online transactions. Instead of using a physical card number, they generate a unique number for each purchase, reducing the risk of data breaches and fraud. If compromised, a virtual card can be canceled without affecting the main credit card account, making it a valuable security tool. 

Many issuers also provide immediate access to virtual cards upon account approval, allowing users to shop before receiving their physical card. Virtual credit cards function by generating a random 16-digit number linked to a real credit card account. They can be used for online purchases, certain phone transactions, and even in physical stores if added to a digital wallet like Apple Pay or Google Pay. Unlike traditional cards, virtual cards often allow users to set expiration dates and spending limits, giving them greater control over their transactions. Although similar, virtual credit cards are different from digital wallets. 

Digital wallets, such as Apple Pay and Google Pay, store actual card details and other digital assets, while virtual cards generate new numbers for each transaction, offering more protection against cyber threats. However, virtual cards do have limitations—they may not be accepted at all physical locations and can pose challenges for hotel or rental car bookings that require a physical card. Additionally, not all credit card issuers offer virtual cards. To obtain a virtual credit card, users should check if their issuer provides this feature. 

Some banks, like Capital One and Citi, offer virtual card numbers through browser extensions or account portals. Others, such as Chase and Wells Fargo, do not provide one-time-use virtual cards but allow integration with digital wallets. Once generated, users can adjust settings like spending limits and expiration dates to enhance security. While virtual credit cards add an extra layer of protection, they are not entirely foolproof. Hackers may still access an active virtual card, but most issuers provide fraud protection, ensuring users aren’t liable for unauthorized transactions. 

If compromised, a virtual card can be canceled and replaced without changing the main account number. To further enhance online security, consumers can use digital wallets, secure payment platforms like PayPal, and avoid storing payment details in web browsers. Using strong passwords, shopping only on secure networks, and enabling multi-factor authentication also help prevent fraud. 

For those interested in a virtual credit card, the process is simple—choose a card that offers this feature, apply through the issuer’s secure site, and access a virtual number upon approval. By integrating virtual credit cards into their payment methods, users can enjoy safer and more controlled online transactions.
Read more »
Technology
Bank Security Credit Card data security Finance Personal Data Slim CD Technology

The Slim CD Data Breach: 1.7 Million Credit Cards Compromised


Credit card security has always been a challenge for users, as hackers try innovative ways to lure the victims. In a massive data breach, payment gateway provider Slim CD (it offers payment processing services for both online and offline merchants) revealed it has suffered a data breach that impacted credit card and personal data that belongs to around 1.7 million users. 

About Slim CD Breach

Like recent data breaches, your personal information could now be with threat actors, and it is not your fault. This blog covers details related to the breach, and the steps you can take to protect your credit card and avoid misuse of credit card numbers.

In the notification sent to affected victims, Slim CD said hackers gained access to its network for almost a year, from August 2023 to June 2024. But they could only steal credit card details between June 14 and 15 of this year.

Earlier this year in June, Slim CD found that suspicious users had access to its systems. After that, the company launched an inquiry, which revealed that hackers had first gained entry into the networks in August 2023. The stolen data includes physical addresses, full names, credit card numbers and card expiry dates. Luckily, card verification numbers or CVVs weren't stolen, the company says.

Experts believe that without CVV, hackers can't do much with the stolen credit card data or make any fraudulent transactions with your credit card. But the risk of credit card fraud is still there.

How to protect yourself?

Generally, if you suffer a major data breach, the company offers free access to either credit monitoring or identity theft protection services. But in the case of Slim CD, it isn't doing anything like this for affected users.

What have we learned?

The Slim CD incident has highlighted various gap areas for both businesses and customers.

1. Robust Security Measures: Investment is crucial in this area this includes encryption, two-factor authentication, and frequent security audits. These steps can help protect against unauthorized attempts at stealing sensitive info.

2. Monitoring: Customers should frequently keep an eye on their bank statements and credit reports for any suspicious activity. Threat detection at an early stage can reduce the damage caused by a data breach.

3. Quick Response: In the event of a data breach, a fast response becomes important. Informing impacted individuals and offering support can help minimize the damage and rebuild trust.

4. Being Informed and Educated: Both companies and customers should be aware about the basic safety steps needed to be safe from a data breach. For businesses awareness programs and training campaigns can provide certain help.

Read more »
Vulnerability management
Bank Security Bitcoin Digital Assets Technology Vulnerability management

Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

 

Satoshi Nakamoto, the pseudonymous developer of Bitcoin, published the system's whitepaper in 2008, bluntly criticising financial institutions and the confidence they demand. However, in 2010, one of the most notable Bitcoin collaborators in its early days and the recipient of the first Bitcoin transaction in history, cypherpunk and cryptography specialist Hal Finney, predicted the existence of bitcoin banks. Today, bitcoin-native banks such as Xapo Bank exist in this grey area between the ethos and the potential deployment of this system across the global financial sector. 

Finney claims that Xapo Bank, which was founded in 2013, is among the leaders in the custodial space of Bitcoin. Wences Casares, an Argentinean entrepreneur and innovator who is well-known in Silicon Valley for his support of this technology, developed it as a solution for his friends and family. However, it expanded significantly. Currently, it is one of the few fully licensed banks in the world that deals with Bitcoin and other digital assets. 

Its business idea combines cutting-edge Bitcoin technology with a physical bunker in the Swiss highlands. This physical location blends old-fashioned Swiss standards with the latest safety technology. It's an atomic bunker that serves as the foundation of what Xapo provides its clients: high-quality security for digital assets. Xapo is exploring new technical opportunities. The custody business is dominated by multi-signature solutions, but the greatest alternative and security solution for the Gibraltar-registered bitcoin bank is the multi-party computation protocol. On a broad level, MPC enables several parties to share information without fully exposing the shared data. 

In the case of Xapo, this works by breaking the digital asset master private key into several unique fragments known as "key shares," which Xapo Bank has stored and distributed in hidden places around the world, including the Swiss bunker. The MPC protocol ensures that participants' contributions remain private during key creation and signing, without being revealed. This functionality assures that no single participant in the quorum has total access to or control over the stored assets, reducing the chance of collusion to nearly zero. 

"MPC is a much more modern and secure setup compared to a still more popular multi-signature approach. The fact that the private key is not put together at any point in the transaction means there is no moment it can be potentially exposed or hacked, which is not the case with the more traditional multi-sig technology," Xapo Bank's Chief Technology Officer, Kamil DziubliÅ„ski, stated. 

However, there are threats and concerns, even with a movie-style bunker and this novel method of securing the keys and transaction signing process. Security threats include hacking and phishing attempts. Financial risks include money laundering, terrorist financing, and various types of financial attacks.
Read more »
passkeys for account protection
Bank Security Cyber Security passkeys for account protection

Passkeys Aren't Foolproof: New Study Reveals Vulnerabilities in Popular Authentication Method

 

Despite their growing popularity, passkeys are not as secure as many believe. According to Joe Stewart, principal security researcher at eSentire's Threat Response Unit (TRU), many online accounts using passkeys can still fall victim to adversary-in-the-middle (AitM) attacks. This issue stems not from the passkeys themselves but from their implementation and the need for account recovery options. Passkeys, a password-less authentication method, aim to provide secure access to online accounts like banking, e-commerce, and social media. 

However, an eSentire study found that poor implementation of passkeys, such as less secure backup authentication methods, allows AitM attacks to bypass this security. In these attacks, the adversary modifies the login prompts shown to users, controlling the authentication flow by altering the HTML, CSS, images, or JavaScript on the login page. 

This manipulation can make the passkey option disappear, tricking users into using less secure backup methods like passwords. Stewart's research demonstrated how open-source AitM software, like Evilginx, can deceive users of services like GitHub, Microsoft, and Google. By slightly modifying scripts (phishlets) that capture authentication tokens and session cookies from real login pages, attackers can make users believe they are on the genuine site. 

The attacker then captures the user's credentials and authentication tokens, allowing them to maintain access to the account. The study highlights that most passkey implementations are vulnerable to similar attacks. Backup methods such as passwords, security questions, SMS codes, and email verifications are prone to AitM attacks. Only methods like social trusted contacts recovery, KYC verification, and magic links offer better protection, though they can be cumbersome. 

To enhance security, Stewart recommends using multiple passkeys, including a FIDO2 hardware key, which is secured by a PIN. As passkey adoption grows, magic links remain a secure backup method for account recovery in case of passkey loss or AitM attacks. While passkeys offer a promising alternative to traditional passwords, their current implementation can leave accounts vulnerable. Users and developers must adopt stronger backup methods and remain vigilant against AitM attacks.
Read more »
Security Audit
Bank Security bfsi CIO CISO Cybersecurity PenTesting Security Audit

The Importance of Whitelisting Scanner IPs in Cybersecurity Assessments


In the realm of cybersecurity, ensuring the safety and integrity of a network is a multifaceted endeavor. One crucial aspect of this process is the regular assessment of potential vulnerabilities within the system. As a cybersecurity professional, our work revolves around identifying these vulnerabilities through automated scans and red team exercises, meticulously recording them in a Bugtrack Excel sheet, and collaborating with human analysts to prioritize and address the most critical issues. However, a recurring challenge in this process is the reluctance of some customers to whitelist the IP addresses of our scanning tools.

The Role of Whitelisting in Accurate Assessments

Whitelisting the scanner IP is essential for obtaining accurate and comprehensive results during security assessments. When the IP address of the scanning tool is whitelisted, it allows the scanner to perform a thorough evaluation of the network without being hindered by security measures such as firewalls or intrusion detection systems. This unrestricted access enables the scanner to identify all potential vulnerabilities, providing a realistic picture of the network's security posture.

The Reluctance to Whitelist

Despite the clear benefits, many customers are hesitant to whitelist the IP addresses of cybersecurity vendors. The primary reason for this reluctance is the perception that it could expose the network to potential threats. Customers fear that by allowing unrestricted access to the scanner, they are inadvertently creating a backdoor that could be exploited by malicious actors.

Moreover, there is a prevalent falsity in this approach. By not whitelisting the scanner IP, the results of the security assessments are often incomplete or misleading. The scanners may miss critical vulnerabilities that are hidden behind security measures, resulting in a report that underestimates the actual risks. Consequently, the management and auditors, relying on these reports, task the IT team with addressing only the identified issues, leaving the undetected vulnerabilities unaddressed.

The Illusion of Security

This approach creates an illusion of security. The customer, management, and auditors may feel satisfied with the apparent low number of vulnerabilities, believing that their network is secure. However, this false sense of security can be detrimental. Hackers are relentless and innovative, constantly seeking new ways to infiltrate networks. They are not deterred by the same security measures that hinder our scanners. By not whitelisting the scanner IP, customers are effectively blinding themselves to potential threats that hackers could exploit.

The Hacker's Advantage

Hackers employ manual methods and conduct long-term reconnaissance to find vulnerabilities within a network. They utilize a combination of sophisticated techniques and persistent efforts to bypass security measures. The tools and strategies that block scanner IPs are not effective against a determined hacker's methods. Hackers can slowly and methodically map out the network, identify weaknesses, and exfiltrate data without triggering the same alarms that automated scanners might. This means that even if a scanner is blocked, a hacker can still find and exploit vulnerabilities, leading to potentially catastrophic breaches.

The Need for Continuous and Accurate Scanning

Security scanners need to perform regular assessments—daily or weekly—to keep up with the evolving threat landscape. For these scans to be effective, the scanner IP must be whitelisted to ensure consistent and accurate results. This repetitive scanning is crucial for maintaining a robust security posture, as it allows for the timely identification and remediation of new vulnerabilities.

The Conference Conundrum

Adding to this challenging landscape is the current trend in cybersecurity conferences. Instead of inviting actual security researchers, security engineers, or architects who write defensive software, many conferences are being hosted by OEM vendors or Consulting organizations. These vendors often showcase the users of their security products rather than the experts who develop and understand the intricate details of cybersecurity defense mechanisms. This practice can lead to a superficial understanding of security products and their effectiveness, as the focus shifts from in-depth technical knowledge to user experiences and testimonials.

Conclusion

In conclusion, the reluctance to whitelist scanner IPs stems from a misunderstanding of the importance of comprehensive and accurate security assessments. While it may seem counterintuitive, whitelisting these IP addresses is a necessary step in identifying and addressing all potential vulnerabilities within a network. 

By embracing this practice, customers can move beyond the illusion of security and take proactive measures to protect their networks from the ever-evolving threats posed by cybercriminals. The ultimate goal is to ensure that both the customer and their management are genuinely secure, rather than merely appearing to be so. Security measures that block scanner IPs won't thwart a dedicated hacker who uses manual methods and long-term reconnaissance. Thus, comprehensive vulnerability assessments are essential to safeguarding against real-world threats. Additionally, there needs to be a shift in how cybersecurity conferences are organized, prioritizing the inclusion of true security experts to enhance the industry's collective knowledge and capabilities.

--

Suriya Prakash and Sabari Selvan

CySecurity Corp 

Read more »
WiFi
Bank Security Cyber Attacks Hacker Personal Data WiFi

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

The tech company Aura sent its experts to investigate the telltale indicators that cybercriminals have overcome your wi-fi. A hacker can access all of your sensitive information through your wifi in a number of methods, and it's far easier to detect than you might believe.

In the event that this occurs, outsiders will have access to your bank account information and other private information. They may even be able to listen in on your private discussions with loved ones, parents, or other family members.

However, you can tell if your wifi has been hacked or not by looking for these five indicators:

1. Reduced internet speed

If your internet provider is normally trouble-free, an abrupt and unusual slowdown in your access to the internet may indicate that hackers have attacked your router.

2. Finding strange devices or IP addresses

Unknown gadgets, sometimes known as rogue devices, may indicate that hackers are trying to access private data from your router.

If you see this, you need to check if any unidentified devices are included in the list of connected devices by logging in to your router's IP address, which is typically found on the router itself.

3. Suddenly, the Wi-Fi password has changed

Should this occur without warning, there may be a connection to hacker activity.

You won't be able to access the router and resolve the problem on your own because these annoying hackers typically alter your login credentials after they have access.

4. Unknown or new software installed on your devices

If you notice any strange new software on your device, it can be a sign that hackers have been targeting your network and maybe installing malware.

5. Strange activities on your web browser

You will almost certainly notice this: if your browser starts directing you to strange websites, it's possible that hackers have altered your DNS settings. You may also notice things like ransomware messages appearing that purport to have sensitive data or photos, suggesting that hackers may have gained access to your router.

Fake purchasers will often contact real sellers of goods and appear to be interested in making a purchase in an attempt to obtain your private information.

The scammer would then lie and claim to have transferred monies that are only available through a dubious link, so the transaction never actually happens.

Usually, the link is a phishing one, where the seller enters their bank card information thinking they will get money, but inadvertently allows their account to be drained. There are, nevertheless, safety measures you can do. Downloading antivirus software would help prevent those hackers from getting near you.

Read more »
User Privacy
Bank Security Cyber Fraud Data Safety Internet Scam UK Banks United Kingdom User Privacy

UK Banks Issue a Warning Regarding an Upsurge in Internet Scams

 

Banks have issued a warning about a sharp rise in fraud in 2022, much of it coming from online sources. 77% of frauds now take place on dating apps, online markets, and social media., Barclays reported.

According to TSB, the major causes of this were an enormous rise in impersonation, investment, and purchase fraud instances. It was discovered that fraudulent listings on Facebook Marketplace had doubled, while impersonation frauds on WhatsApp had increased thrice in a year. 

Additionally, it claimed that there had been "huge fraud spikes" on Meta-owned platforms including Facebook and WhatsApp. Fraud, according to a spokesperson for Meta, is "an industry-wide issue," the BBC reported. 

"Scammers are using increasingly sophisticated methods to defraud people in a range of ways, including email, SMS, and offline," the company stated. "We don't want anyone to fall victim to these criminals, which is why our platforms have systems to block scams, financial services advertisers now have to be FCA (Financial Conduct Authority)-authorised and we run consumer awareness campaigns on how to spot fraudulent behaviour." 

"Epidemic of scams" 

Banks are dealing with an "epidemic of scams," according to Liz Ziegler, director of fraud protection for Lloyds Banking Group. 

"With more than 70% of fraud starting with contact through the main tech platforms, these companies must be held responsible for stopping scams at source and putting things right for innocent victims," she explained. 

Three million people in the UK would become victims of fraud in 2022, NatWest CEO Alison Rose previously warned a Treasury Select Committee. 

She stated, "we have seen an 87% increase in fraud," noting that NatWest believed that 60% of frauds started on social media and other internet platforms. 

Meanwhile, TSB stated 60% of purchase fraud cases of which it is aware - where a fraudster offers an item they never intend to send to the customer - occurs on Facebook Marketplace, and two-thirds of impersonation fraud cases it sees are happening on WhatsApp, The bank claims that 2,650 refunds covering these incidents were given out last year. 

According to Paul Davis, TSB's director of fraud prevention, social media companies "must urgently clean up their platforms" to safeguard users. 

Returned funds 

56% of the total money was lost to scammers in the first half of 2022, according to the most recent data from UK Finance, which represents the banking and finance industry. 

The Contingent Reimbursement Model Code, which intends to pay consumers if they fall victim to an Authorised Push Payment (APP) scam "and have acted appropriately," has been endorsed by many institutions, including NatWest, Lloyds, and Barclays. 

A consumer may be duped into sending money to a fraudulent account through an APP scam. However, TSB asserts that it reimburses victims in 97% of the fraud incidents it observes and is urging other organisations to do the same.
Read more »
Trojan
Bank Security Banking Trojan Banks malware Trojan

Octo: A New Malware Strain that Targets Banking Institutions

 

Last year, an Android banking malware strain was found in the open, few organizations called it "Coper," belonging to a new family, however, ThreatFabric intelligence hinted it as a direct inheritance of the infamous malware family Exobot. Found in 2016, Exobot used to target financial institutions until 2018, these campaigns were focused in France, Turkey, Thailand, Germany, Japan, and Australia. Following the incident, another "lite" variant surfaced, named ExobotCompact by the developer famous as "Android" on the dark web. 

Analysts from ThreatFabric established a direct connection between ExobotCompact and the latest malware strain, named "ExobotCompact.B." The latest malware strain surfaced in November 2021, named ExobotCompact.D. "We would like to point out that these set of actions that the Trojan is able to perform on victim’s behalf is sufficient to implement (with certain updates made to the source code of the Trojan) an Automated Transfer System (ATS)," says ThreatFabric report. The recent actions by this malware family involve distribution via various malicious apps on Google Play Store. 

The apps were installed more than 50k times, targeting financial organizations around the world, including broad and generic campaigns having a high number of targets, along with focused and narrow campaigns across Europe. Earlier this year, experts noticed a post on a dark web forum, a user was looking for an Octo Android botnet. Later, a direct connection was found between ExobotCompact and Octo. Interestingly, ExobotCompact was updated with various features and rebranded as Octo, bringing remote access capability, therefore letting malicious actors behind the Trojan to perform on-device fraud (ODF). 

ODF is the riskiest, most dangerous fraud threat. Here, transactions begin from the same device that a target uses on a daily basis. Here, anti-fraud programmes are challenged to detect the scam activity with less in number malicious indicators and different fraud done via different channels. ThreatFabric reports, "to establish remote access to the infected device, ExobotCompact.D relies on built-in services that are part of Android OS: MediaProjection for screen streaming and AccessibilityService to perform actions remotely."
Read more »
Subscribe to: Posts (Atom)