Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Payments. Show all posts
tokenization
Banking Biometrics contactless Cyber Security Fintech Fraud mobile wallet Payments Security tokenization

Mastercard to Eliminate 16-Digit Card Numbers by 2030 for Enhanced Security

 

In a strategic move to combat identity theft and fraud, Mastercard has announced plans to remove the traditional 16-digit card number from credit and debit cards by 2030. Instead, the company will implement tokenization and biometric authentication to enhance security.

Mastercard has been integrating biometric authentication into its payment ecosystem since 2022, allowing transactions to be completed with a smile or a hand wave. Now, the next phase involves replacing card numbers with tokens, which transform the 16-digit identifier into a unique digital code stored on devices. This ensures that card details are never exposed during online or contactless transactions.

The initial rollout of these numberless cards will be in collaboration with AMP Bank, with additional financial institutions expected to adopt the technology in the coming year.

Receiving a suspicious transaction alert from the bank can be alarming, and for good reason—payment fraud has been on the rise. In Australia, fraudulent card transactions amounted to A$868 million in 2023-24, up from A$677.5 million the previous year.

Data breaches continue to expose sensitive financial information, with major incidents involving Marriott, Starwood Hotels, and Ticketmaster affecting hundreds of millions of customers worldwide. In Australia, card-not-present fraud—where transactions occur without the physical card—accounts for 92% of all card fraud, increasing by 29% in the last financial year.

Although the Card Verification Value (CVV) was introduced to verify physical card possession, its effectiveness has diminished over time.

By removing the card number, Mastercard aims to reduce unauthorized transactions and minimize risks associated with data breaches. Without stored payment details, compromised databases will no longer expose customers’ financial information.

This move aligns with broader industry concerns about data storage and privacy, highlighted by incidents such as the 2022 Optus data breach, which leaked historical customer data. Eliminating stored card details prevents future attacks from leveraging outdated information.

Challenges in Adopting the New System

While digital banking users may find the transition seamless, concerns arise regarding accessibility. Elderly consumers and individuals with disabilities who rely on traditional banking methods might struggle with the shift to mobile authentication.

Additionally, shifting security reliance from physical cards to mobile devices introduces new risks. SIM swapping and impersonation scams already enable criminals to take over victims' phone accounts, and these tactics could escalate as digital payment systems evolve.

Biometric authentication presents another challenge—unlike credit card details, biometric data is immutable. If compromised, it cannot be changed, increasing the stakes of potential identity theft. Previous breaches, such as the BioStar 2 security lapse and Australia’s Outabox facial recognition exposure, highlight the risks of biometric data leaks.

As contactless payments continue to grow, physical cards may soon become unnecessary. In 2023, mobile wallet transactions in Australia surged 58%, reaching $146.9 billion. By October 2024, nearly 44% of transactions were conducted via mobile devices.

Retail innovations like Amazon’s Just Walk Out technology are accelerating this trend. Currently deployed across 70 Amazon-owned stores and 85 third-party locations, the system uses AI-powered cameras and weight sensors to enable checkout-free shopping. Companies like Trigo, Cognizant, and Grabango are also developing similar smart retail solutions, with trials underway in major supermarket chains like Tesco and ALDI.

However, even in frictionless shopping experiences, consumers must initially enter card details into payment apps. To eliminate the need for cards and numbers entirely, biometric payments—such as facial recognition transactions—are gaining traction as the next frontier in secure digital commerce.
Read more »
Technology
Android Malware NFC NGate Payments Technology

Is Tap-to-Pay Dangerous? How New Android Malware Exploits NFC Technology

Is Tap-to-Pay Dangerous? How New Android Malware Exploits NFC Technology

Tap-to-pay technology, which allows users to make quick transactions with a simple tap of their smartphone, has become increasingly popular. However, with convenience comes risk. A recent discovery of a new Android malware by ESET, known as NGate, has raised significant concerns about the security of tap-to-pay transactions. This blog will delve into how this malware operates, the potential risks it poses, and how users can protect themselves.

Understanding NGate Malware

NGate is a sophisticated piece of malware designed to exploit the Near Field Communication (NFC) technology used in tap-to-pay transactions. NFC allows devices to communicate wirelessly when they are close to each other, making it ideal for contactless payments. However, this same technology can be manipulated by malicious actors to steal sensitive financial information.

How NGate Works

The NGate malware is typically spread through social engineering and phishing tactics. Attackers often disguise the malware as legitimate banking apps or other trusted applications. Once a user unknowingly installs the malware, it begins to operate in the background, capturing sensitive information.

One of the most alarming features of NGate is its ability to clone contactless credit and debit cards. By exploiting the NFC feature, the malware can intercept and replicate the data transmitted during a tap-to-pay transaction. This cloned data can then be used by attackers to make unauthorized transactions, effectively draining the victim’s bank account.

The Impact of NGate

The implications of NGate are far-reaching. With the ability to clone contactless payment cards, attackers can carry out fraudulent transactions without the victim’s knowledge. This not only leads to financial loss but also undermines trust in tap-to-pay technology.

Moreover, the spread of NGate highlights the evolving tactics of cybercriminals. As technology advances, so do the methods used by attackers. This underscores the importance of staying vigilant and adopting robust security measures.

Protecting Yourself from NGate

  • Always download apps from official app stores like Google Play. Be cautious of apps that request unnecessary permissions or seem suspicious.
  • Use built-in security features on your smartphone, such as biometric authentication and two-factor authentication (2FA). These add an extra layer of protection.
  • Keep your device and apps updated. Security patches are often released to address vulnerabilities that could be exploited by malware.
  • Be cautious of unsolicited messages or emails that prompt you to download apps or provide personal information. Verify the source before taking any action.
  • Regularly check your bank statements and transaction history for any unauthorized activity. Report any suspicious transactions to your bank immediately.

Read more »
Technology
Payments QR code QR Code Phishing Quishing Technology

QR Code Phishing: How Cybercriminals Exploit Trust via Quishing


Today, QR codes have become a familiar sight. And why not, it makes our daily tasks easy. From making payments to accessing websites, these square patterns of black and white squares offer convenience and efficiency. However, cybercriminals have found a way to exploit this very convenience through a technique known as "quishing."

What is Quishing?

Quishing, short for "QR code phishing," involves using QR codes to deceive victims. Here's how it works:

Cybercriminals generate seemingly harmless QR codes that lead to fraudulent websites or initiate downloads of malicious software. These malicious QR codes can be distributed via emails, social media, printed materials, or even by placing stickers over legitimate QR codes in public spaces.

When someone scans the malicious QR code, they are directed to a deceptive website. The site may appear legitimate, offering discounts, special deals, or other enticing content. However, victims are unwittingly prompted to provide sensitive information, such as login credentials or financial details. In some cases, malware is downloaded, compromising the victim's device and network.

Recent Trends

One notable trend involves the use of crypto ATMs and QR codes. The FBI has reported an increase in scammers instructing victims to use physical crypto ATMs for payment transactions. Fraudsters manipulate victims into making payments and guide them to cryptocurrency ATMs. The given QR code automatically fills in the recipient's address, making the process seem legitimate.

Prevention Tips

Be Cautious: Only scan QR codes from trusted sources. Avoid scanning random codes in public places. Double-check the URL before providing any information on a website. If something seems too good to be true, it probably is.

Use a QR Code Scanner App: Opt for a reputable QR code scanner app that checks URLs for authenticity. Some apps provide warnings if a code leads to a suspicious site.

Stay Informed: Keep up with security news and trends. Educate yourself and your team about the risks of quishing.

Moving Forward

QR codes—those pixelated portals to convenience—can also harbor danger. As you scan, tread cautiously. Verify sources, question context, and guard your trust. Remember, not all codes lead to safety. 

Read more »
Payments
Artificial Intelligence Cyber Security Cyberattacks CyberCrime CyberThreat Generative Artificial Intelligence Moody's Investors Payments

Cybersecurity Crisis: Small Firms Rank Attacks as the Greatest Business Risk

 


As a result of the rapid development of generative artificial intelligence, cyberattackers will likely have the upper hand in the short to medium term, compounding the long-term increase in cybersecurity risks for businesses, according to a report published by Moody's Investors Service. Based on University of Maryland data, the rating firm said cyberattacks rose by 26% per year between 2017 and 2023. 

According to Moody's, ransomware payments worldwide for the past year exceeded $1 billion, according to Chainanalysis, a cybersecurity firm. It has been reported that 23 per cent of small businesses are very prepared for cyberattacks, while half are considered somewhat prepared, according to a survey conducted by the U.S. Chamber and MetLife from Jan. 26 to Feb. 12, citing 750 small business owners. 

Even though small businesses in professional services are significantly more concerned about cyber security threats than those in manufacturing and services, the Chamber of Commerce and MetLife report that the industry is also better prepared to deal with these threats than those in manufacturing and services. 

As a result, the U.S. Chamber and MetLife survey found that small businesses in manufacturing and retail are most concerned about a supply chain breakdown, even though only about three out of five are prepared to handle one, according to the survey. A survey by the U.S. Chamber and MetLife stated that more than half of small businesses (52%), reported persistent price pressure to be their primary concern, noting inflation remains a stubborn concern.

A report by the National Federation of Independent Businesses indicates that 25% of small businesses view inflation as their largest operational problem, an increase of 2 percentage points since February according to the study and that inflation is one of the biggest operational problems that small businesses face. “Inflation has once again been cited by the NFIB Chief Economist Bill Dunkelberg as the top economic issue facing Main Street,” Dunkelberg stated. 

A third straight month of higher consumer prices was reported in March, prompting futures traders to predict that the Federal Reserve will not be cutting borrowing costs in 2024 as much as it should. According to the Bureau of Labor Statistics, the CPI was 0.4% higher in March and 3.5% higher over the past twelve months, well above the Fed's 2% target, thanks to the sharp rise in transportation and shelter prices.

Additionally, the core CPI, which excludes volatile food and energy prices, also surpassed expectations for the month, rising by 0.4% and up 3.8% over the same period last year in addition to the 0.4% increase for the month.
Read more »
Subscribe to: Posts (Atom)