Fraud and Data Breaches Inhibit Trust and Adoption of Mobile Payment Technology

Posted By: Gene Fredriksen | October 17, 2016 | 0 Comments

Consumers are increasingly concerned with the security of eCommerce and mobile payments due to the ongoing fraud and data breach issues. I have always told my teams that we are not in the technology or data security business. We are in the trust business. Unless we are successful in building the trust of our members in our ability to protect their information, the amount of technology we have does not mean a thing. Trust is necessary for us to grow our business and maintain our current Member base.

There are many ways to build trust. For instance, October is Information Security Awareness Month, a perfect time to reach out and educate/involve your employees and members. There are many sources for messages, posters, and other information. The Department of Homeland Security has quite a bit of information on its National Initiative for Cybersecurity Education (NICE) webpage. Take some time and dig in to all the great infomation there, or reach out to me and I will make some of our material available to you.

Have a Safe Week!

Security Concerns Inhibiting Mobile Payment Adoption Worldwide

This article originally appeared on SC Magazine UK. More than half of global consumers believe mobile wallets are less secure than cash, but nearly 60 percent of executives say mobile money will build their business because it’s safe. New research from NTT DATA and Ingenico ePayments surveyed 2,000 global consumers and 300 companies worldwide showing that customers in developed and developing countries are interested in using mobile money. However, companies must do more to ease their security concerns if adoption will become widespread. Consumers around the world understand the benefits of mobile money, with 60 percent agreeing that it enhances their purchase experience. Half say that mobile money drives loyalty to their financial institution or online merchant.

Meanwhile, security concerns are undermining mobile payments. More than half of consumers believing that mobile wallets are less secure than cash. Nearly 75 percent of consumers say guarantees against monetary fraud would encourage them to use mobile payments, however only 44 percent of businesses currently offer or plan to offer these guarantees. Only 25 percent of consumers feel online and mobile transactions are the safest form of transaction. Most businesses continue to rely on traditional passwords and finger scans despite consumer desire for sophisticated biometric features such as facial recognition. Less than a third of companies worldwide currently use or plan to use biometrics to secure mobile devices. Consumers focused on security prefer multi-step authentication for mobile payments with the exception of German and Scandinavian consumers who trust passwords most.

“Fear is a powerful inhibitor, and fraud fear is top of mind for many consumers,” said Peter Olynick, senior practice lead, Retail Banking at NTT DATA. “Consumers are not just worried about losing one or two transactions, they fear having their identity stolen. If financial institutions can mitigate those fears and improve merchant adoption for mobile, we will see consumer adoption rates begin to accelerate.” SC Magazine, October 7, 2016

Shades of Locky, MarsJoke in New Hades Ransomware

Another new ransomware type called Hades, was uncovered this week by Proofpoint, that seems to pull in features from several older types of malware. Proofpoint said Hades similarity with Locky centers on how ransom note mimics those accompanying Locky attacks, while tthe Hades botnet and distribution technique are quite similar to CryptFile2 and MarsJoke. There are some differences. Whereas the older variants target state and local governmental agencies, Hades goes after the manufacturing and business services sectors. So far the bad actors behind Hades have limited the number of attacks to only a few hundred messages, Proofpoint said. SC Magazine, October 6, 2016

Verizon Looking to Slice $1B Off Purchase Price of Yahoo Following Massive Breach

Verizon is attempting to negotiate down its bid to buy Yahoo – shaving off $1 billion from its $4.8 billion agreement to purchase Yahoo’s internet business, according to the New York Post.  This renegotiation follows a few weeks of negative news for Yahoo. Revelations broke last week of a massive breach that went unreported for a time, and then earlier this week headlines trumpeted Yahoo’s cooperation with government intelligence agencies – ordered by a secret Foreign Intelligence Surveillance Court – into mass surveillance of all of its customer’s emails, purportedly to search for the digital signatures of terrorist communications. The Post reported that Tim Armstrong, chief executive of Verizon’s AOL unit, expressed reservations over the lack of transparency these incidents have brought to the surface. SC Magazine, October 7, 2016

Cyber Security Quickly Becoming a Small Business Priority

According to new data from Symantec’s 2016 Internet Security Threat Report, cyber security attacks are on the rise. But even more alarming is the fact that small businesses have become an even bigger target of these attacks. In 2011, small businesses were only targeted 18 percent of the time. By 2014, that number had scaled to 34 percent. Last year we saw another substantial increase, with small businesses now being targeted 43 percent of the time. Large businesses are still much more likely to be attacked, but it’s clear that the focus of cyber criminals is shifting. “Symantec’s report shows that about 1 in 40 small businesses are at risk of being the victim of a cybercrime. That pales in comparison to the 1 in about 2 large businesses which are targeted every year — multiple times — with a cyber-attack,” says Joshua Sophy of Small Business Trends. “Still, the report indicates that hackers are indiscriminately choosing their victims. It’s not a matter of who they’re targeting but what they’re targeting … your money.” The Huffington Post, October 4, 2016

Vera Bradley Suffers Data Breach; POS System Hacked

Not all payment cards used during the breached period were affected, the company said. High-end fashion retailer Vera Bradley reported the point of sale system in its stores suffered a security breach possibly compromising payment cards used to make purchases. The chain, which operates 156 stories – 112 full line and 44 factory stores, said between July 25, 2016 and September 23, 2016 payment cards used at its facilities could have been compromised by malware placed on the company’s system. According to State of California Department of Justice Office of the Attorney General, the retailer was informed by law enforcement on September 15, 2016 that there may have been a problem. “Vera Bradley does not know an exact number at this time. If a customer used a payment card at a Vera Bradley store location between July 25, 2016 and September 23, 2016 then their payment card may have been affected. Not all cards used during this time frame were affected. Cards used on our website have not been affected,” said company spokeswoman Julia Bentley to in an emailed statement. SC Magazine, October 12, 2016

Data Breach; Ransomware Hit Hutchinson Community Foundation

The Hutchinson Community Foundation in Kansas was hit with a data breach and ransomware attack.  How many victims? Nearly 5,500. What type of information? Personal and financial information. What happened? On September 19, officials at the foundation found ransomware on the foundation’s network server after clicking on a file and finding its contents encrypted. Upon further investigation they found that intruders had done more than infect their files with ransomware and had actually made it into the foundation’s systems. What was the response? The foundation didn’t pay the ransom and was able to restore all of their data from backup files however; officials said the data breach could have allowed attackers to access the databases and files on its servers and declared the incident a breach. Not all of the donor records contained sensitive information, but those who had their financial information and other sensitive data stored on the compromised serves are being notified of the incident and will be offered up to a year of free identity monitoring services. Quote: “The Hutchinson Community Foundation’s network was well-protected with data backup, and while staff also had confidence it was secure, you never know at what remote point of vulnerability a resourceful hacker might gain access,” Hutchinson Community Foundation Board Chairman John Montgomery told The Hutchinson News. SC Magazine, October 11, 2016

Gene Fredriksen

Gene Fredriksen

Chief Information Security Officer at PSCU
Responsible for the development of information protection and technology risk programs. Gene has over twenty five years of Information Technology experience, with the last twenty focused specifically in the area of Information Security. He served as the Chair of the Security and Risk Assessment Steering Committee for BITS, as well as serving on the R&D committee for the Financial Services Sector Steering Committee of the Department of Homeland Security.He also served as an advisor on various cyber security steering committees for the administrations of George W. Bush and Bill Clinton, assisting in the preparation of the president’s Cyber Security Position Paper. Gene is a member of the SC Magazine Editorial Advisory Board.

He has published numerous papers and books and maintains a close working relationship with both local and federal law enforcement agencies.
Gene Fredriksen




Leave a Reply