PCI DSS 4.0: Meeting the evolving security needs of the payments industry

In this video for Help Net Security, Sean Smith, Practice Manager, PCI Advisory Services at Optiv, discusses the new PCI DSS 4.0 requirements. At the end of March 2022, the PCI Council released the PCI DSS 4.0. The current version of PCI DSS will still… Continue reading PCI DSS 4.0: Meeting the evolving security needs of the payments industry

For Magecart groups and other credit-card skimmers, old and new opportunities abound

The entry points for Magecart and other e-commerce skimmers are changing, but the attackers are getting more clever, too.

The post For Magecart groups and other credit-card skimmers, old and new opportunities abound appeared first on CyberScoop.

Continue reading For Magecart groups and other credit-card skimmers, old and new opportunities abound

Consumers demand a digital banking experience with security at its foundation

The global transformation of banking and payments has only accelerated over the past few years, and between web trends and a global pandemic, the industry has seen disruption from all angles. Consumers are digitally connected in almost all facets of th… Continue reading Consumers demand a digital banking experience with security at its foundation

PCI SSC updates card security standards to secure the card production process

The PCI Security Standards Council (PCI SSC) announced the availability of the PCI Card Production and Provisioning Security Requirements version 3.0. The updated standard helps payment card vendors secure the components and sensitive data involved in … Continue reading PCI SSC updates card security standards to secure the card production process

After Joker’s Stash shutdown, the market for stolen financial data looks a lot different

The closure of the Joker’s Stash cybercrime forum put a lasting dent in the overall market for stolen payment-card data on the dark web, researchers say, amid other factors complicating business for crooks aiming to trade in illicit credit or debit card information. From mid-2020 to mid-2021, the value of the “carding” market fell to $1.4 billion, compared $1.9 billion during the same period a year earlier, according to cybersecurity company Group-IB, which attributes the shrinkage largely to the disappearance of Joker’s Stash. The FBI and Interpol disrupted the market’s digital infrastructure in December 2020, and by February 2021, it had shut down. The site hosted data dumps from all over the globe, including U.S. restaurant patrons and Indian bank customers. Criminal groups like the gang known as FIN7 knew they would find customers on the forum. (Those customers quickly scattered to myriad other sites.) While the market shift happened, […]

The post After Joker’s Stash shutdown, the market for stolen financial data looks a lot different appeared first on CyberScoop.

Continue reading After Joker’s Stash shutdown, the market for stolen financial data looks a lot different

3-D Secure transactions growth fueled by card-not-present explosion and PSD2

A massive $100 billion in transactions in 2021 alone have been protected by 3-D Secure payments authentication technology, Outseer reveals. The report also reveals continued explosive growth of worldwide 3-D Secure transactions due to skyrocketing adop… Continue reading 3-D Secure transactions growth fueled by card-not-present explosion and PSD2

1 in 5 companies fail PCI compliance assessments of their infrastructure

According to a recent poll by SentryBay, the infrastructure of over 21% of surveyed companies has failed key PCI compliance assessments, designed to assist them to maintain high security standards when processing customer card payments. In addition, a … Continue reading 1 in 5 companies fail PCI compliance assessments of their infrastructure

Do consumers now feel more exposed than ever to the risk of fraud?

As the pandemic drove consumers online en masse to make purchases, consumer anxiety around fraud saw a considerable spike, according to a survey by Marqeta. The company surveyed 2,000 consumers across the United States and United Kingdom about their ex… Continue reading Do consumers now feel more exposed than ever to the risk of fraud?

Magecart scammers aim at restaurants’ online delivery systems

Cybercriminals are increasingly targeting third-party infrastructure that restaurants across the U.S. use to place online orders, private investigators have found. The last six months have seen hacks of five online ordering platforms, exposing some 343,000 payment cards, threat intelligence firm Gemini Advisory said on April 29. With titles like MenuSifu and Food Dudes Delivery, the platforms may not be household names, but hundreds of restaurants use the platforms — and crooks know it. The coronavirus pandemic has only heightened criminals’ interest in online payment systems as people order delivery from restaurants in droves. “Attacks such as these are appealing because breaching the website of a single online ordering platform can compromise transactions at dozens or even hundreds of restaurants,” Gemini Advisory analysts wrote in a blog post. One of the breaches tracked by Gemini Advisory saw the attacker use an attack technique known as Magecart, which involves planting malicious code […]

The post Magecart scammers aim at restaurants’ online delivery systems appeared first on CyberScoop.

Continue reading Magecart scammers aim at restaurants’ online delivery systems

Magecart scammers aim at restaurants’ online delivery systems

Cybercriminals are increasingly targeting third-party infrastructure that restaurants across the U.S. use to place online orders, private investigators have found. The last six months have seen hacks of five online ordering platforms, exposing some 343,000 payment cards, threat intelligence firm Gemini Advisory said on April 29. With titles like MenuSifu and Food Dudes Delivery, the platforms may not be household names, but hundreds of restaurants use the platforms — and crooks know it. The coronavirus pandemic has only heightened criminals’ interest in online payment systems as people order delivery from restaurants in droves. “Attacks such as these are appealing because breaching the website of a single online ordering platform can compromise transactions at dozens or even hundreds of restaurants,” Gemini Advisory analysts wrote in a blog post. One of the breaches tracked by Gemini Advisory saw the attacker use an attack technique known as Magecart, which involves planting malicious code […]

The post Magecart scammers aim at restaurants’ online delivery systems appeared first on CyberScoop.

Continue reading Magecart scammers aim at restaurants’ online delivery systems