What's New in Payments

Chinese fraudsters turn to QR codes to spread Trojans and viruses

QR code scams rise in China, putting e-payment security in spotlight — South China Morning Post — “By replacing legitimate merchants’ codes with malevolent copies, fraudsters can gain access to consumers’ data and even raid their bank accounts… According to one senior official and technology expert, almost a quarter of Trojans — malicious programs disguised as benign software – and other viruses are transmitted though QR codes.”




What's New in Payments

CBA builds location tracking security into mobile banking app

CBA app wants your location, biometrics in name of security — CIO Australia — “If we see a transaction coming out of Hong Kong but we know from a customer’s phone they’re in Melbourne or Sydney: straight away that gives us an opportunity to spot a discrepancy and block it straight away… If we’re not sure we’ll pop into the app with a question in real time and we ask the customer to help us, and they can swipe or click to say yep I’m comfortable with this or no this is something I don’t recognise.”


What's New in Payments

Researchers showcase method for bypassing contactless card limit

Hack breaks your Visa card’s contactless limit for big frauds — Forbes — “To carry out their hack, the researchers used a specialised piece of hardware to intercept and insert messages in the communications between the card and the reader. For instance, they could tell the card that verification — like a PIN — wasn’t needed, even though the requested amount was more than £30. They then told the terminal that verification has already been made by another means.”


What's New in Payments

East reports on Apple Pay fraud in Europe

East publishes European fraud update — European Association for Secure Transactions — “Two countries reported mobile wallet fraud in relation to Apple Pay. One reported that mobile wallets are fast becoming the new money mules — fraudsters are enrolling cards that are not yet associated with a specific wallet. Another country reported that fraudsters are obtaining security codes through phishing, with which they can then install a mobile banking app on their own smartphone, using the victim’s data.”


What's New in Payments

Federal Reserve reports on synthetic identity payments fraud

Federal Reserve System white paper examines the effects of synthetic identity payments fraud — FedPayments Improvement — “A synthetic identity is created by using a combination of real information (such as a legitimate Social Security number) with fictional information (which can include a made-up name, address or date of birth)… Over time, fraudsters build up the creditworthiness of the synthetic identity, then ‘bust out’ by purchasing high-value goods and services on credit and disappearing.”



What's New in Payments

UK banks to refund victims of push payments fraud

Scam victims to be refunded by banks — BBC — “Previously, banks only tended to reimburse people if there was an obvious fault in the way the payment was handled by the bank. Some £354m (US$446m) was lost in this fraud to individuals and businesses last year, but only £83m (US$105m) was refunded… Now anyone who has taken reasonable care, or has any element of vulnerability, is much more likely to receive a refund of the lost money.”