Police forces across Europe have made over 95 arrests of criminals who set up fake Web shops offering too-good-to-be-true product prices as a front for stealing card details.

The suspects arrested during the operation are believed to be responsible for more than 20,000 fraudulent transactions using compromised credit cards, with an estimated value exceeding EUR8 million. The action was coordinated by Europol, working closely with law enforcement, the banking industry and retailers across 28 countries.

The scammers were using social media to create bogus IDs, offering goods to buyers for a heavily discounted price, paying for the goods with compromised card details and in the process stealing the buyer’s card data for onsale to fraud forums on the Dark Web.

The operations in the UK were led by officers from the Dedicated Card and Payment Crime Unit (DCPCU).

Glyn Whittick, head of the DCPCU, comments: “The success of these operations shows how through close cooperation with our European partners, retailers and the financial sector, we are cracking down on the criminal gangs targeting consumers online. People should remember when shopping online that if an offer seems too good to be true, it probably is.”

– Finextra –

An RSA Security report for Q1 of 2018 has revealed that 39% of all fraudulent transactions during the quarter were carried out on mobile apps.

The report analyses consumer fraud data for the first quarter of 2018 stating that fraudulent transactions originating from a mobile app rose by 600% since 2015. The use of mobile apps to carry out fraudulent transactions has become so commonplace that the use of traditional web browsers for fraudulent transactions has gone down from 62% in 2015 to just 35% in 2018.

In addition, 82% of all fraudulent transactions using mobile apps were carried out using burner phones so that investigators could not identify such fraudsters.

In its report, RSA Security also revealed that online fraudsters are increasingly migrating to social media to communicate, trade information, advertise their services, and even create virtual storefronts to sell stolen data. The released figures indicate that social media is slowly but steadily replacing the dark web as the top marketplace for hackers.

– thepaypers.com –

Risk Based Security has released the results of its Q1 2018 Data Breach QuickView Report, which shows that breaches of all types fell by more than half in the first quarter of 1018 compared with the previous year — 686, compared with 1,444 in Q1 2017.

However, the number of records compromised in the quarter — 1.4 billion — was consistent year over year, as were the types of data targeted. Also, most events were still being discovered by external parties.

Trends observed in 2017 were also evident in the first three months of 2018, the release said. The top five in both years were hacking, ATM skimming, inadvertent disclosure on the Internet, phishing and malware.

“Other than the dip in the number of data breaches reported, Q1 2018 was very much in lock step with recent quarters,” RBS Executive Vice President Inga Goddijn said in the release. “If there was a truly seismic shift in breach activity we would expect other metrics to show some signs of change as well. Given this, we think the jury is still out on whether the dip is a one-time blip or part of a larger trend.”

– atmmarketplace.com –

Australia’s Commonwealth Bank has confirmed that two magnetic tapes containing transaction information for 19.8 million accounts went missing two years ago after being mishandled by a subcontractor.

The data gaff stayed under wraps for two years until Buzzfeed published a report on Thursday. After that, Commonwealth began sending emails to customers, notifying them of the incident.

The bank says it launched an investigation on May 9, 2016, after it didn’t receive certification that the tapes were destroyed. Executives opted to not inform customers after the investigation suggested that the tapes had likely been destroyed, says Angus Sullivan, Commonwealth’s acting group executive for retail banking services.

Commonwealth Bank says it notified the Office of the Australian Information Commissioner, the country’s data protection regulator, on May 20, 2016. At the time, the OAIC indicated it would take not action.

So far, Commonwealth says there’s no evidence that the information has been misused. It is continuing to monitor the affected accounts for suspicious activity.

The tapes contained customer names, addresses, account numbers and transaction details, but not passwords or PINs “that could be used to enable account fraud,” according to a statement from the bank. The transaction data on the tapes range from 2000 through early 2016.

Commonwealth also hired KPMG to conduct an independent investigation. KPMG determined that “the most likely scenario was the tapes had been disposed,” the bank says.

– govinfosecurity.com –

The 2018 AFP Payments Fraud Survey, underwritten by J.P. Morgan, revealed that payments fraud reached a new high in 2017 after a downswing earlier in the decade. A record 78% of all organizations were hit by payments fraud last year, according to the survey of nearly 700 treasury and finance professionals.

Checks continue to be the subject of more fraud than any other payment method, with 74% of respondents reporting this form of attack. Wire fraud followed at 48 percent, while corporate card fraud ranked third at 30%.

Business email compromise (BEC) played a major role in payments fraud in 2017, with 77 percent of organizations experiencing BEC in 2017. Additionally, 54% of BEC scams targeted wires, followed by checks at 34%. The good news is that 77% of organizations have implemented controls to prevent BEC scams.

Other highlights of the 2018 AFP Payments Fraud and Control Survey include:

65% of payments fraud is committed by individuals outside the organization
67% of payments fraud is discovered by treasury staff
92% of organizations report that payments fraud attacks collectively cost 0.5% of the organization’s annual revenue
47% of organizations discovered fraud less than two weeks after the incident occurred.

– paymentscardsandmobile.com –