The US Secret Service is warning that ATM jackpotting has finally hit American shores, with crooks using a known malware strain to cash out older Diebold units.

According to security blogger Brian Krebs, the Secret Service began warning financial institutions last week that stand-alone ATMs in places like pharmacies and big box retailers have been targeted in recent days.

The crooks seem to be using a strain of malware called Ploutus.D to hit Diebold Opteva 500 and 700 series ATMs, says Krebs, citing a source. In a security alert, Diebold says that the attacks appear to be similar to a spate that hit Mexico last year.

The Secret Service says that the criminals – masquerading as ATM service technicicans – use endoscope medical devices to look inside cash machines and find the spot where they can attach a cord to link a laptop to the ATM’s computer. They then install malware and force the ATM to spit out its cash.

Diebold recommends that operators controll access to areas used by personnel to service the ATM and implement two-factor access control mechanisms for service technicians.

This is thought to be the first time that jackpotting has been carried out on US soil but the technique has long been deployed in other parts of the world. Europe saw a surge in the number of ATM black box attacks – where devices are attached to machines and command cash outs – in the first half of 2017.

There were 114 across 11 countries over the six months, more than 300% up on the 28 seen in H1 2016, according to the European Association for Secure Transactions (East), which estimates related losses of EUR1.5 million.

– Finextra –

From next April, online shoppers across Europe will be able to use biometrics, such as fingerprints or facial recognition, to identify themselves at the checkout when they pay with Mastercard. With smartphones now near ubiquitous, the vast majority of consumers and banks are eager to ditch passwords in favour of biometric authentication.

Research from Mastercard and Oxford University last year found that 93% of consumers prefer using their fingerprints or faces over passwords for validating payments, while 92% of bankers also want to adopt biometrics.

Mastercard Identity Check, which lets people use biometric identifiers, such as fingerprint, iris and facial recognition to verify their identity using a mobile device during online shopping and banking activities, is already available in 37 countries.

But with new EU regulatory requirements on authentication coming into force through PSD2, the card firm says that banks across the continent must offer the biometric option by April 2019.

Javier Perez, president, Mastercard Europe, says: “Biometric technologies perfectly match consumers’ expectations of getting the secure payment solutions of tomorrow, in line with the increased digitalisation of lifestyles. This can significantly benefit consumers, retailers and banks by improving the purchase experience and better securing the transaction.”

– Finextra –

Mobile payments in China have increasingly made cash obsolete, but the convenience of the new technology has raised growing security concerns.

A China UnionPay survey of 105,000 people found that 60% had been exposed to some kind of mobile-payment security threat, including information leaks, fraud or malicious attacks.

QR codes — which are scanned using a mobile phone — have become the most popular payment technology in China, but fraud via this method is on the rise, the survey found. Nearly 30% of users reporting mobile-payment fraud said QR codes were involved, up from 15% last year.

For example, a common method of cheating users with QR codes involves using a fraudulent social media account, routing the scanned code to the thief’s payment account rather than to a retail establishment’s account.

Respondents reported risks were the highest during the opening of new accounts. To streamline the payment process, mobile platforms tend to use shortcuts — such as a mobile phone number — for user verification. But this can leave customers open to attacks, according to China UnionPay.

Older users were more vulnerable to fraud, the report found, with 59% of respondents above the age of 50 saying they had been cheated at least once. The investigation found that older people tend to be easily attracted to discounts, and may scan a given QR code more readily than younger users.

Women reported experiencing mobile-payment fraud 10% more often than men, but men reported a higher average financial loss.

– caixinglobal.com –

Indian consumers are keen to use biometrics like fingerprint, facial and voice recognition for authentication, over traditional passwords or PINs, a report by digital payments major Visa has found.

In a survey, Visa found that biometric authentication for payments are seen as more secure than passwords/PINs (48% of respondents) and that it gives consumers peace of mind that their payment is protected (46%). Also, many said biometrics are faster (81%) and easier to use (84%) than passwords. However, 51% said they are concerned about the risk of a security breach of sensitive biometric information.

Visa stated that biometrics are convenient options over conventional methods like passwords or PINs “which are difficult to type onto tiny keyboards, easy to forget, and can be stolen”, the report said.

“The payments ecosystem is witnessing a rapid change in adoption of new form factors of payments and modes of authentication,” Visa India and South Asia Group Country Manager TR Ramachandran said.

He said smartphones today have advanced features increasing the accuracy and speed of biometrics, such that they can be used for financial transactions.

“Indian consumers too have discovered the ease of biometric authentication and are open to using this technology for transactions going forward, which augurs well for the Indian payments industry,” he stated.

Nobel laureate Kailash Satyarthi urged the Centre to utilise facial recognition technique to trace missing children, and asked the authorities to not delay the same citing the excuse that it’s a costly affair. He delivered a lecture at the National Institute of Rural Development and Panchayati Raj in Hyderbad on Tuesday.

“Of the 1.25 lakh children missing in the country, about 1 lakh are living in homes run for children across the country. They have not been identified and put in a database,” he said. “If the technology is used, many of them living in orphanages might be recognised when compared with the list of missing children and can be returned to families.”

While the Centre has been delaying the usage of the technology citing its cost, the Supreme Court has already suggested that unused hundreds of crores in Nirbhaya Funds be utilised for the purpose.
Speaking on the Protection of Children From Sexual Offences Act, Satyarthi said that about 94 per cent of cases filed under the Act are pending in courts.

“In most cases, the abused child might become a senior citizen by the time justice is delivered,” he said, adding that exclusive courts are needed at district levels to deal with POCSO cases. He has recommended the same to government. He has also recommended the formation of an exclusive tribunal to deal with POCSO cases on the lines of the National Green Tribunal.

“A committee should be formed at national level with sub-committees in States. It should be a quasi-judicial body headed by a former Chief Justice of India and other Supreme Court judges who have experience in child rights issues,” he said.

Satyarthi also said that he had submitted to the Ministry of Human Resources Development that age-appropriate sex education and lessons on child rights should be part of the school curriculum so that the students are empowered to protect themselves.

– newindianexpress –