Payment fraud

As phishing and other attacks mount, a personal ID number can act as a second authentication factor, says LogRhythm Labs' James Carder.

With the increase in online activity because of COVID-19, tracking down and investigating red flags might be more difficult given the volume of transactions on existing accounts, unless strict authentication measures are applied, says Giact's David Barnhardt.

PINs and passwords are increasingly viewed as insufficient to tackle this new standard, says Fingerprints' Jonas Andersson.

The coronavirus e-commerce push is likely to be permanent as consumers get used to digital payments, but that also gives rise to new fraud threats.

The “hold” period has shrunk considerably, from 10 business days to typically now three, one or zero, making it harder to spot suspicious activity, says FICO's Liz Lasher.

Curve has launched a new metal card without personal account numbers, which it hopes will better manage the balance between fraud risk and ease of use.

The potential for fraud fueled by the coronavirus pandemic, coupled with the anticipation of a $2 trillion stimulus, is creating such a lucrative opportunity for scammers that Visa and the Secret Service are predicting a wave of unprecedented levels of fraud.

The most effective way to avoid cloud payment breaches is by dramatically reducing access, says CloudKnox Security's Balaji Parimi.

It’s a time of challenges, but fraud teams who adapt well to them will strengthen their systems, and their understanding of their customers and their business, says Identiq's Urid Arad.

The U.K.’s growing panic about the spread of coronavirus has created an open season for fraudsters, with government agencies and cybersecurity companies reporting unprecedented levels of criminal activity since the virus began sweeping across the globe in January.

New features and improvements often take a back seat to security, says Entersekt's Claudius van der Meulen.

Address verification, geolocation and 3-D secure can all play a role, according to Chargebacks 911 and Global Risk Technologies' Monica Eaton-Cardone.

Digital payment firms and fintechs are nimble and responsive, but that also creates web supply chain attack risk, says Jscrambler's Rui Ribeiro.

While financial institutions are encouraging customers to use their digital banking services rather than the branch or ATMs during the outbreak, attackers will also be looking to exploit this potential increased adoption of mobile banking and mobile payment apps, says OneSpan's Sam Bakken.

Over the next few weeks, U.S. businesses with online platforms might be tempted to relax fraud controls to free up potential friction – they shouldn’t. It could mean major fraud hits.

As smart device adoption continues to grow, users must be vigilant to not only change passwords but to take advantage of advanced security settings. By introducing 2FA, Google is adding necessary security measures to protect consumers, according to Pulse Secure’s Sudhakar Ramakrishna.

Fraudsters tend to be oporptunistic. They’re constantly looking for new ways to abuse businesses and cardholders, making it difficult for security professionals to keep up, says Chargeback 911 and Global Risk Technologies' Monica Eaton-Cardone.

In spite of MGM’s quickly notifying hotel guests impacted by the breach in accordance with applicable state laws, it’s a clear concern that many of the contact details were still valid, particularly the phone numbers, says Shared Assessments' Tom Garrabba.

Operational efficiency has long been the key to selling AP automation, but a growing payment fraud problem and new risk exposures are giving businesses new reasons to digitize payments.

The Payment Card Industry data security standard applies to organizations of all sizes, but has often been seen as an intro to data security for small-business owners who know more about cooking burgers than securing data.