Security risk

A data-driven approach, regardless of human or machine involvement, is a state that organizations need to move to in order to maximize detection in the present and to ease the transition to a more primarily machine-driven future, writes Oliver Tearle, head of research at The ai Corporation.

Payment crooks are behaving more like organized crime syndicates, and that's putting merchants, processors and banks on the defensive, argues Yossi Geller, a vice president at Paygilant.

By using the dark web as a cybersecurity tool, instead of an ungovernable threat, financial institutions can intercede and interdict compromised card data post-breach, pre-fraud, writes Ted Kirk, vice president of strategic partnerships for Advanced Fraud Solutions.

A security breach that left 24 million mortgage documents unprotected on a server is rekindling concerns about the risks posed by fourth parties.

E-commerce's opposite threats of cart abandonment and fraud create butting heads, but advanced authentication could give merchants a new way to manage both challenges.

Criminals are getting aggressive when using mobile apps to compromise consumer accounts, and that's causing headaches for execs who bear responsibility for data security.

Due to growing consumer expectations for 24/7 digital access and real time decisions, some organizations such as financial institutions and merchants have reduced the more stringent manual application review processes in order to open accounts quickly, according to Michael Lynch, chief strategy officer at InAuth.

Hackers pretending to screen a Chilean ATM network staffer for a new job instead slipped malware onto his work computer, leading to a broader attack.

There are many contenders working towards developing a universal digital ID system. CULedger will test its offering later this week with a rollout scheduled for the second half of 2019.

There are many contenders working towards developing a universal digital ID system and away from static passwords. A group of credit unions is ready to see if its blockchain-based approach can serve a wider market.

Coordinated, shared identity verification and management is certainly attractive, but there is also tremendous risk and potential liability issues, according to Sunil Madhu, founder and chief strategy officer for Socure.

Web attacks spike around the holidays, creating a higher risk for malware, phishing and other crime, according to Ryan Wilk, vice president of customer success for NuData Security, a Mastercard company.

Fixes and resolutions can take days or even weeks, enhancing vulnerability, according to David Williamson, CEO of EfficientIP.

It can be difficult for security analysts to pinpoint the abnormal behavior while sorting through huge amounts of data, according to Steve Moore, chief security strategist at Exabeam.

ACI Worldwide is the latest to adopt technology from Israel-based BioCatch that monitors shoppers’ behavior to spot irregularities signaling potential fraud.

Credit card fraud is on the rise in the U.K. with more than $2 billion being stolen from credit and debit cards over the past twelve months, an increase of 38% on the previous year. But while large scale data breaches have been heavily blamed for this surge in crime, ex-fraudster Tony Sales says one of the most pertinent reasons is a persistent lack of understanding within the financial industry of how criminals operate.

Businesses need to prove that they have taken all possible actions to inform and mitigate the damage during an event, writes Ryan Wilk, vice president of customer success for NuData Security, a Mastercard company.

As payment stakeholders show an interest in using fingerprint technology to improve identity protection, NEXT Biometrics and MK Group plan to collaborate on biometric smart cards for banking and other applications.

Moelis submits a revised Fannie/Freddie blueprint; FASB considering a plan to have banks break out charge-offs and recoveries on year-by-year basis; Wells Fargo layoffs begin with 1,000 jobs in mortgage and tech; and more from this week's most-read stories.

Antivirus solutions, firewalls, secure web gateways and URL filtering cannot reliably detect cryptominer code and have proved ineffective at preventing it from auto-executing within endpoint browsers, writes Carolyn Crandall, chief deception officer at Attivo Networks.