Tag Archives: industry news

Apple Launches Express Transit Payments For Commuters

Technology giant Apple is trying to get the most functionality out of the iPhone before the next chapter of personal and portable computing is written. Subscription-based services, digital content, and mobile payments are some of the verticals that Apple has been exploring for the purpose of squeezing more profits from the iOS ecosystem, and this includes enabling commuters to pay for bus or metro fares with their iPhone or Apple Watch devices.

According to a news report by the London Evening Standard, Apple Pay has officially gone underground with its new Express Transit feature. Although the ability to use Apple Pay for London tube fares is not exactly new, this method used to require biometric authentication in order to complete the transaction. What this meant for London commuters was getting stuck behind fellow tube riders trying to figure out the Apple Pay FaceID or TouchID systems; we are talking about wait times of up to 30 seconds during rush hour. With Express Transit, Apple is going the more traditional and faster route of contact-less payments supported by Android Pay.

To enable Express Transit, which is available on iPhone models starting from the SE all the way to the 11 Pro, users should tap the Settings icon and visit their Wallet and Apple Pay section where they will find the new Express Transit feature. Setting this up is as easy as selecting the desired payment card; if you have an Apple Card, it will become the default payment method for fares in the Transport for London system. Although Apple has only mentioned the London underground in its Express Transit announcement, any of the yellow card and device readers installed at railway stations all across the United Kingdom will work.

It should be noted that Express Transit works with the Apple Watch, and this is probably the most convenient way to handle mobile payments because of the wearable factor. Needless to say, Express Transit devices must have the latest version of iOS or WatchOS to work properly. This new Apple Pay feature is not only a time-saver but is also more in line with the direction the mobile payments segment is taking. Express Transit was previously launched in the Metropolitan Transit Authority of New York City, but Google Pay is found in even more public transportation systems around the world.

More Than a Million T-Mobile Prepaid Customers Impacted by Data Breach

In the United States, prepaid wireless services took a while to catch on; while customer demand was certainly there from the beginning, telecoms were somewhat apprehensive about deviating from the tried-and-true service contract and monthly billing arrangements. Eventually, American providers of wireless services gave into demand, and they marketed this option as being more convenient, more flexible, and just as secure as cell phone service contracts.

Unlike other countries where the regulation of prepaid wireless services tends to be more relaxed in terms of requesting information from users, a prepaid SIM account in the U.S. requires the collection of personally identifiable information; moreover, each prepaid customer becomes an account record, one that can be tied to financial information to make it easier to add credit, airtime, and services. With regard to data security, there is no difference between wireless contracts and prepaid arrangements, and this is something that T-Mobile was recently forced to contend with.

According an official press release issued by T-Mobile on November 22, a data breach affected about 1.12 million prepaid service customers, which represents less than 1.5% of their total user base. The incident occurred in early November, and it looks like a standard cybercrime situation and not an insider attack. Affected customers received SMS notifications about the incident, and they were urged to change their passwords as well as the PIN codes they use for easy account access.

Fortunately, the cyber perpetrators were not able to steal financial records associated with the accounts, which means that credit cards and social security numbers were not compromised; nonetheless, the stolen records include names, phone numbers, account numbers, and billing addresses. In the hands of cybercrime groups dedicated to identity theft, this type of information can be very dangerous.

Earlier this year, hackers were somehow able to access customer records of Sprint wireless subscribers, and they did so by exploiting a vulnerability on a website that caters to owners of Samsung smartphones. Similar to the T-Mobile incident, financial records were not accessed, and this is probably related to compliance with Payment Card Industry Data Security Standards.

For the payment processing industry, prepaid wireless services have become a substantial segment of their business. Unlike wireless contracts, which are mostly settled once per month and sometimes just once per year for customers seeking deep discounts, topping up prepaid smartphones with voice minutes or blocks of data is something that they may do a couple of times each week, and even more often when carriers send out notifications with coupons and special deals. The most privacy-conscious will only “top up” their cell phones with cash; however, quite a few end up linking credit and debit cards for convenience.

PayPal Top Target for Phishing

Over the past 15 years or so, phishing has been an unfortunately effective practice whereby a thief will make an attempt to obtain peoples’ login information to a number of websites. The fact that it’s still being used extensively to this day is a testament to just how effective a scam it is. Vade Secure has recently released the quarterly Phishers’ Favorites report which has unveiled a new top target for phishers in mobile payments leader PayPal.

The top 25 imitated brands were examined in Vade Secure’s report, and it also shined a light on many of the tactics employed by the phishers as they pose as these various websites in an attempt to break security and obtain users’ data and information. Ever since the Vade Secure reports first began in the second quarter of 2018, Microsoft has had the privilege of owning the number 1 spot when it comes to the company most targeted for phishing. As of the first quarter of 2019, however, Microsoft lost that top spot to PayPal. Online streaming service Netflix, with its 158 million subscribers worldwide, is next in line at 3rd place.

There are some fairly scary statistics that come with PayPal’s sudden rise to the top of the phishing ladder. Vade’s AI engine found 16,547 unique PayPal phishing URLs, breaking down to as many as around 180 per day, up almost 70% on the previous year. It wasn’t just PayPal that was making gains in this fashion, either. Of the top 25 brands when it comes to phishing, 10 were financial services brands, such as Bank of America, Chase, and CIBC, all of which were in the top 10.

PayPal, Microsoft and Netflix, just like any bank or any high street store, are holding facilities for data. Data which, eventually down the line, is going to allow phishers the ability to access money. This is why it should come as no surprise to see financial institutions and companies such as PayPal, Microsoft, and Netflix becoming well represented in lists such as the Vade Secure Quarterly Phisher’s Favorites report due to them being the prime targets for such an effort, and also being in charge of the data that those looking to steal data would find most valuable.

And one last thing to consider if you are a merchant and you are worried about security affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.

Alipay Launches International E-Wallet, Giving Tourists Access to a Mobile Payment Platform in China

Those who’ve spent any time in China as a tourist will know first hand just how difficult it can be to perform the seemingly simple task of paying for things with a format other than cash.

One of the most popular forms of mobile payments in China is Alipay, and most people will use Alipay to make payments using a QR code on their phone. The vast majority of places won’t accept domestic staples such as Visa or Mastercard, so most travelers would have no choice but to rely on cash until Alipay’s recent intervention.

Until Ant Financial, the Alibaba affiliate that runs Alipay’s platform, made the following announcement earlier this month, users of the Alipay platform were required to have a Chinese bank account. Until now, that is, with Alipay announcing a program called “Tour Pass” through which the company will introduce a version of the Alipay app that will launch and feature full support for international debit and credit cards. Once users have download the Alipay app onto their iOS or Android device, they will be able to use their phone number to set themselves up for the international version of the app.

Alipay users will then be able to top off a pre paid virtual card from their Visa, Mastercard, Singapore’s Diners Club, or Japan’s JCB cards and begin spending all across China. The international version will not be available to Hong Kong and Macau users as there is already Alipay HK that they can use. If Hong Kong users need to use the international version of Alipay, they can do so by opening a Chinese bank account through Bank of China from within Hong Kong.

The minimum top-up amount for the 90-day prepaid card is 100 yuan and the balance will be capped at 2,000 yuan. Users will be able to top up the card multiple times.

This move allows Ant Financial to further extend its reach and dominance across the domestic Chinese market and cement themselves a place in China’s ever-growing tourism industry. In 2018, Chinese tourism saw an increase of 4.7% on their numbers from 2017, which works out to 30.5 million additional foreign visitors, to bring the total to 141 million. Ant Financial estimates that these 30.5 million tourists spent around US$73.1 billion while in the country on food, shopping, lodging, and other things.

Alipay’s biggest competitor in China’s cashless economy is WeChat Pay, run by Tencent Holdings. Both Alipay and WeChat Pay have a higher than 90% penetration rate amongst online users, according to a report from 2018 on China’s third-party mobile payments market. WeChat Pay has also announced plans to introduce access to their mobile payment platform for international visitors, only with additional support for American Express customers.

Upon Tencent’s announcement, Visa tweeted: “This partnership means that we’ll be working towards an environment where Visa cardholders will be able to use their Visa card in China at the millions of places where WeChat Pay is accepted, instead of having to rely on cash.”

Macy’s Website Hacked

This week, major U.S. department store chain Macy’s revealed that they were targeted by a malicious online cyber attack that attempted to steal the payment information of their customers.

The macys.com website became infected on October 7 with what they’re only referring to as “unauthorized code” on their “My Wallet” and “Checkout” pages. This allowed the cyber thieves to capture credit card data from unaware customers attempting to use either of those two pages. Macy’s has stated that it wasn’t until a whole week after the site was compromised, on the 15th of October, that they became alerted to the breach.

The information that the attackers were able to access included detailed personal information, such as the customers’ full names and addresses, email addresses, their phone numbers, and financial information such as credit card numbers, credit card security codes, and the card expiration details of those that typed the information into one of the pages that had been compromised.

In a statement released by Macy’s, they have confirmed that they are investigating the incident while adding that they have taken preventative steps that will hopefully go some way in avoiding this sort of situation happening again in the future. In addition, Macy’s has insisted that it was only a small amount of their macys.com customers who were affected by the hack and they will be providing any customers who were affected one year of credit monitoring for free.

In another statement released by a Macy’s spokesperson, they said the following: “We are aware of a data security incident involving a small number of our customers on Macys.com. We have investigated the matter thoroughly, addressed the cause and have implemented additional security measures as a precaution. All impacted customers have been notified, and we are offering consumer protections to these customers at no cost.”

First spotted around 2010, intrusions such as this – known as Magecart attacks due to the preference of attackers to target Magento e-commerce platforms – have seen a sudden upsurge over the past two years. Magecart attacks typically involve attackers compromising the legitimate online store of a company in order to siphon customers’ account details and credit card numbers while making purchases by placing malicious JavaScript skimmers on payment forms.

Cybersecurity firm RiskIQ recently published a report on the Magecart cyber thieves in which they stated the following: “Magecart is a rapidly growing cybercrime syndicate comprised of dozens of subgroups that specialize in cyber attacks involving digital credit card theft.”

E-skimming attacks have become so widespread in recent years that over 18,000 domains have been affected, and the FBI has had to issue a warning to businesses cautioning them of the cyber threat and urging that they have sufficient barriers put in place to ensure that they are fully protected should an attack occur. Methods such as keeping software up to date, segregating critical network infrastructure, enabling multi-factor authentication and keeping an eye out for phishing attacks have all been suggested by the FBI in their warning.

And one last thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.

ApplePay Faces Challenges in Europe

Various technology giants have been looking at the emerging mobile payments sector with great interest, particularly if they have already claimed some market share with regard to mobile devices, apps, and services. The big three in this regard are Apple, Google, and Samsung, and it could be said that Apple is in the best position to remain a leader, but this does not mean that it will be an easy undertaking.

Ready for Success

ApplePay seems to have all the ingredients to carve a nice slice of the mobile payments pie: the iPhone continues to be one of the most popular mobile devices in the world, and virtually all of its models in use today have Near Field Communications (NFC) technology, not to mention the recent introduction of the Apple Card and the heavy promotion of its various digital payments options. Although the North American market is one of the most lucrative for Apple’s ambitions with regard to smartphone payments, adoption is always quicker in Asia and Europe, and it is in the latter market where the company seems to have run into a snag.

According to a report published by CNBC, European Union regulators who oversee business competition and antitrust issues have been receiving complaints related to ApplePay, enough for Margrethe Vestager, director of the EU Competition Commission, to announce that her office will be taking a closer look into the way Apple is entering the mobile payments market in the bloc.

Cause for Concern

One of the issues that EU regulators are likely to consider is the way Apple creates mobile ecosystems that rely on exclusivity for their growth. The iPhone and the iPad are locked into a single operating system, and it so happens that the iOS Wallet app does not allow users to integrate payment options that are not controlled by Apple. To make matters even more complicated for Apple once EU regulators start looking into ApplePay, the NFC chip of iPhones is actually disabled during some point-of-sale transactions, thus leaving users with the option of using the payment service preferred by Apple.

Recent statements by executives at Apple Park are not making things easier on the company with regard to anti-competitive behavior. After the Apple Card was rolled out with the underwriting of investment banking giant Goldman Sachs, Apple made it clear that skyrocketing growth was on the horizon, and that this method of payment could soon overtake the market share held by PayPal.

Even though the EU is already looking into claims made by music streaming service Spotify against Apple, this is hardly the only technology giant being investigated for potential antitrust activity. Facebook and Google are also being looked into by EU regulators with regard to their offerings in the bloc, particularly the former with its intentions of providing a digital currency system that will enable payment transactions and money transfer services to users of Instagram, Facebook, and WhatsApp.

How Artificial Intelligence is Impacting Cybersecurity [2023 Update]

AI has been something of a hot topic over the last few years, and many are debating whether or not its impact on human life is a good thing or a bad thing. AI is being relied upon more and more frequently by today’s enterprises, especially when it comes to cybersecurity. Here’s a look at the potential benefits and drawbacks.

The Positive Impacts of AI on Cybersecurity

In today’s online security world, secure biometric logins like fingerprints, retinas, or palm prints are being used with increasing frequency, either alone or in conjunction with a password. The majority of new smartphones use this technology, and with more and more large corporations being the victim of security breaches, cybersecurity experts have continually made it known that passwords alone can be extremely vulnerable.

Typically, information such as credit card numbers and other personal information such as email addresses and passwords is what gets compromised during a cyber-attack, so beefing up security with positive AI contributions such as biometric logins is a sure-fire way to tackle the problem.

AI is also able to detect all kinds of threats and potentially malicious activities. Unfathomable amounts of malware are created month after month, and older, conventional systems are simply unable to keep up. AI systems are being taught by cybersecurity companies to detect malware and viruses effectively with the use of complex algorithms. Even the smallest behaviors of malware or ransomware attacks can be picked up by an AI system and dealt with before they can achieve their goals.

Multi-factor authentications are one of the applications to which AI systems can be applied. If different users within a company have different levels of authentication privileges, also depending on where they’re accessing the data, AI can provide a much more dynamic authentication framework, which can collect the user information, in real-time, to understand the behavior of the person and determine their access privileges.

It’s estimated that up to 85% of customer interactions can be managed with AI as early as next year, and many e-commerce businesses have already turned to some type of AI to generate leads, improve customer experience, and gather insight into customer behavior. For example, an e-commerce business can improve the customer sales experience by integrating the technology with a CRM system to solve customer problems, answer questions, or support voice input.

The Negative Impacts of AI on Cybersecurity

While the positive impacts above don’t even begin to scratch the surface of the potential possibilities of AI lending its hand to cybersecurity, it is, however, worth mentioning that there are some downsides and limitations that prevent AI from going mainstream.

If an AI system is to be built and maintained, it would necessitate immense amounts of data, memory, computing power, and other resources. Also, due to the way in which AI systems are taught through learning data sets, it can take an incredibly long time, and at a fairly substantial cost, to source all of the malware codes, non-malicious codes, anomalies, and other data sets required.

One other negative point to consider is that hackers will also use AI themselves to test, improve, and enhance their malware with a view to it essentially becoming AI-proof. AI-proof malware can, as a result, be incredibly destructive as they learn from existing AI tools to develop more advanced attacks and easily get through both more traditional cybersecurity systems and even AI-boosted cybersecurity systems.

Online Retail Fraud on the Rise

According to the 2019 Fraud Attack Index by e-commerce security company Forter, attempts at defrauding online retailers have, for the second year consecutively, increased with online electronics and food and beverage retailers seeing the biggest hits.

After going through merchant and transaction data, Forter determined the rate at which e-commerce fraud attacks occur has increased between 2017 and 2018 over several different verticals.

Electronics

Fraud targeted at electronics retailers shot up by a huge 73% in 2018 compared to the year before. Electronic devices often come with hefty price tags, and they can be easily resold, making them so appealing to fraudsters. Forter’s analysis showed that customers are more than prepared to purchase their electronic goods from third-party sites in order to score a better deal, and many fraudsters will list their stolen items as “refurbished” items.

Food and Beverage

Fraudulent attacks against food and beverage companies saw an even bigger increase between 2017 and 2018 with a 79% increase in attacks. This comes following a 60% increase between 2016 and 2017. Forter’s analysis suggests that lower-priced online food and beverage items will be where fraudsters typically test out stolen cards or e-wallets, before then going onto more expensive higher-ticket items.

Clothing

Fraud attempts in the online clothing world rose by 47% between 2017 and 2018. Clothing has always been an appealing and attractive option to criminals, with bulk items being resold with relative ease. Much as was the case with electronic items, many legitimate buyers will be eager to purchase their clothing from third-party resale sites.

Bots can also be used by fraudsters to buy up large quantities of any limited edition clothing runs which they’ll then sell on with substantial mark-ups.

Jewelery and Luxury Items

It goes without saying that criminals have always been attracted to the high value of jewelry. 2018 saw a 19% year-on-year increase in attacks towards online sellers of jewelry and other luxury items.

The security company Forter’s study looked into many often undertaken means by which fraudulent attacks are typically launched upon online retailers. Account takeovers, whereby criminals will unlawfully gain access to an unsuspecting customer’s account with the aim to make illegal purchases, or even redeem loyalty points, grew by 45% in 2018 when compared to 2017. Fraudulent attacks coming from fraud rings, or even online criminals grouping together to commit fraud together grew by 26% year-on-year.

What saw the sharpest increase was policy abuse, which entails cheating retailers through discount codes and coupons, creating multiple accounts, or overusing referral reward programs. This saw an increase of a whopping 170%, whereas stricter e-commerce returns policies saw the more historically traditional fraudulent returns abuse drop by a huge 90%.

As of 2019, these are the 10 U.S. states with the highest rates of identity theft and fraud:

1. District of Columbia
2. California
3. Nevada
4. New Hampshire
5. South Carolina
6. Delaware
7. Louisiana
8. Texas
9. New York
10. Florida

And one last thing to consider if you are a merchant and you are worried about data breaches or fraud affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.

Stripe Funding Round Values Company at $35 Billion

Digital payment processing startup Stripe Inc said in a press release it raised $250 million in its latest funding round, bringing its pre-money value to $35 billion, which is more than a 50% increase to its valuation at the beginning of the year.

After raising $100 million from Tiger Global Management in a Series E round in January, Stripe had a $22.5 billion valuation. With investors like Andreeson Horowitz, General Catalyst, and Sequoia Capital, Stripe’s valuation puts it on the same level as Airbnb Inc, which announced it was going public in 2020.

Stripe Looking to Expand Global Reach

Stripe provides software that allows companies to send and receive online payments. Processing billions of dollars a year for businesses, including Airbnb, Wayfair, Twilio, a cloud tech company, and The RealReal, a luxury online reseller, among millions of other businesses around the globe, Stripe is a high tech credit card processing company.

Stripe will use its newly raised funds to broaden its product offerings. With five out of six new e-commerce merchants joining online from parts of the world beyond North America and Western Europe, Stripe will also expand its footprint overseas. Recently launching in eight additional countries, Stripe plans to expand to a total of 40 countries or 70% of the global economy in 2020.

The New Stripe Corporate Card

Piggybacking on the company’s launch earlier in September of Stripe Capital, Stripe also introduced a corporate credit card for e-commerce companies, which Stripe claims will cut the application time while also featuring digital tools.

Providing companies the ability to set spending limits, as well as block specific spending categories, the Stripe Corporate Card also allows cardholders to report expenses in real time, eliminating the manual process of expense reporting. With no fees, the card gives businesses 2% cashback on the two top spending categories every month.

Frequently Asked Questions

What is Stripe Capital?

Stripe’s lending product Stripe Capital allows small businesses to skip the lengthy application process to borrow money, freeing startups and small businesses to access capital when banks have decreased their lending to small businesses almost by half in the past ten years.

With less than eight percent of commerce taking place online, merchant services like Stripe can only grow. With quarterly e-commerce retail sales doubling since the start of 2014 according to the Commerce Department, it is still only 11% of the total retail sales in the quarter with nowhere to go but up.

While also handling in-store payments for customers, Stripe allows businesses to add the Stripe widget to their website, instantly creating a payment button for online customers. Worth 30% more than its online payment counterpart, Square, Stripe is evolving at a rapid pace, not only in the payment processing world but also in its expansion into business lending and corporate credit cards. With big clients like Wayfair, Stripe hopes to tap into the projected 12% annual growth for e-commerce.

What is Stripe?

Stripe is a financial technology company that provides software and APIs for businesses to accept online payments. It was founded in 2010 by Patrick and John Collison and is headquartered in San Francisco, California.

How much money did Stripe raise in its latest funding round?

Stripe raised $250 million in its latest funding round, which values the company at $35 billion. The round was led by Sequoia Capital, with participation from Andreessen Horowitz, General Catalyst, and other investors.

What will Stripe use the money from its latest funding round for?

Stripe plans to use the money from its latest funding round to expand its product suite, grow its international presence, and hire more employees. The company also plans to invest in new technologies, such as blockchain and cryptocurrency.

What is the significance of Stripe’s latest funding round?

Stripe’s latest funding round is a significant milestone for the company. It is the largest funding round ever raised by a privately held fintech company, and it values Stripe at a higher price than many publicly traded companies. The round also demonstrates strong investor confidence in Stripe’s business model and growth potential.

What are the implications of Stripe’s latest funding round for the payments industry?

Stripe’s latest funding round is a sign of the growing importance of online payments. The company’s success is a testament to the demand for simple, reliable, and affordable payment solutions. Stripe’s growth is also likely to accelerate the adoption of online payments by businesses of all sizes.

What are the next steps for Stripe?

Stripe is well-positioned for continued growth in the years to come. The company has a strong product suite, a large and growing customer base, and a deep pool of talent. Stripe is also well-funded, with over $1 billion in cash on hand. This gives the company the resources it needs to expand its product suite, grow its international presence, and hire more employees. Stripe is also likely to continue to invest in new technologies, such as blockchain and cryptocurrency.

Twitter CEO Backs Cryptocurrency Startup

The Wall Street Journal has been reporting this week that CEO of both Twitter and payment processing company Square, and longtime advocate of Bitcoin, Jack Dorsey has been a prominent investor in the two-year-old company CoinList during their Polychain Capital-led $10 million funding round.

What is CoinList?

CoinList was founded in San Francisco two years ago in 2017 with the aim of helping startup companies raise capital through the sale of cryptocurrency. They made waves almost out the gate during the cryptocurrency boom in ICOs (initial coin offerings) when tokens were exchanged for the money the companies were raising. With the roller coaster-like sudden rise and fall in Bitcoin, the market for ICOs blew up with it before it then bombed.

As the CEO of payments company Square, Dorsey has had Bitcoin of his own for some time, and has often advocated the positives of the cryptocurrency. Square recently announced that they will be introducing a new cryptocurrency service of their own called Square Crypto, as they also revealed that in the second quarter of 2019 alone they generated as much as $125 million in Bitcoin revenue.

The Future of Bitcoin

Despite being a fond advocate of Bitcoin, Dorsey said recently to the Australian Financial Review “[Bitcoin is] not functional as a currency. The peaks and troughs are like an investment asset and are equivalent to gold. What we need to do is make it more usable and accessible as a currency, but it’s not there yet.”

He did add, however, that he thinks Bitcoin can and will eventually grow and become more widely adopted by the online community by saying, “I think [Bitcoin is] the best because it’s been the most resilient, it’s around for 10 years, it has a great brand and it’s been tested a bunch. As I look at all cryptocurrencies that could fill that role of being the native currency for the internet, [bitcoin is] a pretty high probability.”

CoinList will aid new startups in raising money through token sales, and will then use that cash to build a new exchange platform they’re calling CoinList Trade. Along with CoinList Trade, they’ll also set up a cryptocurrency wallet, according to the Wall Street Journal.