Tag Archives: security

Artificial Intelligence Impacting Cybersecurity

How Artificial Intelligence is Impacting Cybersecurity [2023 Update]

AI has been something of a hot topic over the last few years, and many are debating whether or not its impact on human life is a good thing or a bad thing. AI is being relied upon more and more frequently by today’s enterprises, especially when it comes to cybersecurity. Here’s a look at the potential benefits and drawbacks.

The Positive Impacts of AI on Cybersecurity

Cyber Security Data Breach Protection

In today’s online security world, secure biometric logins like fingerprints, retinas, or palm prints are being used with increasing frequency, either alone or in conjunction with a password. The majority of new smartphones use this technology, and with more and more large corporations being the victim of security breaches, cybersecurity experts have continually made it known that passwords alone can be extremely vulnerable.

Typically, information such as credit card numbers and other personal information such as email addresses and passwords is what gets compromised during a cyber-attack, so beefing up security with positive AI contributions such as biometric logins is a sure-fire way to tackle the problem.

AI is also able to detect all kinds of threats and potentially malicious activities. Unfathomable amounts of malware are created month after month, and older, conventional systems are simply unable to keep up. AI systems are being taught by cybersecurity companies to detect malware and viruses effectively with the use of complex algorithms. Even the smallest behaviors of malware or ransomware attacks can be picked up by an AI system and dealt with before they can achieve their goals.

Multi-factor authentications are one of the applications to which AI systems can be applied. If different users within a company have different levels of authentication privileges, also depending on where they’re accessing the data, AI can provide a much more dynamic authentication framework, which can collect the user information, in real-time, to understand the behavior of the person and determine their access privileges.

It’s estimated that up to 85% of customer interactions can be managed with AI as early as next year, and many e-commerce businesses have already turned to some type of AI to generate leads, improve customer experience, and gather insight into customer behavior. For example, an e-commerce business can improve the customer sales experience by integrating the technology with a CRM system to solve customer problems, answer questions, or support voice input.

The Negative Impacts of AI on Cybersecurity

While the positive impacts above don’t even begin to scratch the surface of the potential possibilities of AI lending its hand to cybersecurity, it is, however, worth mentioning that there are some downsides and limitations that prevent AI from going mainstream.

If an AI system is to be built and maintained, it would necessitate immense amounts of data, memory, computing power, and other resources. Also, due to the way in which AI systems are taught through learning data sets, it can take an incredibly long time, and at a fairly substantial cost, to source all of the malware codes, non-malicious codes, anomalies, and other data sets required.

One other negative point to consider is that hackers will also use AI themselves to test, improve, and enhance their malware with a view to it essentially becoming AI-proof. AI-proof malware can, as a result, be incredibly destructive as they learn from existing AI tools to develop more advanced attacks and easily get through both more traditional cybersecurity systems and even AI-boosted cybersecurity systems.

And one last thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.

UniCredit Unveils Data Breach That Involves 3 Million Users

On Monday, UniCredit revealed to the public that a 2015 file comprised of names, addresses, phone numbers, and email addresses pertaining to more than 3 million of their customer base was compromised and leaked.

This occurred in spite of spending an additional €2.4 billion over the past 3 years on cyber security enhancements to their IT systems. Despite UniCredit catering to a wide range of customers worldwide, the records leaked in Monday’s attack were related to only their Italian client base.

Cyber Security Data Breach ProtectionThe data breach was reported to authorities last Thursday, October 24th, while a company representative relayed the information to Reuters. While there were no details with regards to how the breach was able to happen, the spokesman did confirm that there is an internal investigation ongoing. Italian police are also examining the possibility that other crimes may have been committed in conjunction with the security breach.

This is the third such incident of its kind to affect UniCredit after two previous data breaches in September to October of 2016 and June to July of 2017 in which the private information of over 400,000 Italian customers was compromised. It is not thought that this latest attack is linked to those two in any way, however, as they were the result of a third party accessing customer data without any form of authorization or consent.

The Italian bank was quick to assure customers in their statement issued on Monday, however, that there was no serious financial information leaked in the data breach, nor were there any compromising information leaked that could lead to unauthorized access of customer accounts. The data lost by those affected is Personally Identifiable Information (PII) which won’t be able to lead to any unauthorized transactions. It is, however, usually used for social engineering campaigns, and it can potentially aid those who wish to commit identity theft.

UniCredit customers who may have been affected by the breach will have been contacted by them either by online banking notifications or via the post. A new business plan is expected to be presented by the bank in early December.

And one last thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.

Companies Ask Congress For Data Protection Law

Dozens of CEOs from companies like IBM and Amazon has sent an open letter to Senate and House leaders asking for comprehensive data protection laws. The letters claim state consumer privacy laws simply aren’t enough as they vary widely, lead to confusion, and threaten the competitiveness of the United States. The companies claim a federal law would create a more stable policy environment that allows companies to create products within precise and predictable boundaries.

The letter was sent on behalf of Business Roundtable, an association of CEOs of some of the largest companies in the United States. The CEOs of Walmart, State Farm, Salesforce, Qualcomm, IBM, AT&T, Visa, Mastercard, JP Morgan Chase, and Amazon are among those who have signed the letter.

The group blames a rising number of different state privacy regulations as a leading reason for complicated consumer privacy in the country. This patchwork of regulations has also increased complications for companies that must comply with laws across various jurisdictions and states.

E-commerce Data ProtectionOne of the most comprehensive forms of privacy protection passed at the state level is the California Consumer Protection Act (CCPA), a landmark privacy law that will go into effect in 2020. Beginning in 2020, Americans will have the right to demand a company disclose what personal data they have collected about the consumer and ask the company to delete the information or not share it with third parties. Companies will also need to be more upfront in telling consumers what data they collect.

While CCPA is a state law that technically only applies in California, it also covers any out-of-state merchant who sells to California or displays a website in the state. That means that any merchant will have a strong interest in complying with CCPA rather than leaving the fifth largest economy in the world.

With a single federal law for privacy and data protection that would supersede state laws, product design, data management, and compliance would be simplified.

However, some privacy advocates argue the tech companies are more interested in protecting their own interests as combining privacy regulations under a federal umbrella would allow lobby groups to water down meaningful protections. With too much protection, companies may have trouble selling certain types of consumer data to online advertisers, a large and growing area of business.

US Congress Meeting Data Protection ActThe Business Roundtable released its own consumer privacy framework it wants Congress to consider as the basis for a future privacy law. Their proposal includes many provisions of the General Data Protection Regulation (GDPR) of the European Union in more broad terms.

In February, the US Government Accountability Office (GAO), a government auditing agency, gave Congress permission for passing a national data privacy law to improve consumer protections much like the GDPR. GAO also recommended placing the FTC in charge of enforcing future privacy law in the United States.

By June, reports surfaced that lawmakers had reached a roadblock attempting to create a national privacy law. Senators could not agree on how strict rules should be or on the key items of the bill.

And one last thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.

FAQ About Companies Ask Congress For Data Protection Law

Why are companies asking Congress for a data protection law?

Companies are requesting a data protection law from Congress to establish a unified framework for handling personal data in the United States. The absence of a comprehensive federal law has led to a patchwork of state-level regulations, creating compliance complexities for businesses operating across multiple jurisdictions. u003cbru003eu003cbru003eCompanies recognize the need for clear guidelines and standardized practices to protect consumer data, enhance cybersecurity, and build trust with their customers. A federal data protection law would provide a consistent set of rules and requirements, ensuring companies can navigate the regulatory landscape more effectively while safeguarding individuals’ privacy rights.

What are the benefits of a federal data protection law?

A federal data protection law offers several advantages. Firstly, it provides a clear and consistent regulatory framework for businesses to follow, reducing ambiguity and compliance burdens. It establishes baseline standards for data privacy, security, and breach notification, enhancing consumer protection. u003cbru003eu003cbru003eA unified law simplifies compliance for companies operating nationally, minimizing the costs associated with meeting varying state-level requirements. It also fosters trust between businesses and consumers, as individuals can have greater confidence that their personal information is being handled responsibly. Additionally, a federal law enables improved cross-border data transfers, facilitating international business operations and promoting economic growth.

What are the challenges to passing a federal data protection law?

Several challenges hinder the passage of a federal data protection law. First and foremost is the complexity of crafting legislation that balances the interests of businesses, consumers, and government agencies. Finding consensus on issues such as defining personal data, determining appropriate consent mechanisms, and establishing penalties for non-compliance can be challenging.u003cbru003eu003cbru003ePolitical divisions and differing priorities among lawmakers also contribute to delays. Additionally, lobbying efforts from various industries may influence the content and scope of the law, potentially diluting its effectiveness. Striking a balance between protecting privacy rights and enabling innovation is a delicate task, requiring careful negotiation and compromise among stakeholders.

online e-commerce merchant password

What the Looming SCA Deadline Means for Merchants

With the Second Payment Services Directive (PSD2) now live, the European Union’s Strong Customer Authentication (SCA) regulation is now set to go into effect this month. The regulation, which aims to improve transaction security for customers and retailers, is set to bring a lot of confusion as merchants brace for the change.

What Is SCA?e-commerce online merchant security

Strong Customer Authentication is part of the PSD2 regulations that require greater security for many transactions using 2 of 3 forms of customer authentication. PSD2 went live in January 2018 with implications for all European companies that deal with payments. While PSD2 includes 11 mandates, one of the biggest implications is improving the security of e-commerce payments by increasing customer authentication.

Some transactions are exempt from SCA requirements including:

  • Trusted beneficiaries. Consumers can choose to add businesses they trust to a list of beneficiaries held by their issuing bank.
  • Recurring transactions involving subscription billing as long as SCA rules are applied to the first transaction or if the payment amount changes.
  • Low-value transactions of less than €30.

Merchant Responsibilities Under SCA

online e-commerce merchant passwordUnder the new guidelines, a merchant must provide card issuers with two authentication factors from customers for the transaction to be completed. The guidelines lay out three authentication factors:

  • Inherence, such as a fingerprint or other biometric
  • Possession, such as a credit card or device
  • Knowledge, such as a PIN or password

Soon, millions of consumers will need to confirm they are who they say they are during e-commerce transactions by responding to communication over a mobile device, providing personally identifiable information, or using a fingerprint or facial scan.

Are Merchants Ready for the Change?

SCA is required to be built into an online merchant’s checkout flow by September 14, 2019, although research shows most e-commerce retailers are nowhere near ready. A Mastercard survey found just 25% of online retailers were even aware of the impending SCA regulations and, of these retailers, 24% had no plans to support the new requirements by the approaching deadline.

Retailers who are not equipped for the Strong Customer Authentication requirements will soon see declines on European-based transactions if they are not exempt from the regulations or they do not have 3D-Secure authentication to securely verify card-not-present (CNP) transactions.

According to one estimate from Stripe, European businesses may lose up to $57 billion within the year of SCA requirements going into effect. The same study found just 40% of businesses that were aware of the Strong Customer Authentication guidelines were ready to meet the requirements.

Which Retailers Are Affected by SCA?

European merchants aren’t directly responsible for meeting the requirements of SCA as this falls on the issuers and acquirers within the European Economic Area (EEA). This includes the 28 members of the EU plus Liechtenstein, Iceland, and Norway. However, retailers who do not adhere to the guidelines will likely see an impact on authorization rates for card-not-present transactions.

SCA is only required for transactions in which the issuer and acquirer are in the EEA. Retailers who contract with an acquirer that is located in the EEA, for example, will be impacted with declines on transactions processed on cards issued in the EEA when SCA guidelines are not met.

The Yahoo Data Breach and Its Dire Consequences

Leave a reply

For internet giant Yahoo, the year 2016 cannot be over soon enough. The legendary internet services portal and search engine has been losing significant market share over the years, but two major security issues in 2016 may have compromised its future.

Yahoo has been involved in talks with American telecommunications giant Verizon about a possible merger. Massive data breach episodes announced by Yahoo in September and December could leave the company in a precarious position with regard to its finances.

The first data breach happened in 2013, and it involved the theft of personal data belonging to a billion users of the online service. The second incident, which took place a year later, compromised 500 million accounts.

An Endangered Merger

What is truly worrisome about these data breach instances is that the company’s security team had not been able to identify the method of intrusion as of late 2016. What is known, however, is that the data sets are being sold in the black market, and information such as passwords, dates of birth, and even secret question/answer challenges could now fall into the wrong hands.

Armed with the stolen data, hackers could engage in massive identity theft operations. Many users are known to use security question/answer combinations and passwords across many websites that provide personal banking and online payment services. Credit card holders would be particularly vulnerable in this regard.

The potential issues for hacked users are numerous; for its part, the company could now see its hopes of a merger evaporate. Earlier in 2016, Verizon lowered the proposed value of the acquisition, which at one point was mentioned to be around $4.8 billion. The second incident could actually turn Verizon completely off, thereby leaving Yahoo wistfully waiting for another buyer that may fail to materialize due to the negative press that the security incidents have received.

Fraudsters Don’t Take a Vacation During the Holidays

Leave a reply

Fraudsters know that some of the greatest opportunities to commit theft occur during the hustle and bustle of the holiday season. Consumers do not only have to worry about double-swiped credit cards at checkout and phone or email scams. Criminals study consumer buying habits and use those habits against them during the holidays.

Here are the top three worst habits:

Poor Attention

Shoppers are more likely to forget important safety and security habits when rushing around during the holidays. Always hold on to anything that might contain identifying information about you or property, including shopping bags, phones, wallets and purses. Additionally, pay close attention when you park your car and pump gas. Many criminals look for unlocked cars this time of year.

Cheap Attitudes

Some shoppers are so obsessed with the cheapest deals that they ignore common sense and known security risks when shopping online. They click links in emails and pick the cheapest deals even when the sources of these supposed deals are unfamiliar merchants. Fraudsters then steal their identities or banking information through phishing sites or perform payment scams where they take orders, forward the orders to known merchants and then keep the payments for themselves.

Technology Dependence

Now more than ever before, shoppers are depending on portable devices, the internet and apps to help them find great deals. Criminals use this dependence to their advantage by hacking portable devices in public places where shoppers use free WiFi to get updates about real-time deals and coupons. They also create fake shopping and merchant apps that collect personal information. To block thieves, never use portable devices through unsecured public networks, change passwords after every shopping trip and only install apps from verified merchant websites.

You do not need to become a victim. To stop fraudsters from ruining your fun over the holidays, always attempt to keep yourself aware of your environment and your actions and curb any impulsive and bad shopping and technology habits.

Online Dating Users Scammed Out of Millions [2023 Update]

Leave a reply

Dating sites pervade the Internet. This is nothing new. In fact, they have been around and in use almost since the World Wide Web became a global sensation. Scammers and fraudsters pervade society. This is also nothing new. What is new is that they have moved mainstream and have become more technological and innovative in their approach. These individuals have morphed together with online dating sites to create quite a problem. The new adage has become ‘If she sounds too good to be true, then click the ignore button.’ Sadly, too may are not heeding attention to this warning, resulting in more than a few online dating users being scammed out of millions.

FBI Information on Online Dating and Romance Scams

Bad Online Behavior Abounds

Much of this problem arises from individuals hiding behind their computer screen to commit crimes. People who might otherwise never commit such crimes face to face now feel empowered and emboldened by their ability to swindle people out of their hard earned money without ever having to meet them. They become fraudsters in the truest sense. These are not just people across the globe we are talking about either. They are everyday people down the street. In fact, they might not even be women at all, as these scammers are true masters of disguise. They can be whoever the individual at the other end of the computer connection wants them to be.

beware of online romance scams

Beware and Avoid Becoming the Next Victim

Online romance fraud affects nearly every type of individual. For some, the feeling of desperation and loneliness has become so bad that they want to believe the other person behind their online dating experience really does love them. They are willing to fork over thousands of dollars in order to fulfill this void. Still others are in a happily committed relationship already, yet they find something intriguing about having their own online persona. They can act out their wildest fantasies without anybody knowing about it. Then, fate steps in and scammers and fraudsters who know exactly how to play upon their emotions hoodwink them in.

Online Dating Scams and How to Avoid Them

Do not become the new victim of an online romance scam. Dating sites are working diligently to protect their customers, but individual vigilance is required here. Do not be afraid to meet others using this Internet revolution, but be cautious at the same time. If the other person sounds too good to be true, they probably are!

More Helpful Resources for Avoiding Online Romance Scams

Dating or Defrauding: Protect Yourself from Online Romance Scams

Romance Scams in 2023 – What to Watch Out For

Oracle MICROS Hackers

Oracle MICROS Hackers Also Hacked 5 Other Companies

Leave a reply

American companies that use credit card processing and merchant services are on high alert after a Russian hacking group breached the servers of various POS or point of sale systems.

The first victim of the breach was tech giant Oracle, which in mid-2016 acquired MICROS Systems, a major provider of POS solutions for the retail and hospitality industries.

Cyber-Attack on Oracle MICROS

Following the cyber-attack on Oracle MICROS, five more providers of cash registers reported being hacked by the same Russian crew.

The companies targeted by the hacking group have an important business aspect in common: they all offer cloud cash registers, which are advanced POS or point of sale systems integrated with functions such as employee scheduling, customer relationship management (CRM), credit card processing, marketing intelligence, merchant services, and more.

Security analysts who covered the aforementioned incidents explained that the Russian hackers were specifically looking for individual customer account records, which means that they were trying to get their hands on credit card data. A likely suspect has already been mentioned, the Carbanak Gang.

An initial security investigation indicates that Oracle became aware of the breach when it detected a malicious code in a few servers used by nearly 700 customers. The attack also included a help desk system used by Oracle to provide technical support to clients. This is very concerning because hackers could gain the ability of intercepting service tickets and spoofing support agents.

It is not unusual to see hacking crews such as the Carbanak Gang being suspected of pulling off major cyber heists. Internet security experts have been following this cybercrime group for a while; they believe that this group may be associated with the Bratva, which is the name insiders use to describe the Russian mafia.

It is interesting to note that one of the reasons major cyber-attacks come from Russia is that computer education has major support in public schools and state-funded universities. It is believed that the Russian government often recruits malicious hackers to work as cyber warfare agents.

How MICROS Point of Sale Systems Got Hacked

Leave a reply

Software giant Oracle Corporation became the victim of a data breach last week when a Russian organized cybercrime group gained access to hundreds of their systems. According to security experts the group gained access through a customer support portal for companies that use the MICROS point-of-sale software from Oracle. The MICROS software payment system is an extremely widely used credit card processing system and is used in more than 330,000 cash registers throughout the world. This makes MICROS undoubtedly one of the most used POS systems worldwide, and its compromising is a cause of great concern to both consumers and businesses alike.

The extent of the breach is currently unknown as Oracle has been somewhat slow to comment on what exactly has occurred, so far only revealing that malware was found in some systems run by MICROS and both unauthorized network connections and malicious processes had to be blocked. Oracle has also informed consumers that their credit card processing system ensures that data is encrypted throughout MICROS systems and which means they are less likely to be at risk. It is unclear at this time if customer data was even seized, however MICROS is encouraging all of its customers to err on the side of caution and reset their passwords and check their credit card statements.

A source with ties to the Russian criminal underground has claimed that this same group is tied to or responsible for stealing over $1 billion from banks worldwide last year through a series of malicious data breaches and hacking of merchant services worldwide. If this claim is true, this gang certainly knows what they are doing and as a result the breach could potentially be much larger than anticipated. Oracle themselves say initially they expected the data breach to be somewhat localized to just a handful of systems but soon realized that it had reached in excess of 700 systems for merchant services.

MICROS is a massive service throughout industries ranging from hospitality to standard retail cash registers, and it’s wide span of use should be cause for concern for a great deal of businesses. While it is unlikely that this data breach was an attempt to steal personal info from consumers, given the gang’s past, it cannot be completely ruled out as a possibility. However, it is far more likely that this was a robbery, perhaps of funds or at worse accessing various credit card processing information through MICROS systems in order to steal from individuals.

Regardless of their intentions, the MICROS data breach is being touted as nothing less than a “very big deal.”  It is potentially one of the largest data breaches in recent memory and one that certainly has the potential to be the most impactful to many consumers and businesses worldwide. It just goes to show that no company can be too secure when it comes to their merchant services and credit card processing systems.

Hotel Chain Looking into Data Breach

Leave a reply

Kimpton Hotels & Restaurants is investigating reports of a data breach at several of its properties.

Kimpton operates 62 boutique hotels across the country and has begun to look into the scale of this hacking. Management has hired a computer security firm to find out if guest information or internal systems have been hacked. The hotel group has been discreetly advising guests who recently stayed at Kimpton to monitor their credit card bills and immediately notify their banks of unauthorized charges.

Headquartered in San Francisco, Kimpton released a statement that said, in part, “Kimpton Hotels & Restaurants takes the protection of payment card data very seriously. Kimpton was recently made aware of a report of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties.” Kimpton says it is doing everything it can to resolve the matter. They do offer customers some small solace about fraudulent charges to customer accounts. “Payment card network rules generally state that cardholders are not responsible for such charges.”

One computer blog has reported finding multiple sources in the financial industry ready to confirm a pattern of fraudulent credit card processing, suggesting a data breach at somewhere in the vicinity of two dozen Kimpton hotels.

The hotel chain is not the only hotel to find itself on the wrong end of a data breach. Over the last year, a number of hotel chains, including Trump, Starwood, and Hilton, found themselves victim to cyber criminals with customers’ information stolen. Omni Hotels had 50,000 credit card numbers taken.

Reportedly, most of the incidents appear to have occurred at counters with POS systems, including gift shops, restaurants and stores, but there were also complex data breaches that accessed information through internal data systems.

These breaches only reinforce the need for strong security measures to avoid even the smallest data breach. From merchant services to POS, cyber criminals are working as fast as possible to breach security technology as developers are finding ways to fortify defenses. From patches and upgrades to better firewalls, everyone should be protecting their data which is always at risk.