Dec. 29, 2018
US-based PNC Bank is in the middle of a pilot project that aims to test out credit cards with constantly changing card verification values (or CVVs) to reduce online credit card fraud. The dynamic CVV is displayed on the back of such a card in e-ink, and changes according to an algorithm supplied by Visa. Services like Apple Pay and Google Pay try to combat online card theft by using tokenization to obscure a person’s card numbers from theft while online.
May. 29, 2018
Two Canadian banks warned Monday they have been targeted by hackers, and that the personal information of tens of thousands of customers may have been stolen — something that appeared to be confirmed in a letter to the media from someone who said they were demanding a $1-million ransom from the banks. CIBC-ownedSimplii Financial was the first to warn on Monday morningthat hackers had accessed thepersonal and account information of more than 40,000 of the bank’s customers. The bank said it received a tip over the weekend that hackers had obtained the data, and after a preliminary investigation decided to go public on Monday.
May. 28, 2018
A man watched helplessly as cybercriminals stole £9,000 (nearly US$12,000) from his account at British bank TSB while he waited – for four-and-a-half hours – to get through to the bank’s fraud line, according to a BBC report. Ben Alford, of Weymouth in the United Kingdom, has described how he put in a call to TSB after noticing that somebody had taken out a loan in his name from another bank. While he was logged into his TSB online account and waited for the bank’s fraud department to deal with his phone call, he saw how two sums – £5,000 and £4,000 – were stolen from his account in two transactions.
May. 25, 2018
To steal money from a victim’s account via the internet banking interface, typical banking malware will inject itself or its specialized banking module into the browser’s process address space. For many reasons, this is not an easy task – first of all, as mentioned before, the injection might be intercepted by a third-party security solution. The injected module also needs to match the bitness of the browser – a 32-bit module cannot be injected into a 64-bit browser process and vice versa.
Mar. 9, 2018
Cybercriminals stole 3.8 million slopes (860,000 euros) from 32 ATMs belonging to the Raiffeisen Romania bank using an infected RTF document. The criminal organization led by Dmitriy Kvasov operated in Romania, the gang stole the money in just one night in 2016.
Source: securityaffairs.co
Mar. 7, 2018
A large number of banks, credit unions and other financial institutions just pushed customers onto new e-banking platforms that asked them to reset their account passwords by entering a username plus some other static identifier — such as the first six digits of their Social Security number (SSN), or a mix of partial SSN, date of birth and surname. Here’s a closer look at what may be going on (spoiler: small, regional banks and credit unions have grown far too reliant on the whims of just a few major online banking platform providers).