“In my nine to ten years investigating cyber, the one thing I can tell you is, it’s evolved,” Ellis said. “The cyberthreat is constantly changing. Things I talk about today will be different next year. Things I talk about next year will be different the year after that.”
Cybercriminals are trying to create full profile on you. Ellis noted that they are no longer just attempting a breach for debit and credit card fraud; they’re taking things a step further. “Bad guys are specifically targeting you; they want to pull the websites that you go to. They want to get your user ID, your password, your PIN numbers, etc. They’re also launching spearphishing attacks; directly targeting victims with emails, links, and going after professionals with access to Lexis Nexis and credit reports.
Why go after all this data? “We found out that now the bad guys are creating workups on us,” Ellis said. “They don’t just want your name and your social security number. They want every credit card that you have. They want to know your rental history, where you moved to, whether you’re married, how many dependents do you have. Because if I know everything about you, I can practically be you.”
Prepaid card fraud is skyrocketing. While all card fraud are increasing, the trends show prepaid card fraud rising at an alarming rate.
Ellis said he worked a stolen identity case recently in Texas. “You had this group of individuals and they intercepted people’s information,” he said. “They took it and went around to retailers and purchased Green Dot prepaid cards. After they purchased these cards, they downloaded and issued tax returns. They would direct the tax return they filed in your name, straight to that card. They were using these prepaid cards like virtual bank accounts. They had mules that would go out to automated teller machines (ATMs) and cash out all this money.”
Ellis added that this particular group was connected to groups in Cincinnati, Atlanta and Florida. “But at the end of the day, we found out that these cyber criminals had attempted US$100m loss. Actual losses totaled US$56m.”
To mitigate this threat, the FBI is analysing purchases, trying to determine what the criminals are doing with these prepaid cards; what they are purchasing with them. The FBI is also working closely with retailers to find out whose personally identifiable information (PII) was used to determine if a breach occurred. The agency is also looking at the addresses these crooks are making when they make online purchases with these cards.
Mobile malware is becoming an even bigger threat to mobile payments. The FBI has strong partnerships in the telecommunications industry, and also works with the Wireless Association and the Communications Fraud Control Association (CFCA) to analyze different types of mobile malware.
“Malware today steals contact information from your phones,” Ellis said. “It steals your call logs and your address books. It’s tracking your websites. It’s trying to pull your passwords. We use smartphones now like we use computers. We can check our bank accounts and make payments, and there’s malware that specifically goes after that. You also have malware that takes components of your mobile device and takes it over.”
The FBI provides the following tips for protecting yourself against mobile malware.
- Be careful about the links that you click on in a text or email.
- Read permissions on apps. What exactly are you allowing when you download an app?
- Update your device regularly.
- Passcode protect your devices.
Underground forums are the place to be if you’re a cybercriminal. Fully 95% of cybercriminals are active on underground forums. Ellis noted that he has been undercover on some of these boards. “You should hear the things they’re talking about,” he said. “They’re talking about ways that they can extort your data. They’re talking about who has a vulnerability. They’re talking about ways that they can take this information and use it come after us, because we’re the victims.”
Ellis stressed that the bad guys are talking; they’re game planning. Treasury and finance professionals then, have to do the same thing. “Gone are the days when, if something happens, you don’t talk about it with other organizations; we need to be sharing,” he said. “There could be something that you see, that someone else doesn’t. And unless we’re talking, we don’t know. So we have to use venues like this, we’ve got to have work groups and task forces, we’ve got to have public service announcements. We have to be sharing information with our communities.”
There has been an uptick of treasurers inquiring about interest rate risk management in recent months as interest rates in the US and UK have started to show a rise in momentum, said Chatham Financial at the annual Bellin treasury conference.
A series of governments are now very worried about the idea of bitcoin and these currencies because customers would be able to make sustainable ongoing transactions and payments without having to ever introduce the use of a typical financial model or banking system. To combat this potential threat, several countries including major central banks like the Bank of England and the Bank of Israel will be launching their own version of a cryptocurrency. This could bring big advantages to customers.
PSD2 is set to remake the EU payments marketplace. This deliberate public policy exercise is going to regulate and demonstrate what next generation financial crime competencies must be and cement the standard going forward.
In modern-day banking, transactions are still a laborious process—sending money across the globe involves time, effort and risk. Payments moving across borders are slow, as they typically hop from one correspondent bank to another, each sitting on the funds, ccollecting afloat for who-knows-how-long.