GS Logo
The Green Sheet, Inc

Please Login

Banner Ad
Skyscraper Ad

Friday, December 15, 2017

Data breach aggregation: yes, it's a thing

S ecurity analysts are discussing a large cache of stolen credentials being sold on the Dark Web. 4iQ, a threat intelligence firm, made the disturbing discovery Dec. 5, 2017, during a routine investigation of an underground community forum. 4iQ investigators found the database of 1.4 billion stolen logins, displayed in clear text, organized alphabetically and optimized for search.

The database is an aggregated "dump file" of 252 high-profile data breaches, researchers noted. In addition to its record-breaking volume, the database has a user-friendly format with interactive tools to enable criminals to import new exploits as they occur. "The database was recently updated with the last set of data inserted on 11/29/2017," investigators reported. "The total amount of credentials (usernames/clear text password pairs) is 1,400,553,869."

Byron Rashed, Director of Marketing at SiO4 Ltd., said its turn-key characteristics and built-in tools make the database "a very efficient threat vector," that enables cyber gangs to deliver customized information to potential buyers in the underground economy. These tools can be repurposed on newly compromised caches of credentials, he noted. "This is especially dangerous since many users use their work credentials (both email and passwords) to access breached third-party sites, and in some cases of ISPs they use their [work] credentials a backup email, creating a potential threat vector for businesses."

Advanced tools for advanced threats

Experts are calling for more advanced tools to fight cybercrime's rapidly scaling infrastructure. Satya Gupta, founder and Chief Technology Officer at Virsec Systems said 4iQ's discovery highlights cybercrime's organizational efficiencies enable unskilled criminals to acquire stolen data. "As this data becomes commoditized, its value does diminish, but [this is] of little comfort to consumers whose data is available to thousands of criminals," he stated. "These dark web marketplaces are probably also funding more advanced, and stealthy attacks being designed against high-value corporate, government and infrastructure targets."

The ability to cultivate nascent criminals is an especially disturbing trend, agreed Michael Magrath, Director of Global Regulations & Standards at Vasco Data Security. "Not only is stolen data aggregated, it has been catalogued and packaged so even novices to the Dark Web can easily search and acquire targeted data in similar fashion to a marketer renting a mailing list from a list broker targeting specific demographics," he noted.

John Gunn, Chief Marketing Officer at Vasco, said passwords insufficiently protect against escalating attack vectors, and are sometimes "more effective at keeping legitimate users out of their own accounts than at stopping hackers." Advanced, multilayered security such as "biometrics, behavior analysis, and adaptive authentication are far more effective at stopping crime than passwords and they don't place any burden on the user," he added. He predicted these methods will soon become new, universal standards.

Enterprise-scale protections

The need for advanced security methods is critically imperative for organizations that manage and store data, said Lisa Baergen, APR, MCC, Marketing Director at NuData Security Inc., a Mastercard company. Financial institutions and payments industry stakeholders must migrate beyond collecting and storing static data that can be easily spoofed, she noted.

"With [GDPR] liability findings and rulings of the last year and this new discovery underscoring the scope and usability of personally identifiable information (PII) on the dark web, it's time to adopt technologies that look beyond the user's PII, such as biometrics," Baergen stated. "Taking a multi-layered approach that integrates authentication factors such as how the user behaves, their environment, and their patterns will give companies a holistic view of who the legitimate and would-be fraudulent are, and helps substantially decrease their liability exposure."

Gabriel Gumbs, Vice President of Product Strategy at Stealthbits Technologies, said 4iQ's discovery has implications beyond attackers gaining unauthorized access to personal and financial information; it points to a need for enterprises to improve their "corporate hygiene," by implementing stronger security and ending their dependence on passwords for protection. "Protecting against these types of attacks means that organizations need to adopt policies that not only protect against 'weak' passwords, but known breached ones as well," he stated. "A strong password policy simply cannot protect against an attacker [that has] access to the clear text version of that strong password."

Worldpay, Vantiv merger progressing
Wednesday, December 13, 2017

R ecent developments in the agreed upon merger of Vantiv Inc. and Worldpay Group plc, expected to close on Jan. 16, 2018, include confirmation of key executive roles and designation of Cincinnati as the new company's global and corporate headquarters. London, where Worldpay is based, will become the international headquarters for the new company, which will use the name Worldpay Inc. Upon closing, shares of common A stock will trade on the NYSE under the symbol "WP" and London Stock Exchange as "WPY".

Charles Drucker, President and Chief Executive Officer of Vantiv, will assume the role of Chairman and co-CEO of the new company. Worldpay CEO Philip Jansen will also serve as co-CEO of the newly formed company. In their new roles, Drucker will lead the company's strategic initiatives, including the integration of combined businesses, while Jansen will guide go-to-market and sales efforts, including cross-selling across the combined entities' client base.

Leadership team forms

"Our new executive team leverages the strong talent of the two companies," Drucker said about the merger. Jansen added, "The executive talent we've brought together will provide great continuity for the business and will help us have a fast-start in the market as the transaction closes."

Other key appointments that will be effective upon closing of the transaction include Stephanie Ferris as global Chief Financial Officer, Mark Heimbouch as Chief Operating Officer, Mark Kimber as Chief Product Officer, Kevin McCarten as Global Chief Strategy Officer and Matt Taylor as Executive Vice President of Global Integrated Payments and SMB eCommerce.

On Dec. 4, 2017, Vantiv launched an offering for the $1.13 billion equivalent of senior unsecured Notes due in 2025. Vantiv said it plans to use net proceeds from the offering of the Notes to refinance existing debt of Worldpay in connection with the acquisition and to pay fees and expenses connected with the financing. The Notes will be offered in the United States to qualified institutional buyers.

Worldpay teams with Klarna

In a separate development, Worldpay entered a partnership agreement with European payment provider Klarna Inc. in early December. The integrated offerings will allow ecommerce businesses across much of Europe to accept invoice and installment payments from online customers.

Merchants who offer these expanded payment options could see conversion rates improve by up to 20 percent, according to the partners. And for consumers, the ability to manage terms of payment offers more flexibility than with traditional credit or debit card payments.

"Klarna assumes responsibility for managing credit and fraud risks, allowing companies to quickly receive payment for orders and allowing consumers to pay only if they're happy with their purchase," said Michael Rouse, Chief Commercial Officer at Klarna. "We offer more flexibility in how to manage payments for products and services."

Breaches affect nearly 1 in 3 businesses, survey finds
Wednesday, December 13, 2017

A report published Dec. 7, 2017, by The Hartford Steam Boiler Inspection and Insurance Co. (HSB), found almost one-third of U.S. business owners experienced a data breach in the last 12 months. The HSB survey, conducted by Zogby Analytics, cited third-party contractors, employee negligence, and lost or stolen mobile devices as leading causes of the criminal exploits, HSB representatives stated.

"The results highlight how closely our economy and society are interconnected digitally," stated Timothy Zeilman, Vice President at HSB, a cyber insurance company. "Almost all of our personal and business data can be accessible on the Internet through online business connections, websites and social media. And that exposes our private information to attacks from hackers and cyber thieves."

HSB, a member of Munich Re's Risk Solutions, commissioned the survey, which interviewed 403 U.S. executives from institutions with revenues ranging from under $5 million to more than $200 million, Zeilman noted. With a margin for error of plus or minus 5 percentage points, the survey sought to anticipate trends and help customers worldwide respond to the complex, evolving threatscape, he said.

Key report findings

Report findings indicate that 29 percent of small business owners have experienced a data breach during the 12-month survey period. Following are additional key survey metrics researchers provided:

Knowledge, intelligent systems needed

Survey findings indicate a need for advanced authentication and protection, security analysts noted. "Fraudsters and organized criminal organizations are increasingly adept at leveraging a company's valuable data for ransomware and other types of attacks," said Lisa Baergen, Marketing Director at NuData Security Inc., a Mastercard company. "Moreover, stolen identity sets are usually sold to other cybercriminals and used for a myriad of criminal activities, including account takeover."

Outside vendors or contractors caused 47 percent of breaches, which highlights a need for more intelligent ways to authenticate customers, Baergen said. "It is not enough to verify users by their personally identifiable information to access an online account, as this is so widely available – and for low cost," she added. "Companies need a security intelligence that can evaluate not just the data but also the user behavior through passive biometrics."

Adding extra security layers can help companies detect behavioral anomalies and protect from unauthorized access, Baergen noted. "A multilayered solution that also looks at the human behavior won't avoid data breaches but will devalue stolen data and protect customers and businesses from breach damage," she said.

John Gunn, Chief Marketing Officer at VASCO Data Security concurred, adding, "We suspect the real rate of data breaches is significantly higher than reported, simply because many companies lack the forensic capabilities to detect that they have been compromised and that data has been stolen. It underscores the urgent need for businesses to implement multifactor authentication and a risk-based approach to access management."

An infographic of survey findings is available at .

$1 trillion credit card debt looming, Wallet Hub says
Wednesday, December 13, 2017

P ersonal finance website WalletHub stated a Federal Reserve rate hike is more than 99 percent likely to occur on Wed., Dec. 13, 2017, according to recent forecasts. "The move oculdn't come at a worse time for consumers," WalletHub stated upon releasing its December Rate Hike Report and Q3 2017 Credit Card Debt Study.

WalletHub projects 2017 will end with more than $50 billion in new credit card debt. "This fifth rate hike in recent years coincides with record increases in credit card debt levels that put us on pace to cross $1 trillion in outstanding balances by the end of the year," said Diana Popa, WalletHub Communications Manager. "And it contributes to an unwelcome holiday present for consumers: an extra $7.4 billion in credit card interest charges in 2018."

Key findings

WalletHub's main findings from the study follow:

For more details on the study, visit

Credit card debt can be a plus

This may or may not mean trouble down the road. With a major tax overhaul with far-reaching impacts expected on every sector, no one can predict how credit card debt will affect the overall economy and payments in particular. But pointed out that personal consumer spending is critical because it accounts for more than two-thirds of the U.S. gross domestic product.

"It's difficult for consumers to see debt as a good thing, as it means they have an obligation to pay someone out of their future earnings," the website states at . "It can also mean incurring costly interest charges. But credit card debt can actually be a positive thing from the standpoint of the entire economy.

"When people make charges to their credit cards, they may be using them as a means to finance purchases that they couldn't otherwise afford. Because consumers are able to make these purchases, businesses are then generating revenue they might not have received, stimulating the economy."

The site further mentions recent Gallup survey findings that 76 percent of adults in the United States reported having at least one credit card, and 48 percent acknowledged carrying credit card debt. "When you consider how these tens of millions of credit card users are able to make purchases just because they have a credit card, it's easy to see how credit card debt can indicate healthy levels of economic activity," Discover added.

Holiday shoppers favor multichannel retailers
Friday, December 8, 2017

E arly reports suggest merchants with both an online and brick-and-mortar presence attract more customers during the holiday shopping season. Analysts have seen a pre-shopping trend among consumers who research products online, then touch and buy in stores. Analysis published Dec. 4, 2017, by retail consultancy BRP, supports these observations. Gene Bornac, Senior Vice President at BRP, said technology has given customers more control of the shopping experience. "Now it is up to retailers to play catch up with their organization, processes and technology to deliver the right products for the right price in the right place," he said.

Additional shopping data from BRP's 2017 Merchandise Planning Benchmark Survey, found retailers updating their business models to accommodate tech-savvy shoppers. Following are some examples:

Increased mobile usage

Not surprisingly, most consumer pre-shopping research is performed on mobile platforms, analysts noted. Waltham, Mass.-based BlueSnap, a payment technology company, recorded a 125 percent increase in mobile wallet usage in 2017 among BlueSnap merchants and their customers. Company representatives said Apple Pay, Visa Checkout and PayPal have made it easier for businesses to turn on the payment methods their customers desire.

"We are thrilled that our customers saw strong sales growth as we kickoff the holiday shopping season," stated Ralph Dangelmaier, Chief Executive Officer at BlueSnap. "Our platform is helping them reach more shoppers than ever with all the functionality built in so they can spend their time growing their business and not managing multiple gateways and integrations."

BlueSnap researchers found mobile payments escalated during peak shopping days, surging 125 percent on Thanksgiving Day, 124 percent on Black Friday and 79 percent on Cyber Monday. Adobe's 2017 online shopping data for that day recorded a 22.2 percent increase in smartphone traffic, year over year; smartphone checkout revenue of $1.59 billion, a 39.2 percent increase, year over year; and a 12 percent increase in mobile transactions, compared with 2016. Additional holiday spending data from the National Retail Federation found 63 percent of smartphone owners researched products on their phones, and 29 percent used mobile checkout.

Mickey Mericle, Vice President, Marketing and Customer Insights at Adobe, believes smartphone commerce has reached a tipping point. "Shopping and buying on smartphones is becoming the new norm and can be attributed to continued optimizations in the retail experience on mobile devices and platforms," she said. "Consumers are also becoming more savvy and efficient online shoppers. People increasingly know where to find the best deals and what they want to purchase, which results in less price matching behavior typically done on desktops. Millennials were likely another reason for the dramatic growth in mobile, with 75 percent expecting to shop via their smartphone."

Healthy economic outlook

Early reports from the NRF found millennials to be the biggest mobile users, with the highest average tickets. NRF President and CEO Matthew Shay said positive consumer spend reflects a healthy economy. "All the fundamentals were in place for consumers to take advantage of incredible deals and promotions retailers had to offer," he said. "From good weather across the country to low unemployment and strong consumer confidence, the climate was right, literally and figuratively, for consumers to tackle their holiday shopping lists online and in stores."

An NRF survey found more than 64 million consumers shopped online and in stores in 2017, compared with 58 million who shopped only online, and over 51 million who shopped only in stores. Multichannel shoppers spent an average of $82 more than online-only shoppers, and $49 more than brick-and-mortar shoppers. Black Friday dominated overall holiday spend, attracting 77 million shoppers, followed by Small Business Saturday with 55 million consumers, NRF analysts found. They recorded the most online transactions on Cyber Monday, which exceeded $6 billion in spending in the 24-hour period.

By all accounts, the 2017 holiday shopping season is poised to be a record-breaking event that sets a higher bar for electronic transactions. Adobe expects online sales to climb throughout the holidays. Adobe noted that its retail report is based on metadata from 1 trillion visits to over 4,500 retail sites, as well as findings from Adobe Analytics, which measures 80 percent of online transactions from 100 leading ecommerce retailers.

View prior breaking news

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services | Wirecard