Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Visa. Show all posts

Visa Bolsters Cybersecurity Defenses with AI and Machine Learning


Enhancing Fraud Detection and Prevention with Visa Advanced Authorization (VAA)

Visa is one of the largest payment companies in the world, handling billions of transactions every year. As such, it is a prime target for cyberattacks from hackers looking to steal sensitive financial information. To counter these threats, Visa has turned to artificial intelligence (AI) and machine learning (ML) to bolster its security defenses.

AI and ML offer several advantages over traditional cybersecurity methods. They can detect and respond to threats in real time, identify patterns in data that humans may miss, and adapt to changing threat landscapes. Visa has incorporated these technologies into its fraud detection and prevention systems, which help identify and block fraudulent transactions before they can cause harm.

Proactive Risk Assessment with Visa's Risk Manager Platform

One example of how Visa is using AI to counter cyberattacks is through its Visa Advanced Authorization (VAA) system. VAA uses ML algorithms to analyze transaction data and identify patterns of fraudulent activity. The system learns from historical data and uses that knowledge to detect and prevent future fraud attempts. This approach has been highly effective, with VAA reportedly blocking $25 billion in fraudulent transactions in 2020 alone.

Visa is also using AI to enhance its risk assessment capabilities. The company's Risk Manager platform uses ML algorithms to analyze transaction data and identify potential fraud risks. The system can detect unusual behavior patterns, such as a sudden increase in transaction volume or an unexpected change in location, and flag them for further investigation. This allows Visa to proactively address potential risks before they turn into full-fledged cyberattacks.

Using AI for Threat Intelligence with CyberSource Threat Intelligence

Another area where Visa is using AI to counter cyberattacks is in threat intelligence. The company's CyberSource Threat Intelligence service uses ML algorithms to analyze global threat data and identify potential security threats. This information is then shared with Visa's clients, helping them stay ahead of emerging threats and minimize their risk of a cyberattack.

Real-Time Detection and Disruption of Cyberattacks with Visa Payment Fraud Disruption (PFD) Platform

Visa has also developed a tool called the Visa Payment Fraud Disruption (PFD) platform, which uses AI to detect and disrupt cyberattacks targeting Visa clients. The PFD platform analyzes transaction data in real time and identifies any unusual activity that could indicate a cyberattack. The system then alerts Visa's cybersecurity team, who can take immediate action to prevent the attack from causing harm.

In addition to these measures, Visa is also investing in the development of AI and ML technologies to further enhance its cybersecurity capabilities. The company has partnered with leading AI firms and academic institutions to develop new tools and techniques to detect and prevent cyberattacks more effectively.

Overall, Visa's use of AI and ML in its cybersecurity systems has proven highly effective in countering cyberattacks. By leveraging these technologies, Visa is able to detect and respond to threats in real time, identify patterns in data that humans may miss, and adapt to changing threat landscapes. As cyberattacks continue to evolve and become more sophisticated, Visa will likely continue to invest in AI and ML to stay ahead of the curve and protect its customers' sensitive financial information.

RBI Employs Tokenization to Combat Breaches

 

The RBI, the central bank of India, is now prepared to impose card tokenization in India after permitting customers to link credit cards with UPI. In the midst of all of this, many users are perplexed as to what card tokenization actually is and why applications and websites advise users to safeguard their credit and debit cards following the RBI's new rules.
 
What is tokenization? 

Tokenization is the process of replacing actual card information with a special alternate code called a 'token,' which must be different for each card, token requester, and device, i.e. the organization that accepts customer requests for card tokenization and forwards them to the card network to produce a corresponding token.

Researchers are still quite aware of the data exposures from MobiKwik and Domino's India. As users can see, the data becomes vulnerable to data breaches and leaks if you store your private card information on the cloud servers of numerous such online apps and websites.

Although some websites might have the highest levels of security in place to protect user credit card information, others may not be adhering to international security requirements. Having credit card information being dispersed over several servers with varying levels of security gives hackers more access points. The RBI now wants to alter the current state of digital payments and standardize 'tokenization' to increase the security of all online card transactions.

In September 2021, the RBI ordered that card-on-file (CoF) tokenization be used instead of retailers holding client card information on their systems beginning January 1, 2022. In addition, businesses such as apps, websites, payment processors like RazorPay, or banks will no longer be responsible for safeguarding your card information. Tokenization is a technique the RBI developed to protect domestic card transactions by employing random strings of tokens rather than disclosing the user's personal card information.

Since the regulation on tokenization was published, according to Deputy Governor Sankar, the central bank has been in close contact with all stakeholders to guarantee a smooth transition to the tokenization policy.

How does tokenization work? 

The process of tokenizing cards is straightforward. When a card is chosen to be tokenized, the card network such as Visa, MasterCard, etc. issues the token with the bank's approval and gives it to the retailer. For example, when you save an SBI Visa debit card on Paytm by RBI's requirements, Visa will create the token with SBI's permission and share it with Paytm.

If you decide to save the identical credit or debit card on some other app, let's say Amazon, a new token will be issued and shared with Amazon. The token will vary based on the merchant and device, even if it's the same card. From a security standpoint, it implies the tokens are unique and discrete, which is beneficial.

Potential effects of tokenization

The RBI was forced to develop card tokenization as a result of the constant data leaks, thefts, and breaches that occur in the digital age. Not to add that the various security standards used by apps, websites, payment processors, and other middlemen compromise users' online security.

Tokenization has very little of an effect on the customer. Customers simply need to submit their card information once to receive a token. The process of tokenization will then be initiated by the merchant at no further cost or customer effort.

According to experts, there are no drawbacks to card tokenization from the perspective of the end-user. The RBI standards must be implemented by merchants and payment systems, but aside from that, consumers benefit.

Fraudulent UK Visa Scams Circulate on WhatsApp


According to a Malwarebytes report, individuals working in the UK are being scammed by a recent phishing campaign on WhatsApp. 

Scammers claim in a WhatsApp message that users who are willing to relocate to the UK for work will be eligible for a free visa as well as other perks. 

Bogus scam message 

Scam operators are disseminating information under the pretext of the UK government, promising a free visa and other advantages to anyone who wants to migrate there. The chosen candidates would be given travel and lodging expenses as well as access to medical facilities. 

The WhatsApp chat app is used to transmit to target volumes to start the fraud. Users are informed that the UK is conducting a recruiting drive with more than 186,000 open job positions because the country will require more than 132,000 additional workers by the year 2022. 

The objective of the scam 

When a victim clicks on the scam link, a malicious domain that looks like a website for UK Visas and Immigration is displayed to them. "Apply for thousands of jobs already available in the United Kingdom," is the request made to foreign nationals as per the scam.

The website's goal is to collect victims' names, email addresses, phone numbers, marital statuses, and employment statuses. 

Any information entered into the free application form is instantly 'accepted,' and the user is informed that they "will be provided a work permit, visa, plane tickets, and housing in the UK for free" according to a Malwarebytes report. 


Report fake WhatsApp messages

Users have the option to Report and Block on WhatsApp if they get a message from someone who is not on their contact list. One should disregard these spam communications and use the report button to file a complaint. Additionally, users can block these contacts in order to stop getting future scam messages from them.

Phishing attacks with a Visa theme are a typical occurrence in the world of cybercriminals. A similar hoax circulated several times in the past to entice people looking to work or study abroad.


Russian Groups are Plagued by OldGremlin Ransomware Threat

 

The new cyber-crime squad, known as OldGremlin, is actively targeting banks, medical institutions, software developers, and industrial firms, among other targets. The gang differentiates from all other ransomware groups by launching a limited number of campaigns – just under five since early 2021 – which solely target Russian firms and employ proprietary backdoors developed in-house.

OldGremlin has claimed ransoms as large as $3 million from one of its victims, despite being less active, which may indicate the ransomware business is approaching moonlighting. Two phishing attacks that were conducted near the end of March 2022 constitute the most current OldGremlin activities. It might be too early to say how many organizations were attacked, but security experts say roughly one Russian mining corporation is on the list of victims. The adversary did not deviate from its previously observed strategy of exploiting trending news topics to gain initial access. 

As per cybersecurity experts at Singapore-based cybersecurity firm Group-IB, this time OldGremlin scammed a senior auditor at a Russian financial organization, advising that the Visa and Mastercard payment service systems will be suspended due to recent sanctions placed on Russia.

The email directed recipients to a malicious Dropbox document that downloads TinyFluff, a backdoor that opens the Node.js interpreter and grants the attacker remote access to the target system. The email then allowed OldGremlin remote access to the machine via a malicious file that used a backdoor known as "TinyFluff," which the gang upgraded from a prior backdoor known as "TinyNode." The target receives a ransom note once the attacker has gained access to the system and has access to system data. A mining business, according to Group-IB, is one of the possible victims. 

Another well-known ransomware group, NB65, has been trying to frustrate Russian operations, including the alleged theft of 900,000 emails and 4,000 files from the state-owned television and radio broadcasting network VGTRK. In March, the organization exploited released source code from the Conti Ransomware gang – a Russia-linked threat actor — to create distinct ransomware for the first time. 

The researchers can study the directives for these steps of the assault using a traffic sniffer because they are provided in cleartext.
  • Gathering data on the infected system or device. 
  • Collecting information about the drives that are connected.
  • Executing a command in the cmd.exe shell and passing the output to the command and control server (C2) 
  • Receiving information about the system's installed plugins.
  • Obtaining information about files on the system drive's specified folders puts an end to the Node.js interpreter.
  • Before executing the last step of the assault, TinyCrypt/TinyCryptor, the group's proprietary ransomware payload, OldGremlin can spend months within the infiltrated network. 
The gang only ran one phishing effort in 2021, but it was enough to keep them occupied for the entire year as it gave them initial access to a network of various firms. Apart from the target Russian mining company, Group-IB believes that a higher number of OldGremlin victims will be discovered this year as a result of the group's March phishing operation. 
 
The researchers believe OldGremlin has Russian-speaking members based on the evidence they collected and after examining the quality of the phishing emails and decoy papers. They called the group's understanding of the Russian terrain "astonishing." OldGremlin defies the mold by focusing solely on Russian businesses including banks, industrial corporations, medical institutions, and software producers.

Researchers Make Contactless Visa Payment Using iphone Flaw

 

Cybersecurity experts in a video showed how to make a contactless Visa payment of €1,000 from a locked iphone. These unauthorised payments can be made while the iPhone is locked, it is done via exploiting an Apple Pay feature built to assist users transaction easily at ticket barriers payments with Visa. 

Apple responded by saying the problem is concerned with a Visa system. However, Visa says that its payments are safe and the such attacks lie outside of its lab and are impractical. Experts believe that the problem exists in the Visa cards setup in 'Express Transit' mode in iPhone wallet. 

It is a feature (express transit) which allows users to make fast contactless payments without unlocking their phone. However, the feature turned out to be a drawback with Visa system, as experts found a way to launch an attack. While scientists demonstrated the attack, the money debited was from their personal accounts. 

How does the attack look? 

  • A small radio is placed beside the iPhone, the device thinks of it as a legit ticket barrier. 
  • Meanwhile an android phone runs an application to relay signals (developed by experts) from the iPhone to a contactless transaction platform, it could be in a shop or a place that is controlled by the criminal. 
  • As the iPhone thinks the payment is being done to a ticket barrier, it doesn't unlock. 
However, the iPhone's contact with the transaction platform is altered to make it think that the iPhone has been unlocked and an authorized payment is done which allows high value payments, without the need of fingerprint, PIN, or Face Id verification. 

The experts while demonstrating in a video did a €1,000 Visa transaction without unlocking the iPhone, or authorizing the payment. According to experts, the payment terminals and android phones used here don't need to near the targeted iPhone. 

As of now, the demonstration has only been done by experts in the lab and no reports of the feature exploit in the wild have been reported. "The researchers also tested Samsung Pay, but found it could not be exploited in this way.They also tested Mastercard but found that the way its security works prevented the attack. 

Co-author Dr Ioana Boureanu, from the University of Surrey, said this showed systems could be "both usable and secure". The research is due to be presented at the 2022 IEEE Symposium on Security and Privacy," reports BBC.

Security Issues in Visa and Apple Payment Could Result in Fraudulent Contactless Payments

 

Researchers warn that an attacker who steals a locked iPhone can use a saved Visa card to conduct contactless payments worth thousands of dollars without having to unlock the phone. According to an academic team from the Universities of Birmingham and Surrey, backed by the UK's National Cyber Security Centre (NCSC), the problem is caused by unpatched vulnerabilities in both the Apple Pay and Visa systems. Visa, on the other hand, claims that Apple Pay transactions are safe and that any real-world assaults would be impossible to execute. 

Any iPhone with a Visa card set up in "Express Transit" mode can make fraudulent tap-and-go payments at card readers, according to the team. Commuters all around the world, including those on the New York City subway, the Chicago El, and the London Underground, may tap their phones on a reader to pay their fares without having to unlock their devices. 

The problem, which exclusively affects Apple Pay and Visa, is created, according to the researchers, by the usage of a unique code, dubbed "magic bytes," that is broadcast by transit gates and turnstiles to open Apple Pay. They were able to undertake a relay attack using ordinary radio equipment, deceiving an iPhone into thinking it was talking to a transit gate, according to the team. 

 “An attacker only needs a stolen, powered-on iPhone,” according to a writeup published this week. “The transactions could also be relayed from an iPhone inside someone’s bag, without their knowledge. The attacker needs no assistance from the merchant.” 

The researchers demonstrated a £1,000 payment being delivered from a locked iPhone to a normal, non-transit Europay, Mastercard, and Visa (EMV) credit-card reader in a proof-of-concept video. Visa said in a statement that Visa cards linked to Apple Pay Express Transit are safe to use and that cardholders should continue to do so. Contactless fraud methods have been investigated in the lab for over a decade and have proven to be impracticable to implement on a large scale in the real world. They also said that it takes all security concerns seriously and is always working to improve payment security across the ecosystem. 

“Logically, it’s an interesting advancement of tapping a contactless card machine against someone’s wallet/purse in their back pocket on the subway/metro,” Ken Munro, a researcher with Pen Test Partners, said. “However, I’m more concerned about the threat of fraud with a stolen phone. In the past, the PIN would have prevented fraud from a stolen phone. Now, there’s a valid attack method that makes theft of a phone with Express Transit enabled really quite valuable.”

Shell’s Employees’ Visas Dumped Online as part of Extortion Attempt

 



Royal Dutch Shell became the latest corporation to witness an attack by the Clop ransomware group. The compromised servers were rebuilt and brought into service with a new Accellion security patch; the security patch eliminates the vulnerabilities and enhances security controls to detect new attacks and threats. 

"A cyber incident impacted a third-party, Accellion, software tool called the File Transfer Appliance (FTA) which is used within Shell," stated Shell spinner. In a statement last week, Shell confirmed that it too was affected by the security incident but it has only affected the Accellion FTA appliance which is used to transfer large data files securely by the company. 

In an attempt to bribe the company into paying a ransom, the criminals behind the malware have siphoned sensitive documents from a software system used by Shell and leaked some of the data online, including a set of employees' passports and visa scans. The idea being that once the ransom is paid, no further information will be released into the public domain. 

As stated by Shell, the data accessed during a “limited window of time” contained some personal data together with data from Shell companies and some of their stakeholders. The company to downplay the impact stated that “there is no evidence of any impact to Shell’s core IT systems,” and the server accessed was “isolated from the rest of Shell’s digital infrastructure.” But it did acknowledge that the crooks had probably grabbed “some personal data and data from Shell companies and some of their stakeholders.” 

Previously this month, files from infosec outfit Qualys, including purchase orders, appliance scan results, and quotations also surfaced on the extortionists' hidden site. Other victims include Canadian aerospace firm Bombardier, which had details of a military-grade radar leaked, London ad agency The7stars, and German giant Software AG.

The group has now posted several documents to its Tor-hidden website, including scans of supposed Shell employees' US visas, a passport page, and files from its American and Hungarian offices, in order to persuade Shell to compensate the hackers and prevent more stolen data from leaking. 

According to BleepingComputer, to stack up the pressure, the Clop gang now e-mails its victims' to warn them that the data is stolen and will be leaked if a ransom is not paid.