September 20, 2023 | By: Justin McDonald, Sr. Risk Management Consultant, The Fraud Practice Organizations can better manage payment fraud by taking both an internal and external-looking approach to assess their fraud prevention strategy. In this context, an internal-looking approach refers to what an organization does in-house, how effectively they utilize the fraud prevention tools and technology available to them, and the self-assessments that drive growth and improvement. Looking externally refers to examining the tools, technology and platforms the organization leverages via partners and ..read more

Social engineering tactics led to both a ransomware attack and data breach against Caesars Entertainment and MGM Resorts. In an SEC filing, Caesars disclosed and undisclosed expense related to the attack, while the Wall Street Journal reported the hacker group demanded a $30 million dollar ransom. MGM Resorts suffered major disruptions from outages of their electronic payment systems, slot machines, paid parking systems and more as part of the ransomware attack. As of the time of publishing, MGM has not paid a ransom and is still suffering from outages disrupting business operations as a resul ..read more

Join Sift Trust and Safety Architect Rebecca Alter and The Fraud Practice’s Justin McDonald on October 4, 2023 at 10 AM PST/1 PM EST as they discuss strategy and provide insights as it relates to responding to payment fraud attacks in digital channels. With the holiday sales rush approaching, being prepared to respond quickly and with agility is critical to successfully navigating this high-volume time of year with elevated fraud activity. Topics covered in this webinar will include: Strategies to proactively detect when a fraud attack is on-going and assess the size and scope of the issue B ..read more

August 9, 2023 | By: Justin McDonald, Sr. Risk Management Consultant, The Fraud Practice Payment fraud is a persistent threat impacting organizations of all types. This article discusses three key rules at the core of effective payment fraud prevention strategies. 1. Focus on Containment and Rapid Response It’s naive to think we can stop every fraud attempt. Even if we could, it would come at the expense of an exorbitant false positives rate. Therefore, the basis for most fraud prevention strategies begins with containment. Although it’s impossible to prevent every instance of fraud, we can fo ..read more

Fraudsters accessed the rewards platform of clothing retailer Hot Topic impacting an unknown number of customers and compromising personally identifiable information (PII). The unauthorized account access was the result of credential stuffing attacks systematically attempted by bots able to access accounts that used the same email address and password combinations compromised in another data breach. The cyber attacks occurred on multiple occasions between early February and late June of this year. The retailer reported the incident to consumers and filed a data breach notification with the sta ..read more

Card Not Present (CNP) payment fraud losses in the US are expected to increase to nearly $9.5 billion in 2023, according to eMarketer. This marks an 8.5 percent increase from 2022 while CNP channel fraud will represent 73 percent of total card payment fraud in the United States. Most notably, the share of card-based payment fraud that occurs in the CNP channel has increased from 57 percent in 2019 to 72 percent in 2022. Although the year-over-year increase in CNP card fraud is diminishing, it is expected to grow by an additional 7 percent in 2024 to reach $10.16 billion and represent 74 percen ..read more

Nearly 480,000 members of the now defunct, dark web hacker forum RaidForums got a taste of their own medicine when their personal information was posted on another dark web site for posting and selling stolen data. The RaidForums website was a forum for hackers and fraudsters to post or obtain data compromised in data breaches, sometimes given for free and sometimes for sale. The site was shut down by an international law enforcement operation in April 2022 along with the arrest of three people involved with the hacker forum site. Shutting down these hacker forums continues to be game of whack ..read more

The share of US cardholders who have seen fraudulent charges on their credit or debit cards increased to 65 percent in 2022, up from 58 percent in 2021, according to a survey conducted by Security.org. 150 million American consumers have now experienced card fraud firsthand, 21 percent of all US cardholders have experienced card fraud twice or more. The silver lining is that the fraudulent charge is often relatively small at less than $50 one-third of the time, implying a meaningful degree of carding or card testing activity that is being caught by the cardholder. Fraudulent charges between $5 ..read more

A ransomware group claimed to have 4.7 TB of data stolen from pharmacy services provider PharMerica, including the full names, addresses, dates of birth, medical information and Social Security numbers for more than 5.8 million people. PharMerica, a Fortune 1000 company that operates in all 50 US states, has not verified how the breach occurred, but the fraud ring that posted the stolen data says the company did not meet the deadline for their ransomware payment. PharMerica discovered the data breach in March and just this month sent data breach notices to the nearly 6 million impacted consume ..read more

Ajay Banga, who served as MasterCard CEO from 2010 to 2020, was elected as the 14th president of World Bank in early May, following nomination from the Biden administration in February. Although Banga has extensive private and public sector experience, his decade-long tenure at MasterCard, and his leadership during the company’s massive growth and diversification into eCommerce payments and fraud prevention, likely played a role in his nomination and ultimate election by member states. It will be interesting to see how Banga’s experience as one of the largest payments related companies in the ..read more