The Risks of Digital Payment Crime
Four recent stories about digital payment crime highlight the changing profile of financial crime from payment cards to cryptocurrencies.
The first relates to ‘traditional’ card crime and how the dark web is being used to sell card details. The second looks at how an instant payment scheme, in this case Brazil’s, has led to a rapid increase in kidnapping. The third story is about losses experienced by a crypto exchange. The final piece, perhaps, throws light on one of the reasons why it is happening, the pace and breadth technology change is so rapid it is creating loopholes and uncovered risks.
The price of stolen payment cards
The dark web remains a favourite place to buy and sell payment cards.
NordVPN reports that some 4 million from 140 countries are sold there. By number of cards, the countries with the most cards sold are the US, Australia and UK. On a per capita basis Hong Kong, Australia and the UK are worst.
Prices per card ranged from $20 (Hong Kong and the Philippines) to $1 (Mexicans, Americans and Australians), with the average price being $9.70.
São Paulo reacts to Pix crimes
A bill has been in the São Paulo Legislative Assembly to suspend Brazil’s instant payments system Pix in the state until the Central Bank of Brazil introduces mechanisms to ensure consumer safety.
This proposal is a reaction to the increase in kidnappings, where consumers are forced to make instant transfers to criminals while being held ransom.
The bill’s proposer argues the central bank did not anticipate how the ease and convenience offered by Pix would be used by criminals, not helped by the leak of 395,000 Pix keys in October 2021. A Pix key is a ‘nickname’ associated with a user’s full account details, for example a mobile phone number, email address, QR code, a random password etc.
Pix, introduced in November 2020, has 104 million registered users and processed over 1.6 billion transactions since its launch, 75% of those person-to-person.
Millions stolen from crypto exchange
Bitmart, a crypto exchange, is estimated to have had $100 million stolen due to two of its ‘hot wallets’ being compromised by the theft of a private key.
Bitmart’s chief executive says the company will cover the loss and compensate users.
Asia Pacific banks must upgrade against cyber threats
The speed of adoption of digital payments is reported to be moving faster than the ability of banks in the Asia Pacific region to protect themselves properly against cyber threats. Banks have been moving over to the cloud and fintech players are challenging traditional financial institutions.
IT infrastructure is having to be upgraded and renewed as a result.
A 2021 Checkpoint report found 75% of firms had serious concerns about their public cloud infrastructure.
Analysis by the Financial Services Information and Analysis Center (FS-Isac) identified strengthening regulatory oversight of cyber risk management, organisational responses to threats and an acute cybersecurity talent shortage as major challenges. The shift to digital increases the risk of ransomware and supply chain attacks, as well as a resurgence of banking trojans and distributed denial of service threats.
FS-Isac says financial firms must rework their cybersecurity policies and procedures, so they are suitable for today’s hyperconnected cyber threats. Intelligence sharing will be key to help understand new and emerging tools, techniques, and procedures used by cyber criminals and how to defend against them.
Subscriber content
Read the full article
Full access to Cash & Payment News articles, newsletters and archives.