AML Compliance

Shufti Pro integrates AML Compliance into its end-to-end Verification Services

Shufti Pro has now launched AML compliance in its set of identity verification services to provide comprehensive risk assessment and due diligence to its valued clientele. In the UK more than 200,000 cases of money laundering are reported by the authorities annually. So, Shufti Pro has extended AML compliance to better serve its clients, especially those belonging to the Banking and Finance sector. Shufti Pro is already an emerging force in Digital KYC services with nearly 40 customers already acquired before the conclusion of its 3rd quarter since inception. With the launch of the AML product, Shufti Pro has achieved the status of a comprehensive solution to perform identity verification. AML compliance from Shufti Pro will allow banks to provide services like remote account opening, movement of funds, and offshore banking with enhanced Risk assessment.

Methods of Money Laundering

As online crimes are evolving, financial criminals are acquiring the newest and more sophisticated ways to convert their illegitimate funds as lawful. Thus, regulators are continuously stressing upon the money laundering issues. On the contrary, banks and other firms are constantly updating their AML policies to address this growing threat. The most common money laundering tactics used around the world is through digital banking, smurfing, currency exchanges, physical movement of cash cross border through cash smugglers, wire transfers, investing in real estate, gambling, auctions, building shell companies, disguising the movement of money through the trading system, counterfeiting currencies, and the use of bitcoin to hide the original sources of money.

Out of all these money laundering strategies, trade-based money laundering has received relatively less attention. Trade-based money laundering leverages the international cross-border or domestic trade system to veil the sources of illicit money through trade transactions into legitimate revenues. It involves misleading pricing, less quantity, or low quality of trade such as goods and services either imports or exports. The international trade systems are seemingly very complex and prone to vulnerabilities that can easily be abused by money launderers. As it necessitates the inclusion of multiple parties and jurisdictions which as a result makes the entire due diligence process including AML checks much more taxing. Thus, making it easier for money launderers to exploit and take advantage of the system. 

A 2015 report by Global Financial Integrity (GFI),  reveals that the illegal flow of finances accounted for $7.8 trillion from developing economies between the years 2004 and 2013 which entails  83% of trade-based money laundering. 

The act of concealing money is an ancient technique used for many years, but money launderers are always one step ahead of finding the newest ways to move illegal money undetected. Therefore, international governmental organizations have underlined the need for AML products and services to detect and demarcate the issue altogether. 

 What is AML Compliance?

AML stands for Anti-Money Laundering and it is a practice being adopted by financial institutes, banks, and now even by crypto enthusiasts conducting ICOs. It is reported that crypto thefts, hacks, and frauds reached an estimated $1.36 billion in the first few months of 2020. The total amount stolen in crypto exceeded the stolen $4.5 billion in 2019. 

With central banks and international monetary organizations clamping down on tax evasion, money laundering, and related financial crimes, it is becoming more and more important for banks and financial institutions to verify not only the identity of their customers but to ensure that the sources of their funds & transactions are also legitimate. An AML compliant software is able to perform background checks for risk assessment and due diligence.

Importance of AML products for financial institutions 

AML products for fraud prevention are mandatory for financial institutions to monitor, evaluate, detect, and report suspicious transactions to the regulatory authorities as they happen. It not only strengthens the entire infrastructure but also enhances and accelerates the existing anti-money laundering processes in terms of effectiveness. AML products and services include and are not limited to transaction monitoring systems (TMS), currency transaction reporting systems (CTR), compliance software to help firms comply with AML regulations by FATF , and customer identity verification solutions. All these AML products not only automate the detection process but imperatively eliminates the root cause of the problem to prevent it from happening again in the future. AML products by Shufti Pro can help companies uncover criminal activities, and save themselves from heavy penalties for non compliance. 

 How Shufti Pro provides AML Compliance?

AML Compliance software by Shufti Pro is powered by more than 1000 checklists and 3000 databases maintained by national and international law enforcement agencies, monetary organizations, and anti-money laundry watchdogs. Not only Shufti Pro has such a large data bank to perform background checks but its system updates that data bank every 14 minutes, so that any new entry or removal from these lists or databases is timely updated as well.

AML/CFT takes a new meaning with Shufti Pro as it is not limited to a few countries or some dozen languages. This Artificial and Human Intelligence Hybrid product is available all around the globe and provides Universal Language support as well. So no matter which country a bank operates in or from where their clients belong to and no matter what is the official Language for documentation in that territory, Shufti Pro’s aml product will be a trusted companion for risk assessment and due diligence.

Shufti Pro’s AML products will be providing Robust risk assessment through its round the clock available financial crime risk data. Customer onboarding will not be an issue with AML compliance offered by Shufti Pro as it maintains an industry best processing time of 30-60 seconds. End-to-end identity verification from Shufti Pro is PCI certified and adheres to GDPR standards as well, so customer data will remain secure as well and customers of Shufti Pro will not be liable for any data theft risks, government penalties, or 3rd party liabilities.

Shufti Pro aims to create an online marketplace that is free of fraud, identity thefts, and malicious activity. Extension of AML compliance services are a testament to Shufti Pro’s resolve and it intends to fully optimize its end-to-end verification to usher a new age of due diligence and risk assessment.

Recommended For You:

How Artificial Intelligence is taking ID verification to the next level?

How Artificial Intelligence is taking ID verification to the next level?

Identity theft is deemed as a growing problem. Particularly with the increase in online shopping, the number of online identity theft increased rapidly. According to a 2019 Internet security report, cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud. In 2018, FTC processed 1.4 million fraud reports resulting in $1.48 billion losses. 

The number of fraudulent transactions and massive data breaches continues to rise as the fraudsters and cybercriminals become more sophisticated. To deal with these issues, various ID scanning and security solutions have been implemented using Artificial Intelligence (AI). 

 Artificial intelligence enables computers to make human-like decisions and automating a particular task. It empowers everyday technologies like search engines, self-driving cars, and facial recognition apps. The technology is also leveraged for customer identity authentication and fraud prevention. 

Machine learning and deep learning make it possible to authenticate, verify and accurately process the identities of the users at scale. Here are some ways AI and machine learning are used to scale identity verification.

Scaling identity verification with machine learning

Oftentimes, users are required to show their ID documents when purchasing or opening an account in the bank. Identity documents such as driver’s licenses and passports are scanned to authenticate the users. Some examples of document verification includes checking the originality of documents, extracting information using OCR, confirmation of genuine microprint text, and face recognition match the identity of a person. 

However, in online verification scenarios, the chances of forgery and identity theft increases. Using machine learning and automation for identity verification can create a more robust system that doesn’t rely on human verification experts. These machine learning systems perform identity verification faster than humans and are more secure.

3 features of a robust AI-powered ID authentication solution

For a robust ID proofing solution, 3 important ingredients are required:

Data

Since data is the fuel for machine learning algorithms, acquiring suitable and specific data is necessary. To build a powerful machine learning model, tagged data is important.

Evaluation and Modelling

Defining success factors once the data is available in the next important ingredient. For instance, considering the problem of ID verification needs more accurate models because false identification could lead to errors. This is why a model with more than 95% accuracy and real-time processing should be implemented. 

Training

Machine learning models make the decision based on previous experiences which is why training with suitable and tagged data sets is important for a robust AI service provider. Teaching machines right from wrong is essential. 

However, IDs are physical documents that could easily wear and tear and if all the checks for authentication are automated many real IDs might fail the verification. This is where human insights come into play.

Find more relevant resources:

How Artificial Intelligence is taking ID verification to the next level?

A hybrid approach using AI and HI

Human ID validation experts can step in to prevent bad customer experiences during the rare instances where the machine fails to accurately identify what is wrong with the documents. This further helps in identifying the key problems and making improvements in the system.

Shufti Pro uses AI in synergy with human intelligence to make the verification process frictionless.

Augmenting ID authentication by including biometric verification

Biometric authentication is much less explored technology when it comes to online identity verification. With features like liveness detection and anti-spoofing, facial recognition provides a lot of opportunities to businesses that want to ensure transparency on their online platform. Face recognition promises impeccable performance both in onsite and offsite verification scenarios. Facial authentication working in collaboration with document verification can provide reliable identity verification services to the businesses that are sick of being fooled by facial spoof attacks and other identity fraud methods.

Conclusion

Artificial Intelligence increases customer security and provides businesses an edge over the fraudsters. It enhances human ability and will continue to do so to enable businesses to process information intelligently and prevent being scammed. While AI-powered systems are still needed to be refined, it is high time that the business entails AI-based solutions for better enhancement of their workflows. 

Shufti Pro’s identity verification solution is built upon an ideal combination of artificial and human intelligence and augmented with face verification. It enables businesses to prevent fraud and onboard authentic customers. Shufti Pro’s investment in AI resulted in better customer experience, as well as enhanced security for online businesses. 

Landry’s Inc. warns customers of the potential data breach

Landry’s Inc. warns customers of the potential data breach

Landry’s Inc., a parent company of more than 60 restaurant chains, installed a payment processing solution at all Landry’s owned locations back in 2016. This solution uses end-to-end encryption technology to secure the customer’s data.

The Houston-based company that owns more than 600 restaurants, hotels and casinos in the United States, recently warned the customers about the data breach. This breach could have compromised the credit card information of the users. As per company warning, the data breach has more likely affected the cards used during March 13 and October 17, 2019.

As Landry stated on its website about the unauthorized access to their network, it claimed that the breach may have occurred at the time when the servers swiped customers’ cards in machines. The card swiping was intended to place food and drink orders to the kitchen/bar. Moreover, as per Landry’s, these machines are separate from those used on point-of-sale terminals.

Though the company hasn’t exactly given proper numbers and stats about the breach, it has warned the customers to be cautious and look out for any unusual activity happening to their card. 

Let’s see how much customer’s data have been compromised.

 

10 factors shaping Identity verification industry in 2020

10 factors shaping the identity verification industry in 2020

The identity verification industry is expected to grow steadily during the forecast period, reaching USD 18.12 billion by 2027. But it is not all roses, there are some alarming factors behind the phenomenal growth of the industry. 

2019 was a rollercoaster ride for decades-old identity verification industry. The regulations changed, technology evolved and equally exploited by legal and criminal entities, global economies joined forces to fight money laundering and several other trends and incidents shaped the 2020 identity verification industry. 

The new decade is about to hatch and its high time industry stakeholders realize the significance of this shift in the industry. Because this shift is beyond the growth of revenues generated by companies, it is about the approach of global entities towards identities. The UN and World Bank ID4D initiatives set a goal for providing everyone on the planet with a legal identity by 2030. 

5+ factors that are shaping the new decade of digital identity verification 

1. More stringent regulations 

The regulatory authorities are becoming more stringent towards KYC and AML compliance among reporting entities. The global authorities are always in a bid to control the increasing financial crime, which is disastrous for the financial infrastructure. 

FATF increased the scope of reporting entities and recommended the member countries to oblige the legal professionals, art dealers, and virtual asset dealers to perform AML screening on their customers. The AML screening regulations implemented in these sectors are parallel to those implemented on financial institutions.

The EU launched the fifth AML directive which is set to be fully implemented from 10 January 2020. The identity verification threshold for the prepaid card industry is reduced from EUR 250 to EUR 150. Also, the scope of AML regulations is further enhanced. 

The U.S treasury expanded its counter-terrorism powers and now targets the international financial institutions around the world that aid the terrorist groups working in the U.S. Also it added three Korean groups, namely, Bluenoroff, Lazarus Group, and Andriel into sanctions lists.   

Read this blog –  KYC 2020-how 2019 changed the landscape of global regimes – to know more about regulatory shift in 2019. 

2. FATF’s digital ID systems guide 

The FATF is a global regulatory authority that gives AML and CFT (Counter Financing of Terrorism) recommendations to the member countries. FATF issued the first draft of the digital ID systems guide in 2019 and requested recommendations from stakeholders such as government bodies, consumers, identity verification companies, etc. 

This is a historical shift in the evolution of the identity verification industry. Once the complete guide is launched, companies offering competent services will gain more customer value and acclaim from the businesses.  

3. The silver lining of technological shift 

The previous decade was the era of remarkable technological shift at a global level. Huge advancements in artificial intelligence and biometrics were witnessed that changed the way technology was used. Every cloud has a silver lining, the shift in technology was equally utilized by legitimate entities and criminals. 

Deepfakes raised havoc in 2019. As per a study, 14, 678 deep fakes are available online. Deep fakes are the manipulated form of truth where criminals use artificial neural networks to edit the video or audio of a person. 

A UK-based firm was tricked to transfer  $243,000 through employing deep fake. Also, the political scandals like that of Nancy Pelosi raised havoc in the global political community. Both these were voice phishing deep fake scams where the audio was manipulated to remould the truth. 

4. Increase in frauds

49% of organizations globally said they’ve been a victim of fraud and economic crime in 2018 (PwC’s 2018 Global Economic Crime and Fraud Survey). The businesses are concerned about approaching financial losses due to an alarming increase in cybercrime and financial crime. This concern is often addressed by practising more rigorous due diligence measures on the stakeholders of the business entities. Hence it leads to more dependence on KYC and AML screening solutions. As digital identity screening solutions are a cost-effective and futuristic approach to fraud-detection, this leads to the global growth of the identity verification industry. 

5. Money Laundering and terrorist financing a two-edged sword

Money laundering and terrorist financing are global disasters in influencing economies. The united nations office for drug control found that the annually laundered amount globally is equal to 2 – 5% of global GDP. quite surprisingly this laundered amount is not the loss of the governments entirely, but the businesses exploited for a smooth transfer of money are also used for this purpose. Hence businesses are investing more in compliance and technical solutions for AML screening of their prospects. 

6. Increasing identity theft is the tip of an iceberg 

As per a report of Insurance Information Institute (III), 14.4 million identities were stolen in 2018 and 3.3 million victims were liable for some sort of financial penalty. But this is just the beginning of an array of consecutive crimes conducted with these stolen identities. These stolen identities are used for money laundering, credit card fraud, new account fraud(with banks), account takeover fraud, mortgage frauds, etc. 

The same report found that the majority of the stolen identity was used to defraud businesses and financial institutions. More than 40% of the stolen identities were used for the execution of credit card fraud.  

7. Technological advancements 

The world is already moving towards reinforcement learning. These changes are motivating businesses to invest in technical substitutes for hefty compliance procedures. More and more businesses are investing in next-generation identity verification solutions backed by AI and powered with biometric technology. A study by spice works found that 90% of businesses will be using biometric technology by the year 2020. 

Also, digital identities are becoming a household term. Goode intelligence trend report predicted that more than 3 billion digital identities will be distributed by 2025. 

8. Customers are becoming smarter 

One survey conducted by Visa found that 86% of consumers actually want to use biometrics to verify their identity, as opposed to traditional passwords. Digital identity verification solutions prove to be a competitive edge where customers are willing to onboard platforms with visible security measures. But too many security measures especially manual verifications annoy customers and they are most likely to abandon the cart.

9. Increasing pressure on customer rights 

California Consumer Privacy Act (CCPA) was launched in the U.S that gave an upper hand to the consumers in dealing with their data. The Californian consumers have the right to request access and deletion of their data. 

The CCPA is called GDPR lite due to strict data protection regulations. GDPR and CCPA are implemented on global businesses operating in their area of influence. So it has a global impact and digital identity screening solutions compliant with data protection regulations share the burden of reporting entities. 

10. Identity verification is winning over manual verification

The primary reason behind the growth of this industry is the next-generation solutions that it delivers for KYC and AML screening of customers. Highly accurate results are delivered in real-time and proof of verification is also provided. As the identity verification industry helps businesses experience global scope in the verification of their customers. So it proves to be a reliable friend, by all means, hence businesses choose digital identity screening solutions over traditional verification methods. 

Shufti Pro 2020

2019 was a very rewarding year for Shufti Pro. It untapped new ventures in enhancing the solutions and overall experience of the customers and end-users. Below are some significant achievements of Shufti Pro in 2019, that helped the company enter the new decade ready for the upcoming challenges and opportunities. 

 

Shufti Pro enhanced the identity verification solutions and decreased the average time of verification from 30-60 seconds to 15 t0 30 seconds average time for verification. 

A new office is opened in Dubai to expand the scope of the company. 

New services of KYB(Know Your Business) and AML for businesses are launched in 2019. 

digital currency

Digital Currency ‘Sand Dollar’ Launched by the Bahamas

The Central Bank of the Bahamas (CBOB) has introduced a digital version of the Bahamian dollar, starting with a pilot phase in Exuma in December 2019. The digital currency will then be extended to Abaco in the first half of 2020.

This initiative is termed as ‘Project Sand Dollar’ and the digital currency is also the name given to the proposed central bank digital currency (CBDC). The initiative is a continuation of the Bahamian Payments System Modernization Initiative (PSMI) which began in the early 2000s. 

The CBB said in a statement, “The Bahamian PSMI targets improved outcomes for financial inclusion and access, making the domestic payments system more efficient and non-discriminatory in access to financial services.”

The bank did mention that the digital currency is not a stable coin or a cryptocurrency but is just a digital version of the existing paper currency. The intention behind the digital currency is to help smooth things over for people who don’t have access to a physical bank. 

The press release further stresses that the bank is doing its best to make sure the services are available to everyone and streamlined to be as fast as they can be. This process includes accelerating payments system reform, adding new categories of financial service providers and using the digital payments infrastructure to ensure the accessibility of traditional banking services for everyone. 

There will be certain limitations on the sand dollar as well. For now, businesses cant have more than $1 million in their digital accounts and residents max out at $500. Businesses aren’t allowed to transact more than one-eighth of their digital wealth per month as well. 

According to the Governor of CBOB, John Rolle, the conditions are favorable for the more widespread adoption of electronic payment systems. 

4 Fraud Prevention Tips For Your E-commerce Business this Holiday Season

4 Fraud Prevention Tips For Your E-commerce Business this Holiday Season

With the holiday shopping season in full swing, e-commerce fraud risk is a glaring reality that needs to be accounted for before it translates into large business losses. By 2019, there will be an estimated 1.92 billion global digital buyers that need to be served, as well as authenticated. While this opens up countless business opportunities for vendors, it also indicates the need to single out bad actors that commit high-value identity fraud every year. 

Cybercriminals and scammers are catching up growing digital buying trends and breaking their way into legitimate online transactions. The holiday season is the ideal time for hackers and identity thieves to commit identity fraud due to the large volume of sales that are processed in a small amount of time. 

According to data from ACI Worldwide, fraud attempts spiked by 30% over the previous holiday season, in millions of online transactions especially on Christmas Eve. Fraudsters are trying to get past busy sales representatives and burdened software that miss the smallest details required to a naughty holiday buyer. 

Here are 4 tips for your business to defend itself from E-commerce Fraud this holiday season: 

1- Understand holiday e-commerce fraud types

With every passing day, we’re looking at innovative forms of online buying options, such as P2P payment gateways and social media buying solutions. While it’s not fair to say that the digital buying economy is a new concept, it is also true that firms are still struggling to understand the types of risk they are faced with. 

Digital ID theft and fraud is the most common and well known type of online scam that has affected millions of people across the world, and caused consumers to lose up to $1.48 billion in 2018, according to the Insurance Information Institute. During the holiday season, the percentage of fraudulent transaction is expected to increase manifold, especially card-not-present fraud. 

Other types of fraud include: 

  • Account Takeover Fraud – Legitimate accounts are hacked by imposters to make purchases 
  • Phishing Scams – Fraudulent attempts to gain personal user information
  • Credit Card Fraud – Fraud committed using a credit card as illegal source of funds in a transaction 
  • Card-not-present Fraud – Absence of actual card when carrying out a transaction
  • Friendly Fraud – Actual transactions made by cardholders, later disputed by themselves to claim chargebacks

2- Upgrade fraud prevention tools and identity verification services

To find out if your holiday season customers are actually who they claim to be use authentic and reliable verification services. Security barriers in online environments are becoming easy to intercept, as technology lands in the hands of both good and bad actors. 

With the types of frauds listed above, hackers are learning to commit financial crimes without leaving a trace. This is where automated identity verification services with AI based features need to be utilised for strong risk prevention shield. Identifying users at source entails thorough KYC, AML and KYB checks with the following services: 

Specialised features such as liveness detection and consent verification provide users and businesses with a level of trust that is otherwise impossible to achieve with manual verifications for large sales volumes. In this respect, biometric verification is also gaining popularity due it its convenience, especially for mobile users, and can be employed to verify users in a matter of seconds. 

At the same time, it is important to note that automated fraud prevention and identity verification processes need to be used with caution due to the inevitable risk of accepting fraudulent orders, resulting in high chargebacks. Human intelligence is therefore an integral part of the verification process for complete accuracy. 

3- Monitor key e-commerce sales metrics

With fraud prevention software and human review of transactions, it is possible to identify red flags during peak season. Narrowing down geographical location through IP and browser information also helps preventing fraud well in time. Suspicious orders can be identified by looking at buying patterns and understanding how a sudden change in purchase activity can really be from a fraudulent source. 

Marketing and sales metrics such as click-through rates, conversion rates and chargebacks must be reported on an ongoing basis by business executives to stay on top of any irregular patterns in e-commerce sales. Sometimes, indicators as simple as unusual delivery addresses or inaccurate customer credentials can impact sales trends for a busy quarter. However, additional authentication methods must be placed to review such anomalies before taking stern action and blacklisting authentic customers erroneously. 

Read more about how you can prevent frauds by following AML and KYC regulations

4- Customise a fraud mitigation plan for the holidays

In 2018, holiday season retail e-commerce spending totalled almost $120 billion, and Cyber Monday in 2019 alone racked up close to $9.4 billion in online spending, the biggest ever recorded. This means greater handling of customers, sales and transactions by regular as well as temporary staff. A fool-proof plan to handle these both manually and digitally must be developed well in advance to ensure the security of successful deliveries. 

To process more orders than usual, sales reps will have to think about the numerous queries that new and returning customers will have. Moreover, process to approve and decline orders also need to be streamlined in order to check for inconsistent personal details such as delivery address and credit card details. 

Well coordinated marketing and sales team are always able to maximise returns from promotions, deals, coupons and website traffic. Any miscommunication at this stage can lead to large financial losses as well as tangible damage to brand reputation. Examining historical patterns in consumer history are also helpful indicators for discerning fraudulent transactions and saving both time and money. 

All in all, e-commerce vendors must steer clear of impending online fraud schemes by employing strict safeguards, as well as becoming aware of newer types of threats that may hurt them, especially in busy holiday season. 

5 Key Cybersecurity Threats for 2020

5 Key Cybersecurity Threats for 2020

Cybersecurity threats have become remarkably common and they continue to gain traction with the progressions in technology. Cybercriminals are continuously adopting newer technologies, enhancing their coordination and becoming more sophisticated. Through cybercrimes, employees’ and customers’ personally identifiable information (PII) gets compromised and used in illegal schemes somewhere else. Through large-scale data breaches, legitimate data is vulnerable to identity thefts and frauds. 

According to a study by Cybersecurity Ventures, cybercrimes will cost the world $6 trillion a year by 2021.  In the last few years, cybercrimes have been in the news a lot with tech giants like Google, Facebook, Twitter, and mobile companies becoming a victim of data and security breaches. This is why when it comes to cybercrimes, it’s not a question of ‘if’, it’s a question of ‘when’ it will happen. 

Watch Out for These Cyber Security Threats in 2020

This article details five key cyber threats that enterprises need to take seriously and should watch out for in 2020. 

Social Engineering Attacks 

Social engineering is a method of tricking people so that they give you their information. It is also a way to exploit their weakness, or negligence, to figure out that information. Phishing attacks are a type of social engineering attack. In a phishing attack, the attacker generates a fraudulent email, text or website in order to dupe a victim into giving out sensitive information. Phishing attacks are considered to be the most frequently used approach to get into a corporation’s network these days. Through these attacks, login credentials for work, passwords to online accounts, credit card info, date of birth, etc. are stolen by the attacker. 

Only 3 percent of malware tries to exploit an exclusively technical flaw and the other 97 percent target users through social engineering according to KnowBe4. Phishing strategies are now becoming remarkably common as they are cheap, effective and easy to pull off. A report by Small Business Trends reports 1 in every 99 emails is a phishing attack. And this counts for 4.8 emails per employee in a five-day work week. Close to 30% of phishing emails make it past default security. 

Social engineering attacks are specifically designed to deceive your employees into granting access to systems or divulging information that helps attackers gain that access through low-, or often no-tech means. Social engineering attacks can come in many forms — by phone, email, snail mail, in person or through social media. So, it’s important that you train your employees to be wary.

IoT-Based Attacks

Almost everything these days is connected with the internet but a lot of these smart devices don’t have strong security installed. This makes it easy for attackers to hijack these devices to infiltrate business networks. An IoT attack is any cyberattack that leverages a victim’s use of internet-connected smart devices like Wi-Fi-connected speakers, appliances, alarm clocks, etc to sneak malware onto a network. In the workplace, everything from smart thermostats and videoconferencing technologies to stock monitors and smart vending machines are all examples of IoT technologies. 

IoT is continuously gaining traction and according to Gartner, by 2020 more than 20.4 billion IoT devices will exist. Connected devices are easier for customer use and the majority of businesses use them to save money. More connected devices imply greater risk which subsequently makes IoT networks more vulnerable to cyber invasions.  Once controlled by hackers, IoT devices can then used to overload networks, create havoc or close down essential equipment for financial gain. The very things that make IoT so common and easy to use are the same reasons for their vulnerability. 

Ransomware Attacks 

Ransomware attacks are becoming extremely common in the past few years. These are a type of malicious software designed to block access to a computer system until a specific sum of money is paid. This type of attack is triggered by an employee clicking on a link in a phishing email that is harmful and then clicking the link that ignites the malware. 

It is highly imperative for enterprises to maintain the privacy of their customers and keep their confidential data secure. In general, ransomware attacks targeting individuals are on the decline over the last year. As reported by ITPro Today, within businesses the rate of ransomware detections rose from 2.8 million in the first quarter of 2018 to 9.5 million in the first quarter of 2019. That’s nearly a 340% increase in detections. It is already on track to hit $11.5 billion in damages for 2019. 

A reason why businesses are the victims of ransomware attacks more than private individuals is that they have more motivation to pay for ransoms compared to people. The threat of ransomware is ever increasing and it’s going to be no different in 2020. Businesses are vulnerable to encryption malware making its way into their systems and destroying their data.

Internal Threats

One of the most damaging cybersecurity threats faced by any business is through its own employees. As employees have inside access to the business’s happening, it makes them capable of inflicting great harm if they choose to abuse their access rights for personal gains. Employees may unknowingly allow their user accounts to be jeopardized by attackers or download harmful malware onto their systems. 

The reason why internal threats are one of the biggest cybersecurity threats to pay attention to is because of the magnitude of risks they pose. Internal security breaches happen about 2500 times every day in US Business and 19% of employees state that they have been involved in a security breach at work.

State-sponsored Attacks 

It isn’t just hackers looking to make a profit through attacks and cyber threats, cyberattacks are becoming common on the government level as well. Entire nations are using their cyber skills to infiltrate other governments in order to perform attacks on critical infrastructure. State-sponsored attacks will continue to expand its scope in the year 2020 with attacks on critical infrastructure as a particular concern. 

The majority of these attacks target government-run systems and infrastructure but private sector organizations are also at risk. According to a report from Thomson Reuters Labs, state-sponsored cyberattacks are constantly emerging and pose a significant risk to private enterprises. This will increase the challenges to those sectors of the business world that provide convenient targets for settling geopolitical grievances.

Google Warns 12,000 Victims of Government Hacks

Google Warns 12,000 Victims of Government Hacks

In just three months, from July to September 2019, Google sent out 12,000 warnings to people who were suspected of being targeted by a government-backed hacking attempt. Google’s Threat Analysis Group revealed in a blog post that during the three months from July to September this year, users across 149 countries were warned that they were targeted by government-backed attackers. The majority of the users were in America and 90% were targeted with phishing emails that were trying to steal the login details for Google accounts of users. 

Google’s Threat Analysis Group (TAG) serves to counter targeted and government-backed hacking against Google and its users. According to Google, the data was consistent with the number of warnings sent in the period of 2018 and 2017. This meant that the nation-state hackers didn’t step up their level of attacks. 

The Threat Analysis Group has been tracking numerous government-sponsored hackers, most prominently a group called Sandworm. The US government considers Sandworm a Russian-backed crew that was responsible for the catastrophic NotPetya ransomware attacks of 2017. In November 2018, Sandworm was targeting Android users. 

High-risk users like journalists, human rights activists, and political campaigns are advised by Google to use their Advanced Protection Program (APP). It bundles secret keys onto USB and Bluetooth devices that the user connects to their device after entering the password for their Google account. The hacker has to have access to that physical key to get access to that account even if they have the login password. An average user can also use that same kind of protection who is particularly concerned about their privacy and security. 

The Definitive Guide to Anti-Money Laundering & Countering of Terrorist Financing

The Definitive Guide to Anti-Money Laundering & Countering of Terrorist Financing

In this modern globalized era, money launderers, terrorist financiers and other criminal elements came up with a slew of resourceful ways to accomplish their malicious desires. It is a common practice of these groups to misuse the services of legitimate businesses such as banks and other Financial Institutions (FIs) to convert ill-gotten gains into ‘good money’. Whereas, to counter such criminal activities, FIs rely on procedures and systems that aim at acquiring customer knowledge.

One of the major issues is that most legitimate entities turn out not to be compliant with the AML (Anti-Money Laundering) regulations. This increases the probability of bad actors to finance terrorists and drug dealers. Any legal entity that knowingly or unknowingly became part of money laundering or terrorist financing will suffer from enormous regulatory penalties. Therefore, it is crucially important for FIs to establish a strong internal system of controls that, even when criminals are using the best effort and abilities to elude the rules. It allows them to identify fraudulent entities and unusual money flows. 

When an entity makes substantial profits, it finds ways to use or save funds without moving the attention of inspectors on underlying suspicious activity or on criminal entities that are doing so. In money laundering, criminals disguise their sources of money, change the form or transfer it to a place that seems less likely to grab attention. Embezzle funds are converted into good money to ‘enjoy it’. 

Palermo Convention or United Nations Conventions Against Transactional Organized Crime states money-laundering as:

“The conversion or transfer of property intentionally knowing that it is a proceed of crime, to conceal the illicit origin of money or helping an individual who is involved in predicate offence and wants to evade legal consequences of his action.”

“The concealment of the true source, nature, location, movement, ownership, property or disposition, intended that it a proceed of crime.”

“The acquisition, ownership or use of property, which at the time of receipt was known that it is a proceed of crime.”

Financial Action Task Force (FATF) is an inter-governmental body established in 1988 by a group of seven industrialized nations to combat money laundering. FATF cleared the notion that money laundering only takes place with cash transactions. Actually, it’s not the only case. Money laundering can be performed by any medium virtually, could be a financial institution or any business. 

Sources of Dirty Money

In simple words, money laundering means “the conversion of dirty money into good money.”

Following are some of the sources of dirty money:

  • Drugs and arms Trafficking
  • Criminal Offences
  • Gambling
  • Smuggling
  • Bribe
  • Online fraud
  • Tax evasion
  • Kidnapping and many more…

Methods and Stages of Money Laundering

Money laundering involves three stages; placement, layering, and integration.

  • Placement

This process is the movement of illicit funds from its source. At that time, the origin is manipulated or concealed. This process is followed by money circulation through FIs, shops, casinos, legal sector, or other businesses (both abroad and local). In simple words, in this phase, illegal funds get introduced into the financial system.

The process of placement includes many other methods:

Currency Smuggling: The physical movement of currency out of the country.

Bank Complicity: When FIs are involved with criminal entities such as drug dealers or organized criminal groups. This makes money laundering an easy process. Lack of AML procedures and checks also pave ways for money launderers. 

Currency Exchanges: Foreign currency exchange service providers open ways for money launderers for seamless currency movements.

Securities Brokers: The money laundering process can be facilitated by brokers by structuring enormous funds in such a way that it conceals the original source of illicit money.

The blending of Funds: A small number of illicit funds are blended with a huge deposit of legal funds. 

Asset Purchase: Assets are purchased with dirty money. This process is the most common method to hide dirty money. The real estate sector is misused by money launderers and real estate agents knowingly or unknowingly facilitate bad actors.

  • Layering

This process involves the transfer of funds to several accounts or FIs’ accounts to further separate the original money source. This makes complex layers of transactions that help conceal the source and ownership of illegal funds. Hence, makes it difficult for law enforcement agencies to track the money flow. 

The methods of layering include;

Cash Conversion into Monetary Instruments: After the successful placement of money into FIs or banks, proceeds are transformed into monetary instruments. In this, the banker’s money orders and drafts are involved. Material assets are bought with this cash and sold locally or abroad. In this way, assets tracking becomes more difficult to trace.

  • Integration 

In this process, laundered money is moved into the economy through the banking system. Such money appears just like business earned money. In the integration process, laundered funds are detected and identified through informants. 

Integration methods include;

Property Dealing: Among criminals, property sale to hide dirty money is a common practice. For instance, criminal groups buy properties using shell companies.

Front Companies and False Loans: Front companies, incorporated with secrecy laws in the countries are used by money launderers that lend them laundered proceeds that appear to be legitimate.

Foreign Bank Complicity: Money laundering is conducted using foreign banks. It gets hard for law enforcement agencies to point them out due to their sophisticated systems. 

False Invoices: Import/export companies create false invoices and have proven to be an effective way of hiding illicit money. This method includes the overvaluation of products to justify the funds. 

This is today one of the major threats we are facing. Who knows, if our services are used for terrorist financing? Even, sometimes the legally earned money is also transferred for the financing of terrorism. 

For terrorists, no matter how small the money amount is, it is a lifeblood for them.

Just like money laundering, terrorist financing is a predicate offence. Early detection and immediate counter steps are the only ways to combat it. 

For terrorists, no matter how small the money amount is, it is a lifeblood for them.

Concerns of Countries and Governments around the World

United Kingdom

MLR-2017, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) regulations came into force in the UK on June 26, 2017. The new regulation of the UK is tightening the reins on money laundering in resourceful ways. 

To combat money laundering, UK regulations include identity verification of customers before providing services to them. AML compliance is mandatory when it comes to screen the customers against Politically Exposed Persons (PEPs) list, sanction lists, the high-risk customers’ records, and updated criminal databases. In addition to this, employee training is also declared mandatory. Previously, regulations covered only casinos holders which now extend to all gambling providers.

China

Anti-money Laundering (AML) regulations in China primarily focus on KYC (Know Your Customer) verification of customers through identity verification protocols. China’s government has issued AML/CFT regulations on online financial institutions. FATF report for the People’s Republic of China states that China has a strong understanding of money laundering and terrorist financing risks. 

In AML/CFT regulations of China, legitimate entities are required to verify their customers with identity proof (such as government-issued ID cards). In addition to this, regular identity checks are declared important in case of a change in records of beneficiaries or regulations. In the case of any suspicious transactions crossing the minimum transaction threshold, it should be reported immediately to the relevant authority. China is taking stringent measures in the AML compliance program to combat money laundering and terrorist financing criminal activities.

The United States of America

In the USA, Bank Secrecy Act (BSA) is residing. With several amendments, this act is quite detailed and covers broad perspectives of money laundering risks of financial institutions. BSA was designed to identify the source, volume, and movement of laundered money and monetary instruments. According to BSA, banks and other financial institutions are supposed to report transactions over $10,000 through currency transaction reports. 

Not only this, CDD processes are mandatory for businesses operating in the USA. AML screening of customers against several criminal databases are updated records is necessary to comply with AML regulations. Additional federal laws are passed to strengthen the rules and regulations under BSA. Anti-money laundering programs in the USA come up with changes and scope will be extending with time.

Canada

FINTRAC, Financial Transactions and Reports Analysis Centre of Canada has recently released a final version of rules and regulations that depict amendments in the regulations to Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). The changes in Canada’s regulations ensure the compliance procedures and policies to be significantly stringent. 

According to these regulations, the financial services industry needs to be dynamic in nature for the reduction of money laundering and terrorist financing activities. Virtual currency services and digital payment methods have opened ways for fraudsters to transfer their embezzled funds across the world. Moreover, regulations extend to prepaid card issuers, virtual currency providers and foreign Money Services Businesses (MSBs).

Risks for Banks and Financial Institutions 

Money laundering and terrorist financing affect the overall economy of the world. As regulated entities such as banks and financial institutions are primary sources that deal with the money in a country. These entities are opportunities for fraudsters through which they can transfer ill-gotten gains in different corners of the world. There are several risks associated with the maintenance and supervision of banking relationships to which FIs and employees should be aware of. The interconnection of banks should be secure and well-organized to track the unusual flow of transactions. Otherwise, regulatory scrutiny can subject hefty penalties which include monetary fines, imprisonments, business abandonment temporarily or permanently and assets freezing. 

What are KYC and KYB?

Know Your Customer, KYC is a process of identity verification of the customers. It is part of Customer Due Diligence (CDD). To combat high-risk customers, identity verification plays an important role. KYC is the term most commonly used in banks and financial institutions for customer verification. Now, it is needed for almost all industries because of the extended scope of fraudulent tricks and region. 

Also, to comply with the obligations of global and local regulatory authorities, businesses need to verify their onboarding customers. To verify the credibility of customers, the KYC verification process makes sure that the person is actually who he says he is. Not only customers, but the scope of KYC extends to agents, businesses, corporate entities, and third-party verification. This is what we call ‘Know Your Business’ or KYB. 

KYB involves the verification of businesses your company is dealing with. This is important to verify that your business operations are running in association with honest and registered entities. To avoid regulatory fines, verification of Ultimate Beneficial Owners (UBOs) is declared mandatory. AML regulations of FATF have explicitly stated UBO screening importance for businesses to combat money laundering and terrorist financing. 

What is EDD?

Enhanced Due Diligence (EDD) includes additional information of customers as compared to the one collected during the CDD process. To combat the risks of high-risk customers in an organization, thorough screening is performed. In-depth verification of customers is conducted by verifying their identity, not only by collecting personal but also financial information. Following is the EDD information that is collected at verification time:

  • Business/ occupation
  • Financial status
  • Income
  • Location
  • Private/corresponding baking information
  • Continuous transaction monitoring, etc. 

Enhanced Due Diligence Factors

High-risk Customer Factors

 

  • Verification of customers if they are foreigners or non-residents
  • Personal vehicle information of legal identities
  • Verification of customers if their relatives or family members are in the list of PEPs
  • Businesses that are cash-intensive
  • Risk assessment of company against AML policies and parameters

Geography Risk Factors

 

  • Countries that lack AML/CFT practices and are prone to money laundering and terrorist financing. 
  • Countries that lie in sanctions lists or have high criminal records
  • Countries that are blacklisted for facilitating criminal activities
  • Countries that do not lie under the hood of FATF members, etc.

Importance of Watchlists and PEPs

Bad actors are spreading all around the world. Your business that is providing services across the globe should be well-aware of the policies and regulations under which businesses operate. Similarly, your businesses should know high-risk entities of friend countries. Updated records of criminals, money launderers, terrorist financiers, online fraudsters and hackers, and several other watchlists should be maintained issued by law enforcement agencies, to verify each onboarding customer and secure the organization.

In addition to this, identities should be verified against the list of PEPs and their relatives to make sure that no fraudulent identity is facilitated through your legitimate businesses. In case of any discrepancy, businesses can be subjected to inevitable heavy regulatory fines. Hence, it is a regulatory requirement as well as a security concern for the protection of business from malicious entities in the financial system.

Reporting Suspicious Transactions

In a financial system, any suspicious transactions should not be ignored. To prevent money laundering and terrorist financing activities, on an immediate basis, transactions should be reported. Under the requirements of regulatory authorities and anti-money laundering laws, reporting entities are supposed to submit Suspicious Transaction Reports (STRs). It should be reported regardless of the number of fraudulent transactions. A suspicious transaction is:

  • That appears unusual
  • Appears illegal
  • Transaction performed above the specified threshold
  • Frequent transactions from one identity
  • With no clear economic purpose
  • Shows indication of money laundering or terrorist financing

Discussed in the AMLA section, failure in reporting an STR is an offence which can be subjected to a regulatory fine.

Indications of Money Laundering

The features below are recorded in the money laundering case studies that came onto the surface after investigations:

Indications of Money Laundering

Conclusion

Anti-money laundering and countering or terrorist financing is the responsibility of every business and employee of a country. Strict regulatory requirements came into force as a result of its adverse effects od money laundering and terrorism financing on the global economy. Fraudsters that are violating the legitimacy of financial institutions should be tackled by all means. This very first step is the scrutinization of organizations against AML policies and procedures. The government can impose heavy criminal and civil penalties as a result of violations of regulatory obligations. 

Before the law, ignorance is not even an excuse.  

Understanding Digital Identity

Understanding Digital Identity

What is Digital Identity?

In the digital world, your identity is made up of your personal information as it exists on the web (in digital form). Your personal characteristics, such as your name, address, date of birth, bank details, email ID, biometrics and login credentials all make up your digital attributes. 

Similarly, digital activities such as likes, comments, buying patterns, search histories, forum posts, and cellphone apps make up your online preferences. These are stored and tracked to maintain a record of online activity related to your identity.  

In short, it is an amalgamation of all personal attributes and characteristics that link the physical existence of a person to his or her digital presence. In this respect, the term digital identity can refer to all types of online platforms and computer systems that contain information about individuals linked to their national or official identities. 

This is similar to the collection of data in the real world, based on which an individual is identified and allowed to take certain actions. Official identification documents, proof of address, driver’s licenses, and other personal documents are required for transactions such as account opening or buying a property. 

Verification of persons online entails matching these two forms of identities to onboard people for digital services and to confirm their presence online. Signing up for an online account, making a purchase in an e-store, accessing medical records and accepting remote jobs becomes possible with a single click and a verified digital identity. 

This is known as digital authentication and is linked to the act of validating one’s identity at the time of sign up. The use of biometric technologies such as fingerprint and retina scans, as well as facial recognition, are all part of the process of cross-checking identities to validate if an individual is really who they say they are.

Establishing Trust Online

As businesses and services make a move to the digital world, crimes related to identity have also shifted platforms. Cybercriminals are learning to intercept digital accounts and steal identity to make fraudulent transactions. In the recent past, businesses and individuals have lost large amounts in losses as bad actors find innovative ways to stay ahead of tech experts and regulators at organisations and carry out online crimes. 

Digital Identity information is exposed through phishing attempts, irresponsible use of login details, location sharing, public wi-fi networks, and exposure to social media malpractices. Opening up access to accounts and online services, an online identity serves as a virtual currency that is exposed to data breaches. Additionally, digital identities are also sold and used against individuals in what is known as the ‘dark web’. A well functioning online system, therefore, needs efficient processes for maintaining reliable digital identities and mitigating accompanying risks. 

With impending threats of money laundering and terrorist financing, regulatory compliance in the form of KYC, AML and KYB requirements will help companies maintain trustworthy business ties online. Compliance regulations rolled out by GDPR, AMLD6 or CCPA make it mandatory for companies to opt for reliable means of verification. Strict identity checks and screening processes that verify who an individual is, and authenticate his/her access to an online portal are therefore the cornerstones  of good business practice. 

Unlocking Access to Financial Services 

The advantage of establishing a digital identity network is perhaps most evident in the banking and financial institution sector. Low cost and high accuracy than traditional vetting processes, digital identities offer faster ways of complying with regulations and attributing trust to financial brokers.

KYC checks ensure that customers are genuine entities as far as their existence, personal characteristics and documentation is concerned. For AML and ongoing background checks, identities must be traceable and accessible by verification solutions. This is easily facilitated by digital identity frameworks that consolidate pieces of information based on their accuracy and validity. For banks, this saves huge amounts of money otherwise at risk of being lost due to compromised identities. 

As observed, account takeover fraud is one of the most popular forms of fraud in the banking sector, with large corporate losses noted due to fraudulent transactions. Using traditional methods of identification, therefore, puts institutions at a higher risk of loss than digital identities, which can be consolidated and secured through advanced technologies such as blockchain. 

As a useful proof of verification, digital identities also open up new avenues for people who have limited or no access to traditional means of identification in the real world. Close to 1 billion do not have an official identity. This has grave implications in the form of barriers to basic social services such as education, health and economic opportunities. In this respect, a consolidated digital identity has the potential to act as a safety cover for people with no access to formal financial services. 

Modern organisations are upgrading to digital infrastructures and investing rapidly in safer technologies. Digital identity verification is one of the many important areas of security that require effective solutions for safer experiences online. The eventual goal is to tie the digital identity to a real person and to ensure that people are who they say they are. 

over a million

Over a Million T-Mobile Customers Affected By a Data Breach

T-mobile suffered a data breach earlier this month, the company confirmed this on their website this Friday. The hackers accessed people’s personal information like user’s account information which included names, addresses, phone number, account numbers, and their cell-phone plans according to the announcement. 

The company assured its clients that the hackers didn’t get access to any financial information like credit card numbers or social security numbers. The breach affected the prepaid accounts and less than 1.5% of T-mobile customers were affected, a spokesperson told Business Insider

T-mobile said in a statement, 

“We truly regret that this incident occurred and apologize for any inconvenience this has caused you.” 

FCC requires that T-mobile notifies all the people who are affected by the data breach and according to T-mobile, they will notify all the affected users ‘shortly’.  The company also assured the affected customers that it had shut down ‘malicious, unauthorized access’ to prepaid data customers. 

If your account was breached, you must have received an SMS to notify you of the breach. If you have numbers or providers, you may not have received the message. To get information, you can reach out to T-mobile at privacy@t-mobile.com or by calling 611 to verify if your account was affected. 

chinas digital currency

China’s Digital Currency Could Be Launched ‘Quite Soon’

Within the next 6 to 12 months, China could launch its own digital currency which may become a challenge to US dollar’s global dominance, says fund manager Edith Yeung. 

The Chinese government has been studying and examining the possibility of launching its own digital currency in the past few years. It has also identified entities for a possible roll-out said Yeung who is a partner at blockchain-focused venture capital fund, Proof of Capital.  

Yeung talked to CNBC’s Arjun Kharpal and Christine Tan at the CNBC’s East Tech West conference in China on Wednesday. She said, “It’s really been something (that’s) been in the works for the last few years.” 

When asked how soon could the idea of virtual yuan become a reality, she said it could be ‘quite soon’. She further added, “So I think definitely within the next six to 12 months.” 

China has recently become very interested in blockchain; the technology that supports cryptocurrencies such as Bitcoin. President Xi Jinping is looking forward to China taking a lead in the technology

Wendy Liu, Head of China strategy for UBS, an investment banking company, said that there was an increased willingness of the Chinese people to back blockchain and 5G technologies. This is because these technologies are key to facilitate and manage commerce in one of the most populous countries in the world. Liu said, 

“Due to its own needs, (China) is going to push in that direction and you see this willingness to back these technologies more so than anywhere else.” 

Child Identity Theft Ways to Protect your Children

7 Ways to Protect Your Children from Identity Theft

Living in the digital world, the word “Identity theft” makes us more than a little nervous. Knowing that someone out there is using your identity for criminal activities sound so scary. It is even more surprising for parents to know that stealing their children’s identities is easier. What makes it more frightening is the nature of the theft that it may take too long to discover the crime.

No one can provide better protection to children other than parents. Parents are ultimately the best protection against child identity thieves. However, the lawmakers are now actively taking part as well in raising awareness about this matter. In fact, there are some movements for the protection of children’s data – for instance, National Child Identity Theft Awareness Day. 

Moreover, the government is introducing Child protection laws – The Digital Economy Act 2017 – to protect the identities of children in the digital world. These laws enforce the digital platforms to incorporate age verification checks to their digital platforms to keep minors away from the dark web and age-restricted mature content.

National Child Identity Theft Awareness Day

Identity theft is becoming a worldwide issue. Every year millions of people fell victim to this crime and lose billions due to frauds that occurred using stolen identities. According to The Harris Poll, around 15 million Americans fell victim to identity theft in 2017. Not just the adults but the children are equally or more on the target list of identity thieves. According to Javelin’s Report, more than a million children were the victims of identity theft in 2017 which resulted in a loss of $2.6 billion.

Taking into account the alarming situation of children identity theft, the world’s leading global information services company, Experian, started the movement “National Child Identity Theft Awareness Day” – held on September 1 every year. The aim of this movement is to educate the parents about protecting their children’s sensitive information. Most parents are unaware of the reasons and vulnerabilities that lead to identity theft. As per a study, the children who are bullied online are nine times more likely to fall victim to identity theft.

Identity thieves primarily target children because of their clean histories and the criminals can use their information for a longer period of time without getting caught. The reason is parents are oblivious of the fact that their child’s identity is under threat. Hence they don’t necessarily check their children’s credit report.

The Cultivating Threat

The nature of the crime “Child Identity theft” to stay undetected for a longer period of time makes it hair-raising. Every year criminals succeed in exploiting millions of children’s identities. The explosion of the internet and smart devices is not helping either, instead, it has fueled up identity theft to an alarming rate.

Tips for Parents to protect their Children Identity

Tips for Parents to protect their Children Identity

Parents are often under the wrong impression that their child’s identity will never be stolen and that’s what they do wrong. Even if you are sure that your children are safe, a few preventive measures won’t hurt, right? There are some common red flags parents don’t pay attention to and hence their children get stuck with privacy problems. 

Here are some simple tips for parents to protect their precious bundles from falling victim to this rising crime.

Look out for Red Flags

The best way to deal with the problem is to know its root causes first. Once you are aware of the factors that can lead to some problems then you can easily combat that. In order to protect your children from identity theft, you must look out for warning signs. Just imagine you come across a pre-approved credit card offer in your child’s name. It may sound some computer glitch to you. But what if it’s not?

This can be a warning sign that someone is using your child’s identity. If you ignore this thinking of it some computer mistakes then it may lead you to a major problem. 

Monitor your child’s Social Media

Living in the world of mobile phones and tablets, children using the internet is not something new. Every child now has a presence on the internet whether it’s about watching cartoons on youtube, playing games or using social media. You have no idea who the fellow gamers and anonymous friends are. They can even be identity thieves or pedophiles.

Allowing your child to explore the technology isn’t bad but leaving them on their own may have a negative impact. If you are letting your children participate online then make sure to monitor their activities. The passwords of the accounts must always be available to parents so that they can check regularly with whom their children are interacting. Children may find it their privacy breach or may just hate the idea of giving their passwords. But it’s essential for their protection.

Protect your Child’s Social Security Number

The social security number is the key to a child’s identity and is the first thing that identity thieves target. They can use it to unlock many hidden doors for their benefit. The stolen SSN can be used for multiple purposes – the creation of synthetic identities being the significant one. These identities can be used to open a bank account, issue a credit card, get a bank loan or a car and health insurance, etc. By the time such frauds are detected, it has already caused enough damage.

To avoid these situations, as parents what you can do is obtain SSN for your children first and then keep it safe. Parents need to be vigilant in sharing the children’s SSNs. there are many organizations that ask for children’s social security numbers even though they don’t need it. In such cases, parents should inquire about which purpose are they going to use it.

Open Joint Bank Account

Parents are often seen opening bank accounts on their children’s names to deposit saving checks and bonds. But these savings accounts can pave the way to identity theft. Since once your child’s account has an account, it means that there will definitely be bank statements, emails and letters from the bank. The fraudsters can access that information by some means and use it to get their hands on your child’s cash. Moreover, criminals may use that account to do business or for illegal transactions like money laundering, terrorist funding, etc. 

If you are opening an account on the child’s name then make sure to link it to your account as well, or open a joint account. It will help you keep an eye on the transactions and monitor the payments. Whenever there is some suspicious activity you can be notified instantly. Sometimes, clever crooks use the child’s account to take loans from banks which they have no intention of returning. In those circumstances, the child’s name will be reported to the agencies which may lead to a severe mess, difficult to clean up. By having a joint account, your permission will also be required in order to process any payment or loan.

Dispose of Data Carefully

The discarded data is worth a million in the dark web since the criminals can use it for multiple illegal reasons. You need to be very cautious while throwing away the garbaged documents. Always dispose of the documents, or anything addressed to your children before throwing them out. The things that are wastage for you can be valuable for crooks. 

Safeguard your smart devices

The advancement in technology has opened new doors for cybercriminals to exploit the user devices and obtain the personal data stored in it. It is your duty as parents to secure your smart devices in every possible way. Never store your sensitive data on laptops or mobiles. Always keep it stored in external hard drives or flash USBs.

Moreover, set strong passwords for your devices and install security apps and antivirus software to keep them secure. 

Find and Freeze Credit Report

We often think that children don’t have any credit histories so why would identity go after them? That’s where we are wrong. The clear status of the child’s credit history intrigues the thieves since using their identity they can apply for credit cards, open utility accounts, take out loans, commit tax frauds and many other forms of digital fraud. Timely check the credit history of your children. If no credit report exists then it’s best otherwise immediately get the report and proclaim it to the respective authorities. It may be a sign of possible identity theft.

Visa Mastercard Face FTC Inquiry Over Debit Card Transactions

Visa, Mastercard Face FTC Inquiry Over Debit Card Transactions

Visa Inc. and Mastercard Inc. are once again facing inquiries by the Federal Trade Commission over policies that prevent merchants from routing debit card transactions over substitute networks. 

As part of a preliminary inquiry, the FTC has been reaching out to large merchants and their trade groups over this issue. The issue at hand is whether Visa, Mastercard, and other large debit card issuers are restricting retailers from routing some mobile payments and tap-to-pay transactions over alternate networks like Pulse, NYCE and Star. 

A spokesman for Mastercard, Seth Eisen, said that the organization will cooperate with FTC’s request. On the other hand, representatives for Visa and FTC declined to comment. 

FTC investigators are focusing on transactions made with mobile wallets as those can automatically route to the global application identifiers which employ the networks of Visa and Mastercard. Another aspect of the investigation is to make sure that the country’s largest debit card issuers are restricting transactions that don’t demand a personal identification number from being directed over other networks. 

The FTC has also investigated issues with debit routing in the past. In 2016, Visa modified its rules after an FTC inquiry, explaining that the retailers would not be required to demand the cardholders to choose a network for their transactions. 

 

labour party victim

Labour Party Victim of a Second Cyber-Attack

Britain’s Labour Party has informed that it had been a victim of a large-scale cyberattack on its digital platforms. The party is confident that the attack didn’t affect them and there was no data breach. This cyberattack is just before a national election. 

The second cyberattack happened on a Tuesday afternoon. Jeremy Corbyn, the leader of the Labour Party said that targeting the party’s digital platform could be a “sign of things to come” with the general election ahead. 

The first cyberattack happened on Monday and it slowed down some of the party’s campaign motions. The timing of the first attack made the Labour leader “nervous” about what might happen ahead in the election campaign.  

Speaking at a Labour campaign event in Blackpool, Jeremy Corbyn revealed his concerns about the consequences of this attack for the rest of the election campaign. He said, 

“We have a system in place in our office to protect us against these cyberattacks, but it was a very serious attack against us. So far as we’re aware, none of our information was downloaded and the attack was actually repulsed because we have an effective in-house developed system by people within our party.” 

You can listen to what Corbyn said of the attack in full detail here. 

 

The attack was described as The Disturbed Denial of Service (DDoS) attack which floods a computer server with traffic in attempts to take it offline. The party described the attack as “sophisticated and large scale”. 

According to Huffington Post, a source at the National Cyber Security Centre (NCSC), which is responsible for investigating the incident, said it was relatively “low level” with no evidence of “state-sponsored activity”.

Multi factor Authentication is being defeated warns FBI

Multi-factor Authentication is being defeated’ warns FBI

For years, online businesses and organizations have been adopting various strategies and defense mechanisms to protect themselves from every kind of cyberattack. Cybercriminals are actively embracing technology to conduct sophisticated attacks online. This increasing trend of data breaches and digital frauds is a striking example of growing cyberattacks. Defending against these attacks has become a new normal for businesses worldwide.

One of the widely used methods to prevent these frauds is multi-factor authentication (2-Factor being the most common one). Although businesses and organizations are proactively using multi-factor authentication to protect their systems and data from perpetual business email compromise (BEC) attacks, the new warning from the FBI has surprised them unanimously.

According to the FBI, cyberattacks are circumventing multi-factor authentication through various social engineering tactics and technical attacks. In multi-factor authentication, the use of a secondary token or one-time generated code verifies and authenticates the identity of the user. But with the FBI’s new warning, businesses are quite bewildered. 

FBI Warning: The Surprise Factor?

 

The reason for this perplexity is that businesses have yet to come across such attacks on MFA. So far, such attacks have been rare to witness. 

Microsoft azure claims that multi-factor authentication blocks an unbelievable 99.9% of enterprise account hacks. Adopting this method is the least the organizations can do to protect their accounts as the rate of compromise of accounts is less than 0.1% for the companies that are using any type of MFA.

Even with the least compromise rate, the use of MFA is uncommon with less than 10% of the users per month (for enterprise accounts) – claims Microsoft. This statistic alone contradicts the FBI’s threat of MFA compromise, and businesses were not expecting it. However, the FBI states that the use of one-time codes and secondary tokens is not enough to back up the user and his credentials, nor is it sufficient to protect his identity.

How MFA is vulnerable to cyberattacks

 

Despite the endless struggle of businesses to protect the user’s information, by making account access harder and complex through two-factor and multi-factor authentication, it can still be vulnerable to breach. There is a high-risk that cybercriminals can attack and trick users into disclosing their credentials and authentication codes through social engineering. Or, they can create an account for themselves through the use of technical interception.

Phishing

 

Phishing attacks are a great example of social engineering. They can be used to lure victims into providing their credentials through a fake login page. Due to readily available technology and APIs, it is not difficult for criminals to create a fake login page. Attackers make use of different social engineering tricks (for example emails, fake job alerts, etc.) through which they tempt the users to click the link which is a clone of the original login page.

When the victims enter their credentials, the hackers fetch that information and pass it to the real login page, henceforth triggering the multi-factor authentication procedure. The victim is shown fake prompt requiring the texted or mailed code. Just like before, the hackers catch the code and complete the authentication process. 

This is not as easy as it seems. Hackers need to be fast enough due to the limited time-factor associated with the code. But once the process is successful, there’s nothing that can stop them from carrying out their activities.

Password Reset

 

Many times, the authentication process can be bypassed through the “Forgot Password” procedure, if a hacker is in possession of “something you have” item (for example, email). 

If the criminal/hacker has gained access to the victim’s email account where the verification link or code is sent, the attacker can easily use the “Reset Password” link and change the passwords to something else by following the instructions. Moreover, once he has access to the account, he can even change the recovery email and phone number, giving him complete access. 

Third-Party Logins

 

The explosion of online platforms has introduced a new authentication process for enhanced user-experience – through third-party logins. 

In this process, the user is offered an option to log in using third-party accounts and bypass the 2-factor authentication procedure. An example of such a case is “Login with your Facebook Account” or “Login with your Gmail Account”. In this case, an attacker can easily take over the accounts once they have access to your Gmail or Facebook credentials (through phishing and forget password procedures).

Brute Force Attacks

 

With the advancement of technology and automated tools, hackers have the opportunity to obtain user passwords and verification codes through brute force attacks. Through brute force, the attackers can gain limited-characters tokens. The tokens or verification codes are quite useless if the attackers get enough time to apply brute force and obtain the token. 

Advanced Tools and Techniques

 

On the one hand, technology has helped organizations in securing their digital presence, while on the other, it has also contributed to the innovation of advanced hacking tools.

In its investigation, the FBI has highlighted different examples of tools and techniques that are being used to defeat multi-factor authentication. It includes web hacks, cyberattack tools like NecroBrowser and Muraen, not to forget straightforward SIM swapping. The main issue with MFA is that organizations find it an ultimate solution for the security of the institution.

Solutions to Cyberattacks

 

While massive data breaches and identity theft are on the rise, multi-factor authentication is becoming the standard procedure for most of the organizations to secure themselves from attackers. 

No doubt, it is quite a secure method but hackers are now finding ways to get around MFA. While the risks are rare, the fact that a growing reliance on MFA can lead to growing attacks on MFA can’t be ignored.

FBI states that as per research 99% of the attacks are triggered by the person’s activities i.e. through clicking the link and falling victim to phishing scams as well as social engineering hacks. The most effective solution is to educate employees and consumers to recognize the phishing attacks so that they can try to avoid them.

Use of Biometrics

 

Use of Biometrics

 

The multi-factor authentication can be secured just by adding an extra layer of security i.e. Biometrics. 

The hackers can access something you know (credentials) and something you have (authentication codes) but they can’t access something you are (biometrics). Biometrics are the unique features of a person that can’t be stolen or changed. Incorporating biometric verification with 2-factor authentication can provide the most effective and secure authentication process.

More posts