Faces of Fraud

Analysts wonder whether recent hacks like that of Equifax might serve as the tipping point for banks to rollout new anti-fraud measures, while in tandem, more than half of financial institutions surveyed lack confidence in their current ability to detect and prevent fraud. At least that’s what the 2017 Face of Fraud Survey, conducted by ISMG, experts in risk management research and data security analytics, and commissioned by VASCO recently… Read more


Existing encryption's a casualty of the massive KRACK WiFi attack

The KRACK WiFi attack has exposed a major vulnerability that could impact millions of users around the world, creating a major new threat for security professionals, financial institutions, retailers and payment companies. But there are options to mitigate the risk. Read what Frederik Mennes and Steven Murdoch have to say on this important topic in an article recently contributed to Payment Source. Existing encryption is a casualty of the massive #KRACK #WiFi… Read more


Bug Bounty Program

Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company. The bug bounty program currently consists of two projects. The server-side project covers VASCO’s IDENTIKEY Authentication… Read more


Blockchain

Blockchain is one of the more exciting – and often misunderstood – emerging technologies. It essentially offers the ability to record and track transactions in a decentralized database (often referred to as a “ledger”). When a transaction occurs, everyone who has permission on the network knows about it. It’s tamper-proof and everything happens in real-time. This has disruptive implications for the banking and lending industry, which today uses other processes… Read more


Android Malware

One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities. There is, however, a way to detect rooting and protect your organization and mobile application users from malicious attacks – Runtime Application Self-Protection… Read more


WannaCry

What initially looked like an attack against England’s National Health Service (NHS), forcing hospitals to turn away patients on May 12, 2017, has turned out to be the largest coordinated cyberattack ever seen. Cybersecurity professionals around the world are discovering that the WannaCry ransomware indiscriminately targets all industries everywhere. After only 3 days, the estimated number of victims is over 250 000, spread over 150 countries. So what is ransomware?… Read more


Protecting against the BankBot Android banking malware using RASP

Earlier this month the Dutch company Securify came across a new sample of the BankBot Android mobile banking malware. While older samples of BankBot mainly targeted Russian financial institutions, the latest sample shows that BankBot now targets European and American banks as well. More specifically BankBot now targets over 420 leading banks in countries such as Germany, France, Austria, the Netherlands, Turkey and the United States. VASCO’s Threat Research analysts… Read more


What Bob Dylan and RASP Have in Common

Ok, now that I have your attention, I’ll explain how I got here. Feel free to follow along. In early April, the creative folk icon finally made his way to Stockholm and the home of the Swedish Academy to formally accept his 2016 Nobel Prize for Literature and the 8 million Swedish krona (approximately $900,000 US) that went along with it. It happens that one of his most well known… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces… Read more


February 10, 2017 - David Vergara

In their third quarter 2016 earnings report, Bank of America said that 20 percent of its total sales were digital and 27 percent of those sales were over mobile devices. The bank reported that it now has over 21 million mobile customers. And similar growth is being seen across the banking industry, so there’s no doubt that the mobile channel is a strong contributor to bank growth. As the proverb says,… Read more