![\"Use](\"https://www.pymnts.com/wp-content/uploads/2024/08/Use-of-security-tools-business.jpg\")
Cash App users may be eligible for part of a multimillion-dollar settlement from the company.
\nThe payments platform and its parent Block agreed earlier this year to pay $15 million to settle a suit claiming the company had failed to protect customers from data breaches.
\nNow, those users \u2014 past and present \u2014 can submit a claim for a piece of that settlement, for up to $2,500, according to a website set up by the plaintiffs.\u00a0
\nAs PYMNTS has reported, Cash App and Block were sued in 2022 for \u201cnegligent\u201d behavior in connection with a data breach in late 2021 that apparently compromised 8.2 million current and former users\u2019 personal information.
\nBlock has said that the breach was the result of a former employee still having access to reports that contained users\u2019 full names and brokerage account numbers.
\n\u201cWhile this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,\u201d the company said in an SEC filing.\u00a0
\nThe lawsuit had alleged that the employee was able to access this information because of insufficient security protections, and argued the plaintiffs faced increased risk for identity theft and fraud.
\nThe lawsuit also cited the fact that Cash App waited several months to notify, which caused additional harm to customers that \u201cthey otherwise could have avoided had a timely disclosure been made.\u201d
\nMeanwhile, Block released quarterly earnings recently, and with them its plans to pursue an opportunity to make Cash App the chief financial services partner of choice for families making up to $150,000 by fueling paycheck deposit adoption and increasing inflows.
\nThe company calls this its \u201cbank the base\u201d strategy and recently began testing incentives to drive new paycheck deposit activities as a growth strategy.
\n\u201cThe incentives matter here,\u201d Block founder Jack Dorsey said.
\n\u201cIt is about making Cash App our base\u2019s primary financial tool,\u201d Block CFO Amrita Ahuja added. \u201cWhich ultimately leads to stronger engagement and stronger inflows.\u201d
\nThe company\u2019s Cash App Card saw 24 million monthly active users in June, 13% year-over-year increase, while inflows per active user enjoyed healthy growth, climbing 10% year over year in the quarter.
\nThe post Block to Pay Cash App Users Up to $2,500 in Data Breach Settlement appeared first on PYMNTS.com.
\n", "content_text": "Cash App users may be eligible for part of a multimillion-dollar settlement from the company.\nThe payments platform and its parent Block agreed earlier this year to pay $15 million to settle a suit claiming the company had failed to protect customers from data breaches.\nNow, those users \u2014 past and present \u2014 can submit a claim for a piece of that settlement, for up to $2,500, according to a website set up by the plaintiffs.\u00a0\nAs PYMNTS has reported, Cash App and Block were sued in 2022 for \u201cnegligent\u201d behavior in connection with a data breach in late 2021 that apparently compromised 8.2 million current and former users\u2019 personal information.\nBlock has said that the breach was the result of a former employee still having access to reports that contained users\u2019 full names and brokerage account numbers.\n\u201cWhile this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,\u201d the company said in an SEC filing.\u00a0\nThe lawsuit had alleged that the employee was able to access this information because of insufficient security protections, and argued the plaintiffs faced increased risk for identity theft and fraud.\nThe lawsuit also cited the fact that Cash App waited several months to notify, which caused additional harm to customers that \u201cthey otherwise could have avoided had a timely disclosure been made.\u201d\nMeanwhile, Block released quarterly earnings recently, and with them its plans to pursue an opportunity to make Cash App the chief financial services partner of choice for families making up to $150,000 by fueling paycheck deposit adoption and increasing inflows.\nThe company calls this its \u201cbank the base\u201d strategy and recently began testing incentives to drive new paycheck deposit activities as a growth strategy.\n\u201cThe incentives matter here,\u201d Block founder Jack Dorsey said.\n\u201cIt is about making Cash App our base\u2019s primary financial tool,\u201d Block CFO Amrita Ahuja added. \u201cWhich ultimately leads to stronger engagement and stronger inflows.\u201d\nThe company\u2019s Cash App Card saw 24 million monthly active users in June, 13% year-over-year increase, while inflows per active user enjoyed healthy growth, climbing 10% year over year in the quarter.\nThe post Block to Pay Cash App Users Up to $2,500 in Data Breach Settlement appeared first on PYMNTS.com.", "date_published": "2024-08-11T16:21:48-04:00", "date_modified": "2024-08-11T20:59:27-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/Cash-App-settlement.jpg", "tags": [ "Block", "Cash App", "Cybersecurity", "Data Breaches", "data security", "News", "PYMNTS News", "What's Hot" ] }, { "id": "https://www.pymnts.com/?p=2049057", "url": "https://www.pymnts.com/cybersecurity/2024/banks-and-their-tech-suppliers-face-more-it-scrutiny-in-europe/", "title": "Banks and Their Tech Suppliers Face More IT Scrutiny in Europe", "content_html": "Banks and their IT providers will soon face tougher scrutiny in the European Union (EU).
\nThat\u2019s because of the Digital Operational Resilience Act (DORA), which passed last year but isn\u2019t set to be enforced until January of 2025. A\u00a0report\u00a0Thursday (Aug. 8) by CNBC examines the implications of the law, particularly in the wake of last month\u2019s\u00a0CrowdStrike\u00a0outage.
\nDORA requires banks to carry out\u00a0strict IT risk management, digital operational resilience testing, information and intelligence sharing on cyber threats and vulnerabilities, along with taking measures to manage third-party risks.
\nIn addition, the report notes, companies will have to assess their \u201cconcentration risk\u201d in relation to outsourcing critical operational functions to third-party companies.
\nThese IT providers often provide \u201ccritical digital services to customers,\u201d\u00a0Joe Vaccaro, general manager of\u00a0Cisco-owned internet quality monitoring company\u00a0ThousandEyes, told CNBC.
\n\u201cThese third-party providers must now be part of the testing and reporting process, meaning financial services companies need to adopt solutions that help them uncover and map these sometimes hidden dependencies with providers,\u201d said Vaccaro.
\nLenders will also have to \u201cexpand their ability to assure the delivery and performance of digital experiences across not just the infrastructure they own, but also the one they don\u2019t,\u201d he added.
\nAs the report notes, DORA aims to help banks escape incidents like the massive IT outage last month when a\u00a0software update glitch\u00a0at cybersecurity provider CrowdStrike caused Microsoft Windows systems to crash at airports, hospitals and financial services companies.
\nWeeks later, the fallout from the outage continues, with\u00a0Delta Air Lines\u00a0\u2014 which canceled more than 5,000 flights following the disruption and says it\u00a0stands to lose $500 million\u00a0\u2014 threatening legal action against CrowdStrike.
\nCrowdStrike struck back against the airline\u2019s claims on Sunday (Aug. 4), arguing that while it accepts responsibility for the outage, it does not accept responsibility for Delta\u2019s IT decisions, noting that \u201cDelta\u2019s competitors, facing similar challenges, all restored operations much faster.\u201d
\nAs PYMNTS wrote earlier this week, the incident underlines the\u00a0importance of third-party vendors\u00a0like cloud service providers and IT companies in maintaining resilient infrastructure.
\n\u201cWith complex ecosystems, you have a higher number of partners than you may have historically had\u201d in the past,\u00a0Larson McNeil, co-head of marketplaces and digital ecosystems at\u00a0J.P. Morgan Payments, told PYMNTS. \u201cYou\u2019ve got to understand your industry and the various players in the ecosystem \u2014 and as complexity increases, you\u2019ve got to understand the risk and the opportunities that this creates for the business.\u201d
\nThe post Banks and Their Tech Suppliers Face More IT Scrutiny in Europe appeared first on PYMNTS.com.
\n", "content_text": "Banks and their IT providers will soon face tougher scrutiny in the European Union (EU).\nThat\u2019s because of the Digital Operational Resilience Act (DORA), which passed last year but isn\u2019t set to be enforced until January of 2025. A\u00a0report\u00a0Thursday (Aug. 8) by CNBC examines the implications of the law, particularly in the wake of last month\u2019s\u00a0CrowdStrike\u00a0outage.\nDORA requires banks to carry out\u00a0strict IT risk management, digital operational resilience testing, information and intelligence sharing on cyber threats and vulnerabilities, along with taking measures to manage third-party risks.\nIn addition, the report notes, companies will have to assess their \u201cconcentration risk\u201d in relation to outsourcing critical operational functions to third-party companies.\nThese IT providers often provide \u201ccritical digital services to customers,\u201d\u00a0Joe Vaccaro, general manager of\u00a0Cisco-owned internet quality monitoring company\u00a0ThousandEyes, told CNBC.\n\u201cThese third-party providers must now be part of the testing and reporting process, meaning financial services companies need to adopt solutions that help them uncover and map these sometimes hidden dependencies with providers,\u201d said Vaccaro.\nLenders will also have to \u201cexpand their ability to assure the delivery and performance of digital experiences across not just the infrastructure they own, but also the one they don\u2019t,\u201d he added.\nAs the report notes, DORA aims to help banks escape incidents like the massive IT outage last month when a\u00a0software update glitch\u00a0at cybersecurity provider CrowdStrike caused Microsoft Windows systems to crash at airports, hospitals and financial services companies.\nWeeks later, the fallout from the outage continues, with\u00a0Delta Air Lines\u00a0\u2014 which canceled more than 5,000 flights following the disruption and says it\u00a0stands to lose $500 million\u00a0\u2014 threatening legal action against CrowdStrike.\nCrowdStrike struck back against the airline\u2019s claims on Sunday (Aug. 4), arguing that while it accepts responsibility for the outage, it does not accept responsibility for Delta\u2019s IT decisions, noting that \u201cDelta\u2019s competitors, facing similar challenges, all restored operations much faster.\u201d\nAs PYMNTS wrote earlier this week, the incident underlines the\u00a0importance of third-party vendors\u00a0like cloud service providers and IT companies in maintaining resilient infrastructure.\n\u201cWith complex ecosystems, you have a higher number of partners than you may have historically had\u201d in the past,\u00a0Larson McNeil, co-head of marketplaces and digital ecosystems at\u00a0J.P. Morgan Payments, told PYMNTS. \u201cYou\u2019ve got to understand your industry and the various players in the ecosystem \u2014 and as complexity increases, you\u2019ve got to understand the risk and the opportunities that this creates for the business.\u201d\nThe post Banks and Their Tech Suppliers Face More IT Scrutiny in Europe appeared first on PYMNTS.com.", "date_published": "2024-08-08T08:33:51-04:00", "date_modified": "2024-08-08T08:33:51-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/banks-tech-IT-Europe_097181.png", "tags": [ "banking", "Banks", "CrowdStrike", "Crowdstrike outage", "Cybersecurity", "Digital Operational Resilience Act", "DORA", "EMEA", "European Union", "IT", "IT security", "News", "PYMNTS News", "regulations", "Security", "software", "What's Hot" ] }, { "id": "https://www.pymnts.com/?p=2020427", "url": "https://www.pymnts.com/cybersecurity/2024/cyberattack-world-largest-silver-producer-highlights-data-role/", "title": "Cyberattack on World\u2019s Largest Silver Producer Shows Data Is the New Gold", "content_html": "Effective cybersecurity programs are critical for today\u2019s traditional industries, where IT spending is low and historically deprioritized relative to other initiatives.
\nAs these industries undergo digital transformation, bad actors frequently wait in the wings to strike. Ensuring operational resiliency in the face of an increasingly sophisticated threat landscape is top of mind for businesses across industries as disparate as finance and logistics.
\nNews broke Tuesday (July 30) that Fresnillo, the world\u2019s largest silver producer and a top global producer of gold, copper and zinc, suffered a cyberattack resulting in attackers gaining access to system-level data.
\nThe mining giant\u2019s filing stated it was \u201cthe subject of a cybersecurity incident which has resulted in unauthorized access to certain IT systems and data.\u201d
\n\u201cAll business units continue their activities, and no material operational or financial impact has been experienced or is foreseen,\u201d Fresnillo added in the filing. \u201cThis will be assessed on an ongoing basis until the situation is resolved.\u201d
\nThe cyberattack underscores the growing challenges global companies face in protecting their data and other assets against cyber threats and international criminal groups, whose reach continues to grow.
\nRead also: Firms Look to Mitigate Consequences From Data Breaches
\n2024 is shaping up to be the year of the cyberattack. According to the PYMNTS Intelligence report \u201cFraud Management in Online Transactions,\u201d 82% of large merchants have reported data and cyber breaches over the past year.
\nFrom CrowdStrike\u2019s Microsoft outage to AT&T and beyond, industries around the world are facing an uptick in cybersecurity incidents, with several high-profile incidents happening in recent months.
\n\u201cThe barrier for entry has never been lower for threat actors,\u201d Sunil Mallik, chief information security officer at Discover\u00ae Global Network, told PYMNTS this month, noting that the cost of computing power has decreased dramatically over the past decade, making it easier for criminals to access tools and launch attacks.
\nIt was reported in July that a confidential assessment by the Office of the Comptroller of the Currency (OCC) said 11 of the 22 large banks it oversees have \u201cinsufficient\u201d or \u201cweak\u201d management of so-called operational risk, whether that means cyberattacks or mistakes by employees.
\nCybercriminals are increasingly targeting the data businesses collect on customers and operations for several reasons. Personal and financial information, such as credit card numbers, bank account details and Social Security numbers, can be sold on the dark web or used for identity theft and fraud. Cybercriminals can also use this data to make unauthorized transactions or take over accounts.
\n\u201cIf you think about what bad guys are doing, they are putting together a picture of us \u2014 and using that information to figure out new ways to trick us,\u201d Intellicheck CEO Bryan Lewis told PYMNTS last month, drawing a parallel between the motive behind data breaches and the game of Clue, noting that by assembling various pieces of data and \u201casking questions,\u201d cybercriminals can identify and exploit vulnerabilities, leading to social engineering attacks.
\nSee also: Fresh Wave of Major Cyberattacks Exposes Key Enterprise Security Weaknesses
\nWith data breaches such as the one affecting over 100 million AT&T customers, understanding what criminals can construe from stolen data and embracing best practices for protecting sensitive information are now table stakes for businesses.
\n\u201cIt is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity,\u201d Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS in February. \u201cWhat\u2019s different now is that both sides are armed with some really impressive technology.\u201d
\nPYMNTS Intelligence found that 63% of chief financial officers reported using some level of specialized automation for fraud prevention in the last six months.
\n\u201cEveryone has been dealing with cybersecurity for a long time,\u201d XiFin Chief Financial Officer Erik Sallee told PYMNTS in June. \u201cThere\u2019s no way around it other than blocking and tackling, doing the right thing every day keeping all your systems up to date, making sure you\u2019re working with good vendors and investing in it. It\u2019s a cost-avoidance type of investment, but it\u2019s one you have to understand, and you can\u2019t short-shift it.\u201d
\nMany of the fundamental challenges for organizations looking to maintain data security result from the sheer volume of an organization\u2019s data, the many ways users can access the data (on-site versus remote, computer versus mobile device), and the potential for the compromise of valid user credentials being used by unauthorized users.
\nBut, in today\u2019s data-driven world, organizations must prioritize cybersecurity as part of their business risk management strategy.
\nThe post Cyberattack on World\u2019s Largest Silver Producer Shows Data Is the New Gold appeared first on PYMNTS.com.
\n", "content_text": "Effective cybersecurity programs are critical for today\u2019s traditional industries, where IT spending is low and historically deprioritized relative to other initiatives.\nAs these industries undergo digital transformation, bad actors frequently wait in the wings to strike. Ensuring operational resiliency in the face of an increasingly sophisticated threat landscape is top of mind for businesses across industries as disparate as finance and logistics.\nNews broke Tuesday (July 30) that Fresnillo, the world\u2019s largest silver producer and a top global producer of gold, copper and zinc, suffered a cyberattack resulting in attackers gaining access to system-level data.\nThe mining giant\u2019s filing stated it was \u201cthe subject of a cybersecurity incident which has resulted in unauthorized access to certain IT systems and data.\u201d\n\u201cAll business units continue their activities, and no material operational or financial impact has been experienced or is foreseen,\u201d Fresnillo added in the filing. \u201cThis will be assessed on an ongoing basis until the situation is resolved.\u201d\nThe cyberattack underscores the growing challenges global companies face in protecting their data and other assets against cyber threats and international criminal groups, whose reach continues to grow.\nRead also: Firms Look to Mitigate Consequences From Data Breaches\nMajor Cyberattacks Expose Key Enterprise Security Weaknesses\n2024 is shaping up to be the year of the cyberattack. According to the PYMNTS Intelligence report \u201cFraud Management in Online Transactions,\u201d 82% of large merchants have reported data and cyber breaches over the past year.\nFrom CrowdStrike\u2019s Microsoft outage to AT&T and beyond, industries around the world are facing an uptick in cybersecurity incidents, with several high-profile incidents happening in recent months.\n\u201cThe barrier for entry has never been lower for threat actors,\u201d Sunil Mallik, chief information security officer at Discover\u00ae Global Network, told PYMNTS this month, noting that the cost of computing power has decreased dramatically over the past decade, making it easier for criminals to access tools and launch attacks.\nIt was reported in July that a confidential assessment by the Office of the Comptroller of the Currency (OCC) said 11 of the 22 large banks it oversees have \u201cinsufficient\u201d or \u201cweak\u201d management of so-called operational risk, whether that means cyberattacks or mistakes by employees.\nCybercriminals are increasingly targeting the data businesses collect on customers and operations for several reasons. Personal and financial information, such as credit card numbers, bank account details and Social Security numbers, can be sold on the dark web or used for identity theft and fraud. Cybercriminals can also use this data to make unauthorized transactions or take over accounts.\n\u201cIf you think about what bad guys are doing, they are putting together a picture of us \u2014 and using that information to figure out new ways to trick us,\u201d Intellicheck CEO Bryan Lewis told PYMNTS last month, drawing a parallel between the motive behind data breaches and the game of Clue, noting that by assembling various pieces of data and \u201casking questions,\u201d cybercriminals can identify and exploit vulnerabilities, leading to social engineering attacks.\nSee also: Fresh Wave of Major Cyberattacks Exposes Key Enterprise Security Weaknesses\nData Exists to Be Accessed, Making Protecting It a Challenge\nWith data breaches such as the one affecting over 100 million AT&T customers, understanding what criminals can construe from stolen data and embracing best practices for protecting sensitive information are now table stakes for businesses.\n\u201cIt is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity,\u201d Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS in February. \u201cWhat\u2019s different now is that both sides are armed with some really impressive technology.\u201d\nPYMNTS Intelligence found that 63% of chief financial officers reported using some level of specialized automation for fraud prevention in the last six months.\n\u201cEveryone has been dealing with cybersecurity for a long time,\u201d XiFin Chief Financial Officer Erik Sallee told PYMNTS in June. \u201cThere\u2019s no way around it other than blocking and tackling, doing the right thing every day keeping all your systems up to date, making sure you\u2019re working with good vendors and investing in it. It\u2019s a cost-avoidance type of investment, but it\u2019s one you have to understand, and you can\u2019t short-shift it.\u201d\nMany of the fundamental challenges for organizations looking to maintain data security result from the sheer volume of an organization\u2019s data, the many ways users can access the data (on-site versus remote, computer versus mobile device), and the potential for the compromise of valid user credentials being used by unauthorized users.\nBut, in today\u2019s data-driven world, organizations must prioritize cybersecurity as part of their business risk management strategy.\nThe post Cyberattack on World\u2019s Largest Silver Producer Shows Data Is the New Gold appeared first on PYMNTS.com.", "date_published": "2024-08-01T11:42:05-04:00", "date_modified": "2024-08-01T22:21:10-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/Fresnillo.jpg", "tags": [ "AT&T", "CrowdStrike", "Cybersecurity", "Data Breaches", "digital transformation", "Featured News", "fraud", "Fresnillo", "Hackers", "Microsoft", "News", "PYMNTS News", "scams", "Security", "Technology" ] }, { "id": "https://www.pymnts.com/?p=2020057", "url": "https://www.pymnts.com/cybersecurity/2024/80percent-large-merchants-have-faced-cyber-attacks-past-year/", "title": "8 in 10 Large Merchants Have Faced Cyber Attacks in Past Year", "content_html": "Merchants in the United States, particularly those handling international transactions, are grappling with increasing cybersecurity challenges.
\nWith 82% of large merchants reporting data and cyber breaches over the past year, the financial impact is considerable, affecting revenue and customer trust, according to the PYMNTS Intelligence report \u201cFraud Management in Online Transactions.\u201d
\n
The report explored the challenges and strategies in online fraud management. The analysis addressed how merchants are navigating the rising frequency of data breaches and fraudulent activities, especially within international eCommerce. It also examined various anti-fraud measures, evaluating their effectiveness and the implications for business operations.
\nThe report found that there is a need for stronger anti-fraud strategies and enhanced cybersecurity measures to safeguard cross-border transactions.
\nOutsourcing fraud prevention to specialized providers has proven effective, achieving a 32% reduction in failed payment rates compared to in-house efforts. Although only 53% of merchants implement two-factor authentication at the transaction level, its use is crucial for minimizing payment failures. These findings underscore the benefits of using external expertise and adopting advanced security protocols to bolster fraud management and protect financial transactions.
\nThe report found that cybersecurity challenges are pervasive and have had substantial financial repercussions, with nearly half of eCommerce businesses reporting losses in revenue and customer churn as a direct consequence of such security incidents. The effects undermine the execution of cross-border payments.
\nCyber breaches are increasingly exposing vulnerabilities in eCommerce transactions, and 47% of merchants experienced both customer loss and revenue decline due to fraud.
\nAmong various anti-fraud strategies, outsourcing fraud prevention to specialized third-party providers has demonstrated success. Merchants who have partnered with these providers reported a lower average failed payment rate of 8.5%, compared to 13% among those managing anti-fraud processes in-house.
\nThis 32% reduction highlights the advantages of using external expertise and advanced technology that may not be readily available or affordable for all businesses. Outsourcing allows merchants to benefit from sophisticated tools and expertise, effectively reducing operational burdens while enhancing fraud detection and prevention.
\nAs a result, merchants achieve better operational efficiency and increased customer satisfaction.
\nTwo-factor authentication is identified as an effective measure for combating fraud and reducing failed payments. The study revealed that merchants employing per-transaction 2FA \u2014 where customers must authenticate each transaction \u2014 reported the lowest failed payment rates at 10.3%.
\nThis method outperforms other security measures, such as 2FA at login or transaction confirmation notifications. Implementing or enhancing 2FA systems can substantially lower fraud rates and improve overall transaction security, benefiting merchants and their customers.
\nConsider that 95% of merchants want to implement anti-fraud solutions within the next 12 months.
\nThe post 8 in 10 Large Merchants Have Faced Cyber Attacks in Past Year appeared first on PYMNTS.com.
\n", "content_text": "Merchants in the United States, particularly those handling international transactions, are grappling with increasing cybersecurity challenges.\nWith 82% of large merchants reporting data and cyber breaches over the past year, the financial impact is considerable, affecting revenue and customer trust, according to the PYMNTS Intelligence report \u201cFraud Management in Online Transactions.\u201d\n\nThe report explored the challenges and strategies in online fraud management. The analysis addressed how merchants are navigating the rising frequency of data breaches and fraudulent activities, especially within international eCommerce. It also examined various anti-fraud measures, evaluating their effectiveness and the implications for business operations.\nThe report found that there is a need for stronger anti-fraud strategies and enhanced cybersecurity measures to safeguard cross-border transactions.\nOutsourcing fraud prevention to specialized providers has proven effective, achieving a 32% reduction in failed payment rates compared to in-house efforts. Although only 53% of merchants implement two-factor authentication at the transaction level, its use is crucial for minimizing payment failures. These findings underscore the benefits of using external expertise and adopting advanced security protocols to bolster fraud management and protect financial transactions.\nHigh Prevalence of Cybersecurity Issues Impacting Merchants\nThe report found that cybersecurity challenges are pervasive and have had substantial financial repercussions, with nearly half of eCommerce businesses reporting losses in revenue and customer churn as a direct consequence of such security incidents. The effects undermine the execution of cross-border payments.\nCyber breaches are increasingly exposing vulnerabilities in eCommerce transactions, and 47% of merchants experienced both customer loss and revenue decline due to fraud.\nOutsourcing Fraud Prevention Proves Effective\nAmong various anti-fraud strategies, outsourcing fraud prevention to specialized third-party providers has demonstrated success. Merchants who have partnered with these providers reported a lower average failed payment rate of 8.5%, compared to 13% among those managing anti-fraud processes in-house.\nThis 32% reduction highlights the advantages of using external expertise and advanced technology that may not be readily available or affordable for all businesses. Outsourcing allows merchants to benefit from sophisticated tools and expertise, effectively reducing operational burdens while enhancing fraud detection and prevention.\nAs a result, merchants achieve better operational efficiency and increased customer satisfaction.\nTwo-Factor Authentication as a Tool\nTwo-factor authentication is identified as an effective measure for combating fraud and reducing failed payments. The study revealed that merchants employing per-transaction 2FA \u2014 where customers must authenticate each transaction \u2014 reported the lowest failed payment rates at 10.3%.\nThis method outperforms other security measures, such as 2FA at login or transaction confirmation notifications. Implementing or enhancing 2FA systems can substantially lower fraud rates and improve overall transaction security, benefiting merchants and their customers.\nConsider that 95% of merchants want to implement anti-fraud solutions within the next 12 months.\nThe post 8 in 10 Large Merchants Have Faced Cyber Attacks in Past Year appeared first on PYMNTS.com.", "date_published": "2024-08-01T04:00:40-04:00", "date_modified": "2024-07-31T17:12:11-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/cybersecurity-data-breach-fraud.jpg", "tags": [ "authentication", "cross-border payments", "Cybersecurity", "Data Breaches", "ecommerce", "Featured News", "fraud", "Global Payments", "international", "News", "PYMNTS News", "Retail", "Security" ] }, { "id": "https://www.pymnts.com/?p=2017871", "url": "https://www.pymnts.com/cybersecurity/2024/cyberattacks-present-shipping-industrys-biggest-threat-since-wwii/", "title": "Cyberattacks Present Shipping Industry\u2019s Biggest Threat Since WWII", "content_html": "The shipping sector is reportedly facing a spike in cyberattacks tied to state-sponsored hackers.
\nThe industry saw at least 64 cyber incidents last year, the Financial Times reported Saturday (July 27), citing research by the Netherlands\u2019 NHL Stenden University of Applied Sciences. That study found that there were three such incidents in 2013 and zero in 2003.
\nMore than 80% of the incidents logged since 2001 that involved a known attacker originated in Russia, China, North Korea or Iran, the study showed.
\n\u201cThe international rules-based order\u2009…\u2009the great system [that benefited shipping] since the second world war is under threat like never before,\u201d Guy Platten, secretary-general at the International Chamber of Shipping, which represents shipowners controlling about 80% of the world’s commercial fleets, told the FT.
\nThe report also noted that shipping experts are warning that the industry \u2014 which has since its infancy dealt with the physical threat of pirates \u2014 is not prepared for the online variety.
\n\u201cIT spend in the maritime sector is pretty low,\u201d said Stephen McCombie, a maritime IT security professor at NHL Stenden.\u00a0
\nShipowners, McCombie added, \u201care looking for people with maritime knowledge and cybersecurity knowledge,\u201d though that is not a large group.
\nThe report comes as industries around the world are facing an uptick in cybersecurity incidents, with PYMNTS noting at the start of this month that 2024 was proving to be the \u201cyear of the cyberattack\u201d (even before a number of high-profile incidents had even happened).
\nResearch from the PYMNTS Intelligence report \u201cFraud Management in Online Transactions\u201d shows that most eCommerce merchants had dealt with cyberattacks or data breaches in the past year. Eighty-two percent of these businesses experienced an attack in that time, and 47% said the breaches caused them to lose revenue and customers.
\n\u201cIt is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity. What\u2019s different now is that both sides are armed with some really impressive technology,\u201d Michael Shearer, chief solutions officer at Hawk AI, said in an interview with PYMNTS.\u00a0
\n\u201cOn the automation side, it\u2019s all about data. It\u2019s all about organizing and connecting your data together, understanding the signals that you have so you can build a richer context and make better decisions. But you\u2019ve got to have that information there, and you\u2019ve got to connect it together. That\u2019s step one.\u201d
\nThe post Cyberattacks Present Shipping Industry’s Biggest Threat Since WWII appeared first on PYMNTS.com.
\n", "content_text": "The shipping sector is reportedly facing a spike in cyberattacks tied to state-sponsored hackers.\nThe industry saw at least 64 cyber incidents last year, the Financial Times reported Saturday (July 27), citing research by the Netherlands\u2019 NHL Stenden University of Applied Sciences. That study found that there were three such incidents in 2013 and zero in 2003.\nMore than 80% of the incidents logged since 2001 that involved a known attacker originated in Russia, China, North Korea or Iran, the study showed.\n\u201cThe international rules-based order\u2009…\u2009the great system [that benefited shipping] since the second world war is under threat like never before,\u201d Guy Platten, secretary-general at the International Chamber of Shipping, which represents shipowners controlling about 80% of the world’s commercial fleets, told the FT.\nThe report also noted that shipping experts are warning that the industry \u2014 which has since its infancy dealt with the physical threat of pirates \u2014 is not prepared for the online variety.\n\u201cIT spend in the maritime sector is pretty low,\u201d said Stephen McCombie, a maritime IT security professor at NHL Stenden.\u00a0\nShipowners, McCombie added, \u201care looking for people with maritime knowledge and cybersecurity knowledge,\u201d though that is not a large group.\nThe report comes as industries around the world are facing an uptick in cybersecurity incidents, with PYMNTS noting at the start of this month that 2024 was proving to be the \u201cyear of the cyberattack\u201d (even before a number of high-profile incidents had even happened).\nResearch from the PYMNTS Intelligence report \u201cFraud Management in Online Transactions\u201d shows that most eCommerce merchants had dealt with cyberattacks or data breaches in the past year. Eighty-two percent of these businesses experienced an attack in that time, and 47% said the breaches caused them to lose revenue and customers.\n\u201cIt is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity. What\u2019s different now is that both sides are armed with some really impressive technology,\u201d Michael Shearer, chief solutions officer at Hawk AI, said in an interview with PYMNTS.\u00a0\n\u201cOn the automation side, it\u2019s all about data. It\u2019s all about organizing and connecting your data together, understanding the signals that you have so you can build a richer context and make better decisions. But you\u2019ve got to have that information there, and you\u2019ve got to connect it together. That\u2019s step one.\u201d\nThe post Cyberattacks Present Shipping Industry’s Biggest Threat Since WWII appeared first on PYMNTS.com.", "date_published": "2024-07-28T17:32:49-04:00", "date_modified": "2024-07-29T21:29:32-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/07/cyberattack-shipping.jpg", "tags": [ "B2B", "B2B Payments", "commercial payments", "cyberattacks", "Cybersecurity", "data security", "Guy Platten", "hacking", "hacks", "International Chamber of Shipping", "News", "NHL Stenden University of Applied Sciences", "PYMNTS News", "Shipping", "shipping industry", "Stephen McCombie", "What's Hot", "What's Hot In B2B" ] }, { "id": "https://www.pymnts.com/?p=2016382", "url": "https://www.pymnts.com/cybersecurity/2024/crowdstrike-sends-10-gift-cards-to-teammates-partners-after-outage/", "title": "CrowdStrike Sends $10 Gift Cards to Teammates, Partners After Outage", "content_html": "Cybersecurity company CrowdStrike sent $10 gift cards to IT workers on Tuesday (July 23) in an email acknowledging the additional work it caused for them with last week\u2019s IT outage cause by its software update.
\n\u201cAnd for that, we send our heartfelt thanks and apologies for the inconvenience,\u201d CrowdStrike Chief Business Officer Daniel Bernard said in the email, Bloomberg reported Wednesday (July 24), citing a copy of the email it reviewed.
\nBernard added in the email to express its gratitude, CrowdStrike was sending the gift card to cover the IT workers\u2019 next cup of coffee or late-night snack, per the report.
\nCrowdStrike spokesperson Kirsten Speas told Bloomberg that the email went to the firm\u2019s teammates and partners who have been helping customers with the issue; it did not go to customers or clients.
\nTechCrunch reported Tuesday that when some recipients went to redeem the $10 Uber Eats gift card, they got an error message saying that it had been cancelled.
\nCrowdStrike spokesperson Kevin Benacci told TechCrunch that the company sent the cards and that, \u201cUber flagged it as fraud because of high usage rates.\u201d
\nThis news comes on the same day that CrowdStrike released a report on the crash that affected 8.5 million Windows machines around the world.
\nIn the report, CrowdStrike said that a glitch in test software led to the outage. The firm also outlined what it aims to do to prevent the problem from recurring, such as implementing \u201ca staggered deployment strategy for Rapid Response Content in which updates are gradually deployed to larger portions of the sensor base,\u201d while also giving customers more control over the delivery of these updates, letting them choose when and where they are deployed.
\nIt was also reported Wednesday that Delta Air Lines is facing a half-billion dollar hit after the outage and was still recovering from the incident.
\nCrowdStrike CEO George Kurtz has been asked to appear before the House Homeland Security Committee to give public testimony about the outage.
\nA letter seeking his testimony said that the outage impacted key functions of the global economy, including flights, surgeries, and 911 emergency call centers.
\nThe post CrowdStrike Sends $10 Gift Cards to Teammates, Partners After Outage appeared first on PYMNTS.com.
\n", "content_text": "Cybersecurity company CrowdStrike sent $10 gift cards to IT workers on Tuesday (July 23) in an email acknowledging the additional work it caused for them with last week\u2019s IT outage cause by its software update.\n\u201cAnd for that, we send our heartfelt thanks and apologies for the inconvenience,\u201d CrowdStrike Chief Business Officer Daniel Bernard said in the email, Bloomberg reported Wednesday (July 24), citing a copy of the email it reviewed.\nBernard added in the email to express its gratitude, CrowdStrike was sending the gift card to cover the IT workers\u2019 next cup of coffee or late-night snack, per the report.\nCrowdStrike spokesperson Kirsten Speas told Bloomberg that the email went to the firm\u2019s teammates and partners who have been helping customers with the issue; it did not go to customers or clients.\nTechCrunch reported Tuesday that when some recipients went to redeem the $10 Uber Eats gift card, they got an error message saying that it had been cancelled.\nCrowdStrike spokesperson Kevin Benacci told TechCrunch that the company sent the cards and that, \u201cUber flagged it as fraud because of high usage rates.\u201d\nThis news comes on the same day that CrowdStrike released a report on the crash that affected 8.5 million Windows machines around the world.\nIn the report, CrowdStrike said that a glitch in test software led to the outage. The firm also outlined what it aims to do to prevent the problem from recurring, such as implementing \u201ca staggered deployment strategy for Rapid Response Content in which updates are gradually deployed to larger portions of the sensor base,\u201d while also giving customers more control over the delivery of these updates, letting them choose when and where they are deployed.\nIt was also reported Wednesday that Delta Air Lines is facing a half-billion dollar hit after the outage and was still recovering from the incident. \nCrowdStrike CEO George Kurtz has been asked to appear before the House Homeland Security Committee to give public testimony about the outage.\nA letter seeking his testimony said that the outage impacted key functions of the global economy, including flights, surgeries, and 911 emergency call centers.\nThe post CrowdStrike Sends $10 Gift Cards to Teammates, Partners After Outage appeared first on PYMNTS.com.", "date_published": "2024-07-24T20:03:32-04:00", "date_modified": "2024-07-24T20:03:32-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/07/CrowdStrike-outage-1.jpg", "tags": [ "$10 gift cards", "CrowdStrike", "Crowdstrike outage", "Cybersecurity", "Daniel Bernard", "Kevin Benacci", "Kirsten Speas", "News", "PYMNTS News", "What's Hot" ] }, { "id": "https://www.pymnts.com/?p=2015680", "url": "https://www.pymnts.com/cybersecurity/2024/veeam-announces-splunk-extension-for-monitoring-backup-infrastructure-health-security/", "title": "Veeam Announces Splunk Extension for Monitoring Backup Infrastructure Health, Security", "content_html": "Veeam Software has announced the availability of a\u00a0Splunk\u00a0extension that allows\u00a0Veeam Data Platform customers to monitor the health and security status of their Veeam backup infrastructure.
\nWith the\u00a0Veeam App for Splunk, security professionals can monitor their Veeam backup environments using the capabilities of Splunk, a security information and event management (SIEM) solution, Veeam said in a Tuesday (July 23) press release.
\n\u201cVeeam is focused on powering data resilience for every customer, and this includes tight integration with leading security platforms,\u201d\u00a0John Jester, chief revenue officer at Veeam, said in the release. \u201cNow security professionals can use Splunk to closely monitor their Veeam backup environments through detailed dashboards, reports and alerts.\u201d
\nThe Veeam App for Splunk integrates with Splunk user roles and location management, and processes events sent by Veeam Backup & Replication to the syslog server, according to the release.
\nThe app also provides Splunk users with severity level management for events and alerts, multiple data source locations support, role-based permissions for locations and app configuration backup, the release said.
\nThis new offering arrives at a time when 76% of organizations said they suffered a ransomware attack in the last year, and 93% of those attacks targeted an organization\u2019s data backups, per the release.
\n\u201cCombatting cyberattacks requires integration across your infrastructure, and the Veeam App for Splunk brings Veeam event data into Splunk, enabling customers to monitor security events like ransomware, accidental deletion, malware and other cyber threats using their current tools,\u201d Jester said in the release.
\nSplunk was recently\u00a0acquired by networking behemoth Cisco, with the $28 billion\u00a0deal closing in March. The announcement of the acquisition was originally made in September 2023 and was followed by months of anticipation.
\nWhen announcing the deal, Cisco said the acquisition was designed to help clients bolster their\u00a0security and observability efforts via artificial intelligence (AI).
\nCisco and Splunk offer \u201ccomplementary capabilities in AI, security and observability,\u201d helping make companies more secure and digitally resilient, Cisco said at the time.
\n\u201cFrom threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient,\u201d Cisco CEO\u00a0Chuck Robbins said.
\nThe post Veeam Announces Splunk Extension for Monitoring Backup Infrastructure Health, Security appeared first on PYMNTS.com.
\n", "content_text": "Veeam Software has announced the availability of a\u00a0Splunk\u00a0extension that allows\u00a0Veeam Data Platform customers to monitor the health and security status of their Veeam backup infrastructure.\nWith the\u00a0Veeam App for Splunk, security professionals can monitor their Veeam backup environments using the capabilities of Splunk, a security information and event management (SIEM) solution, Veeam said in a Tuesday (July 23) press release.\n\u201cVeeam is focused on powering data resilience for every customer, and this includes tight integration with leading security platforms,\u201d\u00a0John Jester, chief revenue officer at Veeam, said in the release. \u201cNow security professionals can use Splunk to closely monitor their Veeam backup environments through detailed dashboards, reports and alerts.\u201d\nThe Veeam App for Splunk integrates with Splunk user roles and location management, and processes events sent by Veeam Backup & Replication to the syslog server, according to the release.\nThe app also provides Splunk users with severity level management for events and alerts, multiple data source locations support, role-based permissions for locations and app configuration backup, the release said.\nThis new offering arrives at a time when 76% of organizations said they suffered a ransomware attack in the last year, and 93% of those attacks targeted an organization\u2019s data backups, per the release.\n\u201cCombatting cyberattacks requires integration across your infrastructure, and the Veeam App for Splunk brings Veeam event data into Splunk, enabling customers to monitor security events like ransomware, accidental deletion, malware and other cyber threats using their current tools,\u201d Jester said in the release.\nSplunk was recently\u00a0acquired by networking behemoth Cisco, with the $28 billion\u00a0deal closing in March. The announcement of the acquisition was originally made in September 2023 and was followed by months of anticipation.\nWhen announcing the deal, Cisco said the acquisition was designed to help clients bolster their\u00a0security and observability efforts via artificial intelligence (AI).\nCisco and Splunk offer \u201ccomplementary capabilities in AI, security and observability,\u201d helping make companies more secure and digitally resilient, Cisco said at the time.\n\u201cFrom threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient,\u201d Cisco CEO\u00a0Chuck Robbins said.\nThe post Veeam Announces Splunk Extension for Monitoring Backup Infrastructure Health, Security appeared first on PYMNTS.com.", "date_published": "2024-07-23T18:36:29-04:00", "date_modified": "2024-07-24T22:41:49-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/07/Veeam-cybersecurity.jpg", "tags": [ "B2B", "B2B Payments", "backups", "commercial payments", "Cybersecurity", "data", "data backups", "data protection", "Infrastructure", "News", "PYMNTS News", "Splunk", "Veeam", "Veeam Data Platform", "What's Hot", "What's Hot In B2B" ] }, { "id": "https://www.pymnts.com/?p=2014841", "url": "https://www.pymnts.com/cybersecurity/2024/house-homeland-security-committee-seeks-testimony-from-crowdstrike-ceo/", "title": "House Homeland Security Committee Seeks Testimony From CrowdStrike CEO", "content_html": "Two members of the House Homeland Security Committee have asked CrowdStrike CEO George Kurtz to appear before the committee and give public testimony about the faulty software update that affected organizations around the world on Friday (July 19).
\nIn a letter dated Monday (July 22), Rep. Mark E. Green, R-Tenn., who is chairman of the House Committee on Homeland Security, and Rep. Andrew R. Garbardino, R-N.Y., who is chairman of the committee\u2019s Subcommittee on Cybersecurity and Infrastructure Protection, asked Kurtz to schedule a hearing with the subcommittee by 5 p.m. on Wednesday (July 24).
\nFriday\u2019s IT outage impacted key functions of the global economy and was attributed to a CrowdStrike software update, according to a Monday press release issued by the Homeland Security Committee.
\n\u201cWhile we appreciate CrowdStrike\u2019s response and coordination with stakeholders, we cannot ignore the magnitude of this incident, which some have claimed is the largest IT outage in history,\u201d the letter said. \u201cIn less than one day, we have seen major impacts to key functions of the global economy, including aviation, healthcare, banking, media and emergency services. Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking.\u201d
\nThe letter said that the outage led to cancellations of 3,000 commercial flights, delays of 11,800 other flights, cancellations of surgeries, disruptions to 911 emergency call centers, and a need for companies to devote millions of manual labor hours to solving the problem.
\n\u201cProtecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again,\u201d the letter said.
\nKurtz said in a Friday post on X that the problem was caused by \u201ca defect found in a single content update for Windows hosts\u201d and that it is \u201cnot a security incident or cyberattack.\u201d
\nWhile it wasn\u2019t a cyberattack, the incident put security at the top of the table as companies tried to ensure that \u201cthis won\u2019t happen again,\u201d PYMNTS reported Monday.
\nOn Monday, CrowdStrike, Microsoft and other companies that were victimized by the outage continued to issue updates as they slowly completed the manual processes necessary to fix the problem.
\nThe post House Homeland Security Committee Seeks Testimony From CrowdStrike CEO appeared first on PYMNTS.com.
\n", "content_text": "Two members of the House Homeland Security Committee have asked CrowdStrike CEO George Kurtz to appear before the committee and give public testimony about the faulty software update that affected organizations around the world on Friday (July 19).\nIn a letter dated Monday (July 22), Rep. Mark E. Green, R-Tenn., who is chairman of the House Committee on Homeland Security, and Rep. Andrew R. Garbardino, R-N.Y., who is chairman of the committee\u2019s Subcommittee on Cybersecurity and Infrastructure Protection, asked Kurtz to schedule a hearing with the subcommittee by 5 p.m. on Wednesday (July 24).\nFriday\u2019s IT outage impacted key functions of the global economy and was attributed to a CrowdStrike software update, according to a Monday press release issued by the Homeland Security Committee.\n\u201cWhile we appreciate CrowdStrike\u2019s response and coordination with stakeholders, we cannot ignore the magnitude of this incident, which some have claimed is the largest IT outage in history,\u201d the letter said. \u201cIn less than one day, we have seen major impacts to key functions of the global economy, including aviation, healthcare, banking, media and emergency services. Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking.\u201d\nThe letter said that the outage led to cancellations of 3,000 commercial flights, delays of 11,800 other flights, cancellations of surgeries, disruptions to 911 emergency call centers, and a need for companies to devote millions of manual labor hours to solving the problem.\n\u201cProtecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again,\u201d the letter said.\nKurtz said in a Friday post on X that the problem was caused by \u201ca defect found in a single content update for Windows hosts\u201d and that it is \u201cnot a security incident or cyberattack.\u201d\nWhile it wasn\u2019t a cyberattack, the incident put security at the top of the table as companies tried to ensure that \u201cthis won\u2019t happen again,\u201d PYMNTS reported Monday.\nOn Monday, CrowdStrike, Microsoft and other companies that were victimized by the outage continued to issue updates as they slowly completed the manual processes necessary to fix the problem.\nThe post House Homeland Security Committee Seeks Testimony From CrowdStrike CEO appeared first on PYMNTS.com.", "date_published": "2024-07-22T20:14:05-04:00", "date_modified": "2024-07-22T20:14:05-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/07/CrowdStrike.jpg", "tags": [ "Andrew R. Garbardino", "CrowdStrike", "Cybersecurity", "George Kurtz", "House Homeland Security Committee", "Mark E. Green", "Microsoft", "News", "PYMNTS News", "Subcommittee on Cybersecurity and Infrastructure Protection", "What's Hot", "Windows" ] }, { "id": "https://www.pymnts.com/?p=2014812", "url": "https://www.pymnts.com/cybersecurity/2024/crowdstrike-outage-rolls-on-attention-turns-to-software-update-quality-control/", "title": "CrowdStrike Outage Rolls On; Attention Turns to Software Update Quality Control", "content_html": "The CrowdStrike-Windows outage story continued to play out in airports, online and in stores Monday (July 22) with the focus now turning to the security of what used to be routine software updates.
\nBoth Microsoft and CrowdStrike, as well as other companies that were victimized by the outage, issued updates during the day Monday as they slowly completed the manual processes necessary to fix problems caused by a faulty software update executed Friday. CrowdStrike in particular added some color to its initial report that a software update to its Falcon Sensor caused the crash that sent 8.5 million Windows users headed for alternate devices, if they were available.
\n\u201cOn July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems,\u201d the company posted. \u201cSensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.\u201d
\nThe company also indicated in a separate post that it has been a community effort to get Windows-based systems up and running. It said that together with its customers it has tested a new technique to accelerate impacted system remediation, which is highly detailed and technical on its site.
\nTo a non-developer\u2019s eye, all the techniques look to be a variation on manually patching the software update and manually rebooting the system.
\nRead more: CrowdStrike Aftermath: Five Things You Need to Know
\nMicrosoft also announced its own workaround with VP of security David Weston posting: \u201cWe\u2019re working around the clock and providing ongoing updates and support. Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft\u2019s Azure infrastructure accelerate a fix for CrowdStrike\u2019s faulty update. We have also worked with both AWS [Amazon Web Services] and GCP [Google Cloud Platform] to collaborate on the most effective approaches.\u201d
\nAll of which might be too late for passengers on Delta. On Monday, Delta and its regional affiliate Endeavor accounted for the vast majority of canceled U.S. flights, which had mostly recovered their schedules. Delta CEO Ed Bastian told several news media outlets that it would take a \u201canother couple of days\u201d to get all its operations up and running smoothly.
\nAs the main drama faded, the industry continued to look within for the preemptive strategies that would possibly stop a CrowdStrike type of outage again.
\nFor example Finexio CEO Ernest Rolfson told PYMNTS that his company \u2014 which stresses security in its AP/AR automation platform offering \u2014 is seeing heightened concern from current and prospective clients about resilience and fraud detection. It\u2019s even seeing increased concern around paper check and invoice fraud, a trend he said started seeing a few weeks before the CrowdStrike outage.
\n\u201cYou need to have a multilayered payments infrastructure,\u201d Rolfson said. \u201cYou need many form factors and many different options. You need to have trusted third parties to track and verify and validate what you\u2019re doing on a consistent repeatable process. Have someone else come in and do the audits. Most folks are not doing that.\u201d
\nRead also: Microsoft Outage Could Produce \u2018Insurance Catastrophe\u2019
\nRolfson emphasized the critical importance of quality control in software updates, drawing from his own company\u2019s experiences and expressing empathy for companies like Microsoft and their vendors, noting the difficulties inherent in such tasks.
\nHe cited an example from earlier this year when one of the world\u2019s largest banks, a Finexio partner, experienced a bug that affected several of its customers. However, Rolfson was taken aback by the timing of a recent software update from a Finexio partner. The update was rolled out during the workweek, in the morning \u2014 a move he found unconventional.
\nTypically, updates are scheduled after hours or on weekends to minimize disruptions, given the fact that best practices suggest staggering the release to avoid widespread issues if problems arise.
\nRead more: CrowdStrike Outage Hits Amazon at a Key Moment for Shopper Loyalty
\n\n
The post CrowdStrike Outage Rolls On; Attention Turns to Software Update Quality Control appeared first on PYMNTS.com.
\n", "content_text": "The CrowdStrike-Windows outage story continued to play out in airports, online and in stores Monday (July 22) with the focus now turning to the security of what used to be routine software updates. \nBoth Microsoft and CrowdStrike, as well as other companies that were victimized by the outage, issued updates during the day Monday as they slowly completed the manual processes necessary to fix problems caused by a faulty software update executed Friday. CrowdStrike in particular added some color to its initial report that a software update to its Falcon Sensor caused the crash that sent 8.5 million Windows users headed for alternate devices, if they were available. \n\u201cOn July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems,\u201d the company posted. \u201cSensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.\u201d\nThe company also indicated in a separate post that it has been a community effort to get Windows-based systems up and running. It said that together with its customers it has tested a new technique to accelerate impacted system remediation, which is highly detailed and technical on its site. \nTo a non-developer\u2019s eye, all the techniques look to be a variation on manually patching the software update and manually rebooting the system.\nRead more: CrowdStrike Aftermath: Five Things You Need to Know\nDigital Disconnection, Operational Unraveling\nMicrosoft also announced its own workaround with VP of security David Weston posting: \u201cWe\u2019re working around the clock and providing ongoing updates and support. Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft\u2019s Azure infrastructure accelerate a fix for CrowdStrike\u2019s faulty update. We have also worked with both AWS [Amazon Web Services] and GCP [Google Cloud Platform] to collaborate on the most effective approaches.\u201d\nAll of which might be too late for passengers on Delta. On Monday, Delta and its regional affiliate Endeavor accounted for the vast majority of canceled U.S. flights, which had mostly recovered their schedules. Delta CEO Ed Bastian told several news media outlets that it would take a \u201canother couple of days\u201d to get all its operations up and running smoothly. \nAs the main drama faded, the industry continued to look within for the preemptive strategies that would possibly stop a CrowdStrike type of outage again. \nFor example Finexio CEO Ernest Rolfson told PYMNTS that his company \u2014 which stresses security in its AP/AR automation platform offering \u2014 is seeing heightened concern from current and prospective clients about resilience and fraud detection. It\u2019s even seeing increased concern around paper check and invoice fraud, a trend he said started seeing a few weeks before the CrowdStrike outage. \n\u201cYou need to have a multilayered payments infrastructure,\u201d Rolfson said. \u201cYou need many form factors and many different options. You need to have trusted third parties to track and verify and validate what you\u2019re doing on a consistent repeatable process. Have someone else come in and do the audits. Most folks are not doing that.\u201d\nRead also: Microsoft Outage Could Produce \u2018Insurance Catastrophe\u2019\nRolfson emphasized the critical importance of quality control in software updates, drawing from his own company\u2019s experiences and expressing empathy for companies like Microsoft and their vendors, noting the difficulties inherent in such tasks.\nHe cited an example from earlier this year when one of the world\u2019s largest banks, a Finexio partner, experienced a bug that affected several of its customers. However, Rolfson was taken aback by the timing of a recent software update from a Finexio partner. The update was rolled out during the workweek, in the morning \u2014 a move he found unconventional. \nTypically, updates are scheduled after hours or on weekends to minimize disruptions, given the fact that best practices suggest staggering the release to avoid widespread issues if problems arise.\nRead more: CrowdStrike Outage Hits Amazon at a Key Moment for Shopper Loyalty\n \nThe post CrowdStrike Outage Rolls On; Attention Turns to Software Update Quality Control appeared first on PYMNTS.com.", "date_published": "2024-07-22T18:57:25-04:00", "date_modified": "2024-07-22T18:57:46-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/07/Delta-Airlines-CrowdStrike-outage.jpg", "tags": [ "Crowdstrike outage", "Cybersecurity", "David Weston", "Delta", "Ed Bastian", "Ernest Rolfson", "Falcon Sensor", "Finexio", "Microsoft", "News", "PYMNTS News", "software updates", "Windows" ] }, { "id": "https://www.pymnts.com/?p=2013404", "url": "https://www.pymnts.com/cybersecurity/2024/cryptocurrency-exchange-wazirx-loses-230-million-in-cyberattack/", "title": "Cryptocurrency Exchange WazirX Loses $230 Million in Cyberattack", "content_html": "Indian cryptocurrency exchange WazirX said Thursday (July 18) that it lost more than $230 million in a cyberattack.
\n\u201cThis is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds,\u201d the company said in a preliminary report posted on its website. \u201cWe have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor.\u201d
\nWazirX said in the report that the cyberattack targeted one of its multisig wallets that use the services of Liminal\u2019s digital asset custody and wallet infrastructure.
\nThe wallet has six signatories responsible for transaction verifications, and approval from three WazirX signatories and from one Liminal signatory was typically required for a transaction, according to the report.
\nThe company also whitelisted destination addresses to enhance security, per the report.
\n\u201cThe cyberattack stemmed from a discrepancy between the data displayed on Liminal\u2019s interface and the transaction\u2019s actual contents,\u201d WazirX said in the report. \u201cDuring the cyberattack, there was a mismatch between the information displayed on Liminal\u2019s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker.\u201d
\nLiminal said in a Thursday post on X that its platform was not breached and that its infrastructure, wallets and assets remain safe.
\n\u201cOur preliminary investigations show that one of the self-custody multisig smart contract wallets created outside of the Liminal ecosystem has been compromised,\u201d the company said in the post.
\nIt added in another post that WazirX wallets created on the Liminal platform remain secure and that all the malicious transactions occurred outside the Liminal platform.
\n\u201cAdhering to our rigorous security protocols, the Liminal team is also readily assisting the WazirX team as they carry out their investigation,\u201d Liminal said in a third post.
\nBlockchain data firm TRM Labs said on July 5 that the amount of cryptocurrency stolen by hackers more than doubled over the past year.
\nThe total rose from $657 million in cryptocurrency in the first half of 2023 to $1.38 billion in the first half of 2024, according to the company.
\nThe post Cryptocurrency Exchange WazirX Loses $230 Million in Cyberattack appeared first on PYMNTS.com.
\n", "content_text": "Indian cryptocurrency exchange WazirX said Thursday (July 18) that it lost more than $230 million in a cyberattack.\n\u201cThis is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds,\u201d the company said in a preliminary report posted on its website. \u201cWe have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor.\u201d\nWazirX said in the report that the cyberattack targeted one of its multisig wallets that use the services of Liminal\u2019s digital asset custody and wallet infrastructure.\nThe wallet has six signatories responsible for transaction verifications, and approval from three WazirX signatories and from one Liminal signatory was typically required for a transaction, according to the report.\nThe company also whitelisted destination addresses to enhance security, per the report.\n\u201cThe cyberattack stemmed from a discrepancy between the data displayed on Liminal\u2019s interface and the transaction\u2019s actual contents,\u201d WazirX said in the report. \u201cDuring the cyberattack, there was a mismatch between the information displayed on Liminal\u2019s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker.\u201d\nLiminal said in a Thursday post on X that its platform was not breached and that its infrastructure, wallets and assets remain safe.\n\u201cOur preliminary investigations show that one of the self-custody multisig smart contract wallets created outside of the Liminal ecosystem has been compromised,\u201d the company said in the post.\nIt added in another post that WazirX wallets created on the Liminal platform remain secure and that all the malicious transactions occurred outside the Liminal platform.\n\u201cAdhering to our rigorous security protocols, the Liminal team is also readily assisting the WazirX team as they carry out their investigation,\u201d Liminal said in a third post.\nBlockchain data firm TRM Labs said on July 5 that the amount of cryptocurrency stolen by hackers more than doubled over the past year.\nThe total rose from $657 million in cryptocurrency in the first half of 2023 to $1.38 billion in the first half of 2024, according to the company.\nThe post Cryptocurrency Exchange WazirX Loses $230 Million in Cyberattack appeared first on PYMNTS.com.", "date_published": "2024-07-18T19:29:18-04:00", "date_modified": "2024-07-18T19:29:18-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/07/WazirX-cyberattack-x.jpg", "tags": [ "Crypto Exchange", "Crypto Wallet", "cryptocurrency", "Cyberattack", "Cybersecurity", "Liminal", "multisig wallet", "News", "PYMNTS News", "WazirX", "What's Hot" ] } ] }