Payments Fraud, Via Apps?

បានប្រកាសនៅ Money & Finance នៅJuly 23 2019 at 11:47 AM

Apps with a possible security flaw, a malware phishing scheme and possibly, payments fraud, all done in the blink of an eye?

Security firm Symantec said this past week that it found a security flaw in Android apps for WhatsApp and Telegram, which can allow hackers to manipulate data that flows between users.

Reports say that the hacks, which are known as Media File Jacking, allow media that spans photos to documents to be compromised in “real time” and that means intercepting data between when it is written to disk and when they are loaded onto user interfaces. The apps have, cumulatively over 1.5 billion users.

In reference to payments, a hacker could conceivably change an invoice to help divert funds into different accounts.

“WhatsApp has looked closely at this issue, and it’s similar to previous questions about mobile device storage impacting the app ecosystem,” WhatsApp said in a statement. “WhatsApp follows current best practices provided by operating systems for media storage, and looks forward to providing updates in line with Android’s ongoing development. The suggested changes here could both create privacy complications for our users and limit how photos and files could be shared.”

American Express, Targeted?

News came this week that a phishing campaign has targeted American Express customers  The site TechNadu reported that victims are being prompted to load login credentials, under the guise that the online system is going through maintenance. As the site noted, no card issuer would send an email with such prompts.

The phishing campaign targets consumers and also commercial users.

The scam also warns users that if they do not verify their credentials immediately they risk temporary suspension of their accounts.  The scams ask for PINs and mothers’ names, among other sensitive information.

This is not the first time American Express cardholders have been targeted.  In March of this year, the same site reported that a separate phishing campaign had asked holders to provide their login credentials — telling them that they had to re-authenticate credentials.  The site said that the sophisticated emails had sported the American Express icons, official colors of the brand and also had asked for specific and personal data.

Separately in Australia, The Standard reports that the Warrnambool City Council is reviewing “all purchases” that have been made on its 81 corporate credit cards.  The review comes in the wake of the council’s order that a senior officer was asked to repay an undisclosed amount for what were deemed inappropriate transactions.


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The July 2019 Pay Advances: The Gig Economy’s New Normal, a PYMNTS and Mastercard collaboration, examines pay advances – full or partial payments received before an ad hoc job is completed – including how gig workers currently use them and their potential for future adoption. 


យោបល់ (0)