Entries Tagged "fraud"

Page 12 of 35

iPhone Payment Security

Apple is including some sort of automatic credit card payment system with the iPhone 6. It’s using some security feature of the phone and system to negotiate a cheaper transaction fee.

Basically, there are two kinds of credit card transactions: card-present, and card-not-present. The former is cheaper because there’s less risk of fraud. The article says that Apple has negotiated the card-present rate for its iPhone payment system, even though the card is not present. Presumably, this is because of some other security features that reduce the risk of fraud.

Not a lot of detail here, but interesting nonetheless.

Posted on September 8, 2014 at 7:21 AMView Comments

Another Credit-Card-as-Authentication Hack

This is a pretty impressive social engineering story: an attacker compromised someone’s GoDaddy domain registration in order to change his e-mail address and steal his Twitter handle. It’s a complicated attack.

My claim was refused because I am not the “current registrant.” GoDaddy asked the attacker if it was ok to change account information, while they didn’t bother asking me if it was ok when the attacker did it.

[…]

It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification.

The misuse of credit card numbers as authentication is also how Matt Honan got hacked.

Posted on January 31, 2014 at 6:16 AMView Comments

New Low in Election Fraud

Azerbaijan achieves a new low in electoral fraud: the government accidentally publishes the results of the election before the polls open.

The mistake came when an electoral commission accidentally published results showing a victory for Ilham Aliyev, the country’s long-standing President, a day before voting. Meydan TV, an online channel critical of the government, released a screenshot from a mobile app for the Azerbaijan Central Election Commission which showed that Mr Aliyev had received 72.76 per cent of the vote compared with 7.4 per cent for the opposition candidate, Jamil Hasanli. The screenshot also indicates that the app displayed information about how many people voted at various times during the day. Polls opened at 8am.

Here’s another article.

But luckily, former US legislators are monitoring everything:

But observers from other delegations, including a group of former members of the United States House of Representatives, said the voting on Wednesday was clean and efficient. Mr. Aliyev, thanking voters in a televised statement, called the elections “free and transparent.”

Former Representative Michael E. McMahon, a Democrat from Staten Island, called the vote “honest, fair and really efficient.”

“There were much shorter lines than in America, and no hanging chads“—a reference to the disputed ballots in the United States presidential race in 2000.

Long lines? Hanging chads? These people have no idea how the big boys steal elections.

Posted on October 11, 2013 at 12:33 PMView Comments

Really Clever Bank Card Fraud

This is a really clever social engineering attack against a bank-card holder:

It all started, according to the police, on the Saturday night where one of this gang will have watched me take money from the cash point. That’s the details of my last transaction taken care of. Sinister enough, the thought of being spied on while you’re trying to enjoy yourself at a garage night at the Buffalo Bar, but not the worst of it.

The police then believe I was followed home, which is how they got my address.

As for the call: well, credit where it’s due, it’s pretty clever. If you call a landline it’s up to you to end the call. If the other person, the person who receives the call, puts down the receiver, it doesn’t hang up, meaning that when I attempted to hang up to go and find my bank card, the fraudster was still on the other end, waiting for me to pick up the phone and call “the bank”. As I did this, he played a dial tone down the line, and then a ring tone, making me think it was a normal call.

I thought this phone trick doesn’t work any more. It doesn’t work at my house—I just tried it. Maybe it still works in much of the UK.

Posted on July 30, 2013 at 7:33 AMView Comments

Security Risks of Too Much Security

All of the anti-counterfeiting features of the new Canadian $100 bill are resulting in people not bothering to verify them.

The fanfare about the security features on the bills, may be part of the problem, said RCMP Sgt. Duncan Pound.

“Because the polymer series’ notes are so secure … there’s almost an overconfidence among retailers and the public in terms of when you sort of see the strip, the polymer looking materials, everybody says ‘oh, this one’s going to be good because you know it’s impossible to counterfeit,'” he said.

“So people don’t actually check it.”

Posted on May 20, 2013 at 6:34 AMView Comments

Age Biases in Perceptions of Trust

Interesting research (full article):

Abstract: Older adults are disproportionately vulnerable to fraud, and federal agencies have speculated that excessive trust explains their greater vulnerability. Two studies, one behavioral and one using neuroimaging methodology, identified age differences in trust and their neural underpinnings. Older and younger adults rated faces high in trust cues similarly, but older adults perceived faces with cues to untrustworthiness to be significantly more trustworthy and approachable than younger adults. This age-related pattern was mirrored in neural activation to cues of trustworthiness. Whereas younger adults showed greater anterior insula activation to untrustworthy versus trustworthy faces, older adults showed muted activation of the anterior insula to untrustworthy faces. The insula has been shown to support interoceptive awareness that forms the basis of “gut feelings,” which represent expected risk and predict risk-avoidant behavior. Thus, a diminished “gut” response to cues of untrustworthiness may partially underlie older adults’ vulnerability to fraud.

EDITED TO ADD (3/12): I think this result reflects the fact that older people discount the future more than young ones, and therefore are more willing to gamble on a good outcome. It makes sense biologically; they have less future ahead of them. We see the same thing in pregnancy; older mothers have a higher threshold for spontaneous abortion of a risky embryo than younger mothers.

Posted on February 21, 2013 at 7:24 AMView Comments

Fixing Soccer Matches

How international soccer matches are fixed.

Right now, Dan Tan’s programmers are busy reverse-engineering the safeguards of online betting houses. About $3 billion is wagered on sports every day, most of it on soccer, most of it in Asia. That’s a lot of noise on the big exchanges. We can exploit the fluctuations, rig the bets in a way that won’t trip the houses’ alarms. And there are so many moments in a soccer game that could swing either way. All you have to do is see an Ilves tackle in the box where maybe the Viikingit forward took a dive. It happens all the time. It would happen anyway. So while you’re running around the pitch in Finland, the syndicate will have computers placing high-volume max bets on whatever outcome the bosses decided on, using markets in Manila that take bets during games, timing the surges so the security bots don’t spot anything suspicious. The exchanges don’t care, not really. They get a cut of all the action anyway. The system is stacked so it’s gamblers further down the chain who bear all the risks.

Posted on February 20, 2013 at 7:29 AMView Comments

1 10 11 12 13 14 35

Sidebar photo of Bruce Schneier by Joe MacInnis.