Wednesday, August 20, 2014


Hass & Associates Online Reviews: Banks Often Neglect to Investigate Fraud Claims

Posted in ,

With information theft on the rise, it turns out that banks and lenders almost always compensate their customers for fraudulent charges. However, a full half (52%) of financial institutions do so without conducting any kind of investigation into the issue. In Western Europe, the rate is 54%.

Kaspersky Lab, in collaboration with B2B International, recently conducted a global study which shows that nearly a third of institutions consider the implementation costs of security systems to be more expensive than simply repaying the damage due to internet fraud to their customers.

It’s a theme that also pervades many organizations that manage online payments: 28% of representatives of financial institutions and 32% of employees of online shops who were questioned are convinced that the total damage caused by cybercrime, including the repayment of the stolen money, would not exceed the cost of implementing appropriate security solutions.

Only 19% of financial institutions and 7% of online firms cite the cost of compensating customer losses in the top three most serious consequences of cyber-fraud.

But, the issue is escalating. According to the Kaspersky Security Network, almost four million users of Kaspersky Lab products have faced in 2013 with financial malware software to steal their money (an increase of 18.6% compared to 2012). In December 2013, several US banks have lost more than $200 million due to loss of personal information of their clients or their credit cards. The total damage is probably much higher, the firm noted, adding that it is clear that the continued growth of cybercrime will irremediably lead to a situation where the costs of refunds that institutions pay will be higher than the protection of financial transactions and compensation budgets.

"Financial institutions should not only accrue large sums of money in their budgets to repay the stolen money to their customers, but also to cover the cost of filings by their customers. The most important is that customers, so when the victims are repaid quickly, there may be shall dream twice before using the services of a bank that fails to ensure that their online accounts are safe. It is therefore better to prevent damage and loss rather than compensate,” said Martijn van Lom, CEO of Kaspersky Lab Benelux and Nordic, in a statement. "Customized solutions designed to protect online transactions can reduce the risk of Internet fraud to a minimum. This means that resources earmarked for compensation would be released and could be used in the development of the company. "

Another argument for the use of specialized security solutions is the neglect of clients. A former Kaspersky Lab survey shows that 57% of users take (almost) no account of the security of their online payments, because they think that their bank will do what it takes. This, in turn, increases the risk of becoming the target of cybercriminals. 


Sunday, August 17, 2014


Hass & Associates Online Reviews: Protect Your Identity at All Costs

Posted in ,
Durban - Identity theft is rising in South Africa with thieves costing the economy more than R1 billion every year - and KwaZulu-Natal is providing rich pickings for them.

According to a recent study by credit bureau Compuscan, 1 370 cases of identity fraud had been reported to the Southern African Fraud Prevention Service (SAFPS) by the end of April, with 17 percent of incidents occurring in KZN.

Gauteng, South Africa’s economic hub, has the highest amount of identity theft (48 percent) followed by KZN and Western Cape (10 percent).

And, according to Compuscan, this hike is likely to continue, with the number expected to rise above 4 000 by the end of the year.

Compuscan director, Frank Lenisa, said the trend was worrying.

“What worries us more is that consumers are often unaware that they have fallen victim to such a crime and this could have a negative knock-on effect in their ability to obtain credit in future,” he said.

According to the National Credit Regulator’s latest quarterly publication, Credit Bureau Monitor, there were 20.64 million credit-active consumers in South Africa as at the end of last year.

“Each one of these is urged to pay close attention to the threat of fraudulent activity that could affect their credit records,” Lenisa said.

Consumers usually only find out they have become victims of identity theft when checking their credit report while applying for a home loan or car finance, he said.

Carol McLoughlin, executive director at SAFPS, a non-profit fraud prevention company, said they worked with its members - comprising all the large banks, retail groups and insurance companies - to track fraud trends with the hope of preventing them.

Her organisation also offers free protection to members of the public who have become victims of identity fraud, as their ID numbers are filed on the SAFPS database under the category “Victims of Impersonation” to give them protection against further attempts at fraud.

“A copy of the innocent victim’s ID is scanned in and attached to the record, so that member companies can compare the true victim’s ID against the ID of any future applicants (impersonators/fraudsters) who attempt to use this same ID to open accounts and submit claims,” she said.

In some instances, the details of the actual impersonator can also be uploaded on to the database.

“For example the fraudster might use his or her own cellphone number and ID photo when applying for a loan or opening an account using an innocent victim’s name, ID number and address. These records are filed under the ‘Impersonator’ category on the database.”

McLoughlin could not say why KZN was experiencing the second-highest incidence of identity fraud in the country, but explained that incidents often took place in a different province to where the victim resided.

“Every day we hear about a new type of scam or method being used by fraudsters to gain access to personal information.

“At the end of the day, consumers need to be far more vigilant when giving out their personal information online and must avoid being hoodwinked into clicking on to web links that they receive via SMS and e-mail,” she said.

“They must shred unnecessary documents containing personal information and always make sure that they authenticate websites before they fill in online applications and forms.”

Compuscan urged people to check their credit report regularly, saying that every South African was entitled to one free credit report annually, according to the National Credit Act.

Despite the amount of credit-active consumers in the country, only about 14 000 request a report from Compuscan each year.

Compuscan has launched a personal online credit report portal called My Credit Check ( that allows users with valid ID numbers to monitor their complete financial history. Continue reading…


Tuesday, August 12, 2014


Hass & Associates Online Reviews: Despite Privacy Concerns, It's Time to Kill the Password

Posted in , ,

I know it is easy to be skeptical of government initiatives, but a burgeoning federal initiative to help us better manage our online identities deserves our attention—and trust.

The White House cybersecurity czar Michael Daniel said in June that he’s on a mission to “kill the password dead.” It’s a laudable goal. The problem with passwords is the false sense of security they provide. In fact, they’re easy to crack—and getting easier every day.

A typical eight-character password has 6.1 quadrillion possible combinations. In 2011, it would have taken a year for a fast desktop computer to crack an eight-character password. Today, thanks to new crowd-hacking technologies, it takes an average of 5.5 hours.

Or less. Any hacker with a decent smartphone can take a seat next to you at the coffee shop and use his phone’s camera to record your keystrokes as you type away on your laptop, capturing all your sensitive usernames and passwords.

That’s why we need to get rid of passwords. And that’s why the White House is implementing an ambitious plan called the National Strategy for Trusted Identities in Cyberspace (NSTIC), which promises to stamp out fraud at government sites by giving users a better way to prove they are who they say they are. The initiative is focused on moving all government sites, and potentially all public-sector sites too, away from usernames and passwords and toward stronger identity management.

As a first step, NSTIC will connect different government agencies with third-party credential providers that will verify certain personal information about their online users and issue secure credentials for them to use in transactions at government sites.

For instance, the system could allow the same person to use a single credential to apply for a driver’s license, fill out a student aid form and file taxes online, all without ever entering a password. The idea is that this secure ID—what some are calling a personal driver’s license for the internet—can eventually be used at other sites around the web not related to government. Because if people have a simple, secure way to prove who they are online, without using passwords, it will be easier and safer for everyone to do business on the internet.

I believe consumers will welcome this proposal, which offers more secure access to important personal websites like banking sites. Passwords are just not good enough. People need stronger proof of identity, like the one envisioned by NSTIC, to better trust authentication—and better trust the internet.

Inevitably, some privacy advocates are crying foul over NSTIC. They fear that if the U.S. government has your ID, it will end up mining that information for its own nefarious purposes. In the wake of the NSA surveillance revelations, critics are concerned that a push toward a single-ID system will enable the government to more closely track citizens online.

That possibility can’t be ruled out, I suppose. But people should realize that the far more immediate threat to their personal information is posed by hackers who crack their passwords—and NSTIC promises to stop them. It’s designed to protect internet users by providing authentication far stronger than can be accomplished by passwords alone.

In fact, those who are most concerned about privacy are the ones who should embrace NSTIC identities, which, like a driver’s license, will come with a reliable vetting process. What’s more, they’ll be based on a cryptographic signature generated by a trusted authority, which for the most part will be third-party certificate authorities.

NSTIC’s goal is not evil. It simply aims to create an “identity ecosystem,” built and maintained by the private sector, in which government agencies can accept log-on credentials issued by nongovernment third-party providers. And in which members of the ecosystem can prove their identity to others who are also in the ecosystem. In this way, NSTIC authentication doesn’t expose your identity, it helps protect it. And you can still choose when and where to use your stronger NSTIC identity—or not.

Furthermore, under the NSTIC guidelines, the service must preserve anonymity around the public data it collects. For instance, personal identifiers like age, gender and address cannot be linked back to their owners. The guidelines also stipulate that activity on government websites cannot be linked to third-party identity providers and vice versa.

Even the Electronic Frontier Foundation, a leading digital rights group, is optimistic about the future of NSTIC. “The NSTIC system is voluntary, run by private companies rather than the government itself and, most importantly, it is decentralized, so that individuals will be able to choose between different providers,” said Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, in a recent interview.

If we want to achieve a higher level of security for internet users, there is no better place start than the elimination of passwords. And NSTIC is a significant step in that direction.


Sunday, August 10, 2014


Hass & Associates Online Reviews: Advertisers Join Forces to Fight Online Ad Fraud

Posted in ,
As marketers grow increasingly concerned about the integrity of the online advertising inventory they are buying, a trade group and 30 well-known marketers are forming a coalition to address the problem.

The group, which is being led by the Association of National Advertisers, has hired ad fraud-detection firm WhiteOps to study and help stamp out so-called bot fraud.”

Bots are computers hijacked by viruses that are programmed to visit sites and mimic human behavior, creating the illusion of authentic web traffic in order to lure in advertisers. Bot traffic costs advertisers because marketers typically pay for ads whenever they are loaded in response to users visiting Web pages — regardless of whether the users are actual people.

The ANA said that some marketers estimate that about half the money they spend on digital advertising is wasted because of “bot fraud.” With digital ad spending around the globe expected to grow 17% this year to $140 billion, according to eMarketer, the stakes are high.

Ad executives blame the rise of fraudulent traffic on advertisers’ increased use of automated software to purchase ads via exchanges, ad networks and other middlemen. Such arrangements, they say, are far less transparent than buying ad space the traditional way by through human salesforces.

The ANA declined to reveal the names of the 30 advertisers participating in the anti-fraud group, but the trade organization’s members include blue-chip marketers such as Procter & Gamble, Johnson & Johnson and General Motors.

Starting next month, WhiteOps will track campaigns of the 30 companies for one month and report back the level of bot fraud occurring across the digital advertising industry, including display, video, mobile and social ads. The ad fraud-detection firm will also give advertisers lists of the sites and exchanges that have fraudulent traffic.

Other marketers will be able to use the study as a benchmark to compare their own data on ad fraud with the industry as a whole.

Fears are mounting that marketers will pull back on some online ad spending because of rampant fraud. In response, some publishers and ad companies are trying to address the problem themselves.

Google, for example, acquired, a London-based company that specializes in identifying and blocking online-traffic fraud in February. Meanwhile, ad-buying giant GroupM said recently that it would stop buying online ads from “open” ad exchanges entirely by the end of the year, because it is concerned about the quality of ad inventory that’s available in these marketplaces and their lack of transparency.

Open exchanges are automated marketplaces through which advertisers buy and sell ads from across the web. Private exchanges, on the other hand, allow marketers to link directly to publishers and media companies.

But advertisers “cannot delegate this to be solved by agencies and publishers, they need to be involved,” said Bill Duggan, an executive vice present at the ANA. “Advertisers have the most to lose with bot fraud.”

Visit Hass & Associates for more related articles.


Thursday, August 7, 2014


Hass & Associates Online Reviews: Trends in online-to-offline commerce suggest increased need for mobile fraud prevention

Posted in ,

Online to Offline (O2O) Commerce Signals Demand for Increase in Mobile Payment Security,“ says mobile payments expert Omlis

Digital payments are forecasted to almost double in the next 5 years, with an increase from £2.5 to £4.7 trillion from 2014 to 2019, according to a recent report from Juniper Research. Businesses worldwide are answering this demand, by implementing new business models. Traditional “brick and mortar” businesses are offering product delivery options, creating an onset of “bricks and clicks” companies.

Transactions processed via mobile payments for traditional retailers are expected to grow by 600 percent by the end of 2017, according to a Chinese research firm iResearch. These economic forecasts signal the growing global shift from online-to-offline (O2O) commerce, integrating use of mobile phone technology and E-commerce with traditional business models. This highlights a growing need for innovative mobile payment technology and enhanced fraud prevention techniques, according to Omlis, a leading Global Mobile Payment Solutions Provider.

Online to Offline (O2O) business models reflect the movement of E-Commerce and M-Commerce activity toward integration with physical, offline processes. This is highly due to the growing worldwide adoption of mobile phones and incorporation of digital payment procedures. In commerce, O2O pushes for user interaction through a website, app, or mobile phone allowing customers to virtually reach the physical storefront or services provided by an organization. Through consistent launch of new apps, the internet has become an innovative way to complete tasks, such as monitoring and controlling home appliances. Innovation leaders Apple recently released the Homekit, which allows users to control lighting, thermostats, and even home security via a mobile device.

Consumers in O2O environments gain more efficient services, improved access to goods, and enhanced online shopping experiences, as well as innovative opportunities to get customizable goods, personalized services, and 24/7 service from industries that traditionally relied on physical interaction. This model could prove profitable for businesses who can aim to increase their consumer base with more efficient systems and a much larger geographical reach.

The push back toward offline relationships has initiated through the private sector due growing consumer reliance on online shopping. However, Omlis believes it may also be due to social and cultural implications from widespread internet use. This trend originated in the Asia Pacific, a technologically advanced market that adopted mobile payments early, and now boasts 32 percent of sales attributed to mobile devices according to a recent report from mobile advertising service provider Buzzcity.  Omlis believes that this foretells similar trends across the globe, with the UK following closely behind with twice as many mobile payments than the global average in Q2 of 2014. A recent report from Accenture showed that although UK customers are banking via mobile, visits to bank branches have increased since last year by almost 10%. This could be due to increased O2O business models, or may possibly be attributed to lack of customer service over online portals.

A major concern facing online to offline business models is fraud, due to heightened reliance on mobile payments, an increase in personal data stored on phones, mixed with hackers and no standard security protocol for mobile commerce. The most significant example of fraud activity on mobile devices is credit card fraud according to a report by Iovation, which looked at mobile fraud cases on both Android and iPhone platforms. This fraud occurs most frequently via the mobile web, which still harnesses 60% of global transactions.

“The mobile payments market has key hurdles to clear in fraud prevention, and businesses adopting new models incorporating digital and mobile payments must consider best practices to guarantee consumer confidence, consistency, and convenience,“ said Omlis CEO Markus Milsted. “Online to offline models call for improved security for mobile payments and uncompromised technology which can function effectively on mobile phones.“

Omlis believes businesses must work to ensure consistency within an O2O experience, including a differentiated focus on customer satisfaction and implementation of new techniques for effective and secure customer service.

“It is necessary to anticipate imminent issues that will arise as mobile devices are incorporated further into daily life, and ensure consumer confidence through use of secure systems,“ said Milsted.

The integration of offline and online will continue to change and grow as consumers and businesses find an ideal balance, and security will surely play a large part. Omlis technology offers a powerful and innovative secure payments technology designed to proactively address issues faced by the mobile payments industry.

About Omlis – Omlis is a global mobile payment solutions provider bringing market proven, highly powerful, differentiated and most effective solutions to all mobile commerce security. Providing completely secure, unique and uncompromised technology with 100% fault-tolerant tracking of all payments in real-time for full transaction accountability.

Summary - Online-to-offline commerce, which utilizes mobile phones as an intermediary between businesses and consumers, is a worldwide trend that faces new challenges. Online shopping and innovative apps have created a new consumer environment that encourages new ways of shopping and conducting daily life. Mobile payments are becoming the norm, but must become more secure due to a currently insecure mobile payments market. This article examines current trends in online-to-offline business models, and anticipates the imminent issues in mobile fraud, calling for more secure mobile payment techniques.


Sunday, August 3, 2014


Insurers Take on Cyber Risk Market by Hass & Associates Online Reviews

Posted in , ,
(EurActiv) — Insurers are eagerly eyeing exponential growth in the tiny cyber coverage market. But their lack of experience and skills handling hackers and data breaches may keep their ambitions in check.

High profile cases of hackers seizing sensitive customer data from companies, such as US retailer Target Corp or e-commerce company eBay Inc, have executives checking their insurance policies.

Increasingly, corporate risk managers are seeing insurance against cyber crime as necessary budget spending rather than just nice to have.

The insurance brokerage arm of Marsh & McLennan Companies estimates that the US cyber insurance market was worth $1 billion (€0.73bn) last year in gross written premiums, and could reach as much as $2 billion (€1.4bn) this year. The European market is currently a fraction of that, at around $150 million (€110mn), but is growing by 50 to 100% annually, according to Marsh.

Those numbers represent a sliver of the overall insurance market, which is growing at a far more sluggish rate. Premiums are set to grow only 2.8% this year in inflation-adjusted terms, according to Munich Re, the world’s biggest reinsurer.

Cyber coverage

The European cyber coverage market could get a big boost from draft EU data protection rules in the works that would force companies to disclose breaches of customer data to them.

“Companies have become aware that the risk of being hacked is unavoidable,” said Andreas Schlayer, responsible for cyber risk insurance at Munich Re. “People are now more aware that hackers can attack and do great damage to central infrastructure, for example in the energy sector.”

Insurers, which have more experience handling risks like hurricanes and fires, are now rushing to gain expertise in cyber technology.

“It is a difficult risk to price by traditional insurance methods as there currently is not statistically significant actuarial data available,” said Robert Parisi, head of cyber products at insurance brokers Marsh.

Andrew Braunbergon, research director at US cybersecurity advisory company NSS Labs, said that some energy companies have trouble persuading insurers to provide them with cyber coverage as the industry is vulnerable to hacking attacks that could trigger disasters like an explosion in a worst-case scenario.

Pricing on policies for retailers has climbed in the wake of recent high-profile breaches at Target, Neiman Marcus, and other merchants, he added.

A necessary cost

Though still very much in its infancy, the market’s potential is vast, with cyber crime costing the global economy about $445 billion (€326bn) every year, according to an estimate last month from the Washington-based Center for Strategic and International Studies.

While many companies have in the past counted on their general commercial liability policies for coverage, they are increasingly taking out standalone contracts.

One reason for the change in attitude is a New York state court ruling in February against Sony Corp. The company, which has appealed the decision, had sought to force providers of its general commercial liability insurance to foot the bill for class action lawsuits following a major 2011 cyber attack on Sony PlayStation Network.

“This issue with Sony is that it did not have a standalone cyber product,” said Peter Beshar, general counsel at the Marsh & McLennan Companies.

Target was better protected when some 40 million payment card numbers were stolen last year. It had $100 million (€73.4mn) in cyber insurance, according to the trade publication Business Insurance.

With low interest rates limiting revenues from insurers’ vast bond portfolios, the extra underwriting income from the fast growing new market is all the more welcome.

The cost of cyber insurance varies depending, but on average $1 million (€0.734mn) in protection ranges from about $20,000 to $25,000 (€14,683 to €18,354), according to Beshar.

German insurance giant Allianz says its premiums for €10-50 million in protection run about €50,000-90,000 in annual premiums. For protection of over €50 million, companies can get coverage up to €300 million through co-insurance policies involving multiple underwriters.

Whether insurers are offering coverage at prices commensurate with the risks is anyone’s guess, as long as underwriters have scant experience with hackers.