fbpx
Connect with us

Feature Articles

Top UK operators join forces to fight online identity fraud

Yehia El Amine

Published

 on

The UK’s four mobile network operators – EE, O2, Three, and Vodafone – have teamed up in developing a new application that aims to fight online identity fraud.

The app, called Number Verify, aims to strengthen consumer safety online and works as a verification software that allows customers to authenticate their user identities through matching phone numbers used in a web or app session to ensure the details being provided are the same registered on the customer’s account.

“Working collaboratively, as an industry the four operators can offer service providers and app developers reach that covers 65m mobile data connections, which is a powerful weapon in the fight against fraud,” Gareth Elliott, Head of Policy and Communications at Mobile UK said in a statement.

The app will allow businesses with mobile apps such as financial services (banks, building societies), e-commerce, gig economy platforms and social networks to enable their consumers to prove their identity when completing transactions on their mobile phones.

This will help businesses stay confident that customer identities are genuine – reducing fraud whilst still preserving their privacy.

“In a world of increasing digital transactions, the launch of Number Verify is an evolution in how customers can be protected against cybercrime and social engineering attacks,” Elliott added.

Prior to the launch of Number Verify, a common way for businesses to verify users was by sending a one-time passcode to the consumer’s mobile phone. This was then input into the business’s mobile app or website to confirm possession of the mobile phone.

Number Verify simplifies this process and is PSD2 SCA (Strong Customer Authentication) compliant, which means it adheres to regulation that has been adopted by the UK to protect business and consumers from the growing amounts of fraud in digital payments online.

Online identity fraud has been on the rise, especially during the Covid-19 pandemic.

According to a recent survey conducted by U.S.-based analytics, telco security, risk management firm, Mobileum Inc. 75 percent of operators polled were experiencing new or emerging incidences of fraud and 61 percent said network security threats increased or significantly increased since the beginning of the Coronavirus pandemic.

The company surveyed more than 200 executives from 90 Communications Service Providers (CSPs) on the effect of Covid-19 on their operations, it found that:

  • 47 percent said fraud events increased or significantly increased
  • 55 percent said they will implement new approaches to customer interactions
  • 71 percent said the impact of COVID-19 would not change their 5G rollout plans
  • 75 percent said they will not change their IoT roaming plans
  • 30 percent said accounts receivable increased by at least 10 percent

“The onset of the pandemic saw a growth in customers seeking advice on how to manage the emerging security, risk management, and business assurance challenges. The findings from the survey underline how CSPs need to be constantly vigilant and put in place the mechanisms to protect their customers, network and overall business sustainability,” commented Bernardo Lucas, Mobileum CMO.

Telecom fraud is considered one of the most serious threats the industry has faced; as it refers to the abuse and manipulation of telecom products – such as telephones and mobile phone – or services with the intention of illegally and illicitly acquiring embezzling money from communication service providers or its customers.

According to the EU’s law enforcement cooperation, telecom fraud can take a plethora of different forms, among them:

International Revenue Sharing Fraud (IRSF)

This is the most damaging fraud scheme to date, where a criminal partner with an International Premium Rate Number (IPRN) provider charges high rates for call termination and agrees to share revenue for any traffic generated by the fraudster.

IRSF is characterized by:

  • High volume of international calls, often with long duration, to a single high-cost destination.
  • Some calls are automatically generated by the fraudsters (e.g. botnets and servers running stolen SIM cards) while others are done by consumers.
  • High revenue for the criminals obtained because of the inter-carrier trust between telecom operators. As there is no customer to bill because the connection is fraudulent, the originating operator must pay and carry that loss.

Telecom Fraud – How does it Work?

This crime can have a significant impact on you as customers:

  • Loss of connectivity due to being blocked at the carrier/telecom infrastructure level
  • Prolonged outages while you justify to the carriers involved that you are the victim and not the perpetrator
  • Extremely expensive phone bills

Not all International Premium Rate Number (IPRN) providers are fraudsters. There are legitimate operators offering genuine services.

One (ring) and cut – Wangiri fraud

Wangiri is a Japanese word meaning ‘one (ring) and cut.’

It’s a telephone scam where criminals trick you into calling premium rate numbers. A fraudster will set up a system – for instance using botnets – to dial many random phone numbers. Each call rings just once, then hangs up, leaving a missed call on the recipient’s phone.

Users often see the missed call and, believing it was legitimate, call back.

What are the signs? The call…

  • Takes place at night or during working hours (reducing the chances for the recipient to answer the call).
  • Rings only once.
  • Displays an unusual international country code.

What can you do?

  • If you have a missed call from an unknown number, don’t call back. A legitimate caller will either leave a message or call back.
  • If you receive several such calls, let your phone operator know.

Vishing calls

Vishing (a combination of the words Voice and Phishing) is a phone scam in which fraudsters trick you into divulging your personal, financial or security information or influence you to transfer money to them.

What can you do?

  • Beware of unsolicited telephone calls.
  • Take the caller’s number and advise them that you will call them back.
  • To validate their identity, look up the organization’s phone number and contact them directly.
  • Don’t validate the caller using the phone number they have given you (this could be a fake or spoofed number).
  • Your personal details may be available online (e.g. on social media). Don’t assume a caller is genuine just because they have such details.
  • Don’t share your credit or debit card PIN number or your online banking password. Your bank will never ask for such details.
  • Don’t transfer money to another account on their request. Your bank will never ask you to do so.
  • If you think it’s a bogus call, report it to your bank and let your phone operator know
  • Block unknown and unwanted calls – ask your phone carrier about available blocking tools.

The ongoing battle against online identity fraud is evident. As long as new technologies continue to emerge, hackers and cyber criminals will always try to worm their way into the system; but by applying the right fraud prevention and detection techniques and solutions, customers can shield themselves from these attacks.

Advertisement

Yehia is an investigative journalist and editor with extensive experience in the news industry as well as digital content creation across the board. He strives to bring the human element to his writing.

Cybersecurity

Ways for remote workers to stop cybercriminals

Yehia El Amine

Published

 on

cybercriminals

The COVID-19 pandemic has drastically changed the way humans interact with each other across the board, handshakes have switched to fist bumps, massive conferences have gone digital in the form of webinars, and more importantly, employees have built makeshift offices within the comfort of their own homes.

According to Shefali Roy, former CCO & COO at TrueLayer, a UK-based FinTech firm, working from home has become the new norm.

“People are working longer and harder, which can be a big cause for concern with regards to employee burnout since they’re on high alert at all times due to the sudden merge of workstations and home comfort,” Roy said during a the MoneyFest 2020 webinar.

Thus, it isn’t strange for employees to start asking their employers about their work-from-home policy.

While remote working offers safety from a physical virus, it exposes employees to threatening digital viruses. Cybercriminals have taken advantage of this shift in the workplace and have targeted their sights around remote employees across the board.

According to a report published by Kaspersky there have been almost 726 million confirmed cyberattacks since the beginning of the year; “This has put 2020 on course to rack up somewhere in the region of 1.5 billion cyberattacks for the year,” the report stated.

While some companies have rejuvenated their IT security teams to deal with threats, many other companies haven’t and a big number of businesses are exposed to these breaches every day.

This leaves workers to fend for themselves against sophisticated cybercriminals’ intent on stealing their information and wreak havoc on businesses.

Fret not, according to the National Cyber Security Alliance, a U.S.-based cybersecurity non-profit, there are a number of ways that can help you protect your sensitive company information while venturing out of the digital safety of the office:

  • Think before you click. Cybercriminals are taking advantage of people seeking information on COVID-19. They are distributing malware campaigns that impersonate organizations like WHO, CDC, and other reputable sources by asking you to click on links or download outbreak maps. Slow down. Don’t click. Go directly to a reputable website to access the content.
  • Lock down your login. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
  • Connect to a secure network and use a company-issued Virtual Private Network (VPN) to access any work accounts. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase. Employees should not be connecting to public Wi-Fi to access work accounts unless using a VPN.
  • Separate your network so your company devices are on their own Wi-Fi network, and your personal devices are on their own.
  • Always keep devices with you or stored in a secure location when not in use. Set auto log-out if you walk away from your computer and forget to log out.
  • Limit access to the device you use for work. Only the approved user should use the device (family and friends should not access a work-issued device).
  • Use company-approved/vetted devices and applications to collaborate and complete your tasks. Don’t substitute your preferred tools with ones that have been vetted by the company’s security team.
  • Update your software. Before connecting to your corporate network, be sure that all Internet-connected devices ‒including PCs, smartphones, and tablets ‒ are running the most current versions of software. Updates include important changes that improve the performance and security of your devices.

While employees can arm themselves with these helpful tips to fend off cyberattacks and breaches, remote workers can still educate themselves on how to spot phishing and ransomware attempts.

There are more than a handful of hints that could flag emails as suspicious or malicious, such as:

  1. Strange requests: these types of emails tend to give out information that’s out of the ordinary, maybe an unexpected request or one that isn’t directly relevant to you. The most likely case is that it’s a typical phishing email, even if the domain came from within your very own organization, call the sender and ask.
  2. Generic salutations: If someone is sending you an email and not addressing you personally, then chances are the sender doesn’t know who you are. Best-case scenario, it could be a marketing campaign, or the worst-case scenario is that you’re being targeted.
  3. Spelling errors: especially during emails, people will always double and triple check their emails for typos and spelling errors to remain professional. Thus, finding these errors are ‘phishy’ so beware!
  4. Be wary of attachments: this is exactly how cybercriminals worm their way into computers, which is why if the sender or email seems suspicious, chances are, the virus is laying in wait in the attachment.
  5. Shady URLs: hiding or spoofing links is the easiest thing to pull off, since the URL could take you to a different destination to where a link reads; although staying away from it is the best course of action, you could always hover over the link to check if the destination leads to where you expect it to.
  6. You’ve won our competition:while these traps can obviously be spotted, people are still falling for these schemes in 2020. Always remember, if it’s too good to be true, then it most likely is, so stay away.
  7. Scaremongering: A common approach used by cybercriminals is to claim something like “your account has been breached!”. This creates a sense of urgency and vulnerability and can prevent people from thinking clearly. If the claims in the email were true, would the sender really tell you in this way? Always check through a different means of communication.
  8. Change of behavior: Maybe you’ve received an email from somebody you trust such as your boss, or colleague, but the language used is different from normal. Maybe it’s too formal or informal. Maybe the email signature isn’t the normal one used. You’re probably used to the way these individuals talk to you, so if it’s not normal, something weird might be going on.

As time passes, and technologies get more and more advanced, so do cybercriminals, as they stay up to date with the technological winds of change to further find their weak points. Thus, employees who choose to stay remote have a responsibility toward their employers to remain safe online, as the damages are no longer measured on an individual level, but can take down entire organizations.

Continue Reading

Feature Articles

The importance of IoMT security across the healthcare system

Karim Hussami

Published

 on

IoMT

In our hyper-connected world, advancing technology in IoT is bringing promise to many systems across industry sectors.

The Internet of Medical Things or IoMT which is a subset of the Internet of Things is one of the many emerging technologies that has impacted the healthcare system and our lives.

Hospitals and medical centers depend on smart devices for doctors to monitor their patients and their medical situations quickly and efficiently. In addition, these devices offer more precise analysis and earlier recognition of medical issues with the help of information flow.

According to a report published by Deloitte, “Hospitals in the U.S. have an average of 15 smart medical devices per bed, while the IoMT market is expected to reach $52 billion by 2022.”

Security risks for smart devices

IoMT, like any other technological device, is also subject to security risks such as cyberattacks. Malicious activities have increased in number in the last few years targeting medical institutions and being the cause of major disruption in the healthcare system, financial losses, which has lowered patient’s confidence in healthcare.

For example, hackers disabled computer systems at Düsseldorf University Hospital in Germany last September and led to the death of a patient while doctors attempted to transfer her to another hospital. The ransomware attack scrambles data, making computer systems inoperable.

The hospital’s President Arne Schönbohm said hackers took advantage of a well-known vulnerability in a piece of VPN (virtual private network) software developed by Citrix and warned other organizations to protect themselves from the flaw.

The need to implement robust IoMT security solutions in the medical industry has never been more important. Encryptions and conducting a secure boot – making sure that when a device is turned on, none of its configurations have been modified – are some of the basic yet fundamental security measures providers and manufacturers of IoT devices can take.

Other important security measures:

  • A defense strategy should be put in place and implemented with multiple layers of security available to protect against any risk. Make sure that authentication is properly followed, device access is limited, and device-to-device communication is monitored carefully.
  • The IoT device should be tested before it is put into production. Monitoring device security should be done throughout its life cycle to ensure fewer vulnerabilities. After the machine has been produced, security measures should be incorporated into its design such as conducting a risk assessment before the device is released for use in the market. Authentication measures should be built into the device.
  • Create an environment for teaching the culture of security, where the IT department can inform employees about issues and their dangers on the system or company they work for. In addition, conducting regular trainings to recognize vulnerabilities, cyber threats, risks and anomalies will speed up breach response.

Cyberattacks will never simply vanish. No matter the level of precautions we take, there will always be a degree of risk but making sure devices are secure and teams are vigilant and prepared, may help reduce overall disruption caused by cybercrime.

Continue Reading

Feature Articles

Taiwan: plans that will enable Fintech firms to access more customer data

Karim Hussami

Published

 on

Taiwan: plans that will enable Fintech firms to access more customer data

An open database of information is highly relevant for enterprises to get an idea of people’s needs and preferences which will give companies a chance to improve the quality of their products and services and help cultivate new ones.

The Joint Credit Information Center (JCIC) in Taiwan is planning to establish a database for local financial technology firms to obtain information on consumers’ credit risk information, the Financial Supervisory Commission (FSC) reported.

One of the ways in which financial service providers tend to use or deliver innovative services, is by adopting new technology. This has led Taiwan financial industry to spend over $700 million in 2017, on FinTech R&D and solutions in the areas of AI, AML, biometrics, blockchain, cloud services, cybersecurity, data analytics, payment, among other tech initiatives.

More info, better service

Taiwan’s information technology infrastructure is well-developed, with 90% 4G penetration and 80% mobile penetration, according to the International Trade Administration. “Taiwan is a strong market for e-commerce, online entertainment, mobile payment, and other technology-driven services.”

According to FSC Banking Bureau, electronic payment users exceeded eight million people in April 2020.

Respectively, information about consumers is a crucial part in company’s businesses and continuity as well as its success, that is why sharing is essential to progress.

After Fintech companies held a meeting in June 2020 with Taiwan’s Financial Supervisory Commission (FSC) Chairman Thomas Huang, suggestions circulated during the discussion noting that the center should make its data accessible to the fintech firms for the fact that the type of information it provides could help with developing various financial products or services.

As plans go ahead, the database would be launched in October 2021, according to the Banking Bureau, adding that fintech companies could also use the National Development Council’s open data service.

According to the Taipei Times, up until this time, 426 financial sector companies including local banks, securities firms, credit cooperatives, insurance providers and credit card issuers are among the businesses that have benefitted from JCIC’s raw data – currently not including Fintech enterprises.

Consumer approval before gaining access

Accessing information related to consumers is not as simple as one might think because it depends on customer approval and whether they agree to share their personal preferences online for a specific service.

Banking Bureau Chief Secretary Phil Tong said, “With consumers’ approval, the agency (JCIC) would provide their lending and repayment data to the companies, including how much money they have borrowed, what kind of loans they have taken and whether they have repaid on time.”

According to sources, the new database will not include consumers’ raw data and will follow personal data protection rules. The JCIC doesn’t share customers actual financial records.

Obviously, the new normal in business practice is for companies to obtain information about their customers, whether by their own efforts or by the help of a third party. Today, data enables growth.

Continue Reading

Trending