Make a blog

floriandresner

1 month ago

Japanese government plans cyber attack institute by Online Security

Japanese government plans cyber attack institute by Online Security

The government of Japan will create an institute to train employees to counter cyber attacks. The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure.

 

The training institute, which will operate as part of Japan’s Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks. A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs.

 

The source also stated that there is potential for a joint exercise in cyber awareness between the Japanese group and foreign cybersecurity engineers in the future.

 

The counter cyber attack training institute will take 100 employees of electrical power and related firms and train them for a full year in Tokyo, using former hackers and cyber security experts as instructors. Funds will be allocated through an extra budget that is currently being compiled.

 

Cyber security is a growing concern in Japan, where over 12 billion cyber attacks were reported in 2014 by the National Institute of Information Technology. The Japanese national police force reported that instances of cyber crime investigated by the police rose 40% from 2014-2015. In February of this year, a study at Cylance SPEAR identified a hacking group that was targeting Japanese infrastructure. While the group was involved mainly in spying activities and had yet to launch a disruptive or destructive attack, the report warned that the activity was likely to escalate.

 

The need for a comprehensive cybersecurity training program focused on electrical infrastructure was highlighted after the December 2015 power outage in Ukraine, which left 230,000 citizens without power or heat. That attack, the first time a confirmed hack brought down a power grid, demonstrated the vulnerability of electrical stations to a malicious cyber attack. While employees were able to bring the systems back online in a few hours, the power station control centers were reportedly not fully operational for months after the attack.

 

In June of 2015, Japan’s pension agency was illegally accessed, and the personal data of over 1 million users was leaked. Then, in January of this year, Japan’s Hokkaido University suffered a breach that resulted in the leak of personal data for 110,000 of its students. An unsecured server in the career placement office was believed to be the source of the hack.

1 month ago

Fighting Online Fraud Through eDNA by Online Security

Fighting Online Fraud Through eDNA by Online Security

Long ago, a cartoon ran in The New Yorker, showing a canine seated at a desktop computer. “On the internet,” ran the caption, “nobody knows you’re a dog.”

 

The same premise holds true today and poses a knotty question in online commerce and FinTech: How do you know the person on the other end of a transaction is really who they say they are? And even if you do confirm their identity, how do you know that person can be trusted?

 

One firm, IdentityMind Global, provides real-time risk management and fraud prevention through “digital identities,” collecting data across dozens of parameters, separating the financial ecosystem into good actors — those deserving of trust (and completed transactions) — and, well, bad actors.

 

In an interview with PYMNTS’ Karen Webster, Garrett Gafke, president, CEO and founder of IdentityMind Global, said that the construction of digital identities, by necessity, goes well beyond data that might be thought of as standard, such as a street address, a credit card number or a two-factor security question test.

 

True merchant risk goes hand-in-hand with global digital commerce and, as Gafke described it, comes in the form of people with little or no history — no history of driver’s licenses, credit cards issued, traditional bank accounts or other standard bits of information. They may not even be scored by the traditional credit bureaus. Yet, these individuals are looking to do business and conduct transactions. Their would-be partners on the other end of the transaction must decide whether to enter into a relationship (however fleeting) with that consumer … or not.

 

Gafke noted that “transactions of any kind leave a kind of financial, online exhaust” and that each transaction has attributes that, taken together over time, ultimately, can be assembled into a digital identity. “This is real, current information,” said Gafke, “rather than just public, physical information. Good reputations are built slowly, while bad reputations come very quickly.”

 

That digital identity is established, as Gafke said, in IdentityMind Global’s platform, which links and finds correlations between disparate bits of information and transaction trails that “process, capture, rate and build overall profiles on online identities.” Emails, digital wallets and payments are all linked together, said the executive, to build a “trusted” digital identity.

 

“Trust” would be the operative word in the relationship between individuals and the firms with which they seek to do business. Trust would also extend to, and be colored by, the people associated with that individual or business. Consider how, in the age of social media, amidst concerns about money laundering, an individual might be viewed with demonstrable trails of following, say, terrorist-linked groups on Twitter.

 

In a recent whitepaper by the firm, IdentityMind Global also noted that additional data points may come from internet-enabled devices, which can, for instance, help bring location into consideration when determining good actors from bad and in screening across sanctioned individuals or nations.

 

Using these techniques, said IdentityMind Global in its whitepaper, can help reduce manual review time. There is also a financially positive impact, via a 60 percent reduction in transactional fraud from chargebacks and a 90 percent reduction in fraud that comes at the point of account origination.

1 month ago

Fighting Online Fraud Through eDNA by Online Security

Fighting Online Fraud Through eDNA by Online Security

Long ago, a cartoon ran in The New Yorker, showing a canine seated at a desktop computer. “On the internet,” ran the caption, “nobody knows you’re a dog.”

 

The same premise holds true today and poses a knotty question in online commerce and FinTech: How do you know the person on the other end of a transaction is really who they say they are? And even if you do confirm their identity, how do you know that person can be trusted?

 

One firm, IdentityMind Global, provides real-time risk management and fraud prevention through “digital identities,” collecting data across dozens of parameters, separating the financial ecosystem into good actors — those deserving of trust (and completed transactions) — and, well, bad actors.

 

In an interview with PYMNTS’ Karen Webster, Garrett Gafke, president, CEO and founder of IdentityMind Global, said that the construction of digital identities, by necessity, goes well beyond data that might be thought of as standard, such as a street address, a credit card number or a two-factor security question test.

 

True merchant risk goes hand-in-hand with global digital commerce and, as Gafke described it, comes in the form of people with little or no history — no history of driver’s licenses, credit cards issued, traditional bank accounts or other standard bits of information. They may not even be scored by the traditional credit bureaus. Yet, these individuals are looking to do business and conduct transactions. Their would-be partners on the other end of the transaction must decide whether to enter into a relationship (however fleeting) with that consumer … or not.

 

Gafke noted that “transactions of any kind leave a kind of financial, online exhaust” and that each transaction has attributes that, taken together over time, ultimately, can be assembled into a digital identity. “This is real, current information,” said Gafke, “rather than just public, physical information. Good reputations are built slowly, while bad reputations come very quickly.”

 

That digital identity is established, as Gafke said, in IdentityMind Global’s platform, which links and finds correlations between disparate bits of information and transaction trails that “process, capture, rate and build overall profiles on online identities.” Emails, digital wallets and payments are all linked together, said the executive, to build a “trusted” digital identity.

 

“Trust” would be the operative word in the relationship between individuals and the firms with which they seek to do business. Trust would also extend to, and be colored by, the people associated with that individual or business. Consider how, in the age of social media, amidst concerns about money laundering, an individual might be viewed with demonstrable trails of following, say, terrorist-linked groups on Twitter.

 

In a recent whitepaper by the firm, IdentityMind Global also noted that additional data points may come from internet-enabled devices, which can, for instance, help bring location into consideration when determining good actors from bad and in screening across sanctioned individuals or nations.

 

Using these techniques, said IdentityMind Global in its whitepaper, can help reduce manual review time. There is also a financially positive impact, via a 60 percent reduction in transactional fraud from chargebacks and a 90 percent reduction in fraud that comes at the point of account origination.

1 month ago

Fighting Online Fraud Through eDNA by Online Security

Fighting Online Fraud Through eDNA by Online Security
2 months ago

Online Security: These Are Today's Top 8 Cyber-Crime Trends According to Europol

Online Security: These Are Today

In its Internet Organized Crime Threat Assessment (IOCTA) report released today, Europol has detailed today's top 8 most prevalent cybercrime trends, for which investigators have seen a rise in detected incidents since the start of the year.

 

The report, which highlights an upward trend for volume, scope and material cost of cybercrime, comes on the heels of UK authorities announcing earlier in the year that cybercrime has surpassed traditional crime for the first time in their country's history.

 

#1: Crime-as-a-Service

Europol says that the digital underground is shifting towards a Crime-as-a-Service business model, with various individuals and groups specializing in a niche crime and providing technical support and service for that crime alone using online services.

 

From illegal weapons sales to on-demand hacks, and from DDoS-for-Hire services to exploit kit packages, you can buy online almost any type of cybercrime service these days.

 

#2: Ransomware

If you read Softpedia's Security News section, you can hardly go one day without reading a report on ransomware-related topics. Besides ransomware, Europol also says that banking trojans have been a popular form of malware this year as well.

 

#3: The criminal use of data

Recent hacks and data breaches have thrust troves of data in the public eye, which crooks are leveraging for other hacks, fraud, and even extortion.

 

#4: Payment fraud

Europol says it received a large number of fraud complaints, which were traced back to organized crime groups hacking ATMs, EMV, and contactless (NFC) cards.

 

#5: Online child sexual abuse

The large number of online tools and services providing complex and unbreakable end-to-end encryption, along with anonymous payments supported via crypto-currencies has resulted in "an escalation in the live streaming of child abuse."

 

#6: Abuse of the Darknet

More and more crime-related activities have now moved to the Darknet (or Dark Web), a portion of the Internet for which you need special software like Tor and I2P to access. Criminals are taking advantage of the anonymity these networks provide to go about their business unabated.

 

#7: Social engineering

Europol says that spear-phishing incidents aimed at high-value targets have gone up in 2016, and it highlights the increase in CEO fraud (BEC scams) attacks.

 

#8: Virtual currencies

Europol says Bitcoin has become the de-facto standard currency for extortion payments. This is also the reason why Europol established a Bitcoin Money Laundering Division earlier this month.

2 months ago

Phishing and Other Suspicious Emails by Oakmere Road

Phishing and Other Suspicious Emails by Oakmere Road

Phishing refers to an email that attempts to fraudulently acquire personal information from you, such as your Apple ID, password and/or credit card information. On the surface, the email may appear to be from a legitimate company or individual, but it's not.

 

As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email.

 

If you are concerned that your Apple ID or other Apple accounts may have been compromised, please refer to Apple ID Security below.

 

Reporting Suspected Phishing Attempts

If you receive what you believe to be a phishing email purporting to be from Apple, please send it to reportphishing@apple.com, a monitored email inbox, which does not generate individual email replies.

 

Forwarding the message with complete header information provides Apple with important information. To do this in OS X Mail, select the message and choose Forward As Attachment from the Message menu. For other email applications or webmail based services, consult your provider’s support information to determine how to forward messages with complete headers.

 

Additional Information Regarding Phishing

For more information about identifying legitimate emails from the iTunes Store, see Identifying legitimate emails from the iTunes Store.

 

For more information about identifying “phishing” emails, see Identifying fraudulent ‘phishing’ emails.

 

Reporting Other Suspicious Email

To report spam or other suspicious emails that you have received in your iCloud.com, me.com or mac.com inbox, please send them to abuse@icloud.com.

 

To report spam or other suspicious messages that you have received through iMessage, please send them to imessage.spam@apple.com with the requested information.

 

Apple ID and Account Security

For information about best practices in Apple ID security, see Apple ID: Security and your Apple ID.

 

For information about two-step verification for Apple ID, see Apple ID: Frequently asked questions about two-step verification for Apple ID.

 

If you believe that your Apple ID has been compromised, please visit Apple ID to change your password immediately.

 

If you need additional help, contact Apple Support for assistance:

 

- Apple ID Support

- iCloud Support

- iTunes Store Support

- iPhoto Support

- Apple Store Support

2 months ago

Oakmere Road: “Someone Has Reported Your Actions” Facebook Phishing Scam

Oakmere Road: “Someone Has Reported Your Actions” Facebook Phishing Scam

Outline:

Message purporting to be from Facebook Security Management claims that your account will be disabled because other users have reported your actions. It instructs you to click a link to re-confirm your details or Facebook will remove your account.

 

Brief Analysis:

The message is not an official Facebook security warning. Instead, it is a phishing scam designed to steal your Facebook login details as well as your credit card numbers, your email account password, and other identifying information. It is just one in a long line of very similar scam messages. If you receive one of these messages, do not click on any links that it contains.

 

Example:

WARNING: Your account will be disabled!

Our system has received the reports from the other users about the misuse of your account. Someone has reported your actions, which violations of our terms.

Facebook does not allow:

• Pretending to be someone else

• Interfere with another comfort for the user

• Having more than one Facebook

• Share link or video content with pornographic videos

If you are really user of this account, you’ll need to re-confirm your account. It’s easy, Click the link below to confirm your account:

4 months ago

International Financial Securities Regulatory Commission: Joint Press Release

International Financial Securities Regulatory Commission: Joint Press Release

Joint  Press  Release OF  BELIZE  INTERNATIONAL FINANCIAL SERVICES COMMISSION AND BELIZE INTERNATIONAL FINANCIAL SERVICES ASSOCIATION

 

As many of you may be aware, the Government of Belize is currently undertaking a fiscal debt restructuring exercise. With the global economic recession and the continuing economic lethargy, many countries have experienced a substantially increased fiscal debt burden. Over the past several years, while Belize has fared better than many including within the Caribbean and Central American region in weathering the recession, growth has largely remained stunted resulting in lower than expected tax revenues. The result is that the Government believes that the fiscal debt is not on a sustainable trajectory and that it is in the country’s long-term best interest that the restructuring is done to make it sustainable. This is the second debt restructuring exercise by the Government. The first was successfully completed in early 2007.

 

While the Government has undertaken these restructuring efforts, Belize’s international financial services industry has continued to grow steadily. Save and except for a temporary reduction in the throes of the global recession in 2008 and 2009, Belize IBC annual incorporations and renewals are at all time highs. This is supported by the continued entry and licensure of multi-jurisdictional international financial services practitioners. Belize’s international trust continues to experience increasing popularity while its relatively small but ever-growing international banking sector holds its highest deposits in the sector’s history.

 

Throughout this process of growth, there have been no legislative interventions whatsoever arising as a result of any Government debt restructuring exercise. Instead in 2009, Mutual Funds (Fees) Regulations were introduced to allow for the effective implementation of the registration process of private, professional and public mutual funds in Belize. In 2010, the legislature enacted the International Foundations Act and in early 2012, the International Limited Liability Companies Act came into force. All these laws were clearly introduced to enhance the offering of products in Belize’s international financial services sector. The Government of Belize has demonstrated itself to be a very strong supporter of Belize’s international financial services sector and the sector and its members and stakeholders have no cause to believe otherwise.

 

As regulator and regulated, we look forward to the continued growth and development of Belize’s international financial services sector with the full support of the Government of Belize.

 

The International Financial Securities Regulatory Commission was established to promote investor confidence in the securities and capital markets by providing more structure and government oversight.

4 months ago

Public Country-By-Country Reporting / Corporate tax transparency by International Financial Securities Regulatory Commission

 Public Country-By-Country Reporting / Corporate tax transparency by International Financial Securities Regulatory Commission

With the rules on country-by-country reporting, the EU has created a framework where businesses in the extractive and logging industries have to publish their payments to governments relating to the exploitation of natural resources. This will assist populations of resource-rich countries to hold their governments accountable for these proceeds.

 

In addition, a country-by-country reporting is also required from EU credit institutions (banks). This will ensure that trust in the financial sector is regained. On 12 April 2016, the Commission adopted a proposal for a Directive which imposes on EU and non-EU multinational groups the publication of a yearly report on the profit and tax paid and other information.

 

Extractive and logging industries: sectoral Country-by country reporting

 

In the European Union, companies with activities in the extractive and forestry must disclose the payments they make to governments on a country-by-country basis and, where appropriate on project-by-project basis. This enhances government accountability and facilitates the adoption of the Extractive Industry Transparency Initiative by countries.

 

The International Financial Securities Regulatory Commission was established to promote investor confidence in the securities and capital markets by providing more structure and government oversight.

4 months ago

International Financial Securities Regulatory Commission: Tips on Effective Practices for Digital Investment Advice

International Financial Securities Regulatory Commission:  Tips on Effective Practices for Digital Investment Advice

According to a recent report from Financial Industry Regulatory Authority (FINRA), firms providing financial services through “digital investment advice” require sound supervision and governance, plus effective ways of determining appropriateness of advices, conflicts of interest, client risk tolerance and portfolio rebalancing. Likewise, the report provides helpful tips for investors and emphasizes the importance of training and education for financial experts who utilize digital investment advice applications.

 

FINRA released the report to provide the public effective practices pertaining to digital investment advice services and to inform member companies of their duties under FINRA regulations. The report highlights the fact that global expenditures on online wealth-management services will continue to grow substantially.

 

"We believe that the report offers guidance and information for FINRA member companies and investors regarding vital aspects of the fast-growing field of digital investment advice," noted Richard Ketchum, FINRA’S Chairman and CEO. "As these services evolve, member firms must ascertain that the main objectives of investor protection – for instance, comprehending and answering customers' requirements and goals – also support the foundation of these new tools."

 

FINRA’s report summarizes effective practices and regulatory guidelines in five key areas:

 

1. Administration and oversight of algorithms, which also involves evaluating first the digital tools’ methodology used and the dependability and quality of raw data processed, plus monitoring continuously to check if the tools deliver what they promise to do, and evaluating whether the tool utilizes up-to-date models consistent with current market realities;

2. Customer profiling, which includes evaluating both their risk tolerance and risk acceptability, and resolving inconsistent or conflicting feedback in customer-submitted information;

3. Administration and oversight of portfolios and conflicts of interest, plus evaluating the risk, portfolio benefits and diversification qualities appropriate for a particular investor profile, and reducing – through transparency and prevention – issues that may result from the securities options for a specific portfolio;

4. Rebalancing, and in addition, proffering ways of how the rebalancing helps as well as methods that exhibit how the tools will serve to address drastic market conditions;

5. Training that enables financial professionals to understand the key assumptions and limitations of individual digital investment advice tools, and determine when use of a tool may not be appropriate for a client.

 

In addition, the report recommends to investors that they assess whether their financial services firm is getting sufficient information to comprehend their needs and risk capability. Conflicts of interest can arise from digital investment advice, FINRA reminds investors; and that whatever advice given to them will depend largely on the investment strategy and appurtenant input data utilized in the digital application. Moreover, FINRA suggests that investors are well aware of the necessary fees they are charged and services provided, in particular, portfolio rebalancing and others.

 

The Financial Industry Regulatory Authority (FINRA) is recognized as the biggest independent securities regulation agency for all firms operating in the United States. FINRA commits to safeguard the interests of the investor as well as the integrity of the securities market through efficient regulation and appurtenant compliance and technology-based systems. FINRA covers substantially every aspect of the securities market – beginning with registration and education of all industry players to evaluation of securities companies, writing regulations, enforcement of such regulations and the federal securities laws, and the education of the investing public in general. Moreover, FINRA conducts investigations and other regulatory tasks for equities and options markets, including trade updates and other related industry services. Finally, FINRA serves as the main administrator for resolutions of disputes for investors and securities firms.