News Roundup 4/3: E-commerce fraud, security vulnerabilities in encrypted apps, and free speech
3 Apr 2017
E-commerce fraud jumps by 33%
Love ’em or hate ’em, but chip readers are here to stay. Despite their propensity for irritating noises (did that beep mean that my card worked, or that it didn’t?), chip readers and chip card authentication make our transactions much safer. By late 2015, Visa and other companies had shifted liability for in-store fraud-related losses to retailers who hadn’t upgraded their hardware to accommodate chip readers, putting pressure on these companies to install new hardware.
But as it becomes harder for fraudsters to commit fraud using physical cards, fraudsters turned their attention to online e-commerce. According to a new report by Experian, retailers have spent so much time battening down the hatches in their physical stores that many have neglected to put barriers in place to stop online fraud. Paradoxically, increased security in physical retail stores drove a 33% spike in overall e-commerce fraud last year.
The Supreme Court rules First Amendment extends to swipe fees
Your right to free speech could protect you from hidden credit card fees. Ten states, including New York, prohibit retailers from disclosing that credit card purchases are subject to a 2% to 3% surcharge; most businesses raise their prices to balance out the cost of the surcharge. These fees generate $50 billion for credit card issuers each year.
But the Supreme Court has ruled that these laws violate the First Amendment. Retailers are now obligated to inform customers about all credit card surcharges.
WhatsApp and Telegram patch account takeover vulnerabilities
Encrypted messaging services provide a vital service for a diverse group of people: whistleblowers, at-risk minorities in fraught political environments, and anyone looking to send a message they don’t want their boss, spouse, or parents to know about. But last week, a group of researchers identified a security vulnerability in two popular apps, Telegram and WhatsApp.
Researchers exploited the vulnerability to send a malicious HTML document disguised as an image preview. The loophole could have allowed fraudsters to take over a user’s account, access their personal information and conversations, and infiltrate their photos, videos, and files. Needless to say, WhatsApp and Telegram were quick to implement a fix.