A Review of 2017 in Online Security and Cryptocurrency

As many have predicted twelve month ago, cybersecurity, cryptocurrencies, and online fraud have undoubtedly been the major themes of 2017 and, as we have started preparing our predictions for 2018, we believe it is crucial to have a look over what happened in 2017. After all, it’s that time of the year.

The biggest data breaches – Uber/Equifax

By far, the most analysed, discussed and large data exposé in 2017 was the Equifax data breach. Credit card numbers for over 209,000 consumers and certain dispute documents, which included personal identifying information of approximately 182,000 consumers were accessed. The credit bureau has been facing more than 240 class-action lawsuits from consumers and three top officials had to leave the company, over the way it handled the massive data breach.

The other big data breach that inflamed media outlets was Uber’s. Over 50 million users and 7 million drivers’ data were exposed and hackers made it off with names, email addresses, and mobile phone numbers for both customer and rider accounts. As if this wasn’t enough, the hackers also downloaded the driver license numbers of around 600,000 US drivers. Bloomberg, who was the first to break the story, claimed the company paid the two hackers USD 100,000 to delete the data and keep quiet about the incident.

The biggest threat – WannaCry, Petya, BadRabbit

On May 12, the WannaCry worm took the world by storm, causing major ransomware outbreaks at large corporations like Telefonica, Renault, FedEx or government institutions like Chinese Universities, the Russian Interior Ministry, and Britains National Health Service. More than 300,000 Windows computers around the world were affected by the ransomware, as the hacking tool spread silently between computers, shutting them down by encrypting data.

Similarly, one month later, in June 2017, the Petya ransomware, which irrupted from Ukraine, disrupted business operations at Maersk, Mondelez, Reckitt Benckiser, and demanded Bitcoin payments to unlock affected computers. The third in line is the BadRabbit, a strain of ransomware resembling Petya / NotPetya, which spread in Europe, Russia and Turkey, targeting airports, train stations, news agencies and Russia’s central bank.

European authorities preparing the way for PSD2 implementation

2017 started with EBA’s decision to introduce transactional risk-based assessments for electronic payments up to EUR 500 and risk-based assessments for transactions, based on the overall fraud levels of the payer’s Payment Service Provider’s fraud rate. Also, the banking authority abandoned its previous recommendation to introduce an independence requirement between the devices, applications and software, among which transactions are initiated and authentication codes are received.

Furthermore, the authority also initiated a public consultation on the Guidelines’ draft, to support the core objectives of the PSD2 of strengthening the integrated payments market across the EU, and in August 2017, the European Banking Authority (EBA) launched a public consultation on fraud reporting requirements under the revised PSD2.

The roll out of numerous user-centric identity schemes across the globe

In May 2017, Deutsche Bank together with Mercedes-Benz maker Daimler, insurer Allianz and publisher Axel Springer teamed up to create a platform that would enable users to do their digital transactions with a single account, with no more registrations or repetitive passwords. The platform was named verimi, a combination of the words “verify” and “me”, and combines a central log-in (single sign-on) with security and privacy standards under European law (GDPR, LoA 1-4) and with the user’s self-determination about the usage of their personal data (opt-in).

Simultaneously, during 2017, governments and national banks rolled out similar initiatives across the globe: in Canada a Pan-Canadian Trust Framework has been created, focused on building a user centric identity scheme, in Australia the government revealed an initial draft for an digital identity framework, in Belgium - Itsme enabled mobile operators to start collaborating in order to provide an authentication service, and in Spain the Alastria consortium began working towards the development of a permissioned, digital ID.

Major acquisitions

At the beginning of 2017, Verizon Communications announced that it will lower the acquisition price of Yahoo with USD 350 million after two major data breaches. Digital security solutions provider Gemalto has agreed to a EUR 51 per share acquisition offer from cybersecurity provider Thales, in a deal worth around USD 5.43 billion, after rejecting EUR 4.3 bln Atos takeover offer.

Bitcoin goes mainstream - Square Cash to trial Bitcoin transactions and Bitcoin Futures launched

In November 2017, Square started trialling cryptocurrency support in their Cash app. The feature focuses on buying and selling Bitcoin and not just on sending and receiving. It’s not yet clear what the fee structure will be or if there are daily buying or selling limits, however, the company added this functionality as they “believe cryptocurrency can greatly impact the ability of individuals to participate in the global financial system” – Square spokesperson said for TechCrunch.

In December 2017, CBOE futures exchange and CME Group started trading Bitcoin enabling investors to bet on whether Bitcoin prices will rise or fall. The launch of Bitcoin futures is viewed as a major step in the digital currency’s path toward legitimacy, which should encourage the entry of big institutional investors.

ICOs officially banned in China

Many startups today use ICOs to raise funds in the form of cryptocurrency. An ICO happens at predetermined dates when companies publish a cryptocurrency address on their websites, and people start sending funds. After the ICO, the company issues tokens in return, which are the equivalent of real-world stocks.

However, China officially banned ICOs, as it considers them illegal securities issuance and illegal fund-raising, financial fraud, pyramid schemes and associates it with other criminal activities. Not only China, but also countries such as Canada and the US have affirmed their disapproval on ICOs, launching white papers aiming to educate users against these initiatives.

Multiple attacks on cryptocurrency exchanges – Bithumb/ CoinDash/ NiceHash

At the beginning of summer 2017, South Korean authorities revealed that Ethereum and Bitcoin exchange Bithumb got hacked, with cybercriminals stealing personal information from 36,000 accounts and KRW 7.6 billion (USD 6.99 million) worth of cryptocurrencies, press time. However, in December 2017, South Korea’s spy agency said North Korean hackers were behind attacks on cryptocurrency exchanges in 2017, according to Reuters.

Another cryptocurrency startup that got hacked this year was CoinDash, when an unknown fraudster modified an Ethereum wallet address during the company’s ICO. Furthermore, NiceHash, a crypto-mining marketplace, published a statement on social media announcing that hackers breached its website and stole all the Bitcoin from its main wallet.

Therefore, fraudsters launch every attack with the clear intention of outsmarting businesses, however the latter must continue to prioritize digital first strategies to protect the end consumer. To learn more about the latest trends in the fraud management, digital identity verification and authentication space, check out our Web Fraud and Online Authentication Market Guide, that gives insights into the most common types of fraud that have made the headlines in 2017 and sets the stage for digital transactions professionals to offer best practices and advice on how to deal with them. The guide also features a mapping and two infographics detailing the most relevant players in the fraud management and CIAM space.

Stay tuned for the next instalment of the 2017 The Paypers Review, this time discussing the changes in the Mobile Payments, Cards, Online and Mobile Banking space.

We hope you enjoyed our headlines retrospective for 2017, and we want to take this opportunity to thank you for following us and reading our stories this year! Don’t forget to subscribe to check out more insights and relevant pieces in the upcoming year.

Happy holidays from The Paypers!

About Mirela Ciobanu

Mirela Ciobanu is Senior Editor at The Paypers and has been actively involved in covering digital payments - related topics, especially in the cryptocurrency, online security and fraud prevention space. She is passionate about finding the latest news on data breaches, machine learning, digital identity, blockchain, and she is an active advocate of the need to keep our online data/presence protected. Mirela has a bachelor degree in English language and holds a Master’s degree in Marketing.