Connect with us
SIS

Industry News

Paysafe launches new global research into consumer payment trends

George Miller

Published

on

Paysafe launches new global research into consumer payment trends
Reading Time: 2 minutes

 

Over half of consumers (56 percent) are worried that the shift to biometrics to authenticate online payments will dramatically increase the amount of identity fraud, according to new research conducted by Paysafe, a leading global payments provider. The research found that four fifths (81 percent) of consumers still favour passwords for making payments online due to concerns about the security of new biometric options.

According to the data, two thirds (66 percent) of consumers worry about being able to pay for goods or services without being asked for a password, and only 37 percent believe that biometrics are more secure than other authentication methods.

The report, Lost in Transaction: The end of risk?, explores consumer attitudes to biometrics prior to the roll-out of Strong Customer Authentication later this year. The annual study tracks changing views on payments across the UK, US, Canada, Germany and Austria, and this year includes Bulgaria for the first time.

Those consumers who didn’t feel comfortable using biometrics identified a lack of trust as their primary reason for avoiding them. The research also revealed further fears around the use of biometrics:

  • Nearly half (45 percent) stated they did not want companies having access to their personal biometric details
  • 35 percent did not know enough about biometrics to trust it
  • Nearly a third (31 percent) were concerned that their fingerprint could easily be cloned and used to commit fraud
  • 28 percent said biometrics did not seem safe

 

Commenting on the research, Daniel Kornitzer, Chief Business Development Officer, Paysafe Group, said: “Biometrics are a huge opportunity for the payments industry to combat the increasing risk of card not present fraud. However, it’s not surprising that there is reluctance among consumers to use biometrics as a form of payment authentication when passwords and PINs have been the central pillar of financial data security for at least 20 years. News headlines are also dominated with fraud and hacking scandals so the public are aware of the risks involved when it comes to adopting new services. To overcome this, consumer education is imperative and with SCA coming in September, consumers will need to be aware of the benefits to ensure acceptance and adoption. We’ve lived in a password-driven world for many years now and consumers aren’t fully prepared to let go of what they know.”

Despite the worries over biometric transactions, adoption continues to grow with more than half (54 percent) of British consumers having used biometrics to make a payment. Nearly two thirds (61 percent) of consumers also agree that using biometrics is a much quicker and efficient way of paying for goods and services.

When asked what biometrics they had used, fingerprint technology was most commonly used biometric (38 percent) followed by one in six (17 percent) having used facial recognition and one in ten (11 percent) voice-activated technologies.

Kornitzer continued: “Consumer acceptance of biometrics is being driven largely by smartphone usage and adoption, and this will only increase. However, payment providers will need to do their bit to get consumers on board. Ultimately, SCA should lead to smoother and more secure payments – a win for businesses and consumers alike.”

To read the report in full, please visit https://www.paysafe.com/lost-in-transaction-the-end-of-risk/

Advertisement
Kasynos.Online

Industry News

GVC Adds Senior Gaming Executives David Satz and Robert Hoskin to its Board

Niji Narayan

Published

on

GVC Adds Senior Gaming Executives David Satz and Robert Hoskin to its Board
Reading Time: 2 minutes

 

GVC Holdings PLC has announced the appointment of David Satz and Robert Hoskin to its Board of Directors.

David Satz has joined as an Independent Non-Executive Director on 22 October 2020, and Robert Hoskin will be promoted to the Board as an Executive Director on 1 January 2021 in the role of Chief Governance Officer.

David Satz most recently served as the Senior Vice President of Government Relations and Development for Caesars Entertainment Corporation in Las Vegas, where he worked from 2002 to 2019.

Robert Hoskin has been at GVC since 2005 and will take up the role of Chief Governance Officer, overseeing GVC’s legal, regulatory, governance and social responsibility affairs. He is currently Group Director of Legal, Regulatory and Secretariat.

“I am delighted to be welcoming two such high calibre individuals to our Board. David has unrivalled regulatory and legislative expertise in the all-important US gaming market. His knowledge and insight will be hugely additive in helping us to achieve our ambition of being the leading operator in the US through BetMGM, our fast-growing joint venture with MGM Resorts,” Barry Gibson, Chairman of GVC, said.

“Robert has made an outstanding contribution to GVC in his 15 years at the Group, and his promotion is richly deserved. The fact that regulation, legal and governance are now represented at Board level will give us even greater oversight of these critically important areas, all of which are central to our long-term growth plans,” Barry Gibson added.

“I have long been an admirer of GVC’s diversified business model, industry-leading brands, and unique proprietary technology platform. I look forward to working closely with the Board and the executive management team in order to help support GVC’s impressive growth trajectory, especially in light of the unprecedented opportunity presented by its strong position in the nascent US sports betting market,” David Satz said.

“It has been an absolute pleasure to have witnessed GVC’s extraordinary growth story from an AIM-listed company to the successful and international FTSE 100 business that it is today. I am honoured to be joining what is an outstandingly strong Board and am delighted that the importance of Governance is being recognised in this way,” Robert Hoskin said.

Continue Reading

Industry News

AC Milan Extends its Partnership with StarCasinò.sport

Niji Narayan

Published

on

AC Milan Extends its Partnership with StarCasinò.sport
Reading Time: < 1 minute

 

AC Milan football club has extended its partnership with StarCasinò.sport. The sports entertainment platform, part of the Betsson Group, will continue to be an AC Milan Official Partner for the next three years, until the end of the 2023 season.

“The aim of Betsson Group is to create engaging, amazing and safe experiences for all users and, through our brand StarCasinò.sport, we propose an innovative and exciting storytelling of sports. The renewal of the partnership with AC Milan, a top-class Club, is very important for us in terms of broadening our image and it allows us to create high-quality entertainment for the Rossoneri fans as well as for all football fans,” Ronni Hartvig, Chief Commercial Officer of Betsson Group, said.

“We are delighted to announce the renewal of our partnership with StarCasinò.sport. In recent months we jointly created exciting and innovative special content dedicated to our fans and we are both very pleased with the results we have achieved. We want to keep surprising AC Milan’s fans and we are ready to engage them in many new Rossonero initiatives,” Casper Stylsvig, Chief Revenue Officer at AC Milan, said.

Continue Reading

Industry News

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

George Miller

Published

on

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability
Reading Time: 3 minutes

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.

 

How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.

The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.

Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.

 

Source

Continue Reading
Advertisement
NSoft

Subscribe to our News via Email

Enter your email address to subscribe to our news and receive notifications of new posts by email.

Trending

Notice for AdBlock users

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.

Kasynos.Online