10.1 C
London
Monday, October 23, 2017
Home Tags Apple Pay

Tag: Apple Pay

iOS devices will look and feel a bit different when iOS 11 comes out.
Mobile Software Development Kit allows app developers to easily integrate payment methods for in-app purchases.London – 01 June, 2017 Computop, one of the leading payment service providers, announces its Mobile Software Development Kit (Mobile SDK), a software module designed to make integrating payment methods for in-app payments simpler, and faster.The solution integrates payment methods for apps at checkout, to help mobile shopping payments become more widely accepted, and to make it easier for vendors to... Source: RealWire
A company that couldn't strike a deal with Visa now seeks patent royalties.
First-party money transfer service would compete with Paypal, Google, and more.
I would have tried Apple Pay sooner, but my bank didn't support it until recently. Now that I have it, I'm a believer.
It's only a test Barclays is trialling smartphone cash withdrawals. The UK's first contactless mobile cash service will allow the bank's customers to withdraw up to £100 in-branch, with just a tap of their Android smartphone or contactless debit card.

The technology offers an alternative to traditional cash withdrawals from specially outfitted ATM machines. The service is initially being piloted in the North before rolling out to over 180 Barclays branches in the New Year.
It will be available on more than 600 in-branch machines.

Barclays customers with an Android smartphone or contactless debit card would need to tap their phone/card against the contactless reader before entering their PIN on the machine and withdrawing their cash as normal. The Contactless Cash functionality will only be available on NFC-enabled Android devices that have downloaded the latest version of Barclays Mobile Banking.

The facility is limited to Android smartphones, with iPhone fans left out in the cold.

Apple restricts the use of iPhones' NFC chips to its own Apple Pay facility and there's no hook-in that for third-party apps from banks or anyone else. Barclays claims Contactless Cash offers increased security because it removes the risk of magnetic card skimming and distraction fraud, since a smartphone never needs to leave a customer's hand. In a statement, Ashok Vaswani, chief exec of Barclays UK, said: "Our customers now expect to be able to use their smartphone to make their everyday purchases. We want taking out cash to be just as easy. With Contactless Cash customers can quickly and securely take out money with just a tap of their smartphone – a first for the UK." Cindy Proven, chief strategy and marketing officer at Thales e-Security, cautioned that the security of the system is reliant on making sure customer's smartphones are free of malware. "It's encouraging to see the payments industry continue its commitment to embracing digitalisation to improve efficiency of payments and further reduce the possibility of fraud with ATM withdrawals," Proven said. "However, with risks to mobile payments – such as malware already present on an end-user's device – it is critical that security remains front of mind when developing such innovations." ® Sponsored: Customer Identity and Access Management
 Download the PDF Introduction The Internet has changed forever how people shop.

By 2018, around one in five of the world’s population will shop online; with ever more people doing so on a mobile device rather than a computer.
In fact, it is estimated that by the end of 2017, 60% of e-commerce will come from smartphones.

That’s millions of people enthusiastically browsing and buying while at home, at work, in restaurants, airports, and railway stations, walking down the street, standing in stores, and on holiday, often outside the protective reach of a secure, private wireless network. Regardless of the device used, every interaction and transaction will generate a cloud of data that brands will want to capture in order to deliver ever more targeted and personalized offers. Unfortunately, others are waiting to seize consumers’ information too – through insecure public Wi-Fi networks, phishing emails and infected websites, among others.

They are the cybercriminals, and they don’t have a consumer’s or even a brand’s best interests at heart. The risks facing retailers and online shoppers peak during the busiest shopping days of the year: the late November Thanksgiving weekend that runs from Black Friday through to Cyber Monday, and all through December to Christmas and the New Year. As the number and speed of transactions increase, so do the cyberthreats.
In this overview, Kaspersky Lab reveals the reality in terms of the top cyber-attacks targeting consumers and retailers during this remarkable buying period. To put this data in context, it is worth looking back over the last few years to see how the landscape has evolved, focusing in particular on Black Friday and Cyber Monday. In 2013, the concepts of Black Friday and Cyber Monday were already well established in North America and starting to gain momentum elsewhere. In the US alone, Cyber Monday saw online sales grow by 21% on 2012, raking in sales of $2.27 billion.

Black Friday achieved $1.93 billion worth of transactions, but won out on average sales value. 17% of total sales were undertaken on mobile – a 55% increase on 2012.
In the UK, online sales rose by a slightly more modest 16% in November, with over $600 million believed to have been spent online on Cyber Monday alone. This was also the year when US retailer Target discovered that the credit card details of around 40 million customers were breached between 27 November and 15 December, apparently through hacked in-store point-of-sale systems. In 2014, the year of the now infamous Sony Entertainment hack, the records set in 2013 were all broken. Thanksgiving Day 2014 in the US marked the moment when more mobile devices (52%) than computers were used (48%) for browsing online; and Black Friday online sales were up 21% compared to the same day in 2013 – with around one in three (30%) orders placed using a mobile device.

Adobe estimates overall online sales in the US of $2.4 billion on Black Friday, $1.3 billion on Thanksgiving Day and $2.7 billion on Cyber-Monday.
In the UK, online sales peaked during the week of Black Friday sales surged by 44%, compared to the previous week, and up a staggering 135% on the same week in 2013. Mobile sales rose by 83%. And the records were all broken again in 2015. In the US, Cyber Monday 2015 was the largest online sales day, ever. Online consumers spent a record $3.07 billion – and $8.03 billion across the four-day Thanksgiving weekend.
IBM analysis shows that, overall, online sales were up by a quarter (26%) on 2014, with 40% of sales now coming from mobile devices. The big consumer hacks of the season involved malware targeting point-of-sales systems in hotels, including Hyatt, Starwood and Hilton worldwide. 2016 looks set to break records all over again, and criminals will probably try even harder to take advantage of all the noise and activity to steal credentials to financial accounts or even to grab the money directly.

This overview will cover the types of cyberthreats that buyers, sellers and providers of payment systems may face over the coming weeks.
Methodology and Key Findings The overview is based on information gathered from Kaspersky Lab malware and phishing detection systems (number of attacks or number of attacked users), and also from the analysis of events and conversations happening on the hacker underground – multiple internet forums where users allegedly involved in financial fraud operations tend to gather.

The overview covers Q4 in 2013, 2014, 2015 and partly (in some cases) 2016.

Even though, officially, the “Black Friday” sales period ends with Cyber Monday, right after the Thanksgiving holidays, just a few days later another “high” sales period begins: the so-called pre-Christmas period, which is also one of the most profitable times of the year for retailers. We count October as a high sales period as well, because so-called “Black Friday” sales campaigns often start prior to the actual sales days (Halloween sales are a good example), and – what is more important – cybercriminals tend to start preparations in advance of day X. The overview also contains a list of actions that could be implemented by regular users, business owners and owners of payment infrastructure in order to prevent fraud during the high retail season. Key Findings: The share of financial phishing during the high sales season is 9 percentage points higher than during other times of the year. The share of phishing attacks against online shops and payment systems during the period is usually higher than phishing against banks. Criminals are trying to connect their malicious campaigns, such as spreading financial malware and phishing pages, to particular dates: Black Friday, Cyber Monday, and the pre- and post-Christmas days. Underground vendors of skimmers and dummy plastic cards are already experiencing an increase in sales. Kaspersky Lab researchers expect blackmailing DDoS-attacks against online retailers during the holidays. More about these findings can be found in the overview. Phishing Among cybercriminals, phishing is one of the most popular ways to steal payment card details and credentials to online banking accounts.

A phishing scheme is relatively easy to set up (the fraudster doesn’t even need to know how to write malware; only basic web development and design skills are required), yet it is effective because it is mostly based on social engineering techniques.

During the holiday period, users are eager to find the best goods at the best price and they are expecting to see offers of this kind while surfing the web.

Cybercriminals know about that and try to exploit this feature as much as possible. Share of financial phishing in overall volume of attacks As statistics from the previous years show, financial phishing usually accounts for no less than a quarter of all phishing attacks registered in a year.

For example, in 2013, it was 31.45% of all registered phishing attacks, in 2014 – 28.74%, in 2015 – 34.33%.

The current year is not yet over, but judging by the quarterly statistics the trend is the same. Share of financial phishing in overall number of phishing attacks 2013 – 2016 And at the same time things are significantly different when it comes to what we call the holiday sales period.

As expected, the share of financial phishing at this time is noticeably higher than the typical yearly result. Share of financial phishing in different periods in comparison to the holiday period Although in 2013 the number of financial phishing attacks during the high sales period was only 0.5 percentage points higher than the total result for the same year, in 2014 and 2015 we detected a clear difference of around 9 p.p. in favour of attacks during the holidays. Of course these data are not enough to talk about a strong tendency; nevertheless, the chances are high that this year this difference will emerge again. Types of financial phishing At Kaspersky Lab we distinguish between three major types of financial phishing: Banking, E-payment and E-shopping.

They are all types of phishing pages that imitate the corresponding legitimate services dealing with financial transactions.

Based on what we have observed in Q4 in 2014 and 2015, during the “Holiday” period, the separation between different types of financial phishing is different to the result for the full year. For example, in 2013, shares of phishing attacks during the year and during the last “Holiday” quarter weren’t very different – less than 1 percentage point. However inside the category differences were much more visible. That year the share of e-shop phishing in Q4 increased more than 1 percentage point to 7.8%.

And the share of phishing against users of popular payment systems more than doubled compared to the rest of the year – 5.46% against 2.74%.

At the same time, the share of phishing against users of online banking was lower than during the year: 18.76% against 22.2%. The situation was repeated the next year, but with more visible amplitude.
Shopping phishing during the holiday season was 5.32 p.p. higher than the full year result.

And the payment systems’ phishing was 2.78 p.p. higher. 2013 Full year Q4 Financial phishing total 31.45% 32.02% E-shop 6.51% 7.80% E-banks 22.20% 18.76% E-payments 2.74% 5.46% 2014 Full year Q4 Financial phishing total 28.73% 38.49% E-shop 7.32% 12.63% E-banks 16.27% 17.94% E-payments 5.14% 7.92% 2015 Full year Q4 Financial phishing total 34.33% 43.38% E-shop 9.08% 12.29% E-banks 17.45% 18.90% E-payments 7.08% 12.19% The change in shares of different types of financial phishing in 2013-2015 These differences are accompanied by attacks against particular targets.
In 2014, Kaspersky Lab researchers conducted a small investigation into the dynamics of attacks during Black Friday and discovered that the number of attempts to load phishing pages detected and blocked by users of Kaspersky Lab products was actually growing. Here are the timeline graphs for several targets that are traditionally most often used by phishing scammers. Dynamics of detection of attempts to load phishing page where the American Express brand is mentioned demonstrates very similar behaviour in 2014 and 2015. Dynamics of phishing attacks using the American Express brand in the week of Black Friday 2014 2015 Example of timeline of attacks against a particular target And when it comes to other brands connected to online money and shopping the situation is repeated.

Though the growth of attacks in 2015 happened after Black Friday and peaked on Cyber Monday. Dynamics of phishing attacks using the Visa brand on Black Friday 2014 2015 Example of timeline of attacks against a particular target Last but not least phishing attacks that utilize online shopping brands also obviously have a connection to specific days, such as Black Friday. Dynamics of phishing attacks using the Wal Mart brand on Black Friday 2014 2015 Example of timeline of attacks against a particular target Example of timeline of attacks against a particular target Spikes in the number of detections are also typical for Christmas and the New Year period – basically they’re the second highest period in the whole quarter.

Further in this overview we will show that attack peaks are typical features not only for phishing, but for financial malware attacks as well. Examples of “Holiday” Phishing In most cases cybercriminals don’t bother themselves with inventing anything special.
Instead they just copy pages of legitimate shops, internet banking and payment systems. As can be seen on the picture below the phishing copies of the Amazon shop quite precisely resemble the original website. Example of a fake Amazon e-shop Which is also true for sites of payment systems and banks.

Below are pictures of phishing sites imitating Visa and American Express data submission forms.

Along with some others, these two brands are traditionally among the top of those faked by phishers. Example of a fake Visa payment form Example of a fake American Express payment form Sometimes criminals create whole fake web-shops simply to collect victims’ credit card data. Example of 100% fake internet shop They attract victims with extremely low prices for goods from famous brands.

And then – when the victim has chosen the item they like and proceeds to the payment page, they simply steal their financial credentials. Example of 100% fake internet shop, part 2, the payment page Another way in which criminals exploit the hot sales period is by creating allegedly legitimate websites that are selling gift cards and coupons that – if they’re real – can be monetized in legitimate internet shops. However, criminals sell phony coupons, not real.

The only purpose of these websites is to collect card credentials.

An example of such a website is displayed in the picture below. Example of a fake shop selling phony coupons And of course criminals exploit the brand of Black Friday itself and they start their preparations way in advance. While preparing this overview Kaspersky Lab researchers came across a number of fake websites, which have the word Black Friday in the name and the content of which offers outstanding discounts on expensive goods. Example of a fake Black Friday themed shop In all, Kaspersky Lab security specialists expect that in 2016 the trends which emerged in previous years (higher than average percent of financial phishing, topical Black Friday scams, etc.) will continue their development as phishing remains one of the main source of credit card data for criminals and is still one of the easiest ways to set up a fraud scheme. Financial malware For years, banking trojans were one of the most dangerous cyberthreats out there. Unlike usual spyware which hunts for any type of credentials and, in most cases, is not very sophisticated, banking trojans are aimed specifically at users of internet banking and remote banking systems.

Criminals tend to invest a lot of resources in the development of such malware and also develop different sophisticated techniques to avoid detection by AV products, and spread the malware as effective as possible.

The most famous examples of banking malware are: ZeuS, SpyEye, Carberp, Citadel, Emotet, Lurk and others. In previous years Kaspersky Lab experts have prepared two reports covering the global financial malware landscape, in 2013 and in 2014.

And since then multiple things have changed: first of all the number of users attacked with banking malware has started to decrease. Most likely this is due to the fact that criminals have largely switched their attention from clients of banks to the banks themselves, because a sophisticated attack against a bank can bring much more profit than an attack against a regular user.

Another reason is the rise of encryption ransomware which has proven itself a relatively effective way of getting money illegally. What hasn’t changed a lot is the attention of criminals to the high sales season. the change in the number of attacks and attacked users from November to December 2015 According to Kaspersky Lab telemetry, during the holiday season of 2015, 261,000 users were attacked with banking malware That’s significantly less than in the same period a year ago, when 307,600 users were attacked. However, 2015 has shown the fairly obvious interest that criminals are showing in Black Friday, Cyber Monday and Christmas.
In October the number was 61,674 users, in November – 81,038, and in December – 154,324 attacked users.

A year before, in 2014, 101,300 users were hit in October, 164,000– in November and 102,900 in December. The pattern is obvious. The dynamics of attacks with help of financial malware from November 20 to December 3 2015 (Black Friday through Cyber Monday) As can be seen on the graph above, the number of attacked users started to grow from November 22nd and peaked on November 26th, the day before the Black Friday 2015.

The next visible peak happened on November 30th, which was the day of Cyber Monday that year.

These two peaks were noticeably the biggest since the beginning of the period. The dynamics of attacks with financial malware in Christmas period 2015 The next big rise in the number of attacks and attacked users happened on 24th of December, right before Christmas, followed by a huge two-day spike detected on 28th and 29th, not long before New Year’s Eve. In 2014, the spikes of attacks in the holiday season weren’t that obvious, but still it was clear enough that the Black Friday period is of interest: a visible rise in attacks started on November 24th and peaked on November 27th, which was again the day before Black Friday.

After that another spike was registered on 1st December, which was the day of Cyber Monday. The dynamics of attacks with financial malware from November 20 to December 3 2015 (Black Friday through Cyber Monday) Christmas 2014 also has shown correlation between holiday dates and attacks: on 24th and on 28th of December. The dynamics of attacks with financial malware in the Christmas period 2014 Almost the same spikes appear when it comes to Mobile malware. Most of the detections on the graphs below were generated by a few families of malware: Faketoken, Svpeng, Marcher and Acecard.

These four are the main threats when it comes to mobile banking on Android, and the criminals behind them obviously used the holidays to actively propagate these malicious programs.
It was especially visible in 2014: The dynamics of attacks with mobile financial malware on Black Friday through Cyber Monday 2014 period 2015 was significantly calmer in terms of the number of detections, but certain spikes were still in place. The dynamics of attacks with mobile financial malware on Black Friday through Cyber Monday in 2015 POS malware Another dangerous type of malware which we have already seen and are expecting to see during this season is POS-malware – the type of financial malware which infects the OS of point of sales terminals and then steals the credentials of the credit cards processed by these devices.
So far, due to the specific nature of the devices that this type of malware tends to attack, we don’t yet have relevant statistics on the number of detections during the holiday period. However we can estimate the threat by counting the number of families which our experts added in recent years.
In 2013 only 4 families were added to our collection, but the 2013 Target breach inspired many criminals to attempt to reproduce the “success” of those who hacked the famous retailer, and the next year 12 more families of POS-malware were added. 2015 was the hottest year in terms of POS malware with 14 new families. 2016 is fairly calm so far: 6 new families were added to our collection since the beginning of the year.
In total there are at least 36 families of malware capable of stealing data from POS terminals out there in the wild.

The number is even bigger than the amount of banking malware families, 30 species of which are now in the Kaspersky Lab collection. Expect new attacks The motivation behind attacks that are tied to concrete dates are clear: cybercriminals suggest that the chances that users will be working with their financial accounts online more than usual are higher than on any other day.

Therefore they tend to increase their hacking efforts to raise their own chances of stealing money. Judging by the dynamics of attacks of “holiday” dates from 2014 and 2015, Kaspersky Lab expects that in 2016, the situation may be repeated. News from the Underground While online shoppers are drawing up their wish-lists for the upcoming sales, retailers are preparing their stores for a massive rise in visitors, and financial infrastructure owners – banks and payment systems – are getting ready for a huge increase in the number and value of transactions, criminals are also preparing for the season.

For this report Kaspersky Lab experts have conducted some research into events and discussions taking place on several secret, invitation-only underground forums, where users allegedly involved in different types of financial fraud tend to gather and discuss things. More about Cyber Monday Based on the results of the research, we can say that underground cybercriminals, at least on East European fora, are more excited about Cyber Monday than about Black Friday.

This may be because Cyber Monday is more about online sales.

There will be a lot of online advertising of special deals and it will be easier for them to hide phishing scams inside the stream of legitimate offers. Also, from a logistics perspective, Cyber Monday is more convenient than Black Friday, which is more about offline sales.

Criminals don’t have to deal with physical access to ATMs in order to set up, and later collect a skimmer.
Instead they could use a phishing or malware attack in order to collect credentials and then monetize them in a number of ways. That said, ATM skimming attacks will happen during Black Friday and will continue through other holidays: Christmas and New Year. Example of an online advertisement for skimmers on one of the hacker forums Based on information from the last year, during December 2015 more than 500 skimmers were sold on an East European black market, while “usual” sale rate is 25 – 30 devices per month.

These devices come packed with everything necessary for successful data-stealing, like fake PIN-pads, hidden cameras etc.

The vast majority (around 96.5%) of skimmers mimic the products of four popular vendors, and the rest 3.5% are skimmers that replicate custom models. As a result of the 2015 holiday fraud campaign, criminals experienced certain problems with the cashing out of compromised cards.

Based on conversations on the corresponding web resources, the cash-out projects (groups that undertake the cash-out for other criminals) were heavily overloaded so the cash-out orders took three months to complete.

This was due to a large number of stolen credentials waiting to be cashed-out.

According to Kaspersky Lab data, during December 2015 criminals were able to collect approximately 10 times as many credentials as during a non-holiday period.

Basically this equates to the total number of card details they are usually able to steal during the rest of the year. Example of an advertisement by an online shop selling stolen credit cards credentials Information on several forums suggests that, in 2016, a month prior to the start of the Black Friday, vendors of skimmers were already experiencing an increase in sales, alongside vendors of blank cards that will later be used to clone stolen cards.

Also, some vendors are offering new generations of POS skimmers which are attached to legitimate POS’s. Unlike earlier skimmers, the new generation is placed inside the card reader, which makes them much harder to spot with the naked eye. Another interesting trend is that many criminals are avoiding starting their campaigns with malware, choosing instead phishing attacks because they consider them to be more efficient and safe.

Besides that they are actively utilizing schemes that involve direct contact with the victim.
In these attacks the fraudsters will call the victim, seemingly on behalf of a bank, and try to find out their credit card credentials with help of psychological tricks. Kaspersky Lab experts also expect that more cases of cash-out through Apple Pay and Samsung Pay payment systems will happen during this holiday season.

The recent increase in the list of countries where the systems are supported has brought a certain inspiration to criminal community.

The ability to attach a card to an Apple ID and then use it to pay for real goods creates a relatively convenient way to cash-out for so called “stuffers” – criminals who specialize in cashing out through buying goods from internet and physical shops, as well as for virtual carders – criminals who monetize stolen credentials through virtual goods Another rather interesting conclusion made by Kaspersky Lab researchers during their research of the cybercriminal underground, is that fraudsters expect a lot of profits from attacks during the holiday period, especially the pre- and post- Christmas to New Year period, not only due to the high number of buyers seeking to spend money, but also because (based on their experience, which they share on forums) in this period the anti-fraud departments of banks are weakened.

Due to many employees going on vacation around these dates, banks suffer from a lack of personnel, and it is theoretically easier for criminals to hide fraudulent operations in the stream of legal ones. Example of a fraudster’s website selling a DDoS-attack service Other types of criminal groups – such as those specializing in DDoS attacks, will most likely try to attack online shops for the purpose of blackmailing.

That is a well-known tactic which they use against small and medium retail organizations.

By setting up a DDoS attack they would block access to the attacked store and, until the owner pays a ransom, they would keep it blocked. Not wanting to lose money because of the unavailability of the store the owners will often pay the criminals.

This is likely to happen in the coming holiday season. Conclusion and advice The main purpose of this paper is to raise awareness of the threats that may ruin the upcoming holiday season for regular users and shoppers and owners of online stores and owners of financial infrastructure.

Both Kaspersky Lab telemetry and the analysis of conversations happening on the underground suggest that cybercriminals will pay special attention to the upcoming high sales season.

But this doesn’t mean that the holidays are already doomed. If prepared, each legitimate party of this process: buyers, sellers and financial services providers will end up in profit.

All they have to do is to follow some simple advice. For regular users Do not click on any links received from unknown people or on suspicious links sent by your friends on social networking sites or via e-mail.

They can be malicious; created to download malware to your device or to lead to the phishing webpages aimed at harvesting user credentials. Do not download, open or store unfamiliar files on your device, they can be malicious. Do not use unreliable (public) Wi-Fi networks to make online payments, as hotspots can be easily hacked in order to listen to user traffic and to steal confidential information. Do not enter your credit card details on unfamiliar or suspicious sites, to avoid passing them into cybercriminals’ hands. Always double-check the webpage is genuine before entering any of your credentials or confidential information (at least take a look at the URL).

Fake websites may look just like the real ones. Only use sites which run with a secure connection (the address of the site should begin with HTTPS:// rather than HTTP://) to hinder theft of information transmitted. Don’t tell anybody your one-time password or PIN-code, not even a bank representative.

Cybercriminals can use this data to steal your money. Install a security solution on your device with built-in technologies designed to prevent financial fraud.

For example, Safe Money technology in Kaspersky Lab’s solutions creates secure environment for financial transactions on all levels. And don’t forget about the same rules when using your mobile device for financial transactions, because cybercriminals and fraudsters target them too. For retailers Keep your e-commerce platform up-to-date.

Every new update may contain critical patches to make the system less vulnerable to cybercriminals. Pay attention to the personal information used for registration.

Fraudsters tend to hide their identities but lack of creativity can serve as an indication of fraud. John Smith whose email address reads as 21192fjdj@xmail.com is likely to be a criminal.

Check again and request more details from customers if needed.

Adding captcha might be effective measure against this. Restrict the number of attempted transactions.

Criminals usually make multiple attempts to enter correct card numbers for one purchase. Use captcha and increased time intervals for attempts to re-enter card numbers. Use two-factor authentication (Verified by Visa, MasterCard Secure Code and etc.).
It will dramatically drop the number of cases of illegal card usage. Be careful with suspicious orders.
Several unrelated high-value items for more than $500 and extra payment for fast shipping to another country can be a sign of a criminal hurrying to resell as soon as possible.
In such cases it is recommended to contact the customer on the phone and confirm the order. Use tailored security solution to protect your point of sales terminals from malware attacks and make sure your POS terminals run the latest version of software. Criminals may attempt to DDoS the website of your shop for blackmail purposes. Make sure that your IT security team is prepared for such attacks or, if you don’t have one, ask your hosting provider if it is possible to purchase a DDoS-protection service from them. Educate your clients on possible cyberthreats they may encounter while shopping online and offline For financial organizations Introduce enterprise-wide fraud prevention strategy with special sections on ATM and internet banking security. Logical security, physical security of ATMs and fraud prevention measures should be addressed altogether as attacks are becoming more complex. Conduct annual security audits and penetration tests.
It is better to let professionals find vulnerabilities than wait until they will be found by cybercriminals. Choose a multi-layered approach and techniques against fraud.

Training employees to spot suspicious transactions should be combined with implementation of dedicated fraud prevention solutions.

Financial security software based on innovative technologies helps to detect and fight fraudulent activity beyond human control. Do not leave self-protection to customers.
It is hardly possible to educate all customers – and it is always better to create a multi-layer security architecture that will provide all the services with the necessary level of security. Remember that insiders are usually involved in half or more cybersecurity incidents. Use security approaches that allow for the detection of suspicious and potentially dangerous activity inside your infrastructure. Make sure that your anti-fraud department is fully staffed during the holiday period.

Loop of Confidence

With the arrival of Apple Pay and Samsung Pay in Russia, many are wondering just how secure these payment systems are, and how popular they are likely to become.

A number of experts have commented on this, basing their opinions on the common stereotypes of Android being insecure and the attacks which currently take place on wireless payments.
In our opinion however, these technologies require a more detailed examination and a separate evaluation of the threats they face. The conventional approach Traditional threats associated with the use of bank cards in ATMs and physical stores have already been studied and described in sufficient detail: the magnetic strip can be read using skimmers; modern versions of skimmers are advanced and very inconspicuous; to read EMV chips, dedicated skimmers have been designed that are planted into payment terminals; wireless payment systems (PayPass, PayWave) are potentially vulnerable to contactless, remote card reading attacks. However, the growth in popularity of mobile devices has given rise to a new type of wireless mobile payment: a regular card payment can now be emulated using the smartphone’s built-in NFC antenna.

The functionality is turned on at the request of the user, meaning there’s less risk than carrying around a card that’s constantly ready to make a payment.

Bank clients, in turn, don’t have to take out their wallets when making a payment, and don’t even have to carry their bank cards around with them. The technology for emulating cards on mobile devices (Host Card Emulation, HCE) may have been inexpensive and available to a broad range of device users starting from Android 4.4, but it had several drawbacks: the payment terminal had to support wireless payments; the eSE (embedded Secure Element) chip made the device more expensive, so initially it was incorporated into just a few top-of-the-range devices from major manufacturers; if the manufacturer decided to cut costs on secure data storage, important information ended up being stored by the operating system which could be attacked by malware with root privileges on the device. However, this didn’t go beyond a few proof-of-concept attacks, because there are plenty of other easier ways of attacking mobile banking systems; the developers attempted to mitigate the risks associated with storing important payment information on a mobile device, e.g. by using secure element in the cloud.

This made smartphone-assisted payments unavailable in locations with unstable mobile services; the risks associated with using software-based HCE storage made it highly advisable to introduce extra security measures into banking applications, making their development more complicated. As a result, for many large banks, as well as users, paying with the help of card emulation using a smartphone is little more than a quirky feature used for promos or simply to show off in public. New technologies The problems described above have given rise to a number of studies, including some by large international companies, in search of more advanced technologies.

The next step in the evolution of mobile payments was tokenized payment systems proposed by major market players – Apple, Samsung, and Google. Unlike card emulation on the device, these systems are based on exchanging tokens.

A token is a unique transaction ID; the card details are never sent to the payment terminal.

This addresses the problem of payment terminals being compromised by malware or skimmers. Unfortunately, this approach has the same problem: the technology has to be adopted and maintained by the manufacturer of the payment terminal. Several years ago, a startup project called LoopPay attempted to address this problem.

The developers proposed a kit consisting of a regular card reader for a 3.5 mm (1⁄8 in) audio jack and a phone case.

Their know-how was a patented technology for emulating a bank card magnetic strip using a signal generated by their dedicated device.
It has to be said that the creators took an early interest in secure data storage (on a dedicated device rather than on the phone) and protection from using the details of other people’s bank cards (personal data checked by comparing information about the user against information from the bank card’s Track 1 information). Later on, Samsung became interested in LoopPay and acquired the startup.

After some time, the Magnetic Secure Transmission (MST) technology became available, complementing Samsung Pay tokenized payments.

As a result, regular users can use their smartphones to make payments at payment terminals that support new wireless payment technologies and use MST at any type of terminal by just placing their device next to the magnetic strip reader. We have been monitoring this project closely, and can now safely say that this technology is, on the whole, a big step forward in terms of convenience and security, because its developers have addressed lots of relevant risks: secure element is used to reliably store data; activation of payment mode on the phone requires the user to enter a PIN code or use a fingerprint; on Samsung devices, a KNOX security solution and basic antivirus are pre-installed – these two block payment features when malware lands on the device; KNOX Tamper Switch – an object of hate among forum-based “experts” – protects against more serious rootkit malware. KNOX Tamper Switch is a software and hardware appliance that irreversibly blocks the device’s business and payment features during any privilege escalation attacks; payment functionality is only available from new devices for which security updates are available, and on which all vulnerabilities are quickly patched; on some of the Samsung smartphones sold in Russia, Kaspersky Internet Security for Android is pre-installed.

This provides extended protection from viruses and other mobile threats. It should be noted that Samsung Pay, when making payments, uses a virtual card whose number is not available to the user, rather than the actual banking card tied to the user’s account.

This method of payment works just fine when there is no Internet connection. New old threats There’s no doubt that the new technology has become an object of interest for security researchers. Potential attacks do exist for it and were presented at the latest BlackHat USA conference.

These attacks may still only be potential threats, but we should still stay alert.

Banks are just planning to introduce biometric authentication on ATMs in 2017, but cybercriminals are already collecting intelligence on which hardware manufacturers are involved, what sort of vulnerabilities exist in the hardware, etc.
In other words, the technology is not even available to the wider public yet, but cybercriminals are already searching for weaknesses. Cybercriminals are also studying Apple and Samsung’s technologies.

To makes things worse for Russian users, these technologies only arrive in the Russian market a year after they are launched in Western countries. Cybercriminals discussing the prospects of exploiting Apple Pay in Russia At the same time, cybersecurity researchers tend to forget about conventional fraud, which mobile vendors are completely unprepared for as they enter a new sphere of business. Wireless payments have made card fraudsters’ lives much easier both in terms of online trade and shopping in regular stores.

They no longer have to use a fake card with stolen card data recorded onto it, and thus run the risk of getting caught at the shop counter – now they can play it much safer by paying for merchandise with a stolen card attached to a top-of-the-range phone. Alternatively, a fraudster can simply buy merchandise and gift cards in an Apple Store.
In spite of all the security measures taken by Apple, the Apple Pay fraud rate in the US was 6% in 2015, or 60 times greater than the 0.1% bank card fraud. Samsung Pay also sacrificed some of the useful anti-fraud features for usability after it purchased the startup; one being that accounts be rigidly attached to the cardholder’s name.

For instance, I added my own bank card to my smartphone, and then added my colleague’s as well; in the original LoopPay solution, this was impossible. To conclude, it’s now safe to say that the new tokenized solutions are indeed more secure and convenient compared to their predecessors. However, there’s still plenty of room for improvement when it comes to security, and that’s very important for the future prospects of the technology.

After all, no one likes to lose money, be it banks or their clients.
Mobile payments going gangbusters, beams Visa Consumers use of a mobile device – either a smartphone, tablet or wearable – to make payments has tripled over the past year, according to a Visa-backed survey. The number of Europeans regularly using a mobile device for payments has tripled from 18 per cent to 54 per cent since 2015, according to the results of an online poll of 36,000 consumers in 19 European countries. Uptake is strong in both developing markets, such as Turkey, where mobile has leapfrogged traditional payment methods, and in tech-savvy markets, such as the Nordics. In the UK, over two-fifths (43 per cent) purchase high-value items such as holidays and electronics on a mobile device as well as using their mobiles regular transactions such as paying household bills (42 per cent) and buying bus or train tickets (41 per cent). More than half the Brits surveyed (58 per cent) used contactless cards this year, up from 20 per cent in 2015. Meanwhile mobile banking activity is increasing across all age groups, according to Visa. The launch of Apple Pay and Android Pay in Europe is helping to push the payments by mobile device trend, which Kevin Jenkins, UK & Ireland managing director at Visa, described as the “future of digital payments”. Infosec experts struck a much more cautious note. Mark James, security specialist at ESET, commented: “It’s no surprise that mobile payments are now becoming more widely used and now we have integrated biometric authentication into our phones it definitely makes it a lot safer for the end user to utilise that technology to their advantage.” “Using a mobile device is so easy, from getting the payment card on to the phone through to actually making the payment and much like credit cards, often too easy,” James added. “Phone manufacturers want your device to be the very centre of your digital life; it interacts with us throughout the day and often is used to wake us first thing in the morning.
It makes sense that our finances will also be controlled and managed from these devices and we will definitely see more and more companies making it easy for us to pay on mobile devices.

But let’s not forget security; it is very important to understand the risks of using your phone for payments, boarding passes and everything else we do.” ® * Tap (mobile phone) to pay.

The phrase "pay by bonk" was coined by former Reg mobile supremo Bill Ray back in 2012...
iOS 10.2  iOS 10.2 introduces new features including the TV app (US Only), a new and unified experience for accessing your TV shows and movies across multiple video apps.

Emoji have been beautifully redesigned to reveal even more detail and over 100 new emoji have been added including new faces, food, animals, sports, and professions.

This update also includes stability improvements and bug fixes.   TV Use Up Next to see the movies and shows you’re currently watching and pick up where you left off Get recommendations for new movies and TV shows in Watch Now  Discover new apps and the latest iTunes releases in the Store  Access the Library for your iTunes purchases and rentals   Emoji Beautifully redesigned emoji that reveal even more detail Over 100 new emoji including new faces, food, animals, sports, and professions   Photos Improves stabilization and delivers faster frame rate for Live Photos Improves accuracy of groupings of similar photos of the same person in the People album Fixes an issue where Memories might generate a memory from photos of screenshots, whiteboards or receipts Fixes an issue where the camera would stay zoomed in after switching back from the Camera Roll on iPhone 7 Plus Additional support for RAW digital cameras   Messages Adds new love and celebration full screen effects in Messages Fixes an issue that sometimes prevented the keyboard from displaying in Messages   Music Swipe up the Now Playing screen to more easily access Shuffle, Repeat and Up Next Choose how to sort Playlists, Albums, and Songs in Library   News Stories you’ve saved for later now appear in the new Saved section The best paid stories from channels you subscribe to will now appear in a dedicated section in For You It’s now easier than ever to get to the next story, just swipe left or tap Next Story while reading   Mail Fixes an issue that caused the Move sheet to persist after filing a Mail message Addresses an issue with long press activating copy and paste in Mail Fixes an issue in which the wrong message would be selected after deleting a Mail conversation   Accessibility Adds BraillePen14 support to VoiceOver Fixes an issue where the braille table could switch unexpectedly with VoiceOver Fixes an issue where sometimes Siri enhanced voices were unavailable to VoiceOver Fixes an issue where VoiceOver users could not re-order items in lists Fixes an issue where Switch Control was sometimes unable to delete Voicemails   Other improvements and fixes Adds notification support for HomeKit accessories including window coverings, occupancy, motion, door/window, smoke, carbon monoxide, and water leak sensors Adds notification support for HomeKit accessories when software updates are available to HomeKit accessories  Improves Bluetooth performance and connectivity with 3rd party accessories Fixes an issue that could cause FaceTime participants to appear out of focus Fixes an issue that could cause FaceTime calls to appear with incorrect aspect ratio and orientation Fixes an issue that prevented some Visual Voicemail from completing playback Fixes a Safari Reader issue that could cause articles to open as empty pages Fixes an issue that could cause Safari to quit unexpectedly after marking an item as read in Reading List   For information on the security content of Apple software updates, please visit this website: https://support.apple.com/HT201222 iOS 10.1.1 This update fixes bugs including an issue where Health data could not be viewed for some users. For information on the security content of Apple software updates, please visit this website:  https://support.apple.com/kb/HT201222 iOS 10.1 This update includes Portrait Camera for iPhone 7 Plus (beta), transit directions for Japan, stability improvements and bug fixes. Camera and Photos Introduces Portrait Camera for iPhone 7 Plus that creates a depth effect that keeps your subject sharp while creating a beautifully blurred background (beta) People names in the Photos app are saved in iCloud backups Improved the display of wide color gamut photos in the grid views of the Photos app Fixes an issue where opening the Camera app would show a blurred or flashing screen for some users Fixes an issue that caused Photos to quit for some users when turning on iCloud Photo Library Maps Transit support for every major train, subway, ferry, and national bus line, as well as local bus systems for Tokyo, Osaka, and Nagoya Sign-based transit navigation including layouts of all underground structures and walkways that connect large transit stations Transit fare comparison when viewing alternative transit routes Messages New option to replay bubble and full screen effects Messages effects can play with Reduce Motion enabled Fixes an issue that could lead to contact names appearing incorrectly in Messages Addresses an issue where Messages could open to a white screen Addresses an issue that could prevent the report junk option from displaying with unknown senders Fixes an issue where videos captured and sent in the Messages app could be missing audio Apple Watch Adds distance and average pace to workout summaries in the Activity app for outdoor wheelchair run pace and outdoor wheelchair walk pace Fixes issues that may have prevented Music playlists from syncing to Apple Watch Addresses an issue that was preventing invitations and data to appear in Activity Sharing Fixes an issue that was allowing Activity Sharing to update over cellular when manually disabled Resolves an issue that was causing some third-party apps to crash when inputting text Other improvements and fixes Improves Bluetooth connectivity with 3rd party accessories Improves AirPlay Mirroring performance when waking a device from sleep Fixes an issue where playback would not work for iTunes purchased content when the “Show iTunes Purchases” setting is turned off Fixes an issue where certain selfie apps and face filters used with the FaceTime HD Camera on iPhone 7 and iPhone 7 Plus did not display a live preview Fixes an issue in Health where individual strokes are converted to separate characters when using the Chinese handwriting keyboard Improves performance of sharing websites from Safari to Messages Fixes an issue in Safari that caused web previews in tab view to not display correctly Fixes an issue that caused certain Mail messages to be reformatted with very small text Fixes an issue that caused some HTML email to be formatted incorrectly Fixes an issue that in some cases caused the search field to disappear in Mail Fixes an issue that could prevent Today View Widgets from updating when launched Fixes an issue where Weather widget sometimes failed to load data Fixes an issue on iPhone 7 where Home Button click settings would not appear in search results Fixes an issue that prevented spam alert extensions from blocking calls Resolves an issue that could prevent alarm sounds from going off Fixes an issue where audio playback via Bluetooth would cause the Taptic engine to stop providing feedback for some users Resolves an issue preventing some users from restoring from iCloud Backup For information on the security content of this update, please visit this website: https://support.apple.com/HT201222 iOS 10.0.3 iOS 10.0.3 fixes bugs including an issue where some users could temporarily lose cellular connectivity.  For information on the security content of this update, please visit this website: https://support.apple.com/kb/HT201222     iOS 10.0.2 iOS 10.0.2 fixes bugs and improves the stability of your iPhone or iPad.

This update:   Addresses an issue that could prevent headphone audio controls from temporarily not working Resolves an issue that caused Photos to quit for some users when turning on iCloud Photo Library Fixes an issue that prevented enabling some app extensions   For information on the security content of this update, please visit this website: https://support.apple.com/kb/HT201222   iOS 10.0 - iOS 10.0.1 Messages Expressive Messaging Bubble effects let you send messages loudly, gently, slam or with invisible ink Full-screen effects to celebrate special moments Tapback for quick replies to messages, links, and photos Handwritten messages animate like ink on paper Digital Touch lets you send sketches, taps, and heartbeats Tap to replace can emojify your text with just a tap Rich links show a preview of web pages you share iMessage apps New App Store for iMessage Use the power of apps in Messages to share and collaborate with friends Download stickers to send and place on text bubbles and photos   Siri Siri now works with the following types of apps Messaging apps to send, search and read back text messages VoIP apps to place phone calls Photos apps to search for images and photos Ride service apps to book rides Payment apps to make personal payments Fitness apps to start, stop, and pause workouts CarPlay automaker apps to adjust climate, radio, seat, and personal settings   Maps All new look Proactive suggestions for places you’re likely to go next, based on your routine or appointments in Calendar Improved search with new callout design, clustered results and category filters Home, work, favorite locations, and locations from upcoming Calendar events are displayed on the map Displays where your car is parked via CarPlay or Bluetooth Weather for the currently viewed area Extensions Make a reservation within Maps using extensions from participating reservations apps Book a ride to a destination within Maps using extensions from participating ride service apps Turn-by-turn navigation improvements Search along route for gas stations, food, and coffee shops Automatic view adjustment of the road ahead Use pan and zoom during navigation Option to avoid tolls and highways   Photos Advanced face recognition designed with deep learning to automatically group similar faces together Object and scene recognition to intelligently search for photos by what’s in them using advanced computer vision that scans your library locally on device Places album to see all your photos, videos and Live Photos on a map Memories Intelligently highlights forgotten events, trips, and people, and presents them in a beautiful collection Memory movies automatically edited with theme music, titles, and cinematic transitions Related memories make it easy to rediscover even more photos in your collection, based on location, time, people, scenes and objects Easily share with family and friends Brilliance control applies region-specific adjustments to brightness, highlights and contrast   Home New Home app to securely manage and control HomeKit enabled accessories Scenes to control groups of accessories with just a tap Rich Notifications with quick actions to control accessories Optionally share home access with family and friends Remote access and automation of accessories with Apple TV or iPad   Apple Music An all-new design for Apple Music brings greater clarity and simplicity to every aspect of the experience Navigate your Library with an improved menu and see all of the Downloaded Music that you can play on your device while offline See recommendations in For You that highlight mixes, playlists, albums, and Connect posts—selected for you based on the music and artists you love Visit Browse to more easily see exclusive releases, find curated playlists, and discover the most important new releases—picked by our editors each week Listen to Radio more easily—clearly see what’s live on Beats 1, hear your favorite shows on-demand, or choose a curated station for any genre of music Play music with an improved Now Playing experience—swipe up to view available lyrics and quickly see or edit songs that are coming up next   Apple News An all-new design in For You adds bold typography, vibrant color, and distinct sections that make it easier to find stories on specific topics See the most important stories of the day within Top Stories—updated by our editors throughout the day Find the most popular stories right now within Trending Stories—selected based on what others are reading See all of your stories grouped into easy-to-understand sections on the topics you follow or read Discover the best and most interesting stories of the week within Featured Stories—selected by our editors Share stories more easily—just tap the icon on any story to send it to a friend right from For You Receive breaking news notifications from some of your most trusted sources Subscribe to your favorite magazines and newspapers directly in News New personalized Today View widget lets you keep up with the latest stories throughout the day   Experience Raise to Wake automatically wakes the screen as you raise your iPhone Rich notifications that support real time information, audio, photos and videos Today view is redesigned and supports all new widgets for apps like Weather, Up Next, Maps, Stocks and more Control Center is redesigned with easier to access controls including dedicated cards for music playback and Home Expanded use of 3D Touch Lock screen notifications to support an expanded view and access to quick actions New quick actions for built in apps like Weather, Stocks, Reminders, Health, Home, FaceTime, iCloud Drive and Settings Home Screen widgets Control Center for access to quick actions for Flashlight, Timer, Calculator and Camera Clear all in Notification Center   QuickType New emoji, including gender diverse options to existing characters, single parent family variations, rainbow flag and beautiful redesigns of popular emoji Contextual predictions for current location, recent addresses, contact information and calendar availability using deep neural network technology Emoji predictions Calendar events are intelligently populated using deep learning technology with information from your conversations in Mail and Messages Multi-lingual typing now lets you type in two languages at once without having to switch keyboards Rest & Type on iPad intelligently adapts to your unique typing patterns Predictive typing now uses deep neural network technology for greater prediction accuracy   Phone Voicemail transcription (beta) Spam call alerts with spam call identification apps Support for third party VoIP apps receiving calls on the Lock screen, including support for Call Waiting, Mute and Do Not Disturb   Other improvements Apple Pay in Safari View two pages at once using Split View in Safari on iPad Notes collaboration lets you invite people to work on your notes together Markup support in Messages, Photos and PDFs stored in Notes Bedtime Alarm in the Clock app lets you set a regular sleep schedule and receive bedtime reminders Health adds support for health records and organ donation (US Only) Stabilization support for Live Photos for improved camera capture Live Filters support when capturing Live Photos iCloud Drive now supports Desktop and Documents folders from macOS Live search results in Spotlight for Chinese and Japanese Siri support for Spanish (Chile), Chinese (Cantonese - China), English (Ireland), English (South Africa) Ling Wai and Kaiti Black document fonts for Chinese Yu Kyokasho and Toppan Bunkyu fonts for Japanese New definition dictionaries in Traditional Chinese and Danish and bilingual dictionaries in Dutch and Italian New keyboard for Spanish (Latin America)   Accessibility Magnifier now uses the camera on your iPhone or iPad like a digital magnifying glass for real-life objects New range of display color filters to support different forms of color blindness or other vision challenges VoiceOver adds a Pronunciation Editor to customize the way words are pronounced, additional voices, and support for multiple audio sources Additional text highlighting options in Speak Screen and Speak Selection, as well as the ability to speak keyboard letters and predictive typing suggestions to support multi-modal learning Switch control now lets you control iOS, macOS and tvOS all from the same iPhone or iPad, so you don’t need to configure switches for the secondary device Software TTY allows you to place and receive TTY calls without the need for traditional hardware teletypewriter accessories Some features may not be available for all countries or all areas, for more information visit:    http://www.apple.com/ios/feature-availability and http://www.apple.com/ios/whats-new For information on the security content of this update, please visit this website:       http://support.apple.com/kb/HT1222
Languages Download icon watchOS 3.1.3  This update includes improvements and bug fixes. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 watchOS 3.1.1  This update includes improvements and bug fixes. Fixes an issue that could prevent contact names from appearing in the Messages app and notifications Fixes an issue that could impact ability to respond to notifications Resolves an issue where the Stocks complication may not update on the watch face Fixes an issue that may prevent the Activity rings from displaying on the Activity watch faces Fixes an issue that prevented the dials on an analog watch face from appearing after changing the temperature unit in the Weather app Resolves an issue that could cause the Maps app to stay launched after navigation has ended Resolves an issue where the incorrect date could be displayed in the Calendar app month view For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 watchOS 3.1 This update includes improvements and bug fixes. New option to replay bubble and full screen effects in Messages Messages effects can play with Reduce Motion enabled Fixes an issue that could cause the notification for Timer complete to be delivered twice Resolves an issue that could prevent Apple Watch Series 2 from fully charging Resolves an issue where Activity rings may disappear from the watch face Fixes an issue that prevented Force Touch options from appearing in some third-party apps For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 watchOS 3.0 This update includes support for pairing multiple watches to one iPhone, Maps improvements and new language support.

This release also includes additional improvements and bug fixes. Performance and Navigation Press the side button to access your favorite apps in the Dock Apps in the Dock launch instantly with already updated information Add up to 10 apps in the Dock, control music from Now Playing or launch your most recently used app Swipe edge-to-edge to quickly switch your watch face Swipe up from the bottom of your watch face to access important settings in Control Center Watch faces New Minnie Mouse, Activity, and Numerals watch faces Complications now available on Photo, Photo Album, Timelapse, and Motion New complications including Workout, Music, and Messages New Face Gallery in the Apple Watch app on iPhone to add and customize watch faces Discover and add third party complications in the Face Gallery Activity Ability to share and compare your Activity rings Rank alphabetically, or by progress towards Move goal, Exercise goal, steps or today’s workouts Automatic notifications when a friend completes their rings, finishes a workout, or earns an achievement Customized smart replies for encouragement or smack talk New Sharing tab in the Activity app on iPhone to view history Workout Quick Start for most commonly used workouts Multiple metric view, customizable for each workout type New gestures for pause, resume, and marking segments Labels for “Other” workouts to keep track of Yoga, Pilates, Cross Training, and more Auto-pause for running workouts Siri support for pause, resume, and end workouts Route maps with speed indicators for outdoor workouts Wheelchair use Activity rings optimized for wheelchair users Accounts for varying speeds, terrains, and pushing techniques Pushes contribute to all-day calorie goals Time to roll notification and roll ring New Outdoor Run Pace and Outdoor Walk Pace workouts Breathe New Breathe app to take a moment in your day for short deep breathing sessions Calming visualization and haptic cues guide you while you inhale and exhale Adjust session length and breaths per minute Summary upon completion including heart rate Time to breathe reminders Weekly summary Communication Expressive Messaging Full-screen effects to celebrate special moments Tapback for quick replies to messages, links, and photos Handwritten messages animate like ink on paper Send recent built-in or third-party stickers View secret messages with invisible ink Scribble Write words on the display and Apple Watch will convert the handwriting to text Use the Digital Crown to scroll through predicted options Available in English (US), Traditional Chinese, and Simplified Chinese Reply options available in the Messages and Mail notification, including Digital Touch, emoji, and smart replies New emoji, including gender diverse options to existing characters, single parent family variations, rainbow flag, and redesigns of popular emoji Emergency SOS Press and continue to hold the side button to call emergency services Automatically notify SOS contacts and share your location Display your Medical ID with information about medications, allergies, and medical conditions Adjusts the emergency number to your current location Home New Home app to control HomeKit enabled accessories Enable scenes created on your iPhone to control groups of accessories with just a tap Control favorite accessories from your wrist, even remotely with Apple TV or iPad Support for IP cameras to see live video in rich notifications and accessory controls Other improvements New Reminders app for managing scheduled reminders, grocery lists, and more New Find My Friends app for viewing location of friends and family Pay with Apple Pay within third party apps Delete events and switch calendars in Calendar app Support for FaceTime Audio calls directly from Apple Watch Search for Settings in Apple Watch app on iPhone Camera app controls for Flash, Live Photos, HDR, Zoom, Burst, and Front or Rear facing Siri support for Spanish (Chile), Chinese (Cantonese - China), English (Ireland), English (South Africa) Some features may not be available for all countries or all areas. For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222
EnlargeSnow White, Disney Films reader comments 47 Share this story Apple's battle with the European Union’s competition watchdog has been backed by the US government, which on Wednesday waded into the complaint over the iPhone maker's tax arrangements. The US treasury warned in a white paper that Brussels' ongoing investigation into Apple’s tax deal with Ireland could “create an unfortunate international tax policy precedent.” On Thursday, the European Commission responded that there was “no bias” against US companies. After two years of investigations, antitrust chief Margrethe Vestager is expected to issue a decision on allegations of tax dodging by Apple in the autumn. The commission is considering whether the company used so-called “transfer pricing arrangements” to move profits around in order to avoid tax.
Ireland is implicated in letting Apple pay a tiny amount of tax.

Technically, this means that it may have benefited from illegal state aid. “Tax rulings may involve state aid within the meaning of EU rules if they are used to provide selective advantages to a specific company or group of companies,” the commission states. But the US treasury warned that Vestager's office was in danger of overstepping its bounds “beyond enforcement of competition and state aid law under the TFEU [Treaty on the Functioning of the EU] into that of a supra-national tax authority.” It said it was considering “potential responses should the commission continue its present course,” adding: “a strongly preferred and mutually beneficial outcome would be a return to the system and practice of international tax cooperation that has long fostered cross-border investment between the United States and EU member states.” Vestager has already ordered the payment of more than €20 million in back taxes from Starbucks and Fiat Chrysler over similar tax deals with the Netherlands and Luxembourg, and Ireland could be instructed to reclaim up to tens of billions of dollars from Apple. The US government's bean counters are worried about the crackdown, however: There is the possibility that any repayments ordered by the commission will be considered foreign income taxes that are creditable against US taxes owed by the companies in the United States.
If so, the companies’ US tax liability would be reduced. To the extent that such foreign taxes are imposed on income that should not have been attributable to the relevant member state, that outcome is deeply troubling, as it would effectively constitute a transfer of revenue to the EU from the US government and its taxpayers. Put another way, the US treasury appears to be saying: "we get to tax our multinationals, not the EU." Apple CEO Tim Cook has always denied any wrongdoing. The commission has also been pursuing a similar investigation against Amazon in Luxembourg and has warned that other cases may be on the way. “A substantial number of additional cases against US companies may lead to a growing chilling effect on US-EU cross-border investment,” the treasury hit back. On Thursday, the commission's spokesperson, Alexander Winterstein, said that it had taken note of the white paper, before drily saying that EU state aid rules have been in place for years. “With regard to the insinuation of bias, let me repeat what commissioner Vestager has been saying, which is that EU law and competition rules apply indiscriminately to all companies operating in Europe, whether they are big companies or small companies, whether they are companies that are European or companies from outside Europe.

There is absolutely no trace of a bias here,” he added. This post originated on Ars Technica UK