On April 10, 2020, Atlanta-based fintech firm Brightwell was navigating more than the deadly COVID-19 pandemic. It all started with a series of customer phone calls. That morning sometime between 7 a.m. and 8 a.m., Brightwell received word from the customer service team that customers called to complain about missing funds, says Ernie Moran, at the time Brightwell’s senior vice president of risk. Under normal circumstances, if users noticed a discrepancy upon logging into their app, the company typically would look into the problem to determine whether the customer mistakenly overspent or a fraud had occurred. Unfortunately for Brightwell, it was the latter. “I would say the next 24 hours was the most insane 24 hours I think we’ve ever had at Brightwell,” Moran says. “From that point forward, we started hearing from more and more customers. And you start the research process, and you start going into the platform, the processor platform, and looking at the data.” Brightwell spent the following weeks dissecting the damage of an attack that resulted in $2.5 million stolen in the span of four hours, Moran says. With the pandemic pushing more transactions online,
Read more : Security Lessons From a Payment Fraud Attack.