Skip to main content

Payment Fraud Exposed: Top Techniques and How Financial Institutions Respond


Payment fraud (i.e. the unauthorized or deceptive use of stolen payment information to obtain money, goods, or services) remains a major challenge for financial institutions. With new regulations requiring banks to compensate fraud victims, fraud prevention has become a top priority. However, fraud techniques are evolving rapidly, often outpacing even the most diligent security measures.

This blog explores the types of financial fraud and the strategies institutions use to protect customers.

In this article, we categorize payment fraud into six primary types and discuss the tactics behind each.

  • Account Takeover and Identity Theft: Fraudsters gain unauthorized access to a customer’s account and initiate transactions under the customer’s identity.

  • Authorized Push Payment (APP) Fraud: Customers unknowingly authorize payments to fraudsters.

  • Deposit Scams: Fraudsters trick customers into believing they have received a legitimate deposit.

  • Internal Fraud: Employees manipulate or intercept funds, sometimes in collusion with external actors.

  • Chargeback and Return Fraud ("friendly fraud"): This involves customers disputing legitimate charges or exploiting return policies to gain refunds.

  • External Hacking attack: Fraudsters hack into financial institutions' systems to extract data, initiate fraudulent transactions or carry out malicious actions.

Let us explore these six types a bit more in detail.

Account Takeover and Identity Theft

Account fraud typically involves unauthorized access to a customer’s account, often achieved by bypassing the authentication factors set by financial institutions to secure account access. Therefore, understanding which authentication factors are in place, how they may be bypassed, and what actions financial institutions can take to enhance security is crucial.

Authentication factors fall into three main categories:

  • Possession (Something You Have): Examples include a bank card or a mobile device used to receive verification codes or generate OTPs via an authenticator app. Common bypass methods involve physical theft, such as stealing a card or phone, or skimming (e.g. creating a duplicate of a card at an ATM or merchant terminal). While customers bear most of the responsibility for safeguarding these items, financial institutions can support security by offering swift, user-friendly options for device deactivation in case of loss or theft. Financial institutions should also offer the possibility for temporary deactivation, allowing customer to still unblock (without cost and inconvenience) if the item can be quickly recovered.

    Another challenge with possession-based authentication is the reset procedure when customers replace their phones or phone numbers, requiring re-linking with their accounts. While necessary, this process introduces potential vulnerabilities that fraudsters may exploit.

  • Knowledge (Something You Know): This factor relies on information only the customer should know, like card details (card number, card expiration date and CVV), passwords, PIN codes, or security questions.
    Fraudsters use several methods to obtain this information:

    • Brute Force Attacks: Here, fraudsters systematically try multiple secrets, often trying first common secrets like for passwords "12345678", "password" or "qwerty". Financial institutions can mitigate this by limiting login attempts, requiring strong secrets (e.g. minimum number of characters), and banning frequently used passwords and PIN codes (like 1234 or 9876 or even birth of customer).

    • Password Reuse: Many users recycle passwords across accounts as they do not want to memorize multiple long, complicated passwords. This makes them as vulnerable as the least secure site they use. When one site is compromised, fraudsters use a technique called "credential stuffing", i.e. they use automated software to try a large number of leaked credentials on other sites.
      Interesting here is the concept of specialization in criminal networks. A first group hacks poorly secured websites to gain a large number of credentials, which is then sold to a second group using automated software to test them out on financial service websites and finally a third group really commits the fraud.

      Financial institutions can combat this by alerting customers if their credentials appear in data breaches (e.g. via https://haveibeenpwned.com), encouraging unique passwords (e.g. via password manager tools), and monitoring login activity - including failed logins - to block potential credential stuffing (via throttling and blacklisting IP or MAC addresses) and block immediately accounts for which a successful login happened in the past from IP/MAC address identified as doing "credential stuffing".

    • Phishing, Hacking, and Physical Methods: Fraudsters use also multiple techniques to directly obtain the credentials of a customer for the account of a financial institution, e.g.

    • Phishing: fraudsters use phishing mails (Email phishing, Spear phishing or Whaling), SMS (Smishing) and calls (Vishing) to trick people into providing personal information (e.g. asking to provide secret credentials or even rebuilding complete look-a-like websites of a financial institution’s website) or clicking on a link that installs malware (e.g. keylogging software) on their computer (e.g. Fake parcel delivery texts). Via social engineering the phishing scams can use very personalized information (e.g. names of colleagues or info about recent purchases you did) to win someone’s trust.  

    • Hacking: the customer’s computer system is hacked into (by targeting unpatched software and other cybersecurity weaknesses) and the criminal steals sensitive information.

    • Physical methods: criminals can also exploit physical methods, like searching through trash or recycling bins or stealing wallets and purses.

Financial institutions can combat this by educating customers, e.g. clearly informing that financial institutions will never ask for credentials via SMS, mail or phone or learn customers to recognize phishing attacks, like incorrect URLs, sense of urgency, tone which does not correspond with the tone of the financial institution, communication not in customer language…​ Additionally they can learn customers to always use direct site access (i.e. never access the financial institution via a link).
Finally an indication in the banking app, that you can see if a call is coming from the bank, allows customers also to check if a call is legitimate.

  • Exploiting Reset Procedures: Password resets are a necessary but risky process, especially if the customer’s email has also been compromised. Advanced reset procedures requiring multi-layer verification can reduce this vulnerability.

  • Direct Attacks on Financial Institutions: While all above credential theft techniques are directed at customers, fraudsters often also target financial institutions directly to obtain credentials—call center fraud being a common example.
    Every financial institution has a customer support desk capable of executing certain financial transactions. In call center fraud, a fraudster contacts the support desk, impersonating a legitimate customer. Traditionally, support desk employees would verify identity by asking for personal information such as a birth date, national register number, Social Security number, or answers to security questions (e.g. "What’s the name of your first pet?" or "What’s your favorite color?"). However, with so much personal information readily available online and on social media, criminals can often gather this data with ease.
    To counter this, financial institutions now deploy advanced authentication techniques, such as pushing an in-app verification notification that the customer must confirm. Since mobile banking apps are typically secured with strong protections, this ensures the call center employee can confirm they are speaking with the actual account holder.
    However, this approach has its limitations. Not all customers — such as older individuals — have access to a mobile app or may not be able to use it at the time of the call. Ironically, one reason a customer might call the support desk is to resolve an issue with their mobile app, which could make this method impractical in such scenarios.


  • Biometric Authentication (Something You Are): Biometric authentication — fingerprints (cfr. Touch ID), facial recognition (cfr. Face ID), iris scans (cfr. Sam Altman’s crypto project World) — is often considered secure because it is unique and difficult to transfer. However, biometrics are not foolproof. Techniques like AI deep fakes, AI voice cloning or fingerprint spoofing can pose risks, and biometric data breaches can have long-term consequences, as stolen biometrics cannot be changed.
    Financial institutions should rely on local storage for biometrics and use encrypted mathematical representations instead of raw biometric data. Additional security, such as requiring certain actions (e.g. blinking or moving) for facial recognition, can help prevent deep-fake spoofing.


Individually, each authentication factor clearly presents challenges, so the most effective defense combines multiple factors. Multi-factor authentication (MFA), e.g. 3D Secure (3DS) for online card payments, significantly raises the bar for fraudsters. However, it is important to balance security with usability, as excessive MFA can frustrate customers.

To address this, financial institutions increasingly use risk-based authentication. Here, the required level of authentication varies based on the transaction’s risk level. Factors like transaction type, counterpart, amount, and contextual information help assess risk, e.g.

  • Location Factor (somewhere you are): this additional authentication factors takes all kind of information of the location where the customer is, e.g. geo-location, but also information about the device where customer is working on (IP address, MAC address, Browser model and version, Operating system, Hardware device information…​).

  • Time Factor (what time is it): based on the customer’s profile, there are typical hours when this customer will perform an action. E.g. a customer working at daytime, will unlikely do certain financial actions during the night.

  • Behavior Factor (something you do): here the activity of the user during the session is observed, e.g. Mouse movements, keystroke patterns, how the customer holds his mobile device or the typical way a customer navigates (e.g. actions a user usually does in a session).

For more insights on "Multi-factor authentication", see my blog: "Multi-Factor Authentication and Identity Fraud Detection in the Financial Services Industry" (https://bankloch.blogspot.com/2020/02/multi-factor-authentication-and.html).

The goal of this layered approach is to maintain strong security while minimizing user friction. Financial institutions can adaptively require extra authentication, send alerts and notification (e.g. mail or SMS to customer when unusual activity is detected), or even temporarily block accounts if suspicious activity is detected, achieving a good balance between security and user experience.


Authorized Push Payment (APP) Fraud

In this type of fraud, customers unknowingly initiate payments to fraudsters. Common techniques include:

  • QR Code Scams: Fraudsters manipulate QR codes to redirect funds to their accounts.

  • Invoice (falsification) fraud: Criminals alter invoices to reroute payments to fraudulent accounts.

  • CEO Fraud: Criminals impersonate a company’s CEO or another high-ranking executive to push an employee to authorize fraudulent payments.

  • Advance fee fraud: Here, fraudsters lure victims with enticing but unrealistic investment opportunities or promises of substantial rewards, such as fake lottery winnings, in exchange for an upfront payment. Once paid, victims either lose contact with the fraudster or are pressured into further payments to unlock even larger returns.

  • Fraudulent merchants and charities: In these cases, fraudsters pose as legitimate merchants or charities (sometimes replicating well-known websites) to deceive customers into making purchases, only to steal the funds. Social media marketplace scams continue to rise and becoming one of the major causes of fraud nowadays.

To combat these types of fraud, financial institutions can implement several countermeasures, including:

  • Customer education: Financial institutions should educate customers on recognizing these scams. Recommended steps include double-checking messages through alternate channels, reconciling invoices with order forms, validating payments through appropriate managers and recognizing common scam traits like urgency, unusual requests, foreign account numbers or unrealistic promises ("if it sounds too good to be true, it likely is").

  • Verification of Payee (VoP): VoP services verify if the name of recipient of a payment provided by the payer corresponds with the account holder of the beneficiary account. Such a check helps to prevent both authorized push payment (APP) fraud and misdirected payments. Companies like SurePay, OB Connect, Worldline, Tell Money, iPiD and Banfico offer these services.

  • Extra Controls and Warnings: Banks can add controls and issue warnings for payments to new recipients or large transactions.

  • Trusted Contacts: Customers can invite a trusted friend or family member to review transactions exceeding a certain limit. This added layer of validation helps prevent fraudulent transfers by involving someone the customer trusts.

  • Counterparty Risk Verification: Financial institutions can leverage data to verify a counterparty’s credibility, solvency, and liquidity (cfr. CPRA software of Capilever). Offering this verification to customers could reduce fraud by assessing the legitimacy of URLs or verifying company names and company registration numbers. Crowd-sourcing tools enable financial institutions to maintain comprehensive, current lists of known fraudulent websites.


Deposit Scams

This type of fraud occurs when fraudsters deceive customers into believing they have received a legitimate deposit. For example, a fraudster posing as a buyer of a second-hand laptop might show a fake payment confirmation to the seller. Convinced the payment has been made, the seller hands over the laptop, only to later discover that no payment was ever received. Fraudsters may even use counterfeit banking apps to create realistic-looking payment confirmations, further tricking victims into believing the transaction was completed.

Solutions to prevent such scams include implementing real-time payment confirmations through instant payments and utilizing Request-to-Pay (RtP) services, which allow sellers to verify transactions before releasing goods.


Internal Fraud

Bank employees themselves can manipulate or intercept funds, sometimes acting in collusion with other employees or external fraudsters. Common examples of internal fraud include:

  • Payment Injection: Adding unauthorized payments to the payment flow after all compliance checks have been completed.

  • Payment Suppression: Deleting legitimate payments within the flow.

  • Payment Tampering: Modifying key payment details, such as the creditor’s account number or the transaction amount.

  • Collaboration with External Actors: Employees may assist in hacking attempts or share sensitive customer information, enabling fraudsters to carry out attacks.

Financial institutions can mitigate internal fraud risks through:

  • Business Activity Monitoring: Payments should be monitored at various interception points throughout their lifecycle. For instance, an injected payment would lack prior interception events, while tampered payments would show inconsistencies in attributes between consecutive interception points.

  • Internal Fraud Monitoring: Identifying suspicious patterns in payments can help detect fraudulent activity by employees.

  • Robust Internal Security: Measures such as unique user credentials, strong authentication mechanisms, data encryption, four-eyes (dual approval) controls, and clear segregation of roles and responsibilities can minimize risks.

  • Access and Audit Logs: Tracking all employee activities and conducting regular audits is crucial. For sensitive accounts—such as those belonging to employees, high-net-worth individuals, or celebrities—spot checks should be conducted. These checks involve asking employees to justify their access to specific data to ensure it aligns with legitimate business needs.


Chargeback and Return Fraud

Sometimes called "friendly fraud" this involves a customer disputing legitimate charges or exploiting return policies to gain refunds. Typical examples are:

  • They did not authorize a transaction to get a refund or to avoid paying for goods or services that they received

  • They never received the goods or services that they ordered, when in fact they did

  • The goods or services they received were not as described or were defective

Obviously most of the measures here need to be taken by merchants, like clear policies and procedures in place for handling customer complaints and disputes, documenting all transactions and customer interactions as evidence in the event of a claim, signatures upon receipt of goods, tracking information for deliveries, clear communication on return and refund policies to customers.

Financial institutions can help to educate merchants about this type of fraud, but also collect info about customers who have committed friendly fraud and potentially block them of certain payments.


External Hacking attack

Finally, there is the possibility that the financial institution is externally hacked and is compromised as such. The result can be that the hackers:

  • Gain access to data and sell this data on black market for social engineering purposes

  • Gain access to data and use to blackmail the financial institution, as they could make secret financial information about their customers public.

  • Gain access to operational system and execute certain financial transaction

  • Ransomware: software that locks a user’s files and devices, rendering them inaccessible. Cybercriminals will demand a ransom, usually in cryptocurrency, to unlock them.

  • Man-in-the-middle attacks, i.e. place certain software to detect authentication credentials of customers and use those to legitimately authenticate on customer account

Obviously, financial institutions protect themselves against this via proper security mechanisms (advanced firewalls, encryption, immediate patching of vulnerabilities, proper internal authentication…​) and by educating employees about the risk their actions impose.


Conclusion

While targeted strategies are essential for addressing each above-described type of fraud, a holistic (360°) approach is the most effective defense. By centralizing authentication, activity, and transaction data, financial institutions can more effectively identify and respond to suspicious patterns. While individual actions may seem innocent, combining them often reveals clear indicators of fraudulent activity. Additionally, sharing information across institutions strengthens industry-wide defenses against fraud.

To combat financial crime effectively, institutions must not only rely on traditional methods but also incorporate advanced techniques that adapt to evolving threats. Key strategies include:

  • Equip Customers with Necessary Tools: Empower customers with resources to validate transactions and protect themselves:

    • Merchant Credibility Checks: Enable customers to assess the legitimacy of merchants or websites before completing transactions.

    • Self-Protection Settings: Allow customers to set personal transaction limits or apply restrictions based on amount, time, or geography.

    • Customer Education: Educate customers on identifying fraud risks and effectively using protective tools. Incorporate gamification techniques to make learning engaging, fun, and rewarding.

  • FRAML (Fraud and Anti-Money Laundering): The convergence of fraud and anti-money laundering (AML) efforts is revolutionizing how financial institutions tackle financial crime. FRAML aligns fraud detection with AML operations, breaking down silos between security and compliance teams. This approach targets not only how illicit money is acquired but also how criminals attempt to obscure its origins within the financial system.

  • Behavioral Analysis and AI: Leverage artificial intelligence and behavioral analysis to detect anomalies in real time. Analyze customer behavior such as typing speed, location, device usage, and navigation patterns to flag suspicious activity.

  • Information Sharing Across Institutions: Collaboration between financial institutions is critical for building resilience against fraud attacks. Banks can share key information to identify fraud patterns and enhance detection, such as:

    • IP Addresses

    • Account Numbers (e.g. IBANs). Include lists of generic accounts often used for legitimate purposes but also frequently exploited in financial crime schemes. While these accounts pose a higher risk, they should not be fully blacklisted due to their dual use.

    • Merchant and Terminal Identifiers (POS)

    • Beneficiary Names: Supplement official sanction lists with crowd-sourced lists of suspicious names.

Information sharing can vary in complexity — from simple blacklists to detailed data exchanges containing flagged transaction metadata. Combining multiple suspicious indicators strengthens fraud detection and enhances risk assessments, enabling institutions to proactively address potential threats.

By fostering collaboration between customers, banks, and the broader financial industry, institutions can outpace fraudsters and mitigate emerging threats. Combined with proactive technology and a holistic strategy, these efforts create a robust, unified defense against financial crime, ensuring greater security and trust in the financial ecosystem.

Labels:

Comments

Post a Comment

Popular posts from this blog

Transforming the insurance sector to an Open API Ecosystem

1. Introduction "Open" has recently become a new buzzword in the financial services industry, i.e.   open data, open APIs, Open Banking, Open Insurance …​, but what does this new buzzword really mean? "Open" refers to the capability of companies to expose their services to the outside world, so that   external partners or even competitors   can use these services to bring added value to their customers. This trend is made possible by the technological evolution of   open APIs (Application Programming Interfaces), which are the   digital ports making this communication possible. Together companies, interconnected through open APIs, form a true   API ecosystem , offering best-of-breed customer experience, by combining the digital services offered by multiple companies. In the   technology sector   this evolution has been ongoing for multiple years (think about the travelling sector, allowing you to book any hotel online). An excelle...
56 comments
Read more

RPA - The miracle solution for incumbent banks to bridge the automation gap with neo-banks?

Hypes and marketing buzz words are strongly present in the IT landscape. Often these are existing concepts, which have evolved technologically and are then renamed to a new term, as if it were a brand new technology or concept. If you want to understand and assess these new trends, it is important to   reduce the concepts to their essence and compare them with existing technologies , e.g. Integration (middleware) software   ensures that 2 separate applications or components can be integrated in an easy way. Of course, there is a huge evolution in the protocols, volumes of exchanged data, scalability, performance…​, but in essence the problem remains the same. Nonetheless, there have been multiple terms for integration software such as ETL, ESB, EAI, SOA, Service Mesh…​ Data storage software   ensures that data is stored in such a way that data is not lost and that there is some kind guaranteed consistency, maximum availability and scalability, easy retrieval...
28 comments
Read more

IoT - Revolution or Evolution in the Financial Services Industry

1. The IoT hype We have all heard about the   "Internet of Things" (IoT)   as this revolutionary new technology, which will radically change our lives. But is it really such a revolution and will it really have an impact on the Financial Services Industry? To refresh our memory, the Internet of Things (IoT) refers to any   object , which is able to   collect data and communicate and share this information (like condition, geolocation…​)   over the internet . This communication will often occur between 2 objects (i.e. not involving any human), which is often referred to as Machine-to-Machine (M2M) communication. Well known examples are home thermostats, home security systems, fitness and health monitors, wearables…​ This all seems futuristic, but   smartphones, tablets and smartwatches   can also be considered as IoT devices. More importantly, beside these futuristic visions of IoT, the smartphone will most likely continue to be the cent...
18 comments
Read more

Are product silos in a bank inevitable?

Silo thinking   is often frowned upon in the industry. It is often a synonym for bureaucratic processes and politics and in almost every article describing the threats of new innovative Fintech players on the banking industry, the strong bank product silos are put forward as one of the main blockages why incumbent banks are not able to (quickly) react to the changing customer expectations. Customers want solutions to their problems   and do not want to be bothered about the internal organisation of their bank. Most banks are however organized by product domain (daily banking, investments and lending) and by customer segmentation (retail banking, private banking, SMEs and corporates). This division is reflected both at business and IT side and almost automatically leads to the creation of silos. It is however difficult to reorganize a bank without creating new silos or introducing other types of issues and inefficiencies. An organization is never ideal and needs to take a numbe...
6 comments
Read more

PSD3: The Next Phase in Europe’s Payment Services Regulation

With the successful rollout of PSD2, the European Union (EU) continues to advance innovation in the payments domain through the anticipated introduction of the   Payment Services Directive 3 (PSD3) . On June 28, 2023, the European Commission published a draft proposal for PSD3 and the   Payment Services Regulation (PSR) . The finalized versions of this directive and associated regulation are expected to be available by late 2024, although some predictions suggest a more likely timeline of Q2 or Q3 2025. Given that member states are typically granted an 18-month transition period, PSD3 is expected to come into effect sometime in 2026. Notably, the Commission has introduced a regulation (PSR) alongside the PSD3 directive, ensuring more harmonization across member states as regulations are immediately effective and do not require national implementation, unlike directives. PSD3 shares the same objectives as PSD2, i.e.   increasing competition in the payments landscape and en...
1 comment
Read more

Trade-offs Are Inevitable in Software Delivery - Remember the CAP Theorem

In the world of financial services, the integrity of data systems is fundamentally reliant on   non-functional requirements (NFRs)   such as reliability and security. Despite their importance, NFRs often receive secondary consideration during project scoping, typically being reduced to a generic checklist aimed more at compliance than at genuine functionality. Regrettably, these initial NFRs are seldom met after delivery, which does not usually prevent deployment to production due to the vague and unrealistic nature of the original specifications. This common scenario results in significant end-user frustration as the system does not perform as expected, often being less stable or slower than anticipated. This situation underscores the need for   better education on how to articulate and define NFRs , i.e. demanding only what is truly necessary and feasible within the given budget. Early and transparent discussions can lead to system architecture being tailored more close...
Post a Comment
Read more

Low- and No-code platforms - Will IT developers soon be out of a job?

“ The future of coding is no coding at all ” - Chris Wanstrath (CEO at GitHub). Mid May I posted a blog on RPA (Robotic Process Automation -   https://bankloch.blogspot.com/2020/05/rpa-miracle-solution-for-incumbent.html ) on how this technology, promises the world to companies. A very similar story is found with low- and no-code platforms, which also promise that business people, with limited to no knowledge of IT, can create complex business applications. These   platforms originate , just as RPA tools,   from the growing demand for IT developments , while IT cannot keep up with the available capacity. As a result, an enormous gap between IT teams and business demands is created, which is often filled by shadow-IT departments, which extend the IT workforce and create business tools in Excel, Access, WordPress…​ Unfortunately these tools built in shadow-IT departments arrive very soon at their limits, as they don’t support the required non-functional requirements (like h...
15 comments
Read more

An overview of 1-year blogging

Last week I published my   60th post   on my blog called   Bankloch   (a reference to "Banking" and my family name). The past year, I have published a blog on a weekly basis, providing my humble personal vision on the topics of Fintech, IT software delivery and mobility. This blogging has mainly been a   personal enrichment , as it forced me to dive deep into a number of different topics, not only in researching for content, but also in trying to identify trends, innovations and patterns into these topics. Furthermore it allowed me to have several very interesting conversations and discussions with passionate colleagues in the financial industry and to get more insights into the wonderful world of blogging and more general of digital marketing, exploring subjects and tools like: Search Engine Optimization (SEO) LinkedIn post optimization Google Search Console Google AdWorks Google Blogger Thinker360 Finextra …​ Clearly it is   not easy to get the necessary ...
9 comments
Read more

The UPI Phenomenon: From Zero to 10 Billion

If there is one Indian innovation that has grabbed   global headlines , it is undoubtedly the instant payment system   UPI (Unified Payments Interface) . In August 2023, monthly UPI transactions exceeded an astounding 10 billion, marking a remarkable milestone for India’s payments ecosystem. No wonder that UPI has not only revolutionized transactions in India but has also gained international recognition for its remarkable growth. Launched in 2016 by the   National Payments Corporation of India (NPCI)   in collaboration with 21 member banks, UPI quickly became popular among consumers and businesses. In just a few years, it achieved   remarkable milestones : By August 2023, UPI recorded an unprecedented   10.58 billion transactions , with an impressive 50% year-on-year growth. This volume represented approximately   190 billion euros . In July 2023, the UPI network connected   473 different banks . UPI is projected to achieve a staggering   1 ...
1 comment
Read more

AI in Financial Services - A buzzword that is here to stay!

In a few of my most recent blogs I tried to   demystify some of the buzzwords   (like blockchain, Low- and No-Code platforms, RPA…​), which are commonly used in the financial services industry. These buzzwords often entail interesting innovations, but contrary to their promise, they are not silver bullets solving any problem. Another such buzzword is   AI   (or also referred to as Machine Learning, Deep Learning, Enforced Learning…​ - the difference between those terms put aside). Again this term is also seriously hyped, creating unrealistic expectations, but contrary to many other buzzwords, this is something I truly believe will have a much larger impact on the financial services industry than many other buzzwords. This opinion is backed by a study of McKinsey and PWC indicating that 72% of company leaders consider that AI will be the most competitive advantage of the future and that this technology will be the most disruptive force in the decades to come. Deep Lea...
11 comments
Read more