Tuesday, March 31, 2009

Don't Regulate Credit Card Rates, Visa Chief Says



Government regulation would hurt consumers by limiting competition, Canadian chief warns
Mar 31, 2009 Dana Flavelle - Business reporter

The head of Visa Canada chose a Toronto business audience to test the sales pitch he plans to deliver to Ottawa: Don't regulate the debit and credit card industry.

But the message fell, at least partly, on deaf ears.

While acknowledging that growing complaints about the industry have led to a Competition Bureau investigation and Senate hearings calling for caps on fees and rates, Tim Wilson said more government involvement would stifle innovation and choice.

As an example, he cited Visa's plans to enter Canada's debit market in competition with the bank-owned Interac system.

Although Visa debit cards would cost more to process than Interac cards, Wilson said they would also offer increased security, lower payment risk and more opportunities to shop online and outside Canada.

"There are no regulations that prohibit us from entering the market right now," Wilson said in an interview after his speech to the Economic Club of Toronto. "The concern is there will be regulations in future that will prohibit us from entering the market or limit the way in which we enter the market. And we're suggesting that would limit competition and therefore innovation and the value we can deliver to consumers."

The system could be in place as early as this fall if Canada's banks and other card issuers agree to it, he said.

He described the higher cost to business of handling Visa debit cards as "moderate."

Continue Reading at thestar.com


Reblog this post [with Zemanta]

PCI Compliance FAQ


PCI Compliance: Frequently Asked Questions

by Practical eCommerce Staff

Payment card industry compliance is confusing for many ecommerce merchants. But it potentially affects every merchant that accepts credit card payments. Failure to understand the PCI compliance standards could result in higher merchant account fees and fines from the credit card issuers.

Merchants oftentimes have similar general questions on PCI compliance. We posed some of them to Tim Erlin, principal product manager for nCircle, a security consulting and compliance firm that offers PCI-related services, among other compliance services. Those questions, and his answers, are below.

What is PCI?

Erlin: "PCI generally refers to the Payment Card Industry Data Security Standard, or the PCI DSS. This standard was developed by the PCI Security Standards Council, which is a consortium of the major credit card brands (Visa, Mastercard, American Express, and Discover). It represents the combination of two previous separate programs: the Visa Cardholder Information Security Program (CISP) and MasterCard's Site Data Protection program (SDP). The goal of the PCI DSS is to specify a common standard for protecting cardholder data from compromise."
How does PCI compliance affect my ecommerce business?

Erlin: "If you accept credit cards as a form of payment, you are required to be compliant with the PCI DSS. In most cases, smaller merchants can achieve compliance by using compliant shopping carts and payment gateway services. If, however, you choose to collect and store credit card data as part of your business, you'll need to carefully consider the requirements of the PCI DSS."

"Larger volume merchants (more than 20,000 credit card transactions annually) will need to complete some specific validation requirements to demonstrate compliance with the PCI DSS. The requirements range from filling out a self-assessment questionnaire to an onsite audit from a qualified auditor. You can find out more details about merchant levels here."

Where can I learn more about PCI?

Continue Reading at Practical eCommerce





Lack of Credit Card Security When Booking Hotels Online

From Travel-Rants.com

Lack of credit card security when booking hotels online
- Travel-Rants.com

There are consumers that do not feel comfortable entering their credit card online when making a reservation at a hotel, and I can understand that. I am not one of those consumers though and I trust that when I enter my credit card details they are going to be sent to the hotel securely.

Lack of credit and debit card security when booking hotels online

Lack of card security

Well, that was until I received an email from a consumer who checked in at a small independent hotel in London that he had booked through a third-party hotel booking website. While he was filling in the usual form with address, passport number, he noticed they had handwritten on the reservation printout his credit card number, expiry date and more worryingly his CVC code.

To have this written down, in such an insecure manner is frightening.

Concerns over card safety

I have never thought about this until now, but when I enter my debit or credit details to reserve the hotel room does the third-party booking site store these details, and how secure are they? How long are the details kept for? Does the booking site have to adhere to any security standards?

As a consumer, I enter my credit or debit card details at booking time thinking that the electronic transaction is safe and that my card would not be billed anyway. I pay directly to the hotel with my card on an electronic terminal by entering my PIN code safely.

Open gateway to fraud

What concerns me more is that I always check that I am entering my details on a secure server (begins with https://) and I check to make sure that there is a padlock in the bottom of my browser but that means nothing if the hotel search website is going to send the details insecure.

If the hotel booking website transfers all the credit and debit card data to any hotel and any human staff at the hotel can write down the details and then go shopping online. It would be interesting to hear from hotels and hotel booking sites because this is worrying as a consumer.

I am interested to hear of any similar stories with hotel security on credit and debit cards.





Reblog this post [with Zemanta]

Fitch Downgrades First Data's IDR to "B"

Image representing First Data Corp as depicted...

Press Release: NEW YORK - (Business Wire) Fitch Ratings has downgraded the following ratings for First Data Corp. (FDC):

  • Long-term Issuer Default Rating (IDR) to 'B' from 'B+';
  • $2 billion senior secured revolving credit facility due 2013 to 'BB-/RR2' from 'BB/RR2';
  • $13 billion senior secured term loan B due 2014 to 'BB-/RR2' from 'BB/RR2';
  • $3.75 billion 9.875% senior unsecured notes due 2015 to 'CCC/RR6' from 'B-/RR6';
  • $3 billion 10.55% senior unsecured notes with four-year mandatory PIK interest due 2015 to 'CCC/RR6' from 'B-/RR6'; and
  • $2.5 billion 11.25% senior subordinated notes due 2016 to 'CC/RR6' from 'CCC+/RR6'.
The Rating Outlook has been revised to Stable from NegativeThe ratings downgrade reflects the following considerations:

  • The weak global economic environment is expected to lead to a decline in consumer spending in 2009 in the U.S. and many developed economies which is expected to negatively impact FDC's revenue and profitability to a degree not previously anticipated;
  • Consumer spending in the U.S. during the economic downturn has been and is expected to continue to be heavily weighted to large discount retailers relative to normal spending patterns which negatively impacts FDC's revenue and profitability as it receives lower payments per transactions from large retailers. Higher growth in PIN debit card usage relative to credit cards (which itself is partly a reflection of the shift in spending to large retailers) has a further, albeit modest, negative impact on revenue and profitability as FDC typically derives slightly lower net revenue per PIN debit transaction than credit;
  • As a result of the economic decline and mix shift issues cited above, Fitch expects FDC to report a decline in EBITDA on modest revenue growth in 2009;
  • Fitch expects FDC's leverage (total debt to operating EBITDA) to increase to 10.0 times (x) in 2009 from 9.2x at the end of 2008 as debt increases from PIK interest and the previously mentioned expected decline in EBITDA. Prior expectation for a net reduction in debt by 2010 is likely delayed until at least 2011.
  • The Stable Outlook reflects the following considerations:
  • The aforementioned trends are partially mitigated by a continued shift in mix of payment type to card-based payments which Fitch expects, as a secular growth trend, will continue to enable FDC to grow revenue faster than the broader economy;
  • Expectations for positively trending credit protection measures beyond 2009 from profitability improvement and eventual debt reduction;
  • FDC remains the largest provider of merchant processing services worldwide with healthy total segment EBITDA margins near 25% and expectations for a return to positive free cash flow (FCF), in excess of PIK interest, in 2011;
  • FDC has achieved roughly $300 million of annualized savings as of December 2008, more than originally anticipated. The company expects to recognize an additional $125 million of future annual cost savings in 2009 and beyond, further enabling profitability improvement.
A trend towards the resumption of normalized growth and EBITDA margins is important for FDC in 2010 and 2011 as Fitch believes the company needs to generate sufficient incremental cash flow to manage future higher cash interest expense. Specifically, the company's $3.0 billion of 10.55% PIK notes convert to cash pay after September 2011 and the company's $12.7 billion senior secured term loan will need to be refinanced (or paid down through equity issuance) in September 2014. Fitch believes the growth necessary to meet these future cash needs is reasonably achievable at the current time but susceptible to a prolonged economic downturn beyond 2009.

Positive rating actions could occur as FDC begins to de-leverage its balance sheet and generate positive FCF sufficient to effect a net reduction in debt. Current PIK interest of over $300 million per year enables the company to report positive FCF but has driven increasing debt balances since the 2007 LBO.

Negative rating actions could occur if the economic downturn is longer than expected or mix shift issues continue to negatively impact FDC to a degree that Fitch believes would reasonably be expected to prevent the company from generating enough cash to meet current or future expected levels of cash interest expense.

Liquidity as of Dec. 31, 2008 was adequate with $406 million in cash plus $1.7 billion available under a $1.8 billion secured revolving credit facility which expires September 2013. FDC's cash balance at the end of the year was negatively impacted by a delay in receiving payment on an approximate $246 million receivable which was subsequently received on Jan. 2, 2009.

Total debt as of Dec. 31, 2008 was approximately $22.6 billion and consisted primarily of the following: i) $18 million outstanding under a $1.8 billion secured revolving credit facility expiring September 2013; ii) $12.7 billion outstanding under a secured term loan B maturing September 2014; iii) $3.75 billion in 9.875% senior unsecured notes maturing September 2015; iv) $3 billion in 10.55% notes maturing September 2015 with mandatory PIK interest through September 2011 and cash interest thereafter; and v) $2.5 billion of 11.25% senior subordinated notes maturing September 2016. In addition, a subsidiary of New Omaha Holdings L.P. (the parent company of FDC) has outstanding $1 billion original value senior unsecured PIK notes due 2016. These notes are not obligations of FDC, and FDC provides no credit support of these notes which, as a result, are not included in either the calculation of total indebtedness for FDC or leverage ratios.

Rating strengths include:

  • Stable business model, largely driven by growth in the volume of electronic payments which as an increasing mix of overall consumer payment methods, represents a mitigating factor against the risk of a general economic decline;
  • Significant portion of FDC's Financial Services revenue stream is under long-term contract, is recurring in nature and carries high contract renewal rates;
  • Strong revenue diversification in terms of products and customers with the largest customer representing less than 3.5% of total revenue in 2007. In 2008, only the Financial Services segment had a customer in excess of 10% of segment revenue (12% specifically which includes reimbursable revenue). FDC also benefits from increasing geographic diversification resulting from its higher growth international business;
  • Significant growth opportunities in international markets which are heavily fragmented competitively and generally nascent opportunities in terms of the penetration of electronic payments;
  • FDC has leading market share in its primary businesses with an inherent advantage in its significant scale and scope of operations relative to its nearest competitors.
Rating concerns include:

  • Limited financial flexibility to manage adverse changes to its operating model given leverage (total debt/operating EBITDA) of 9.2x and cash interest coverage of 1.4x as of December 2008;
  • The dissolution of Chase Paymentech creates a significant competitor in JP Morgan Chase which did not previously exist in the merchant acquisition space and could lead to market share loss and/or pressure on profitability;
  • On-going consolidation among financial institutions could lead to customer losses or pressure on profitability in the card processing business from banks' increased leverage in price negotiation;
  • Continued execution risk from data center and processing platform consolidation initiatives which if improperly managed could significantly impair profitability;
  • FDC continues to evaluate selective acquisitions, a portion of which could be debt financed.

Fitch does not expect the recently completed dissolution of FDC's Chase Paymentech joint venture to have a material impact on the company's EBITDA and cash flow in the intermediate term. However, a material decline in the business assumed by FDC following the dissolution of the joint venture could negatively impact ratings in the future. In 2007, Fitch estimates that Chase Paymentech's standalone EBITDA was approximately $650 million. FDC held a 49% equity interest in the joint venture.

The Recovery Ratings (RRs) for FDC reflect Fitch's recovery expectations under a distressed scenario, as well as Fitch's expectation that the enterprise value of FDC, and hence recovery rates for its creditors, will be maximized in a restructuring scenario (as a going concern) rather than a liquidation scenario. In deriving a distressed enterprise value, Fitch applies a 15% discount to FDC's estimated operating EBITDA (adjusted for equity earnings in affiliates) of approximately $2.5 billion for the latest 12 months (LTM) ended Dec. 31, 2008 which is equivalent to Fitch's estimate of FDC's total interest expense and maintenance capital spending. Fitch then applies a 6x distressed EBITDA multiple, which considers FDC's prior public trading multiple and that a stress event would likely lead to multiple contraction. As is standard with Fitch's recovery analysis, the revolver is fully drawn and cash balances fully depleted to reflect a stress event. The 'RR2' for FDC's secured bank facility reflects Fitch's belief that 71%-90% recovery is realistic. The 'RR6' for FDC's senior and subordinated notes reflect Fitch's belief that 0%-10% recovery is realistic. The 'CC/RR6' rating for the subordinated notes reflects the minimal recovery prospects and inherent subordination in a recovery scenario.

Fitch's rating definitions and the terms of use of such ratings are available on the agency's public site, www.fitchratings.com. Published ratings, criteria and methodologies are available from this site, at all times. Fitch's code of conduct, confidentiality, conflicts of interest, affiliate firewall, compliance and other relevant policies and procedures are also available from the 'Code of Conduct' section of this site.

Fitch Ratings, New York
Jason Paraschac, +1-212-908-0746
Nick P. Nilarp, CFA, +1-212-908-0649
Melissa Link, CFA, +1-212-908-0611
Media Relations:
Cindy Stoller, +1-212-908-0526
cindy.stoller@fitchratings.com




Reblog this post [with Zemanta]

Visa "Says it Applauds" Measures to Combat Identity Theft...


Visa applauds Government of Canada measures to combat identity theft


Federal government action an important step in fight against fraud

TORONTO, March 31 /CNW/ - Visa Canada today announced its support for the government's new legislation, which will provide greater protection for all Canadians as it makes identity theft a defined offense under the Canadian Criminal Code.

"As a leader in secure payment technology, Visa takes security and the protection of personal information seriously.  (Editor's Let's B. Frank Note:  And that's why they push the less secure signature debit over the more secure PIN Debit...because they take the protection of personal information seriously?  And to think that all this time I thought the profit they make from signature debits inherently higher fees was what they took seriously.  I'm glad they clarified!   But...wait...what's that headline in the related article below?  Speed and Convenience?  Now I'm confused.  Which is it?  Speed and Convenience...or Security?


We are pleased the government has introduced this important piece of legislation. It sends a clear signal globally that Canada takes identity theft seriously and is taking steps to deter criminal activity," said Tim Wilson, Head of Visa Canada.

Visa works closely with government and law enforcement to protect Canadian cardholders and business from financial fraud and identity theft. For Visa, fraud prevention efforts focus on the use and development of innovative technologies and programs that protect cardholders from unauthorized card use.

In Canada, Visa's layers of security include the Visa Zero Liability policy, which protects cardholders from fraudulent use of their Visa card; the Verified by Visa program, which provides added protection to consumers when they shop online; and the neural networks that monitor Visa card transactions 24/7 and identifies unusual purchase patterns. Visa Canada issuing financial institutions have also recently introduced chip and PIN Visa cards that provide additional protection against counterfeit and lost and stolen credit and debit card fraud.

About Visa

Visa Inc. operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world, and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 170 countries. For more information, visit www.corporate.visa.com.


Reblog this post [with Zemanta]

Interac "Greatly Concerned" About PIN Debit Breach!


Attention News Editors:

Interac Association Supports Proposed Legislation to Help Combat Identity Theft


OTTAWA, March 31 /CNW/ - Interac Association joined federal Justice Minister Rob Nicholson today as he announced legislation to help combat identity theft and applauds the federal government's action. Identity theft, the theft of personal information, can lead to a variety of crimes that significantly impact consumers, business and government, including payment card fraud.

"The government is taking decisive action today to help stop the identity theft domino effect," said Caroline Hubberstey, Director of Public and Government Affairs, Interac Association. Interac Association has long advocated for amendments to the Criminal Code to address legislative gaps relating to identity theft.


Interac Association and its industry partners are greatly concerned about debit card fraud, which results from the theft of a cardholder's magnetic stripe data and their personal identification number (or PIN), and work hard every day to tackle the problem.

Editor's Note:  Doest that sound like a familiar tune?

"While Canadians enjoy the benefits of one of the safest and most efficient payment systems in the world in INTERAC, debit card fraud can occur and that's why we're involved in a multi-layered approach to fight it," commented Ms. Hubberstey.

Interac Association has a number of initiatives in place to protect Canadians, including the transition to chip card technology - a new generation of payment cards that will significantly reduce debit card skimming and the production of counterfeit cards.

"While best efforts are being made to fight identity theft and its related crimes, such as payment card fraud, we are pleased to see assistance at a legislative level as well, and are confident that this proposed legislation will provide a sound framework for the protection of Canadians against identity theft," added Ms. Hubberstey.

About Interac Association
-------------------------
A recognized world leader in debit card services, Interac Association is responsible for the development and operations of the INTERAC network, a national payment network that allows Canadians to access their money through
Automated Banking Machines and point-of-sale terminals across Canada.  Interac Association was founded in 1984 and is comprised of a diverse  membership that includes banks, trust companies, credit unions, caisses populaires, merchants, and technology and payment related companies. Other INTERAC-branded and related services include: INTERAC Online, for secure online payments directly from a bank account, INTERAC Email Money Transfer, for the transfer of money from a bank account to anyone with an email address, and Cross Border Debit, for point-of-sale access at more than 1.5 million U.S. retailers.

For further information: Tina Romano, Interac Association, Phone: (416) 869-5062, email: tromano@interac.ca






Reblog this post [with Zemanta]

Does PCI DSS Reduce Cybercrime? Committee on Homeland Security

“Do the Payment Card Industry Data Standards Reduce Cybercrime?”

Tuesday, March 31, 2009
2:00 p.m. in 311 Cannon House Office Building

Subcommittee on Emerging Threats, Cybersecurity and Science and Technology

Hearing
“Do the Payment Card Industry Data Standards Reduce Cybercrime?”

PANEL I

Ms. Rita Glavin
Acting Assistant Attorney General
Criminal Division
Department of Justice

PANEL II

Mr. Robert Russo
Director
Payment Card Industry Data Security Standards Council

Mr. Joseph Majka
Head of Fraud Control and Investigations, Global Enterprise Risk
Visa Inc.

Mr. Michael Jones
Chief Information Officer
Michaels Stores Inc.

Mr. Dave Hogan
Senior Vice President and Chief Information Officer
National Retail Federation





Click icon for a live/recorded video feed of the hearing
Reblog this post [with Zemanta]

Cards and Payments Europe Conference 2009

Cards and Payments Europe 2009

18 – 19 June 2009
Conference, Expo & Awards


How to maintain profitability and achieve excellence in emerging markets

Join us this year at Europe's leading Cards and Payments Conference and Expo in Prague, 18-19 June 2008.

Event Summary

Cards & Payments Europe 2009 will focus on emerging markets within Central and Eastern Europe.

Central & Eastern Europe is experiencing rapid movement from emerging market to prime market in the payment system landscape. The restructuration of these payments services to meet EU regulatory demands and the Single European Payment Area (SEPA) standards is a big challenge for all players involved and just the beginning of the payment globalization with all the opportunities that it entails.

Now more than ever, it is crucial for existing market players to learn new skills and strategies to stave off increased competition, maintain profitability in the new European cards and payments realm and achieve excellence in emerging markets. View our reference guide for further information on last year’s successful cards events.

Just some of the topics to be addressed this year include:

Focusing on Emerging Markets: Cross-border Business Models

* Fund loyalty, retailer funded loyalty programmes
* What are the plans for commercial cards?

Emerging markets: what can you learn from other countries?

* PSD - (Payment Services Directive) and SEPA
* Case studies from western and Central Europe: mobile payments and electronic payments, how their experience would work in emerging markets

Eastern European cards market: top 5 issues

* Consumer education and incentivisation
* Navigating differing regulatory regimes across Eastern Europe

Technology and cross borders challenges

* The infrastructure challenge: Contactless Payments Readers
* M-payments: beyond O2’s trial – How successful have recent trials been?
* How new payments technologies can work in emerging markets and which technologies will deliver the expected results?
* The value of partnerships in international expansion

Agenda

'For further information please contact VRL Knowledge Bank


Reblog this post [with Zemanta]

On PCI DSS Compliance


Data security best practices for PCI DSS compliance

David Mortman, Contributor 03.31.2009

PCI is not perfect, but the point isn't perfection.


Every time a company that is compliant with the Payment Card Industry Data Security Standard (PCI DSS) is breached, the masses form with their torches and pitchforks and declare that PCI doesn't work. This was the case with two recent high-profile data breaches: the March 2008 Hannaford Bros. Co. data breach and January's Heartland Payment Systems Inc. breach.

The problem isn't that PCI doesn't work. The problem is the perception that if a company is PCI compliant, it is secure and will never suffer a data breach. The reality is that PCI, like any other regulation -- be it HIPAA, GLBA, etc. -- merely sets a baseline for what needs to happen in order to handle certain kinds of data securely and to avoid fines, loss of services or license to operate. In the case of PCI, it means that when (yes when, not if) a merchant or other company involved in the payment-processing life cycle faces a security problem, it won't be fined by Visa, Mastercard or one of the other members of the PCI Security Standards Council.

PCI is not perfect, but the point isn't perfection. Rather, the idea is to raise the bar to a reasonable level. PCI DSS version 1.2 has corrected several issues from earlier iterations, and the standard will surely continue to evolve as the PCI SSC identifies portions that don't work well or issues that were missed in the past. Case in point: in both the Hannaford and Heartland breaches, the miscreants were using Trojans to pass personally identifiable information (PII) to external servers over the Internet. It would be surprising if the next version of the PCI standard did not mandate some sort of monitoring of outbound data flows for PII.

Continue Reading at SearchSecurity





Reblog this post [with Zemanta]

V/MC to Raise Processing Fees - CSN

Visa, MasterCard Plan Processing Fee Hikes


WASHINGTON -- New transaction fee rate increases announced by credit card companies Visa and MasterCard are slightly under 2 cents per affected transaction, yet are expected to raise more than $600 million in revenues, according to a report by DigitalTransactions.com

MasterCard will increase its "Network Access and Brand Usage Fee" April 17, from 0.5 cents per transaction to 1.85 cents—a 270 percent increase—while Visa will increase its "Acquiring Processing Fee" from 0.5 cents to 1.95 cents—a 290 percent increase, with additional fees possible, according to NACS—the Association for Convenience and Petroleum Retailing, which opposed the proposed hikes.

"This begs the question: How can two ‘competitors’ announce price increase of nearly 300 percent at the same time in a recession?" NACS Senior Vice President of Government Relations Lyle Beckwith said in a statement. "From what we’ve seen with credit card interchange fees, the answer is obviously that two competitors with excessive and abusive market power can do what they want."

Merchant-acquiring experts expect merchants to bear the cost of these fees because acquirers will simply pass them through to clients. "The ones we’ve talked to aren’t too excited about it," an acquiring executive, who asked for anonymity, told the Web site. "It’s one of the bigger fee hikes."

In a statement Visa told DigitalTransactions.com: "Visa Inc. regularly reviews its pricing, as any business would, and makes adjustments where appropriate depending on such factors as the value delivered to clients and the need to be competitive. Over the years, Visa has become a symbol of international acceptance, reliability and convenience, based on its commitment to provide superior value to clients. These clients, in turn, are able to offer competitive products and services to their customers. Financial institutions set their pricing to cardholders and merchants."

In 2007, credit card fees cost convenience stores $7.6 billion, with the largest component being credit card interchange fees, which are a fixed fee and a percentage of each transaction, according to NACS. These fees average 1.8 percent in the U.S., which has the highest interchange rate of any industrialized country.

"The credit card fees that U.S. retailers pay are outrageous," Beckwith said. "These newly announced fee increases are beyond outrageous. At a time when small businesses are feeling the economic pain of the recession, it is unconscionable that Visa and MasterCard can give themselves their own ‘bailout’ by slapping 300 percent increases on their fees."







Reblog this post [with Zemanta]

Fraud Fingers CNP Transactions


Surprise, surprise - card fraud continues to grow
Tuesday March 31st 2009


It is always interesting to check out the latest annual fraud figures from APACS as they continue to show how ineffective and poor value for money chip and PIN has been.

By Glynn Davis

While it has helped reduce fraudulent activity in-store this has been
at the cost of rocketing criminal activity within the area of card not present (CNP), which involves all transactions undertaken over the internet and phone.

Criminals continue to find this a much more lucrative domain in which to rip-off consumers and retailers compared with in-store where chip and PIN has made their job much more difficult.
CNP fraud increased 13 per cent over the past year, to now account for 54 per cent of all card fraud losses.

APACS suggests this highlights the need for greater take-up of online fraud prevention systems such as MasterCard SecureCode and Verified by Visa. This may well be true but there appears to be little effort being put into promoting this by the card schemes or the banks.

The most worrying aspect of the APACS fraud figures is the significant growth in card ID theft, whereby a genuine card and genuine PIN are stolen. Fraud committed through such means has increased 39 per cent over the past 12 months.

Because this enables theft to take place in-store it suggests that the overall effectiveness of chip and PIN is even more limited than the early critics of the technology had initially predicted. The criminals continue to remain numerous steps ahead of the banks and we are all paying the price for this.

Editor's Note:  Just wait until hackers get their fraudy little fingers on a web based PIN Debit offering.  That'll be fraudy finger licking good. 

glynnd@theretailbulletin.com


Reblog this post [with Zemanta]

From a Fellow Blogger...


4 ways on how to hack myspace account / profile password |TECHOTIPS


by Rajesh Chaukwale

In my previous articles, i mentioned about software to hack msn. I was asked by many of readers about methods to hack myspace account passwords. So, i have written this myspace hacking article which informs about methods used to hack myspace profile / account password. Hacking myspace account is illegal. So, this article on how to hack myspace account password is meant for educational purpose only.

Hack myspace account/profile password

I will cover 4 methods over here:

1. Myspace Phishing.
2. Keylogging
3. Social engineering
4. Hacker virus at myspace.

So, lets start…

1. Myspace Phishing:

I have taken this method first because i think this is the most popular method/way of hacking myspace. I studied various myspace surveys taken on web about hacking myspace. The results of these surveys show "Phishing" as the most used method to hack myspace and to note…"Phishing is favorite method of myspace hackers". So, friends.. beware of myspace Phishing. Myspace staff is working hard to avoid these myspace phishers. Phishing not only allows you to hack myspace but also almost any email account. You have to only get the trick used to make a phisher, which i think is very easy. I learnt it without any difficulty. But, remember, this is only for educational purpose. I will not extend this topic over here as i have added more on Phishing in my articles Hack Myspace using Myspace phisher .

2.Keylogging:

This is my second favorite, as only thing you have to do is remotely install a keylogger (if you don't have any physical access to victim computer). Keylogging becomes more easy if you have physical access to victim computer as only thing you have to do is install a keylogger and direct it to your destination so that it will send all recorded keystrokes to pointed destination. What a keylogger does is it records the keystrokes into a log file and then you can use this log to get required myspace password and thus can hack myspace account. You can use Ardamax keylogger to hack myspace account password. I will write over this in my future articles.


3. Social engineering:

This sounds to be pretty not working at beginning. Even i was neglecting this way. But, once, i thought of using it against my friend on orkut and i got his gmail password very easily by this method. I think many of you might be knowing how what this social engg is. For newbies, social engg is method of retrieving password or answer of security question simply be quering with the victim. You have to be very careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.

4. Hacker virus:

I was not knowing about this method used by hackers at myspace untill i had read this article. I wasn't knowing that viruses are being circulated over myspace and was considering myspace as safe. But to my surprise, i was wrong. So, friends, be cautious while surfing myspace.

So far, i found these myspace hacking methods as best and working ways to hack myspace account passwords. I never encourage hacking myspace or any email account…just wanna make you cognizant about myspace dangers online. I will appreciate your effort if you mention any other myspace hacking method you found great to hack myspace account password….

Enjoy Hacking…..






Reblog this post [with Zemanta]

Monday, March 30, 2009

This is So Scary "It's Frustrating"...Too!

From PC World

The high-profile disclosure over the weekend of the GhostNet cyberespionage ring that targeted 1295 computers in more than 100 countries underscores howhighly targeted and sophisticated attacks, often run by criminals, arechanging the security landscape, according to a security researcher atSymantec.

"How much is the (security) landscape changing? It's changingdrastically," said Joe Pasqua, vice president of research at SymantecResearch Labs.

GhostNet, documented in a reportreleased on Sunday by the SecDev Group's Information Warfare Monitorand the Munk Center for International Studies at the University ofToronto, used malware and social engineering to give attackers fullaccess to compromised computers.  It also let attackers control thevideo cameras and microphones of these computers, letting them remotelymonitor activity in the room where the computer was located. 

Editor's Musings:  Geez,  given that they would have "full acccess" I wonder if they would also be able to see PIN's clicked by a mouse with a software-based PIN Debit application.  Nah...according to Acculynk's CEO it's designed "to frustrate hackers.
Here's an excerpt from a previous PIN Payments Blog Post...but first, a sarcastic animated gif!

"Acculynk’s CEO Ashish Bahl counters that each click is encrypted in ways intended to frustrate hackersEditor's Note: That's an interesting one. No details I can understand, but when hackers get frustrated they get motivated. Frustrating hackers, in my mind is not the level of security I want associated with PIN Debit for the Web)...

At the same time, he adds, the resources necessary to predict when to start and stop screen scraping with each click would be cost-prohibitive even for determined fraudsters. Editor's Note: Cost prohibitive is relative to the potential return. Personal Identification Numbers are the "holy grail" for hackers. You have the PIN's and you the capability to empty bank accounts. So, in my humble opinion, there's no such thing as a "cost prohibitive" barrier when it comes to PIN's. Especially, if they're "determined." The "Holy Grail" is NOT a cost-prohibitive entity. It's something hackers would want to get their hands on "at all costs."

Read the entire blog post: Acculynk Most Closely Mimics Grocery Store Experience?

The article continues: 

"It's another example of the sophistication of the types of attacks that are being put together," Pasqua said.
The highly targeted nature of GhostNet and similar attacks makes it difficult for antivirus vendors to respond quickly.
"Inthe old days, you had a threat that targeted hundreds of thousands ofpeople. It was extremely likely that Symantec was going to have a copyof it very early on and the vast majority of those hundreds ofthousands of people were going to be protected," Pasqua said. "Now youhave these targeted attacks that may only target a handful of people."


"Bythe time we get a sample, it can be too late. They've already gone andmorphed into another variant," he said. "There's no end in sight."

While there has been a lot of speculation that GhostNet was developed and controlled by the Chinese government, criminal groups are just as likely to be responsible for these types of attacks.

Continue Reading at PC World



Reblog this post [with Zemanta]

GhostNet is Scary



Vast Computer Spy Network Found: Report
By Reuters 2009-03-30

Embassies, foreign ministries, government offices and the Dalai Lama's Tibetan exile centers in India, Brussels, London and New York were among those infiltrated, said the researchers, who have detected computer espionage in the past.

WASHINGTON (Reuters) - Canadian researchers have uncovered a vast electronic spying operation that infiltrated computers and stole documents from government and private offices around the world, including those of the Dalai Lama, The New York Times reported on Saturday.

In a report provided to the newspaper, a team from the Munk Center for International Studies in Toronto said at least 1,295 computers in 103 countries had been breached in less than two years by the spy system, which it dubbed GhostNet.

Continue Reading at eWeek






Reblog this post [with Zemanta]

Congress Asked to Lower Credit Card Fees

Retailers ask Congress to lower credit-card fees - NJBIZ.com
A coalition of retailers today launched a campaign to lobby Congress to require credit card companies to negotiate with retailers in an effort to lower the “interchange” fee, averaging 2 percent, that retailers pay on each credit card transaction.

The Merchants Payments Coalition launched the campaign this morning during a telephone press conference with representatives of the National Retail Federation, the Food Marketing Institute, the National Grocers Association and the National Association of Convenience Stores.

Mallory Duncan, general counsel of NRF, said the coalition seeks federal legislation to require the nation’s banking industry, which issues credit cards through Visa, MasterCard and other entities, to negotiate with a collation of retailers over credit card fees and rules. For example, retailers might seek an agreement to offer price discounts to customers using credit cards that are less expensive to the retailer, he said.

“Retailing is the most competitive industry in the U.S., with an after-tax profit margin of about 2 percent; in the grocery segment it is even less — about 1 percent,” Duncan said. He said a 2 percent credit card fee wipes out the retailer’s profit and leads to higher prices that are charged to both cash and credit customers.

A spokesman for Visa was not available to comment, but the company’s Web site states that retailers are allowed to offer discounts to cash-paying customers, and states, “Visa believes that any inappropriate intervention into interchange, if successful, would result in fewer payment choices and a reduction in benefits for both consumers and merchants, and possibly even higher checkout costs.”

“We don’t think we can fix the economic crisis without addressing the incentives behind irresponsible credit-card lending by reforming the interchange fee system and addressing this unfair burden on American small businesses and consumers,” said Hank Armour, chief executive of the National Association of Convenience Stores, on this morning’s call.

Interchange fees have increased 300 percent in the past seven years, said Jennifer Hatcher, group vice president of government relations at the Food Marketing Institute.

The coalition said $48 billion interchange fees were paid last year.

Scott Hardman, chief executive of Rutter’s Farm Stores in central Pennsylvania, said, “Credit card interchange fees were $4.6 million for my stores alone. In this economy, this directly affects my business and also my customers.”




, , , ,

70% of The Writing is On the Wall

Payments Fraud Knows No Bounds

Bank Technology News  |  April 2009
by John Adams

It doesn’t matter whether the news is good or bad—fraudsters see the glass as completely full.

Accordingto the 2009 Association of Financial Professionals Payments and FraudControl Survey, the growth of electronic payments and the deterioratingfinancial conditions caused by the recession have both expandedopportunities for fraud.

The J.P. Morgan-sponsored survey of 629corporate treasury and finance professionals including assistanttreasurers, controllers, cash managers, analysts, and directors foundthat more than 70 percent of organizations experienced attempted oractual payments fraud in 2008.



Continue Reading at BTN


 


Reblog this post [with Zemanta]

MasterCard Introduces PayPass Mobile Stickers

Finextra: MasterCard introduces PayPass mobile stickers

MasterCard introduces PayPass mobile stickers
Blaze Mobile has teamed with MasterCard to offer a PayPass sticker that can be attached to any mobile device and used for contactless payment transactions at 141,000 PayPass-enabled merchant locations.

The sticker transmits card information to the merchant's point-of-sale terminal via RFID technology, allowing consumers to "tap" their mobile device on a PayPass reader to complete their transaction.

The mobile payment sticker is tied to a prepaid account and is issued by MetaBank.

Continue Reading at Finextra





Reblog this post [with Zemanta]

MasterCard Announces Q1 Financials Conference Call

MasterCard Incorporated to Host Conference Call on First-Quarter 2009 Financial Results

Purchase, NY, March 30, 2009 - On Friday, May 1, 2009, MasterCard Incorporated (NYSE:MA) will releaseits first-quarter 2009 financial results. The company will host aconference call to discuss these results at 9:00 a.m. Eastern DaylightTime.

The dial-in information for this call is 866... 771-8198 (within the US) and 617-597-5327(outside the US) and the passcode is 20007083. A replay of the callwill be available for one week following the meeting. The replay can beaccessed by dialing 888-286-8010 (within the US) and 617-801-6888 (outside the US) and using passcode 64388164.

This call can also be accessed through the Investor Relations section of the company’s website at www.mastercard.com.

About MasterCard Worldwide
MasterCard Worldwide advances global commerce by providing a criticaleconomic link among financial institutions, businesses, cardholders andmerchants worldwide. As a franchisor, processor and advisor, MasterCarddevelops and markets payment solutions, processes approximately 21billion transactions each year, and provides industry-leading analysisand consulting services to financial-institution customers andmerchants. Powered by the MasterCard Worldwide Network and through itsfamily of brands, including MasterCard®, Maestro® and Cirrus®, MasterCard serves consumers and businesses in more than 210 countries and territories. For more information go to www.mastercard.com.
Reblog this post [with Zemanta]

Disqus for ePayment News