Monday, March 16, 2009

Visa Yanks Heartland/RBS Compliance Status - BTN

Visa Yanks Heartland, RBS WorldPay Compliance Status

Bank Technology News | March 2009

By Rebecca Sausner

Visa pulled Heartland Payment Systems and RBS WorldPay from its list of PCI compliant service providers, placing the two on probation until they close the holes that led to the massive data breaches reported in January and December. Both continue to serve as processors in the Visa system.

“Heartland and RBS WorldPay are actively working on revalidation of PCI DSS compliance using a Qualified Security Assessor. Visa will consider re-listing both organizations following their submissions of their PCI DSS reports on compliance,” Visa said in a written statement.

Continue Reading at Bank Technology News

Reblog this post [with Zemanta]

HomeATM Prevents Cloned Bank Site Threat!

Major Cybercrime Busts Take Place In Romania

Major bank fraud ring broken up

By Tim Wilson - DarkReading

The Romanian police had a busy Wednesday, breaking up a major bank fraud ring and arresting another individual who is accused of breaking into major U.S. government and university servers.

According to news reports, the Romanian police, working along with the FBI, arrested 20 individuals who allegedly built cloned bank sites and then drained the accounts of users who were lured into logging in to them.

Editor's Note:  Did you know that the HomeATM SwipePIN device can be utilized as a log-in authentication device for online banking? Now you do.  More confirmation that we kick booty!  Here's why:

Instead of a bank providing the inherently weak (and what should have been obsolete years ago) username/password function, online banking customers could simply swipe their card and enter their PIN. end-to-end encrypted login which would have prevented what transpired in this story.  Not only would HomeATM be able to identify that it was a cloned site, but the cloned site wouldn't be able to do ANYTHING with the E2EE 3DES DUKPT sign in data anyway.   

Suffice it to say that a cloned website wouldn't work with because we've cloned the secure process that banks use at the lobby of the bank's ATM machine.  Except we encrypt the Track 2 data as well.  So now the consumer is SwipePIN...instead of the fraudsters!   Sorry Click Jackers!

The information provided by our SwipePIN device is for non-cloned banks eye's only! Hey Bankers...the phone lines are open!  

Continuing with the story:

The cloned sites, which were deployed in Italy and Spain, looked and operated like the actual bank Websites, but they asked users questions that ultimately led to the divulging of personal bank details, according to Stefan Negrila, chief of the Romanian Police's organized crime division. Once obtained, the hackers allegedly used that information to access the real bank Websites and transfer or withdraw cash. 

Nearly 100 police officers from special troops entered suspects' houses in major cities across Romania, the reports said. Investigators said the ring stole at least 350,000 euros.

Continue DarkReading

Reblog this post [with Zemanta]

PIN Debit (20%) Closing Gap on Credit Cards (22%)

On Payments
World of Choice
Consumer Payment Preferences

By Chris Allen, Melissa Fox, Dan Hough (BAI), and Mark Riddle (BAI)

The inevitable and ongoing march from paper to electronic retail payments has become a full-on run, according to a recent consumer payment study conducted by BAI and Hitachi Consulting. Consumers are using debit cards more aggressively, particularly PIN debit, instead of cash or checks, even for small-value purchases in stores, while increasingly using electronic bill pay for recurring payments. This rise in the use of plastic and automated payment vehicles is putting greater pressure on banks to find new ways to reward and retain customers for their electronic payments. Bankers also need to find an appropriate balance managing cash and checks, as those become a smaller part of the payments mix.
Featured as the cover story of the January/February issue of Banking Strategies Magazine, this article discusses the decisive shift in consumer payment preferences from paper and cash to electronics and the implications of those changes for banks and the broader payments industry. To read the full article, click here.

Technorati Tags:

Reblog this post [with Zemanta]

Caveat Emptor: Swipe Do Not Type!

Editor's Note:  This article is rather vague but it supports my argument that e-commerce is NOT SAFE in a web browser.  Which is why HomeATM uses hardware to facilitate the transaction. 

How to tell, what to do if computer is infected (AP)  -Yahoo Tech

Computer-virus infections don't cause your machine to crash anymore.  Nowadays, the criminals behind the infections usually want your computer operating in top form so you don't know something's wrong.

That way, they can log your keystrokes and steal any passwords or credit-card numbers you enter at Web sites. 

Editor's Note:  If you Swipe vs. Type then they cannot "log your keystrokes."  

Here are some signs your computer is infected, tapped to serve as part of "botnet" armies run by criminals:

• You experience new, prolonged slowdowns. This can be a sign that a malicious program is running in the background.
• You continually get pop-up ads that you can't make go away. This is a sure sign you have "adware," and possibly more, on your machine.
• You're being directed to sites you didn't intend to visit, or your search results are coming back funky. This is another sign that hackers have gotten to your machine.

So what do you do?  Editor's Note:  The article really provide any sound advice as to what you need to does, however, make suggestions for "possibly" reducing risk. That said, here's what you "don't do:"  Never, ever type your card information into a web browser.  

Which is why it's surprising/befuddling to read about "cautious acceptance" to a supposed PIN Debit solution which "instructs you" to type in your PAN (as usual using your keyboard)  Once you do that, the supposed solution will be "enabled" to decipher whether it's a card that can be used with a PIN. The question begs to be asked.  Who else might be enabled to do the same? If they can do it, so can somebody else. (maybe not right away, but sooner rather than later) 

Caveat Emptor.  By "instructing you" to type in your card information, you're being led down the wrong path from the get go

Here's why.  If you're not leery when suddenly, a "pop-up" PIN Pad appears out of nowhere...then you should be when you're informed that your computer's keyboard has just been remotely "taken over" and locked. 

Why do they do this?  Because it's NOT SAFE to type in a PIN with a keyboard...even though...moments ago, they implied it was safe, to "type in" the card number. 

Am I alone in making the determination that this makes absolutely no sense whatsoever?  What changed?  Is this not an ADMISSION that it's not safe to type in card information using a keyboard?   So now another question begs to be asked.  If their supposed solution is safe, then why would they instruct you to "type" in your PAN, as usual? 

Let's utilize some common sense and assume that since we know that keylogging and clickjacking exist, is  there not the very real likelihood that those two exisiting threats can be combined to create a new one?  Call it: "clicklogging."  Until then, hackers can always resort to screen scraping.

Now let's Add It Up.  Hardware is a NECESSITY.  Just as your cell-phone (which is hardware) requires a peripheral to charge it, whether it's the charger you plug into the wall or the charger you plug into your your car's old cigarette lighter receptacle, a peripheral is a NECESSITY.  The good thing, is that plugging in a HomeATM SwipePIN device is just as quick and easy to plug into your PC or laptop as it is to plug in a phone charger.  And there's NO SOFTWARE to download.  The SwipePIN device is truly plug and play.  Not only does it provide end-to-end encryption, but it also encrypts your cards Track 2 data.  The Black Hats hate the idea of a hardware device.  For that reason, security professionals tend to love it.         

Back to the story...  

• Having anti-virus software here is hugely helpful. For one, it can identify "known" malicious programs and disable them.  If the virus that has infected your machine isn't detected, many anti-virus vendors offer a service in which they can "remotely take over your computer" and delete the malware for a fee

Editor's Note: 
The Hacker's can "remotely take over your computer" for free...(the price you pay comes later when they empty your bank account(s).

• Some "anti-virus vendors" also offer free, online virus-scanning services.  Editor's Note:  ALL "virus vendors" offer free, online virus- infection services.  Plus, tests show that anti-virus programs don't really work that well.

• You may have to reinstall your operating system if your computer is still experiencing problems. It's a good idea even if you believe you've cleaned up the mess because malware can still be hidden on your machine. You will need to back up your files before you do this.

How do I know what information has been taken?

• It's very hard to tell what's been taken. Not every infection steals your data. Some just serve unwanted ads. Others poison your search result or steer you to Web sites you don't want to see. Others log your every keystroke. The anti-virus vendors have extensive databases about what the known infections do and don't do. Comparing the results from your virus scans to those entries will give you a good idea about what criminals may have snatched up.

Translation:  You'll know when you start buying things you didn't buy!

Disqus for ePayment News