Monday, March 30, 2009

This is So Scary "It's Frustrating"...Too!

From PC World

The high-profile disclosure over the weekend of the GhostNet cyberespionage ring that targeted 1295 computers in more than 100 countries underscores howhighly targeted and sophisticated attacks, often run by criminals, arechanging the security landscape, according to a security researcher atSymantec.

"How much is the (security) landscape changing? It's changingdrastically," said Joe Pasqua, vice president of research at SymantecResearch Labs.

GhostNet, documented in a reportreleased on Sunday by the SecDev Group's Information Warfare Monitorand the Munk Center for International Studies at the University ofToronto, used malware and social engineering to give attackers fullaccess to compromised computers.  It also let attackers control thevideo cameras and microphones of these computers, letting them remotelymonitor activity in the room where the computer was located. 

Editor's Musings:  Geez,  given that they would have "full acccess" I wonder if they would also be able to see PIN's clicked by a mouse with a software-based PIN Debit application.  Nah...according to Acculynk's CEO it's designed "to frustrate hackers.
Here's an excerpt from a previous PIN Payments Blog Post...but first, a sarcastic animated gif!

"Acculynk’s CEO Ashish Bahl counters that each click is encrypted in ways intended to frustrate hackersEditor's Note: That's an interesting one. No details I can understand, but when hackers get frustrated they get motivated. Frustrating hackers, in my mind is not the level of security I want associated with PIN Debit for the Web)...

At the same time, he adds, the resources necessary to predict when to start and stop screen scraping with each click would be cost-prohibitive even for determined fraudsters. Editor's Note: Cost prohibitive is relative to the potential return. Personal Identification Numbers are the "holy grail" for hackers. You have the PIN's and you the capability to empty bank accounts. So, in my humble opinion, there's no such thing as a "cost prohibitive" barrier when it comes to PIN's. Especially, if they're "determined." The "Holy Grail" is NOT a cost-prohibitive entity. It's something hackers would want to get their hands on "at all costs."

Read the entire blog post: Acculynk Most Closely Mimics Grocery Store Experience?

The article continues: 

"It's another example of the sophistication of the types of attacks that are being put together," Pasqua said.
The highly targeted nature of GhostNet and similar attacks makes it difficult for antivirus vendors to respond quickly.
"Inthe old days, you had a threat that targeted hundreds of thousands ofpeople. It was extremely likely that Symantec was going to have a copyof it very early on and the vast majority of those hundreds ofthousands of people were going to be protected," Pasqua said. "Now youhave these targeted attacks that may only target a handful of people."

"Bythe time we get a sample, it can be too late. They've already gone andmorphed into another variant," he said. "There's no end in sight."

While there has been a lot of speculation that GhostNet was developed and controlled by the Chinese government, criminal groups are just as likely to be responsible for these types of attacks.

Continue Reading at PC World

Reblog this post [with Zemanta]

GhostNet is Scary

Vast Computer Spy Network Found: Report
By Reuters 2009-03-30

Embassies, foreign ministries, government offices and the Dalai Lama's Tibetan exile centers in India, Brussels, London and New York were among those infiltrated, said the researchers, who have detected computer espionage in the past.

WASHINGTON (Reuters) - Canadian researchers have uncovered a vast electronic spying operation that infiltrated computers and stole documents from government and private offices around the world, including those of the Dalai Lama, The New York Times reported on Saturday.

In a report provided to the newspaper, a team from the Munk Center for International Studies in Toronto said at least 1,295 computers in 103 countries had been breached in less than two years by the spy system, which it dubbed GhostNet.

Continue Reading at eWeek

Reblog this post [with Zemanta]

Congress Asked to Lower Credit Card Fees

Retailers ask Congress to lower credit-card fees -
A coalition of retailers today launched a campaign to lobby Congress to require credit card companies to negotiate with retailers in an effort to lower the “interchange” fee, averaging 2 percent, that retailers pay on each credit card transaction.

The Merchants Payments Coalition launched the campaign this morning during a telephone press conference with representatives of the National Retail Federation, the Food Marketing Institute, the National Grocers Association and the National Association of Convenience Stores.

Mallory Duncan, general counsel of NRF, said the coalition seeks federal legislation to require the nation’s banking industry, which issues credit cards through Visa, MasterCard and other entities, to negotiate with a collation of retailers over credit card fees and rules. For example, retailers might seek an agreement to offer price discounts to customers using credit cards that are less expensive to the retailer, he said.

“Retailing is the most competitive industry in the U.S., with an after-tax profit margin of about 2 percent; in the grocery segment it is even less — about 1 percent,” Duncan said. He said a 2 percent credit card fee wipes out the retailer’s profit and leads to higher prices that are charged to both cash and credit customers.

A spokesman for Visa was not available to comment, but the company’s Web site states that retailers are allowed to offer discounts to cash-paying customers, and states, “Visa believes that any inappropriate intervention into interchange, if successful, would result in fewer payment choices and a reduction in benefits for both consumers and merchants, and possibly even higher checkout costs.”

“We don’t think we can fix the economic crisis without addressing the incentives behind irresponsible credit-card lending by reforming the interchange fee system and addressing this unfair burden on American small businesses and consumers,” said Hank Armour, chief executive of the National Association of Convenience Stores, on this morning’s call.

Interchange fees have increased 300 percent in the past seven years, said Jennifer Hatcher, group vice president of government relations at the Food Marketing Institute.

The coalition said $48 billion interchange fees were paid last year.

Scott Hardman, chief executive of Rutter’s Farm Stores in central Pennsylvania, said, “Credit card interchange fees were $4.6 million for my stores alone. In this economy, this directly affects my business and also my customers.”

, , , ,

70% of The Writing is On the Wall

Payments Fraud Knows No Bounds

Bank Technology News  |  April 2009
by John Adams

It doesn’t matter whether the news is good or bad—fraudsters see the glass as completely full.

Accordingto the 2009 Association of Financial Professionals Payments and FraudControl Survey, the growth of electronic payments and the deterioratingfinancial conditions caused by the recession have both expandedopportunities for fraud.

The J.P. Morgan-sponsored survey of 629corporate treasury and finance professionals including assistanttreasurers, controllers, cash managers, analysts, and directors foundthat more than 70 percent of organizations experienced attempted oractual payments fraud in 2008.

Continue Reading at BTN


Reblog this post [with Zemanta]

MasterCard Introduces PayPass Mobile Stickers

Finextra: MasterCard introduces PayPass mobile stickers

MasterCard introduces PayPass mobile stickers
Blaze Mobile has teamed with MasterCard to offer a PayPass sticker that can be attached to any mobile device and used for contactless payment transactions at 141,000 PayPass-enabled merchant locations.

The sticker transmits card information to the merchant's point-of-sale terminal via RFID technology, allowing consumers to "tap" their mobile device on a PayPass reader to complete their transaction.

The mobile payment sticker is tied to a prepaid account and is issued by MetaBank.

Continue Reading at Finextra

Reblog this post [with Zemanta]

MasterCard Announces Q1 Financials Conference Call

MasterCard Incorporated to Host Conference Call on First-Quarter 2009 Financial Results

Purchase, NY, March 30, 2009 - On Friday, May 1, 2009, MasterCard Incorporated (NYSE:MA) will releaseits first-quarter 2009 financial results. The company will host aconference call to discuss these results at 9:00 a.m. Eastern DaylightTime.

The dial-in information for this call is 866... 771-8198 (within the US) and 617-597-5327(outside the US) and the passcode is 20007083. A replay of the callwill be available for one week following the meeting. The replay can beaccessed by dialing 888-286-8010 (within the US) and 617-801-6888 (outside the US) and using passcode 64388164.

This call can also be accessed through the Investor Relations section of the company’s website at

About MasterCard Worldwide
MasterCard Worldwide advances global commerce by providing a criticaleconomic link among financial institutions, businesses, cardholders andmerchants worldwide. As a franchisor, processor and advisor, MasterCarddevelops and markets payment solutions, processes approximately 21billion transactions each year, and provides industry-leading analysisand consulting services to financial-institution customers andmerchants. Powered by the MasterCard Worldwide Network and through itsfamily of brands, including MasterCard®, Maestro® and Cirrus®, MasterCard serves consumers and businesses in more than 210 countries and territories. For more information go to
Reblog this post [with Zemanta]

Disqus for ePayment News