LOS ANGELES -- A jury has awarded $300 million to a venture capitalist who accused aone-time business associate of stealing his research into a Web-basedcredit card processing system.
The Los Angeles jury reached its decision Monday in the lawsuit against Greg Daily, who was sued for fraud and other claims.
Plaintiff Douglas Shooker claimed Daily blocked him from exercising a contract to buy a majority stake in the credit card transaction processing company after Shooker shared research on capturing revenue from Web-based purchases. Daily's lawyer, James Penrod, calls the award for compensatory damages excessive and says he's contemplating an appeal. (Editor's Note: Excessive? It depends. I tried but could not find who this mysterious "Web-based credit card processing system" is that he could have gotten a majority stake in. No luck...yet. Found out it's NOT PayPal. UPDATE: It's iPayment Inc. and Daily filed for bankruptcy today.
The jury is scheduled to return Thursday to deliberate about punitive damages.
Prosper, a company who was at FinovateStartup09 along with HomeATM has announced that it is temporarily ceasing operations...again. Here's a blurb:
Prosper stops its operations again
Prosper US, a person-to-person loan exchanger, has shut down its operations again, just a couple of weeks after coming out of an enforced six month spell on the sidelines. Like competitor outfits Lending Club and Loanio, Prosper was forced to close its doors to new loans last year as it looked to register its business with the Securities and Exchange Commission. But last month it received an intra-state exemption from the California Department of Corporations. This meant Californian residents and businesses could make loans, with anyone in the US able to borrow.
However, SEC registration was not completed and the company has now "decided to voluntarily shut down" operations until this is done. "As a result, due to regulatory concerns, and in the interest of working toward getting our registration statement effective as soon as possible, we are discontinuing our California intrastate offering at this time," – said the representative of the company. Existing lenders and borrowers will not suffer.
There was no explanation provided by the company for the quick U-turn or guidance on when it expects to start business again, saying only this will be "in the hopefully not too distant future".
The Heartland Fallout continues. The Boston Globe reports today that Tens of Thousands of credit and debit cards had to be reissued in Massachusetts due to the sniffer program that infiltrated Heartland Payments Systems. At $200 plus per card, the bill keeps getting bigger. Will Heartland survive? Why did their stock go up from $4 to $9? Sell Sell Sell!
Data breach ensnares many in Mass.
Credit and debit card numbers compromised
By Todd Wallack | Globe Staff / May 13, 2009
Tens of thousands of Massachusetts consumers have been forced to get new credit or debit cards after cyber thieves hacked one of the nation's largest payment processors and accessed consumers' account information.
Since the security breach at Heartland Payment Systems Inc. was disclosed four months ago, 17 Massachusetts banks have reported that the thieves potentially gained access to many of their customers' credit or debit card numbers and other personal information, according to documents the companies submitted to state regulators; each of the banks said the incidents affected more than 1,000 customers.
For instance, Rockland Trust Co. told the state it was forced to reissue nearly 19,000 MasterCard debit cards and 64 Visa credit cards to customers this spring, while East Boston Savings Bank said it replaced the debit cards for as many as 7,600 customers. Salem Five Cents Sav ings Bank said the debit cards for 7,200 of its customers, mostly Massachusetts residents, were "compromised" by the breach and issued new cards to customers with active accounts earlier this year.
While most banks gave customers new cards to prevent potential fraud, a few others said they were instead monitoring customer accounts. The banks also notified customers of the breach, as required by state law.
So far, though, officials said there have been few reports of outright theft from customers.
Rockland Trust told the state it had tallied $33,000 in fraudulent purchases in accounts affected by the breach as of February. The bank did not provide more details and declined to comment on the breach.
Meanwhile, two other banks, Newburyport Five Cents Savings Bank and Webster Five Cents Savings Bank in Auburn, each told the state they had not detected any theft linked to the incident. A Salem Five spokesman declined to comment, while East Boston Savings Bank did not return a call seeking comment.
"Anecdotally, we've seen only small amounts of fraud," said Jason Maloni, a Heartland spokesman.
Maloni said the breach exposed credit and debit card numbers and expiration dates, and in some cases customer names, but not social security numbers, addresses, and other personal information, which may limit the impact of the theft. Heartland, based in Princeton, N.J., said it doesn't know how many customers were affected in Massachusetts.
However, Heartland was hit with a multimillion-dollar fine by MasterCard for "allegedly not taking appropriate action" after being notified of the security breach. Heartland said it is appealing that fine.
Meanwhile, the company is also under investigation by numerous federal agencies, including the Securities and Exchange Commission and the US attorney in New Jersey for how it handled the breach, as well as alleged stock trades made by company officers in the days after it discovered the intrusion. Heartland shares dropped sharply after the company disclosed the breach Jan. 20. The company's stock, which peaked at more than $18 per share in early January, fell rapidly in the days after the disclosure, going as low as $4 in March. It closed yesterday at $9.04. (Editor's Note: ???? is it all the end-to-end encryption propaganda? I don't see how they could possibly survive. Massachusetts had to issue tens of thousands of cards. The cost for each one is estimated at $202.00. There's 49 other states and the breach is not limited to the USA. Bermuda, Guam etc. have all been affected. Continue Reading at the Boston Globe
Pirated Windows 7 OS Comes With Trojan, Builds A Botnet At its peak, the Trojan-infested counterfeit version of Microsoft's prerelease version of Windows 7 was infecting more than 200 PCs an hour
By Kelly Jackson Higgins | DarkReading
A pirated version of the new Windows 7 operating system release candidate that has been circulating around the Internet is also building out a botnet.
The rogue OS, which is rigged with a Trojan downloader, at one point had around 27,000 bots in its control as of May 10, when researchers took over the command and control (C&C) server that communicated with the bots and served them additional malware. At the height of the botnet buildup, the botmaster was recruiting more than 200 machines an hour, says Tripp Cox, vice president of engineering for Damballa. The victims initially downloaded the pirated OS via popular bootlegged software sites and online forums. Continue DarkReading
MasterCard announced today that they are pleased to announce that they can do mobile money transfers.
PURCHASE, N.Y., May 13, 2009 /PRNewswire-FirstCall via COMTEX/ -- MasterCard (MA) today announced that their fully-integrated, on-demand person-to-person (P2P) mobile payment platform for issuers in the United States is set to go live later this month. With this new platform, MasterCard participating bank customers will be able to offer Mobile MasterCard MoneySend(TM) P2P payments to their customers.
Mobile MoneySend is the breakthrough consumer payment platform that provides a better way to send and receive funds via SMS-text, mobile browser, mobile applet or an Internet PC. Initially, consumers will be able to use MoneySend with a MasterCard prepaid card issued by The Bancorp Bank and then link it to their mobile phone number to send or receive money.
Editor's Note: If MasterCard's Mobile MoneySend is the "breakthrough" consumer payment platform and it's limited...(can "initially" only be used with a MasterCard prepaid card issued by The Bancorp), then HomeATM must have the "quantum leap/transilient version of a P2P money transfer application. Why? Because our version can only be "initially" used with "ANY US Bankcard"...on ANY web device!
With HomeATM you need only to swipe your card and enter your PIN "ONE-TIME" ...henceforth HomeATM securely stores your encrypted card data in our HSM located at our Network Operations Center.
What does that mean? It means that your mobile phone is forever enabled to 3DES DUKPT "securely" send or receive money...to anyone. Let's review: ANY Bankcard via ANY Web Enabled Device to ANYbody. ANY questions?
As additional issuers enroll for the platform, their customers will be able to use MoneySend with their everyday accounts, including MasterCard debit, credit, prepaid or checking, as determined by their issuer. Once registered for MoneySend, consumers have the flexibility of directly, easily and securely transferring funds to and from family and friends through their mobile phone, eliminating the need to write or cash checks, visit ATMs, or wire money domestically.
Senders initiate transfers to any domestic mobile phone number via SMS message, mobile web browser or a downloadable MoneySend application.
Upon initiation of the transfer, the sender approves the request by entering the MoneySend mobile PIN which only the accountholder knows. Then the recipient receives a text message confirmation of the transfer (for pre-registered users) or that the transfer is pending (for yet to be registered users). The funds can then be accessed by the recipient through an account designated during the registration process. Initially, this will be a prepaid account with The Bancorp Bank. These funds are then available for access through the mobile phone. If the consumer has a MasterCard card associated with the account the funds can also be accessed at traditional points of interaction, including ATMs, over-the-counter at a bank branch, or at the point-of-sale.
"Our existing MoneySend platform and Obopay's connectivity to mobile networks has allowed us to bring a simple solution for mobile P2P payments to consumers in the U.S. in partnership with our customer banks," said Art Kranzley, Chief Emerging Technology Officer, MasterCard Worldwide. "We know that consumers are now constantly connected, whether in front of their computer screens or on the go with their mobile phones that are always there and always on. Since the MoneySend platform supports P2P payments through any PC or mobile device, we are able to offer a consistent transaction experience in both online and mobile channels for consumers in the U.S.
A credit card with a built-in display is being tested by Visa with the aim of reducing online fraud. The Emue Card generates and displays a unique code each time it is used. Developers say that the new technology would make it very hard for fraudsters, as any transaction would require the PIN to generate the code. Watch Video
The new technology comes against a growing backdrop of fraud. While chip and pin technology has helped reduce crime at the tills, when it comes to phone, internet, and mail order fraud - known in the industry as card-not-present or CNP fraud - the figures are growing every year and now make up more than 50% of all credit card fraud.
These transactions ask for the 16-digit code on the front of the card, and expiry date and some also ask for the three digit security card on the back. All of these details are available to a criminal who has a stolen card.
The new code technology could reduce so-called 'card not present' fraud According to figures from the Association for Payment Clearing Services (Apacs) - the trade forum for banks, building societies, and credit card firms - CNP fraud accounted for more than £328.4 million in 2008, a rise of 13% from the previous year.
Michelle Whiteman, a spokesperson for Apacs, said there were a number of problems in tackling CNP fraud.
"Firstly, you aren't able to check the card's physical security measures, such as the hologram or signature. "Then, at present, there is no form of chip and pin security. "And finally, because of the anonymous nature of internet transactions, there fraudsters have a much lower chance of getting caught, which probably encourages some people who might otherwise not commit a crime," she said.
Visa say the new Emue system could help combat this by adding an additional layer of security. While the three-figure security code would remain, an additional four figure code - generated by the card - would also be required before a transaction could go through.
Backwards compatible
Sandra Alzetta, head of innovation at Visa, said that the card was bringing the principles of chip and pin technology to the online world. "The card needs to be globally compatible: that means embossed characters for mechanical swipes, a magnetic strip for systems that require a signature, the fixed three digit security code and now the unique four figure code.
Yesterday 4 Romanians were charged in a $1.8 million skim scam and another $500,000 was stolen from Staten Island ATM users (see today's posts) and now a new report from Actimize says that financial institutions expect ATM fraud to grow. No surprises there. Here's the Press Release announcing the Actimize Card Fraud Report: To get access to the full report you may click here.
New reports says U.S. FIs expect debit, ATM fraud to grow in 2009
Half of financial institutions experienced fraud complaints as a result of major data breaches
Research Highlights Include:
• Responses from over 110 financial services representatives •Only 35 percent use analytics to predict when to reissue cards;excessive card replacements due to lack of effective risk managementtools • Seventy-four percent lack real-time ATM-Debit fraud prevention capabilities
NEW YORK - May 12, 2009 - Actimize, a leadingprovider of transactional risk management software for the financialservices industry and a NICE Systems company, today announced theresults of an independent Actimize peer-review survey examining masscompromise and ATM/debit card fraud. Of the financial servicesrepresentatives polled in the Card Fraud and Mass Compromise study, 45percent believe they have seen mass compromised data used in fraudattacks against their institutions. Mass compromise impact Masscompromise of client card information is negatively impacting the cardindustry on several levels: excessive card replacement, increased callcenter and operational costs and damage to customer confidence. •Approximately 80 percent of respondents somewhat or strongly agreedthat mass compromise events can decrease consumer confidence in theATM/debit card channel. • Fifty-seven percent said mass compromise events increase overall costs for financial institutions. • Twenty percent estimated an increase of at least 10 percent in call center traffic after a single mass compromise incident. •While most respondents expect less than one percent of exposed accountsactually to experience fraud, 15 percent reissued cards to over 20percent of their cardholder population. ATM/Debit card fraud on the rise •Seventy percent of respondents saw an increase in fraud claims in 2008as compared to 2007, of those with increased fraud claims, 58 percentexperienced double digit growth. • Over 80 percent expectATM/debit card fraud attempts to increase in 2009 as compared to 2008,with 35 percent predicting a 10 to 14 percent growth rate this year. •Fifty-five percent of respondents expect US card fraud levels toincrease or dramatically increase once Canada adopts Chip and PIN(EMV), which is expected to reach critical mass by 2010. This isbecause fraudsters migrate to the path of least resistance. • Forty-nine percent expect first party fraud to increase in 2009.
"Customer and card data are compromised daily and it is our beliefthat more and more accounts will end up being exposed," said Amir Orad,EVP and CMO at Actimize. "Based on this research, too many banks lacksophisticated risk management tools when dealing with mass compromisesand end up excessively re-issuing cards - this is not a cost effectiveor long-term solution. These attacks have the potential for extremelyhigh losses to the banking industry, and they will continue. Actimizebelieves it is vital that financial institutions prepare to counterthese threats properly." Real-time prevention - a major gap and opportunity When asked about the ability to analyze and stop fraudulent transactions in real time: • Only 26 percent of respondents have that capability. •Of those without, 38 percent of respondents believe they can save 20percent or more of current losses by implementing real-timetechnologies.
"Real-time analysis and blocking has historically been verychallenging, and either didn't work or resulted in a high falsepositive rate due to technology limitations," added Orad. "It iscertainly our own experience, and the belief of the researchrespondents, that today's modern fraud solutions can be very efficientat real-time prevention and can provide a major performance lift."
The Actimize Card Fraud and Mass Compromise study was managed byInfosurv, and independent research company. Survey participantsincluded 113 financial services representatives within the card andpayments and banking industry. Respondents were primarily located inNorth America and Europe, with the remainder in Asia Pacific andAustralia. To access the full report, go to www.actimize.com/cardfraudreport. About Actimize Mitigating transactional riskacross enterprise silos, Actimize is a leading provider of softwaresolutions for anti-money laundering, brokerage compliance and fraudprevention. Built on a patented, scalable and extensible analyticsplatform, Actimize solutions enable financial institutions to increasetheir insight into real-time customer behavior and improve risk andcompliance performance. Actimize technology processes billions oftransactions a day for many of the world's top banks and brokerages.Actimize, a NICE Systems company, has offices in New York, Israel,London and Tokyo. For more information, go to www.actimize.com.
PULSE signs with MoneyPass for surcharge-free ATM access
AUSTIN,Texas — Doug Miraglia says 2009 will be the year of the surcharge-freeATM network. The president and founder of the MoneyPass Network saysthe timing is right. The economic recession, coupled with financialinstitutions’ need to get back to basics and focus on their corecompetencies, has created the perfect storm for change.
“I see surcharge-free networksreally taking off. Banks and credit unions have done a great jobeducating their customers about using our ATMs, and consumers get it,”Miraglia said. “On-us transactions, while nice, are not necessarily thebest way to go these days. By working with a surcharge-free network,the bank or credit union immediately has a larger footprint withouthaving to invest in more ATMs.”
PULSE announced the deal yesterdayduring its Debit ReDefined conference in Austin, Texas, when itannounced the launch of its PULSE Select surcharge-free ATM network.The alliance with the MoneyPass Network, which is owned by U.S. Bank/Elan Financial Services, gives PULSE and MoneyPass surcharge-free ATM access to more than 16,000 ATMs throughout the United States.
“In today’s economic environment,consumers are looking for ways to cut costs, while maintainingconvenient access to their money,” said Judith McGuire, PULSE’s seniorvice president of product management. “In response, the PULSESelect/MoneyPass network provides financial institutions with aneconomical solution, while driving customer loyalty and creating acompetitive advantage to help participants attract new cardholders.”
FIs participating in the PULSE Select/MoneyPass network are immediately able to provide the network to their cardholders.
“We saved our cardholders $30million in 2008 in waived surcharge fees,” Miraglia said. “So thisoffers an excellent opportunity for PULSE, since they don’t have tobuild their own surcharge-free network organically. It’s a win-win.They get access to MoneyPass and we get to build on the excellentreputation PULSE has with banks and credit unions.”
The two companies have been in talkssince last year. MoneyPass has a similar deal with the NYCE network,though PULSE and MoneyPass have agreed to actively cross-promote theunion through logos and ATM promotions. Both NYCE and PULSE havereseller agreements with MoneyPass.
Four Eastern Europeans charged in $1.8 million ATM scam
• 12 May 2009
Syracuse.com: Four men who were living in Florida allegedly made trips to Cicero, Rochester and New York City to install skimming devices on ATMs. The men targeted the drive-up ATM of a Chase bank while visiting Central New York to see an acquaintance. Chase employees discovered the skimming device and notified the Secret Service. Since the investigation began, police determined that the suspects were at the Cicero bank on at least five occasions in November, stealing about $40,000 from customers. The total amount they scammed was $1.8 million, and most of it was wired to Eastern Europe.
SIX Card Solutions moves into Austria with First Data deal
Swiss payments outfit SIX Card Solutions (formerly Telekurs Card Solutions) is to take over parts of First Data's Austrian processing business in a two-year phased transfer of staff and bank card transactions commencing in 2010.
Close to 130 former First Data employees will transfer to SIX Card Solutions, along with those parts of the Austrian business relating to the processing of card transactions for PayLife Bank and other customers currently serviced out of First Data's Austrian data center. Continue Reading at Finextra
Australian consumers are being warned about a scam email promising a $500 Myergift card, which may actually conceal a virus designed to access theirbank details.
NSW Fair Trading Minister Virginia Judge says thescam email from 'Shoppers Saving Centre' asks people to participate ina survey in return for the gift card.
The Fair Trading department has received reports that people who took part in the survey never received the gift card. 'Thisappears to be a phishing scam designed to obtain consumer's internetprovider addresses so that an embedded virus can access their bankingdetails,' Ms Judge said in a statement on Tuesday.
Myer has told the department it has no association with 'Shoppers Saving Centre'. Ms Judge says anyone who receives the email should delete it immediately.
Computer viruses seem to be getting more destructive, in part because criminals are trying to make it harder for people to spot account takeovers Brian Krebs, who blogs for the Washington Post in his "Security Fix" columns writes about the Zeus Tracker, a botnet which recently was responsible for flicking the "kill switch" on 100,000 PC's. Here's an excerpt from his article:
"One of the scarier realities about malicious software is that these programs leave ultimate control over victim machines in the hands of the attacker, who could simply decide to order all of the infected machines to self-destruct.
Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control. But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords. Hüssy oversees Zeustracker, a Web site listing Internet servers that use Zeus, a kit sold for about $700 on shadowy cyber criminal forums to harvest data from computers infected with a password stealing Trojan horse program. One of Zeus's distinguishing features is a tool that helps each installation on a victim PC look radically different from the next as a means to evade detection by anti-virus tools. According to Hüssy, among Zeus's many features is the "kos" option, which stands for "kill operating system." The help file distributed with Zeus kits includes the following Google-translated explanation of this feature:
kos - incapacitate OS, namely grip branches HKEY_CURRENT_USER registry and / or HKEY_LOCAL_MACHINE. If you have sufficient privileges - fly to "blue screen", in other cases creates the brakes. Following these steps, loading OS will not be possible!
In early April, Hüssy began tracking a Zeus control server used to receive data stolen from a botnet of more than 100,000 infected systems, mostly located in Poland and Spain. While investigating this newfound Zeus control server, he noticed something unusual: the "kill operating system" had just been issued to all 100,000 infected systems. Hüssy said he has no idea why the botnet was destroyed. "Maybe the botnet was hijacked by another crime group," he offered in an online chat with Security Fix. Then again, maybe the individuals in control over that ill-fated botnet simply didn't understand what they were doing. "Many cyber criminals...using the Zeus crimeware kit aren't very skilled," Hüssy said. Researchers at the S21sec blog have their own theory: that maybe attackers wield the nuclear option to buy themselves more time to use the stolen data. "The point more probably for a phisher is to earn time," writes S21's Jozef Gegeny. "Taking the victim away from Internet connection - before the unwanted money transfer is realized and further actions could be taken."
As one might imagine, bad guys who control these Zeus crimeware servers aren't always too happy about having their networks called out. Since my interview with Hüssy on Wednesday, his site has come under a fairly massive distributed denial of service (DDoS) attack, no doubt from systems under the control of Zeus botmasters. "
Listed below are just a "few" of the risks when you shop online without HomeATM's PCI 2.0 Certified PED
Shopping online without a HomeATM PCI 2.0 Certified SafeTPIN leaves you vulnerable to cyberthieves. There are many ways in which hackers can steal your sensitiveinformation without you knowing it. Here is a list of some of thepotential threats you face when shopping online without our SafeTPIN: Privacy-invasive software – This is software thatmonitors your computer with the intent of stealing sensitiveinformation and is often of a commercial nature.
Spyware – Softwarethat could be on your computer without you knowing it. Not only canSpyware monitor what you are doing (including watching you type in yourcredit card number), but it can actually change how you interact withyour computer. Crimeware – Softwaredesigned specifically for the purposes of identity theft so theattacker can access your online banking or online shopping accounts.
Man-in-the-middle attack (MITM) – An attacker sitsbetween your computer and the computer you are trying to communicatewith (the shopping site), intercepting, and even changing, theinformation. Trojan – You install software that apparentlyperforms a useful function, but it actually has a hidden agenda. Onceinside, the attacker can watch your screen, save their files to yourcomputer and even control your computer. | Keystroke logging – A method of recording yourkeystrokes. This is a very common way to monitor mouse operations andobtain screen shots or monitor what is typed on your keyboard. Phishing – You get an official looking email froma trustworthy source (like a bank or PayPal) asking for information ofsome kind (usually passwords, SIN numbers, credit card numbers etc.).Of course, the email is actually from a fraudster posing as someonelegitimate. Memory sniffing – A program that effectively “sniffs” out your memory, revealing passwords, credit card data and other such information. Exploits – Software or a sequence of commands that take advantage of a bug or vulnerability on your computer to take over your computer.
Description: An outbreak of bank-related data theft trojans was observed during the first quarter of 2009. These outbreaks were traced to the Zeus botnet which was implicated in a $6 million dollar commercial account heist on 20 European banks in the summer of 2008.
In March 2009, the Zeus botnet began employing an exploit toolkit known as Luckysploit, which uses an asymmetric key algorithm (standard RSA public/private key cryptography) to encrypt the communication session with the browser. The exact origin of the Luckysploit toolkit is unknown, although the Zeus botnet is believed to be controlled by Russian cybercriminals.
Description: A sophisticated band of thieves managed to steal personal information and more than half a million dollars from hundreds of New York City bank customers by rigging ATMs in what police say is further evidence of the continued assault on personal data by identity thieves.
Police said the identity thieves installed devices on ATM machines at Sovereign Bank branches in Staten Island that enabled them to collect account and PIN numbers, the New York Daily News reported Monday.
First they placed skimmers on the slots where customers inserted their bank card that could read and store the information. Then a tiny camera was hidden in the lighted sign on the ATM that filmed customers typing in PIN codes, the Daily News reported.
"This crew is sophisticated," Deputy Inspector Gregory Antonsen, head of the NYPD's special investigations division, told the Daily News. "And they are coming up with new ways to steal your identity every day."
The ATM-riggers managed to steal more than $500,000 from more than 250 victims. They also created fake ATM cards with the same magnetic codes as the victims and used the cards at different banks, police said.
I heard (or read, don't remember which) that it's common place to send a text message to one's boy or girlfriend telling them it's time to move on...apparently Twitter is the today's new vehicle used to tell people when it's time to move on to another job.
Last week, Brian Hartzer, CEO of ANZ's Australian operations announced his resignation on Twitter. Hartzer said: "Folks, this is my last tweet as I've resigned to pursue an overseas opportunity. Thanks for your continued support for ANZ. All the best."
"The smart money says Hartzer is joining RBS as its retail operations chief, taking over from Gordon Pell. It's a key position that would put him in the running as a potential heir apparent to current CEO Stephen Hester.
"Will Hartzer's appointment usher in a new era of Twitter-inspired transparency at RBS?
Let's hope so. After the Fred Goodwin saga, RBS needs all the goodwill it can get."