Friday, June 19, 2009

Switching to "Secure" Online Bill Paying Will Save Money

Consumer Focus: Switching to online bill paying will save money - Money News
Consumer Focus: Switching to online bill paying will save money
Fri 19th Jun 2009

Following the revelation from energy regulator Ofgem that people on prepaid energy meters have been paying too much for their power, Consumer Focus has recommended that consumers change to online payments wherever possible.

Editor's Note:  And I can't think of a better way to pay for these utility bills than with HomeATM's personal card reader and PIN Pad.  When it comes to paying utility bills, such as gas, water, electric, etc. it seems to me that these companies would be eager to distribute our PCI 2.0 Certified devices to their customers in order to increase online payment security, decrease their Interchange Fees and provide a direct customer to provider conduit.  (i.e.  eliminate the middleman)  PINless debit is fine, but TRUE PIN debit is finer. 

The statutory organization's principal policy advocate Zoe McLeod said that those who swap the meter for direct debit payments could save a significant sum - up to £110 annually.

Furthermore, she added, those who switch to online direct debit payments could even save as much as £190.

Ms McLeod continued: "People should be aware that if they have a debt of £100 or less and are on a prepayment meter they still have the right to switch under something called the debt assignment protocol."

The National Housing Federation's lawyers revealed this month that energy firms overcharging their customers could be breaching EU law.  According to official statistics, E.ON, British Gas, Scottish Power and SSE all charge prepaid meter owners more than the average price required to supply a meter.

, , ,

Discover: Higher Interest Rates, More Fees, Fewer Loans

Discover CEO Says Card Reform Raises Fees, Cuts Perks (Update2)

By Peter Eichenbaum

June 19 (Bloomberg) -- Discover Financial Services Chief Executive Officer David Nelms said new U.S. safeguards for credit-card holders will mean higher interest rates, more fees and fewer loans industrywide.

“There are many consumers that actually will not benefit,” Nelms, 48, said yesterday in an interview after Riverwoods, Illinois-based Discover reported second-quarter results. “Some of the unintended consequences are going to be difficult for customers.”

President Barack Obama on May 22 signed into law limits on credit-card rate increases and fees, as well as curbs on marketing. The law was passed after complaints that credit-card firms deliberately confused customers to drive up profit. MasterCard Inc. said this month that some of the industry’s practices were “unfair” and “deceptive.”

Discover won’t be hurt as much as some competitors because it didn’t engage in some of the disputed practices, Nelms told analysts. Still, the U.S. rules will drive up average annual percentage rates on card loans and consumers may find it harder to get credit, Nelms said in the interview.

Continue Reading at Bloomberg
Reblog this post [with Zemanta]

Alibaba Opens Doors and Teams up with HSBC and Citibank A.S.

According to the B2B Market Blog, China’s Ltd, the world’s largest online B2Bmarketplace, plans to team up with HSBC Holdings plc and Citibank it aims to turn its Alipay unit into an international online paymentplatform, sources reported.

The company will allow account holders of the two global lenders topay and transfer funds online via Alipay platform. It is also reportedearlier that the Hangzhou-based company plans to cooperate withMasterCard Incorporated and Visa Inc to launch an internationalizedAlipay settlement platform.

David Wei, CEO of Alibaba, said that Alipay will be the platform inAlibaba’s B2B international settlement in the third quarter of thisyear.

Alibaba plans to spend more on marketing, research and development,as well as recruitment this year, said Wei, adding that the company isalso seeking opportunities of acquiring e-commerce companies with newtechnology.

source :
Reblog this post [with Zemanta]

More On MasterCard's Level 2 Merchant Security Rules

Click here to find out more!
Yesterday, I posted about the fact that Level 2 Merchants Now Need QSR Assessments.   Here's excerpts in a followup story from

MasterCard Beefs Up Security Requirements

In a move that is unlikely to sit well with many merchants, MasterCard has quietly changed a key security requirement for all businesses handling between 1 million and 6 million card transactions annually.

By Jaikumar Vijayan

Thu, June 18, 2009 — Computerworld
Staring Dec 31, 2010 companies that fall into this category, called Level 2, will be required to undergo an onsite review of their security controls by a MasterCard approved third-party assessor.

Presently, such merchants are only required to fill out a self assessment evaluating their compliance with MasterCard's Site Data Protection requirements. It's only the Level 1 merchants -- those processing more than 6 million cards annually -- that are currently required to do on-site assessments.

It is unclear immediately what might have prompted the change on MasterCard's part. Requests for comment from MasterCard were not returned.

MasterCard, Visa and the other major credit card companies currently require all companies that accept payment card transactions to comply with security requirements called the Payment Card Industry Data Security Standard, or PCI DSS. But each has its own standards for assessing compliance with PCI requirements.

The change marks one of the few instances where Mastercard has issued a security mandate ahead of Visa, which has generally been the most aggressive proponent of PCI.

Continue Reading at CIO

Reblog this post [with Zemanta]

Boku Bucks

BOKU splashes payments cash
by Keith Dyer

A new mobile payments entity, created by the acquisition of two existing m-payments providers, using venture capital funds, aims to exploit the growing market in using a mobile phone as the payment mechanism for purchases of digital and virtual goods online.

VC-backed Boku’s aim is to create a new standard for the mobile, by bringing bank-grade mobile payments to the Web. The company has secured $14 million funding led by Benchmark Capital, and has acquired Paymo, based in San Francisco, and Mobillcash business, originally founded in the United Kingdom. The two mobile payments companies have a potential global reach of over 1.6 billion users in 50+ countries on 170 mobile operators, a Boku statement said.

Continue Reading

Acxiom Launches Online Identity Card

Acxiom launches online identity card

Little Rock, Ark., June 18, 2009 -- Online privacy is being made simpler and safer with the introduction of a digital identity card by Acxiom® Corporation (NASDAQ: ACXM), a global leader in interactive marketing and risk mitigation services. Acxiom announced today a beta offering for retail merchants, corporations, financial institutions and other organizations that wish to offer a privately branded identity card to their customers.

“Businesses should benefit with a decrease in internal consumer authentication and fraud detection costs if they encourage their customers to adopt a digital identity card,” says Tim Christin, senior vice president of Acxiom’s risk mitigation division. “And in turn, their customers should benefit by the streamlined online experience with a single sign-on system, the elimination of user names and passwords, and the reduced risk of identity fraud.”

A digital identity card allows consumers to establish new online accounts and log in to existing accounts with a unique, encrypted identity that is stored on the consumer’s personal computer. This is the digital equivalent of a privately branded identity card that is typically carried in a person’s wallet.

These identity cards are a secure way for consumers to control their personal data and identity when conducting Internet shopping, online financial transactions, and many other activities that require disclosure of personal information. “They ensure an easier and more efficient user experience to verify an identity while reducing the possibility of ID fraud,” added Christin. “They put consumers fully in charge of their identity and information disclosure requirements over the Internet, which reflects Acxiom’s leadership role as a champion of consumer privacy and online safety.”

According to Christin, 2008 was a record year for e-commerce fraud, amounting to an estimated $4 billion in losses. “The convenience, speed and safety of online payment transactions have encouraged Internet spending,” Christin says. “The trends are for online payments to grow exponentially over the next few years, and unfortunately, with that growth also comes an increase of online fraud.”

A business can allow patrons to apply for the identity card by simply logging on to the business’s website. The consumer is prompted to answer a series of authentication questions that validate the user’s identity. After the user’s identity is authenticated and validated, the digital identity card is activated for storage on the consumer’s personal computer.

The consumer is then ready to click in to a website that accepts the identity card without entering user names/passwords or filling out time-consuming registration forms. Access is granted to secure sites that have agreed to accept the identity cards by authenticating consumers without requesting personal data or account numbers. Sites that accept the cards will display a purple “i” symbol noting the “identity card is accepted here.”

The identity card uses Acxiom’s authentication technology to verify in real time that the user is who he says he is, is not a known fraudster, and does not raise other high-risk security flags.

“Corporations have struggled for years to authenticate consumers because the Internet was never designed with any kind of identity layer,” Christin says. “With e-tailing fraud losses climbing each year, this service is ideal for companies that find background checks to be cost prohibitive or that want to offer consumers a card accessible only on the company’s website. Acxiom’s offering now provides our clients a best-practice verification and authentication architecture that takes advantage of consumer-friendly technology. Businesses can lower their identity verification/authentication costs while increasing consumer security.”

Acxiom has partnered with Azigo, a leader in user-centric identity management, to offer the Acxiom Identity Card.

Acxiom is a member of The Information Card Foundation (ICF), a nonprofit organization dedicated to advancing a simpler, more secure and more open digital identity on the Internet, increasing user control over their personal information while enabling mutually beneficial digital relationships between people and businesses.

ICF’s goal is to increase awareness of the use of electronic ID cards on the Internet and to encourage interoperability in business around new standards. About Acxiom.

A global leader in interactive marketing and risk mitigation services, Acxiom connects clients with their customers through deep consumer insight, powering effective and profitable marketing initiatives and risk decisions. Our consultative approach spans multiple industries and incorporates decades of experience in analyzing consumer information technology, data integration and consulting solutions for effective marketing and risk management across digital, Internet, email, mobile and direct mail channels. Founded in 1969, Acxiom is headquartered in Little Rock, Ark., and serves clients around the world from locations in the United States, Europe and Asia-Pacific. For more information about Acxiom, visit .

About Azigo (formerly Parity Communications, Inc.)

Azigo`s mission is to give people greater control over their online experience, helping them create permanent, trusted relationships with the Web sites they use and trust most. This user-controlled connection creates a privileged channel for the delivery of contextually relevant messages to customers in their browser - no matter where they go on the Web. For more information, visit .

Source: Company press release.
Reblog this post [with Zemanta]

Bankruptcy Filings: Eddie Bauer Addition, er...Edition

Eddie Bauer files for bankruptcy | - Daily News
Eddie Bauer Holdings Inc. is the latest big name retail brand to file for bankruptcy.

Eddie Bauer, No. 80 in the Internet Retailer Top 500 Guide, on Wednesday filed for Chapter 11 in the U.S. Bankruptcy Court in Delaware. The retailer also announced that subject to court approval and an auction it will sell its assets for $202 million to CCMP Capital Advisors LLC, a private equity firm that also has a stake in Cabela’s Inc., Guitar Center Inc. and Inc. "Eddie Bauer is a good company with a great brand and a bad balance sheet,” says CEO Neil Fiske. “A crushing debt burden placed on the company from the Spiegel reorganization in 2005, combined with the severe recession, have left us with no choice but to use this process to reduce the debt load on the business.”

While going through bankruptcy, Eddie Bauer expects to continue operating its e-commerce sites, which include and, and its network of 371 stores. Eddie Bauer, which doesn’t break out web sales, saw total first quarter sales decline 15.7% to $179.8 million from $213.2 million in the prior year as comparable store sales decreased 11.3%. Direct market sales, which include catalog and web, declined 10.7% to $56.9 million in the first quarter from $63.7 million. Eddie Bauer posted a Q1 net loss of $44.5 million vs. a net loss of $19.3 million in the prior year.

Eddie Bauer anticipates completing the sale of its assets to CCMP Capital in 60 days or less, the retailer says. Eddie Bauer joins a growing list of big multichannel and direct marketing brands that have filed for bankruptcy in the last two years. Other retailers include Circuit City Stores Inc., The Parent Co., Fortunoff, KB Toys Inc. and Lenox Inc.

, ,

Dynamic Duopoly Riddled with Legal Issues

Has the Dynamic Duopoly finally met their match?  Will their House of Cards collapse around them in a cloud of interchange fee riddled smoke and dust? 

An article in Bloomberg, entitled, "Visa Clashes with WalMart on $48 Billion dollar Card Fee" paints a grim portrait of Visa and MasterCard's potential to continue Milken fees from merchants...

Oh, one last thing, I tried, really I did, but just couldn't prevent myself from providing the following WikiQuote "From the original Dynamic Duo series":

Riddler: What is it that no one wants to have yet no one wants to lose?!
Robin: An antitrust lawsuit!
Riddler: Correct, Boy Wonder!
Via Bloomberg
  • Visa Inc., MasterCard Inc. and JPMorgan Chase & Co., already squeezed by new U.S. curbs on how credit cards are marketed to consumers, are girding for a renewed battle over $48 billion in fees levied on merchants.

  • Lawmakersare promising new rules to bring down the interchange fee, a charge onpurchases sometimes topping 3 percent that’s split by the two banksserving the customer and merchant.

  • Supporters ofthe legislation include the biggest retail chains, restaurants andsmall businesses, which say the fees erode profit and inflate prices.

  • The debate pits the largest card lenders including JPMorgan and the two biggest payment networks, Visa and MasterCard, against Wal-Mart Stores Inc. and Target Corp. Interchange is the second-biggest cost after payroll, Target said, and merchants want to negotiate lower payments collectively without running afoul of antitrust law. (remarkable statistic)

  • “The real question is whether the government is going to jump in and get into the game of price control in the free market,” Chris McWilton,MasterCard’s U.S. markets president, told investors at a June 4conference. San Francisco-based Visa said June 5 the legislation wouldraise consumer costs and cut rewards. A similar bill failed last year, the firm said. (letme chortle here at the "free market" reference, and I've been aninvestor in Mastercard for much of the past 2 years. See how it's beennearly impossible for even Discover to enter this fray with all thefinancial backing they have? Can you imagine "mom and pop transactionfirm" trying to take on MA & V?)

  • The Credit Card Fair Fee Actwould let merchants bargain together on interchange rates anddesignates the Department of Justice as arbiter. Card networks andlenders would be forced to disclose components of the fee and how banksshare the money.

  • Interchange accounted for 19 percent of revenue last year for card-issuing banks on the Visa and MasterCard networks, according to trade magazine Cards and Payments. (again that is a remarkable statistic)

  • The networks handled about 89 percent of worldwide purchases on general- purpose payment cards. (so89% handled by two firms, and there are huge juicy profits, rather thanin a true free market, where a bevy of competitors would be angling toget a piece of... since there are not a bevy of competitors we can'teven begin to say with a straight face this is an open or "free"market...which is why many major hedge funds own these 2 firms - talkabout a wide moat)

  • Visa’s and MasterCard’s dominance allows them to “set these fees on a take-it-or-leave-it basis,” said J. Craig Shearman,spokesman for the Washington-based National Retail Federation. Shearmansaid interchange fees associated with the Visa and MasterCard networkstripled from about $16 billion in 2001 to $48 billion last year. (Hmm,Mr Shearman, it's a free market, why don't retailers just go to thecompetition? What's that? There is almost no competition. Hold on letme go check my "free market" handbook on what to do next)

  • Ina typical transaction, the retailer’s bank deducts 1.9 percent fromproceeds of the purchase, a sum known as the merchant discount rate.The largest portion -- the interchange fee -- goes to the bank thatissued the card. The bank for the merchant keeps what’s left.Interchange fees average 1.7 percent of the purchase, according toJPMorgan analyst Tien-tsin Huang. ()sounds like a good deal for banks... wait, where have I heard that before...

  • Visa and MasterCard get paid a processing feefrom each bank of 15 to 18 cents on a $100 purchase, Huang said in aJune 5 report. MasterCard and Visa process about 58 billiontransactions annually, company filings show.

  • “It’s kind of unprecedented to give one industry that kind of negotiating leverage over their business partners,” she said. (not when your industry are the oligarchs of American society)

  • VisaEurope Ltd. faces an antitrust complaint from EuroCommerce Inc., aretailer group that said this month that stores should be able tonegotiate fees. MasterCard settled in April with European Commissionantitrust regulators by reducing credit card interchange to 0.30percent. (unfortunately banks are not royalty in Europe... only here)

  • JPMorgan, Bank of America Corp. and Citigroup Inc., last year’s biggest bank card lenders, don’t detail interchange revenue. (and here I thought we had a transparent banking system?)

  • “In every other aspect, merchants have the ability to negotiate and reduce their costs except this one,” said Jennifer Hatcher,spokeswoman for the Arlington, Virginia-based institute. Target lacksleverage because it’s “simply not realistic” to stop accepting cards,said Eric Hausman, a spokesman for Minneapolis-based Target

    To read the article in it's entirety at Seeking Alpha, please click here

Comprehensive Study of Financial Data Security Breaches in US 2008

A whitepaper, entitled: A Comprehensive Study of Financial Data Security Breaches in the United States - 2008 published by Perimeter Security's Chief Archietect, Kevin Prince reveals some interesting information:  Here are some of the finer points:

New laws and regulations regarding data security breaches and disclosure laws affect the way in which financial institutions do business. This study provides a review of the scope and impact of data security breaches in the financial industry in an effort to encourage proactive modification to risk mitigation technologies, policies, and procedures that reduce exposure to a data breach incident.

The data breaches mentioned in this report exposed personal information that is useful to identity thieves for unlawful purposes. This information could include Social Security numbers, account numbers, and driver’s license numbers. Some breaches that did not expose sensitive information have been included to underscore the variety and frequency of data breaches. The breaches include only those reported in the United States.

What is a Data Security Breach?

Nearly all organizations maintain records of their customers and employees. A data breach occurs when that information falls into the wrong hands, is extracted, viewed, exposed to, or captured by an unauthorized individual. The following are some examples of data breaches that have happened in just the past few years:

According to laws in over 45 states, when a data security breach occurs, notification must be made to the affected individuals. Depending upon the size and scope of the breach, notification can be handled in a variety of ways, including by mail, telephone, e-mail, or through the news media. 

According to a survey taken at a recent RSA conference, only 11% of companies disclosed security breaches that occurred in 2008.  Therefore, the number of breaches we know about and can be analyzed in this study are a small percentage of all data breaches.

Cost of a Security Breach

The costs of recovering from a security breach vary depending on the type of company or industry, the circumstances surrounding the security breach, type of data compromised, liability, and so forth. Many organizations are required by federal law to perform risk assessments to determine their exposure to a variety of threats and risks. To perform a comprehensive risk analysis, an organization needs to know what it would cost to recover from a given compromise.

According to a Ponemon data breach report22 recently updated, the average cost of a data security breach is $6.6 million and more than $200 per compromised record. The report, sponsored by PGP Corp., examined the costs incurred by 43 organizations that experienced a data breach. Breaches ranged as high as 113,000 records and the average total cost per company ranged from more than $613,000 per breach to nearly $32 million.

Editor's Note: Wow...$200 per compromised record?  That means if the Heartland Payment Systems hack gained access to (according to many reports) 100 million records, the final tab would be in the $2 Billion dollar range.  How could they possibly survive? 
Speaking of Heartland, the report mentions them prominently:

Heartland Payment Systems Case Summary

Until recently TJX Companies held the top spot in total number of records compromised in a data security breach at 45.6 million records. Heartland Payment System of Princeton New Jersey announced that they experienced a data security breach that is believed to be the largest in U.S. history. The number of records compromised start at the 100 million mark but could reach much higher.

Lawsuits have already been filed against Heartland. (click here for the Banks vs. Heartland Class Action Lawsuit)  The lawsuits seek damages and relief for the “inexplicable delay, questionable timing, and inaccuracies concerning the disclosures” with regard to the data breach.

The attack was much more sophisticated than TJX and is similar to Hannaford (the New England based grocery store chain that had a 4.2 million record security breach) where malware was loaded on servers where payment transactions were routed. Hannaford was notified by the FBI that 1800 fraud cases were linked to cards used by Hannaford customers that lead investigators to find the malicious software. Heartland was notified by Visa and MasterCard of suspicious activity surrounding processed card transactions.

The company found evidence of malicious software that compromised card data that crosses Heartland’s network. Initial investigation suggests this may be the result of a global cyberfraud operation. The 100 million records being breached is being assumed because that is how many transactions they process each month, which the malware had access to. Currently it is unknown how many months of information were captured. It is also unknown at this time the various data types of information captured.

Reblog this post [with Zemanta]


Elijah O'Connor writes that FaceBook's  Texas Hold'em Poker games, may have evolved into an illegal operation.  Online payment systems AlertPay and Facebook have agreed to terminate operations whereby some players have begun to "sell" Poker chips to other Facebook users...
Facebook Poker Players May Be Violating US Online Gambling Laws
Facebook is the largest social networking site in the world, and anytime that many people are involved with one site, there is the possibility that illegal gambling activity could be taking place. In this instance, that illegal activity could involve breaking US online gambling laws.

Facebook offers Texas Hold'em poker games on the site. There is no monetary value involved in the games, but some players may have found a way to break the law. That is why online payment system AlertPay has agreed to terms with Facebook to terminate operations where poker chips are being sold.

The operations involve players gaining chips for the Facebook poker application, and then selling the chips to other people who want to play the game. It is an operation that Facebook has quickly detected, and the site, along with AlertPay, are putting a stop to it.

"Facebook does not permit online gambling on its platform and some sellers attempted to convert the Texas Hold'em Poker application into monetized online gambling," said a statement on the official blog of AlertPay.

According to the statement, AlertPay was particularly concerned with the possibility that these operations could have been violating US online gambling laws. The laws are vague, but unregulated Internet gambling is not permitted.

"Site offering for sale virtual poker chips for use with Texas Hold'em Poker are in violation of AlertPay's User Agreement and in potential violation of state and United States Federal laws prohibiting unlicensed and/or gambling," read the statement, "as well as the Unlawful Internet Gambling Enforcement Act of 2006."

Reblog this post [with Zemanta]

Online Banking Report Publishes: "Improving Online Account Opening ROI" 10 Strategies...

Online Banking Report Publishes "Improving Online Account Opening ROI: Ten Strategies to Increase Your Online Application Conversion Rates"

Online Banking Report announces a new in-depth research report that explores online account opening and focuses on ways financial institutions can increase conversions and improve results when opening financial accounts online or over a
mobile phone.

Online account opening is essential for gaining incremental business online. And it will grow in importance as we move towards the post-branch era when all accounts will be opened online and over the phone. While, overall, online account opening has gotten better over the years, there is still much room for improvement. Banks and credit unions still make many small mistakes, most of
which can be easily corrected. There are also still some major flaws in the systems, even at major financial institutions.

This report walks through the online application process at ten banks and credit unions, with each case illustrating important lessons in how to optimize online applications. The report then presents the best practices in online account opening via a ten-step process that financial institutions can follow to maximize the conversion rates of customers who begin an online application. Also included in the report is a comprehensive self-evaluation checklist to help financial institutions identify the strengths and weaknesses in their own online applications as well as a projection for future growth in the online account opening market through 2018.

This exclusive research is available only from Online Banking Report and is a must-read for any financial institution that wants to optimize their online account opening process. It can be downloaded immediately after purchase at

About Online Banking Report

Founded in 1995 by former banker Jim Bruene, Online Banking Report provides in-depth analysis, relevant data, and informed recommendations to financial services executives in 50 countries. Online Banking Report is published by Online Financial Innovations, a Seattle-based research company. For more information and free sample reports, visit, email or call 206-517-5021. You may also find OFI`s blog on the latest in online finance & banking at

Source: Company Press Release

Reblog this post [with Zemanta]

TJX "Hackers 11" Story from Wired

I've followed the TJX Breach and posted many articles on it over the past 15 months, having dubbed it Hackers11.  Haven't heard much about the case lately until Kim Zetter, from Wired published this story last night. 

Here's an excerpt:  The full story can be read here.

TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison

By Kim Zetter | Wired

Accused TJX hacker kingpin Albert Gonzalez called his credit card theft ring “Operation Get Rich or Die Tryin.”

He spent $75,000 on a birthday party for himself and once complained that he had to manually count $340,000 in pilfered $20 bills because his counting machine broke. But while Gonzalez apparently lived high off ill-gotten gains, a programmer who claims he earned nothing from the scheme sits broke and unemployed, his career in shambles, while awaiting sentencing for a piece of software he crafted for his friend.
These and other new details have emerged in court documents filed in the case of 25-year-old Stephen Watt, a minor participant in what the feds are calling “the largest identity theft in our Nation’s history.”

The documents include a sentencing memorandum filed by prosecutors seeking five years in prison and three years of court supervision for Watt, and a counter-argument from attorneys representing the New York man.

Watt, a 7-foot-tall software engineer who was working for Morgan Stanley at the time the hacks occurred, pleaded guilty in December to creating a sniffing program dubbed “blabla” that Gonzalez and others allegedly used to steal millions of credit and debit card numbers from TJX and other companies. He’s scheduled to be sentenced Monday, though his lawyer, Michael Farkas, told Threat Level this will likely be delayed.

“Stephen’s take on this is that he accepts responsibility for aiding people that he knew would commit wrongdoing,” Farkas tells Threat Level. “However, he is very disturbed by the government’s aggressive attempt to make him into more than what he is.”

Farkas asserts that Watt was merely a peripheral player in the scheme, driven by intellectual curiosity and friendship, not criminal gain. The lawyer is seeking a sentence of probation for the programmer, who is free on bail.

Watt was ignorant of the use to which his best friend would put the custom packet sniffer, and was the only one of Gonzalez’s co-conspirators who had “a budding career and a bright future,” Farkas writes in his filing. While Watt was finishing college and securing his first job, Gonzalez was advancing his criminal enterprise.

Prosecutors, though, beg to differ, wielding more than 300 pages of chat logs exchanged with Gonzalez during the year before TJX was breached in May 2006. The two talked daily through phone and instant messaging, authorities say, sharing “all their exploits: sexual, narcotic and hacking.”

“You have got to convince typedeaf to do some work for me,” Gonzalez wrote Watt at one point, referencing the handle of another hacker. ”If he was able to hack some euro dumps we can make a fortune. I hacked a place and took ~30k euro dumps and this last week I made ~11k from only selling ~968 dumps.” (Dumps are the underground’s term for credit or debit card magstripe data, including account numbers.)

During this time, Watt wrote customized code to help Gonzalez breach networks, including the “blabla” sniffer, which was stored on a server in Latvia and used to steal tens of millions of credit and debit cards from TJX in 2006 and from Dave & Buster’s in 2007. According to court documents, the Secret Service recovered 27.5 million stolen numbers from a server in Ukraine and 16.3 million numbers from a server in Latvia.

The breach cost TJX $200 million according to its 2009 SEC filing...

Continue Reading at Wired

Reblog this post [with Zemanta]

Disqus for ePayment News