Monday, January 4, 2010

Hackers Conquer "Some" Two-Factor Authentication



Before you read this story, allow me to clarify.  Not all two factor authentication is being defeated.  That is why I place the "some" word in the title.  Two factor authentication is "loosely" defined as something you HAVE and something you KNOW.  Does that mean that "having" a username and knowing a "password" constitutes 2FA?   Does "having" a social security number" and knowing what town you were born in constitute 2FA?   I don't consider either of those two examples true 2FA.  Yet some do.  Anyway, I think you get my point.  



Genuine Two-Factor-Authentication is used at ATM machines and is trusted to dispense cash in real-time.  What you "have" is the bank issued card and what you know is the bank issued PIN.  Nothing is typed.  The card is inserted into the ATM, it reads the data on the magnetic stripe including the Track 2 Data and the PVKI and PVV.  Then it asks you to enter in your PIN for the second factor of authentication.  As long as the ATM is not equipped with a skimming device, the magnetic stripe data is not exposed as it travels via the bank's existing rails.  And as long as there is not a hidden camera designed to capture your PIN entry, your transaction is safe.  Neither of those threats exist if an online banking customer was to swipe (insert) their card (what they have) and enter their PIN (what they know)  Therefore, genuine 2FA is still alive an well.  It's the weaker (albeit they call it strong) 2FA systems that are being "conquered."  What's that old line?  I came...I SAW...I conquered?  There's nothing to "SEE" when a HomeATM device is used, because it's instantly encrypted at the maghead.  No see...no conquer.






BY Mel Duvall, Chief Content Officer at CIOZone



Cybercriminals are increasingly gaining access to bank accounts and user credentials by beating strong two-factor authentication security, warns research firm Gartner.



Fraudsters are raiding bank accounts by using Trojans that steal passwords and credentials.



Other strong authentication factors, such as those using chip cards and biometric technology that rely on browser communications, are similarly being defeated.



“These attacks have been successfully and repeatedly executed against many banks and their customers across the globe in 2009,” said Avivah Litan, an analyst and vice president with Stamford, Conn.-based Gartner. “However, while bank accounts are the main immediate target, these attack methods will migrate to other sectors and applications that contain sensitive valuable information and data.”



Examples of new attacks that are emerging in the “wild” include:



• Malware on the users’ computer overwrites transactions sent to an online banking Web site. This happens behind the scenes, so that the user does not see the revised transaction values. Many online banks will then communicate the transaction details back to the user’s browser for confirmation, but the malware changes the values seen by the user to reflect the values originally entered. In so doing, neither the user nor the bank realizes that the data has been altered.



• Authentication used in voice telephony applications is being circumvented by a simple technique whereby the cybercriminal asks the phone carrier to forward the legitimate user’s phone calls to the fraudster’s phone.



In respect to the telephony fraud attacks, Litan says server-based fraud detection and security policies which prevent forwarding calls have proven effective.



“Gartner clients who have fended off such attacks have done so with either automated fraud detection or manual review of high-risk transactions,” she added.



The FBI’s Internet Crime Complaint Center recently reported that as of October cybercriminals had attempted to steal approximately $100 million from U.S. banks using stolen passwords and credentials.



In many cases the cybercriminals have been successful in planting keystroke logging Trojan horse programs on the computers used by employees to conduct online banking on behalf of their companies.



Gartner says that cybercriminals are becoming more sophisticated in their attacks and that it may be necessary for banks and users to introduce more sophisticated security layers.



Litan noted the following technologies may prove to be effective:



• Fraud detection that monitors user access behavior. This method captures and analyzes all of the user’s Web traffic (assuming the targeted application is Web-based), including log-in, navigation and transactions. It can spot abnormal access patterns that indicate that an automated program is accessing the application, rather than a human.



• Fraud detection that monitors suspect transaction values. This technology looks at a particular transaction and compares it to a profile of what constitutes “normal” behavior for a user or a group of users.



• Out-of-band user transaction verification. This system employs a type of verification other than the same primary communication channel (such as a user’s PC browser).



“Fraudsters have definitely proven that strong two-factor authentication processes can be defeated,” said Litan.



“Enterprises need to protect their users and accounts using a three-prong layered fraud prevention approach that uses stronger authentication, fraud detection and out-of-band transaction verification and signing for high-risk transaction.”

*   *   *



Mel Duvall is a Contributing Editor to CIOZone. He is a veteran journalist, having written and edited for daily newspapers, magazines and trade publications for more than 20 years. He is a former senior editor of Baseline magazine and was a senior editor for Inter@ctive Week. Mel has won several awards at the national level, including a Jesse H. Neal journalism award and American Society of Business Publication Editors awards.

CIOZone.com is the first of its kind online meeting place for CIOs. It is built upon the foundation of social networking and combines user generated content and expert editorial together around an open source platform.  The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com









Mophie is Latest to Announce iPhone Card Reader



That makes four.  With HomeATM's device, Jack Dorsey's Square,  along with devices from Verifone and Mophie, there's now TWO securely encrypted POS devices that hook into iPhones.   Only ONE with Two-Factor-Authentication.  



Apparently HomeATM had the right idea when it came up with this 18 months ago because it seems like there's a new device every week... 



Remember...amidst all the hype and hoopla, security and encryption remain key ingredients.  Smart phones use browsers.  Browsers are used by hackers to obtain and use your card numbers.  Encryption needs to be done outside the browser.  HomeATM instantaneously encrypts the data at the maghead inside our device.   Therefore the card data NEVER enters the browser space, be it the web browser on a PC or the browser used by smart phones. 


Mophie to roll out iPhone credit card reader





Mophie to roll out iPhone credit card reader





Mophie, maker of slim-'n-handy battery-extending Juicepack Air iPhone cases, now ventures into the world of credit card readers with its product that'll be rolled out at CES 2010 this week. Imagine that — now everybody with an iPhone will be able to accept MasterCard, Visa, Discover, or American Express. At last, an easy way to pay for those $20 sandwiches on airplanes.





This credit card reader is attached to the bottom of an iPhone case, and includes a transaction application that makes it so all stores can be as hip and trendy as Apple retail outlets, eschewing cash registers altogether. But wait, isn't there a chip on credit cards that might make all this physical swiping unecessary?



Via Pocket Lint











ETA 2010

ETA 2010







Annual Meeting Home 2010 Annual Meeting Registration Hotel Information Preliminary Program



Join Our 20th Anniversary Party and be part of the biggest, most exciting annual meeting ETA has ever hosted.



We’ve got a great celebration planned: a perfect blend of serious business opportunities and fun activities. Great speakers , myriad new products ready to go on display in the exhibit hall, and plenty of prime networking opportunities. And we’re inviting everyone you might want to meet, learn from, or do business with.













The 2010 ETA Annual Meeting & Expo is where merchant acquirers, financial institutions, processors, and alternative payment providers, value added resellers, prepaid companies, and merchant sales teams come together the most diverse and comprehensive show in the payments industry.



This is where you’ll connect with colleagues and customers, explore new products, services and business opportunities. With more than 3,000 attendees, 200 exhibitors, and 400 companies, you’ll find the right source for whatever you need and discover hundreds of ways to make your business a success! Can you afford not to be there?



In an economy where the rules of business change as quickly as they are created, the ability to make timely decisions means the difference between organizational success or failure. Stay ahead of the game with strategic sessions on alternative payments, sales force development, industry regulation and global opportunities.



Come early and refresh or catch up on the information you haven’t had a chance to explore all year. ETA offers several pre-conference events, including Compliance Day, Prepaid Day, ETA University, and the all NEW Investment Community Forum. Each event is packed full of the latest payments industry knowledge to provide you with to information and tools you need now!



Register Today! After all, the ETA Annual Meeting & Expo is the place where the payments industry connects.







Sponsors:




















discover

Discover Network

Theme Party & Lanyards

 Visa

Visa

Tote Bags

 TransFirst

TransFirst

Water Bottles

 NetworkMerchants

Network Merchants Inc.

Hotel Key Cards

SecurityMetricsLogo

 Security Metrics

Golf Tournament

 AmericanExpress

 American Express

Exhibit Hall Opening Reception

 CUP

 China Union Pay

Pens

 MasterCard_sm

MasterCard Worldwide



Wednesday Lunch

Annual Meeting Patron

 COCARD_SM

COCARD

Internet Services

 cynergydata

 Cynergy Data

 Exhibit Hall Happy Hour

 NPC Logo.1106

 National Processing Company

Image Magnification

SkipJack

Skipjack

Exhibit Hall Aisle Signs

 MONERISlogo

Moneris Solutions

Wednesday Breakfast

 Elavon

Elavon

Welcome Banner

 Trustwave

Trustwave

Compliance Day

 Heartland

Heartland Payment Systems

 History of Credit Cards Display

 

CrossCheck

Note Pads



  







Cardlytics’ Launches 50 National, Local, Online Retailers Across Transactional Marketing Platform



Response rates average 15 percent, Cardlytics expands to meet strong demand



ATLANTA--(EON: Enhanced Online News)--Cardlytics announced today that it launched more than 50 national retail merchants across its transactional marketing platform to deliver targeted promotional offers to consumers through their online banking statements. As a result of the strong merchant demand, the company is aggressively growing its sales force to support continued growth.



“Cardlytics’ platform has proven to be consistently successful with national and local retailers, both on- and off-line”



Cardlytics aligns banks and retailers to provide a uniquely targeted, “market of one” approach. National, local and online retail merchants representing businesses that range from restaurants and drug stores, to entertainment and technology providers, are all experiencing strong results from the platform. With an average response rate of 15 percent, and some campaigns as high as 40 percent, the online marketing channel is proving to be engaging and more productive than any other online marketing channel.



Cardlytics’ platform allows banks and retailers to combine resources in targeting consumers using any combination of parameters, including merchants and merchant categories where someone shops, how much they spend, and where they live, a level of precision that does not exist in any other advertising medium. Offers are delivered to consumers through their online banking statement, with all customer data held private and secure within each financial institution, thus protecting each user’s personal information and anonymity. The full-service solution targets customers based on debit or credit card transaction data, then tracks the delivery, activation, purchase and fulfillment of retail offers, allowing retailers to directly assess their online advertising’s impact on actual purchases - whether they occur online or in-store – for the first time. No other online marketing channel provides such a compelling and accurate return on investment.



“Cardlytics’ platform has proven to be consistently successful with national and local retailers, both on- and off-line,” said Hans Theisen, chief revenue officer. “The customer response within the channel has been phenomenal, with results far beyond our expectations. For instance, one grocery store is experiencing response rates higher than 40 percent, which is unparalleled in any other channel. As our progress continues, our detailed measurements will enable merchants to optimize campaigns and experience even more substantial returns.”



About Cardlytics



Through a highly relevant, "market-of-one" approach, Cardlytics unites banks and merchants to provide rich rewards to customers based on their individual purchase behavior. Its technology tracks consumers’ actual purchases, providing the first digital channel that can guarantee offline sales and help consumers realize savings of hundreds of dollars per year on the products they purchase every day. The rewards improve consumers’ banking behavior by increasing usage, reducing attrition and strengthening engagement with online banking. Cardlytics’ multi-channel approach includes online banking, SMS, e-mail, mobile, online-mall and social networks. For more information about Cardlytics, visit www.cardlytics.com.



Contacts



For Cardlytics

Heather Sugg, 813-374-6362

or Andy Payment, 678-781-7222
 




1 in 6 Massachusians Hacked Over Past Two Years

According to State of Massachusetts officials, the state of Massachusian citizens private data/security is not good. 



One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years, according to records provided to the Globe by state officials.

Major identity data breaches reported to state authorities from June through November 2009:







  • Eastern Bank: 2,499 Massachusetts residents affected when checking account data were mailed to the wrong customers.


  • Moriarty & Primack, a Springfield accounting firm: 1,617 residents affected when three laptops were stolen, including more than 1,100 employees and retirees of client Smith College.

  • Nashbar Direct, an online bicycle equipment dealer in Ohio: 5,318 residents affected when a hacker broke into the company’s servers.

  • Alpha Software Inc. of Mass.: 994 residents affected when customer credit card numbers were stolen from company’s servers.

  • University of Massachusetts at Amherst: A hacker intrusion into school computers revealed Information on “thousands’’ of former students spanning 1982 to 2002. No exact number given.

  • Blue Cross and Blue Shield of Massachusetts: 39,000 health care providers from Massachusetts affected because their personal data were stored on a stolen laptop.

  • Wyndham Hotels and Resorts: 1,146 residents affected when a hacker penetrated the hotel company’s data center.

  • T-Mobile USA: 490 Massachusetts residents affected after a fraud ring gained unauthorized access to their account data.

  • JPMorgan Chase Bank: 9,015 residents named on missing computer tape.

  • Network Solutions LLC: 14,677 residents affected when hackers broke into company servers.

  • DLP Lamp Source: 960 residents affected after company’s website was compromised.

  • Eagle Bank: 2,431 residents affected by unauthorized disclosure of debit card data.

  • LexisNexis: About 8,900 residents affected when unauthorized persons got access to company servers.

  • Many thousands of the leaks were first reported between June and November - including confidential data on customers of Blue Cross Blue Shield of Massachusetts, Eastern Bank, JPMorgan Chase Bank, and other major institutions, documents released by state regulators revealed.



N$50 Billion Suit Against InterSwitch and Nigerian Banks

SOME Nigerians who claimed to be victims of Automated Teller Machine (ATM) scams have taken the Central Bank of Nigeria (CBN), all the 24 banks in the country and Interswitch before Justice Ibrahim Auta of the Federal High Court, Lagos, claiming about N50 billion damages.



Besides, the plaintiffs also demanded N2.5 million being the joint value of their deposits lost  at four of the banks as well as N100 million as the cost of litigation and N10 million as the cost of providing appropriate notice to the defendants and administering the class action for their benefit.



 The case was instituted by Tochukwu Onyuike from the Punuka Attorney and Associates Chambers on behalf of victims of unauthorised ATM withdrawals,  who were represented by Miss Daba West, a civil servant with the Nigerian Ports Authority (NPA), Miss Nwajiagah Omeruo, a consultant, Mr Tochukwu Onyuike, a lawyer, and Mr Sydney Aguwamba, a fashion designer.



They want the court to give an order directing the banks, the apex bank and Interswitch to pay N50 billion as general damages for the unauthorised withdrawals.



Union, BankPHB and two other banks were chosen as representatives of the 24 banks and any decision taken against the four by the court affects the remaining 24 banks as well as the CBN and Interswitch.



The plaintiffs are seeking a declaration that the defendants are liable to Nigerians for the losses and damages occasioned by the negligence of the defendants in relation to the provision of debit card services.



They further sought a declaration that the defendants are strictly liable for any damages or losses caused to them by reason of the use of the debit cards issued to them by the defendants.



Continue Reading at The Nigerian Compass







Watch Out for $50 Billion in Bank-Fee Replacements

According to the Wall Street Journal, consumers should be on the lookout for newly imposed (hidden or not) fees on checking accounts, credit cards or rewards programs as banks need to make up for the nearly $50 billion dollars in annual revenue they will lose because of recent crackdowns by the Feds on their business practices....



"the nation's banks will be bombarding customers with new fees and products in 2010 as they try to replace more than $50 billion in revenue wiped out by new rules that clamp down on certain business practices."

  • Credit-card issuers collected $22.9 billion in penalty fees—such as those assessed for late payments—in 2009, up from $19 billion in 2008, said Robert Hammer, who runs a credit-card consulting firm in Thousand Oaks, Calif.

In addition to the credit-card rules, the government will crack down next year on ways banks charge overdraft fees, which are assessed when a customer overdraws an account. New Federal Reserve rules will require banks to receive customer consent before they can be charged such a fee. That is a significant change from the current practice, in which banks typically honor withdrawals and then levy a fee if the account is overdrawn.

  • The Fed estimates that banks generate $25 billion to $38 billion a year in overdraft fees.

Continue Reading at the Wall Street Journal











Phishing Attacks Soar in December



Phishers represent over 57% of all web-based threats in December....





Network Box stats show over half of all web-based threats in December were phishing attacks





According to information posted on their website:

The number of phishing attacks rose dramatically in the run up to Christmas, according to managed security firm, Network Box. Analysis of internet threats in December 2009 show that just over 57 per cent of all threats were phishing attacks, compared to 28.3 per cent in November.



The greatest source of viruses and spam was Brazil, from where 20.9 per cent of all viruses and 9.1 per cent of all spam originated in December. This is up from 14 per cent and eight per cent respectively in November.



India is continuing to play a more significant role in the world’s threat landscape, with 6.8 per cent of all spam coming from the sub-continent (up from 4.2 per cent in November); and 4.1 per cent of viruses (static from November).



Simon Heron, Internet Security Analyst for Network Box says: "The run up to Christmas is traditionally a time for hackers to strike the vulnerable. A higher proportion of shopping is done online, with more money spent than at any other time of year. Christmas offers rich pickings for phishers. This is likely to continue through the sales in January, and we urge online bargain hunters to be vigilant."



Top Ten Sources of Viruses













Country

Daily Average %

Brazil

20.90490

US

7.82734

Korea

5.39005

India

4.18913

China

3.47509

Argentina

3.13935

UK

2.61957

Russia

2.57538

Poland

2.57143

Italy

2.19215



Top Ten Sources of Spam














Country

Daily Average %

Brazil

9.14405

US

8.77934

India

6.81418

Vietnam

6.49426

Korea

5.85177

China

5.48322

Russia

3.87158

Colombia

2.59535

Ukraine

2.54101

Romania

2.22399





Top Ten Sources of Intrusions














Country

Daily Average %

Australia

22.34705

Korea

11.77134

US

8.99701

Hong Kong

8.85511

China

4.96804

Malaysia

4.38734

India

4.20848

Brazil

4.13375

Vietnam

3.66222

Ukraine

2.19536



For more information on security issues, see www.network-box.co.uk, or visit Simon Heron’s blog at: http://blog.network-box.co.uk/, or follow Simon on Twitter: http://twitter.com/networkbox.



Records of 30,000 at Penn State Hacked





The appropriately named Bill Schackner reports for the Pittsburgh Post-Gazette that the records of 30,000 individuals at Penn State University have been hacked via a malware infection. 

by Bill Schackner, Pittsburgh Post-Gazette



Penn State University says it is working to notify some 30,000 individuals whose Social Security numbers may have been compromised by a computer breach before Christmas.



In a statement, the university said it began on Dec. 23 sending out letters notifying those potentially affected by the malware infections, which are believed responsible for the breaches.



The areas and extent of the records involved in the malicious software attack included Eberly College of Science, 7,758 records; the College of Health and Human Development, 6,827 records; and one of Penn State's campuses outside of University Park, approximately 15,000 records, the university's statement said



The university, in the midst of an investigation, did not identify the branch campus.



Read more: http://www.post-gazette.com/pg/09363/1024361-100.stm#ixzz0bemh5g9C



Melissa Hathaway on 'Five Myths About Cybersecurity'



An exclusive article published by The New New Internet



Vienna, VA (PRWEB)  -- Last week, The New New Internet published an exclusive article written by Melissa Hathaway on ‘Five Myths About Cybersecurity.’



In her article, Hathaway discusses some common cyber security myths held by the general public.



The myths include:



  • Consumer protection exists in cyberspace;

  • Firewalls and virus scanners protect my computer and my enterprise;

  • My government has the solution and will protect me;

  • Physical assets are more valuable than information;

  • Laws are keeping pace with technological innovation.



Hathaway’s article highlights the need for better public education and the shared responsibility for cyber security. She advocates for moving past discussions and taking concrete actions to begin to address the variety of threats present in cyberspace, recognizing that everyone is vulnerable to cyber attack.



Jim Garrettson, president of The New New Internet, said “We are excited to help Melissa Hathaway distribute her message to a broad audience. She is a leading voice in the cyber security debate and with the recent naming of Howard Schmidt as cyber security coordinator, the timing could not have been better. Melissa’s work is a relevant and crucial piece of the ongoing dialogue surrounding cyber security.”



Hathaway’s article can be accessed here: http://www.thenewnewinternet.com/white-papers/



Melissa Hathaway is President of Hathaway Global Strategies, LLC and Senior Advisor at Harvard Kennedy School’s Belfer Center. Previously she served as Senior Advisor to the Director of National Intelligence and Cyber Coordination Executive during the administration of President George W. Bush, and as Acting Senior Director for Cyberspace for the National Security Council during the administration of President Barack Obama.



The New New Internet (TNNI) seeks to stay abreast of the rapidly developing field of cyber security. The site looks to connect the developments in the national and international arena with informative analysis that places the disparate ideas surrounding this still nascent market in dialogue with one another. Our readers can anticipate regular, objective and timely news updates on developments in cyber security spanning the public and private sectors. In practice, we do not focus on specific technologies but instead cover broader policy developments, key players and cyber incidents, along with broad innovations in cyber security context. The New New Internet intends to support a safer world of the internet’s next generation. We will focus beyond the realm of the new internet of Web 2.0 into the promise of what will be The New, New Internet.



# # #









Threat to Chip and PIN Terminals

Chip and PIN

The BBC is reporting that criminals are POSing as repairmen and then tampering with POS terminals in order to swipe the PIN and card details, then make magstripe cards and use them in countries like the US where Chip and PIN is not used...

Criminals are tampering with chip-and-pin terminals in shops to steal customers' bank card details, Radio 4's Money Box program has learned.


The problem has led the bank cards industry to issue guidelines to retailers. The British Retail Consortium says it believes stricter security has eliminated the problem. The UK bank cards industry however believes this sort of fraud is continuing despite the new measures.





The British Retail Consortium and the UK Payments Administration both told Money Box they had heard of instances of criminals dressing up as engineers and entering shops, asking to examine chip-and-pin terminals. They then take one away to be 'repaired', but instead they alter it so it can record the pin and card details of all future customers who use it.The fraudsters cannot create a new chip-and-pin card, but they can use the details to create their own magnetic stripe bank cards to use in countries abroad which do not yet have chip-and-pin.

 Continue Reading



There's really nothing a customer can do because a compromised terminal will look exactly that same as a normal terminal
Steven Murdoch, The Computer Laboratory, Cambridge University


Gartner's Identity Summit - March 3rd and 4th - London









The Gartner Identity & Access Management Summit will help you to exploit the full potential of new and future IAM investments, to fully realize their risk-management and governance benefits and their direct business value.



Overview

Prepare for the Best: The IAM-Enabled Business



As businesses and institutions mature, they must be able to manage volatile, rapid change; to establish effective formal governance; and to provide accountability through transparency. IAM has the potential to enable this evolution, but must itself evolve. Thus it's time to ensure that your IAM program is firmly founded on business priorities and principles, to construct a sound IAM architecture, and to identify how IAM practices and processes can be improved to unlock the true engine of success - people.



The Gartner Identity & Access Management Summit will help you to exploit the full potential of new and future IAM investments, to fully realize their risk-management and governance benefits and their direct business value.



With all-new content and a completely rebuilt agenda the 2010 Gartner Identity & Access Management Summit is the only fast-track two-day download giving the up-to-the-minute battle-tested answers that will save you months of expensive consultancy and personal research.



No one can afford the non-essential - so learn what will make your every move mission-critical in the eyes of your leaders.



Your guaranteed takeaways from the Gartner IAM Summit 2010: a validated strategy and future-proof roadmap for IAM.



Top 10 Benefits in Attending

  • Make the business case: explain precisely where and how IAM can deliver advantage and why it is worth every penny

  • Win over colleagues and management: get comprehensive answers and arguments to help you gain the support you need to move forward

  • Benchmark against the competition: support each measure with key examples and comparisons from across your industry and others

  • Minimize expenditure, maximize value: learn what you need and what you already have that will serve your objectives before you need to buy new

  • Quick wins, optimized results: use Gartner resources to find the low hanging fruit that will show you where to place your time, energy and money

  • Strengthen your key resource - yourself: emerge from the office for two days and immerse yourself in an environment designed to let you grow as a professional in the company of your peers from across Europe.

  • Justify costs effectively: manage your costs effectively and optimize on investments by showing value and associated metrics

  • Manage risk: improve efficiency and effectiveness of information security through an improved approach to risk management

  • Invest wisely: gain an in-depth understanding of the vendor landscape and assess offerings to make informed investment decisions

  • Increase confidence: help your organization attract and retain customers by providing effective and strong online customer security, increasing customer confidence.













The "Unstoppable" Growth of Internet Crime



The Bangkok Post published an article called the Unstoppable Growth of Internet Crime.  In it they state that 2009 became the year that Mac was no longer impervious to hacking attacks, the year that the iPhone saw it's first virus and that the amount of money involved in cybercrime exceeded the illegal drug trade in the United States.  Here's a snippet:



In 2009 cyber crime grew larger than the illegal drug trade, the spread of malware continued unabated and the first proof-of-concept iPhone and Mac viruses proved that no platform is immune once it is large enough to catch the eye of cyber criminals.



David Freer, Symantec Vice-President, Consumer Business, Asia-Pacific and Japan, said that while 2009 saw the first iPhone virus, it was not an attempt by an antagonized cyber-criminal, rather it was by a spotty-faced kid who did it for the fame. Even today, there is still not enough of a mass market for smart phones and it is still not worth the criminals' time - better to target the PC and the Mac. Besides, people do not usually have their personal and banking information on their phones... yet.



The image of the Mac as not needing anti-virus crumbled in 2009. Today it does not matter if you are using a Mac or a PC; if you are using a common browser or plug-in you run the risk of infection. The only reason PCs have been targeted in the past is that if the PC had a 95 percent of the market. The commercial success of the Mac changed that.



Freer said that the low point of 2009 was when the amount of money involved in cybercrime exceed the illegal drugs trade in the United States.



A close second is the sheer amount of of malware. In 2008, Symantec identified more viruses than in the past 19 years put together. In 2009 that figure was topped in just one quarter. Over 90 percent of all email is spam. The size of the Internet means that if a criminal can hook one in 10 million recipients, that number suddenly makes a lot of criminal-commercial sense.



Today malware is a hidden world, the iPhone virus aside, with people aiming for big money and hiding in the shadows. Banks are not eager to push the message of being attacked to the media so it falls on industry bodies and law enforcement to see that cyber-criminals are brought to justice.




Continue Reading







PNC to Offer CashEdge's POPMoney

PNC Bank Customers Can Now Send Money Using Email or Mobile Phone Number

PNC the first major bank to offer secure person-to-person money transfers without account information




Pittsburgh, PA (PRWEB) January 4, 2010 -- PNC Bank announced today a new person-to-person (P2P) payment service that enables customers to send money to anyone with a U.S.-based banking account using just an email address or mobile phone number.



PNC (NYSE: PNC) is the first major bank to provide a service that allows customers to send money securely on-line without having to share checking account and routing information. Developed in conjunction with CashEdge, Inc., a leading provider of money transfer capabilities, the service is free for all PNC customers and available as part of PNC’s online banking system. Payment notices are sent to either an email address or to any text-capable mobile phone. Once notified that a payment is waiting, PNC customers must simply enroll at www.pnc.com within online banking to claim their money. Non-customers can claim funds at www.popmoney.com/pnc or at another participating bank.



With the introduction of Virtual Wallet® in 2008, PNC made a commitment to make banking easier for the next generation of banking customers. The new P2P payment service offers tech-savvy customers a safe and convenient solution that fits their lifestyle and personal banking needs, while continuing to position PNC as a leader in the online banking and electronic payments space.







Consumers are increasingly seeking improved ways to transfer funds to family, friends and associates. During 2008, there were an estimated nine billion P2P payments in the U.S., representing more than one trillion dollars moving between parties. PNC’s new P2P payment service is expected to appeal particularly to parents who want to send funds to college-aged students and among those wishing to make social payments for events, clubs and activities.



“Payment habits change slowly, and while cash and paper checks are still the primary means of person-to-person payments, we know there are a growing number of customers who want to make paperless P2P payments online and through their own bank,” said Thomas S. Kunz, director of payments and e-Business for PNC.



“It is important for us to offer a solution that fulfills this growing need as part of PNC’s commitment to make banking simple, safe and convenient for our customers.”



PNC Bank, N.A., is a member of The PNC Financial Services Group, Inc. (www.pnc.com), one of the nation's largest diversified financial services organizations providing retail and business banking; residential mortgage banking; specialized services for corporations and government entities, including corporate banking, real estate finance and asset-based lending; wealth management; asset management and global fund services.



PNC does not charge a fee for sending money. However, your wireless carrier may charge you for text messaging services. PNC products, services and prices are subject to change.



###

Online Banking Budgets to Increase in 2010













A New Report From Aite Group

Online Banking: Product Development Roadmap 2010





Online banking executives are optimistic about their budgets for 2010, with half of those surveyed anticipating significant budget increases.





Boston, MA, – A new report from Aite Group, LLC assesses financial institutions' development priorities for the online channel in 2010. The report, which is based on Aite Group interviews with senior online channel executives from 20 of the 100 largest U.S. banks, reveals that executives are optimistic about their budgets for 2010. Among the banks surveyed, half anticipate budget increases more than 15% higher than 2009 budgets.





The year ahead looks to be a good one for investment into and strategic focus on banks' online channels. Driving this renewed focus is a stronger commitment from senior management, according to interviewees. Banks will pursue different online strategies. Some will pinpoint online sales and marketing, while others will focus on online service or improving the customer experience. One theme cuts across all the strategies: channel integration. Many online channel executives stressed the need to improve their bank's ability to integrate sales, service and the customer experience across channels.



"Despite the attention that the online channel has received and its promise to revolutionize traditional banking, many banks have never truly embraced it as a primary channel for customer interactions and transactions," says Ron Shevlin, senior analyst with Aite Group and author of this report. "The tide is finally turning. The combination of two forces - banks waking up to the reality of consumer behavior, and the ascent of a younger group of managers with a more accepting view of technology - is finally helping to bring about this change."



This 24-page Impact Report contains 16 figures and one table. Clients of Aite Group's Retail Banking service can download the report by clicking on the icon to the right.



Related Aite Group Research:



To purchase this report or

for additional information,

please contact:

Aite Group Sales

Tel: +1.617.338.6050

sales@aitegroup.com



Ryanair Slammed Over Card Costs

RyanairThe budget airline Ryanair has been accused by the Office of Fair Trading of using unfair tactics in order to force passengers to pay more than they should do for flights.  According to the regulatory body, the airline exploits a loophole in the law stating that an airline only has to offer one free method of payment.  Currently Ryanair only allows pre-paid mastercards as that method of payment that is cost free.



Until recently Ryanair allowed the Visa Electron system as its free method, changing it to the pre-paid mastercard knowing that very few would use that method to pay for flights.  Being such a rare form of payment, the loophole allows Ryanair to charge as much as £5 per passenger regardless of if the transaction is all on one payment.  That means for a family of four, the transaction fee would be £40 if the payment was via any other method than a pre-paid mastercard.



Continue Reading at News on News



10,000 Strong

Credit-card petitions making impact in local communities



VICKSBURG, Miss.
-- CSP is reporting that nine Kangaroo stores owned and operated by The Pantry Inc. began a petition drive similar to the one initiated by 7-Eleven late last year.  They are claiming that swipe fees (interchange fees) are unfair.  The Panty started their campaign on Dec. 18 by posting signs on each gas pump and placing petitions inside on counters. 



At one Kangaroo store, a manager told the newspaper 396 signatures had been collected in the first week. She said a lot of people who are signing do not realize fees are tagged onto each transaction. The fees amount to 2% or $2 per $100 that customers spend, but the stores insist that fraction claims too large a share of their narrow profit margin.

The North Carolina-based Pantry's campaign leader, Scot Knox, said the company wants to collect 1.8 million signatures at its 1,600 stores in 11 states during the month-long campaign. "We set that figure based on realistic goals per store," he told the newspaper. "That's roughly 35 signatures a day per store."

Across the country, the message is the same: credit-card fees are too high, and it's time to do something about it. As a result more than 10,000 convenience stores have joined the petition drive initiated by the National Association of Convenience Stores. (NACS)




Read the article in it's entirety at CSP











Disqus for ePayment News