Saturday, May 29, 2010

Phishers Ambush Military Credit Unions

Internet.com is reporting that "a number of bogus Web sites that appear to be the official pages of a pair of credit unions used by military personnel are actually phishing traps designed to steal soldiers' identities."



Phishing can be eliminated. What they are "phishing" for are online banking passwords and usernames. Get rid of the antiquated login process and start "really" getting serious about authentication.



Replicate the same trusted process to disperse cash "in real time" from an ATM and two-factor" authenticate the online banking session by having customers swipe their bank-issued card and enter their bank-issued PIN.  



Start doing that, and banks will eradicate the "phishing" problem...because there will be nothing left to phish phor.



The money banks spend "phighting" phishing can be spent providing their customers with a PCI 2.1 Certified PED resulting in the complete eradication of the threat posed.  (it would also provide an ROI to the issuing bank via interchange revenue derived from usage of the device for eCommerce purchases)



Whats the phake phishing site going to ask people to do? Swipe their card and Enter their PIN?  Worthless move.  It's instantly 3DES DUKPT encrypted inside the device and guess who "doesn't" have the encryption key? If you said the phisher you're right.  If you said the online banking customer you are also correct.  The way it's done now, the customer does have the information being phished phor.  



Translation: No more username/passwords.



Even the customer him/herself does NOT have the "information" the phishers are looking for so they cannot be "duped" into providing it.



Make sense?  When swiping the card and entering the PIN "outside the browser and inside the box" and there isn't "ANY phishable" information.






That's why Eugene Kaspersky of Kaspersky Labs last week called for "MASS adoption of peripheral card readers for ALL internet banking customers. (see top left...and click the top right sidebar graphic for the complete story)



May 28, 2010  By Larry Barrett


Phishers don't play favorites and their latest intended victims are the men and women in uniform.









As eSecurity Planet discovered, several clever phishing traps have popped up online in the past year with almost the exact same look and feel of a pair of popular credit unions primarily used by folks serving in the U.S. military.


Security software experts are warning customers of both USAA, an insurance and financial services firm, and the Navy Federal Credit Union to be especially vigilant before divulging their Social Security numbers, passwords, account numbers and other personally identifying information.
Symantec said this latest attack comes from Web sites hosted on servers in Taiwan and variants of this particular phishing URLs have been used to spoof other online brands as well.

U.S. Strategic Command officials are joining leading security software vendors in warning soldiers serving in the U.S. Army, Navy, Air Force and Marine Corps to be on high alert for a new phishing scam that targeting customers at a pair of credit unions catering to servicemen and their families.
Gen. Kevin P. Chilton, the STRATCOM commander, is warning soldiers and their families that bogus Web sites imitating both USAA, a popular insurance and financial services firm catering to military families, and the Navy Federal Credit Union have successfully stolen the personal and banking data of an unknown number of customers. 

Read the full story at eSecurity Planet: 

Phishing Scam Targets Military Credit Unions





Reblog this post [with Zemanta]

Phishers Ambush Military Credit Unions

Internet.com is reporting that "a number of bogus Web sites that appear to be the official pages of a pair of credit unions used by military personnel are actually phishing traps designed to steal soldiers' identities."



Phishing can be eliminated. What they are "phishing" for are online banking passwords and usernames. Get rid of the antiquated login process and start "really" getting serious about authentication.



Replicate the same trusted process to disperse cash "in real time" from an ATM and two-factor" authenticate the online banking session by having customers swipe their bank-issued card and enter their bank-issued PIN.  



Start doing that, and banks will eradicate the "phishing" problem...because there will be nothing left to phish phor.



The money banks spend "phighting" phishing can be spent providing their customers with a PCI 2.1 Certified PED resulting in the complete eradication of the threat posed.  (it would also provide an ROI to the issuing bank via interchange revenue derived from usage of the device for eCommerce purchases)



Whats the phake phishing site going to ask people to do? Swipe their card and Enter their PIN?  Worthless move.  It's instantly 3DES DUKPT encrypted inside the device and guess who "doesn't" have the encryption key? If you said the phisher you're right.  If you said the online banking customer you are also correct.  The way it's done now, the customer does have the information being phished phor.  



Translation: No more username/passwords.



Even the customer him/herself does NOT have the "information" the phishers are looking for so they cannot be "duped" into providing it.



Make sense?  When swiping the card and entering the PIN "outside the browser and inside the box" and there isn't "ANY phishable" information.






That's why Eugene Kaspersky of Kaspersky Labs last week called for "MASS adoption of peripheral card readers for ALL internet banking customers. (see top left...and click the top right sidebar graphic for the complete story)



May 28, 2010  By Larry Barrett


Phishers don't play favorites and their latest intended victims are the men and women in uniform.









As eSecurity Planet discovered, several clever phishing traps have popped up online in the past year with almost the exact same look and feel of a pair of popular credit unions primarily used by folks serving in the U.S. military.


Security software experts are warning customers of both USAA, an insurance and financial services firm, and the Navy Federal Credit Union to be especially vigilant before divulging their Social Security numbers, passwords, account numbers and other personally identifying information.
Symantec said this latest attack comes from Web sites hosted on servers in Taiwan and variants of this particular phishing URLs have been used to spoof other online brands as well.

U.S. Strategic Command officials are joining leading security software vendors in warning soldiers serving in the U.S. Army, Navy, Air Force and Marine Corps to be on high alert for a new phishing scam that targeting customers at a pair of credit unions catering to servicemen and their families.
Gen. Kevin P. Chilton, the STRATCOM commander, is warning soldiers and their families that bogus Web sites imitating both USAA, a popular insurance and financial services firm catering to military families, and the Navy Federal Credit Union have successfully stolen the personal and banking data of an unknown number of customers. 

Read the full story at eSecurity Planet: 

Phishing Scam Targets Military Credit Unions





Reblog this post [with Zemanta]

Report to the Congress on Reductions of Consumer Credit Limits Based on Certain Information as to Experience or Transactions of the Consumer

First 4 digits of a credit card
Hundreds of thousands of credit cardholders' accounts have been zinged in recent years by credit cardcompanies based in part on where consumers shopped, what they bought, who they bought from or who held their mortgages, according to a new federal report issued Friday.



The cardholders were hit with credit limit reductions, interest rate hikes or had their accounts closed by issuers who told federal regulators that decisions to clamp down on credit to these consumers were based on tracking their spending and loan data. Among the consumer shopping practices that triggered negative account changes:

  • The location of where transactions were made.

  • The identity of the merchant processing the transaction.

  • The type of credit card transaction.

  • Identity of the mortgage lender.

  • Use of such information in credit decisions 

The 72-page report, conducted by the Federal Reserve Board, was quick to point out that profiling card users' spending habits was rare among credit card issuers and actually affected a relatively small number of card users. Still, the report gives the first official glimpse at how some in the credit card industry have used a technique called behavioral modeling to mine spending data for clues about whether customers will default on their credit card loans.
Reblog this post [with Zemanta]

Report to the Congress on Reductions of Consumer Credit Limits Based on Certain Information as to Experience or Transactions of the Consumer

First 4 digits of a credit card
Hundreds of thousands of credit cardholders' accounts have been zinged in recent years by credit cardcompanies based in part on where consumers shopped, what they bought, who they bought from or who held their mortgages, according to a new federal report issued Friday.



The cardholders were hit with credit limit reductions, interest rate hikes or had their accounts closed by issuers who told federal regulators that decisions to clamp down on credit to these consumers were based on tracking their spending and loan data. Among the consumer shopping practices that triggered negative account changes:

  • The location of where transactions were made.

  • The identity of the merchant processing the transaction.

  • The type of credit card transaction.

  • Identity of the mortgage lender.

  • Use of such information in credit decisions 

The 72-page report, conducted by the Federal Reserve Board, was quick to point out that profiling card users' spending habits was rare among credit card issuers and actually affected a relatively small number of card users. Still, the report gives the first official glimpse at how some in the credit card industry have used a technique called behavioral modeling to mine spending data for clues about whether customers will default on their credit card loans.
Reblog this post [with Zemanta]

The Economics and Regulation of Payment Interchange Fees



EVENTS RECENT



The Economics and Regulation of Payment Card Interchange Fees image
The Economics and Regulation of Payment Card Interchange Fees
  • Start Date:
    Wednesday, June 09, 2010

  • End Date:
    Wednesday, June 09, 2010

  • Time:
    8:30 AM - 1:00 PM

  • Location:
    Willard InterContinental

    1401 Pennsylvania Ave NW

    Washington, DC 20004

  • Add to Calendar:



This event is co-hosted by the The International Center for Law and Economics and the Mercatus Center at George Mason University.
This conference will bring together legal and economic experts—authors and interpreters of this literature—with the policy community to distill the academic literature and to discuss the implications of this literature for the ongoing legislative and policy debates surrounding the regulation of interchange fees and credit card markets more broadly.



Payment cards are widely used by consumers today, accounting for nearly a third of all consumer transactions in the US.  The payment systems that facilitate these transactions are complex, comprised of millions of consumers, thousands of banks, millions of merchants and a host of intermediary entities that facilitate the processing of card payments.  Without a penny in her pocket, a consumer today can walk into almost any store, hotel, or restaurant in the world and walk out with goods or services.  A consumer can buy a car with a credit card; without one, she might not even be able to rent a car.



At the heart of the system is a controversial fee—the interchange fee—usually charged by a consumer’s bank to a merchant’s bank in order to facilitate a payment card transaction.  Defenders of the fee argue that it plays a critical role in allowing card issuers to persuade individuals to carry the card brand and merchants to accept it.  Without the interchange fee, the evolution from a paper-based payments system to a more efficient electronic system—particularly one incorporating not only a payment function but also a credit function—would be dramatically impaired and both consumer and merchant benefits would be largely undermined.



But merchants claim that the fee, even if necessary, is excessive, totaling billions of dollars a year more than the direct administrative costs of operating payment card systems—the only costs these merchants believe they should bear.  Based on these claims, some merchants have supported the regulation of interchange fees, at both the federal and state levels, and have engaged in a pervasive and heated campaign to build public and political support behind their efforts.



This conference schedule will include a lively, moderated discussion of the central issues in the debate and how they will—and should—play out on the political stage.  And, we will also host a session by noted economic and legal experts, discussing the policy relevance today of some of the classic literature informing the current debate.  Our day concludes with lunch and a keynote presentation from Todd Zywicki of George Mason University Law School on “The Economics of Payment Card Interchange Fees and the Limits of Regulation.”



Conference Speakers include:
Thomas Brown, O'Melveny & Myers LLP

Sujit Chakravorti, Federal Reserve Bank of Chicago

Thomas Durkin, Former Senior Economist, Federal Reserve Board

Mike Konczal, Roosevelt Institute

Geoffrey Manne, International Center for Law and Economics

Megan McArdle, Atlantic Monthly

Tim Muris, former Chairman, Federal Trade Commission

Felix Salmon, Reuters

Steven Semeraro, Thomas Jefferson University

Fred Smith, Competitive Enterprise Institute

Joshua Wright, George Mason University Law School
To register for this conference, please register below or contact Megan Gandee atmmahan@gmu.edu or by phone at 703.993.4967.


Reblog this post [with Zemanta]

The Economics and Regulation of Payment Interchange Fees



EVENTS RECENT



The Economics and Regulation of Payment Card Interchange Fees image
The Economics and Regulation of Payment Card Interchange Fees
  • Start Date:
    Wednesday, June 09, 2010

  • End Date:
    Wednesday, June 09, 2010

  • Time:
    8:30 AM - 1:00 PM

  • Location:
    Willard InterContinental

    1401 Pennsylvania Ave NW

    Washington, DC 20004

  • Add to Calendar:



This event is co-hosted by the The International Center for Law and Economics and the Mercatus Center at George Mason University.
This conference will bring together legal and economic experts—authors and interpreters of this literature—with the policy community to distill the academic literature and to discuss the implications of this literature for the ongoing legislative and policy debates surrounding the regulation of interchange fees and credit card markets more broadly.



Payment cards are widely used by consumers today, accounting for nearly a third of all consumer transactions in the US.  The payment systems that facilitate these transactions are complex, comprised of millions of consumers, thousands of banks, millions of merchants and a host of intermediary entities that facilitate the processing of card payments.  Without a penny in her pocket, a consumer today can walk into almost any store, hotel, or restaurant in the world and walk out with goods or services.  A consumer can buy a car with a credit card; without one, she might not even be able to rent a car.



At the heart of the system is a controversial fee—the interchange fee—usually charged by a consumer’s bank to a merchant’s bank in order to facilitate a payment card transaction.  Defenders of the fee argue that it plays a critical role in allowing card issuers to persuade individuals to carry the card brand and merchants to accept it.  Without the interchange fee, the evolution from a paper-based payments system to a more efficient electronic system—particularly one incorporating not only a payment function but also a credit function—would be dramatically impaired and both consumer and merchant benefits would be largely undermined.



But merchants claim that the fee, even if necessary, is excessive, totaling billions of dollars a year more than the direct administrative costs of operating payment card systems—the only costs these merchants believe they should bear.  Based on these claims, some merchants have supported the regulation of interchange fees, at both the federal and state levels, and have engaged in a pervasive and heated campaign to build public and political support behind their efforts.



This conference schedule will include a lively, moderated discussion of the central issues in the debate and how they will—and should—play out on the political stage.  And, we will also host a session by noted economic and legal experts, discussing the policy relevance today of some of the classic literature informing the current debate.  Our day concludes with lunch and a keynote presentation from Todd Zywicki of George Mason University Law School on “The Economics of Payment Card Interchange Fees and the Limits of Regulation.”



Conference Speakers include:
Thomas Brown, O'Melveny & Myers LLP

Sujit Chakravorti, Federal Reserve Bank of Chicago

Thomas Durkin, Former Senior Economist, Federal Reserve Board

Mike Konczal, Roosevelt Institute

Geoffrey Manne, International Center for Law and Economics

Megan McArdle, Atlantic Monthly

Tim Muris, former Chairman, Federal Trade Commission

Felix Salmon, Reuters

Steven Semeraro, Thomas Jefferson University

Fred Smith, Competitive Enterprise Institute

Joshua Wright, George Mason University Law School
To register for this conference, please register below or contact Megan Gandee atmmahan@gmu.edu or by phone at 703.993.4967.


Reblog this post [with Zemanta]

Disqus for ePayment News