Monday, June 14, 2010

Top 10 Data Breaches of the Decade - ABC News

10 of the Top Data Breaches of the Decade
(from ABC News 6-14-2010)

Below, take a look at 10 of the biggest data breaches of the decade.

Heartland Payment Systems -- 2009

In what has been called the largest credit card crime of all time, in 2009, Heartland Payment Systems announced that hackers had broken into the computers it uses to process about 100 million transactions each month for 175,000 merchants. Heartland, which is based in Princeton, New Jersey, processes card payments for restaurants and other businesses. The hack was uncovered in January, after Visa and MasterCard notified Heartland about suspicious transactions.
In August 2009, three men were indicted by a grand jury on charges related to masterminding a scheme to steal more than 130 million credit and debit card numbers and personally identifying information from Heartland, 7-Eleven Inc. and other companies.
Last month, Heartland agreed to pay MasterCard issuers $41.4 million to settle claims over the data breach, according to The Associated Press. In order for the deal to go through, 80 percent of MasterCard issuers who filed claimed must accept the settlement by June 25.

TJX Companies -- 2007  read more»

Photo: Internet Crime at New High; Result of Economic Downturn: Social Networking and Smart Phones Now Part of Scams

The blogosphere cried foul last week when news broke that an AT&T security breach exposed the e-mail addresses of at least one hundred thousand owners of Apple's iPad 3G, but cyber crime has been around for a long time.
(Getty Images)

Enhanced by Zemanta

Sacramento Detectives Find Credit Card Skimmers at Gas Stations

Skimming Device Found at Sacramento Gas Station

 Sacramento, Folsom, Placer County detectives find credit card skimmers at gas stations 
 (from News10 at 6-14-2010) 
 After an investigation has led to the discovery of three identical credit card skimming machines inside gasoline pumps in Placer County, Sacramento and Folsom, authorities are now looking for the people who may have used the machines to collect personal identification information. Placer County Sheriff's Department spokeswoman Dena Erwin said investigators found the scanning devices in pumps located far from the clerk's location and close to the street. According to Detective Jim Hudson, investigators believe there are at least four more machines operating at other gas stations.... read more» 

Tabnapping (New Phishing Technique)

Picture taken by Peishan Tan. She has public d...Image via Wikipedia

Mozilla's Aza Raskin (left) is warning about a new type of phishing attack called tabnabbing.
Unlike traditional phishing attacks which trick people into clicking on links that take them to bogus sites that look legitimate, tabnabbing doesn't require a user to click on a link. But it too can trick people into disclosing their usernames and passwords.
While you're visiting a Web page infected with malicious tabnabbing code, a tab in the background morphs into what appears to be a legitimate site like Gmail or a banking site. To the user it looks quite familiar and since it's not uncommon for people to have multiple tabs open at the same time, it's easy to assume that it really is the site you want to visit. When you click on it, you're not logged in, but that too can seem quite normal since many sites log you out automatically after a period of time. However, if you're a tabnabbing victim and try to log in to the site, you wind up giving your log-in credentials to the tabnabber.

Enhanced by Zemanta

iPad Breach Reveals Wireless Technology's Vulnerability

iPad breach reveals wireless technology’s vulnerability
(from The Peninsula Qatar at 6-14-2010)
Mobile devices are slick, powerful and convenient, but the news this week that AT&T suffered a data breach on thousands of iPads highlighted another quality: They’re vulnerable. As more personal information migrates to mobile devices, experts say hackers have increasing opportunities to track people, listen in on phone calls and intercept e-mails or documents. The security breach in a Web service used by Apple’s new iPad 3G that was revealed this week suggested the potential stakes involved. ... read more»

(from business Insider at 6-14-2010)

AT&T has finally contacted its customers about the security flaw that allowed a third-party to easily pull the email addresses of thousands of iPad users off AT&T's web site. The NYT's Nick Bilton procured the note AT&T sent out. It's long. Here's our synopsis: The breach wasn't our fault. It was the fault of bad people called hackers who maliciously broke into our web site and stole your email address. If there were not bad people like these people, your email address would have been perf... read more»

iPad E-mail Hackers Claim They Haven't Broken the Law 
 (from PC World at 6-12-2010) 
 The hackers who harvested an estimated 114,000 Apple iPad 3G owner e-mail addresses defended their actions Friday as "ethical" and said they did nothing illegal. The hacking group Goatse Security obtained the e-mail addresses using an automated PHP script that collected iPad 3G owners' ICC-ID numbers and associated addresses from AT&T's servers using a publicly-available feature of the carrier's Web site. AT&T disabled the feature last Tuesday, a day before the Valleywag Web site first rep... read more»

AT&T Blames 'Hackers' For iPad Security Breach
(from IT Proportal at 6-14-2010)
US wireless carrier AT&T has blamed a company of self-styled "hackers", Goatse Security, for an e-mail leak that exposed the personal data of over 100,000 US iPad 3G users, including top-ranking officials at the White House. In an e-mailed apology to all affected users, AT&T said it was sorry for the security lapse that led to the incident, blaming "computer hackers" who "maliciously exploited" a function implemented by the company in order to speed up the iPad log-in process.... read more»

iPad email theft not a hack, say security researchers
(from ComputerWorldUk at 6-14-2010)
Security experts blamed a brute force attack that exposed the email addresses of more than 100,000 iPad owners on poorly-designed AT&T software. The harvesting of over 100,000 iPad 3G owners' email addresses was not a hack or a classic data breach, but a brute force attack of a minor feature AT&T offered to Apple customers, experts said Wednesday. According to New York-based Praetorian Security Group, which obtained a copy of the PHP script used to scrape email addresses from AT&T's server... read more»
Enhanced by Zemanta

PIN Debit Transactions Outpace Signature Debit

Debit Card Use Remains Robust in Midst of Economic Downturn
2010 Debit Issuer Study, Commissioned by PULSE, Finds Consumers Increasingly Prefer Debit Over Cash

HOUSTON--(BUSINESS WIRE)--The 2010 Debit Issuer Study, commissioned by PULSE, reveals that the debit market remained robust during the second year of the economic downturn and is projected to grow strongly in 2010. The study finds that much of the growth in debit use is in small-ticket transactions, suggesting that more consumers prefer debit over cash.
Furthermore, the study found that year-over-year PIN debit transaction growth outpaced that of signature debit transactions. Between 2008 and 2009, the use of PIN debit grew by 13 percent with an average ticket size of $41; signature debit transactions increased by nine percent with an average ticket of $35
Issuers surveyed experienced overall debit transaction growth of 10 percent between 2008 and 2009. Much of this growth was with small-ticket transactions. In 2009, 58 percent of all debit transactions were less than $20.
“The debit market has continued to weather the economic storm as a result of consumer preference for debit and increasing merchant acceptance of small-ticket debit transactions,” said Cindy Ballard, PULSE executive vice president. “As consumers scaled back spending during the recession, they embraced a pay-as-you-go approach and are keeping their debit card top of wallet.”
Furthermore, the study found that year-over-year PIN debit transaction growth outpaced that of signature debit transactions. Between 2008 and 2009, the use of PIN debit grew by 13 percent with an average ticket size of $41; signature debit transactions increased by nine percent with an average ticket of $35. Both figures for average ticket have declined by roughly $1 to $2 compared to the previous study. In addition, active debit cardholders, those who conducted at least one PIN or signature POS transaction within the last 30 days, performed on average 17.3 POS transactions per month, also flat compared to 2009.

The 2010 Debit Issuer Study found that debit card penetration – the percentage of eligible accounts that can be accessed by a debit card – has remained steady at 73 percent since 2007. Sixty-four percent of consumer debit cards are active, largely unchanged from 66 percent in 2008.
“As evidenced by the performance of best-in-class issuers who have managed to significantly outperform the market, there is clearly an opportunity to enhance the debit experience with existing customers and create interest with potential customers,” said Ballard. “Increased interest from debit card issuers to explore programs such as instant card issuance will continue to promote further growth in the debit industry.”
As debit card transactions continue to increase, issuers are becoming more concerned about how fraud and government regulation could impact profitability. In 2009, 95 percent of debit card issuers were affected by data breaches, making fraud mitigation a top challenge for issuers. Issuers’ average signature POS fraud losses increased 43 percent last year from 5.2 basis points (bps) to 7.5 bps, and PIN POS fraud losses rose by 24 percent from 0.8 bps to 1.0 bps.
“Despite the uptick in fraud, growth in the debit market remains solid, and the 2010 study identified specific areas of opportunity for sustaining momentum, such as business debit and rewards programs that are more integrated with checking accounts,” said Tony Hayes, an Oliver Wyman partner, who served as project lead on the study. “The debit market has shown resiliency despite the economic challenges, as consumers turn to readily available funds over other payment methods.”
Regulation E changes
Government regulations were cited by issuers as a major challenge for their institutions. Changes to Regulation E (Reg E), which will take effect this summer, will require opt-in consent before consumers can incur overdraft charges. Overall, issuers expect 30 percent of consumers to opt in to overdraft services, but expectations vary according to institution size. Large banks expect 20 to 40 percent of their customers to opt in, while many credit unions and community banks expect a much higher participation rate, with many forecasting that more than 70 percent of customers will opt in.
With interchange and overdrafts producing approximately $118 of annual revenue per active card, financial institutions expect that the changes to Reg E will result in fewer approved transactions, lower interchange income and less profitable debit card programs, impacting debit card profitability over the next two years. In an effort to counteract potential decreased fee income, 45 percent of issuers have already created a plan in response to the changes.
About the Study
The 2010 Debit Issuer Study is the fifth installment in the study series. The series provides an objective fact base on debit card issuer performance and financial institutions’ outlook for the debit card business. Sixty-four financial institutions – including large banks, credit unions and community banks – participated in the 2010 study, which was conducted by Oliver Wyman. Collectively, the participants issue 78.7 million debit cards and operate 42,063 ATMs. The sample is representative of the U.S. debit market in terms of institution type, location and debit network participation.
PULSE, a Discover Financial Services (NYSE: DFS) company, is a leading ATM/debit network, serving more than 4,400 banks, credit unions and savings institutions across the United States. The network links cardholders with ATMs and POS terminals at locations nationwide. Through its global ATM network, PULSE provides worldwide cash access for Diners Club and Discover cardholders through hundreds of thousands of ATM locations. The company is also a source of electronic payments research and is committed to providing its participants with education on emerging products, services and trends in the payments industry. For more information, visit



Steve Sievert, 832-214-0111



Tara Hanney, 713-513-9561

Bloomberg Taps Damballa CEO Val Rahmani to Share Cyber Crime Expertise

Rahmani to Join Distinguished List of Speakers at June 15 Bloomberg Boards and Risk Briefing in Washington, D.C.

ATLANTA--(BUSINESS WIRE)--Damballa Inc., the company transforming the fight against cyber threats, today announced that CEO Val Rahmani will be a featured speaker at the Bloomberg Boards and Risk Briefing, co-chaired by former SEC Chairman Arthur Levitt and Bloomberg Chief Content Officer Norman Pearlstine. The conference is taking place June 15, 2010 in Washington, D.C., and the full agenda can be found at
Rahmani joins a distinguished list of speakers including Citigroup Chairman Dick Parsons, Cyber Czar Howard A. Schmidt, Pay Czar Kenneth Feinberg, and Enrique T. Salem, President and CEO of Symantec. In conjunction with Carnegie Mellon CyLab, the Bloomberg Boards and Risk Briefing brings together key business, political, and academic leaders to explore critical issues and provoke thought leadership. It has never been more important for boards to understand their role in risk management, the perspective of regulators and legislators, and operational and technology risks in a global environment.

 Panel: Existing Risks and Emerging Threats Beyond the Firewall
June 15, 2010; 12:15 -12:45 p.m. ET
Val Rahmani, Chief Executive Officer, Damballa
Anthony Reyes, Founder and CEO, The ARC Group of New York
Rick Wesson, Chief Executive Officer, Support Intelligence, Inc.
Knight Studio, The Newseum at 555 Pennsylvania Avenue, NW, Washington, D.C.
Session Description
Let the cyber wars begin! The freedom of search put China’s censors on edge and on attack online, offline, and in the media. We look at the delicate diplomatic dance of corporations, technology, and China. Global cyber security experts assess what every board member and senior executive needs to know about the state of security in corporate systems. What happens when sovereign nations cyber attack? What happens when there are data breaches potentially exposing hundreds of millions of credit and debit cardholders? What can board members do now to make sure that they are protecting their digital assets?
For members of the media interested in speaking with Ms. Rahmani about this topic either at the conference or by phone, please contact Bill Keeler or Tiffany Archambault at or 781-684-0770.
About Damballa
Damballa stops crimeware threats that exploit enterprise networks for illegal activity by finding and terminating the hidden communication channels used to control breached computer systems. Damballa solutions protect companies from the devastating effects of botnets, advanced persistent threats, next generation malware, cyber crime, and insider threats. Damballa customers include major banks, manufacturers, ecommerce providers, Internet service providers, government agencies, educational organizations, and other companies typically targeted by organized cyber crime. Privately held, Damballa is headquartered in Atlanta, Georgia.


Media Contacts:

Damballa Inc.

Ann Conrad, 404-961-7402


Schwartz Communications

Bill Keeler/Tiffany Archambault


FIS to Acquire Compliance Coach, Inc.

http://www.fisglobal.comDeal Positions FIS as Premier Provider of Regulatory Compliance Services
JACKSONVILLE, Fla.--(BUSINESS WIRE)--FIS (NYSE:FIS), one of the world’s largest providers of banking and payments technology, today announced that it will acquire Compliance Coach, Inc., a company that provides risk assessment software, e-learning and additional tools to enable compliance with applicable laws and regulations. The transaction is expected to close within the next 30 days and terms of the deal were not announced.
“We are very excited to add the regulatory compliance expertise that Compliance Coach brings to FIS”
This acquisition is a strategic move by FIS to enhance its overall compliance strategy. FIS will assume ownership of Compliance Coach’s flagship products that include Regulatory University, Compliance Risk Indicator (CRI) and Compliance Pal. These solutions currently support approximately 1,500 clients, including seven of the top 10 banks within the financial services industry. With the addition of these new capabilities, FIS will offer financial institutions three tiers of compliance support:
  • Compliance Assistant: Provides financial institutions with compliance assistance through a basic level of compliance staff training, advice and regulatory reporting software.

  • Compliance Advisor: Provides financial institutions with a trusted external compliance advisor, providing advice, training and compliance monitoring with annual independent reviews, consumer lending audits and internal risk reporting.

  • Compliance Officer: Performs many of the same functions as Compliance Advisor plus Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and enterprise-wide compliance risk assessment, compliance consulting, vendor relationship management, annual HDMA reviews and training for boards of directors.

“We are very excited to add the regulatory compliance expertise that Compliance Coach brings to FIS,” said Kay Nichols, executive vice president, Channel Solutions, FIS. “We firmly believe that through the addition of Compliance Coach’s strengths, FIS will become the market innovator for end-to-end regulatory compliance solutions, integrated training, risk assessments, monitoring, reporting and advice.”
FIS delivers banking and payments technologies to more than 14,000 financial institutions and businesses in over 100 countries worldwide. FIS provides financial institution core processing, and card issuer and transaction processing services, including the NYCE® Network. FIS maintains processing and technology relationships with 40 of the top 50 global banks, including nine of the top 10. FIS is a member of Standard and Poor's (S&P) 500® Index and consistently holds a leading ranking in the annual FinTech 100 rankings. Headquartered in Jacksonville, Fla., FIS employs more than 30,000 on a global basis. FIS is listed on the New York Stock Exchange under the “FIS” ticker symbol. For more information about FIS see
Forward-Looking Statement
This news release contains forward-looking statements that involve a number of risks and uncertainties. Statements that are not historical facts, including statements about our beliefs and expectations, are forward-looking statements. Forward-looking statements are based on management's beliefs, as well as assumptions made by, and information currently available to, management. Because such statements are based on expectations as to future economic performance and are not statements of fact, actual results may differ materially from those projected. We undertake no obligation to update any forward-looking statements, whether as a result of new information, future events or otherwise. The risks and uncertainties which forward-looking statements are subject to include, but are not limited to: changes in general economic, business and political conditions and other risks detailed in the “Statement Regarding Forward-Looking Information,” “Risk Factors” and other sections of the Company’s Form 10-K and other filings with the Securities and Exchange Commission.


Marcia Danzeisen, 904.854.5083

Senior Vice President

FIS Global Marketing and Communications


Mary Waggoner, 904.854.3282

Senior Vice President

FIS Investor Relations

Hackers Reveal Details of Thousands of "iPad VIPs"

Hackers reveal details of thousands of iPad 'VIPs'
(from nzherald at 6-14-2010)
They thought they were among the lucky few: the "VIPs" who were the very first to get their hands on Apple's latest gadget. But those high-ranking military officials, media bosses and even White House staff might now be wishing they hadn't bothered, after an online security breach exposed the personal details of thousands of iPad users. The email addresses of around 114,000 Apple iPad owners who subscribe via America's second largest mobile phone provider AT&T were hacked by a group that expo... read more»

Enhanced by Zemanta

Payments Companies Get More VC Money

Payments Companies Scooping Up More Venture Capital Money

Posted by CB Insights on June 13, 2010 under Venture Capital 
Sign up for the free CB Insights newsletter or follow us @cbinsights on Twitter, to receive weekly dealflow data and news of high growth private companies.
Payments companies of all types, whether they are technologies to foster mobile payments, virtual goods payment enablers or payment platforms for social networks, have been a hot area for venture capital over the last several quarters.  Investment in payments companies has grown for three straight quarters starting in Q2 2009 on both a deals and dollars basis.
Data on the venture capital investment trend in payments is given below over the last five quarters.
payment technologies companies venture capital
Will the interest in payments companies continue?  And do any of these payments companies have the potential to disrupt the incumbents in the payments arena, e.g., American Express, Visa, Paypal, Mastercard, First Data, etc?

KDDI Selects Gemalto to Collaborate on NFC Pilot in Japan

KDDI Corporation logo.Image via Wikipedia

Amsterdam, June 14, 2010 - PIN Debit News Blog - 

Gemalto, the world leader in digital security, announced that it has been selected by Japan’s KDDI - a leading mobile communication provider with over 31 million subscribers, to provide its User Identity Module (UIM) cards and Trusted Service Management (TSM) solution for the upcoming near-field communication (NFC) program.  From May to December 2010, participants in this pilot can experience various types of NFC services ranging from mobile payments, transportation services, e-driver licenses, e-ticketing, as well as information acquisition from smart posters. This trial will have participation from a wide-range of leading industries including car manufacturers, airline companies, and cinema operators.

Gemalto plays an important role in this trial, entrusted with the preparation and management of sensitive user information between KDDI and other service providers, as well as the provision of multiple mobile applications to subscribers.  This NFC project will be based on international standards, complying with the GSMA’s Pay-Buy-Mobile specifications.  GSMA is the worldwide association of Mobile Network OperatorsJapan is already the world’s most advanced mobile contactless market with 18% of mobile subscribers actively using mobile contactless services; and industry experts are optimistic about quick consumer pick-up.

“We selected Gemalto based on their global expertise, sound experience and achievements in the field of NFC. We are entrusting Gemalto with providing and managing the secure channels between KDDI and the service providers to conveniently connect customers in the digital world,” said Kenichi Bandou, senior manager, business enhancement department, KDDI CORPORATION.

“Gemalto is honored to be partnering with KDDI in this comprehensive new-generation NFC pilot.  Japan is a leading market in contactless services with a well-established infrastructure.  We look forward to providing our proven expertise and globally acquired experience to further enrich this dynamic ecosystem, to bring a new dimension in contactless usage to Japanese mobile users,” added Tan Teck-Lee, president, Gemalto Asia.

About Gemalto
Gemalto (Euronext NL 0000400653 GTO) is the world leader in digital security with 2009 annual revenues of €1.65 billion, and over 10,000 employees operating out of 75 offices, with research and service centers in 41 countries.

Gemalto is at the heart of our evolving digital society. The freedom to communicate, travel, shop, bank, entertain, and work—anytime, anywhere—has become an integral part of what people want and expect, in ways that are convenient, enjoyable and secure.

Gemalto delivers on the growing demands of billions of people worldwide for mobile connectivity, identity and data protection, credit card safety, health and transportation services, e-government and national security. We do this by supplying to governments, wireless operators, banks and enterprises a wide range of secure personal devices, such as subscriber identification modules (SIM), Universal Integrated Circuit Cards (UICC) in mobile phones, smart banking cards, smart card access badges, electronic passports, and USB tokens for online identity protection.  To complete the solution we also provide software, systems and services to help our customers achieve their goals.

As the use of Gemalto’s software and secure devices increases with the number of people interacting in the digital and wireless world, the company is poised to thrive over the coming years.
For more information please visit

Enhanced by Zemanta

SynTel, LLC Simplifies Regulation E Compliance for Financial Institutions

Banks, Credit Unions Meet Compliance Deadline with Mailroom Automation Software
http://www.syntelllc.comJONESBORO, Ark--(BUSINESS WIRE)--SynTel™ LLC, a provider of mailroom automation software and document design software, is helping financial institutions meet mandatory Regulation E compliance by July 1. The regulation requires banks and credit unions to request in writing that consumers affirmatively consent to fee-based overdraft services for ATM and one-time debit card transactions.
“Banks and credit unions have a very narrow window to obtain permission from customers on overdraft options”
In order to be compliant with Regulation E, financial institutions must print, mail and track notices to customers. SynTel, best known for AutoMail® mail automation software’s fast delivery and tracking, has expanded its services to include Regulation E mailings. Banks and credit unions concerned with staying in compliance, improving opt ins and optimizing internal mailing resources have chosen to automate the process.
“First State Bank Louise takes customer communications, customer service and compliance very seriously,” said Dana Treadgold, senior vice president of Compliance for First State Bank Louise in Sweeny, Texas. “With SynTel, we are doing everything in our power to continue providing overdraft to those customers who value the service, and it is as simple as providing SynTel with a letter and list of addresses. SynTel takes care of every detail and meets my demands as a compliance person.”
Financial institutions simply provide a mailing list, and SynTel’s Regulation E solution completes the compliance requirements from printing and mailing to reporting and confirmation. The solution includes template notices of the rule to customers, giving them a reasonable opportunity to affirmatively consent to overdraft protection and respond via the SynTel-provided return envelope.
“Banks and credit unions have a very narrow window to obtain permission from customers on overdraft options,” said Harry Herget, co-founder and chief marketing officer for SynTel, “Without these options, financial institutions could lose millions in fee income. SynTel offers a solution that eliminates the burden of handling and mailing these crucial notices quickly, ensures compliance with the regulation and keeps the customer relations top of mind.”
About SynTel, LLC
SynTel LLC (Jonesboro, Ark.) helps more than 1,250 companies optimize their mailrooms, saving on labor, equipment, supplies and postage costs. The company provides automation tools for the design, printing, packaging and delivery of customer communications to increase productivity and reduce expenses. For more information, visit the company’s website at or follow them on Twitter @SynTelLLC and Facebook.


For SynTel, LLC

David Jones, 678-781-7238


Elizabeth McMillan, APR, 678-781-7224

Disqus for ePayment News