Monday, June 28, 2010

Adele Services: $9.5 Million Siphoned off 1.35 Million Cards




With the advent of card readers for vending machines,

scammers hit consumer's cards for small amount

transactions and hardly anyone even noticed...
Back on December 3rd 2008, in a post entitled: Major Credit Card Hack Starting?, I provided information on Adele Services and phantom "small amount" (21-29 cents) charges that began appearing on credit card statements. (see below)

PIN Debit News Blog: Major Credit Card Hack Starting?



  1. Dec 3, 2008 ... A company called Adele Services, based in Melville, N.Y., has been charging cards small amounts — 21 to 29 cents. Such charges are usually ...

    pindebit.blogspot.com/2008/12/major-credit-card-hack-starting.html



    Last night PC World provided more information on Adele Services. It seems that, according to the FTA,  they stole about $10 million over four years. With the advent of card readers on vending machines, it's easy to lose track of small transaction purchases. That's why, according to the article below, out of 1.35 million credit cards tapped into, only a little over 70,000 even noticed.

  2. Robert McMillan – Sun Jun 27, 8:30 pm ET





    The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time. The scam, which had been run for about four years, according to theFTC, provides a case lesson in how many of the online services used to lubricate business in the 21st century can equally be misused for fraud.  "It was a very patient scam," said Steve Wernikoff, a staff attorney with the FTC who is prosecuting the case. "The people who are behind this are very meticulous."  <<Read More>>
    According to the FTC, the fraudsters charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed.   Typically they floated just one charge per card number, billing on behalf of made-up business names such as Adele Services or Bartelca LLC.

Related articles by Zemanta

Enhanced by Zemanta

Adele Services: $9.5 Million Siphoned off 1.35 Million Cards

Back on December 3rd 2008, in a post entitled: Major Credit Card Hack Starting?, I provided information on Adele Services and phantom "small amount" (21-29 cents) charges that began appearing on credit card statements.  (see below)


  1. PIN Debit News Blog: Major Credit Card Hack Starting?

    Dec 3, 2008 ... A company called Adele Services, based in Melville, N.Y., has been charging cards small amounts — 21 to 29 cents. Such charges are usually ...
    pindebit.blogspot.com/2008/12/major-credit-card-hack-starting.html


  2. Last night PC World provided more information on Adele Services.  It seems they stole about $10 million over four years.  With the advent of card readers on vending machines, it's easy to lose track of small transaction purchases.  Thats why, according to the article below, out of 1.35 million credit cards tapped into, only a little over 70,000 even noticed.



    The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.
    The scam, which had been run for about four years, according to theFTC, provides a case lesson in how many of the online services used to lubricate business in the 21st century can equally be misused for fraud.
    "It was a very patient scam," said Steve Wernikoff, a staff attorney with the FTC who is prosecuting the case. "The people who are behind this are very meticulous."
    According to the FTC, the fraudsters charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed. Typically they floated just one charge per card number, billing on behalf of made-up business names such as Adele Services or Bartelca LLC.


Enhanced by Zemanta

U.S. Seeks More Security for Online Transactions (Finally)



National Strategy for Trusted Identities in Cyberspace



From SFGate:  In the murky world of the Internet, how do you ever really know who you're talking to, who you're buying from, or if your bank can actually tell it's you when you log in to pay a bill?(Editor's note:  How about a peripheral card reader with built-in PIN Pad?)



Amid growing instances of identity theft, bank account breaches and sophisticated Internet scams, the government is looking for ways to make those transactions more secure.  (Editor's note:  How about a peripheral card reader with built-in PIN Pad?)



In a draft plan released Friday, the White House laid out an argument for a yet-undeveloped, voluntary identification system and set up a Web site to gather suggestions from experts and everyday Internet users on how it should be structured. The site is quickly getting votes, snipes and suggestions.



The plan, he said, envisions a future in which people would be able to get a secure identifier - such as a smart identity card from a variety of service providers. Customers could then use the card to prove who they are as they make their online transactions. (Editor's Note:  Doesn't a card need a card reader?)   Click here to read the "strategy" and/or click below to read mine

.  









Click to Enlarge
Enhanced by Zemanta

How to Hack an ATM - "Jackpotting Automated Teller Machines" at Black Hat USA

ATM hack promises teller machine jackpotAFP/File – A woman uses an Automated Teller Machine (ATM) in Los Angeles in 2008. Computer security researchers …




RELATED QUOTES
^DJUSS448.75+5.80
^IXIC2,223.480.00
^IXK1,124.260.00
Barnaby Jack of IOActive is slated to give a "Jackpotting Automated Teller Machines" presentation at the Black Hat USA security conference in Sin City in late July.
"I've always liked the scene in 'Terminator 2' where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine," Jack said at the Black Hat website. "I think I've got that kid beat."
The researcher promised to bring two new model ATM machines from a pair of major vendors to demonstrate local and remote software attacks that result in large payouts.
IOActive told AFP on Friday that the manufacturers of vulnerable ATM machines have been alerted to the problem and that Jack's presentation will include ways to protect machines against attacks.

Eminen is Dead Rumor Leads to Zeus Malware Infection: EminenDead.exe

Eminen Death Vido Leads to Malware
Posted on 28.06.2010 by Help Net Security


There's a fake internet rumor, which cropped up only a couple of days ago, which says that the famous rapper Eminem (Marshall Mathers) died in a car crash. Trend Micro warns about an email claiming to come from CBS News "confirming" the rumor and giving a link for the victim to click on in order to view a related video:







The "video" is actually an executable (EminemDead.exe) - a variant of the ZeuS/Zbot information-stealing Trojan.





Enhanced by Zemanta

Introducing JHA (Jack Henry Associates) Payment Processing Solutions

Jack Henry & Associates Rebrands Pemco Technologies Acquisition

 
 

Pemco Technologies Rebranded as JHA Payment Processing Solutions(TM), a Division of Jack Henry & Associates, Inc. 

MONETT, Mo.June 28 /PRNewswire-FirstCall/ -- Jack Henry & Associates, Inc. (Nasdaq: JKHY), a leading provider of integrated technology solutions and data processing services for financial institutions, today announced the rebranding of Pemco Technologies, which it acquired in October 2009.  Pemco Technologies will be rebranded as JHA Payment Processing Solutions and will operate as a division of Jack Henry & Associates, Inc.  Jack Henry & Associates was contractually committed to rebrand Pemco Technologies within one year of the acquisition.  
JHA Payment Processing Solutions will continue Pemco Technologies' long history of operating as a leading provider of payment processing solutions and outstanding client care and service.  
The products and services added through this acquisition strategically complement Jack Henry & Associates' ATM and debit card solutions with proven credit and prepaid card solutions, and positions the company to support financial institutions with a broader array of payment-related solutions that are collectively supporting more than 1,000 banks and credit unions.  
According to Terry McMullen, general manager of E-Services, "This acquisition supports our goal to provide our clients and prospects with a more complete product offering that includes ATM, debit, credit, and prepaid card solutions and generates more opportunities to increase our presence and potential in the growing payments industry.  We believe creating the separate JHA Payment Processing Solutions brand is the most effective marketing, sales, and customer support strategy for the payments products we sell outside our core client base to financial institutions that use virtually any core system. We are also excited about the opportunity to begin selling select JHA Payment Processing Solutions products, which have historically been available exclusively for credit unions, to banks.  Initially we will be offering our prepaid cards and debit and credit awards solutions to the bank market."  
JHA Payment Processing Solutions has launched an aggressive campaign to systematically communicate the new brand to existing and prospective customers, and to the financial industry at-large.  
About JHA Payment Processing Solutions
JHA Payment Processing Solutions provides payment solutions to the financial industry including ATM, debit, credit, and prepaid card solutions.  These innovative solutions include one of the largest switch processors in the United States, access to one of the credit union industry's largest surcharge-free ATM networks, online real-time transaction authorization and processing, signature and PIN-based processing, in-house and outsourced fraud prevention and detection solutions, cardholder awards programs, card program management and profitability solutions, card manufacturing and personalization, instant issue and activation, marketing materials and programs, and renowned customer service.  JHA Payment Processing Solutions are sold to financial institutions regardless of core processing platform, cross sold to the core credit union clients supported by Symitar™, and select products are sold to the core bank clients supported by Jack Henry Banking.  Additional information is available at www.weknowpayments.com.
About Jack Henry & Associates, Inc.
Jack Henry & Associates, Inc. (NASDAQ: JKHY) is a leading provider of computer systems and ATM/debit card/ACH transaction processing services primarily for financial services organizations. Its technology solutions serve more than 11,800 customers nationwide, and are marketed and supported through four primary brands. Jack Henry Banking™ supports banks ranging from de novo to mid-tier institutions with information processing solutions. Symitar™ is the leading provider of information processing solutions for credit unions of all sizes. ProfitStars® provides highly specialized products and services that enable financial institutions of every asset size and charter, and diverse corporate entities to mitigate and control risks, optimize revenue and growth opportunities, and contain costs. iPay Technologies operates as a leading electronic bill pay provider supporting more than 3,600 banks and credit unions with turnkey, highly configurable retail and small business electronic payment platforms. Additional information is available at www.jackhenry.com.


Enhanced by Zemanta

TNS Helps Industry Strengthen Payment Transaction Security

http://www.tnsi.com
RESTON, Va.--(BUSINESS WIRE)--Transaction Network Services (NYSE:TNS) is playing an increasing role in helping acquirers and merchants protect sensitive cardholder information as payment transaction security continues to be a major issue for everyone involved in the industry.

“VeriShield Protect has been designed to help retailers secure their customer’s cardholder data where they are most vulnerable and we’re very pleased that, in conjunction with TNS, it is being deployed at even more stores across the US.”
The TNS suite of security solutions, which can help merchants and payment processors mitigate their compliance overheads, includes an end-to-end encryption service which is currently being deployed by at least one major retailer in the US.
In its more than 100 stores, this retailer has deployed the TNS Managed POS Encryption solution coupled with VeriShield Protect from VeriFone Systems, Inc. (NYSE: PAY) to eliminate the transmission of “clear” cardholder data within its payment network environment. This will protect its customers’ cardholder data from the point-of-sale terminal through to its payment processor, dramatically reducing risk exposure and simplifying the retailer’s ability to achieve PCI compliance.
John M. Perry, General Manager of the Americas for TNS’ Payments Division, said: “We are delighted that this tier one retailer is now using our Managed POS Encryption solution. End-to-end encryption is an important approach for retailers to consider as they are devising their overall security plans. Criminals are coming up with more creative ways to steal sensitive cardholder data and TNS’ end-to-end encryption service allows retailers to deploy the highest levels of security, right from the moment data is read from the customer’s card.
“Our unique approach to deploying the encryption technology will also allow retailers to reduce the scope of their overall compliance efforts, leading to significant cost and complexity savings. The TNS service manages the delivery of the payment transactions from the merchant to the processor, while ensuring efficient decryption en route, so retailers have limited up-front capital expense and do not need to commit ongoing personnel, management or maintenance resources to support it.”
VeriFone’s VeriShield Protect is deployed at the retailer’s POS devices and uses state of the art encryption technology to secure the information as the card is swiped. The TNS Managed POS Encryption solution transports encrypted transactions through to the TNS PCI DSS certified global backbone network. The solution then manages the decryption process, message formatting and secure delivery of the transaction to the retailer’s payment processor.
Jeff Dumbrell, VeriFone Executive Vice President, said: “Cardholder data breaches can easily result in costs in the millions of dollars, in addition to the damaging impact on a retailer’s reputation. Studies indicate that the vast majority of breaches are tied to cash register and other POS process vulnerabilities, but retailers cannot maintain constant vigilance over every access point and every place where data is stored or transported.
“VeriShield Protect has been designed to help retailers secure their customer’s cardholder data where they are most vulnerable and we’re very pleased that, in conjunction with TNS, it is being deployed at even more stores across the US.”
Multiple high capacity VeriShield Protect Decryption Gateways are located within geographically diverse TNS data centers, using dynamic alternate routing capabilities to ensure transactions are processed quickly and securely. A web based management portal is also available, providing near real-time updates on the delivery status of encrypted transactions.
For further information about TNS and VeriFone visit www.tnsi.com and www.verifone.com
About Transaction Network Services
Transaction Network Services (TNS) is a leading global provider of data communications and interoperability solutions.
TNS’ offers a broad range of networks and innovative value-added services which enables transactions and the exchange of information in diverse industries such as retail, banking, payment processing, telecommunications and the financial markets.
Founded in 1990 in the United States, TNS has grown steadily and now provides services in over 40 countries across the Americas, Europe and the Asia Pacific region, with our reach extending to many more. TNS has designed and implemented multiple data networks which support a variety of widely accepted communications protocols and are designed to be scalable and accessible by multiple methods.
For further information about TNS, visit www.tnsi.com‘One Connection, A World of Opportunities’


Enhanced by Zemanta

Visa Inc. to Announce Fiscal Third Quarter 2010 Financial Results on July 28, 2010

Visa Debit logoImage via Wikipedia
SAN FRANCISCOJune 28 /PRNewswire-FirstCall/ -- Visa Inc. (NYSE: V) will report its fiscal third quarter 2010 financial results on Wednesday, July 28, 2010. The results will be included in a press release, with accompanying financial information that will be released after market close and posted on the Visa Investor Relations website.



Visa's executive management team will then host a live audio webcast beginning at 5:00 p.m. Eastern Time (2:00 p.m. Pacific Time) to discuss the financial results and business highlights.
All interested parties are invited to listen to the live webcast at http://investor.visa.com. A replay of the webcast will be available on Visa's Investor Relations website for 30 days.
Concurrent with this press release, Visa will impose its customary "quiet period", during which time company executives will not be interacting with the investment community. This quiet period will extend until fiscal third quarter earnings are released onJuly 28, 2010.
About Visa:  Visa operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 170 countries.  For more information, visit www.corporate.visa.com.


Enhanced by Zemanta

Submit an Idea to the National Strategy for Trusted Identities in Cyberspace

Agreed

1vote
Rank45
Idea#169
This idea is active.
SECURITY »

Authenticate Outside the Browser Space with Card Reader



Which section of the strategy are you posting about?: 

Security and Encryption
I suggest that banks issue personal card readers with PIN Pads (PCI 2.1 certified of course) which enable users to swipe their card and enter their PIN in a secure environment "outside the browser space."
If we stop "typing" our sensitive data (usernames, passwords, credit/debit card numbers) into the inherently dangerous browser space, and start swiping so that the data is 3DES DUKPT end-to-end-encrypted, we solve myriad problems. For example, "phishing" would be virtually eliminated because there would be nothing to "phish phor."
For more info on a "low cost" PCI 2.1 Certified PIN Enttry Device designed specifically for e-Commerce use, visit http://PINDebit.blogspot.com or http://ePaymentNews.blogspot.com
The plan is to issue a smart identity card anyway, so how is is going to be "read" without a card reader? In Europe, almost 30% of online banking customers use a card reader to log-in and Kaspersky Labs has called for the mass adoption of peripheral card readers and implied that banks could be huge drivers of this technology.
We don't write our credit/debit card numbers down on a piece of paper and leave it at the retailers POS, we swipe our cards and enter our PINs. Why should it be any different for the web? Again, the root of the problem is that we are typing sensitive data into an insecure browser making it easy for the bad guys to steal our credentials via keylogging or infecting our PC with malware. Common sense says "stop typing and start swiping. If someone's going to "swipe" your card data shouldn't it be you instead of the bad guys?
Comment

Submitted by You 40 minutes ago

Attachments



Enhanced by Zemanta

Disqus for ePayment News