Skim Milks Bank Accounts Dry

I don't know how good of an idea it is to print stories like this.  Law enforcement is, in essence, admitting that these types of crimes are very difficult to solve. 

Criminal Minds have to be thinking that, compared to robbing a bank, for example, skimming  seems to provide less danger, (non-violent) a higher  take (not many bank robberies result in an $800k purse),  and the risk of getting caught is lower.  Scary thought, yes, but off base?  Me thinks not.  I covered this story back in July...the update is that there is no update.  They haven't made any headway as far as identifying who the culprits are...

Gas debit thieves still on the loose

Police still haven’t caught up with the scam artists who made off with half a million dollars this summer from debit card information stolen at two Pierce County gas stations. Local agencies are coordinating with police in California and with federal agents to stop what they believe is a crime spree that spans the West Coast. The patient and wily thieves are believed to have left a wake of at least 675 victims and $800,000 in losses, according to police and news accounts.

“We are in touch with multiple agencies up and down the West Coast and the FBI is involved,” Pierce County Sheriff’s Department spokesman Ed Troyer said Friday. “We’re swapping photos and other information.”

But despite those efforts, the thieves remain steps ahead of their pursuers.

“We haven’t really made any headway as far as identifying who these people are,” said Puyallup police detective Jason Visnaw said Thursday. His case alone has 283 victims with losses of more than $268,000.

The crimes have several common features:

• The thieves target ARCO stations, which take debit cards but not credit cards.

• They use card-reading devices placed on the payment machine to “skim” account and PIN information.

• They often wait for months after taking the card information before making withdrawals – which is long enough for surveillance video to be taped over.

• They raid their victims’ accounts over holiday weekends, when there’s a better chance the thefts will go undetected for an extra day.

The thieves drew on accounts stolen from the station at 1502 South Meridian St. over Memorial Day weekend. Over the July Fourth holiday, more than 125 people who used their debit cards at the ARCO at 11608 Meridian Ave. E in South Hill became victims; they had all used their cards at the station the previous August.

The July Fourth case was investigated by the Pierce County Sheriff’s Department. A total number of victims and losses was not immediately available. Earlier estimates placed Pierce County losses around $500,000.

A May San Jose Mercury News article said a group that had targeted stations in South San Jose and Los Altos was “likely the same group that has been targeting stations statewide.”

San Jose detective Patrick Ward told The News Tribune that his case alone involved another 190 victims and another $210,000 in losses. The Los Altos case has more than 80 victims and $100,000 in losses.

Los Altos detective Wes Beveridge said the case is being investigated by a high-tech task force composed of officers from several jurisdictions in northern California and the FBI.  “We’ve got one of the suspects identified,” he said, noting it was unclear how big the group is. “I’ve got six different suspects in my cases.”

The information police have gathered indicates the group may have been active in Florida and Arizona before making southern California its home base. Members of the group are thought to be from Eastern Europe and are likely sending the proceeds overseas, possibly to fund other illegal activities, Beveridge said.

A comprehensive estimate of victims and losses was not available. Photographs from several ATMs where the thieves made their withdraws have been released to the public.

“Right now we’re all kind of in the same boat,” Ward said. “We’re trying to contact as many local agencies as possible. At this time, we don’t know exactly what the entire scope of it really is. It’s still an ongoing investigation.”

Related articles by Zemanta

• Card Skimming Perps Show Patience if not Virtue
• More Skimming Attacks Over the Weekend
• Credit, Debit Card Fraud and Skimming Cases Rise

Who Says Crime Doesn't Pay?

According to Brian Krebs, a Computer Security journalist with the Washington Post, Cybercriime is a lucrative business and is growing exponentially.  He refers to McAfee's annual "Virtual Criminology Report" (pdf) which states that online scams quadrupled in the last quarter of 2008. 

Also, (see chart on left) the number of viruses/bots, trojans and potentially unwanted programs (PUPs) are not only on the rise, but almost off the charts.  Why is this relevant?  Because (see 3 Key Findings illustration below) based on the report, law enforcement is "ill-equipped" to cope with this growing (insurmountable?) surge in PC attacks designed to steal personal information. 

So apparently "Crime Does Pay"...at least cybercrime. 

Put in simple terms,  software is soft... which is why HomeATM's Internet PIN debit approach is hardware based.  As long as hardware isn't tampered with (I  would find it highly unlikely that anybody's going to break into one's home to tamper with HomeATM 's Personal Card Swiping Device) it's the safest, most secure way to transact.  It's more convenient too...just swipe versus type!  But convenience takes a back seat to security, and if you have any doubts about how easy it is for cybercriminals to see what you type, then Google "PC Hijacking" or "keylogging." 

He's a snippet from Mr. Krebs article.

Report: Cybercrime is Winning the Battle Over Cyberlaw

Law enforcement agencies worldwide are losing the battle against cyber crime at a time when criminals are increasingly using the global economic downturn to make headway in recruiting more computers and computer users to further illegal online activities, a scathing new report from security vendor McAfee concludes.

McAfee's annual "Virtual Criminology Report" (PDF) notes that the number of compromised PCs used for blasting out spam and facilitating a host of online scams has quadrupled in the last quarter of 2008 alone, creating armies of spam "zombies" capable of flooding the Internet with more than 100 billion spam messages daily.

In an increasing number of cases, those missives are playing on public fears over the battered economy, pitching recipients on too-good-to-be-true job offers aimed to enlist them in cybercrime operations, McAfee said.

"Cybercriminals are cashing in on the fact that the economic downturn is causing people worldwide to increasingly turn to the Web to seek the best deals and jobs, and to manage their finances," the report charges. "They are preying on fear and uncertainty and taking advantage of the fact that consumers are often more easily duped and distracted during times of difficulties. In fact, opportunities to attack are on the rise."

At the forefront of this worsening problem are so-called "money mule" scams, in which criminals make use of third parties -- often unsuspecting consumers -- to launder stolen funds. Mule recruitment is an integral part of many cybercrime operations because money transferred directly from a victim to an account controlled by criminals is easily traced by banks and law enforcement.

The mules, therefore, serve as a vital buffer, making it easier for criminals to hide their tracks. However, criminals tend to view money mules as expendable resources, because those unwitting accomplices usually either are confronted by authorities or lose money as a result of their participation in the scams.

In most cases, money mules are recruited via online job postings touted in spam. McAfee said that some 873 money-mule recruitment Web pages were detected in Britain alone in the first half of 2008, a 33 percent increase over the first half of 2007. That data was gathered by APACS, the United Kingdom's payment-industry trade group.

An investigation by washingtonpost.com earlier this year into a money mule network uncovered a database of thousands of U.S. citizens who had responded with interest to a single money mule scam e-mail campaign.

(continue reading at the Washington Post) or go to the McAfee Report here

Related articles by Zemanta

• Beware: Bad Economy Sparks Web Scams
• Fighting cybercrime in an economic downturn
• HostExploit Releases CyberCrime Report: Targets Rogue ISP McColo

Gemalto Wants EMV in USA

In an article written by Kirk Ladendorf of the American Statesman, he talks about Gemalto's preference to do away with  the magnetic stripe.  Most of Europe has already converted from magstripe to Chip and PIN, as has Australia and Canada...along with many other parts of the world.  The USA is the last vestibule for Gemalto, and they believe America will convert to EMV in the next 5 to 6 years.  At least one analyst does anyway. 

"The world's largest smart-card supplier shipped 1.2 billion of its cards last year and has more than 1 billion users around the world. It recorded sales last year of 1.6 billion euros (about $2.2 billion U.S.). The company says its growth this year is running about 10 percent in the face of a weakening economy.

Now, the Amsterdam, Netherlands-based company is looking for new worlds to conquer, including the United States, which traditionally has been a smart-card laggard. The company is relying on its 150-person marketing and engineering team in Austin to develop products, services and business alliances that help keep its revenue growing.

North America is a comparatively undeveloped market for Gemalto in part because many of the big banks here remain wedded to old-fashioned "magnetic stripe" bank credit cards and debit cards, rather than to smart cards, which predominate in Europe and other parts of the world.

Despite some reports of increased fraud cases involving magnetic stripe cards, many U.S. banks are hesitant to change because of their heavy investment in the technology, said analyst Ed Kountz with Jupiter Research.

"Our (banks') willingness to make a change is somewhere between kicking and screaming on the payment side of things," Kountz said.

Smart cards can contain 1,000 times as much information as a magstripe card and can contain multiple software applications that enable them to handle more functions. More data and more software translates into more security and more functionality, Gemalto says.

As the rest of the banking world adopts smart cards, the analyst expects U.S. banks will eventually follow in the next five or six years.

If the banks are slow to move, other U.S. customers, including the federal departments of Defense and State, have moved faster. Gemalto is one of two main suppliers of smart cards that go into the State Department's new e-passports, which began in 2006. It has also won over big security-conscious corporate customers including Boeing Co., Chevron Corp. and drugmaker Pfizer Inc..

Some of those companies have begun using a new Austin-developed product, the Smart Enterprise Guardian, that can be used to authorize user access to computer networks, the secure transport of stored digital files and digital signatures for e-mail documents to make an official record.

Pfizer is using the "digital signature" feature to reduce the logistical requirements, money and time involved in creating an official record for its complex drug development process.

The SEG was developed to work with Microsoft Corp.'s Windows operating system.Gemalto's technical team in Austin keeps close ties to Microsoft's operating system developers.

"Microsoft is a huge supporter of Gemalto because we are the largest provider of secure devices in the world," said Paul Beverly, who heads the company's North American operations and also serves as the global company's executive vice president for marketing. "What we are seeing is, we are in a position where things are evolving in our direction. The pressure is coming from various mandates for increased security, and there is a lowering of the technical barriers to adoption."

Microsoft founder Bill Gates has said that one of the major points of vulnerability to computer networks lies in its heavy dependence on passwords as the main form of authorization for users. Passwords can be stolen or lost, and they can create an administrative burden to manage.

Gemalto says it offers a way around the problem.

"We all realize that we can make the world more secure and more convenient if we can get rid of the damned password," Beverly said. "That is our mission, to get rid of the password, because it creates so many problems" for computer systems administrators...

(continue reading in a new window)

Related articles by Zemanta

• Convenience and Security Boost Payment Card Industry
• It's PIN...It's Smart...It's Embedded into the Future of Payments
• Canada Going the Way of Chip and PIN
• New chip card launched in Saint-Jérôme - The official launch of the Desjardins chip card is a milestone in the development of payment methods in Québec
• Gemalto Wants EMV in USA
• PIN cards safer but cost more
• Canada's EMV Transition Numbers
• Chipping Away at Credit Card Fraud
• It's Safe to Say It's Not Safe...Skimming Runs Rampant
• Don't Leave Home With It? Card Fraud Fearing Brits Carry Cash
• U.K. Blames Abroad for Increased Fraud in Broad Campaign
• HomeATM's "PIN my Card" Solves Chip and PIN Problems

Debit Card Fraud 101

Beginner's guide to: Credit/debit card fraud

What are the most common types of card fraud?

The most common type of card fraud in Britain is known as "card not present" fraud. This is where fraudsters obtain your card details, and use them to buy products on the internet or over the telephone. 

(Editor's Note:  Card Not Present Fraud can be eliminated by providing a means to make the card present, which is what HomeATM has done with it's personal swiping device.)

How do fraudsters get my card details?

There are a number of ways. One method is "phishing", whereby a fraudster will email you posing as your bank or an official institution, and ask you to verify your details.

Fraudsters also use "skimming" devices to copy card details. When you hand your card to a shop attendant to pay for something, it is possible that they could pass it through a device underneath the counter. This records all your card details, which they can then use later. Fraudsters can also extract your details from your computer if you do not have adequate firewalls and virus software.

Wasn't Chip & PIN supposed to stop card fraud?

Chip & PIN has reduced fraud in Britain, but many other countries do not have the same technology. So criminals can clone cards in the UK, and then use them overseas.

How can I protect myself against fraud?

Don't let your cards out of your sight. With Chip & PIN technology, you shouldn't need to hand your card to the cashier. Also, be wary of emails asking for your personal information. Your bank would never email you asking you to enter your account or card details. Finally, make sure your home computer network is secure. Buy the latest virus packages, and secure your internet connection.

Will I have to pay up if I am a victim of fraud?

As long as it's not your fault, your bank will cover the cost of any fraud on your cards. However, if there's any evidence that you haven't taken proper care to protect yourself, you may have to pick up the bill. For more information about card fraud, visit www.apacs.org.uk.

Related articles by Zemanta

• Something Phishy About This
• Fraud abroad drives up card losses
• Top 10 Risks to Banks in 2009
• Text Scams Coming
• What Are The Latest Fraud Stats? [Ask The Consumerists]
• Phishing fraud up by 182 per cent
• Signature Debit Wrestles Fraud, Get's PIN'd
• If You Still Have to Type in Your PAN it's Not Safe
• HomeATM Has Powerful Potential!
• Don't Leave Home With It? Card Fraud Fearing Brits Carry Cash
• Is Online Credit Card Fraud on the Rise?

Video - ATM Card Skimming Tech Bar Raised

This is just the beginning of more sophisticated equipment being used to "skim" your card details.  Look for more advancements in technology both at ATM's and in the store as the skimming market evolves from it's current infancy mode into adolescence.  In this particular case, the technology was good, but c'mon man...a speaker?  What possible need would there be for a speaker at an ATM machine?  At least there's the blatant possibility these fraudsters can be outsmarted...

Related articles by Zemanta

• How to Trim YouTube Video
• Citibank ATM Pin Numbers Hacked
• World ATM Markets

eCommerce Sales Up 19%

Consumer technology e-commerce sales rose 19 percent in the first two weeks of the holiday shopping season, industry tracker NPD Group said Friday, providing a bit of good news in an otherwise gloomy period for retailers.

Online sales in the two weeks ended December 6 climbed to $700 million, with LCD TVs, notebook computers and digital cameras leading the way.

"It's up in an environment where everything else is down," said NPD analyst Stephen Baker. "The economy is in play because people at least perceive that pricing is cheaper online."

E-commerce sales showed strength even as traditional holiday sales are faltering.

Last week, NPD said U.S. consumer technology brick-and-mortar sales showed their first-ever decline during the week of Black Friday, from November 23 through November 29, falling more than 8 percent to $2.03 billion .

Baker said consumers continue to migrate to the Web to make their technology purchases. Online buyers tend to be higher-income and a bit more gadget-savvy, so it's not so surprising that e-commerce technology sales are faring better than traditional sales, he said.

Related articles by Zemanta

• About Half of Consumers Haven't Finished Holiday Shopping
• Black Friday: Not so black after all
• Holiday shopping off to higher start

Discover Releases 4Q Results

Discover releases fourth quarter results

Riverwoods, Ill., Dec. 18, 2008 -- Discover Financial Services (NYSE: DFS) today reported results for the quarter and year ended November 30, 2008 as follows:

Full year income from continuing operations was $1.1 billion, up 10% from last year. Fourth quarter income from continuing operations was $444 million, up from $210 million in the fourth quarter of 2007. Income from continuing operations includes antitrust litigation settlement proceeds of approximately $535 million (after-tax) in the fourth quarter of 2008. Discontinued operations relates to the sale of the Goldfish business.

Fourth Quarter Highlights

• The company grew managed loans 6% from last year to $51 billion; Discover Card sales declined 2% to $22 billion.
• The fourth-quarter managed net charge-off rate was 5.48% and the managed over 30 days delinquency rate was 4.56%.
• The company added reserves in excess of charge-offs of $415 million.
• Owned loans grew $3.5 billion from the third quarter, including $2.6 billion due to maturing securitizations retained on the balance sheet.
• Total deposits grew 15% to $29 billion, including $6 billion of direct-to-consumer deposit balances.
• Third-Party Payments segment volume grew 39% to $34 billion, including $7 billion of Diners Club International volume.
  

“Our results and financial position reflect our conservative orientation toward growth, credit risk and capital management as we position Discover to weather the economic downturn,” said David Nelms, chief executive officer of Discover Financial Services. “As part of our capital management, we are seeking to participate in the Treasury’s Capital Purchase Program which will further support our consumer lending operations.”

Settlement of Antitrust Litigation

On October 27, 2008 Discover reached a $2.75 billion settlement of its antitrust lawsuit with Visa and MasterCard. Discover received an $863 million payment in November 2008, and expects to receive the remaining proceeds in equal $472 million installments over the four quarters of 2009. The proceeds will be reflected as revenue in Discover’s U.S. Card segment in the period earned.

At the time of the spin-off of the company, Morgan Stanley and Discover entered into an agreement governing the manner in which the antitrust case was to be pursued and settled and how proceeds of the litigation were to be shared. The company has notified Morgan Stanley that it breached the agreement and the amount of the dividend to Morgan Stanley, if any, is a matter of dispute.

Liquidity and Capital

The company continues to maintain liquidity and capital positions that it believes are appropriate for the current environment. Cash liquidity was $9.4 billion and tangible equity was $5.5 billion, or 11.0% of net managed receivables, at November 30, 2008. The company applied to the U.S. Treasury to participate in the Capital Purchase Program and to the Federal Reserve to become a bank holding company. Segment Results (Managed Basis):

U.S. Card

Managed loans grew to $51 billion, up 6% from last year and 1% from last quarter as decreased consumer spending and balance transfer activity were offset by lower cardmember payments and growth in installment loans. Sales volume decreased 2% versus fourth quarter of 2007, and increased 2% on a full year basis.

Credit performance of the Card portfolio was consistent with Discover’s expectation as charge-offs rose, reflecting the deteriorating economic environment. The managed over 30 days delinquency rate of 4.56% was up 71 basis points from the third quarter of 2008, and 98 basis points from last year. The managed net chargeoff rate increased to 5.48% for the fourth quarter of 2008, up 28 and 163 basis points, respectively, from last quarter and last year. The full year net charge-off rate was 5.01% up 118 basis points from last year. Based on current trends within the portfolio and in the economic environment, the company believes that the managed net charge-off rate in the first quarter of 2009 will exceed 6%.

Fourth Quarter

Pretax income was $646 million in the fourth quarter of 2008, including other income of $863 million related to proceeds from the antitrust settlement. Pretax income was $321 million for the fourth quarter of 2007.

Managed net interest income increased $162 million, or 18%, an improvement of 79 basis points over fourth quarter of 2007. Higher net interest income benefited from lower cost of funds, growth in loan balances and accretion of balance transfer fees previously included in loan fee revenue, partially offset by higher interest chargeoffs. Provision for loan losses increased $521 million, or 89%, due to higher net chargeoffs and an increase in loan loss reserves in excess of charge-offs in the quarter. The reserve increase in excess of charge-offs of $415 million resulted from a higher reserve rate as well as higher on-balance sheet loans due to maturing securitizations.

Other income increased $630 million, reflecting the antitrust settlement partially offset by a reduction in the fair value of the interest-only strip receivable. The decline in the fair value of the interest-only strip receivable was due to no securitization gains in the fourth quarter as the company did not enter into new securitization transactions, along with higher anticipated charge-offs in the current environment.

Expenses decreased $54 million, or 9%, primarily attributable to lower compensation and marketing expense partially offset by increased professional fees. Compensation expense included a $39 million one-time benefit due to curtailment of the company’s pension plan. Marketing declined due to lower account acquisition and balance transfer volume as well as lower advertising costs.

Full Year

Pretax income was $1.6 billion in 2008, including other income of $863 million related to the antitrust settlement. Pretax income was $1.5 billion for 2007. Managed net interest income increased $551 million, or 15%, an improvement of 79 basis points over 2007, reflecting an increase in interest income and a decrease in interest expense. Interest income benefited from growth in loan balances and the transfer of balance transfer fees to interest income, partially offset by higher interest charge-offs and lower investment income. Interest expense decreased reflecting a lower cost of funds, partially offset by higher borrowings to fund higher loan balances.

Provision for loan losses increased $1.2 billion, or 66%, due to higher net chargeoffs and an increase in loan loss reserves in excess of charge-offs during the year. The reserve increase in excess of charge-offs of $615 million resulted from a higher reserve rate as well as higher on-balance sheet loans due to maturing securitizations.

Other income increased $673 million reflecting the antitrust settlement and higher discount and interchange revenue, partially offset by a write-down of the interest4 only strip receivable and the transfer of balance transfer fees to interest income. Discount and interchange revenue benefited from growth in sales volume. Expenses decreased $79 million, or 3%, primarily attributable to the pension curtailment benefit; lower account acquisition and promotional marketing activity; and a decrease in costs related to litigation.

Third-Party Payments

Fourth Quarter

The Third-Party Payments segment transaction volume was $34 billion, up 39% from last year, reflecting the addition of Diners Club International volume of $7 billion, as well as increased volumes on the PULSE and Discover networks. Pretax income of $21 million was up $13 million from the fourth quarter of 2007. Diners Club International contributed $4 million to the segment’s pretax income. Revenue increased $24 million due to increased volumes and fee revenues, as well as a $15 million contribution from Diners Club International. Expenses increased $11 million due to the inclusion of Diners Club International.

Full Year

The Third-Party Payments segment transaction volume was a record $125 billion, up 36% from last year, reflecting the addition of Diners Club International volume of $13 billion, as well as increased volumes on the PULSE and Discover networks. Pretax income of $81 million was up $44 million from 2007 including $11 million related to Diners Club International, which was acquired in June 2008. Revenue increased $61 million due to increased volumes and fee revenues as well as a $28 million contribution from Diners Club International. Expenses increased $17 million due to the inclusion of Diners Club International.

Discontinued Operations

Discontinued operations represent the company’s Goldfish business in the United Kingdom, which was sold to Barclays Bank PLC on March 31, 2008. In the fourth quarter of 2008, the company recognized a loss from discontinued operations, net of tax, of $12 million versus a loss of $266 million in the fourth quarter of 2007. The fourth quarter of 2007 included an impairment charge to write down goodwill and intangibles to fair value of $279 million, after-tax.

Dividend Declaration/Stock Repurchase Program

The company’s board declared a cash dividend of $.06 per share, payable on Jan. 22, 2009, to stockholders of record at the close of business on Jan. 2, 2009. No stock repurchases were conducted under the stock repurchase program during the fourth quarter.

Conference Call and Webcast Information

The company will host a conference call to discuss its fourth quarter results on Thursday, Dec. 18, 2008, at 10 a.m. Central time. Interested parties can listen to the conference call via a live audio webcast at http://investorrelations.discoverfinancial.com .


Source: Company press release.

discover, fourth quarter results, antitrust

Related articles by Zemanta

• David (Discover) Nelms at Executives Club of Chicago
• Discover Card Buys Citigroup's Diners Club
• Goldman Sachs Reports $2.1 Billion Quarterly Loss
• Stocks retreat after Morgan Stanley posts loss

Visa Introduces SMS in China/Taiwan

Visa introduces SMS passwords for e-commerce

San Francisco, Dec. 19, 2008 -- Visa Inc. has partnered with banks in China and Taiwan to introduce an SMS-based one-time password system for cardholders to authenticate themselves when making online purchases.

The service is based on the card network's Verified by Visa authentication system, which requires cardholders to punch in a secret PIN when paying for goods over the Internet. But instead of the customer using a fixed code, they are sent a one-time password to their mobile phone which is used to verify their identity.

Visa is introducing the service with Chinatrust Commercial Bank in Taiwan and China Everbright Bank in China. To sign up, customers enroll their cards for Verified by Visa and register a designated mobile phone number on their bank's Web site.

When making an online payment, the customer enters their card number and a screen from the bank appears and asks for the password. At the same time, a one-time password is sent to their mobile phone via text message, which is used to verify the transaction Visa says this makes online shopping more secure and eliminates the need for the cardholder to remember their password.

Rahul Khosla, COO, Asia Pacific, Visa, says: "By adding a one-time password service to Verified by Visa we aim to give our cardholders even greater peace of mind with an added layer of control and security when they make payments online."

In November four European banks agreed to pilot a new Visa card comprising a display for generating one-time numeric codes for consumers to use when transacting online or by telephone.

For more information, visit www.visa.com .

Source: Company press release.

Related articles by Zemanta

• Europe to cap prices for roaming text messages and data

Dual Authentication for All Consumer Accounts - FTC

Finextra: US Federal agency urges authentication of all consumer accounts

US Federal agency urges dual authentication of all consumer accounts

The Federal Trade Commission is calling on the US Government to extend two-factor authentication standards deployed by banks to all private sector organisations that maintain consumer accounts, in a bid to combat rising levels of ID fraud.

In a report published late Thursday, the FTC recommends that Congress consider taking action to strengthen the procedures that private-sector organisations use to authenticate their customers' identities.

"Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses (primarily to businesses) in the billions of dollars," the report states.

The FTC report states that adopting nationwide standards for how businesses and other organizations verify the identity of new and existing customers would make it harder for identity thieves to use social security numbers and other stolen information to commit fraud.

Currently, the only private-sector organizations subject to nationwide authentication standards are financial institutions regulated by the federal banking agencies. The FTC's report recommends that Congress consider establishing similar standards to cover all private-sector entities that maintain consumer accounts.

Such standards would require organizations to adopt reasonable procedures for authenticating customers, but also would allow them to adopt a program that is compatible with their size and the nature of their business, the report states.

Download the document now - 785.5 kb (PDF File)

 

Related articles by Zemanta

• U.S. Identity Theft Convictions Up 26 Percent, Feds Say
• Reports: Social security numbers still widely accessible
• Federal Indictment Proves Anyone Can Rob a Bank by Phone

Chipping Away at Credit Card Fraud

Chipping away at credit card fraud - Canadian Broadcasting News

By Grant Buckler CBC News

If you presented your newly issued credit card at a store recently and were surprised to be asked to enter a personal identification number as if you were using a debit card, you're not alone.

Major credit card issuers Visa and MasterCard are rolling out new cards that contain memory chips across Canada. The chips store information used to prevent fraud.

As old-style MasterCard and Visa cards that have just a magnetic strip expire, they're being replaced with the new chip cards. You can spot these new cards at a glance — on the front is a small silver square, a little less than a centimetre each way, with lines on it. That's the chip.

On the chip are stored the card number, expiry date and security code and your personal identification number (PIN). All this information is encrypted so that only an authorized card-reading device can decode it.

The chip could also be used to store other information, such as your credit limit, says Shirley Matthew, director of chip platforms at Visa Canada. When a card is used fraudulently, a card issuer could send a message to the card to disable it, and that information would also be stored on the chip.

Don't confuse these new cards with "contactless" payment systems, though.

Card issuers expect it to take a couple of years to replace all old-style cards and readers.

The chip cards use a chip standard — called EMV after Europay, MasterCard and Visa, the three credit-card companies that developed it — that requires the reader to make contact with the chip. That's unlike some payment cards now coming into use in Canada — MasterCard's PayPass and Visa's payWave, for instance — that are contactless and will work as long as the card gets within a few centimetres of the reader. MasterCard is issuing cards that combine both functions in one chip.

And even if you have a chip card, you won't always be asked for a PIN. Merchants that don't yet have chip-card readers still use the cards in the old way. Card issuers expect it to take a couple more years to replace all cards and readers.

How it works

A chip card reader scans the card and requires the customer to input a personal identification number, the same way they would enter a PIN to use a debit card.A chip card reader scans the card and requires the customer to input a personal identification number, the same way they would enter a PIN to use a debit card. (Courtesy Visa Canada)When you present a chip card to a merchant who has one of the new card readers, the sales clerk inserts the card in a slot in the reader and leaves it there while you enter your PIN on the keypad, just as you would enter a PIN to use a debit card.

When you enter your security number, the reader checks it against the PIN stored on the chip. If it checks out, your transaction goes ahead. If not, you'll usually have at least one more chance to enter the correct PIN, but repeated wrong PINs will eventually lock up the card — the exact policy is up to the card issuer.

One big advantage of the chip is that a PIN can be used for security without the PIN having to be transmitted to a central computer to check if it's correct. That's what happens when you enter a PIN for a debit-card transaction. Although a PIN can be encrypted, not having to transmit it to the credit card company's server makes the transaction that much more secure, says William Giles, vice-president of acceptance at MasterCard Canada.

Chip cards don't eliminate the need to talk to the credit-card issuer's computers, though, because the merchant still must make sure the card hasn't been reported lost or stolen and that you have enough credit available to cover the purchase.

So why are these chip cards more secure?

The main reason is that a PIN is more secure than a signature. While merchants are supposed to check the signature on each credit-card slip against that on the back of the card, it doesn't always happen and it's not too difficult to forge a signature well enough to fool an untrained eye. But with a chip card, if someone doesn't know your PIN then they can't use your card.

Also, chip cards get around the classic horror story in which someone takes your card into a back room or otherwise out of sight (think of a waiter or gas-station attendant who usually takes the card away and returns it) and imprints an extra credit-card slip or two. All that person has to do is fill in that slip and copy your signature and you'll be charged for something you didn't buy.

With a chip card, if someone doesn't know your PIN then they can't use your credit card.

With a chip card, you have to enter your PIN for each transaction, and nobody but you knows that number.

Chip cards aren't perfect credit protectors, though — they don't address purchases you make by phone or on the internet. You won't be asked for your PIN when you use your card this way. Asking you to give your PIN verbally or type it into a website would compromise its security.

So the credit card companies are dealing with these transactions in other ways. Visa has a program called Verified by Visa, in which you set up a password for online purchases. MasterCard has a similar setup called SecureCode. Asking for the additional three- or four-digit security code printed on your card also provides some extra security, though not if someone has your card who shouldn't.

That's not to say chip cards won't eventually be used for remote purchases. Giles says MasterCard has developed a calculator-sized device that, when you insert your card in it, will generate a passcode for one-time use. You would use this like a SecureCode passcode. MasterCard will make this technology available to other card issuers, Giles says. He expects it to be widespread by 2015.

So in a few years, entering a PIN to use your credit card may be the norm even when you're shopping on the internet — and signing a credit card slip will seem as old-fashioned as, well, paying cash.

Related articles by Zemanta

• Credit Card Useless Overseas? PIN it with HomeATM
• It's PIN...It's Smart...It's Embedded into the Future of Payments
• Canada's EMV Transition Numbers
• Chipping away at credit card fraud

APACS Interactive Payments Guide

APACS has created an interactive guide to demonstrate the varied payment attitudes, preferences and behaviors that can be seen in the different regions of the UK.

For example, their research reveals:

• Plastic cards: Adults in East Anglia are the most likely to hold plastic cards (97 per cent)
• Checking card or bank statements for unfamiliar transactions: West Midlanders are the best at doing this, as 85 per cent admit to always checking their statements - the national average is 82 per cent
• Phone or internet banking: Adults in the North West are most likely to use phone or internet banking (55 per cent), whilst adults in Yorkshire and the Humber and Scotland are least likely to (46 per cent)
• Cash: Adults in the North East make the highest number of cash machine withdrawals (76 annually), but adults in Scotland withdraw the most amount of cash annually (£5,650)
• Cheque usage: More adults in the South West regularly use cheques for spontaneous payments* than in any other region (44% compared to the national average of 37%)

*Spontaneous payments are those that don’t arise from an existing commitment to pay, and include payments in the retail, travel and entertainment sectors and payments to other individuals and tradespeople.

• To access this information and more, please visit the interactive map. (Opens in new window).

Finovate 2009 Dates Announced

Announcing The Finovate 2009 Conference Series: FinovateStartup and Finovate2009

Although 2009 promises to be a challenge, if history is any judge there will bemore lasting innovations put in place next year than any year this century. Necessity truly is the mother of invention, especially when you are a startup.  Next year, we will again showcase the best and brightest ideas at our Finovate conferences:

Finovate Startup:
San Francisco - 28 April 2009

The conference features the launch of new companies in financial tech, as well as young companies launching major new products and features. Last year, we had 40 startups participate, this year we expect even more (see demos from 2008).

Finovate 2009: 
New York City - 29 Sep 2009
We head to NYC for the third year in a row to showcase the best of 2009 in the online and mobile space. Company size is irrelevant; it's all about what's new and what's hot (see demos from 2008, 2007).

Attend a Finovate conference in 2009

About

700 of the most innovative execs in banking, finance and technology attended a Finovate event in 2008. The events are fast-paced, just a single day, and allow you to network with the presenting execs along with the decision makers in the audience. Both attendees and presenters love the format. If you want to join the excitement, you can sign up up now at deeply discounted prices. Tickets are transferable, and refundable,

 so the risk is low. If you want to bring your entire team, email Eric Mattson, eric@netbanker.com, for a team price.

Present in 2009: FinTech Startups

If you have a young company involved in the online or mobile finance area, there is no reason not to be at FinovateStartup. This year, we are opening the floor to any qualifying startup. So, for the price of a single ticket, you are ensured a table at the event to show off your company and a chance to demo on stage (see previous FinovateStartup demos). The earlier you apply, the more benefits you receive. Please check out the Presenters page or email to eric@netbanker.com.

Present in 2009: Other FinTech Companies

At Finovate2009 in NYC, we'll put the best two dozen ideas on stage regardless of the size or location of the company. Last year, we had popular demos from large companies including Intuit and CheckFree Fiserv as well as startups, Mint, CreditKarma, NeoSaej and others (see previous demos from Oct. 2008 and Oct. 2007).

If you have a dynamite new product and are interested in launching it at Finovate NYC, please email eric@netbanker.com or check out the presenters page.

Press

Last year, more than 50 financial, technology and personal finance press and analysts attended the Finovate conferences. If you'd like a press passfor either event, please email me at jim@netbanker.com.

Prevent Fraud Use PIN - Liberty Bank

Liberty Bank is watching debit card transactions after learning thieves skimmed off debit card numbers and produced fake cards that are being used to make purchases across the country.  "It's a huge fraud ring," said Larry Woods, president and chief executive officer of South San Francisco-based Liberty Bank.

To prevent further fraud, the bank instituted a policy of requiring customers use a PIN number in order for the debit card to be accepted.

Editor's Note:  Once  again, yet another bank is stating the fact that in order to prevent fraud a PIN number should be used.  Where's the PIN for Internet Transactions?  HomeATM will dramatically reduce fraud by allowing internet retailers to process PIN based transactions, which in turn, reduces Interchange Fees by up to 100 basis points.

He's not surprised thieves would time their attack for December. "They think people will have money in their accounts at this time of year," he said.

The bank reported the fraudulent transactions to the STAR Network, a division of Colorado-based First Data that processes its transactions. First Data spokesman Glen Turpin responded to an inquiry Thursday night, saying there has not been any unauthorized access of the STAR Network.

Related articles by Zemanta

• Study: Use of Debit, ATM Cards on the Rise
• Debit Card Use Continues to Grow
• PIN Debit Has Highest Growth of All Payment Segments
• Debit Card Use, Particularly PIN Debit, Rising Sharply
• Sexiest or Best Looking..What's More Attractive?

Pay Me...You Twit...Twitpay

Send Money Through Twitter With Twitpay - NY Times
By Jenna Wortham

Twitter can be used to network, make friends or keep up with Britney Spears. And soon it will become a way to transfer money over the Web.

Twitpay

Twitpay is a start-up that aims to allow people to send small payments through Twitter. To do this they include the recipients’ username in their message. For example, posting the update “@johnsmith twitpay $10 for lunch” would deliver the cash to that Twitterer’s Twitpay account. The company monitors the public stream of messages for the keyword “twitpay” and facilitates the exchange. You replenish your Twitpay account using a site like PayPal. Once recipients have accumulated more than $10 in their accounts, the balance can be cashed out in the form of an Amazon gift card. For all transfers exceeding $1, Twitpay will take a flat cut of five cents.

In its simplest form, the service is a quick way to settle a lunch tab or pick up a round of drinks on a friend’s birthday. But Michael D. Ivey, its chief executive and co-founder, says it could also make it easier to donate money during a disaster like Hurricane Katrina or an earthquake. “Ideally we want to enable social giving on Twitter,” he said. “But beyond that, we could enable charitable giving, such as to the Red Cross. We’re very excited to be able to help people do good over Twitter.”

Along with many of the third-party applications that make use of Twitter’s platform, Twitpay has no official ties to Twitter, which allows people to post messages up to 140 characters in length. But along with the Shorty Awards, Mr. Tweet and the multitude of other sites and third-party applications springing up around the platform, Twitpay is another example of the way Twitter is forming an ecosystem of its own.

The service is still in a trial phase, but Mr. Ivey said the company was actively working to obtain funding and is in discussions with several groups.

Today Show Credit Card Skimming Video

This morning on the Today Show, Matt Lauer, did a story on "credit card skimming." Believe it or not, once skimmed, the information on the magnetic stripe was transferred to the magnetic stripe on a hotel room key. Once the card information was transferred to the hotel key they went shopping and used the hotel room key as the credit card. Because they were able to slide the card themselves in the store nobody even suspected a thing and Sarah's (a Today Show staffer) card was loaded up. As I've stated many times, look for this type of identity theft to grow rather than be curbed as time goes by.

Here's the video:

Visit msnbc.com for Breaking News, World News, and News about the Economy

Related articles by Zemanta

• Plastic Cards And Their Plethora Of Uses To Circulate Companies And Activities

New Credit Card Rules Adopted by Regulators

Image via Wikipedia

Regulators adopt new credit card rules - Yahoo! News

WASHINGTON – Federal regulators on Thursday adopted sweeping new rules for the credit card industry that will shield consumers from increases in interest rates on existing account balances among other changes.

The rules, which take effect in July 2010, will allow credit card companies to raise interest rates only on new credit cards and future purchases or advances, rather than on current balances.

They were approved Thursday morning by the Office of Thrift Supervision, a Treasury Department division. The Federal Reserve and the National Credit Union Administration were expected to act on them later in the day. The changes mark the most sweeping clampdown on the credit card industry in decades and are aimed at protecting consumers from arbitrary hikes in interest rates or inadequate time provided to pay the bills. (continue reading)

FYI: The new rules prohibit:

• Placing unfair time constraints on payments. A payment could not be deemed late unless the borrower is given a reasonable period of time, such as 21 days, to pay.
• Placing too-high fees for exceeding the credit limit solely because of a hold placed on the account.
• Unfairly computing balances in a computing tactic known as double-cycle billing.
• Unfairly adding security deposits and fees for issuing credit or making it available.
• Making deceptive offers of credit.

Related articles by Zemanta

• A Day of Reckoning for Credit Card Companies
• Credit card crackdown coming soon
• But We Need Unfair and Deceptive Practices to Be Profitable - J.P.Morgan?
• Credit Card Squeeze Is Pushing Consumers Toward Foreclosure [Money Meltdown]

Terminal Disease Boosts Fraud

More terminals have been tampered with (toyed with?) at a Toys R Us in Sveedin.  2008 is coming to an end, and one of the buzz words of the year has got to be  card skimming.  

The tampering of these POS devices will undoubtedly erode the trust of consumers, which will contribute towards the acceptance of a personal swiping device such as the one devised by HomeATM.

Getting the PAN (personal account number) and PIN is so easy (with tampered  devices) it's like stealing candy from a baby.  However, in these times, it's not the "sweet tooth" that's behind the stealing...it's the "Bluetooth."

It's a contributing factor towards the paradigm shift taking place with online  vs. retail shopping and part of the reverse matriculation we perceive as inevitable.  Here's yet another story, of POS terminals being toyed with.

"Swedish police are unraveling a scheme where criminals stole credit card details by tampering with a point-of-sale (POS) terminals at a Toys R Us store in Malmö.

One terminal was found to be equipped with a bogus keyboard overlay that could record PINs (personal identification numbers) as well as details on the card's magnetic stripe, said Detective Chief Inspector Harald Runge.

The case is similar to one revealed earlier this year affecting several U.K. retailers, where point-of-sale devices were hacked to record debit and credit card details for use in frauds. It also demonstrates the increasing technical knowledge cybercriminals have gained in order to perpetuate card fraud.

It's the second time police have discovered a tampered POS terminal at Toys R Us, Runge said. Three months ago, two compromised terminals were found, rigged with Bluetooth transmitters to send card details, he said. 

In that case, at least 500 to 600 cards were compromised. The case came to light after people reported fraudulent withdrawals on their cards, Runge said. The withdrawals were made in Romania, a country known as a haven for cybercriminals. "We know that usually those people who do these crimes in Sweden are usually from Romania," Runge said.

In some instances, the card details are transmitted via a wireless mobile chip installed in the POS device, Engelsman said. In other cases, the terminals have a short-range Bluetooth capability. A fraudster can come back into the store to transfer the captured data to another Bluetooth-enabled device."

With the help of Swedish banks, it was determined the cards had all been used at Toys R Us, Runge said. Swedish police are now carrying a technical investigation into how the POS terminals were compromised, he said. In Romania, the authorities have photos of people who were making the fraudulent withdrawals, he said.

The Swedish card numbers and details recorded at Toys R Us may already be showing up on illegal Web sites where card details are sold, said Frank Engelsman, a fraud expert with Ultrascan Advanced Global Investigations, a company based in Netherlands. Runge said people who shopped at Toys R Us should ask their bank to issue them new cards.

It appears cybercriminals are already trying to sell those details. Four hundred Swedish card numbers have turned up in one of the underground cybercriminal databases that is located in Russia, Engelsman said. The card details sell for US$1 to $6, he said.

Engelsman said Ultrascan has seen a sharp uptick in the number of credit card details that are being tested. In order to sell a credit card record, the buyer often wants to ensure the card number is valid and hasn't been canceled. To do that, cybercriminals will charge a very small amount to an organization such as political campaign, Engelsman said.

The charge can be as little as $0.26. Cybercriminals will tend to vary the amounts, since banks will often cancel cards if their anti-fraud systems notice, for example, 1,000 cards all being charged for $0.13, Engelsman said.

Lately, "we've never seen so much testing before," Engelsman said. "After testing, they are going to use them [the cards]."

Tampering with the point-of-sale terminals is getting increasingly sophisticated. Engelsman said he's heard of teams of professional "burglars" who carefully break into a store at night and install equipment to record card details. They leave without a trace.

Terminals are also being rigged to record credit card details at certain peak shopping times when the most details can be captured for the least battery power. For example, a POS device would only record details from 1 p.m. to 3 p.m., Engelsman said.

The devices can also be programmed to only record, for example, American Express cards rather than Visa or MasterCard, Engelsman said. That's because some fraudsters, such as ones in North Africa, prefer American Express since the cards are more widely accepted in the area, he said.

Related articles by Zemanta

• Credit Card Useless Overseas? PIN it with HomeATM
• Perfect Storm Brewing, HomeATM Perfectly Placed
• Chipping away at credit card fraud

Airline Payment Summit Downloads

The Travel Payment Summit has made available, free presentation downloads from their conference earlier this month.  If interested, take a peek at them here:

Travel Payment Summit - free presentation downloads

Presentations from the Travel Payment Summit (TPS) held 03-04 December 2008 in Bad Homburg (Frankfurt) are now posted online and available for download free of charge!  (Editor's Note: Bad Homborg is another name for Frankfurt?...ya gotta get a kick outta that.  Hamburger bad...Frankfurter good?) 

Along with the latest trends in travel payments, including the move by airlines and travel companies to cut payment costs with lower-cost alternative payment options, see how the credit crisis is causing a rise in payment fraud, cutting into the bottom-line of the airline and travel industries and find out what can be done about it!

Click here to view those presentations

"Payments: A Cost or an Ancillary Revenue Opportunity?" will be one of the topics covered at the Airline Sales Channel Forum and Airline A-La-Carte Pricing Seminar being held concurrently on 12&13 May 2009 in Miami, USA.  These events will take airline ancillary revenue generation and a-la-carte pricing to a whole new level. Airline delegates may register for just $99 through 15 January 2009!

For more details please visit: www.airlinesaleschannel.com