Parking Ticket = Malware in Disguise

Here's a new angle on getting people to unknowingly and willingly visit a site which installs malware on their machines.  According to Christopher Null at Yahoo Tech, hackers put counterfeit "parking tickets" on the windshields of illegally parked cars.  The counterfeit tickets instruct the car's owner to go to a website and pay the fine.  Yes, you guessed it...the website installs malicious code.  Here's his story:

Parking tickets actually malware attacks in disguise : Christopher Null : Yahoo! Tech

The last place anyone would expect to face a computer security attack is on the windshield of their car in the form of a parking ticket.

But that's the latest -- and intensely clever -- way that hackers are attempting to goad people into visiting infected websites and willingly install malware on their machines.

The scam is instantly clever once you hear how it works: Hackers print up phony "PARKING VIOLATION" notices and plaster them on cars parked on the street. The phony ticket directs the car's owner to visit a certain website, and of course the website in question (which largely seems to comprise of photos of badly parked cars) is a hack site which attempts to install malware on your PC.

Essentially what we have here is a phishing attack that takes place in the real world instead of via email. The use of fliers on parked cars is what's truly ingenious: A similar attack sent via postal mail would probably have minimal effect, but people are incredibly protective of their cars, and I imagine these windshield fliers will actually have a pretty good percentage of people typing in the URLs typed on them.

Related articles by Zemanta

• Fake parking tickets lead unwary to malware (theregister.co.uk)
• Phishing scam aims to hoodwink hotel habitants (theregister.co.uk)
• Experts predict rise in 'virtual' malware (vnunet.com)

UATP Processes Record $12 Billion in 2008

UATP Announces Record Charge Volume for 2008

UATP Announces Record Charge Volume for 2008
PR Newswire


WASHINGTON, Feb. 5 /PRNewswire/ -- Universal Air Travel Plan, Inc. (UATP), the low cost payment network privately owned by the world’s airlines, today announced record charge volume and profits for calendar year 2008. UATP CEO Ralph Kaiser stated, "UATP continues to prosper even in today’s economic environment. While we see challenges from an overall decrease in travel spending in the upcoming year, there are enough growth drivers in our business to continue to be optimistic about our performance in 2009."

UATP processed approximately US$12 billion in 2008, all with just 38 staff worldwide.

UATP has also been working hard to diversify its product offerings beyond its core corporate travel charge card business with great success. "UATP’s alternate form of payment processing business has taken off in 2008 much like our USS business did after its launch a few years back. Both lines of business are posting impressive growth rates," added Kaiser.

UATP’s alternate form of payment processing includes work for such online payment brands as Acculynk, BillMeLater, HomeATM, Moneta and PayPal.

USS is UATP’s in-house, proprietary settlement system which allows travel agency and low-cost air carrier payment processing to be conducted outside of normal channels. In 2009, in addition to offering air travel payment, with its industry leading data, UATP plans to expand its merchant base via USS to include hotels and rental car companies. This is expected to add significant charge volume to the network and greatly enhance the core product offering.

"Notwithstanding the current economic climate, 2009 will be a growth year for UATP. We are a dynamic and hungry company and we’re always looking for ways to save money for the airlines and their corporate customers while enhancing profitability for our shareholders," concluded Kaiser.

About UATP

UATP accounts are accepted as a form of payment for corporate business travel by airlines and travel agencies worldwide. UATP accounts are issued by: Air New Zealand (ANZFF.PK), American Airlines (NYSE: AMR), Austrian Airlines (AUALF.PK), Continental Airlines (NYSE: CAL), Delta Air Lines (NYSE: DAL), Japan Airlines (JALSY.PK), Northwest Airlines (NYQ: NWA), Qantas Airways, Ltd. (QUBSF.PK), United Airlines (Nasdaq: UAUA), and US Airways (NYSE: LCC). AirPlus International issues the UATP-based Company Account for: British Airways (LSE: BAY.L), Continental Airlines (NYSE: CAL), and Lufthansa German Airlines.

Contact:
UATP Corporate Communications
Wendy Ward, wward@uatp.com
+1 202 626 4077

SOURCE UATP

Paradigm Shift E-vidence Continues to Stack Up

In a continuing series of Paradigm Shift posts, I bring you this.   Earlier this week, Macy's announced they were cutting 7000 jobs amid reorganization.  Meanwhile, Amazon had it's best quarter ever. Something's going on here.  Let's take a closer look.

Yesterday Internet Retailer reported:

"Growth for the 110 e-retailers that have reported 2008 sales, so far, has reached 21.8% over 2007.  That's $33.50 billion for those same e-tailers in 2008 vs. $27.46 billion in 2007"

Let's just say that the bricks and mortar circuit didn't quite fare so well, and leave it at that. 

I was only joking back in December when I said that one November Thursday we'll turn on our TV to watch the Amazon Thanksgiving Day Parade...in fact, if I remember correctly, I think I may have even called that the "Parade-igm" shift.  Maybe I wasn't so off-base.

Speaking of shifts, there's an article out of the U.K. saying that more shoppers are preferring e-commerce over bricks and mortar.  It also says consumers prefer to "let their fingers do the shopping."  That's true, and there's a preponderance of mounting e-vidence pointing to that being fact, rather than speculation.

Apparently the Yellow Pages were way ahead of their time with their "let your fingers do the walking slogan, and that all well and good...

...until checkout time.  It's at that point whereby you should be taking out your card and putting those fingers on hold. Because if you are tempted to touch any keys when they ask for your card number, then here's  7 "key "words: 

"You Should be SwipePIN' instead of Typin'."

As the Paradigm Shifts into second gear, on the Internet Autobahn originally dubbed the information highway,  HomeATM will be there with our End Encrypted, Dually-Authenticated PIN Debit solution for the web.  (Did I forget to mention that by "SwipePin" instead of "Typin" we morph the transaction from "card not present" into a "card present" transaction?")  I didn't think so.
 

The Internet was originally called the  Information Highway for a reason.  When you "type vs. swipe", someone's going to be there to commit highway robbery...the information is out there  to be had.  If you don't want to be the one being "had, then simply stop being that "type" of online shopper. 

Would you not agree that if someone's going to be SwipePin' your card information, it should be you instead of the bad guys? 

Recent breaches/hacks at CardSystems, TJX, RBS Worldpay, and Heartland aren't a whisper...they're a shout!  Are they an anomaly?  If so, which one?  Sure, I understand that the V/MC, and EFT networks won't make as much revenue per transaction, but at whose expense are they making it anyway? 

I would suggest they take a closer look at the bigger picture...on the flip side, they just may save money by incorporating a PIN Debit approach to the web.  How you say?  Here's how...maybe, they'd avoid a 100 million card holder breach, which has the potential (at $202 per compromise) ,to put a major dent in the money they're making by keeping security low and interchange high. 

The inherent nature (and value) of PIN Debit's built-in security , when swiped, (what you have=card and what you know=PIN) would empower e-tailers to process transactions at rates up to 100 basis points lower than they are currently paying.  

Do the math on $33.50 billion dollars, (the figure Internet Retailer is reporting with only 22% of the results in, from last year) and multiply that  figure by 100 basis points.  That's money that would go back into the economy instead of into the coffers of lawyers defending Visa and MasterCard in court for Antitrust Violations. 

So, in my humble opinion, the time has arrived for the inevitable to occur.  We need to protect consumers and we need to protect e-merchants.  A more secure transaction via dually-authenticated end to end encryption shouldn't be "explored", it's the way it should be done...and HomeATM has been doing it that way, with $0 fraud since January '07.  

Oh...BTW...I almost forgot...here's the story providing further e-vidence of that Paradigm Shift...


Retailers lacking e-commerce likely to perish - CBR

Retailers who do not provide an online sales option to their customers are going to lose out on their business, as more shoppers are preferring e-commerce to high street shopping.

Businesses which do not invest in e-commerce are 30% more likely to fail, says Tenon Recovery, a turnaround, restructuring, recovery and insolvency specialist. Online retail sales in the UK rose from £46.6 billion in 2007 to £53.2 billion in 2008.

The rise in online sales was simultaneously marked by the closure of several high street stores. According to Tenon Recovery, the high street casualties are increasing as the businesses are investing more in brick and mortar buildings but not in e-commerce sites.

Carl Jackson, national head of Tenon Recovery, says that the new-age consumers like to go shopping with their fingers rather than their feet, as it is easier for them to compare prices online than move around the high street. Businesses which do not enable their consumers to shop 24 hours a day are at a disadvantage.

Tenon Recovery’s estimates are in line with the IMRG Capgemini e-Retail Sales Index for 2008, which has found that the online sales in the UK in December last year increased by 14.2% from 2007.

In an excerpt from a related story, "Online Sales to Jump Next Christmas" the e-vidence in the shift from retail, bricks and mortar, high street, call it what you will, to online is also mounting...

"...of the 2,000 consumers surveyed, 37% did more than half of their shopping online, while 59.9% spent more online this Christmas than last year.

Research undertaken by Capgemini, as part of the IMRG Capgemini e-Retail Sales Index, also observed that online sales have been increasing in spite of a fall in the growth of high street, as shoppers are turning to e-tailers to beat credit crunch.  (Editor's Note:  You can replace "credit crunch" with Snow, High Price of Gas, Time, etc.)

Matthew Tod, CEO at Logan Tod, said: “With 53% of those surveyed intending to increase online purchases for Christams’09, online retailers can look to see a sustained growth level as consumers continue to adopt the habit of online shopping.”

continue reading original story at CBR eCommerce

Related articles by HomeATM Blog

• Online Fraud Up...Down Under (pindebit.blogspot.com)
• Paradigm Shift: Retails 70%-22% Lead over Web Changes to 44%-49% (pindebit.blogspot.com)
• Sour E-conomy Doesn't E-qual Sour Grapes for E-Commerce (pindebit.blogspot.com)
• e-Commerce Expanding into Bricks and Mortar? (pindebit.blogspot.com)
• 12% of Online Buyers Have Been Victmized by Hacksters (pindebit.blogspot.com)
• Paradigm Shift E-vidence (pindebit.blogspot.com)
• First Data Transitions Chase Paymentech Portfolio (pindebit.blogspot.com)
• Heartland reveal massive credit card scam (vnunet.com)

Visa/MC Shares Rise

Bloomberg.com: Worldwide

Feb. 5 (Bloomberg) -- MasterCard Inc., the world’s second- largest credit-card network, rose 6.3 percent in New York trading after the company beat analysts’ profit estimates by raising the price of processing international purchases.

Profit excluding a settlement charge was $1.87 a share in the fourth quarter, beating the $1.62 average estimate of 21 analysts surveyed by Bloomberg. Revenue rose 14 percent to $1.2 billion, MasterCard said, and price increases mostly tied to cross-border transactions made up more than half of the rise. The network climbed $8.81 to $148.96 at 9:42 a.m. in New York Stock Exchange composite trading.

Chief Executive Officer Robert Selander is cutting expenses to reach profit targets jeopardized by the U.S. economic slowdown. MasterCard, which collects fees to shuttle payments between financial institutions, may miss a 20 percent to 30 percent net income growth goal this year after the effect of a stronger dollar is factored in, the company said in November.

“Despite the significant economic turbulence around the world, we were able to achieve excellent fourth-quarter operating results while maintaining a healthy balance sheet,” Selander said today in a statement.

Visa Inc., the largest credit and debit card network, rose 8.6 percent to $53.34 in New York trading after saying yesterday fiscal first-quarter profit rose 35 percent to $574 million.

MasterCard had 36 percent of the U.S. credit and debit-card market in 2007, compared with San Francisco-based Visa’s 51 percent and 12 percent for New York-based American Express, according to the Nilson Report, an industry newsletter based in Carpinteria, California.

Click Here to Read the Entire Story at Bloomberg.com

Related articles by Zemanta

• Capital One posts Q4 loss; shares fall (money.cnn.com)
• Fortune - MasterCard vs. Visa (pindebit.blogspot.com)

Citibank Launches Online Money Transfer

On 12/30, in a post entitled RBI to Allow Outward Remittances, I covered the fact that the central bank (Reserve Bank of India) had been approached by a number of players to enable outward remittance facilities on their money transfer channels.  It looks like Citibank was one of them...as Citibank has announced the launch of Citi Online Remit.

The new online money transfer service provides Non Resident Indians (NRIs) the possibility to transfer funds to India from any US Checking/Savings account.

Money transfer in the system is also possible through a US Credit/Debit Card as a direct transfer into the beneficiary’s Bank account or as a draft couriered to the beneficiary’s mailing address in India. The platform is powered by the QuikRemit platform from Citi’s Global Transaction Services.

At the times when the average value of remittances is increasing, Paul Galant, CEO of Citi’s Global Transaction Services, highlighted that the service is aimed at offering “a fast, safe, and secure platform for cross-border money transfers.” This is being achieved through a wide range of built-in security features, including Online Identity Verification, Multi-Factor Authentication, Global IP tracking and Account authentication. Besides, an online tracking system enables NRIs to follow their transaction at every stage of the transfer process. Regular 24/7 customer service on phone and online are also offered.

The Citibank NRI Business offers a wide range of money transfer services globally with eight major regional hubs in USA, Canada, UAE, UK, Australia, Kenya, Singapore, and Bahrain. The service manages assets exceeding US$ 6 billion and has 200,000 customers. The NRI Business account domiciled in India is denominated in Rupees, under the aegis of Reserve Bank of India. To ease the life of global Indians who have been customers of Citibank NRI Business for more than two decades, the bank offers such services as the Citibank Rupee Checking Account, international ATM and Debit cards and an unparalleled service in draft delivery to beneficiaries in India.  More

Related articles by HomeATM

• 
  
  RBI to Allow Outward Remittances?  Dec 30, 2008
  Sending money overseas instantly could soon become a reality with the Reserve Bank of India (RBI) considering proposals to allow non-banking entities like online money transfer portals to undertake... Visit the PIN Debit Payments Blog ...
  http://pindebit.blogspot.com/

H&R Block Signs Exclusive w/Debit MasterCard

MasterCard has signed an agreement with H&R Block Bank, owned by H&R Block Inc., on a contract extension and five-year Debit MasterCard signature and PIN brand exclusivity. According to the conditions of the agreement H&R Block Bank will participate exclusively in the MasterCard network.

H&R Block Bank is the issuer of the H&R Block Emerald Prepaid MasterCard® that provides H&R Block’s retail tax clients with a convenient and secure access to tax refunds, payroll funds and other direct deposits. It has been declared that the H&R Block Bank has issued over 2.6 million cards last year and is planning to increase the number to 3 million this tax season. The cards are available mainly through the company’s network of 13,000 offices. Cardholders can reload cash to their cards at more than 40,000 retail locations across the country. Moreover, the card supports direct deposit of payroll funds.

H&R Block Inc. is the world’s preeminent tax services provider.

 Source: Company Press Release

Related articles by HomeATM's PIN Debit Payments Blog

• Terminal Disease Boosts Fraud (pindebit.blogspot.com)
• "SwipePIN" Your Card Data...Better You than Fraudsters! (pindebit.blogspot.com)

Say it Aite So

Aite Says It Isn't...

Aite debunks unbanked, underbanked myths

Boston, Feb. 4, 2009 -- A new report from Aite Group, LLC debunks 10 myths commonly held by bank executives, regulators and consumer advocates about unbanked and underbanked consumers. The analysis is based on a 400-person survey with consumers at check-cashing stores, completed in November and December of 2008.

Among the myths debunked by the report is the belief that consumers are unbanked or underbanked because of cultural and attitudinal reasons. Instead, it reveals that people are unbanked for very practical reasons, including credit, pricing, cash flow and service issues. Fifty-three percent of unbanked consumers in Aite Group's survey are impeded by credit issues, while an additional 28% face pricing issues with checking accounts, 12% are impeded by cash flow issues, and 7% constrained by service issues.

"Consumers that are underbanked and unbanked often choose to be so for practical reasons rather than attitudinal ones," says Gwenn Bézard, research director with Aite Group and co-author of this report. "Greater education and marketing wizardry is unlikely to succeed in attracting this group to checking account relationships. The only way for banks to seriously compete is to deliver a better product and value proposition."

This 29-page Impact Note contains 22 figures. Clients of Aite Group's Retail Banking service can download the report by clicking on the icon to the right. Related Aite Group Research:

* Nine for '09: Opportunities and Challenges for Banks in 2009
* Mobile Banking for the Underbanked: Lessons from Africa
* Competing in Money Transfers

To purchase this report or for additional information, please contact: Aite Group Sales Tel: +1.617.338.6050 sales@aitegroup.com

About Aite Group, LLC Aite Group is a leading independent research and advisory firm focused on business, technology and regulatory issues and their impact on the financial services industry. It was founded by leading industry experts in Banking and Securities & Investments. Aite Group brings together a team of business strategy, technology and regulatory experts to deliver comprehensive, timely and actionable advice to financial institutions and technology vendors. It seeks to become a true partner, advisor and catalyst by exchanging ideas with and challenging basic assumptions of its clients, ensuring that they always stay one step ahead of the competition.

Source: Company press release.

10th Annual Online Fraud Report

Online payment fraud trends, merchant practices and benchmarks

This year's study found that online merchants estimate they lose 1.4% of their revenue to fraud or $4 Billion in annual sales.  Read about this and over 25 other fraud management benchmarks, trends and practices. 

The 2009 edition of CyberSource's Online Fraud Report is based on an independent survey of hundreds of web merchants.  This annual industry report is essential for finance, risk and eCommerce professionals.

 Download your copy of the CyberSource Online Fraud Report 2009 Edition today!

Contents:

• Detailed fraud metrics (fraud, chargebacks & order rejection)
• Detection tools used/planned at each stage
• Manual review rates, staff turnover and training time
• Full process/metric maping
• Budgets (overall and how allocated) 
  

Related articles:

•  
•  
•  
• Lost: $4 Billion Online (pindebit.blogspot.com)
• Merchant Risk Council 2009 e-Commerce Conference (pindebit.blogspot.com)
• E-Commerce Transaction Risks That HomeATM Solves (pindebit.blogspot.com)
• Online Fraud Up...Down Under (pindebit.blogspot.com)
• Is Online PIN Debit For Real This Time Around? (pindebit.blogspot.com)
• PIN Debit on the Web (pindebit.blogspot.com)
• Signature Debit Wrestles Fraud, Get's PIN'd (pindebit.blogspot.com)
• The Benefits of Debit Cards by Bruce Cundiff via DebitFacts.org (pindebit.blogspot.com)
• Perfect Storm Brewing, HomeATM Perfectly Placed (pindebit.blogspot.com)
• Top 15 eCommerce Sites in November (pindebit.blogspot.com)

KPG Ventures Funds Nat'l Payment Card

I wrote about National Payment Card earlier this year. Why $4.00 a Gallon Gas is More Appealing to NPS.   Now comes word that they've raised $2 million for expansion, so apparently KPG Ventures found something very appealing about their decoupled debit program.  Here's the press release:

KPG Ventures Funds National Payment Card Association With $2 Million for Expansion Into Supermarket and Chain Drug Verticals

SAN FRANCISCO--(BUSINESS WIRE)--KPG Ventures—a venture capital firm specializing in seed-stage disruptive technology companies, today announced it has invested $2 million in National Payment Card Association, an emerging company responsible for creating a large scale, low cost debit settlement system benefiting consumers and merchants with lower transaction fees. KPG Ventures’ investment will propel National Payment Card Association’s growth beyond the fuel and convenience markets and into supermarkets and chain drug outlets.

National Payment Card Association’s technology is currently being deployed in fuel and convenience stores across the country, allowing consumers to save money and merchants an alternative to the large transaction processing fees charged by traditional transaction processors.

“National Payment Card Association’s product is an innovative, money-saving concept that has already met with a great deal of success,” said National Payment Card Association CEO and Founder Joe Randazza. “In these difficult times, the support and vote of confidence we have received from a specialized venture capital firm like KPG Ventures is validation of our model and technology, and well positions us for future growth.”

“KPG seeks investments that can scale and solve a highly defined consumer problem and found both of them in National Payment Card Association,” said Dave Hills, a General Partner of KPG Ventures. “Joe and the team have built a great product and we’re happy to support them.”

National Payment Card Association first introduced its alternative payment solution in June 2006 and has earned much attention from industry insiders and consumers. The National Payment Card Association PIN based payment system processes transactions through the Federal Reserve Automated Clearing House (ACH), resulting in lower merchant fees and a self-funded loyalty program that can provide immediate savings to consumers. Specifically, the program benefits retailers by helping them shift away from the interchange fees credit card companies normally charge on each transaction by moving them to the lower cost ACH system. The merchant can then use some of the savings to change customers’ payment behavior by passing some of that savings along to them right at the pump.

Founded in 2006, KPG Ventures is a San Francisco-based venture capital firm. KPG focuses on the consumer Internet sector of technology-driven businesses, investing at the seed-stage cycle of a company’s development. With a proven track record of picking the right companies and teams who are focused on highly capital efficient opportunities that require little capital to reach profitability, KPG has launched many successful companies. The firm concentrates its efforts on a small handful of companies at a time so that it can leverage the strategic and operating expertise of its general partners.

For more information about KPG Ventures, please visit kpgventures.com. For more information on National Payment Card Association, please visit nationalpaymentcard.com or contact Shep Doniger at 561-637-5750.

pin debit, decoupled debit, venture capital, payments industry

Related articles by Zemanta

• Fighting Visa and MasterCard (pindebit.blogspot.com)

ATM Skimming Card News Video

In light of the previous post, whereby I mentioned that I knew how they got the PIN, I've dug up a news report from Cincinnati, (WCPO...not WKRP) called ATM Scam Targets Debit and ATM Cards.

I've embedded the video report below for your convenience:

Related articles by Zemanta

• WKRP is back - as a TV station! (tvsquad.com)
• WKRP in Cincinnati ... back on the air (msnbc.msn.com)

More ($9 million) on the RBS Breach (Video)

Below you'll  find a fascinating story by John Deutzman with Fox NY regarding the recent RBS WorldPay breach.  Didn't hear of it?  That's probably because they issued their press release concerning the breach during the busy Christmas season, December 23rd. 

To read about what I thought about it then, visit "Mother of All Hacks Coming?  from December 24th.

This incident happened after midnight on November 8th.  Now...I know how they got the PINs, (here's a hint, you're on candid camera), so the most intriguing part of this story, at least in my opinion, is the fact that the hackers were able to lift the daily limits on the cards, providing a larger payday. That's the coup de' tat. 

The coordination and scope of this effort is also amazing even causing the FBI to make comments to that effect.  130 different ATM machines in 49 cities with 100 cards in 30 minutes. 

As the story goes, no suspects, only mule drivers, but I think Clive Owens is going to be the guy behind it when they do the movie.  Speaking of movies, watch the video on the right if you have the time.

Reported by John Deutzman


A Fox 5  investigation   exposes a  worldwide ATM  scam that  swindled $9  million and  possibly  jeopardized sensitive information from  people around  the world. Law enforcement sources  told Fox 5 it's   one of the most frightening  well-coordinated heists   they've ever seen. (Watch video report at right.) 

Photos from security video obtained by Fox 5 show of  a small piece of a huge scam that took place all in one  day in a matter of hours. According to the FBI,   ATMs from 49 cities were hit -- including Atlanta, Chicago, New York, Montreal, Moscow and Hong Kong.

"We've seen similar attempts to defraud a bank through ATM machines but not, not anywhere near the scale we have here," FBI Agent Ross Rice told Fox 5.

These people in the photos are believed to be "cashers," low-level players, in a scheme devised from some mastermind -- a dangerous computer hacker or hacking ring authorities fear could strike again. Here's how it all came down, according to information Fox obtained from the FBI and law enforcement sources:

The computer system for a company called RBS WorldPay was hacked. One service of the company is the ability for employers to pay employees with the money going directly to a card, called payroll cards, a lot like a debit card that can be used in any ATM. The hacker was able to infiltrate the supposedly secure system and steal the information necessary to duplicate or clone people's ATM cards.

"We've never seen one this well coordinated," the FBI said.

Then shortly after midnight Eastern Time on November 8, the FBI believes that dozens of the so-called cashers were used in a coordinated attack of ATM machines around the world. "Over 130 different ATM machines in 49 cities worldwide were accessed in a 30-minute period on November 8," Agents Rice said. "So you can get an idea of the number of people involved in this and the scope of the operation."

Here is the amazing part: With these cashers ready to do their dirty work around the world, the hacker somehow had the ability to lift those limits we all have on our ATM cards. For example, I'm only allowed to take out $500 a day, but the cashers were able to cash once, twice, three times over and over again.

When it was all over, they only used 100 cards but they ripped off $9 million.

The RBS Web site says that card holders will not be responsible for any unauthorized transactions. But there is fear that the hackers might have had access to sensitive information used in identity theft for a potential 1.5 million customers -- including their including Social Security numbers.

"The number of machines that were accessed, the number of cities that were targeted, and the number of people that had to be involved in this is quite significant," Agent Rice said.

Investigators are hoping a break in the case may come from one of the cashers. The theory is they probably were recruited, paid a small fee to be solders in the scam, and might be likely to rat out the people who hired them.

There are millions of people out there these days with these payroll cards. RBS officials say they have sent out letters to anyone who might have been affected. They are also offering one-year credit protection for people whose Social Security number may have been jeopardized by this scam. However, the good news is that it doesn't look like any identity theft has occurred yet.

So far, the FBI has no suspects and has made no arrests in this scam. An attorney in Atlanta has filed a class-action lawsuit against RBS WorldPay for allegedly failing to protect personal information.

RBS WorldPay told Fox 5 the company has hired a security firm to try to figure out what happened and to prevent it from happening again.

VIEW DOCUMENTS:

>FBI STATEMENT

>CLASS-ACTION LAWSUIT

>WANTED POSTER

>RBS INFORMATION

UKashes in on UK Snowstorm

Snowed in Brits turn to online shopping- Ukash

Ukash, the international provider of online payments with cash, reported a growth in sales of its prepaid vouchers yesterday, as millions of UK workers were homebound after the heavy snowfall turned to shopping and entertainment online.

Year-on-year figures reflect a 79% increase in transactions online made using Ukash compared to the same day in 2008. The first Monday of February is often a poor day for retailers and providers of retail solutions such as Ukash, as the December and January spending hits consumers' pockets. However, the heavy snow fallen in the UK bumped the figures of redemption of Ukash across most retail sectors yesterday. A gaming site specialised in poker games saw a 96% increase in transactions with Ukash, followed closely by the 80% growth registered by a betting site. Bingo also enjoyed a peak yesterday, with a 81% growth, however the greatest surge was registered in VoIP (202%) as the UK turned to internet calling to share the extraordinary weather news with friends and family in the UK and abroad.

Mark Chirnside, CEO of Ukash, puts this excellent performance down to Ukash's wide availability and convenience: "With a large number of us unable to travel, local stores became by far the most convenient stations for the provision of goods yesterday. Four in five Ukash vouchers are acquired from convenience stores in the UK and, with the prospect of being 'homebound' in mind, customers had a perfect excuse to get down to their corner shop and get a convenient and safe way to spend a fun day shopping and playing online alone or with family."

Ukash prepaid vouchers are a safe and convenient way to spend online as they allow customers to pay without having to disclose sensitive financial information. Ukash is available from 275,000 locations throughout Europe and South Africa and also via Vodafone mobiles in the UK.   A recent research showed Ukash's average customer in the UK is in full time employment, has a bank account and a credit or debit card but prefers alternative and safer payment methods to transact online.

Related articles

• Ukash introduces online issuing of vouchers with Citadel Commerce (newswire.ca)
• Perfect Storm Brewing, HomeATM Perfectly Placed (pindebit.blogspot.com)

E-Commerce Growth 2 Continue in '10

SAN FRANCISCO (Reuters) - E-commerce in the United States is expected to climb back to last year's levels by 2010 after experiencing slowing growth in 2009 due to the recession, a research group said on Monday.

Online sales in 2010 could reach approximately $176.9 billion, representing 13 percent growth, said Forrester Research in its five-year e-commerce forecast.  Last week, the group released data saying the online retail channel was expected to grow 11 percent to $156 billion in 2009, below the 13 percent growth seen in 2008, and the 15 percent growth it had earlier predicted for 2009.

"While there is the possibility of a bearish scenario in which no recovery surfaces in 2009, consumers appear to be enthused about a new president, and government plans to stimulate the economy," the report said. "Furthermore, few recessions have lasted longer than a year in total."  The deteriorating U.S. economy led to tepid online sales in 2008 as consumers cut back on all but the most necessary of purchases.

Online retailers faced severe competition from brick-and-mortar establishments that were heavily discounting merchandise, while giants from Amazon.com Inc to eBay Inc have acknowledged the challenging macroeconomic environment that has spooked not only consumers, but financial markets around the globe.

In 2009, greater numbers of affluent customers shifting their purchases from traditional retailers to online outlets will outweigh decreases seen from other customers stemming their spending overall, the report found.

But after an acceleration in 2010, Forrester predicts that growth will slow, with 10 percent, 9 percent, and 8 percent growth expected for 2011, 2012 and 2013, respectively.

"It's just the maturity of the market -- it's reaching its maximum size," Sucharita Mulpuru, author of the report, told Reuters. "Even a few years ago we would have suggested it would be single-digit growth then."

At the same time, e-commerce will pick up a greater piece of overall U.S. retail sales. (Editor's Note: As the Paradigm Shift gathers momentum)


"Despite the deceleration in growth, Web sales are nonetheless expected to be positive as e-commerce continues to capture market share from brick-and-mortar stores," the report found, citing Web shopping's convenience and the ability for consumers to search for low prices.

Whereas the online channel will make up 6 percent of total retail sales in 2009 and 2010, that will increase to 7 percent and 8 percent in 2011 and 2012, respectively.

Visa Issues Security Alert

Visa issues security alert (click pictures to enlarge and enable full viewing)

Source: Merchant Account Blog:

Visa has issued a security alert (relating to the recent Heartland breach?) outlining some specific applications and IP addresses to look out for.

What is unique about this alert is that Visa gave a very specific list of malicious applications to search for on a network/computer, and a specific list of IP’s to block.

This would indicate that Visa has explicitly identified threats, where they are originating from, and these locations are static enough that blocking them would actually do some good...

War Cloning Passport Cards on the Fly

War Cloning: Homeland Security's Passport Cards Can Be Cloned with $250 Worth of Equipment

You know those new Homeland Security Issued "Passport Cards?  Those wallet sized ones that allow American's to travel too and from Mexico and Canada?  Well if an Islamic terrorist had $250 bucks, he could drive by your house at 30 mph (or within 2 miles of it) clone it, and use your passport card to travel to and from Mexico and Canada under the guise of being you. Oh, cloning your driver's license is just as easy. 

The reason I'm bringing you this story is to provide an example of what hackers are capable of.  So let's all wave our contactless cards and NFC enabled phones when they become widely available because they're safe and secure and convenient, (personally,  I'm not buyin' it) 

What's more disturbing about this story is the fact that it creates a scenario whereby Homeland Security is actually potentially providing the instrument of mass destruction.  WarCloning is indeed the right word for this type of hack, as this story suggests the following hypothetical.

After a devastating attack on a major US city, it could be proven that on such and such a day, at such and such a time, you entered the US from Mexico, (your cloned DL and Passport card provide the evidence) and that two days later you purchased 250 pounds of fertilizer (your cloned debit card transaction record provides that proof)  went on to rent an industrial van, (proven by your cloned credit card transaction) drove to a specific location, and then...we'll you get the morbidity of my point.  You may or may not have alibi's to disprove the "evidence" but even if you did, the investigation was thrown enough off track to allow the true culprit to enter Canada via another passport card, and hop on a plane with a ticket bought online with yet another cloned card and fly to a cave in Pakistan to join his bin-buddies whom we (in fairness,  it's only Bin nearly a decade) can't seem to find.  Nice job Homeland Security.   

I've included a video of the act of cloning these cards.  Amazing.  This was dark reading indeed.  Here's the YouTube Video, followed by the excerpts of the story.

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses
Researcher demonstrates the ease of scanning and cloning new Homeland Security-issued IDs

With a $250 used RFID scanner he purchased on eBay and a low-profile antenna tucked away in his car, a security researcher recently cruised the streets along Fisherman's Wharf in San Francisco, where he captured -- and cloned -- a half-dozen electronic passports within an hour.

Chris Paget, who will demonstrate the privacy risks with these IDs at the Shmoocon hacker confab later this week in Washington, D.C., coined this newest RFID attack "war cloning" given its similarity to war-driving, or wireless sniffing. "War cloning -- it's the new hacker sport," he says.

The security weaknesses of the EPC Gen 2 RFID tags, which lack encryption and true authentication, have been well-known and of concern to privacy advocates for some time. These tags are being used in the new wallet-sized passport cards that the U.S. Department of Homeland Security offers under the new Western Hemisphere Travel Initiative for travel to and from Western Hemisphere countries. The e-cards are aimed at simplifying and speeding up the border-crossing process, providing U.S. Customs and border agents with information on the individual as he or she queues up to inspection booths at the border.

Until now, security researchers for the most part have shied way from hacking away at the new e-passports and e-driver's licenses to illustrate the potential privacy problems because the necessary scanners are expensive -- nearly $3,000 new -- and tough to get. "I found a way to procure equipment on the cheap and repair it and make it do exactly what I wanted it to do," Paget says. (Editor's Note:  That's great news, security researchers can't afford equipment, but fraudsters are "well-funded.")

Unlike previous RFID hacks that have been conducted within inches of the targeted ID, Paget's hack can scan RFID tags from 20 feet away. "This is a vicinity versus proximity read," he says. "The passport card is a real radio broadcast, so there's no real limit to the read range. It's conceivable that these things can be tracked from 100 meters -- a couple of miles."

Paget says he was able to drive his car at 30 miles per hour and capture an RFID tag in a matter of seconds. "The software for [copying them] lets you just choose the tag you want to copy, wave a blank tag in front of it, and it writes it out," he says.

Read Full Article at Dark Reading

Related articles by Zemanta

• Borderline Security: RFID Chips Vulnerable (abcnews.go.com)
• US rolls out 'Vicinity RFID' to check IDs in moving vehicles (theregister.co.uk)
• Passport RFIDs cloned wholesale by $250 eBay auction spree (theregister.co.uk)

AmEx Joins Visa, MasterCard and JCB at EMVCo

Payments News: American Express Joins EMVCo As Fourth Owner-Member - February 03, 2009

EMVCo, the EMV standards body jointly owned by JCB International, MasterCard Worldwide and Visa Inc., has announced American Express as its fourth owner-member. According to the organization, "the addition of this latest international payment organisation aligns with EMVCo’s intent to attract further industry participation in the development of the EMV Specifications."

As an established supporter and end-user of EMV technology, American Express has acquired a one-fourth share of EMVCo from the respective holdings of JCB International, MasterCard Worldwide and Visa Inc., and will therefore have an equal interest in the organisation. EMVCo’s management structure has been changed to give American Express representation on the organisation’s Executive Committee and Board of Managers, in addition to equal participation in its working groups.

“EMVCo welcomes American Express as its fourth global payment system member,” said Tad Fordyce, Chairman of the EMVCo Executive Committee and Head of Global Cross Product Platforms at Visa Inc. “American Express will be able to lend expertise at both the technical and management level which will directly support the EMVCo goal to enhance global chip standards, and offer secure and interoperable payments at the point of sale around the world.”

Susan Hillel, Senior Vice President of Global Network Operations at American Express, says: “American Express is delighted to join and become a member of EMVCo. We are committed to driving interoperability in payments and know that our participation in EMVCo will facilitate this for our merchant, issuer and cardmember customers. Involvement by the four major payment organisations will drive secure and interoperable payments globally for transactions made with chip cards by aligning and progressing EMV Specifications. We look forward to working with JCB, MasterCard and Visa on this very critical industry initiative.”

Kazuhiro Matsumoto, member of the EMVCo Executive Committee and Executive Vice President of Global Infrastructure and Technologies at JCB International, comments: “The participation of American Express within EMVCo supports our focus on broadening industry involvement within the organisation and leveraging the experience of all major payment stakeholders. This new member will bring extensive industry knowledge and valuable chip card experience to EMVCo which will considerably benefit the smart card industry as a whole.”

Art Kranzley, member of the EMVCo Executive Committee and Chief Emerging Technology Officer at MasterCard Worldwide, adds: “The existing members of EMVCo recognise the benefits of expanding industry involvement in the ongoing development and support of the EMV Specifications. Achieving global chip standards and interoperability has never been more important as smart card payment technology is rapidly being deployed throughout the world. EMVCo looks forward to having American Express participate as a new owner-member who brings additional market experience and resource to the organisation.”

EMVCo’s growing commitment to increase industry engagement with its activities was demonstrated last year when it announced the launch of a new subscriber service. The programme will provide interested parties with an opportunity to access advanced information regarding revisions to the EMV Specifications and draft documents, and attend an annual user meeting. For further information visit http://www.emvco.com.

About EMVCo

EMVCo LLC was formed in February 1999 by Europay International, MasterCard International and Visa International to manage, maintain and enhance the EMV™ Integrated Circuit Card Specifications for Payment Systems. With the acquisition of Europay by MasterCard in 2002 and JCB Co., Ltd. joining the organisation in 2004, EMVCo is currently operated by JCB International, MasterCard Worldwide and Visa Inc.

Related articles by Zemanta

• Canada's EMV Transition Numbers (pindebit.blogspot.com)
• PCI's QSA's/ASV's Must Participate in Quality Assurance Program (pindebit.blogspot.com)
• Chipping Away at Credit Card Fraud (pindebit.blogspot.com)

Data Breaches Cost $202 Per Compromise - Study

Ponemon Study Shows Data Breach Costs Continue to Rise

Fourth Annual Study Shows Significant Increase in Cost of Lost Business Americans Continue to Stay Attentive to the Loss or Theft of Personal Information

Menlo Park, CA and Traverse City – Press Release

PGP Corporation, a global leader in enterprise data protection, and the Ponemon Institute, a privacy and information management research firm, today announced results of the fourth annual U.S. Cost of a Data Breach Study. According to the study which examined 43 organizations across 17 different industry sectors, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared to $197 in 2007.

Editor's Note: That being the case, and assuming that the Heartland Breach compromised 100 million cardholders, I am shocked in amazement that their stock is hovering around the 8 or 9 dollars.

Within that number, the largest cost increase in 2008 concerns lost business created by abnormal churn, meaning turnover of customers. Since the study’s inception in 2005, this cost component has grown by more than $64 on a per victim basis, nearly a 40% increase.

The annual U.S. Cost of Data Breach Study tracks a wide range of cost factors, including expensive outlays for detection, escalation, notification and response along with legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit monitoring subscriptions. Other key findings from the study include the following:

• Average total per-incident costs in 2008 were $6.65 million, compared to an average per-incident cost of $6.3 million in 2007.
• Healthcare and financial services companies experienced the highest churn rate – 6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.
• Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees.
• More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008 - meaning that companies are becoming more experienced in managing breaches over time.
• More than 88% of all cases in this year’s study involved insider negligence.
• More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
• The most significant cost decrease was seen in activities relating to post-breach response, which indicates that organizations are becoming more cost effective in managing data breaches.

"After four years of conducting this study, one thing remains constant, U.S. businesses continue to pay dearly for having a data breach,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."

The study, sponsored by PGP Corporation and independently conducted by the Ponemon Institute, examines the financial consequences of data breaches involving consumers’ personally identifiable information. The study uses objective methods for quantifying specific activities that result in direct, indirect and opportunity costs from the loss or theft of personal information, thus requiring notification to breach victims as required by law or policy.

“In this current economic climate, U.S. businesses can’t afford to give their customers any reason to go elsewhere," said Phillip Dunkelberger, president and CEO of PGP Corporation. “This study continues to show that the results of a data breach can seriously wound a company’s bottom line and reputation. This begs the question, when are organizations going to get proactive about protecting their critical data.”

The U.S. Cost of a Data Breach Study was derived from a detailed analysis of 43 data breach cases with a range of 4,200 to 113,000 records that were affected. The study found that there is a positive correlation between the number of records lost and the cost of an incident. Companies analyzed were from 17 different industries, including financial, retail, healthcare, services, education, technology, manufacturing, transportation, consumer, hotels and leisure, entertainment, marketing, pharmaceutical, communications, research, energy and defense. Copies of the study are available via this weblink: www.encryptionreports.com

About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About PGP Corporation
PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP® platform-enabled applications allow organizations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP® solutions are used by more than 80,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune® 100, 75 percent of the Fortune® Global 100, 87 percent of the German DAX Index, and 51 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies’ brands and reputations. Contact PGP Corporation at www.pgp.com

Media & Analyst Contacts for PGP Corporation:
North America:
Christina Grenier
PGP Corporation
+1 650 543 3697
cgrenier@pgp.com

Tom Rice
Merritt Group
+1 703 856 2218
rice@merrittgrp.com

Media Contact for Ponemon Institute:
Mike Spinney
Ponemon Institute
+ 978 597 0342
mspinney@ponemon.org

$143K in Card Fraud, Gets 2 Months Jail

Well this certainly sends a wonderful message to anyone out there (with questionable character, I might add) who may have lost their job during this tough economy.  Had he walked inside the same county pathologist house and stolen $143, he'd have gotten years in prison.  But he walks into his house of cards, steals $143,000, and he gets 2 months?  Something not sound right about that? 

San Mateo man gets jail time in $120,000 credit fraud case - Inside Bay Area

REDWOOD CITY — A San Mateo man accused of stealing nearly $120,000 from credit card companies by opening multiple bogus credit card accounts in the name of a county pathologist was sentenced Monday to two months in jail.

Rel Kempf, 63, pleaded no contest in December to four felony charges of identity theft, grand theft and forgery. He had initially been charged with 10 felony counts of grand theft and three counts of forgery.

Kempf opened five credit card accounts in the pathologist's name over an eight-year period, according to prosecutors. He set up the fraudulent accounts while working at a business that was run by the pathologist's wife and managed to run up the charges to nearly $120,000 by paying the minimum amount of the cards' balances each month, prosecutors said.

Kempf used the stolen funds to pay for vacation trips, airplane flights and other personal affairs, prosecutors said. Meanwhile, Kempf pulled the identical identity theft scam on his roommate to steal $23,000, according to prosecutors.