Visa Survey Reveals Many SME's Believe They Are too Small to Attract Fraudsters

Fraud Prevention Month activities highlight importance of data security for small businesses in Canada

TORONTO, Feb. 27 /CNW/ - A survey of Canadian small businesses released today by Visa reveals that 41 per cent of respondents believe that 'data thieves and hackers' are not interested in targeting their businesses because of their size.  

As part of its annual Fraud Prevention Month activities, Visa is hosting free fraud prevention seminars in Toronto, Ottawa, Winnipeg and Calgary that will emphasize the importance of data security for small businesses.

"Regardless of the size of the enterprise, it's important for business owners to appreciate the importance of data security and what steps they should take to protect their customers and business," says Gord Jamieson, Head of Payment System Risk, Visa Canada. "The information sessions will provide a great deal of information and an opportunity for small business owners and managers to ask questions."

The Ipsos Reid survey, which was commissioned by Visa Canada, surveyed 885 small business owners about their data storage and security practices.

39% of respondents describe securing customer information as a vital part of their business and 94% believe that securing data is important to their customers. Of the 60 per cent of respondents that do keep electronic files with customer information, 86 per cent noted that they either encrypt the data (8%), ensure that it is password protected (39%) or ensure that the information is both encrypted and password protected (39%).

While the majority of respondents claim to appreciate the importance of data security to their business and customers, more than half (52%) have never sought information about how to properly secure electronic information and 24 per cent do not know where to get information about how to better secure information for their business.

"Preventing fraud is a shared responsibility," says Jamieson. "By offering information to small businesses during Fraud Prevention Month, we can help them better protect themselves against data thieves."

The Visa Canada workshops will help educate small businesses about how to better protect themselves from fraudsters. Sessions will include information on how to properly process a credit card transaction, tips on how to protect credit card information and to ensure that their payment application is secure, chip and PIN technology, and an overview of the Visa Account

Information program. More information and free registration is available online at www.visa.ca/fpm. In addition, through its participation in the Fraud Prevention Forum, Visa works closely with government and law enforcement to provide educational materials to all Canadians to help them "recognize, report and stop" fraud. Educational materials for consumers and merchants on fraud prevention can be found on www.visa.ca/securewithvisa.

About the Survey

The online survey was conducted between February 2 and 9, 2009, by Ipsos Reid. A total of 885 small and medium sized business owners who employ 1-250 employees and accept credit or debit cards were surveyed. An unweighted probability sample of this size, with 100 per cent response rate, would have an estimated margin of error of plus or minus 3.3 percentage points, 19 times out of 20. Margin of error for subgroups will be larger.

About Visa

Visa Inc. operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered
under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world, and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more
than 170 countries. For more information, visit www.corporate.visa.com.

For further information: Sarah Van Lange, Fleishman Hillard, (416) 645-8173, sarah.vanlange@fleishman.ca; Carla Morin, Visa Canada, (416) 860-8850, camorin@visa.com


Source: VISA INC.

Banks File Class Action Against Heartland

Bank Info Security, which has been covering the Heartland Breach better than most any other site I have found is now reporting that a class action lawsuit has been filed against the company on behalf of the banking institutions. 

Saw this coming from a mile away...(see: Banks Not HPY with Heartland)  This is just the beginning folks.  If I owned shares in Heartland, I wouldn't be HPY.

One lawsuit,the Lone Star National Bank is asking for $50 million in damages.  Damages will most likely be trebled.  This has got to be giving Heartland a bad ticker...speaking of which I haven't had an opportunity to check their stock price yet today...hold on..let me grab it for you...


In the meantime, you can click on the graphic to enlarge if you can't read it...

Flash Player 9 or higher is required to view the chart
Click here to download Flash Player now

View the full HPY chart at Wikinvest

Here ya go..it's a little off from it's 52 week high...yes?  Heartland says it will meritoriously defend itself against any lawsuit, which I take to mean that it will file a counter-suit against the brands (V/MC) claiming the breach was their fault because they don't provide end-to-end encryption. 

IMHO, if Visa and MasterCard would simply take the reduced Interchange Fees hit and get rid of (completely eliminate) signature debit...and completely replace it with the more secure PIN Debit debit platform, this dog wouldn't be barking. 

Here's the report from Bank Info Security:

Heartland Data Breach: Class Action Suit Filed on Behalf of Banking Institutions

Complaint Seeks to Recover Costs, Damages from Fraud

February 27, 2009 - Linda McGlasson, Managing Editor

One month after the Heartland Payment Systems (HPY)data breach was revealed, a Philadelphia law firm filed a class actionlawsuit against the processor on behalf of two banks and three creditunions. The complaint was filed by Chimicles & Tikellis in U.S. District Court in Trenton, NJ on February 20.  (Click the graphic below to enlarge and read the treble damages request)

The five institutions named in the complaint are AmalgamatedBank, New York, NY; Matadors Community Credit Union, Chatsworth, CA;GECU, El Paso, TX; MidFlorida Federal Credit Union, Lakeland, FL ;andFarmers State Bank, Marcus, IA. All the institutions say they have hadto re-issue "substantial" numbers of credit and debit cards because ofthe Heartland breach.

Joseph Sauder, the (soon to rich) attorney leading the case, says while onlyfive institutions were named in the complaint, "We talked with numerousbanks. These five were the ones we selected to present in thecomplaint."

Although no one has estimated officially how many institutions, cards and consumers might be affected by the breach, more than 500 institutions have stepped forward to tell Information Security Media Group that they have been impacted.

Chimicles & Tikellis also has a consumer class action lawsuit filed against Heartland, filed in the same U.S. District Court in Trenton on January 27.


Seeking to Recover Costs

In the new class action suit, Sauder says the institutions "seekto recover money for the cost of reissuing cards and also for thefraudulent activity that banks and credit unions are ultimatelyresponsible for as a result of this breach, among other things."

Heartland announced on January 20 that its computer systems hadbeen breached by outside hackers sometime in 2008. The processorhandled on average 100 million transactions per month for about 175,000merchants and retail establishments. Heartland only became aware of thebreach after it was notified by Visa and MasterCard of "patterns offraudulent credit card activity," the lawsuit states.

The breach compromised information including debit and creditcard numbers, expiration dates and internal bank codes. Many of theinstitutions that had cards compromised in the breach were forced tore-issue new credit and debit cards to their customers. "Given thelarge size of the data breach, the expenses associated with doing soare substantial," the complaint says, "and include costs for purchasingnew plastic debit and credit cards, postage and other mailing expenses,time spent by employees address this issue and harm to reputation andgoodwill."|


Many institutions have also reported incidents of fraud, thecomplaint states. It says Heartland's actions "constitute violations ofthe consumer protection statute of New Jersey," and amounts to a breachof implied contract, negligence, negligent misrepresentation, andcommon law negligence.

Sauder says he cannot estimate how soon the case may begin orhow long it may last. "It's hard to tell at this time, since the casewas just filed, as to what Heartland's position is going to be," hesays. He adds that more institutions are expected to join the classaction suit.

Other Suits

There are at least three consumer class action lawsuitsfiled against Heartland and three other lawsuits filed in other courtsby institutions seeking to recoup their losses and expenses related tothe breach:

• The Lone Star National Bank, Pharr, TX has filed a lawsuit seeking $50 million in damages against Heartland. The Lone Star case was filed in Texas Southern District Court on February 16.
  
  
• TriCentury Bank, Simpson, KS filed a lawsuit in New Jersey District Court on February 13 seeking a judgment against the payments processor for breach of contract.
  
  
• Lone Summit Bank, Lake Lotawana, MO filed a lawsuit in the Fraud or Truth-In-Lending office of the New Jersey District Court on February 6.

The lawsuits against Heartland aren't the only issues the paymentsprocessor is confronting. During a conference call reportingHeartland's 2008 fourth quarter earnings on February 24, HeartlandPresident and CFO Bob Baldwin said, "Today, we have had severallawsuits filed against us and we expect that additional lawsuits willbe filed. We are also the subject to several governmentalinvestigations and enquiry, including an informal enquiry by the SECand a related investigation by the Department of Justice, an inquiry bythe OCC, and an inquiry by the FTC, and we may, in the future, besubject to other governmental enquiries and investigation."

Related articles by Zemanta

• Hackers blamed in massive cyber fraud scam (canada.com)
• Payment processor Heartland reports breach (news.cnet.com)
• Hackers attack credit card processor in massive security breach (cbc.ca)
• Fraud linked to US payment processor breach (theregister.co.uk)
• Another Month, Another Massive Credit Card Data Breach [Data Theft] (consumerist.com)
• Another day, another 100 million credit cards compromised (venturebeat.com)
• Heartland sued over data breach (news.cnet.com)

Experts Publish 20 Guidelines to Halt Data Breaches

NOTICE to readers of this draft document: Criticisms and suggestionsare strongly encouraged. If you are actively engaged in cyberforensics, red teams, blue teams, technical incident response,vulnerability research, or cyber attack research or operations, pleasehelp make sure this document is as good as it can be. Sendcriticism/comments/sugges tions to John Gilligan as well as to cag@sans.org byMarch 25, 2009Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance

  

    Publish at Scribd or explore others:            Academic Work                  cyberdefense              fisma          

Related articles

• Is there a CAG in your FISMA future? (stillsecureafteralltheseyears.com)
• Scribd Counts 50 Million Readers (mediabistro.com)

Mobile Banking to Top $5.5 Billion in 2013

Forecast: Mobile banking revenues to top $5.5B in 2013

By Jason Ankeny

Consumers will conduct almost 300 billion mobile payment and banking transactions worth more than $860 billion in 2013, a twelve-fold increase in gross global transaction values in five years, according to a new forecast published by market research firm Informa Telecoms & Media. Informa contends that if key players collaborate effectively, the mobile payments and banking market offers a shared annual revenue opportunity of more than $10 billion in 2013, galvanized by m-banking services, which are expected to contribute $5.5 billion of that amount. Informa predicts that in four years' time, more than 445 million mobile subscribers worldwide will regularly use their mobile phone to purchase physical goods and services remotely--the report estimates that while the value of mobile payments and transactions in 2008 totaled around $71 billion, a third of which was spent on mobile digital content like ringtones, games and full-track downloads, physical goods and services will represent about 95 percent of mobile transactions by 2013.

Informa forecasts there will be 977 million worldwide users of mobile banking services by 2013, up from about 67 million at the end of 2008. In addition, almost 424 million consumers will transmit more than $157 billion of personal funds via mobile domestically by 2013, with another 73 million sending $48 billion internationally. However, Informa anticipates near-field communications payment models will be held back by the lack of availability of NFC-enabled handsets and related uncertainties concerning the overall business case for mobile NFC. Even so, Informa believes approximately 11 percent of all mobile handsets shipped in 2013 will be NFC enabled, with more than 178 million mobile subscribers regularly using mobile NFC phones to acquire physical goods and services, such as tickets, at the point of sale.

Informa credits the growth of mobile payments to drivers and enablers including more sophisticated handsets and network technologies, a more enlightened regulatory perspective on mobile banking, consumer familiarity and increased investment across the ecosystem. The report concedes that uncertainties remain, in particular the global financial meltdown as well as a crisis in consumer confidence triggered by widespread turmoil throughout the banking industry.

For more on the Informa forecast: read this release

Related articles:
Bill Gates pledges $12.5 million for mobile banking
MMA publishes Mobile Banking Overview

Whitepaper - Mobile Banking in the United States

Blackberry Whitepaper: Mobile Banking in the United States – The Evolution of Anywhere Banking

Technological, economic and market factors have enabled a new breed of customers. Find out how the banking industry can leverage this new channel.

* Download Now (PDF)

or...to only see their conclusion, click the image below and it will enlarge enough to read

Moneris Awards Verifone $10M EMV Terminal Contract

CANADA'S MONERIS AWARDS VERIFONE $10M EMV TERMINAL CONTRACT

Bank-backed Canadian card payments processor Moneris is gearing up for the country's migration to EMV by awarding eftpos vendor Verifone a $10 million contract for the supply of terminals.

More on this story: http://www.finextra.com/fullstory.asp?id=19695

Pago Retail Report 2008 Press Release

(In Europe) Credit card increases lead over other payment methods in online retailing

Latest Pago Retail Report by Deutsche Card Services shows significant differences in payment behaviour between online retailing and e-commerce as a whole

COLOGNE, 27 February 2009 - As in overall e-commerce, credit cards are clearly the preferred payment method in European retailing. Their share rose almost 6 pp year-on-year, to now 81.57%. In other words: Consumers use credit cards to pay for more than eight out of ten purchases in European online retailing. This is one of the results explained in the Pago Retail Report 2008, which was recently published by Deutsche Card Services, a subsidiary of Deutsche Bank. 

(Editor's Note: These numbers are skewed because PIN Debit is not ubiquitous on the web.  For "across the board" numbers, visit "Debit is King, Cash Overthrone")

Offline payment methods and direct debiting lose importance in favour of credit cards

Despite the predominance of credit cards offline payment methods such as invoice purchases, COD and prepayment as well as direct debiting still play a more important role in online retailing than in overall e-commerce (payment behaviour in overall e-commerce is described in detail in the Pago Report 2008).

Just like the sector-specific Pago Retail Report 2008, the Pago Report 2008 is based on real-life transactions, not on surveys. That is what makes the Pago Reports different from other e-commerce studies. The report highlights that 5.04% of all retail transactions were paid for by offline methods and 11.97% by direct debiting.

The shares of these payment methods in overall e-commerce are only 0.77% and 8.34%, respectively. However, offline payment and direct debiting lose ground to credit cards in online retailing; in fact, the latter increased their lead, largely due to the success of Visa, whose share rose by more than 4%, whereas competing credit card brand MasterCard lost more than 2%.

Consumers from the UK and from outside Europe pay almost exclusively by credit card

The predominance of credit cards as most important payment method in retailing is even more visible among consumers from the UK and outside Europe than among German customers. Traditional payment methods such as invoice purchasing or direct debiting are almost non-existent for this consumer group. UK consumers use their credit cards even more often in retailing than in overall e-commerce. The share in overall e-commerce is already very high, at 91.50%, and it rises to 94.90% in retailing. Maestro, the leading international debit payment method, which is gaining ground in e-commerce in comparison to credit cards, is the only other payment method which seems acceptable to British consumers, with a share of 5.10%. Shops which also target customers outside Europe do well to offer credit card payment, which has a share of almost 100% among these consumers.Upward potential for new payment methods Maestro and giropay in European retailingIn general, retail consumers are still reluctant to adopt newer payment methods such as Maestro and giropay (which is based on the well-established PIN/TAN electronic banking method) - at least more reluctant than e-commerce customers as a whole. giropay meets with even less approval than Maestro. Maestro has a share of 0.77%, but giropay undershoots even this low mark with a share of only 0.65%. This is probably due to the fact that, using this new payment method, it is still difficult to process retail good returns and the crediting procedure for returned purchases is complicated.

Visa increases its lead over MasterCard as top credit card brand

Visa, which is the leading credit card brand in overall e-commerce, was able to confirm and even improve its leadership position in retailing, too. While the gap between Visa and MasterCard was just above 19pp in the preceding year, it is now more than 25pp. Visa has increased its lead again at the expense of the other credit card brands, whose share dropped from 7.35% to 5.48%. In the meantime Visa has overtaken its rival MasterCard in retailing with German consumers, too: While MasterCard was ahead of Visa in the preceding year with a share of 41.69% (vs 33.95%), Visa is now in front of MasterCard (44.40% vs 35.40%). In other consumer countries such as the UK, where the lead is an impressive 36.20 pp, Visa is even more predominant than in Germany.

Source: Press Release

Related articles

• Fraud linked to US payment processor breach (theregister.co.uk)
• Terminal Disease Boosts Fraud (pindebit.blogspot.com)
• The penny drops (news.bbc.co.uk)

Visa in one Helluva SMS

HOLLYWOOD, Fla., Feb. 26 /PRNewswire/ --

Charge Notification Services Corporation (C.N.S.C.) has filed a lawsuit against VISA, Inc. for patent infringement. C.N.S.C. is a relatively young company in Miami, Florida, that offers information processing services to credit card issuing banks. The C.N.S.C. patent covers charge card transaction authorization and/or notification in real-time via SMS to the cardholder's cellular phone. VISA and some of their bank partners have recently been offering this service.

"We are very sorry that it had to come to filing this suit," says Ivan Ochoa, the C.E.O. of C.N.S.C. "For months we've tried exhaustively to work with VISA with no results. We're a young company but we have experience with this product and the credit card business as a whole. We have the knowledge and infrastructure to handle even the most extreme transaction volume. We've expended considerable resources on patent registration and product development."

Editor's note:  Apparently Visa didn't get the SMSage

Daniel Davila, COO of C.N.S.C., adds: "In these economically troubled times people want to use their cards (debit, pre-paid, credit card and charge) and receive real-time information about charges to their account. If cardholders have to wait until they receive their statement to discover possible merchant errors or duplications, it's already too late to avoid the complex and time-consuming process of 'charge-back' that costs cardholders and businesses time, resources and aggravation. Of course what cardholders want most of all is to be confident that their card account will not be used fraudulently. All indicators show that card fraud activity is expected to increase even further. We have the line of products that will significantly decrease card fraud and give confidence to all cardholders that in the event their card or account information is ever stolen and used fraudulently our SMS service will send them notification within a matter of seconds from the moment it occurs. We are in the business of stopping the fraudsters and providing tremendous savings and other benefits to our card issuing clients. As VISA continues to infringe on our patent, we really must take this legal action against them to protect our business. In the meantime, of course, we continue to actively offer our services to all card issuing financial institutions."

Ochoa and Davila have a combined five decades of experience in the financial services industry. Mr. Davila's background includes 16 years at American Express where he was a Senior Director within the Global Network Services (GNS/Franchise) division and more recently, two years as Vice President and Chief Risk Officer of the credit card division at Russian Standard Bank (RSB) in Moscow. While at RSB, Mr. Davila launched a similar SMS credit card fraud protection service with great success, resulting in an overall significant reduction of fraudulent transactions. Mr. Ochoa's 25 years in the financial services industry include executive positions within American Express and MasterCard International, where he was Chief of Staff for Latin American countries. His areas of expertise include managing operations for multi-markets, re-engineering, quality control and technology. Mr. Ochoa has lead major innovative developments in products and systems.

SOURCE Charge Notification Services Corporation

Jewel Thieves

How To Steal a PIN

Chicago Sun Times
FROM STNG WIRE REPORTS

Two women police say were accomplices in a scam were arrested early Wednesday for allegedly stealing cash using a debit card PIN number in the self-checkout lines of a Near North Side Jewel grocery.

Belmont Area detectives issued a community alert Wednesday after a man met two women outside a River North bar last month and later discovered his bank debit card was missing and $8,600 was withdrawn from his account.

Neither of the women in custody, both 23, are believed to have been involved in the other incident.

The accomplices were spotted using an allegedly stolen credit card in the self-check out lanes and, using its PIN number, swiped it several times, each time asking $100 cash back for a small purchase like gum or soda.

In the alert, Belmont Area detectives said there have been numerous similar incidents downtown and on the Near North Side, where men have been approached by women "offering a ride or a good time."

The women convince the victims to withdraw cash from an ATM, and as he does so, they watch him enter his PIN. The women later take his credit/debit card without his knowledge and use it at self-checkout lanes at the Jewel groceries at 1224 S. Wabash Ave., 1210 N. Clark St. and Ohio and State.

In last month's incident, after the women got the man's card, they purchased a low-priced item at the South Wabash Jewel then depleted the man's bank account by $8,600 by withdrawing cash in $100 increments, the alert said. The women were seen by a witness driving away in a white Lincoln Continental.

Police advise men to be alert to suspicious people extending invitations to "go for a ride" or who offer a "good time." Additionally, police advise against carrying an excessive amount of cash and/or credit cards.

“It’s the perfect crime,’’ according to a police authority, who said the crimes are hard to prosecute for at least two reasons.

The victims often don’t want to come forward because they don’t want their names used, especially if they are married and the amounts are sometimes not comparatively very significant for the bank to aggressively seek action.

United - No Cash..."Card Info"

In a Press Release from United Airlines, they announced No Cash...Visa!  So your Martini's, Dewars, Makers Mark and other in-flight purchases must be paid for with CASH only.

If the reasoning behind this is that they don't want their steward's to pocket cash, then they apparently are not aware of the potential danger this poses for their customers.   Hopefully people will be able to swipe their cards from their seat because it's highly unrecommended to hand over your card (and thus the Track 2 data on the magnetic stripe) to a waitress at a restaurant, let alone a waitress in the sky.  The opportunity, and thus temptation to "skim" the card information might be too great for some and the passenger can be taken a ride.

Credit/Debit
Credit/Debit
Credit/Debit

No Cash...Card

United Airlines introduces onboard credit/debit card acceptance beginning March 23

CHICAGO, Feb. 25 /PRNewswire-FirstCall/ -- United Airlines is making the search for exact change a thing of the past. With United's new EasyPurchase, customers will be able to use credit and debit cards for onboard purchases beginning March 23.

After a brief transition period through the spring break season, United will phase out cash and only accept credit and debit cards on flights within the United States (including Hawaii) and on flights to and from Canada, Mexico, Central America and the Caribbean.

United will continue to accept cash in addition to credit and debit cards on flights to and from Europe, Asia, the Middle East and South America.

On United Express flights, cash will continue to be the accepted form of payment.

"Our customers have responded very positively over the past year as we tested credit and debit card purchases on many flights including trans-continental routes," says Alex Marren, senior vice president - Onboard Service. "Whether customers want to enjoy an in-flight cocktail or a popular snackbox, our customers' purchases will soon be just a quick swipe away."

With EasyPurchase, customers will be able to use major credit cards, including Visa, MasterCard, American Express, Discover, and Diners Club, and debit cards bearing the Visa or MasterCard logos.

In addition, users of United Mileage Plus Visa cards from Chase will earn 10 miles for every dollar spent on in-flight purchases. Travelers who apply and are approved for a Chase Mileage Plus Visa card using the exclusive onboard application will earn 30,000 Mileage Plus bonus miles and receive $25 off their next United Airlines ticket, after their first purchase.

About United

United Airlines (Nasdaq: UAUA) operates more than 3,000* flights a day on United and United Express to more than 200 U.S. domestic and international destinations from its hubs in Los Angeles, San Francisco, Denver, Chicago and Washington, D.C. With key global air rights in the Asia-Pacific region, Europe and Latin America, United is one of the largest international carriers based in the United States. United also is a founding member of Star Alliance, which provides connections for our customers to 912 destinations in 159 countries worldwide. United's 49,500 employees reside in every U.S. state and in many countries around the world. News releases and other information about United can be found at the company's Web site at united.com.

*Based on United's flight schedule between Jan. 1, 2009, and Jan. 1, 2010.

SOURCE United Airlines

Mystery Processor's Breach Timeline

DATALOSSdb.org has released a comprehensive time-line on the Mystery Breach at one of our nation's prominent card processors.  Since the PIN Payments Blog has been following this closely,  we thought we'd share.  Kudos to DATALOSSdb.org for putting this together in a clear and concise way...

2009-02-26 by d2d

Here's a timeline of what we've seen surrounding this vaguely disclosed breach. First, some terms:

CAMS: This is an acronym for a Visa implemented system, the "Compromised Account Management System". Alerts are distributed via this system to banks and other financial institutions to facilitate card reissuing and fraud detection. Mastercard also issues similar alerts.

Card Not Present: This term means exactly what you think it does. The card was not physically present during the transaction. This is typical in online shopping, telephone sales, etc.

UPDATE | February 11th, 2009: VISA blasts out a CAMS notice, which has been contributed to OSF anonymously:

"Date: February 11, 2009 Entity Type: Acquirer Processor - Fraud Reported: Yes, elevated fraud rates on this event Visa Fraud Control & Investigations has been notified of a confirmed network intrusion that may have put Visa account numbers at risk. The reported incident involves confirmed unauthorized access to a U.S. acquirer processors settlement system of stored transaction information that included Primary Account Numbers (PANs) and expiration dates. No magnetic stripe track data has been identified at risk in this alert. Fraud analysis has revealed elevated card-not-present fraud rates on this incident. Even though it is not known if any account information was actually removed during the intrusion, we must still consider the data to be at risk because of the elevated fraud. Based on the forensic investigative findings, the entity began storing PANs and expiration dates in February 2008. The forensic investigation is ongoing. Any new material information will be provided in a CAMS update to better assist you with fraud and risk mitigation."

February 11th, 2009: Fiserv blasted out this alert to their customers (banks, credit unions, processors, etc). We were tipped on this by multiple sources. The statement reads:

"The Risk Office Team has received information from Visa and MasterCard regarding the confirmed compromise of a U.S.-based acquirer processor. Please note that the compromised card alerts for this event are not related to the Heartland Data Systems’ breach. Given that confirmation of the Heartland breach and this new compromise occurred in such close proximity, it’s possible that the same card numbers could appear on compromised card lists associated for both events. You may wish to take this into consideration as you execute your organization’s monitoring and/or reissue plans for recently compromised cards."

February 12th, 2009: The Community Bankers Association of Illinois posts a notice that included the following:

"Today, VISA announced that an unnamed processor recently reported that it had discovered a data breach. The processor’s name has been withheld pending completion of the forensic investigation..."

Between 2-11 and 2-13: The Tuscaloosa Federal Credit Union releases a notice regarding the incident that reads:

"On the heels of the Heartland Payment Systems breach, another U.S. acquirer-processor has confirmed a network intrusion exposing primary card numbers and card expiration dates for card-not-present (CNP) transactions. Unlike the Heartland Payment breach, this breach does not expose magnetic stripe track data. The reported incident involves confirmed unauthorized access to a U.S. acquirer processor’s settlement system of stored transaction information that included Primary Account Numbers (PANs) and expiration dates. As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor. It is important to note that this event is not related to the Heartland Payment Systems breach."

February 13th, 2009: The Independent Community Bankers of America releases this on their website:

"ICBA learned of another security breach involving a merchant processor. The breach appears to be large, but not as large or severe as the recent breach at Heartland Payment Systems. The name of the breached processor is unknown at this time, but ICBA knows that: All accounts and all brands were equally exposed; however, only card numbers and expiration dates were captured. No track data was captured. Because there is no evidence of skimming counterfeit and all known fraudulent transactions have been key entered, Visa's ADCR program will not cover losses. However, compliance and “card not present” (depending on status of VbyV/SecureCode) chargeback rights should apply. MC issuers must file via compliance as they always do. Alerts for this new incident are being reported under Visa series US-2009-088 and MasterCard series MCA0150-US-09."

February 13th, 2009: The Pennsylvania Credit Union Association released this statement which we've retrieved from google cache, as the content of the old notice is now displaying a new notice about something else. The old notice read:

"Earlier this week, Visa and MasterCard began issuing accounts involved in a merchant processor breach. The reported incident involves confirmed unauthorized access to a U.S. acquirer processor’s settlement system of stored transaction information that included Primary Account Numbers (PANs) and expiration dates. No magnetic stripe track data has been identified at risk in this alert. As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor. It is important to note that this event is not related to the Heartland Payment Systems breach. While it has been confirmed that malicious software was placed on the processor’s platform, there is no forensic evidence that accounts were viewed or taken by the hackers. Since the final forensic report has not been provided there is no estimate available at this time of the number of accounts involved in this event. Law enforcement is activity engaged in an investigation into this situation. Visa began releasing affected accounts on Monday, February 9, 2009 under CAMS event series US- 2009-0088-IC. They expect to have all accounts released by Friday, February 13. MasterCard began releasing accounts on Wednesday, February 11, 2009 under MC Alert series MCA0150-US-09. They have not provided any information as to when they expect to have all their accounts released. The current window of exposure provided by both card associations is from February 2008 through January 2009. The only data elements at risk are account number and expiration date. No track data, PIN, CVV2/CVC2 data or cardholder-identifying information was captured. As in all events, it is the issuer’s decision whether or not a block and/or reissue decision is warranted. However, we would like to emphasize that this event carries a lower level of risk than the Heartland compromise."

February 13th, 2009: We posted a blog entry regarding what we've been hearing from tipsters, who are usually dead on about these things, but we did so only after corroborating that the tips we'd heard we're also being heard by others.

February 17th, 2009: The Alabama Credit Union posts a notice on their website that reads:

"Alabama Credit Union has been notified by VISA that some members' VISA credit card information may have been discovered during a breach at a card processor's site. VISA has not named the card processor."

February 17th, 2009: The Bankers' Bank of Kansas posts a notification which reads:

" Two large data compromises affecting credit and debit cards were announced the weeks of 1/21/09 and 2/09/09. BBOK BankCard actively monitors all alerts from Visa®, MasterCard®, and our processor for compromised card data...."

February 19th, 2009: The Alabama Credit Union follows up on their initial reporting with an update indicating how fraud is being committed as a result of this new breach, and it contains the following:

We have been notified by VISA that a lengthy list of VISA ATM/Debit Card numbers was included as part of a data breach at an unknown vendor's location. VISA has declined to name the vendor or processor. The fraudulent transactions are primarily characterized as purchases of prepaid phone cards, prepaid gift cards, and money orders from Wal-Mart, and usually occur in $100 increments.

February 22nd, 2009: We posted a follow-up to our original story, with new information (some of the above timeline items) gathered from databreaches.net.

February 24th, 2009: News reports are released about St. Mary's Credit Union receiving notification regarding this breach. The article writes:

"A breach of a credit card processing system at St. Mary's Credit Union yesterday affected up to 4,300 customers and likely cost the business more than $20,000....The credit union does not know the name of the processing system, but Battista said the breach likely affected people across the country..."

End of Timeline

This is what we know. Of course, there is a lot of speculation as to who the unnamed is. Our mailboxes here are on fire with speculation, and you can read the comments on some of our previous posts on the topic to see examples of it. We have no solid information regarding who the affected organization is. We do know that we've had two other major breaches recently involving this type of data, namely: RBS Worldpay and Heartland Payment Systems. We also know that in a statement to the consumerist, Visa and Heartland is adamant that this new breach was not them.

Ultimately, I think the banks will demand to know, considering the costs are mostly their burden to bear. But in the meantime, we wait.

500,000 Websites Hit by SQL Injection in '08

darkReading says that SQL Injection hit 500,000 Websites last year:

Report: More Than 500,000 Websites Hit By New Form Of SQL Injection In '08
New Web breach incident report finds the bad guys deploying more automated attacks, targeting customers rather than data on sites

Feb 25, 2009 | 02:52 PM
By Kelly Jackson Higgins
DarkReading

A new flavor of an old-school Web attack was responsible for compromising more than 500,000 Websites last year.

An automated form of SQL injection using botnets emerged as the popular method of hacking Websites, according to a newly released report from the Web Hacking Incidents Database (WHID), an annual report by Breach Security and overseen by the Web Application Security Consortium (WASC). The report also found that attackers increasingly are targeting a Website's customers rather than the sensitive information in the site's database.

"It used to be that mostly e-commerce sites were targeted, but now it's potentially any site, especially those with a large customer base," says Ryan Barnett, director of application security research for Breach Security. "The attackers say, 'You're going to become a malware-launching point for us.'"

The so-called Mass SQL Injection Bot attacks basically automate the infection process; the Nihaorr1 and Asprox botnets both deployed this method last year, according to the report. "In the past, they had to do some manual reconnaissance with SQL injection to send the initial queries," Barnett says. The automated approach sent one request with a script that automated all of those recon steps -- using bots to perform the attacks.

"While the initial attack vector was SQL Injection, the overall attack more closely resembles a Cross-Site Scripting methodology as the end goal of the attack was to have malicious JavaScript execute within victims' browsers," the WHID reports says. "The JavaScript calls up remote malicious code that attempts to exploit various known browser flaws to install Trojans and Keyloggers in order to steal login credentials to other web applications."


Continue "darkReading"

Related articles

• F-Secure provides details on Web site breach (news.cnet.com)
• Audit: No customer data exposed in Kaspersky breach (news.cnet.com)
• Hacker site claims breach of third security firm Web site in a week (news.cnet.com)
• IBM: malware economics, web security biggest issues of 2008 (arstechnica.com)

Heartland Being Thoroughly Investigated

The SEC had launched an informal inquiry into the company and there is also a related investigation by the Department of Justice. The U.S. Department of the Treasury's Office of the Comptroller of the Currency (OCC), which regulates national banks and their service providers, has launched an inquiry, as has the FTC

Editor's Note:  Investigations by the FTC and DOJ are not uncommon. The SEC investigation has nothing to do with the breach, but with starting to sell 80,000 shares per month and it coinciding with the timeframe of the breach. 

What's rare is the OCC investigation.  Gartner Distinguished Analyst, Avivah Litan, has a take on why they are involved.

The Treasury's OCC may be taking an interest in the breach because it could be part of a larger problem for the banking industry, said Avivah Litan, an analyst with Gartner Research. "I think that the criminal gang that targeted Heartland is targeting multiple payment processors and it's a serious threat to the integrity of the payment systems," she said.

Yes, there is a serious threat to the integrity of the payment systems. It all has to do with information security/data encryption. Data traveling over the network should be securely encrypted from the point of data entry (the POS) to the point where the data is processed (V/MC).  Beginning-to-End Encryption (B2EE) will be costly and time consuming to implement, but look at the alternative.  (and yes...there is a HomeATM pun "encrypted" with 3DES/DUKPT in there)

In recent months at least three credit-card processing companies, including Heartland, have been the victims of sophisticated criminal attacks resulting in millions of compromised payment cards. One of the other card processors, RBS WorldPay, lost data on 1.5 million customers. A third hack, at an unnamed payment processor, was disclosed last week.

In related news, Heartland announced yesterday that the President and Chief Financial OfficerRobert Baldwin will be participating at the Goldman Sachs Technologyand Internet Conference, February 26, 2009, at 6:20 PM at the SanFrancisco Marriott in San Francisco, California.

After thelive presentation the web cast will be archived on the Company’swebsite. Those who are interested can listen to a live web cast of thepresentation on the Investor Relations section of Heartland’s websiteat: http://www.heartlandpaymentsystems.com.

HomeATM Featured in American Banker

In an article published by American Banker, Will Hernandez, Associate Editor of ATM&Debit News writes about "some" of the recent developments occuring within the exciting world of HomeATM.  Normally, I'd provide a few quotes and a link to the full article, but in this case, you would need to be a subscriber to either American Banker or ATM&Debit News in order to read the article in it's entirely.


Test Planned for Debit Reader for Use at Home

American Banker | By Will Hernandez

Increased attention to data breaches could provide a boost to a Montreal company that has developed a way for shoppers to use plug-in card readers with their home computers to make PIN debit purchases online.

HomeATM ePayment Solutions is preparing to test a reader that consumers can plug into a computer's USB port. When shoppers make a PIN debit purchase at participating merchants' Web sites, the checkout software prompts them to swipe the card and enter the PIN.

Kenneth Mages, HomeATM's chairman and chief executive, said in an interview last week that the SafeTPIN reader could make consumers more comfortable using their cards online and will enable merchants to process the payments at card-present interchange rates, rather than the more expensive card-not-present rates.

Several merchants, including a large U.S. airline, are considering participating in the upcoming test, Mr. Mages said, though he would not name them.

"It's a lot more acceptable now to plug something into the USB port," said John B. Frank, HomeATM's executive adviser. "Combined with all these breaches, it's time for people to make some new decisions." 

The transaction processor Heartland Payment Systems Inc. reported last month that hackers breached its network last year and captured the account numbers and expiration dates of a number of debit and credit cards.

Since 2001, 72% of all payment card breaches have involved software at the point of sale, according to the Chicago data security company Trustwave Holdings Inc.; 23% occurred through online shopping carts, and 1% involved a hardware breach.

Analysts said they persuading consumers to use the readers will be a challenge.

Adil Moussa, an analyst at the Boston research company Aite Group LLC, said consumers are reluctant to use such devices. "People want easier and simpler things to use. Asking people to have another device on their desk for their online shopping is not really a way to achieve that."

Avivah Litan, a vice president and research director at the market research company Gartner Inc., routinely warns people not to use debit cards and PINs online.

"The Holy Grail for criminals is PINs and ATM cards," Ms. Litan said. "I would highly recommend [to any consumer] not entering their PIN anywhere on the Internet unless it was hardware-based."

Mr. Mages said HomeATM's device encrypts payment data moving between consumers' computers, HomeATM's data center, merchants, and processors. "We also encrypt the Track 2 data, which isn't done at" retailers.

Fidelity National Information Services Inc.'s eFunds Inc. will process HomeATM transactions.

Mr. Mages said lower interchange rates will appeal to merchants and hopefully will encourage them to distribute the readers to their customers.

According to Mr. Frank, merchants can save more than 75 basis points on card-present transactions compared with card-not-present ones. "That's a $7.5 million interchange savings for a $1 billion retailer converting its customers to a card-present environment."

However, HomeATM could face some hurdles in delivering the readers to consumers. The company plans to sell them to merchants, which would distribute them to customers. They cost about $15 to produce. Mr. Mages said lower interchange rates will attract merchants; the next step is securing merchants to distribute the device.

Ms. Litan said this is a classic "chicken-and-egg problem."

"Consumers will not start using these devices until merchants accept them, and merchants will not accept them unless there are huge incentives," she said. "The trick is finding someone with a big market presence that's willing to introduce something new to the market."

Mr. Hernandez is the associate editor of ATM&Debit News.

HomeATM Added To FinovateStartup09 Lineup

HomeATM has been added to the FinovateStartup09 Lineup to be held April 28th and we look forward to demonstrating how our technology can completely change the online payments landscape. 

In addition to providing an immensely more CNP2CP (Card Present To Card Present) Platform, HomeATM transactions are dually authenticated. (1.What you have/Card and 2.What you know/PIN)

Unlike any other payment method that we know of, HATM also provides a 3DES DUKPT End-to-End Encryption.  Our Pin Entry Device was recently tested by Witham Laboratories and met or exceeded PCI 2.0 PED requirements.  We are confident that our patented process offers the most secure online payment methodology in the industry.  We look forward to providing more insight to attendees of FinovateStartup09 in April.  See you there!

Finovate Startup Conference Lineup

The financial services startup community will be out in force April 28 at our second annual Finovate Startup conference.

The nine new companies below, along with the 39 participants announced two weeks ago, plus several we can't yet name, brings the total to 50 startups. That's eleven more than we had last year! We can now say that we'll have the largest group of financial services startups ever assembled in one place.

Don't miss your opportunity to talk to the companies that will help change the financial services landscape in the coming years. Join the many bank, credit union, and technology execs in San Francisco on Tuesday, April 28 for a thought-provoking and exciting day (see note 1).

The early-bird deadline ends Friday, so register now for just $795. Current Online Banking Report subscribers can save even more. Look on the back page of the most recent issue, or email info@netbanker.com for your customer discount code.

Here are the latest additions to the conference

• 
  
  
  
  AlphaClone
  
  
• CircleUp
  
  
• HomeATM
  
  
• LendingKarma
  
  
• OurCashFlow
  
  
• Pennyminder
  
  
• People Capital
  
  
• ThreatMetrix
  

• WeSeed

For further information on FinovateStartup09 please visit NetBanker.com or Finovate.com

HomeATM, Finovate, FinovateStartup09, E2EE, PIN Debit

Did Heartland Make False and Misleading Statements?

According to ShareholdersFoundation.com there is an investor investigation looking into possible securities violations related to public statements made by Heartland Payment Systems (HPY, see chart below...wow, under $5.50 now) between 8/5/08 and 2/23/09. Here's their statement:

Heartland Payment Systems, Inc Investor Investigation

If you purchased Heartland Payment Systems, Inc (NYSE:HPY) common stock between August 5, 2008 and February 23, 2009, you have certain options and you should contact the Shareholders Foundation, Inc. immediately!

You may contact us by using this form, or by sending an email to mail@shareholdersfoundation.com, or calling us at (858) 779-1554.

Company Name(s): Heartland Payment Systems
Affected Securities: NYSE: HPY  (Editor's Note: Soon to be SAD)


According to a press release there is an investigation on behalf of investors in Heartland Payment Systems, Inc. (NYSE:HPY) concerning possible securities violations related to public statements made by the Company between August 5, 2008 and February 23, 2009 was announced.

According to the press release the investigation by a law firm focuses on allegations that statements made by Heartland Payment Systems, Inc (“Heartland“) between August 5, 2008 and February 23, 2009 were false and misleading and failed to disclose or indicate, among other things, that Heartland’s safety and security measures designed to protect consumers' financial records and data from security breaches were inadequate and ineffective; Heartland faced liabilities associated with a breach of its payment processing network and increasing costs associated with implementing appropriate security measures; and as a result of a breach its payment processing network, Heartland was at risk of losing customers. Heartland Payment Systems, Inc. is primarily engaged in providing bank card payment processing services to merchants in the United States.

Flash Player 9 or higher is required to view the chart
Click here to download Flash Player now

View the full HPY chart at Wikinvest

Banks Need Alternative Payments

In an article published yesterday in American Banker by Bruce Cundiff, he argues that the global economic slowdown could provide an opportunity for alternative payment companies and banks to strategically partner. Here's an excerpt:

Alternative Payments

The global economic slowdown, which is driving down consumer spending and credit card purchases, could prompt banks to adopt alternative payment systems.

Retailers have become increasingly interested in recent years in offering customers alternatives to credit and debit cards. These systems often exclude the traditional payment providers, and the main benefits of these transactions — revenue, customer relationship enhancement, or brand equity — flow to companies other than banks and card networks.

But many financial companies are wondering whether the economic downturn will fuel faster adoption of alternative payment methods and, perhaps more importantly, how that could impact their own payment revenue.

I argue that it is not a matter of whether alternative payments will gain steam as a result of economic difficulties. Rather, in the face of economic difficulties, financial institutions must embrace the alternative.

We must understand the value proposition, and the motivations, of various players in the retail payment ecosystem.

I'd provide a link to finish reading the article, but American Banker is a subscriber-based publication. To subscribe go to AmericanBanker.com

Related articles by Zemanta

• Alternative Payments Continue Torrid Growth (pindebit.blogspot.com)

Nigeria Chip and PIN Migration Begins with CBN Compliance

THE Central bank of Nigeria, CBN recently recorded compliance to its directive that all banks in Nigeria migrate from magstripe type of payment cards to chip and PIN based cards.

This is as Intercontinental bank Plc rolled out drums last week in celebration of its pioneering the first Chip and PIN verve card tagged Intercontinental Verve card. The event held at its Victoria Island Lagos headquarters at the weekend. 

The CBN in apparent bid to curtail the growing fraud prevalent in the banking sector, woke up recently, directing all banks operating in Nigeria to migrate from the magstripe based payment cards to chip based before the end of the second quarter of this year.

Obviously the magstripe cards were prone to compromise due to its method of usage and easy way of duplication. Because a magstripe card is used mostly by swiping across a terminal, fraudsters devised a means of inventing magnetic mechanism which retains the details of the card after being swiped on the machines and of course its cheap and easy way of production fueled more frauds that left unfortunate card users in misery.

So the introduction of this brand of payment card, which runs on Interswitch platform, makes the bank the first to comply with the CBN directive and according to the bank, gives its customers a leverage which others would always envy to experience.

Group Chief Executive of the bank, Dr Erastus Akingbola, while addressing the gathering at the launch of the card, described the development as another feat by Intercontinental Bank, saying this has separated the men from the boys in the banking business in Nigeria.

According to Akingbola, through today’s event Intercontinental has become the first Nigerian bank to issue the Verve Chip and PIN with loyalty card created in Nigeria for the world. With this development a new symbol of technological progress is making headlines in the Nigerian e-banking industry.

Akingbola said that besides upgrading all its channels to honour transactions initiated from these cards, in line with the CBN directive, his bank also deemed it necessary to move a step further by introducing the chip based card.He noted that staff from relevant departments of the bank were also trained on different aspects bordering on card operations, card issuance, business and product development dynamics set around the functionalities of these cards in order to ensure effective compliance and management.

He stated that the bank has ordered and taken delivery of the two brands of the chip cards and presently working on the modalities involved in migrating all its customers to the new enhanced and more secure EMV chip and PIN verve payment card on the Interswitch platform.

The Bank believes that by the new development, it is also adding another feather to its cap by making history as the first bank to issue a full EMV compliant local debit card in Nigeria.

Verve is a chip based card positioned as a premium, innovative brand set to meet the needs of the issuer, merchant and consumer by providing convenience, absolute security, reliability, recognition and reward.

According to Akingbola, “the cards many features have become a hot topic lately, and for good reason, because it surrounds transactions with iron-clad security.  The era of card cloning and loss of funds is coming to an end. In a nutshell, the information stored on the embedded microchip on this card is extremely difficult to hack and transactions are done with an even more secure personal identification number (PIN)”.

He said Intercontinental Bank PLC has always been a front runner in service delivery and customer satisfaction and will be taking the lead in the issuance of this new secured chip cards.

chip and pin, Central Bank of Nigeria, Fraud

Prepaid Cards Summit 2009

Through Prepaid Card Summit 2009 and its associated publications Cards International and Electronic Payments International, VRL is pleased to announce this year's conference to be held in Rome, Italy in October 2009. Confirmed dates for your diary will be announced shortly.

Now in its fifth consecutive year, Prepaid Card Summit is an industry leading event and the only truly European card event of 2009. Join us in Rome to experience a stimulating conference, our agenda will be planned with the unique knowledge and understanding of the editorial teams of Cards International and Electronic Payments to cover the key issues and challenges involved in exploiting these relevant markets.

The event will cover European markets including Italian, German and Belgium along with Eastern Europe, all of whom are starting to experience growth with many new programmes launching every month. Italy boasts the most successful prepaid programme in Europe, Poste Italiane, making the location an appropriate choice for the event itself.

For more information

Our website is a regularly updated with information related to Prepaid Cards Summit 2009 including the latest agenda and speaker information.

Want to know more about VRL's previous highly successful prepaid conferences? Download our 2008 reference guide.

Monitise & Metavante Launch Text Message Banking

Service enables consumers to use text messaging for alerts and any-time balance information

PROVIDENCE, R.I., and MILWAUKEE, Feb. 25 /PRNewswire/ -- Monitise Americas, the mobile money people, and Metavante today announced the launch of text message banking services.

The service will allow consumers to use text messaging to obtain any-time balance information on their accounts. It also enables consumers to set alerts, to notify them when their balance is low or when their payroll deposit has arrived, for example. Metavante Corporation is the first provider to deploy the new technology from Monitise Americas. Metavante (NYSE: MV) is a leading provider of banking and payments technology.

Monitise Americas is well-known for providing mobile money services using secure applications that consumers download to their cell phones. The company has added text message banking to deliver financial information to all mobile phone users, whether they have advanced, data-enabled handsets or more simple devices.

"Text alerts have become mainstream for many consumer services today. Many of us already receive news alerts on our mobile," said Lisa Stanton, chief executive officer of Monitise Americas. "Especially in this economy, consumers have told us that they want immediate access to their financial information. Mobile financial alerts will allow consumers to manage their money any time, anywhere, and I firmly believe that there is no better time to introduce this than now."

The integration of Metavante payments solutions -- including bill pay, prepaid and the NYCE Network -- with its mobile financial services creates a clear line of sight to mobile payments and commerce. This type of integration also creates the benefit of making mobile services available to virtually all account holders at a financial institution.

"Metavante is committed to keeping our clients competitive by moving consumers to mobile banking," said Frank D'Angelo, group president, Metavante Payment Solutions, and chairman of the board for Monitise Americas. "By enabling this text messaging functionality, we are making money management via a mobile phone available to virtually anyone, and making it easy for even reluctant consumers to engage with the idea of using their mobile phones to manage their finances."

About Monitise Americas

Monitise Americas is a joint venture between Metavante Corporation, a leading provider of banking and payments technologies to financial institutions and businesses worldwide and Monitise plc (MONI.L), the mobile money specialists. Monitise Americas provides mobile banking and payment services to North American financial institutions based on an "ecosystem" principle, which allows multiple mobile carriers and financial institutions to deliver services over a single platform. It has a sister ecosystem in the United Kingdom, MONILINK, developed by Monitise plc in partnership with VocaLink. Current partners of MONILINK include: first direct, Alliance & Leicester, Royal Bank of Scotland, NatWest, Vodafone, Orange, O2, T-Mobile and Hutchison 3G.

For more information on Monitise Americas and details of how to benefit from participating in its cross-America ecosystem, please visit www.monitise.com and www.monitiseamericas.com.

About Metavante

Metavante Technologies, Inc. (NYSE: MV) is the parent company of Metavante Corporation. Metavante Corporation delivers banking and payments technologies to over 8,000 financial services firms and businesses worldwide. Metavante products and services drive account processing for deposit, loan and trust systems, image-based and conventional check processing, electronic funds transfer, consumer healthcare payments, electronic presentment and payment, outsourcing, and payment network solutions including the NYCE Network, a leading ATM/PIN debit network. Metavante (www.metavante.com) is headquartered in Milwaukee.

Metavante and NYCE are registered trademarks of Metavante Corporation, which is the principal subsidiary of Metavante Technologies, Inc.


SOURCE Monitise Americas