Business Mirrorin the Philippines reports that United Coconut Planters Bank plans toexpand its ATM network by 87 percent, adding 191 new units, to meet thedemand that has built for a larger network over the last year.
In 2008, the bank’s 220 ATMs handled 12.2 million transactions.
According to Business Mirror, UCPB is poised for significant growth:
"With a stronger capital base, UCPBhad said it would be able to tap growth opportunities in the middle andconsumer markets. Its loan portfolio expanded by P10 billion or 43percent to P33.2 billion by end-March, with commercial loans increasingby 53 percent or over P7 billion to P22.8 billion. Consumer loans rose47 percent, or nearly P2 billion to P5 billion."
Visa messin' around with messaging as tool for fraud reduction and is launching an SMS notification service trial for card fraud detection in the UK...
According to theregister.co.uk:
"The project involves the participation of the Visa staff in the UK and its network of member banks. The service sends SMS or email confirmation of card transactions to account holders' mobile phones each time their debit, credit or prepay card is used. The SMS include information on the time, location and amount involved in every transaction. The service can provide participating cardholders with updates via text message, mobile email or applications running on smartphones including the iPhone or Android-based devices, upon request.
Visa will test the service throughout the summer of 2009 and if the trial is successful, the company will offer the service to consumers and update it with new features including instant conversion into the user’s home currency while abroad.
Editor's Note: There is a cost involved with doing this, so don't expect this to be a free service.
Source: The Paypers.com
Report finds government vulnerable to cyber attacks Story Highlights
Federal government should bolster cyber-security work force, report says
Paper recommends developing plan for recruiting, training, keeping experts
Report also recommends streamlining cumbersome federal hiring process
President Obama calls cyber security a top challenge; plans coordinator post
By Pam Benson CNN
WASHINGTON (CNN) -- The federal government is at risk of being unable to fight off attacks on the nation's computer networks unless it strengthens its cyber-security work force, according to a report released Wednesday.
The nation's security could be in jeopardy because not enough workers are sufficiently trained to protect computer systems from hackers, criminals, terrorists and foreign governments, the Partnership for Public Service and consulting company Booz Allen Hamilton found after studying 18 federal agencies and interviewing experts inside and outside government.
President Obama has said the cyber threat is "one of the most serious economic and national security challenges" facing the nation.
In May he announced his intention to create the post of cyber-security coordinator to oversee "a new comprehensive approach to securing America's digital infrastructure."
"The overriding finding of our analysis is that our federal government will be unable to combat these threats without a more coordinated, sustained effort to increase cyber-security expertise in the federal work force," the report, titled "Cyber IN-Security," states.
The report cites four challenges facing the government: an inadequate supply of potential new information technology experts; uncoordinated leadership of cyber-security workers; a cumbersome hiring process that discourages people from seeking government jobs and fails to provide a career path for those who do; and hiring managers and human resource specialists who disagree on the quality of IT candidates.
The report recommends that the coordinator develop a strategy for recruiting, training and retaining cyber-security experts. The report also recommends the White House reach out to universities and the private sector to encourage Americans to develop technological skills, similar to what previous administrations did during the space race.
The study calls on the Office of Personnel and Management to fix the federal hiring process, create a cyber-security career path and expedite security clearances. It suggests Congress provide significant funding for training federal workers in "state of the art" technologies and for college scholarships in the cyber- security field.
Partnership for Public Service is a nonpartisan, nonprofit organization devoted to building a better federal work force. Booz Allen Hamilton is a management consulting firm.
Citibank launches a new E-payment service for Airlines to pay service fees to Aeronautical Radio of Thailand Limited.
Citibank has announced the development of an E-payment channel for airlines to pay service fees to Aeronautical Radio of Thailand Limited. (AEROTHAI). AEROTHAI’s customers will now have access to an end-to-end, real-time service provided through CitiConnect, Citi’s web-based delivery platform. CitiConnect enables airlines and other AEROTHAI’s customers to make payments for air navigation and equipment rental fees directy to AEROTHAI 24 hours a day, seven days a week.
This additional payment channel strengthens Citi’s initial payment channel offered for the Airports of Thailand PCL. Through using one single platform, all airlines can now pay their major expenses online.
Mr. Peter Eliot, Citi Country Officer, Citibank, N.A. Thailand said “Citi continues to innovate and invest in products and services that provide benefits to customers and we continue to be the market leader in Thailand. This new e-payment channel provides Citi with the necessary services to strengthen our position in the airline industry and airlines benefit from reduced time spent on payment preparation and are able to concentrate on their core business activities.”
“We at Citi are proud to introduce this new service to our customers. As a leading transaction bank operating in 100 plus countries, we continue to customize tried and tested innovation in other markets and fit it to Thailand’s business needs. This helps our clients reduce their operational costs in a structured manner” says Sandip Patil, Head, Treasury and Trade solutions. “In the recent past, we have launched over a dozen such innovations and are working on few more to help our clients fight the recessionary pressure with a positive spin”.
AEROTHAI is a state enterprise providing air traffic control and aeronautical communication services for airlines and other customers. AEROTHAI bills customers and places invoices to Airlines after rendering services. Currently, airlines can make payments online to AEROTHAI on real-time basis through CitiConnect. Citi stands as the leading one-stop E-payment service provider in this market. In Thailand Citi provides E-payment services for the Airports of Thailand PCL., the Revenue Department, the Customs Department, the Excise Department, and also other utilities operators through CitiConnect.
The service is FREE of CHARGE and now available at https://www.citiconnect.asia.citibank.com/payment/aeroth/.
For more information: • Information and details of CitiConnect service call CitiService on 0-2232-3000 • Information and details from AEROTHAI call AEROTHAI’s Finance Department on 02-285-9299 For more details log on to www.citibank.co.th
Citi Citi, the leading global financial services company, has approximately200 million customer accounts and does business in more than 140countries. Through its two operating units, Citicorp and Citi Holdings,Citi provides consumers, corporations, governments and institutionswith a broad range of financial products and services, includingconsumer banking and credit, corporate and investment banking,securities brokerage, and wealth management. Additional information maybe found at www.citigroup.com or www.citi.com.
Federal investigators are fielding a large number of complaints from organizations that are being fleeced by a potent combination of organized cyber crooks abroad, sophisticated malicious software and not-so-sophisticated accomplices here in the United States, Security Fix has learned. The attacks also are exposing a poorly-kept secret in the commercial banking business: That companies big and small enjoy few of the protections afforded to consumers when faced with cyber fraud.
Earlier this month, I wrote about Bullitt County, Kentucky, which lost $415,000 after criminals planted malicious software on the county treasurer's PC. That rogue program allowed the crooks to initiate wire transfers to more than two dozen so-called "money mules," people duped into laundering the money and wiring it to the perpetrators in Ukraine.
An academic study suggests that people would rack up less credit-card debt if card companies were barred from offering rewards based on the value of their purchases. The study, by a marketing specialist at the University of Toronto and an economist at the Federal Reserve Bank of Kansas City, sifts through the results of a 2005 American Bankers Association survey of credit- and debit-card users. About 3,000 people were asked whether they got rewards on their purchases and about their perceptions of the transactions.
Many Canadians collect such rewards, typically travel points or cash rebates, and many merchants grumble about paying for them through transaction fees.
"As rewards programs have become increasingly popular and generous, interchange fees charged to merchants have also increased," said the study, which focused on U.S. data.
"A merchant pays different interchange fee rates for credit-card transactions: non-rewards cards have the lowest fee rates, while high-end rewards cards have the highest rates," it added.
The authors — Andrew Ching, an assistant professor of marketing at the U of T's Rotman School of Management, and Fumiko Hayashi, a senior economist at the Kansas City Fed — conclude that "removing rewards today would cause a small percentage of consumers to switch from electronic payment methods (credit/debit cards) to paper-based methods (cash/cheques) at five types of retail stores.
"The majority of consumers who currently receive rewards on credit/debit cards would continue to use credit/debit cards, even if rewards were no longer offered."
An example from Australian policy on card fees
This conclusion is "consistent with the experiences in Australia, where the three major credit-card networks, Bankcard, MasterCard and Visa, were mandated to reduce their interchange fees in 2003," the study says.
"Although the value of the rewards points for these three networks has been reduced dramatically since the reform, we observed that the usage pattern of credit cards has remained essentially unchanged."
Even so, they conclude that eliminating credit-card rewards would have a bigger effect than eliminating debit-card rewards.
"We also find that rewards encourage consumers to use credit cards even if they carry balances," the authors say.
"This suggests that removing credit-card rewards could have some effects in reducing consumers’ credit-card debts. This could increase consumers’ welfare, but reduce credit-card issuers’ revenue from interest charged on their balances."
Here yet is more alarming e-vidence and another reason to not trust the web when it comes to either e-banking or e-payments. ALL financial transactions MUST be done OUTSIDE the web browser. Yesterday in a post entitled: "Online Banking Data Fed to the Phishes" there was a quote (pictured on left) which, in no uncertain terms, sums up the potential for "creating a large-scale secure transaction system on the web." Here's another quote from the same article:
"Internet banking experts saywithout coordinated global action by governments, financial institutions will have to "give up on the internet"because they are losing their war against hackers and criminal fraudsters."
So, based on those two statements of fact, it would seem that we need to replace "typing" with "swiping." The hackers are getting better, and the "type" system we use is an "ideal" format.
But it gets nastier...as we learn that: (from Finextra blogs)
The nastiest ebanking trojan just got nastier
For too long now theperpetrators of malware have been getting away with targeting ourbanking sector and each time we think we are getting somewhere theyseem to be one step ahead while gradually raising the bar in this armsrace.
On Friday, the team at TrustDefender Labs releaseda report on one of the nastiest pieces of malware which has just becomeeven nastier.
Now you may think that some of the older malware is badenough, the bad guys have released a new version of one of the mosthighly successful e-banking Trojans but this time with majorenhancements. And the 'bad news' is that they changed the lot!
Basically, these guys have been busy over the last few months with anew version of Mebroot/Sinowal/Torpiq that performs the same tasks anddoes the same badness as the previous versions (for more informationsee www.trustdefender.com/blog),however the big difference is that this Trojan is hiding in the systemwith improved stealthiness than ever before, to make sure:
1. it can infect your system without you knowing 2. collect as much information as possible and 3. stay there undetected as long as possible
To reiterate in plain English: Everything that was previouslywritten on how to detect Mebroot/Sinowal/Torpiq is now invalid anddoesn’t apply anymore… No rg4sfay file in Windows\temp anymore, noreference to \!win$… No detection with GMER’s special mbr.exe programand GMER itself only lists a couple of detached threads… Nothing reallysuspicious…
The troubling issue is that the research team found this new versionand noted it has the most exhaustive list of banking and brokingwebsites they have seen – with virtually all major financialinstitutions in UK, Australia, USA, Spain, Italy, Germany and more.
Butinterestingly, more and more non-bank websites are part of this list,like partycashier.com (the online payment from a popular poker site)and government sites (FED to the Phishes) like pay.gov (electronic payments to the US Govt).
The challenge now for the 'good guys', when will they catch up and can they stop this nasty e-banking Trojan?
Editor's Note: Yeah, just "stop typing." Trojans work because people are still inexplicably "typing" their Primary Account Number (PAN) or online banking authentication (username/password) into boxes on websites.
Until they start swiping we will be boxed in by the bad guys. It really is that simple.
The cardholder data/authentication credentials MUST be encrypted "outside" the browser space. We swipe our card and enter our PIN to get cash in real-time at an ATM, so the encryption standards used by the banking industry are safe. (it's the skimming devices and camera's that put ATM's at risk)
Thus, considering that HomeATM 3DES encrypts and utilizes DUKPT key management, (and is PCI 2.0 certified with imminent TG-3 certification) I stand by my belief that instead "typing" puts fraudsters at a level playing field, whereby "swiping" with end-to-end encryption puts them at a disadvantage they cannot overcome.
Take a look at some of the related articles to read more on the subject of online banking insecurity
Radiant Systems, Inc. and Witham Laboratories join SPVA
ATLANTA– July 20, 2009 – Five electronic payment companies have joined the non-profit Secure POS Vendor Alliance (SPVA), created by Hypercom (NYSE: HYC), Ingenico S.A. (EURONEXT: ING) and VeriFone (NYSE: PAY) to foster widespread compliance of existing security standards to protect cardholder information and defend merchants and acquirers against security breaches.
“Membership in the SPVA reinforces our commitment to advancing security within our industry, enables us to gain first-hand knowledge of current security threats and proactively shape future security guidelines,” said Antoine van Diem, general manager technologies & products, Atos Worldline.
The SPVA’s expertise includes education and a focus on best practices,” said Steven Elefant, executive director of end-to-end encryption at Heartland Payment Systems®. “It is vital that we as stakeholders continue to innovate so that ultimately, we enhance the security of our industry as it grows.”
SPVA members provide the key security elements among consumers, merchants and transaction acquirers and issuers. Members of the SPVA deliver a unique experience with security guidelines, ensure best practice implementation and continue to evolve security enhancements and interoperability required to reduce fraud and lower risk for all participants in card payment transactions. Membership is open to all vendors that develop secure POS payment systems or have products or solutions that interact with secure POS payment devices such as retailers, acquirers and banks.
New members that have signed up with the SPVA since May 2009 include:
Joining as a General Member, Atos Worldline is the European leader in electronic payments and transactions delivering innovative solutions to advance its clients’ businesses. It specialises in end-to end payment services (issuing, acquiring, payment solutions and card processing), services for financial markets as well as CRM and eServices (Internet, voice and mobile solutions). Every year Atos Worldline wins prestigious market awards in recognition of its continuous commitment to research and development of leading edge solutions. Awarded solutions cover expertise in areas such as mobile payments, secure IPTV, online CRM, ticketless solutions. A 100% subsidiary of Atos Origin, Atos Worldline generates annual revenues of around €800 million and employs over 4,800 people in Europe. www.atosworldline.com
Heartland Payment Systems, Inc., a NYSE company trading under the symbol HPY, delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide. Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. www.heartlandpaymentsystems.com
Moneris Solutions, one of North America's largest providers of payment solutions. Moneris offers credit, debit, wireless and online payment services for merchants in virtually every industry segment and processes more than 3 billion transactions annually. Through its Ernex division, Moneris offers electronic loyalty and stored-value gift card programs. With more than 350,000 merchant locations, Moneris provides the hardware, software and systems needed to improve business efficiency and manage payments. For more information please visit www.monerisusa.com.
Headquartered in Atlanta, Radiant Systems, Inc. (Nasdaq: RADS) is a global provider of innovative technology to the hospitality and retail industries. For more than two decades, Radiant's point of sale hardware and software solutions have helped to redefine the consumer experience in more than 100,000 restaurants, retail stores, stadiums, parks, arenas, cinemas, convenience stores, fuel centers and other customer-service venues. Radiant has offices in North America, Europe, Asia and Australia. www.radiantsystems.com
A leading provider of specialist payment security evaluation services, Witham Laboratories is accredited to perform evaluations and audits against local and global security standards including all PCI standards (PCI PED, PCI DSS, and PA DSS). With its head office in Melbourne, Australia, Witham Laboratories has clients around the globe and works directly with vendors of POS and PIN entry devices, merchants, and acquirers and card schemes, to assist in their understanding of compliance to the payment standards. Witham Laboratories is an active member of many industry standards bodies, and uses its intimate knowledge of these standards to provide the best possible service and advice to its clients. http://www.withamlabs.com
To learn more about membership opportunities, visit www.spva.org.
###
About Secure POS Vendor Alliance (www.spva.org) The Secure POS Vendor Alliance (SPVA) is a non-profit organization that works with the multiple stakeholders of the payment value chain. Its aim is to develop an end-to-end security framework and to enhance security elements of payment solutions which protect cardholder information and defend merchants and acquirers against security breaches, while helping reducing fraud and lowering risk for all electronic payment stakeholders.
About Hypercom (www.hypercom.com) Global payment technology leader Hypercom Corporation delivers a full suite of high security, end-to-end electronic payment products and services. The Company's solutions address the high security electronic transaction needs of banks and other financial institutions, processors, large scale retailers, smaller merchants, quick service restaurants, and users in the transportation, petroleum, healthcare, prepaid, unattended and many other markets. Hypercom solutions enable businesses in more than 100 countries to securely expand their revenues and profits. Hypercom is a founding member of the Secure POS Vendor Alliance (SPVA) and is the second largest provider of electronic payment solutions and services in Western Europe and third largest provider globally.
Throughout the world, banks and retailers rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico solutions leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them.
VeriFone Holdings, Inc. (“VeriFone”) (NYSE: PAY), a global leader in secure electronic payment technologies, provides expertise, solutions and services for today with a migration strategy for tomorrow. VeriFone delivers solutions that add value to the point of sale, resulting in improved merchant retention and the generation of new sources of revenue for its partners and customers. VeriFone solutions are specifically designed to meet the needs of vertical markets including financial, retail, petroleum, government and healthcare.
SafeHarbor Statement under the Private Securities Litigation Reform Act of 1995
This press release includes statements that may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, including statements regarding the development, adoption, implementation, interoperability, performance and effectiveness of electronic payments industry security standards, the development of future security standards and guidelines intended to reduce and prevent fraud and other threats to electronic payment transaction integrity, and lower risk for all participants in card payment transactions. These forward-looking statements are based on current expectations and beliefs and are subject to risks and uncertainties that could cause actual results to differ materially from those described in the forward-looking statements. In particular, factors that could cause actual results to differ materially from those in forward-looking statements include: the ability of the Alliance to attract significant industry membership and participation in its activities and adherence to its policies and guidelines; industry, technological and regulatory changes; industry and market acceptance of and compliance with new security standards and guidelines; compliance with disparate certification requirements and government regulations; the state of the U.S. and global economies in general and other risks detailed in the companies’ filings with the Securities and Exchange Commission, including the companies' most recent 10-K and subsequent 10-Qs and 8-Ks. Forward-looking statements speak only as of the date made and are not guarantees of future performance. We undertake no obligation to publicly update or revise any forward-looking statements.
Editorial Contacts: Candace McCaffery/Carol McEntee SPVA 404.816.2037 678.640.7822 Mobile
In a followup to a post I did on July 15th entitled: "Firm that Settles Credit Card Disputes Accused of Fraud" the state of Minnesota announced that the nation's largest arbitration firm, used by Bank of America, JP Morgan Chase, Citigroup, Discover Card, and American Express is pulling out of the business. So what's Minnesota's backup plan? How will consumers address issues in the future? Well, they're on their own now.
National Arbitration Forum to Cease Administering All Consumer Arbitrations in Response to Mounting Legal and Legislative Challenges
American Consumers to Lose Affordable Access to Justice through Nation's Largest Administrator of Consumer Arbitration Disputes
BusinessWire -- The National Arbitration Forum (FORUM), the largest U.S. administrator of consumer arbitrations, today announced that it will voluntarily cease to administer consumer arbitration disputes as of Friday, July 24, 2009, as part of a settlement agreement with the Minnesota Attorney General.
"The National Arbitration Forum remains committed to consumer arbitration as the best and most affordable option for consumers to resolve disputes quickly and efficiently. However, the FORUM lacks the necessary resources to defend against increasing challenges to arbitration on all fronts, including from state Attorneys General and the class action trial bar," said Forthright CEO Mike Kelly. "Mounting legal costs, a challenging economic climate, and increased legislative uncertainty surrounding the future of arbitration have prompted the FORUM to exit the consumer arbitration arena. At this time, the costs of providing consumer arbitration services far exceed the revenue generated. Until Congress resolves the legal and legislative uncertainty the cost is simply too high for users and providers of consumer arbitration."
Legislative proposals pending in both houses of Congress threaten to eliminate pre-dispute arbitration as an effective means of alternative dispute resolution. The Arbitration Fairness Act of 2009 (S. 931/H.R. 1020) would invalidate every pre-dispute contractual arbitration agreement that is part of a consumer, financial or franchise dispute – in effect, every contract. The Fairness in Nursing Home Arbitration Act (S. 512/H.R. 1237) would eliminate pre-dispute mandatory arbitration in all nursing home contracts. Legislation before the House to create a new Consumer Financial Protection Agency (H.R. 3126) addresses arbitration and would give broad regulatory authority to restrict or eliminate all consumer arbitrations.
"The National Arbitration Forum provides fair and affordable access to justice to American consumers regardless of size of their claims. Without access to arbitration, consumer disputes will now be forced into an overcrowded and underfunded legal system, where many consumers who cannot afford attorneys will have to navigate complex court procedures," continued Kelly. "The consequence to American consumers is that there will be no meaningful alternative to costly and unpredictable litigation."
Notably, nothing in the Minnesota Attorney General’s complaint alleges that arbitration proceedings administered by the FORUM are unfair; the fairness of arbitration is ensured by the independence of the neutral arbitrators.
National Arbitration Forum consumer arbitration claims are decided by an independent panel of more than 1,600 highly experienced and impartial legal professionals, including former judges and experienced attorneys. FORUM neutrals are bound to a code of professional ethics, and decide cases outside of any influence from the FORUM or the other parties.
About the National Arbitration Forum (FORUM) Founded in 1986, the National Arbitration Forum (FORUM) is a world leader in arbitration and mediation services. The FORUM provides accessible civil justice through the recruitment, selection, and management of a highly experienced and distinguished panel of over 1,600 former judges and seasoned lawyers. Now optimized by Forthright, the FORUM is the faster, lower cost, and superior alternative to litigation, that ensures parties receive the same outcomes they would in court. www.adrforum.com
Waitress who stole credit card information gets probation Daily News Wire Services
A waitress who stole credit card information from customers at a West Los Angeles restaurant has been sentenced to five years probation and fined about $3,000.
April DuBoise, 29, used a "wedge" -- a small skimming device that reads and stores data from a credit card for downloading to a computer -- over a 1 1/2-month period while working in early 2006 at the Hamburger Hamlet restaurant at 2927 Sepulveda Blvd. in West Los Angeles.
DuBoise, who had no previous criminal record, sold the information to an unidentified man, resulting in unauthorized charges being made on credit cards, according to former City Attorney Rocky Delgadillo.
She was initially charged with misdemeanors but eventually pleaded no contest to 34 felony counts of identity theft and credit card fraud, according to Deputy District Attorney James Toro.
Prosecutors had estimated losses of around $28,000, but in court papers filed Thursday, Toro said that figure "appears to be a gross underestimation of the true damage caused by the defendant." According to the director of operations for the Hamlet Restaurant Group, the case received nationwide publicity, forcing the Hamburger Hamlet to close due to lack of business, costing 50 employees their jobs.
BANKS and bank customers face an array of threats to their security as international criminal groups roll out a new generation of viruses, malware, fake websites and sophisticated phishing emails.
Internet banking experts saywithout co-ordinated global action by governments, financial institutions will have to "give up on the internet"because they are losing their war against hackers and criminal fraudsters.
Editor's Note: That's what I've been saying for the last 15 months on this blog. It was (not safe) safer to type your card numbers into a box at a merchant checkout center a year ago than it is today and it's (not safe) safer to do it today than it will be tomorrow.
It's satisfying to see "Internet Banking Experts" start to to publicly admit there is an inherent weakness in the system.
HomeATM's device (pictured above) is a secure solution to the phishing, DNS attack and cloned web site threats which permeate the online banking world. Our solution exactly replicates how one would access their cash at an ATM. 1. You swipe your card, and 2. You Enter your PIN. It's called 2FA (two-factor-authentication) and it would virtually eliminate phishing overnight. The Track 2 data is "instantaneously" encrypted upon the swipe of the card and the PIN is also 3DES Encrypted and protected by DUKPT (Derived Unique Key Per Transaction). Our unique end-to-end encryption methodology provides the most secure authentication and payment application available today. Period.
Early next week, HomeATM expects to become the only eCommerce Payment company in either hemisphere to be both PCI 2.x Certified and TG-3 certified. Swipe don't Type. It's how retailers and consumers have been doing it at brick and mortar locations since the early 80's and it's how it should be done online. Until now, there wasn't an affordable way to get consumers there very own SwipePIN device. But HomeATM has gotten the price down to the point that banks could literally give them away...thus empowering their online banking customers to not only log-in securely but pay bills in real-time, send or receive money in real-time and conduct safe, secure online transactions. I've stated that it is as simple as 1-2-3. Two are already done. The bank issues the card, the bank issue the PIN...now the bank can issue the HomeATM Internet POS terminal. The story continues...
Almost one-quarter of the entire Australian population has been affected by identity theft crimes, according to a recent survey by Veda Advantage and that number keeps growing each year. "Last year some 450,000 Australians were the victims of fraud," NSW Attorney-General John Hatzistergos said last weekend as he announced new laws that effectively duplicate Queensland's cyber crime laws. "Nearly a billion dollars was taken from people and confiscated by criminals, using a variety of different techniques, trading in people's personal information, such as passwords, pin numbers, names and addresses.
The state based approach to the problem will not work says Professor Bill Caelli from Queensland University of technology's Information Security Institute. Prof Caelli says only co-ordinated global action by governments can secure the net.
Speaking to the Sunday Mail from a major IT conference in Paris where the issue of securing the net is high on the agenda, Prof Caelli claimed "banks were simply not capable of providing secure internet banking."
There is a big discussion happening globally about web services such as internet banking. The question is, "Can you create large-scale secure transaction systems on the web – and the answer is coming back as no."
Already this year, two of Australia's biggest banks have reported significant attacks on their internet banking portals. Both attacks came after significant investments by the banks to upgrade their online banking platforms.
"The criminals tend to target one bank and when that institution shuts them down they move to another bank so it goes in circles," said Gary Gill, head of forensics at KPMG.
Australia's biggest bank, the Commonwealth Bank, reported that a malicious attack had probably contributed to its banking website, Netbank, crashing on the busiest days of the year – the two days before the end of the financial year.
Steve Batten, the media spokesman for the Commonwealth Bank, said that Netbank was designed to handle 13,000 customers online concurrently. Last Monday, 18,500 customers were logging in concurrently and 1.59 million hits were registered in the 24-hour period. Mr Batten said that the bank suspected that some of that traffic was malicious.
In February ANZ Bank reported a sophisticated scam that led to a fake web page appearing to customers after they logged in to the ANZ internet banking site.
Gauteng police are working with Vodacom to trace the victims of a multimillion-rand SMS banking authentication scam, described by a top security firm as the first of its kind.
Police spokesperson Superintendent Lungelo Dlamini said on Thursday that members of the Joburg Commercial Crimes Unit were liaising with commercial crime units across the country to determine how many people had been affected by the rip-off.
Security experts have billed the scam as a world first.
"This incident is, as far as we know, a world first, which only enforces our opinion that SMS-based authentication, while, slightly more secure than the simple username-password combos, is, outdated, and in our fast-paced and highly evolving cyberworld no longer sufficient by itself."
Costin Raiu, chief security expert at Kaspersky Lab, suggested that banks deploy better and more advanced technology to stay ahead of criminals.
"This incident is, as far as we know, a world first, which only enforces our opinion that SMS-based authentication, while, slightly more secure than the simple username-password combos, is, outdated, and in our fast-paced and highly evolving cyberworld no longer sufficient by itself."
He advised readers to check their online accounts often and notify the bank immediately if suspicious transactions are found.
Banks should be able to recover clients' money if they were notified promptly, Raiu said.
It is not known which banks were involved in the scam.
Dlamini would not be drawn on how much money was allegedly siphoned by a Vodacom engineer and his accomplice through an elaborate scam involving the blocking and delaying of SMS banking alerts to Vodacom clients.
A Gauteng newspaper had reported that the Vodacom engineer and his partner allegedly stole R2,4-million. Other media reports said that when the pair appeared in the Johannesburg Commercial Crimes Court on Monday, the State prosecutor received another docket for another R3,3m.
Dlamini said the docket was with the court and police would not comment on the issue.
On Tuesday Vodacom released an internal letter informing employees of the scam and asking them to "convey the facts to our families, friends and customers".
Signed and sent out by Vodacom chief communications manager Dot Field, it explained that the alleged fraud was committed with the help of fraudulently created temporary dual SIMs.
A customer's internet bank account would be logged into, and the one-time password from the bank would be sent to the temporary dual SIM, which enabled the transfer of money out of the customer's internet bank account to their own account. When the transaction was successful, the temporary dual SIM would be deleted.
The email also implied that customers would have to compromise their PIN and password via phishing (when fraudsters get hold of sensitive information such as usernames, password and credit card details by masquerading as a trustworthy entity) for this type of fraud to occur.
Dlamini said police suspected a syndicate was behind the scam, and more arrests were expected.
This article was originally published on page 1 of The Star on July 17, 2009
We can see here that almost 90% of Smartphone owners said that they didn't trust mobile banking security or saw noneed to manage their finances from a mobile device.
Analyst: 'Days of Amateurs Committing Breaches are Well Behind Us'
Excerpts from BankInfoSecurity.com How it Happened
According to the indictment, Lee Klein, one of eleven people charged in the indictment, worked for the criminal "crew" ofThomas Fiore, an associate of the Bonanno organized crime family.
The indictment alleges that Klein illegally used "informationobtained from computer databases in order to acquire identificationinformation regarding potential victims of extortion" and peoplesuspected by Fiore's criminal organization of being involved with lawenforcement.
Klein allegedly provided Fiore with "corporation names,addresses and account numbers to facilitate the manufacture andnegotiation of counterfeit checks." In addition, the indictment alleges that members of thecriminal crew used threats of force and violence, including conspiracyto commit murder, to advance the objectives of the enterprise. Security Experts React to Mob Ties
"Althoughsensational in its headline 'Mob Steals Data,' we perhaps should focuson how the data was accessed and what was contained in theinformation," says information security and privacy expert Kevin Nixon,CISSP, CISM, CGEIT.
"We are experiencing some most extraordinary eventsrelated to global businesses, economics and confidential informationmovement via the merger and acquisition of companies, networks,databases and entire systems."
Analyst Nick Holland sees this case is indicative of the waythat data breaches are becoming the work of organized crime syndicates,both overseas and domestically. "The relative ease with which sensitivedata can be acquired by either high tech (malware) or low tech (placinga criminal within an organization) means makes it attractive fororganized criminals that have the resources to execute such attacks,"says Holland, of the Aite Group.
The Bonanno crime family was making money from the sale ofunauthorized identification documents (including social securitynumbers and health and life insurance applications). "If the mafiaconsiders that selling sensitive information is a legitimate line ofbusiness, then clearly the days of just amateurs committing breachesare well behind us," Holland observes.
Brazilian antitrust regulators areinvestigating Redecard SA, the local processor of payments forMastercard Inc., after the national internet association saidthe company impeded competition with conditions on onlinepayments. Sao Paulo-based Redecard changed its contracts to requireonline payment systems such as EBay Inc.’s PayPal unit toprovide lists of clients and use its Komerci platform to processtransactions, the antitrust arm of Brazil’s Justice Ministrysaid in an e-mailed statement late yesterday. The antitrust bodybanned the contract changes as a preventive measure, accordingto the statement. Redecard denied any wrongdoing and said it will cooperatewith authorities, according to a regulatory filing.
By Guillermo Parra-Bernal
SAO PAULO, July 17 (Reuters) - The antitrust unit of Brazil's Justice Ministry said it has opened an investigation into credit card operator Redecard (RDCD3.SA), sending the company's shares down 2.56 percent. The Economic Law Secretariat at the Justice Ministry said Redecard would be investigated for imposing terms on online payments that might hamper free competition.
The probe comes as Brazil, Latin America's most populous country, moves to heighten competition in the $190 billion credit card industry, where customers and merchants complain about exorbitant costs and a dearth of options.
The Brazilian Internet Association, an industry guild based in Sao Paulo, asked regulators to investigate whether Redecard modified contractual terms to have online payment processors provide lists of clients. Under the changes, Redecard would require Internet companies to provide a list with their customers and online stores.
As a preventive measure, the secretariat, known as SDE, banned the contractual changes, which were to take effect on Aug. 1. The association said the use of the MasterCard (MA.N) brand by Internet-based companies such as PayPal and Mercado Livre in Brazil would have become more restrictive, keeping consumer fees from falling.
Redecard, which has an exclusive contract with MasterCard, authorizes merchants, issuers and transactions and acts as a clearinghouse.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s-OHok8GuFIRveGtsWL38DApN6bpFF0KB-YmJs4OLC7Cj95fd9oNbkFpwsaaUBF0dJv9dgLaI0BdzpURgtyy7TSNZrXu7ZK5-5m2q4Xgu8IdArCUVcx0Yx_fTna0_9weiMgo6OIW6s-03cd0Zc2QY=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uHeTq5wdnhADQcOEpsgHG96VBLnGwP36S5KkYmYhK1BK309L2wtWrZ7CNR3xqBDsg0lD0bsY8qsWOevAUUBv1ziDK1bFyF9VWAWSvhDZf-3H_eZL6sA0qrv3XUTA_wW8cC36DAFJJv7x39RqQhCER9=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ssgHoYXwksXSiT7CLOIsNi3RbQHdZ42abk_BXaBxVVtIsdLMDxJIyQrzQoCHtCNiHUx3ep3XCClEeJrjUKO_BAadp-J1SwPRQMxU-repemdCdrr_6oLlzuf9pmeL097TX4-Oop-kRFDqx-t5-Mcc8n=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t-ZNlKeMjPQGqI2JimcX-4ogF2oD96kNiiJezDnpX9LYqtKBaI2lSyFILrU-tJOgypW3GGAgZ80hrn0mD-qeP0JkIayb66j9gJcQUdN1BJhgTIlujulV9hyEL-kwHbRHniPzxBBxrfx6lQB0EJvwzV=s0-d)
The Growing Threat to Business Banking Online
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_teeMhABiNGHmkwfYmTji_EUhV3jrd4Ag2MeY_moToqia_y4_EOKN2xveSA5MfwBLl9sAe3na0ok2JHE30dq-mWVedpFNN-EGCpchgJwVxIHJpjC3WsEOtTJxyuNU35qelmloaB9uBXjTC5wGqN1FmP=s0-d)
In a followup to a post I did on July 15th entitled: "Firm that Settles Credit Card Disputes Accused of Fraud" the state of Minnesota announced that the nation's largest arbitration firm, used by 
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vIaH5075hVx6Y9eD7fCMGwibIh4LmBCTiMsJy1613SVR566cCdgvg44rzsFn2_tkRcCTDib5wtJpiPlg9Q3Tb-k7geZWD6r1O0O5LvfcIqIsxQBBV32CRcMkZCgMg7vzvv8RrHtGgYvbPJZXUOZk8=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sNlNmkMbUI5E1sMzIJeazzspfyU10cfMbpKlDagPxz4UqR6TC3nfK-cxqfgkQQd4s3y8mdCWVFFgANVlY2OD0q2gE1qHZzEEVkwh8rejlhF_klmD-2zoAZazbPnneOU6RYFCV86fimZjrxlHfVRyCp=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_un-BNJBKx9RBeG-nKqggw_z3XPPVSA5o8CV8jbum2AhHydLuignaU_XhF7MSse1LnyNkrhO6XLItChKqU_JJ4arSBS3XrxXoWW5tt983zOSNp34a0J78SRHLlyQ42bBuEKQ9gMBlU27FdFhIPrV3U=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uGdF4Z95jiCP3F6IhqSswQKkYxxoIM3Vtn7_FeSjyrQVEv_iS0ZdnToGGWc8WD8hvlDOyqRVzx8KgnBV7TBR0U4hINRhVuEQlHLjB05Lw1K_29rCMfoWhoW3QwTuVO7ibeEjtmxZ_GKMxtQSu09TkH=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uJ6U1USxaf6G4NW0sOg4xVqs5jTKSa1S-2JqQTpsES1NUgABGnuiyJx7pFvw0Ln7VjFssVl6bxHUNMbipOuAgaQ-JuzSutFicQunMz279SPRWKB0vowSJdS0XwQLeP0RtidEbe2KxJRfLEA4xukbUL=s0-d)