MoneyGram Teams with Affinity Global for Mobile Money Transfer

MoneyGram, Affinity Global launch mobile money transfer service

Minneapolis and Dallas, Aug. 3, 2009 -- MoneyGram International (NYSE: MGI), a leading provider of global payment services, and Affinity Global Services, a leading mobile financial services company, today announced an agreement that will enable mobile money transfer receives in important markets around the globe, bringing greater convenience and extending the benefits of MoneyGram services to a new category of consumers.

According to the World Bank, more than 200 million people live outside their home country. Mobile networks, which are now globally available, help immigrants stay connected and mobile money transfer applications will enable these and other subscribers better manage their finances. The MoneyGram and Affinity Global Services alliance will allow consumers to use MoneyGram’s agent network of over 180,000 locations around the world to send money to an account associated with a mobile device.

“In developing economies, there are more people with mobile phones than traditional bank accounts. We see a tremendous opportunity to better serve these consumers by delivering MoneyGram remittances in compelling new formats such as mobile technology,” said Anthony Ryan, MoneyGram president and chief executive officer. “Our relationship with Affinity Global Services will significantly enhance our agent network by allowing us to partner with mobile network operators in key corridors such as Latin America, Asia and Africa, and provide convenient, affordable and reliable money transfer services to consumers around the world.”

Affinity Global Services is the first Mobile Gateway to facilitate MoneyGram services, and will provide technical connectivity between MoneyGram and various mobile network operators. The MoneyGram mobile money transfer service will use Affinity Global’s MADE™ Platform, enabling MoneyGram to connect to virtually any mobile network operator. The parties are currently in discussion with a mobile network operator which is expected to be the first to launch the service to consumers later this year.

”MoneyGram understands that success in the mobile sector is about more than just technology,” said Ritchie Skelding, Affinity Global Services chairman. “To make mobile money transfer services work on a global scale requires a partner with world-class systems and a willingness to partner with mobile operators. Success also takes a commitment to deliver consumer value in a simple and transparent way. There is no ‘one-size-fits-all’ in this rapidly evolving space so MoneyGram’s entrance into the mobile money sector will help accelerate adoption of these services.”

About Affinity Global Services, Inc.

Affinity Global Services is a mobile solutions company based in Dallas, Texas. We believe in bringing economic freedom and opportunity to underbanked people around the world.

Established in 2004 and funded by US and international venture capitalists, Affinity boasts a leadership team of wireless and financial services veterans. We understand that wireless technology can deliver financial empowerment to those in need – and that providing such empowerment benefits everyone. For more information, visit www.affinityglobalservices.com .

About MoneyGram

MoneyGram International offers more control and more choices for people separated from friends and family by distance or those with limited bank relationships to meet their financial needs. A leading global payment services company, MoneyGram International helps consumers to pay bills quickly and safely send money around the world in as little as 10 minutes. Its global network is comprised of 180,000 agent locations in 190 countries and territories. MoneyGram’s convenient and reliable network includes retailers, international post offices and financial institutions. Now, MoneyGram offers its most loyal customers MoneyGram Rewards for cash discounts on eligible money transfers from the U.S. – visit www.mymoneygram.com to register today. To learn more about money transfer or bill payment at an agent location or online, please visit www.moneygram.com .

Source: Company press release.

Related articles by Zemanta

• MoneyGram Announces Reload Agreement with netSpend (pindebit.blogspot.com)

Smart Card, Dumb Move - Fake ATM at DEFCON

There are some dumb moves and then there are some really dumb moves.  Like robbing a Dunkin Donuts full of off duty cops.  Here's one for the ages.  A hacker planted a fake ATM at the DEFCON conference in Las Vegas, the world's largest hacker convention.  Was it a joke?  If not, the IQ of the hacker who placed it there is...

From Engadet

The hooligans in this case have a dry sense of humor or are extremely unlucky: Either way, we can't help but get a chuckle out of the fact that someone placed their smart card skimmin' faux ATM at the Riviera Hotel Casino in Las Vegas -- during DEFCON, the world's largest hacker convention. No one can say exactly how long the kiosk was there -- at least the kids were smart enough to place it right outside the security office, one of the few places in the conference center not under surveillance. It was picking up on this last fact that aroused the suspicion of Brian Markus, CEO of Aries Security. When shining a light through the glass panel that should house a camera, he instead found the PC that was set up to skim people's data. He then notified security, who removed the device and once again made the world safe for hackers and their bank accounts.

Related:  http://www.defcon.org/

Related articles by Zemanta

• Smartcard meters hacked for free parking (cnn.com)
• Exclusive Peek Inside Defcon's High-Tech Badge (wired.com)
• Fake ATM at Defcon ... not the brightest idea (inquisitr.com)

TNB Extends Agreement with First Data

TNB extends card services agreement with First Data

Denver and Dallas, Aug. 3, 2009 -- TNB Card Services of Dallas today announced a renewal agreement for First Data to provide credit and debit card processing services through 2014. Working with First Data since 1993, TNB offers credit and debit card processing, including STAR ATM Network services, to credit unions across the U.S. First Data also provides remittance processing services to TNB and its clients.

“Our long-term partnership with First Data allows us to deliver significant value to our credit union clients via industry-leading technology and payment systems. We renewed this agreement because First Data demonstrated it is the best partner to help us achieve our vision of helping credit unions compete in the electronic payments industry,” said Scott Wagner, executive vice president, TNB Card Services.

TNB provides its credit union clients with full-service credit and debit card processing, ATM terminal driving, and enriched card products that provide extra benefits, features and rewards as well as portfolio consulting, risk-based pricing tools and powerful fraud detection systems.

“We’re grateful to continue our relationship with TNB and look forward to bringing new services and opportunities for growth to TNB clients,” said Matt Kardell, senior vice president, Sales and Strategic Relationships for First Data’s Financial Services business unit. ”This long-term renewal with TNB is a great example of First Data’s ongoing commitment to the group service provider market.”

About TNB Card Services

TNB Card Services, owned and directed by credit unions since 1976, provides electronic payments processing for credit unions nationwide. Serving more than 550 financial institutions of all sizes and managing more than 2 million cards, Dallas-based TNB enables credit unions to enhance member loyalty through credit union-branded card products. For more information about TNB, go to www.tnbcard.com or call Mark Fenner at 1-800-422-0733 ext. 6655.

About First Data

First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries. For more information, visit www.firstdata.com .

Source: Company press release.

Bill.com and the Gap They Intend to Fill

Bill.com Aims to Plug an ePayments Gap among SMBs

Bank Technology News  |  August 2009

By John Adams

Believingsmall and medium sized businesses are an underserved market forelectronic payment platforms, online payments workflow firm Bill.comhas introduced Bill.com ePayments, which lets businesses pay anyemployee, person or vendor regardless of size via electronic directdeposit.

Bill.com hopes to gain traction among small and medium sized business(SMBs), a segment that’s been slower to adopt electronic billing thanconsumers and large corporates, by simplifying processing and making it“green.”...

 Continue Reading at American Banker/BTN

Related articles by Zemanta

• 70% of The Writing is On the Wall (pindebit.blogspot.com)
• Grappling With ACH Fraud - BTN (pindebit.blogspot.com)
• Gartner: Fraud Increasing Bank's Risk of Losing Customers (pindebit.blogspot.com)
• How to Capture $21B of Lost eCommerce Sales - Security (pindebit.blogspot.com)
• Bill.com Introduces ePayments for Small and Midsized Businesses (paymentsnews.com)

Fiserv is 25

Fiserv celebrates 25 years by remembering founders and clients

Brookfield, Wis., Aug. 3, 2009 -- Fiserv, Inc. (NASDAQ: FISV - News), the leading global provider of financial services technology solutions, announced today the celebration of its 25th year as a company. It was July 31, 1984 when Sunshine State Systems, Inc. in Tampa, Florida and First Data Processing based in Milwaukee, Wis., combined to form Fiserv, the first national financial services company, with its headquarters in Milwaukee.

The regional data processors combined to serve small banks and thrifts, growing organically and through more than 150 acquisitions, from a $21 million business, with 350 employees in 1984, to a $4.7 billion Fortune 500 company, with 20,000 employees and the No. 1 ranking on the FinTech 100 list of technology partners serving the financial services industry.

“We had a great idea – to focus on data processing for banks and build from our foundation of regional operations to create a nationwide enterprise. Now, 25 years later, Fiserv is a global powerhouse, far exceeding anyone’s expectations,” said George Dalton, Fiserv Co-Founder, and former Chairman, Chief Executive Officer (1984-2000).

Fiserv went public, trading on NASDAQ under the symbol “FISV” in 1986, as a $70 million data processor. Within four years, Fiserv was serving some of the nation’s largest financial institutions.

Leslie Muma, Co-Founder of Fiserv, former President, (1984-2005), Chief Executive Officer, (1999--2005), and member of the Board of Directors, (1984-2006), added, “Fiserv had expertise to offer banks and credit unions at the perfect time. Banks then, as they are now, were looking for solutions to handle their processing needs and provide their customers with the latest technology at the lowest price. Since then many competitors have followed essentially the same business model that George and I envisioned, but we are proud to say Fiserv remains the leader.”

In 1991, Fiserv entered the commercial bank, international, and credit union core account processing markets for the first time, doubling the number of clients with the acquisition of Citicorp Information Resources, a subsidiary of Citicorp. Today Fiserv sells its solutions in more than 40 countries serving clients around the globe.

In 1995, Fiserv acquired Information Technology, Inc., (ITI), in Lincoln, Nebraska, expanding the number of account processing clients for Fiserv, and gaining the most widely implemented account processing platform in the United States, Premier. Don Dillon, Founder of ITI, former Fiserv Vice Chairman (1995-2000) and current Chairman of the Board, said, “Fiserv serves more clients today, and has continually created value for our clients by anticipating their needs. We continue to offer them the best possible solutions, with a cultural commitment to earn their trust every day. At Fiserv, we continue to serve community banks, regional banks and, credit unions and, notably, provide every one of the top 100 banks in the U.S. with one or more of our products and services.”

In 2007, Fiserv made its largest acquisition of its first 25 years, buying CheckFree Corporation, a world leader in financial electronic commerce, and the leading provider of online banking, online bill pay and electronic bills. Since this acquisition a primary focus of Fiserv has been to lead digital innovation and provide integrated solutions for the company’s 16,000 clients. In February of this year, Fiserv announced a new go-to-market strategy in which all business units were branded Fiserv, bringing one name to the market and optimizing access to the company’s considerable strengths, technology solutions and expertise for its clients.

“The bridge between our first 25 years and the next is our commitment to serving clients. We are focused on delivering technology solutions that are differentiating and innovative,” said Jeffery Yabuki, Fiserv President and Chief Executive Officer. “We know our real advantage is the quality of our people and their commitment to excellence which translates to the best experience for our clients. We are excited about the possibilities that lie ahead for our great company.”

About Fiserv

Fiserv, Inc. (NASDAQ: FISV - News) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com .

Source: Company press release.

This is the "Type" of Security That Will Empty Your Bank Account

Excerpts from the Economic Times

By the time you will read this, the new Reserve Bank of India(RBI) norms that enforce (in my opinion, a dangerous) third-factoridentification for all online credit/debit card transactions will bealready applicable. As a cardholder, you will no longer be able to makeonline purchases or payments if you haven’t registered yourself for anadditional security layer with your partner bank.  TillFriday, all one needed to do to make an unauthorized transaction fromyour card was to steal three security details that included cardnumber, card expiry date and 3-digit or 4-digit card verification value(CVV) number...

...but ifyou think the new security system acts like a guarantee providing forcover against online frauds, then you are treading on wrong turf. 

Editor's Note: Because they are still  instructing you to "type!" your personal information into boxes in a browser.  How dangerous is that?  Well, besides keylogging, just click on the box on the left to enlarge and see what has happened to the state of the malware threat from Janaury to July.  Besides, it's clear from the paragraph below that the purpose of this "added layer of non-security" is to provide a false sense of one and to PIN the fraud liability on the consumer!

This is what bankers have to say on the subject:


1.   If the wrong password is entered as part of this extra authentication, the bank informs e-commerce merchant and if the merchant still goes ahead with the transaction, it becomes merchant’s liability

2.   On the other hand, if the password is correct even if customer disputes the transaction, it is still a customer’s liability.”

(Hmmm...interesting.  It appears that from now on, fraud is now eitherthe merchants liability or the consumers.  Didn't see a scenario whereit was the banks, did you?)  Stumped? To help you with all such concerns and questions, here’s a ready reckoner on what does the new security layer implies for you as a cardholder. Editor's Note: It's no accident they wrote: "Implies"... (vs. Provides)

“From the cardholders’ perspective, (Editor's Translation: "perception")another layer of protection gives a lot more comfort in terms ofsecurity for the online transactions using credit/debit cards . (reality: another layer of this type of non- protection simply provides another way for hackers to intercept financial data, whether it be via malware (see malware growth chart above right) keylogging, phishing, XSS, etc.

Though it will also mean you may have to go through another step to complete your transaction online (the extra step is only there to determine whether banks hold the merchant or consumer is liable for the fraud) but doing that (from the banks perspective) is always better thanhaving to deal with fraud and face the risk of losing your hard earnedmoney,” says Basant Shroff, associate director, financial services — advisory services, Ernst & Young.

Editor's Note:

This is what I have to say on the subject. 

This is such Bullcrap!  Adding another false layer of "bullcrap protection" will "only" provide a bullcrap "false sense of security" 

Adding another bullcrap step which they say will get rid of thebullcrap fraud actually provides hackers with "ANOTHEROPPORTUNITY" to steal your money. 

C'mon people!  Read between thelines on this one.  It's 100% BS..  Let me sift through the stinkhere. 

Consumershave fears about security, so they are cajoled, no scratch that,"fooled" into thinking online shopping is more secure because banksadded another layer of "Emperor's Clothing." 

So, in reality, the only thing they have providedhere is yet another step for hackers to steal passwords under the "false pretense"  of "enhanced security." 

Question:  If it's truly safer, then why have they covered their butt by stating that if the password is correct, (it doesn'tmatter if you dispute the transaction)...you are liable!   If it was truly secure, then they would assume liabiility! 

Talk about stanky!...openthe windows, turn on the fan, spray some air freshener, scratch that, call in the fumigator!  This is Smoke and Mirrors,  plain and simple.

As per RBI figures, Indian banks lost out on almost Rs 37 crore in 12,959 credit card fraud cases reported last year.

(Editor'snote:  Hence the introduction of a "third new layer" ofauthentication designed to shift bank  liability to merchants andconsumers in a most "shifty" way. 

According to the article, "Some banks,in fact, have gone a step ahead creating the security wall."  (Editor's Note:  Wait til you read this one.  Are you strapped to yourchair?  Because I almost fell out of mine when I read the folowing. 

For instance, while generating 6-digit PIN as an additional security layer at ICICI Bank, you are also asked to type a message, known as personal assurance message. (PAM).

(Editor's Note: Add an S to be beginning of that word and you'll find out how the bad guys will phish your PAM silly) This PAM is known only to you.  (Editor's Note: Are they joking?  For how long?  Here's for how long.  Until you "type" it into a box somewhere....!)

“When you type your credit card number on the merchant’s website, "IT" will take you (what/who will take me?) to the bank’s website to complete the transaction, where you need to "type" in the PIN,” explains a ICICI Bank spokesperson.  

Editor's Note:  Thisis beyond bullcrap, it borders on insane.  What's so hard to understand that it's the stupid typing of their passwords, usernames, card numbers, this new "PAM" garbage, etc. that is the root of the problem.  So the NEW system now asks you to type, even more of your information into boxes and double/quadruple your chances of getting hit by fraud.

Another question:  What is this "IT" that takes me to the bank's website?  It "IT" the web browser?  Is "IT" an API that simply takes you to another website?  There is NO WAY anyone could know whether or not they are being redirected to a legitimate versus a cloned bank website.

This is their idea of the future of ecommerce?  To increase risk by creating more steps which require more typing?

Why is that so hard for supposedly "learned" people to understand that the problem IS the typing?  See "It's the Typing Stupid"

Suppose that after you "type" your credit card number on the merchantswebsite, you are "redirected" to a "cloned bank website?"  Hackers cando this in one of many ways.  And how would you know?  The clonedwebsite looks authentic.   The "https" says it's authentic.  (for those who think that still means anything) Maybe it will display their EV SSL certificate!    Ooops, nevermind.  Those were exposed last week. 

Anyway, once you get to either the bank website, you follow the bank instructions and "type" in your PIN.   Even if you ARE on the "legitimate" website, hackers can steal whatever you type.   If you are on a cloned bank website guess what happens after you "type" your PIN?  Did you say your bankaccount gets emptied.  Correct you are.

Now what?  You have to try and get your money back right?  Well, here's the bad news...according to this article, and Iquote: "if the password is correct and even if customer disputes the transaction, it is still a customer’s liability.”  Oh...nowI get it.  They just shifted the responsibility of the loss from the bank onto theconsumer. So, I guess this post is directed at consumers:   "If you expect a secure eCommerce transaction, you won't "type" anythinginto the browser.  It's really not that hard to understand.  Is it?   If it is, take a look at some of the related article below.

How Can HomeATM's Technology Help? 

HomeATM is proud to offer consumers the immediate availability of our PCI 2.x Certified SafeTPIN, a personal credit/debit cardreader that keeps your credit card information and identity completelysafe when you’re banking or shopping online. Simply plug the SafeTPIN into yourcomputer’s USB port, (no software or driverss needed) visit your favorite online banking site and swipe your card and enter your PIN exactly like you would at an ATM.  There is no safer way to log in to your online banking account.  When it comes to shopping, just visit your favorite shopping site, swipe your credit card and the SafeTPIN scrambles and 3DES encrypts the user’s track2 data  before itreaches the user’s computer or Internet providing instant protection from malicious software attacks. 

HomeATM provides complete End to End Encryption (Zones 1-4) for Track2 data. (to the Card Brands) PIN Debit transactions via HomeATM provide 100% "Zone 1 through Zone 5" (including Card Brands) End to End Encryption.

Regarding our PIN Debit transactions...there is not an ePayment method that is safer.  Period.  The ONLY PCI 2.x PIN Entry Device designed for eCommerce in either hemisphere.  With HomeATM's solution, the consumer will NEVER TYPE.  HomeATM has a pending patent on assigning PIN's to credit cards via our PIN MY Card application.    

Related articles

• India's Mandate re: Stronger Authentication for Card Not Present Use (paymentsnews.com)
• Card Not Present Fraud up 13%...HomeATM Can Help! (pindebit.blogspot.com)
• Yet Another Example of Consumers Preferring Debit Cards (paymentsnews.com)
• Online Banking's Innate Security Flaws (information-security-resources.com)
• New Standard for Encrypting Card Data in the Works - HomeATM Already Done (pindebit.blogspot.com)
• 'Both Sides of the Mouth' Security Analysis (information-security-resources.com)
• How to Capture $21B of Lost eCommerce Sales - Security (pindebit.blogspot.com)
• Debit Surpasses Credit for the1st Time in Visa History (Volume & Transactions) (pindebit.blogspot.com)
• Financial Systems Unacceptably Vulnerable! (pindebit.blogspot.com)
• E(F)T Call Home(ATM) (pindebit.blogspot.com)
• Analyze This...More on Hack You! (pindebit.blogspot.com)
• Comparing Apples To The "Real Deal" (information-security-resources.com)

Apple Releases Fix to SMS Mess

As we learned this week at Black Hat, a memory corruption issue exists
in the decoding of SMS messages and receiving a maliciously crafted SMS
message may lead to an unexpected service interruption or arbitrary
code execution.



Apple released iPhone OS update 3.0.1 which addresses the issue through improved error handling.













iphone-sms -

CL Verify UK Launches Fraud/Banking Solution

CL Verify UK™ launches Fraud and Banking Solution™ - Solution provides exclusive access to the most predictive information available for evaluating UK consumer credit risk - TAMPA, FL (July 31, 2009)— CL Verify UK™, (www.clverifyltd.co.uk), a leading real time credit reporting agency, today announced the launch of its exclusive Fraud and Banking Solution™, providing lenders, credit issuers and collection firms with exclusive access to highly predictive information available for evaluating UK consumer credit risk. The Solution combines more than 20 years of UK and IRE bank account performance information with the Company's industry leading analytic experience to deliver over 30 identity, bank account and financial performance attributes along with two highly predictive scores. "The UK consumer demand for short term liquidity is sizable and growing rapidly. Yet the substantial risk of credit losses has resulted in the majority of applications being unapproved because of insufficient risk management information available up to now," said Kim Anderson, Managing Director. "Our Fraud and Banking Solution™ directly meets this challenge by delivering exclusive access to unique, highly predictive information and advanced analytic resources designed to mitigate risk and develop profitable, sustainable loan portfolios for our clients." Built using unique and proprietary data sources, coupled with the power of the PreView Technology™ platform and the experience of the leading US real-time credit bureau, this innovative decision tool allows users to effectively decision UK consumer credit applications in real-time. By minimising fraud risk and reducing payment defaults and charge-offs, Fraud and Banking Solution™ users can successfully deploy lending strategies which optimise Total Portfolio Profitability™. For more information, visit www.clverifyltd.co.uk or email sales@clverifyltd.co.uk. About CL Verify UK™ Ltd. CL Verify UK™ is a fully licensed credit reporting agency as authorized by the UK Office of Fair Trading and provides an integrated suite of decision support solutions for evaluating UK consumer credit risk. The Company's proprietary consumer data, advanced analytics and PreView Technology™ platform provide clients with the most predictive resources for identifying, managing and optimizing the entire credit life cycle of a customer. For more information, visit www.clverifyltd.co.uk or email sales@clverifyltd.co.uk.

MasterCard/Visa See Debit Grow but"Credit Declined"

MasterCard Inc. saw U.S. debit card purchase volume rise 3.4% from year-earlier levels to $82 billion in the second quarter, and debit purchase transactions rose 11.3% to 2.11 billion. But U.S. credit purchase volumes fell 15.5% to $120 billion on 1.5 billion transactions, off 5.8%. Total worldwide transactions processed grew 7.9% to 5.63 billion...

Visa Inc. processed 10.3 billion transactions in its third fiscal 2009 quarter ended June 30, up 8.4% from 9.47 billion a year earlier. But most of the operating data Visa released Wednesday with its latest earnings report were for the quarter ended March 31, and they showed a 9.7% decline in U.S. credit payments volume and 3.9% decline in credit transactions from the year-earlier quarter. U.S. debit volumes, however, rose 4.7% and transactions increased 10.3%.

Related articles

• Sign of the times: Americans increasingly opt for debit cards (dailyfinance.com)
• Brazil sale boosts Visa profits (news.bbc.co.uk)
• MasterCard Swings to Profit, Beating Estimates (nytimes.com)
• MasterCard and Visa Best Expectations (nytimes.com)
• Credit-card reward plans may fuel debt: study (cbc.ca)
• Social Security Debit Card Gains Traction (usnews.com)
• Debit Surpasses Credit for the1st Time in Visa History (Volume & Transactions) (pindebit.blogspot.com)

Merchant Risk Council Adds New Board Members

FOR IMMEDIATE RELEASE


MERCHANT RISK COUNCIL ADDS NEW BOARD MEMBERS
Leaders from Accertify, GlobalCollect, Linden Lab and Microsoft Join MRC Board

(Seattle, WA—July 31, 2009) The Merchant Risk Council (MRC), a merchant-led trade association focused on electronic commerce risk and payments globally, today announced the results of their 2009-2010 board elections.

New MRC Board Director:
Mike Duffy – President and CEO, Chase Paymentech

Re-Elected MRC Board Directors:
Tom Sullivan – Sr. Director, Global Payments & Risk, Expedia, Inc.
Gerry Sweeney – Global Head, e-Commerce & Authentication, Visa, Inc.

New MRC Board Advisors:
Gary Doernhoefer – Co-Founder and General Counsel, Accertify, Inc.
Floris de Kort – Chief Commercial Officer, GlobalCollect
James Pierson – Trust and Safety Program Manager, Linden Lab
Ronda Sifford – CSAT Risk Management Group Manager, Microsoft

Re-Elected MRC Board Advisors:
Al Boddorf – Director, Global Financial Services, Dell, Inc.
Jerett Sauer – Director Loss Prevention, Gap Inc. Direct
Tom Keithley – Vice President of Credit Policy, PayPal
Mike Petitti – Chief Marketing Officer, Trustwave

Tom Sullivan has been re-elected as MRC Board Chair. Pete Pouridis, Vice President, Loss Prevention, Neiman Marcus Group Services has been re-elected as Board Secretary. Joining the MRC officers is new Board Treasurer, Karl Hebert, Director, Global e-Commerce Product Management, Wal-Mart.

“We are very proud to announce our new board,” said Tom Donlea, MRC Executive Director. “The electronic payment professionals who serve on our board represent the brightest minds in our industry. This group will prove invaluable in driving towards and achieving the vision, mission and strategic goals of the MRC.”

Outgoing MRC Board members include: Tim Laudenbach, Credit Risk Manager, BestBuy.com; David Gee, Director of Finance & Administration, Blizzard Entertainment; Ori Eisen, Founder, Chairman and Chief Innovation Officer, 41st Parameter; and Jon Karl, Vice President of Business Development & Founder, iovation.

“Tim, David, Ori and Jon have been instrumental figures in the evolution of the Merchant Risk Council,” said Tom Sullivan, MRC Board Chair. “Their commitment, energy and expertise have been vital in educating our membership on the advancements and progression of electronic payment fraud prevention.”

Full 2009-2010 Merchant Risk Council Board Roster

MRC Directors:

• Chair, Tom Sullivan – Sr. Director, Global Payments & Risk, Expedia, Inc.
• Secretary, Pete Pouridis – Vice President, Loss Prevention, Neiman Marcus Group Services
• William Lambson – Director, Global Commerce Payments and Risk, Adobe Systems, Inc.
• Dave Moriarty – Director of Data Mining, Apple
• Mike Duffy – CEO, Chase Paymentech
• Perry Dembner – Vice President, Marketing, CyberSource Corporation
• Brad Craig – Director of Risk Management, Discover Network
• Gerry Sweeney – Global Head, e-Commerce & Authentication, Visa, Inc.
• Dave Sessions – Vice President, Strategy and Business Development, Wal-Mart Global e-Commerce

MRC Advisors:

• Gary Doernhoefer – Co-Founder and General Counsel, Accertify, Inc.
• Al Boddorf – Director, Global Financial Services, Dell, Inc.
• Jerett Sauer – Director Loss Prevention, Gap Inc. Direct
• Floris de Kort – Vice President of Business Development, GlobalCollect
• James Pierson – Trust and Safety Program Manager, Linden Lab
• Ronda Sifford – CSAT Risk Management Group Manager, Microsoft
• Tom Keithley – Vice President of Credit Policy, PayPal
• Mike Petitti – Chief Marketing Officer, Trustwave

MRC Board Consultants:

• Treasurer, Karl Hebert – Director, Global e-Commerce Product Management, Wal-Mart
• Mike Long – Chief Product Strategist, Accertify, Inc.
• Mia Shernoff – Executive Vice President, Marketing, Chase Paymentech
• Kathy Reeves – Manager, Business Development, CyberSource Corporation
• Tunga van Vliet – Marketing Manager, GlobalCollect

The MRC Board will next convene at the Merchant Risk Council’s Semi-Annual Platinum Meeting in San Jose, CA, September 30-October 1, 2009.

About the Merchant Risk Council

The Merchant Risk Council (MRC) is a merchant-led trade association focused on electronic commerce risk and payments globally.  The MRC leads industry networking, education and advocacy programs to make electronic commerce more efficient, safe and profitable.

Today, with the power of its member-base, the MRC is the leading trade association for managing payments, preventing online fraud and promoting secure e-Commerce.  The MRC is dedicated to working with e-Commerce and multi-channel merchants, payment processors, credit card issuers, credit card companies, alternative payment providers, risk management experts, and law enforcement to make the Internet a safer and more profitable place to do business.

The MRC is headquartered in Seattle, Washington.

Jordan Rubin

Communications and Membership Manager

www.merchantriskcouncil.org

206.364.2789 office | 206.367.1115 fax

Related articles by Zemanta

• Merchant Risk Council to Sponsor CNP Payment Forum (pindebit.blogspot.com)
• MRC to Lead Fraud Risk Discussion at NRF Conference (pindebit.blogspot.com)

In Two Weeks Your iPhone Will Be Hacked

Does the picture on the left look familiar?  Cause I've used it a dozen times in a dozen posts.  In fact,  most recently, about two posts ago.  The article below is justifies it's use once again.  And this is only the tip of the iceberg.  Smartphones use browsers.  Browsers are not safe.  Financial transactions need to be done outside the browser space.  It's the typing.  Researchers at Black Hat exposed a major vulnerability in the iPhone which would allow a hacker to send an SMS message and completely take over not only your iPhone but everybody in your contacts lists phones as well.   

iPhone vulnerable to hacker attacks, experts say

Flaws can be exploited to take complete control over an iPhone (and other smart phones)

LAS VEGAS - Security experts have uncovered flaws in Apple Inc.'s iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.

IPhone users needed to be warned that their devices are not secure and Apple should try to repair the vulnerability as soon as possible, they said at the Black Hat conference in Las Vegas, one of the world's top forums for exchanging information on computer security threats.

"It's scary. I don't want people taking over my iPhone," Charlie Miller, a security analyst with consulting firm Independent Security Evaluators, said in an interview.

Miller and Collin Mulliner, a Ph.D. student at the Technical University of Berlin, also discovered a method for hacking the iPhone that lets hackers easily knock a victim's iPhone off a carrier's network.

It prevents users from making calls, accessing the Internet and exchanging text messages, they added.

The two showed how they can disconnect an iPhone from the cellular network by sending it a single, maliciously crafted text message — a message the victim never sees. The messages exploit bugs in the way iPhones handle certain messages and are used to crash parts of the software.

1. The major issue is a security flaw involving SMS. Specifically, thehack can control an iPhone remotely, including your iPhone’s camera, Safari, and more. It can even send messages to friends in your address book, which is where this hack becomes scariest.
2. The hack works by sending you code in an SMS message (or a seriesof messages) that crashes your iPhone. After that, your iPhone istheirs to use.
3. The offending text would come in the form of a single square character. If you get the square character, turn off your phone IMMEDIATELY.
4. You only have to receive the message to get hacked; you don’t even have to do anything with the text message.
5. The flaw was discovered by noted security expert Charlie Miller, who has hacked everything from MacBook Airs to Second Life, and partner Collin Mullinger.
6. The attack was presented publicly at the Black Hat conference.The duo decided to do this after Apple gave them no response back inJuly, when they provided Apple with information on the security flaw.The goal is to bring attention to the flaw (which they are clearlygetting).
7. According to Reuters, now that the vulnerability is exposed, hackers could build software that mounts this SMS attack within the next two weeks.
8. Apparently Google Android, Windows Mobile phones, and Palm Presare vulnerable to similar hacks. The team demonstrated the attack on anAndroid phone and a Windows Mobile phone.- Mashable.com

They even said it's possible to remotely control an iPhone by sending 500 messages to a single victim's phone. Those messages contain the necessary commands for the attack and would get executed automatically by exploiting a weakness in the way the iPhone's memory responds to that volume of traffic.

Miller said messaging attacks are so attractive, and are going to become more common, because the underlying technology is a core phone feature that can't be turned off.

"It's such a powerful attack vector," Miller said. "All I need to know is your phone number. As long as their phone's on, I can send this and their phone's going to do something with this. ... It's always on, it's always there, the user doesn't have to do anything — it's the perfect attack vector."

They said the information they presented at Black Hat will give criminals enough information to develop software to break into iPhones within about two weeks. 

Continue Reading

Related articles by Zemanta

• Hackers claim popular iPhones a target (canada.com)
• iPhone SMS Security Flaw Could Allow 'Every iPhone In the World' to Be Hijacked [Security] (gizmodo.com)
• Hackers show how Apple iPhone can be taken over by malicious text message (guardian.co.uk)
• Security Experts Pressure Apple Over iPhone SMS Hack (businesspundit.com)
• Security researchers to unveil iPhone SMS vulnerability later today (tuaw.com)
• How to hack an iPhone using SMS (daniweb.com)
• The iPhoneocalypse is Coming: Every iPhone is at Risk (mashable.com)
• SMS vulnerability on iPhone to be revealed today, still isn't patched (engadget.com)
• iPhone Hack Exposed: The Key Facts (mashable.com)
• iPhone and other phones could be hacked via SMS (ubergizmo.com)
• New iPhone hack raises the specter of smarthphone viruses (dailyfinance.com)
• SMS Hack Could Makes iPhones Vulnerable (apple.slashdot.org)

Jamaica Fraud Tops $3 Billion Dollars

Jamaica Gleaner News - Fraud hits historic high at $3b - Business - Friday | July 31, 2009

Fraud hits historic high at $3b
Published: Friday | July 31, 2009
Avia Collinder, Business Reporter

Detective Carl Berry of the Organized Crime Unit of the Jamaica Constabulary Force shows merchants and employees a fake credit card that was seized by the police, at a National Commercial Bank 'Merchant Fraud Seminar' in Kingston. To curtail its losses from credit card scams, NCB has partnered with the police on a series of seminars.

Corporate earnings lost to fraud hit $665 million for the first half of this year, prompting the police fraud squad to warn company managers and individuals to be more vigilant in the supervision of employees and pre-paying for goods and services.

But that outcome annu-alised is a more than a two-fold improvement, coming off a spectacular year for crooks in 2008 when monies lost to fraudulent activity passed the J$3 billion mark for the first time in Jamaica's history.

Continue Reading Mawn

Think This is Safe? Think Differently!

Experts predict more mobile Trojan slip-ups on the way

As news that the Symbian Foundation has admitted it needs better safeguards to prevent malicious apps finding their way onto mobiles,

Fortify Software predicts this problem is going to get worse for mobile phone manufacturers and their operating system developers.

"The problem with mobile phones is that their processing capacity is increasing at a near-exponential rate, with some of the latest smartphones the technological equivalent of the PCs seen in the early part of this decade," said Richard Kirk, director of the application vulnerability specialist.

"And whilst the power of the average smartphone has soared on the last few years, the behind-the-scenes technology and security assurance practices required to prevent any security loopholes in the operating system and/or applications is not as up to speed as it is on the desktop/laptop platforms," he added.

Because of this, hackers and malware developers are now turning their attentions to the microcomputer many of us have in our pockets - the smartphone.

Editor's Note:  And the rush to bring a mobile payment platform that is "convenient" and "easy to use" will be a gold mine to hackers.  A goldmine I say!

think different, Mobile insecurity, Trojan slip ups, Symbian

4 Arrested in $422,000 ATM Scam

Gang charged in $422,000 ATM scam

Authorities in New York have arrested four people accused of stealing $422,000 by exploiting a regulation requiring banks to reimburse the accounts of customers who claim their ATM cards have been used without their permission.

The four defendants - Lam Dang, Eric Manganelli, John Tluczek and Marzena Tluczek - are charged with making false claims totalling more than $700,000, to more than 20 banks, including HSBC, Wachovia and Chase.

In each case, the defendants opened accounts and padded them with large deposits over the course of several months before draining them again, with withdrawals of $500 to $1000 per day, say prosecutors.

Once the accounts were empty, the scammers would contact the bank and say their ATM cards had been stolen or lost and that the withdrawals were unauthorized. After the banks reimbursed the "stolen" money, the defendants would close the accounts, according to the indictment.

The four are accused of exploiting regulation E of the federal Electronic Fund Transfer Act, which requires banks to reimburse victims within 10 days of reporting the fraud. 

Continue Reading at Finextra

More on Clampi...It's the Big One!

"The best strategy to defend against Clampi is to use separate machines for Web surfingand funds transfer" 

"We weren't all thatworried about Storm, and we weren't all that worried about Conficker, This one you need to worry about." 

- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.

Finextra: Bank data-stealing Trojan infects hundreds of thousands of PCs - researcher

Bank data-stealing Trojan infects hundreds of thousands of PCs - researcher

A "tremendous" amount of financial data has been stolen by a Trojan that has infected hundreds of thousands of corporate and personal PCs, according to information security specialist SecureWorks.

Clampi, also known as Ligats, Ilomo or Rscan, has spread across Microsoft networks in a "worm-like fashion" and is "one of the largest and most professional thieving operations on the Internet" says Joe Stewart, director of malware research at SecureWorks' counter threat unit.

Once it has infected a PC, the Trojan monitors Web sessions to see if one of 4500 targeted sites are visited. If a victim uses one of these sites - which include those of banks, credit card companies, stock brokerages and insurance firms - it captures sensitive information such as usernames, passwords and PINs.

Continue Reading at Finextra

Related articles by Zemanta

• Cyber Criminals Adopt Corporate Strategies (information-security-resources.com)
• Conficker Attacks ANZ Bank (pindebit.blogspot.com)
• Torpig Sinowa Botnet Harvests Online Banking Credentials (pindebit.blogspot.com)
• Security researchers expose weaknesses in authenticating most Internet transactions (deals.venturebeat.com)
• Cybercrime (pindebit.blogspot.com)