Wednesday, August 26, 2009

Obopay Teams with Nokia, Enters Crowded Mobile Money Market

Nokia Enters Increasingly Crowded Mobile Money Market

Teams with Obopay targets unbanked people in developing countries.

Nokia is getting ready to launch Nokia Money, which will offer basic financial services on mobile phones, it said on Wednesday.

It will enable consumers to send money, pay for goods, services and bills, and recharge their prepaid SIM cards, according to Nokia.

Some Nokia phones will have the necessary client pre-installed, but users will also be able download and install the client on Nokia phones and devices from other vendors, said to Nokia spokesman Mark Durrant.

It is also building a network of agents, where consumers will be able to deposit or withdraw cash from their accounts.

Nokia has previously been a proponent of using NFC (Near Field Communication) -- a wireless communication technology with a range of a few inches -- for contactless payments.

Nokia Money lets users send funds to another person just by using their mobile phone number. It can also be used to buy goods and services from merchants, pay utility bills and top up pre-paid SIM cards.

Read More at PC World

Visa Names Global Head of Strategy

Visa Hires Oliver Jenkyn as Global Head of Strategy and Corporate Development

San Francisco, Aug. 26, 2009--Visa Inc. (NYSE:V) today announced the appointment of Oliver Jenkyn as Visa Inc.'s Global Head of Strategy and Corporate Development. In this role, Jenkyn is responsible for developing and managing the company's corporate strategy across the 170 countries where Visa Inc. does business. Jenkyn succeeds Rupert Keeley, following Keeley's recent appointment to Group President of Visa's Asia Pacific and CEMEA regions. Jenkyn reports to Joe Saunders, Chairman and CEO of Visa Inc, and is a member of the company's Operating Committee.

"Oliver has been a trusted advisor to Visa for several years, including important contributions to our global restructuring and IPO," said Joseph W. Saunders, Chairman and CEO of Visa Inc.

Jenkyn joins Visa from McKinsey & Company's San Francisco office, where as Partner he was a leader in the firm's North American Payments and Retail Banking practices. While Jenkyn has extensive global experience across the financial services industry, he developed a specialty in payments including all aspects of the card business (issuing, acquiring, processing), ACH, check processing and cash management.

Prior to McKinsey, Jenkyn worked with Bain & Company's private equity group.

Jenkyn graduated summa cum laude from McGill University in Montreal with a bachelor's degree in economics. He also earned master's degrees in business and finance from Harvard University and Queens University.

About Visa Inc.

Visa Inc. operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world, and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 170 countries. For more information, visit www.corporate.visa.com .

Source: Company press release.

Ehud Tenebaum (The Analyzer) Pleads Guilty to Hacking $10 Million from Banks

The Analyzer’ Pleads Guilty in $10 Million Bank-Hacking Case

By Kim Zetter | Wired

Ehud Tenenbaum, aka “The Analyzer,” quietly pleaded guilty in New
York last week to a single count of bank-card fraud for his role in a
sophisticated computer-hacking scheme that federal officials say scored
$10 million from U.S. banks.

Editor's Tongue in Cheek Note: Now that both "The Analyzer" and "The Soup Nazi" are in Federal custody, it looks like the threat is over! Man, those two guys sure wreaked havoc. Good thing we caught them! Now I look forward to typing my credit and debit card numbers into boxes on merchant websites and pick and pecking my username: and my 7 digit password: (1 of them is a number to make it harder!) into boxes at online banks with the peace of mind in knowing that these two bad guys have been caught! Here's more on E.T. from Wired:

The Israeli hacker was arrested in Canada last year for allegedly
stealing about $1.5 million from Canadian banks. But before Canadian
authorities could prosecute him, U.S. officials filed an extradition
request to bring him to the States. (I think they whisked him here)

Prosecutors alleged in an extradition affidavit that Tenenbaum
hacked into two U.S. banks, a credit- and debit-card distribution
company and a payment processor, in what they called a global
“cash-out” conspiracy. But he was only charged with one count of
conspiracy to commit access-device fraud and one count of access-device
fraud.

Tenenbaum is set to be sentenced Nov. 19, and he faces a maximum of
15 years in prison. Prosecutors declined to comment on the case or
describe the details of his plea agreement. The second count in the
indictment, charging conspiracy, appears to have been dropped.

Continue Reading at Wired

Previous Stories about "The Analyzer" on the HomeATM Blog

PIN Debit Payments Blog: Analyze This...Hack You!

“The Analyzer”,
is currently in Canadian custody on charges relating to a fraud which
netted US$1.47 million from Direct Cash Management in Calgary, a firm
that sells pre-paid debit cards. Editor's Note: "He allegedly used SQL
injection ...

Is Heartland Hacker in Custody?

Jailed international hacker and cyber criminal “The Analyzer,”
(See Analyze This...More on "Hack You!") who awaits extradition to the
US from Canada to face charges related to cyber crimes committed in
2008, is now also a suspect in ...

Financial Systems Unacceptably Vulnerable!

“There are also new reports that 'The Analyzer',
who was arrested last year in Canada for stealing $1.5 million from
Canadian banks, also allegedly hacked two US banks, a credit card and
debit card firm, and a payment processor firm. ...

450K Per Day...Can You Say...SQL (Sequel)

Tenenbaum, 29, also known as "The Analyzer,"
gained notoriety 10 years ago when he broke into computer networks of
NASA, the Pentagon and the Knesset, the legislative branch of the
Israeli government. At the time, he was celebrated in ...

MasterCard's Chip Authentication Program (CAP) Gains Support

Thales extends support to MasterCard Advanced Authentication for Chip

New solution secures online transactions executed with new and existing EMV cards

Thales, leader in information systems and communications security, announces that SafeSign, the company’s identity management and authentication solution, has successfully completed MasterCard evaluation for its Advanced Authentication for Chip. MasterCard Advanced Authentication for Chip is the latest extension to EMV, the international card-based authentication solution. Building on their long-standing relationship, Thales and MasterCard continue to work together to help banks fight online fraud and ensure maximum consumer confidence in online transactions by supporting both newly issued and existing EMV cards.

MasterCard Advanced Authentication for Chip allows two-factor authentication on EMV cards already issued that do not necessarily have offline PIN capabilities or have not been personalized according to the MasterCard Chip Authentication Program™ (CAP). This allows issuers to provide strong authentication to their cardholders without the need to re-issue their cards. This solution has been driven by regional demand, especially from the Asia Pacific Region and Latin America, where there are hundreds of millions of cardholders who need to be able to use their existing EMV cards to protect their online transactions. Thales has long supported MasterCard CAP with its SafeSign, HSM 8000 and payShield solutions.

According to Art Kranzley, Chief Emerging Technology Officer at MasterCard, “Today, consumers still don’t feel safe when buying online or using e-banking facilities which is why it is important that we create the conditions needed for banks to be able to allay these fears. Thales and MasterCard have already delivered strong authentication solutions in the past, now with Advanced Authentication we are best placed to support banks in continuing fighting Card Not Present fraud and building confidence for online customers.”

The new Advanced Authentication for Chip is operated by the cardholder inserting an EMV card into a Personal Card Reader (PCR). Once inserted, the PCR will perform specific card checks. If the card does not support offline PIN, the Advanced Authentication for Chip reader provides the option for a one-time password (OTP), challenge and response (C/R) or transaction data signing (TDS) which can be used for online user authentication and transaction signing. Otherwise the cardholder will first be prompted to introduce the PIN. This also means that Advanced Authentication for Chip is compatible with MasterCard CAP. SafeSign verifies and validates the OTP, C/R and TDS in order to effectively authenticate the user and provide additional security for online transactions.

“Thales has collaborated extensively with MasterCard to provide user authentication solutions and online transaction signing for CAP. We have now added support for EMV cards that have been issued without CAP personalization or an offline PIN”, says Franck Greverie, Vice President, Managing Director for the information security activities of Thales. “Our support for Advanced Authentication for Chip demonstrates our continued commitment to work with MasterCard to enable our customers to make online and Card Not Present transactions safer for EMV card holders and dramatically reduce fraud.”

SafeSign is Thales’s identity management and authentication solution that helps protect financial institutions and their customers against online fraud, enabling them to concentrate on delivering new products and services. Unlike other solutions, SafeSign supports a wide range of authentication technology including EMV/CAP, OATH tokens, mobile phones, smartcards and digital signature technologies. This approach allows SafeSign customers to maintain maximum flexibility in the selection of authentication that they deploy to meet their current and future needs.

About MasterCard Worldwide
MasterCard Worldwide advances global commerce by providing a critical economic link among financial institutions, businesses, cardholders and merchants worldwide. As a franchisor, processor and advisor, MasterCard develops and markets payment solutions, processes approximately 21 billion transactions each year, and provides industry-leading analysis and consulting services to financial-institution customers and merchants. Powered by the MasterCard Worldwide Network and through its family of brands, including MasterCard®, Maestro® and Cirrus®, MasterCard serves consumers and businesses in more than 210 countries and territories. www.mastercard.com

Notes to editor
Thales is one of the world leaders in the provision of Information and Communication Systems Security solutions for government, defence, critical infrastructure operators, enterprises and the finance industry. Thales’s unique position in the market is due to its end-to-end security offering spanning the entire value chain in the security domain. The comprehensive offering includes architecture design, security and encryption product development, evaluation and certification preparation and through-life management services.

Thales has forty years of unrivalled track record in protecting information from Sensitive But Unclassified up to Top Secret and a comprehensive portfolio of security products and services, which includes network security products, application security products and secured telephony products.

About Thales
Thales is a global technology leader for the Aerospace, Space, Defence, Security and Transportation markets. In 2008, the company generated revenues of 12.7 billion euros with 68,000 employees in 50 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers as local partners. www.thalesgroup.com

Press Contacts:
Alexia Ward/Sole Chirco
Hotwire
+44 (0) 20 7608 4687/4673
thales@hotwirepr.com

CAP, Chip Authentication Program, MasterCard, Gemalto, Thales,

Skimming Prevention: Best Practices for Merchantsl

PCI Council Releases Recommendations For Preventing Card-Skimming Attacks

New best practices are aimed at helping retailers -- especially small
merchants -- but security experts say skimming risk runs deeper By Kelly Jackson Higgins | DarkReading

The PCI Security Standards Council (PCI SSC) today unveiled best
practices for retailers to defend themselves against the growing number
of credit- and debit-card skimming scams.
To skim through it, click Skimming Prevention: Best Practices for Merchants (Word Document)

Skimming credit- and debit-card data is becoming a popular way
for cybercriminals to steal credit and debit card account numbers and
execute financial fraud against grocery stores, gas stations, convenience stores, and other retailers and their customers,
who are increasingly falling victim to hijacked card readers and ATM
machines. Skimming occurs either by a malicious insider at the retail
point-of-sale capturing the customer's card data, or more commonly by
someone physically rigging a reader with a sniffer-type device to
capture the data, which is then transmitted to the bad guys remotely.

"Skimming is becoming a widespread problem. These are guidelines for
what retailers should be looking at" with their reader devices, says
Bob Russo, general manager of the PCI SSC. "We discuss different
techniques for protecting those point-of-sale devices." But security experts say the council's skimmer protection
guidelines are more a symptom of the already-broken system of credit
and debit cards.

"The concept of a 'credit card' as it exists today is
the problem: If credit cards were cryptographic devices rather than
just numbers, then none of these threats would be a problem," says
Chris Paget, a security researcher.

"The technology exists to implement
this today and to completely eliminate credit card fraud, but it seems
there's too much money being made from fraud for the card issuers to
care."

Editor's Note: C'mon...really? I don't think that's fair. They care or they wouldn't be running advertisements and attaching rewards programs to signature debit. The fact that signature debit is 15 times more likely to be fraudulent is only a coincidence isn't it? In the Visa ad below, they are advertising their Debit card down under by saying... Just Remembah to Poosh the Credit Button" (talk about skimming...)

Continue Dark Reading

Walmart Offers Customers Walk In Bill Payment Service from Fiserv

Fiserv has announced that "Walmart has implemented the CheckFreePay service from
Fiserv, enabling customers to pay bills in person at all Walmart locations in
the United States. Using the CheckFreePay service, customers can pay household
bills, such as their utility, mobile phone, auto loan, insurance and credit card
bills, at any one of the retailer?s 3,755 domestic locations, including Walmart
SuperCenters and Neighborhood Markets."

The
CheckFreePay service from Fiserv gives customers the ability to pay bills from
more than 2,500 companies. Payments can be made at the Walmart MoneyCenter or
customer service desk using cash or a pin-based debit card. Standard payments
are delivered to the biller within three business days, and NextDay payments are
delivered to the biller on the next business day. A receipt is provided as
assurance of payment.

"Walmart
is continually searching for new ways to save our customers money and improve
their daily lives," said Jane Thompson, president of Walmart Financial Services.
"Already, customers look to our stores as a place to make everyday purchases at
low prices. Offering our customers the convenience of walk-in bill payments at
Walmart helps them simplify the management of their day-to-day finances."

Payments
made using the CheckFreePay service are delivered electronically, which ensures
a fast and secure transaction for Walmart customers. Payments flow quickly and
seamlessly to the billing company via Fiserv's secure electronic payment
network, which processes more than one billion transactions each year.

"The
CheckFreePay service enables retailers to offer their customers an affordable
walk-in bill payment option," said Paul Harrison, senior vice president and
general manager, Walk-In Solutions, Fiserv. "It is our goal to provide a variety
of convenient locations for consumers to pay their bills in person, and we are
excited that Walmart is now part of our nationwide network of CheckFreePay
agents."

CheckFreePay1
is a leader in the walk-in bill payment market, enabling consumers to pay more
than 2,500 bills at more than 16,000 retail agent sites nationwide. CheckFreePay
agents include supermarkets, drugstores and convenience stores, along with
hundreds of independent and chain store retailers. CheckFreePay is a part of
Fiserv, which is also a leading provider of Internet banking and bill payment
and presentment services.

For more information, visit http://www.checkfreepay.fiserv.com

Tuesday, August 25, 2009

As Predicted, It's Getting Worse...Not Better!

Here's a first. I've never seen or cannot recall banks ever admitting they were worried about hackers. Maybe now that they are attacking SME's which constitute about 90% of all business, it is starting to wreak havoc on their confidence. It's one thing to file a class action suit against Heartland, but an entirely different animal when it comes to filing class action lawsuits against "the heartland."

Now the nation's "largest" financial institutions are at least on the record that they have "begun to worry." Must be worse than people think...

European Cyber-Gangs Target Small U.S. Firms, Group Says - washingtonpost.com

By Brian Krebs - Washington Post Staff Writer

Tuesday, August 25, 2009

Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions.

A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to implement many of the precautions now used to detect consumer bank and credit card fraud.

"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," the confidential alert says. The alert was sent to members of the Financial Services Information Sharing and Analysis Center, an industry group created to share data about critical threats to the financial sector. The group is operated and funded by such financial heavyweights as American Express, Bank of America, Citigroup, Fannie Mae and Morgan Stanley.

Because the targets tend to be smaller, the attacks have attracted little of the notoriety that has followed larger-scale breaches at big retailers and government agencies. But the industry group said some companies have suffered hundreds of thousands of dollars or more in losses.

Continue Reading at the Washington Post

Businesses Reluctant to Report Online Banking Fraud

Tighter Security Urged for Businesses Banking Online

European Cyber-Ganges, Hackers, Breaches, Financial Institutions, Breach

85% of U.S. Organization Hit by Breach in Last 12 Months - Ponemon Institute

85% of U.S. organizations have been hit by one or more data breaches within the last twelve months - according to the latest Ponemon Institute research on Encryption Trends. This year's study surveyed 997 IT and security practitioners and identifies the trends in enterprise encryption planning strategies, budgeting and spending, deployment methodologies and impact on data breach incidents. View the research study:

2009 Annual Study U.S. Enterprise Encryption Trends - Ponemon Institute

Hackers Getting Geared up for Busy Season

Finextra: Hackers take the summer off before winter spike

With high profile data breaches making the headlines, firms may fear they're next this summer as IT staff go on their holidays. But they needn't worry - the hackers are taking a break themselves, according to a survey from security vendor Tufin Technologies.

At the annual Defcon event in Las Vegas this month a poll of 79 hackers found 89% will not be working overtime as IT professionals take off for the summer vacation.

Hackers appear to prefer winter, with 56% citing Christmas as the best time to engage in corporate hacking and 25% naming New Years Eve.

Michael Hamelin, chief security architect, Tufin Technologies, says: "It's received knowledge in the security world that the Christmas and New Year season are popular with hackers targeting western countries. Hackers know this is when people relax and let their hair down, and many organizations run on a skeleton staff over the holiday period."

The survey also reveals IT staff should be on their guard during weekday evenings, with 52% of hackers stating that this is when they spend most of their time working. In comparison, just 32% hack during work hours and 15% on weekends.

Continue Reading

Browsers are to Hacking what Fuel is to Race Cars

This article by eWeek's Brian Prince talks about how hacking has become so prevalent that it is driving the price of credit/debit card data down. One thing for sure. If hackers get their hands on the Track2 Data AND the PIN they will have hit the jackpot. (see what the Secret Service project the value of those items to be compared with a simple Primary Account Number (PAN) and CVV2)

Looks like it's somewhere around 1000 times more valuable. This is why HomeATM has gone to such lengths to 3DES encrypt the Track2 data through Zones 1-4 and 3DES DUKPT end-to-end encrypt the PIN.

The PIN IS the Holy Grail for Hackers and the world wide web is the "information highway" that puts your PIN at risk. It doesn't matter to them if you type or if you click. If you do it in a web browser it is fair game for the hackers.

If you want to secure your PAN and your PIN then the eCommerce transaction MUST be done outside the web browser space. Want to "hand over" your account over to the hackers? Then keep on typing, clicking or otherwise entering your PIN into a web browsers.

The hackers are watching...

Internet security is busted, said researchers at the Black Hat conference in Las Vegas today.

"The best strategy to defend against Clampi is to use separate machines for Web surfing and funds transfer"
- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.

"Using Windows, it's too dangerous to
do transactions on the same machine you do for Web surfing," he says.
"You can't have any crossover between them."

Editor's Note: Which is why HomeATM doesn't use the Web browser.
We encrypt the data and use the Internet as a conduit to transmit the encrypted data

so that card holder data is never in the clear.

Stolen Credit Card Data Goes for Cheap on Cyber-Black Market

Hacking large companies as Albert Gonzalez is alleged to have done can be profitable. But stolen credit cards and other data may not sell for as much on the black market as you expect.

The black market economy of the cyber-world is always busy, especially in an age of massive data breaches like the ones that occurred at Heartland Payment Systems and Hannaford Brothers.

According to research from Kaspersky Lab posted Aug. 17, U.S. credit cards are not worth as much as you might think. While analyzing malware, Kaspersky Lab virus analyst Dmitry Bestuzhev came across a Website with pricing information for the credit cards swiped by cyber-crooks. The highest prices belonged to German credit cards, which sold for $6 (USD) a piece. U.S. Visa cards sold for $2.

"It's certainly difficult to say how many sites like this there are now," Bestuzhev said. "I believe it's not very many because the bad guys don't need to largely market their business. Their customers know them already and if there is a new one, it is passed along by others. It's a kind of club where cyber-criminals 'know each other' in terms of online life."

Continue Reading

Security Researchers: Online Transactions Aren't Safe

Jul 30, 2009 - PIN Payments Blog

No Website is Safe; Online Transactions aren't safe; Use the Internet for browsing,
use another device for payments. Read more about those bulletpoints in
the related articles section below. In the meantime, there's only one "another ...

http://pindebit.blogspot.com/

Verifone Payment Module for ECR's Added to UMSI Lineup

UMSI adds VeriFone payment module option for ECRs

Hackensack, N.J., Aug. 25 2009 – United Merchant Services, Inc., (UMSI), a fully integrated payment processing company, announced the launch of the Verifone Payment Module for the Electronic Cash Register (ECR) Program. This is the second module that UMSI has developed, after the initial launch of the Ingenico Module with its Free ECR Program.

“Everybody is excited about this launch”, says Bryan Daughtry, VP of Sales and Marketing. “With Verifone terminals in our line-up, our sales partners will have a choice to work with the terminals they are most comfortable with.” With the addition of the Verifone terminal line, UMSI’s ECR Program can be integrated with the VX 510 and VX570 (dial-up, IP, and Wireless), and the Ingenico I5100 (IP), respectively. UMSI is actively working with other major terminal providers to create other integration modules in an effort to provide additional options for our partners.

For more information about the program, or any other UMSI products, please contact Bryan Daughtry at dbryan@unitedmerchant.com .

Source: Company press release.

IRS Awards Multi-Year E-Payment Contract to RBS WorldPay

ATLANTA, GA UNITED STATES

The Internal Revenue Service Awards RBS WorldPay a Multi-Year Contract to Process Individual and Business Tax Payments Using a Credit Card or Debit Card Beginning in January 2010
ATLANTA, Aug. 25 /PRNewswire/ -- RBS WorldPay, Inc. today announced that it has been awarded a multi-year contract by the Internal Revenue Service (IRS) to provide electronic payment solutions for individual and business taxes. RBS WorldPay, in partnership with Value Payment Systems, LLC, will begin processing tax payments through www.payUSAtax.com and 888-9-PAY-TAX (888-972-9829) starting on January 1, 2010. Through the RBS WorldPay tax payment services, taxpayers will be able to make payments to the IRS securely with various credit cards, debit cards and emerging payment methods for less than any other federal tax electronic payment service provider. Through the RBS WorldPay service, individual taxpayers may make secure tax payments for the following federal tax types beginning in January 2010: Form 1040 Series (including Prior Year payments) Estimated Taxes (Form 1040ES) Installment Agreement Payments Form 4868 (Tax Extension) Trust Fund Recovery Penalty Form 1040X (Amended Tax Returns) Form 5329 - Additional Taxes on Qualified Plans and Other Tax-Favored Accounts (Return for Individual Retirement Arrangement Taxes) Businesses can make secure credit card payments for their taxes, including: Form 940 Series - Employer's Annual Federal Unemployment Tax Return Form 941 Series - Employer's Quarterly Federal Tax Return Form 943 Series - Employer's Annual Federal Tax Return for Agricultural Employees Form 944 Series - Employer's Annual Federal Tax Return Form 945 Series - Annual Return of Withheld Federal Income Tax Form 1065 - U.S. Return of Partnership Income Form 1041 - U.S. Income Tax Return for Estates and Trusts "Consumers and businesses alike are now able to pay their taxes and fees online via their credit or debit card," said Ian Stuttard, president and CEO of RBS WorldPay. "It's safe, secure and convenient. RBS WorldPay has been providing comprehensive, electronic payment processing for merchants for over twenty years. We currently process billions of dollars in payments annually, and government payment processing is a high-growth business where we anticipate making an impact. By partnering with Value Payment Systems, we were able to combine their management team's extensive experience in handling government payments, in particular with the IRS, with our secure processing platform. This is truly a winning combination." Taxpayers using credit cards and debit cards through the RBS WorldPay service may be eligible to receive points or benefits in reward programs connected with the use of their card. Taxpayers should check with their card issuer for details regarding reward program eligibility. The IRS has determined that convenience fees incurred by qualifying individuals and business taxpayers may be deductible. To help taxpayers save time and avoid potential late fees, users of the internet payment site, www.payUSAtax.com, will be able to schedule automated payments and set future payment e-mail reminders. About Value Payment Systems Value Payment Systems provides electronic payment products and services to various industries including government and property management. Value Payment Systems' comprehensive e-payment services encompass a wide array of payment channels including the Internet as well as emerging payment methods such as Bill Me Later. For more information, visit www.valuepaymentsystems.com. About RBS WorldPay, Inc. RBS WorldPay is a leading, single-source provider of electronic payment processing services - including credit, debit, EBT, checks, gift cards, e-commerce, customer loyalty cards, fleet cards, ATM processing and cash management services. RBS WorldPay is the US-based payment processing division of the Royal Bank of Scotland Group plc. For more information, please visit www.RBSWorldPay.us. About The Royal Bank of Scotland Group (RBS) The RBS Group is a financial services company providing a range of retail and corporate banking, financial markets, consumer finance, insurance, and wealth management services. The RBS Group operates in the Americas, Asia and the Middle East serving more than 40 million customers. For more information, please visit www.RBS.com.

Fusepoint to Manage PCI Compliant Online Payments for Canadian Lottery Ticket Sales

MiraTel Selects Fusepoint to Develop and Manage PCI Compliant Online Payment Application for Lottery Ticket Sales

Growing
need for compliance with stringent Payment Card Industry Data Security
Standards (PCI DSS) in Canada driving new business for managed services
provider

Toronto, Aug. 25, 2009--Fusepoint Managed Services, a leading provider of outsourced IT services and infrastructure, today announced it has been selected by MiraTel Solutions Inc., a payment processing application service provider, to fully manage and host the company's new online lottery ticket sales application.

MiraTel, which currently provides back office support for the Canadian lottery industry by supplying full service, help desk, credit card processing, and ticket sales, is now developing an online presence for the lottery industry to sell tickets. However, the site must adhere to stringent PCI compliance rules and regulations and be operational in less than a month.

The PCI compliance standard applies to any organization that holds onto, processes or stores credit card information, and MiraTel knew finding a PCI complaint provider was the key to making this opportunity a reality. After conducting a marketplace review, MiraTel chose Fusepoint Managed Services to manage their online payment application.

"This is an exciting opportunity for MiraTel as we migrate a traditional sales platform to an online transaction, where there is absolutely no room for error, and security is paramount," said Alex Moffat, Managing Director, MiraTel. "We required a Canadian managed services provider that could assist us in developing and managing an online website that could gather payment information and comply with Tier 1 PCI standards. Fusepoint easily met both of those requirements and provided us with the knowledge and expertise we needed to develop a nimble, safe and secure web site."

Based on PCI best practices, and taking a consultative approach, Fusepoint built the web site www.ordertickets.ca, which will go live in September, to collect payment information and ticket sales online. The core payment collection technology is currently live and processing payment information for another charitable lottery.

"If you process credit cards in any way, PCI DSS compliance is mandatory," said George Kerns, President and CEO Fusepoint. "As one of the only Tier 1 PCI compliant hosting providers in Canada we are seeing very strong demand in the marketplace as organizations outsource the critical components of their payment environment to ensure compliance with leading industry standards."

Throughout the process, Fusepoint's security and application development teams collaborated to ensure MiraTel would comply with PCI compliance standards including the online payment application itself, the hardware, bandwidth, data backup, firewall, antivirus, network intrusion detection and end to end monitoring and reporting.

About Fusepoint Managed Services

Founded in 1999, Fusepoint is a privately held company with offices in Vancouver, Toronto, Montreal and Quebec City. Through our proven record of success we have built a loyal base of over 400 customers and strong, strategic relationships with Canada's leading technology and communication companies. Fusepoint's managed IT solutions are SLA-guaranteed, scalable and designed to reduce cost structures while mitigating risk. Fusepoint is also SAS 70 Type II, CICA 5970, and Tier 1 PCI compliant, which means our processes are rigorously and continuously audited by accredited third parties and consistently operate at the highest levels within the industry. For more information, visit www.fusepoint.com .

Source: Company press release.

Online Banking Fraud Worse Than We Think (and we think it's BAD!)

Businesses Reluctant to Report Online Banking Fraud

A confidential alert sent on Friday by a banking industry association to its members warns that Eastern European cyber gangs are stealing millions
of dollars from small to mid-sizes businesses through online banking
fraud. Unfortunately, many victimized companies are reluctant to come
forward out of fear of retribution by their bank.

According to the alert, sent by the Financial Services Information Sharing and Analysis Center
(FS-ISAC), the victims of this type of fraud tell different stories,
but the basic elements are the same: Malicious software planted on a
company's Microsoft Windows PC allows the crooks to
gain access to the victim's corporate bank account online. The
attackers wire chunks of money to unwitting and in some cases knowing
accomplices in the United States who then wire the money to the
fraudsters overseas.

As grave as that sounds, the actual losses from this increasingly common type of online crime almost certainly are far higher....

Continue Reading at Security Fix by Brian Krebs

Citi Launches Commercial Cards in Thailand

Citi launches commercial cards in Thailand

Commercial card activity in Southeast Asia continues to increase. In the most recent development, Citi Global Transaction Services, a division of the Institutional Clients Group, launched Citibank Commercial Cards for corporate clients in Thailand. It provides the benefit of an integrated cash-management solution that strengthens financial operations and control over expenses.

Corporate clients in Thailand will be provided with comprehensive, customized and online consolidated statements for expense analysis that is powered by Citibank Custom Reports System. Clients will be offered direct integration of card transaction data into expense management systems including CONCUR, SAP, Oracle or Citi's Global Card Management System.

commercial payments international, Citi, Thailand, Commercial Cards

Verifone Introduces PAYware CMS 8.0

MIAMI, Aug. 25 /PRNewswire-FirstCall/ -- CL@B 2009 Congress (Stand # 301- 303) -- VeriFone Holdings, Inc. (NYSE: PAY - News),
today announced PAYware CMS 8.0, a new version of its comprehensive
card management enterprise software for banks, financial institutions,
processors and retailers who wish to issue cards, accept electronic
payments and merchant management.

PAYware CMS enables issuers to easily set up and manage feature-rich card programs for both physical and virtual card payments. For acquirers, PAYware CMS supports individual merchant needs such as acquiring services contracts to accept, authorize and settle card transactions; it also offers multi-merchant support at all levels.

"This update to PAYware CMS complies with the latest PCI DSS requirements and features improved performance and a new intuitive graphical interface which eases usability of every aspect of the system, enhancing productivity and efficiency," said Gustavo Jimenez, vice president and general manager for the Integrated Systems Group of VeriFone Latin America and the Caribbean.

PAYware CMS 8.0 supports all aspects of card and merchant management, payment authorization, clearing and settlement. It can also be used by telcos to issue pre-paid cards and by government agencies to issue and process electronic benefits.

New security features include encryption of sensitive data, PAN masking, and detailed audit tracking of user activity. The software supports all major card association schemes and full EMV compliance for both issuing and acquiring organizations.

The new graphical interface provides an intuitive look and feel with:

Improved graphical dashboards for more immediate monitoring of authorization processes

A highly configurable Web-based reporting module that increases access, automation, and flexibility of reporting

PAYware CMS provides the scalability, flexibility and configurability to manage any in-house merchant acquiring or card issuance program including branded card scheme, private label, stored value/loyalty, private label, fleet, and prepaid cards.

It is a flexible, modular and business-driven solution designed to address the main challenges facing the card industry today, which include the importance of innovation, differentiation and customer retention in an increasingly competitive environment.

Additional Resources:

www.verifone.com/payware-cms

About VeriFone Holdings, Inc. (www.verifone.com)

VeriFone Holdings, Inc. ("VeriFone") (NYSE: PAY - News) is the global leader in secure electronic payment solutions. VeriFone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. VeriFone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide.

PSD Compliance Costing Top Banks Top Dollars

Finextra: Top banks spend big to attain PSD compliance

Tier one banks in Europe have set aside as much as EUR20 million each to attain compliance with the EU's Payment Services Directive (PSD) by November, with about 30% of the budget earmarked for technology changes.

Working with Finextra, Accenture surveyed nearly thirty EU banks, including nearly 20% of the top 100, to assess industry-views, core challenges to implementation, and bank readiness for the PSD, which will harmonise the EU's legal payments infrastructure.

EU bank respondents express confidence in their ability to meet the 1 November compliance deadline, with a vast majority (90%) saying they will be legally compliant on time and nearly three-quarters (72%) saying they expect to be fully compliant by November. Legal compliance to PSD is achievable without full implementation.

Continue Reading at Finextra

Learn more about PSD

PSD Compliance, Payment Services Directive, Banks, Finextra, EU, Accenture

U.S. Payment Industry Grapples with Security - Reuters

In an article published by Reuters India, Ross Kerber is getting all fired up over the blame game. ("They both need to fight fraud and they are fighting each other")

My two cents? It's the typing. You type, hackers swipe... Would you write the combination of your padlock on a post it note and attach it to the lock itself? Then why are we typing?

U.S. payment-card industry grapples with security | Reuters

By Ross Kerber

BOSTON (Reuters) - Fresh details of large-scale cyber attacks against data processor Heartland Payment Systems Inc and supermarket chain Hannaford Brothers show the challenges facing the efforts of the U.S. credit-card industry to upgrade security measures.

While both companies say their computer networks met the tough new standards meant to prevent data breaches, Visa Inc said Heartland at least may have let its guard down.

The positions reflect broader disagreements in the industry, as squabbling between merchants and financial firms over technology and the cost of systems upgrades continues to impede progress, said Robert Vamosi, an analyst for California consulting firm Javelin Strategy & Research.

"They both need to fight fraud and they are fighting each other," he said.

The financial stakes are getting higher. Fraud involving credit and debit cards reached $22 billion last year, up from $19 billion in 2007, according to California consulting firm Javelin Strategy & Research.

The security of consumer information came under renewed scrutiny on August 17 when a 28-year-old Florida man, Albert Gonzalez, was indicted along with two other unnamed hackers for breaching the computer networks of Heartland and Hannaford, both of which said they were in compliance with security requirements.

Those standards were set by a council that includes the world's two largest credit card networks, Visa and MasterCard Inc; fast-food leader McDonald's Corp; oil major Exxon Mobil Corp; and big banks Bank of America Corp and Royal Bank of Scotland Plc.

All these companies face rising costs linked to fraud and its prevention. Of the 275,284 complaints received last year by the government's Internet Crime Complaint Center, 24,775 were tied to credit or debit card fraud, up from 13,033 in 2007 and 9,960 in 2006.

Continue Reading ...

HomeATM, phishing, Albert Gonzalez, Hacking, Hacker, Heartland Payment Systems, Hannaford,

Real Time Keylogging Makes OTP Log-In Obsolete (If you Type it...They will Come!)

Until providers see "what hackers clearly see"... which is ANYTHING that is typed, whether it be credit/debit card numbers, usernames, passwords, (temporary, numeric, one-time, secret answers to secret questions etc. etc. etc.) our data will continue to be
compromised. According to Help Net Security...

Now, word comes that Hackers have improved keylogging software by
making it able to report your login credentials in "real time" via a
Twitter-like stream of updates that makes it possible for malicious
hackers to access your accounts even as you're using them.

The efficiency of this new variant of keyloggers is best seen during
routine operations like usage of Internet banking services.

Systems like
RSA's SecurID create temporary numeric passwords that get changed each
minute. The problem is, the attacker now gets the same password
immediately.

Editor's Note: It will get worse...it will NOT get better.

Think of Typing as sort of like a "Field of Dreams" for hackers.

If you type it...they will come.

Read Entire Article Here

Wednesday, August 26, 2009

Nokia Enters Increasingly Crowded Mobile Money MarketTeams with Obopay targets unbanked people in developing countries.

Tuesday, August 25, 2009

Businesses Reluctant to Report Online Banking Fraud

Disqus for ePayment News

Nokia Enters Increasingly Crowded Mobile Money Market

Teams with Obopay targets unbanked people in developing countries.