Monday, September 14, 2009

Hacker Hits RBS WorldPay Systems Database



Hacker Hits RBS WorldPay Systems Database



Romanian hacker says he discovered a SQL injection flaw on a WorldPay application, but RBS says no merchant or cardholder data was compromised



By Kelly Jackson Higgins | DarkReading

A Romanian hacker well-known for discovering SQL injection vulnerabilities in high-profile Websites has struck again -- this time on RBS WorldPay's site, where he says he hit the jackpot, the company's database.



The hacker, who goes by "Unu," says he accessed RBS WorldPay's database via a SQL injection flaw in one of its Web applications. RBS WorldPay maintains Unu accessed a test database that didn't carry any live data, and that no merchant or cardholder data accounts were compromised. The company has since taken down the pages.



Unu says the company's response to his email warning of the vulnerability, as well as other security problems, was "unprofessional" and "confused."

Continue Dark Reading



Bonus Coverage!

RBS WorldPay downplays database hack reports

Updated RBS WorldPay and a hacker are at loggerheads over the seriousness of a supposed breach on websites run by the payment processing firm.



Security shortcomings - since blocked - on RBS WorldPay website exposed confidential information, including admin passwords and the contact details of partners, according to blog posts by Romanian hacker Unu.

The grey-hat hacker previously exposed similar problems on the websites of the UK parliament and HSBC France, among many others. As before he published screenshots to back up his latest claims.


RBS WorldPay initially responded to our inquiries by saying that the reported SQL injection attacks mounted by Unu were thrown against test websites. All the dummy data involved was fictitious and in no way confidential, so there was no breach...



Editor's Note: You may or may not remember that RBS WorldPay previously had 1.5 million cards hacked.  Here's a refresher provided by DataLossdb.com















1.5 million credit card records compromised via hack
Records 1,500,000
Record Types CCN SSN
Breach Type Hack
Source Unknown
Organization RBS Worldpay
Other Organizations None
Lawsuit? YES
Data Recovered? NO/UNKNOWN
Arrest? NO/UNKNOWN
Submitted By: securityninja

TIMELINE

















DateEvent
2008-11-10 Incident Occured
None. Add Data Incident Discovered By Organization
2008-12-23 Organization Reports Incident
2008-12-23 Organization Mails Notifications
None. Add Data Records Recovered
2009-02-18 Lawsuit Filed
None. Add Data Arrest Made

SIMILAR INCIDENTS






recordsdateorganizations
206,000 2005-12-28 Marriott International
679 2007-05-29 Mytreo.net
55,000 2006-01-08 Kerzner International Bahamas Limited, Atlantis

MAP OF INCIDENT LOCATION

Map
Satellite
Hybrid
Address: United States

Have a better address for this incident? Suggest it!
suggest a new reference

REFERENCES



Posted by at

Internet Gambling Initiative Gains Momentum



Congress Encouraged to Collect Billions in New Revenue with Internet Gambling Regulation in New Advertising Campaign



WASHINGTON, Sept. 14 /PRNewswire-USNewswire/ -- The Safe and Secure Internet Gambling Initiative launched a new online advertising campaign today in support of the Internet Gambling Regulation, Consumer Protection and Enforcement Act of 2009 (H.R. 2267), legislation that would establish a framework to permit licensed gambling operators to accept wagers from individuals in the U.S.



The ads advocate regulating Internet gambling to protect the millions of Americans who continue to gamble online despite government attempts to prohibit the activity and to collect up to $62.7 billion in new revenues for the federal government in the first decade.



"As Congress searches for ways to pay for health care reform and other worthy programs, it should end the unsuccessful prohibition of Internet gambling and start collecting taxes on the billions in revenue currently lost to unlicensed, offshore gambling operators," said Jeffrey Sandman, spokesperson for the Safe and Secure Internet Gambling Initiative.



House Committee of Financial Services Chairman Barney Frank (D-MA) has announced his intent to hold a hearing and markup on the Internet Gambling Regulation, Consumer Protection and Enforcement Act of 2009 this fall. Since introduction of the legislation by Chairman Frank in May, a bipartisan group of more than 50 co-sponsors have signed onto the bill. Supporters include many senior ranking representatives such as George Miller (D-CA), chairman of the Committee on Education and Labor, John Conyers (D-MI), chairman of the Committee on the Judiciary, Charles Rangel (D-NY), chairman of the Committee on Ways and Means, Edolphus Towns (D-NY), chairman of the Committee on Oversight and Government Reform, Pete King (R-NY), ranking member of the Homeland Security Committee and Ron Paul (R-TX), vice-chairman of the Oversight and Investigations subcommittee.



The ads will appear on the Web sites of publications such as the Washington Post, The Hill and Politico, as well as on the Huffington Post, Political Wire the Talking Points Memo...and obviously, right here on the PIN Payments News Blog!  



Copies of the advertisements can be found here: Protect Consumers and Generate Billions, End Prohibition! Again, Protect Children and Consumers.



About Safe and Secure Internet Gambling Initiative



The Safe and Secure Internet Gambling Initiative promotes the freedom of individuals to gamble online with the proper safeguards to protect consumers and ensure the integrity of financial transactions. For more information on the Initiative, please visit www.safeandsecureig.org. The Web site provides a means by which individuals can register support for regulated Internet gambling with their elected representatives.



SOURCE Safe and Secure Internet Gambling Initiative





Reblog this post [with Zemanta]
Posted by at

Smart Card Alliance Decries End to End Encryption





Smart Card Alliance Pushes Contactless Smart Cards over E2EE



According to Randy Vanderhoof, the executive director of the Smart Card Alliance, the US payments industry should use contactless chip cards along with dynamic cryptograms vs. E2EE in the fight against the bad guys...



I agree that the term "End-to-End Encryption" is buzz word and is used too "loosely" by too many players in the industry. 



True End-to-End Encryption means, first and foremost, that the card holder data must be "instantaneously" encrypted once the card is swiped.  The encrypted packet must stay that way (encrypted) until it reaches it's final destination.  There is only one transaction that can be fully end-to-end encrypted (*Zones 1-5)  and that is a PIN based transaction.  At best, other transactions can be End to (Almost) End Encrypted through *Zones 1-4. 



HomeATM's PCI 2.x certified PIN Entry Pad instantaneously encrypts the card holder data (including the Track2 data)  Credit and Debit card details remain encrypted via the HomeATM processing methodology through Zones 1-4.  A HomeATM processed PIN based transaction is 100% End to End Encrypted through Zones 1-5.



*See chart below for a Zone 1 through Zone 5 illustration provided by Mercator 



From SCA's new paper:

End-to-End Encryption and Chip Cards in the U.S. Payments Industry

Publication Date: September 2009



Recent and highly publicized data breaches at merchants and processors involving payment cardholder data have had a significant impact on the payments industry. For example, Wired magazine reported that Heartland Payment Systems estimates that the breach it experienced in 2008 has conservatively cost the company in excess of $12 million.[1] According to Bank Info Security magazine, the breach impacted at least 659 banks and credit unions.[2]



Analysis of the attacks has led to a flurry of interest in the implementation of end-to-end encryption solutions to protect cardholder data. Electronic payments industry stakeholders are taking action to address data security problems through the Accredited Standards Committee X9 (ASC X9) by embarking on the development of a new standard to protect cardholder data with end-to-end encryption.[3] This paper presents the Smart Card Alliance perspectives on this initiative.



Encryption of data would make it much harder for attackers to benefit from the kind of network break-in that Heartland suffered. Since sensitive data was not sufficiently protected, cyber-thieves were capable of stealing millions of debit and credit card details for several months after initially infiltrating the Heartland computer systems.[4]



Supporters of end-to-end encryption envision that cardholder data would be encrypted from the moment the magnetic stripe of the payment card is swiped through the end of the payment processing cycle. The devil is in the details, however. End-to-end encryption does not necessarily mean the same thing to all people, and the payments industry has not yet defined standards.



Editor's Note:  Very well put.  Click the Zone 1-5 chart on the right to enlarge:



This position paper attempts to clarify and define end-to-end encryption, and detail the problems it solves and those it does not. It also explores the advantages of an alternative strategy for protecting cardholder data–moving data protection to the true endpoint, the payment card itself, using chip card technology.



Instead of implementing “chip and PIN” and following the full EMV standard, this paper proposes a new course optimized for the U.S. market: using contactless chip cards, including a dynamic cryptogram with each transaction and authorizing transactions online.



The existing U.S. payments infrastructure can process such transactions today in the same way that current contactless payment transactions are accepted.



Compared to end-to-end encryption, contactless cards with dynamic cryptograms would have the following advantages:

  • Result in less impact on the payments acceptance infrastructure for merchants, acquirers and issuers

  • Enable merchants to implement a solution more quickly and without waiting for new standards

  • Provide a high level of cardholder data protection by including a dynamic cryptogram with each transaction

  • Reduce the threats posed by cloning magnetic stripe-based cards and stealing cardholder data

The Smart Card Alliance is making another important recommendation as well. If the industry does indeed move forward with end-to-end encryption, the standard should be defined in a way that lays the messaging foundation for globally-interoperable secure payment transactions using chip card technology in the future. This would have no impact on end-to-end encryption cost or complexity, and yet would make the U.S. payments messaging standard compatible with global payments infrastructure requirements.

What Is End-To-End Encryption?

The Computer Desktop Encyclopedia defines end-to-end encryption as the continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination.[5]





A reasonably good example of true end-to-end encryption is the distribution of a secret key under a Key Exchange Key (KEK) process between two hardware security modules (HSMs). The KEK process is a common practice in many industries including government, telecommunications and banking, in applications where end-to-end security must be ensured. Using this technique, the secret key is never seen in the clear outside of the two endpoints. The first HSM (the origin) encrypts the secret key using the Key Exchange Key then the encrypted key can be securely sent to the second HSM (the destination) where it is decrypted.

With respect to a payment transaction, “origin” and “destination” are not single places, causing the potential for confusion. There are many temporary endpoints in a transaction lifecycle where all or part of the transaction information is required. In addition, there are several processes, starting with authorization and settlement; but data may be used or stored for refunds, chargebacks or reporting purposes in other places as well. The figure above  illustrates a generic credit card transaction process today.




"Implementing end-to-end encryption is not a panacea; in fact, it may be more akin to putting a steel door on a grass hut," says Randy Vanderhoof, executive director, Smart Card Alliance.


Download the paper to read more...or click here to read the summary at the Smart Card Alliance website



Reblog this post [with Zemanta]
Posted by at

Intuit "Into Mint" for $170 Million

TechCrunch's Michael Arrington is reporting that Mint is being acquired by Intuit.  According to him...



Intuit will acquire the free online personal finance service Mint, we’ve confirmed from a source close to the deal, for around $170 million. The deal should be announced in the next few days.



This is a terrific exit for Mint, which first launched two years ago at TechCrunch50. Mint took the top prize at that event and has been growing fast ever since. Their last round of financing valued the company at $140 million.

Continue Reading at TechCrunch





Related articles by Zemanta



Reblog this post [with Zemanta]
Posted by at

Sunday, September 13, 2009

Charity Websites Not Secure and a Gift to You!

Sector is not up to date with security risks, says NTA Monitor report



Charities are more likely to have poor website security than other organizations, according to the results of an annual survey published this week.



The Web Application Annual Security Report 2009, produced by security-testing company NTA Monitor, found the average charity and not-for-profit website contained 15 'security vulnerabilities', compared with five the previous year.



This was the highest number of breaches found among organizations from eight sectors, including finance, government and manufacturing.



The most common charity flaws included not having account lockout mechanisms in place, which stop hackers with valid usernames from repeatedly guessing passwords. Charities were also guilty of allowing users to choose insecure passwords, which increases the chances of unauthorized access to accounts.



Editor's Note:  Again, the problem is NOT so much Password, but how these Passwords are Entered. How are they entered? They are TYPED. Here's my "gift to you:"



If you type, the hackers will swipe...



Hackers can get around SSL, they can get around EV SSL, they can get around whatever is introduced in the future.



If you use the web browser to "enter" (type) information, that very same information is available to whomever wants to see it.



Unfortunately, when it comes to financial information, such as credit/debit card numbers or Username's and Passwords, it's the "bad guys" who want to see it. It really is as basic as that...



I know, I know...there are some who may think I'm "overstating this risk" based on the fact that HomeATM eliminates typing and eliminates card not present fraud...by eliminating the use of browser when conducting log-in or eCommerce transactions.



I am sure that there are some who believe I'm making a "mountain out of a mole-hill," but I believe the exact opposite is true.   The reality of the situation is that those who continue to instruct their customers to "type" or "enter" are making a mole-hill out of the mounting evidence that it is not safe to do so. 



IBM's 2009 X-Force 2009 Mid-Year Trend and Risk Report:

There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity,” says X-Force Director Kris Lamb.



Those who continue to tell you it's safe to type your card information into a box on a website, or a username: password: for online banking sessions are either turning a "blind-eye or not quite "seeing" the problem as succinctly as they will in a year or two.   Until they do, they are making a mole-hill out of a mountain.





     Making a Mole-hill out of the Mountain    
There is only ONE 2FA 3DES DUKPT E2EE PCI 2.x Certified Solution in two hemispheres 

Exclusively from HomeATM ePayment Solutions












Related articles











Reblog this post [with Zemanta]
Posted by at

Saturday, September 12, 2009

No Freedom For You! SoupNazi/Gonzalez Pleads Guilty

Hacker Gonzalez pleads guilty to 20 charges | ITworld

IDG News Service —



Hacker Albert Gonzalez, accused of masterminding the massive data thefts at BJ's Wholesale Club, TJX and several other retailers, has pleaded guilty to 19 charges related to computer hacking and credit card fraud, the U.S. Department of Justice said.



Gonzalez, 28, of Miami, was a member of a group of hackers that stole more than 40 million credit and debit card numbers from TJX, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority, the DOJ said. He pleaded guilty Friday to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft in U.S. District Court for the District of Massachusetts.



Gonzalez also pleaded guilty to one count of conspiracy to commit wire fraud relating to hacks into the Dave & Buster's restaurant chain, which were the subject of a May 2008 indictment in the Eastern District of New York. The pleas in both cases were entered before U.S. District Court Judge Patti Saris in federal court in Boston.



In August, Gonzalez was also indicted in New Jersey for the theft of more than 130 million credit and debit cards. He was charged, along with two unnamed co-conspirators, with using SQL injection attacks to steal credit and debit card information. Among the corporate victims named in the two-count indictment were Heartland Payment Systems, a New Jersey card payment processor; 7-Eleven, the Texas-based convenience store chain; and Hannaford Brothers, a Maine-based supermarket chain.



Continue Reading






, , , ,


Related articles by Zemanta
Reblog this post [with Zemanta]
Posted by at

Webcast: There's No Such Thing As a Trusted Website










 

 


























REGISTRATION PAGE
     First Name:
     Last Name:
     Title:
     Company:
     Address:
     Dept/BOX/ MS:
     City:
     State/Prov:
     Zip/Postal Code:
     Country:
     Email:
     Phone: - -
     Fax: - -
     Company URL:










 







How many employees in your entire organization? (including all divisions, branches, and subsidiaries)
 
Register Now



 
Featured Speakers:



Chris McCormack, Web Security Expert, Sophos



Fraser Howard, Principal Researcher , Sophos





Sophos Privacy Policy





Bookmark and Share  

 



A Dark Reading Vendor Perspectives WebCast:

Web Attacks: How Hackers Create and Spread Malware







Duration: One Hour A brand new infected webpage is discovered every 4.5 seconds.

The web has become the key vector for online attacks and even trusted websites are no longer safe. With hackers continually changing tactics, the majority of businesses are left unprotected against modern web-based malware. Businesses can no longer get by with just protecting their email and endpoint systems.



Join this live one-hour webcast featuring web security expert Chris McCormack, and principal researcher Fraser Howard from Sophos to learn how web threats are created and spread -- and the impact they have on your business.  They’ll also discuss these key topics and more:

  • There's no such thing as a trusted website

  • How today's web attacks work

  • Three tips to safeguard your systems

Register today to attend this informative webcast.

 
 
 



United Business Media LLC - 600 Community Drive, Manhasset, New York 11030 - Privacy Statement
Posted by at

Payment Processinig Inc. Announces Exclusive Agreement with Self Storage Association







Payment Processinig, Inc. Announced as Exclusive Credit Card Processor with SSA Partner Status




Payment Processing, Inc. (PPI), the industry leader for integrated payment solutions, announces that it has been named an official partner sponsor of the Self Storage Association (SSA). In this role, PPI is the only payment processing company with SSA Partner status and will be a featured panelist for a session titled "Customer Privacy Regulations" at the upcoming SSA Fall Conference being held September 10-12th in Las Vegas, Nevada.

"We are thrilled to be the only payment processing company with Partner status for the Self Storage Association and a featured panelist at their fall convention," stated Eddie Myers, President of Payment Processing, Inc. "This platform allows PPI to continue to educate SSA members on the necessary steps that should be taken to ensure they secure a customer's private data, including payment processing information."



As the leading association for the self storage market, the Self Storage Association (SSA) is the official not-for-profit trade association representing over 6,000 direct and indirect members that own or operate over 22,000 self storage facilities throughout the United States. Headquartered in Alexandria, VA, the SSA provides members with educational resources and represents them on key legislative issues affecting the self storage market.



PPI provides self storage companies with a full range of services for integrating electronic credit and debit card payments, including gateway services, integration support, merchant support and services, and PA DSS/PCI-DSS security assistance. The company's proprietary PPI PayMover platform can be integrated with virtually any business application and is the leading payment processing solution used in the self storage market.



About the Self Storage Association

Since 1975, the Self Storage Association (SSA) has been the official not-for-profit trade association representing the self storage industry and the registered lobbying organization before the United States Congress and the federal agencies. The SSA represents the huge U.S. self storage industry that is comprised of more than 52,000 facilities. The SSA publishes the "official voice of the self storage industry," the SSA Globe magazine, on a monthly basis. The magazine is the industry's largest paid-circulation magazine and has a monthly circulation of approximately 17,000 and a national annual readership in excess of 500,000. Learn more at www.selfstorage.com.



About Payment Processing, Inc.

Since 1995, PPI has been the industry leader in providing software developers with a full range of services for developing and promoting integrated payment solutions, including PPI-developed payment gateway technology, integration support, merchant support, marketing assistance and PA DSS/PCI-DSS security services. Today, PPI is the most successful company in the world focused on integrated payments, supporting more than 1,200 partners and over 34,000 merchants with efficient, cost-effective payment solutions. In 2008, PPI processed in excess of $5 billion in Visa® and MasterCard® payments. Learn more at www.paypros.com.
Posted by at

Friday, September 11, 2009

Internet is "Card Not Present"...

"Card Not Present" Fraud is Growing Rampantly!



HomeATM Eliminates "Card Not Present" Fraud by enabling transactions to be conducted in a "Card Present" Environment.



HomeATM provides a low cost, 2FA 3DES E2EE PCI 2.x Certified Solution which allows Internet Retailers and Consumers to level the playing field by eliminating the "card not present" environment. 



If an online consumer was instructed to  "Swipe their Card thereby capturing the data on the magnetic stripe, it would be, by definition, a "card present" transaction. 



Therefore, our device would eliminate "card not present" fraud by "morphing" the "card not present" environment into a "card present" environment.  Yes? 



You might say that HomeATM changes the way card information is swiped. 





The way it is done now, the card details are "swiped by the fraudsters."   Does it not make more sense for the online shopper to "swipe" their own card details? Then again, we could ignore all the red flags and just keep on typing!





No let up by fraudsters as online card spend soars | Response Source

Fraud prevention specialists reveal Britain’s top UK card fraud hotspots



Many of Britain’s high street shops may have been affected by the economic downturn, but millions of consumers have been more than happy to spend their money online and through mail order with their favorite retailers. However, once again the dark side of card usage is revealed as fraud specialists, the 3rd Man, unveil the extent of criminal card activity and in particular the worst places in Britain for attempted card fraud.
An analysis of the 3rd Man’s comprehensive and detailed records shows that between August 2008 and August 2009, shoppers spent an estimated £46 billion using their cards in ‘card not present’ transactions, the term used to describe purchasing when, for example, a customer is buying online or by phone. Of this figure, fraudsters have tried their best to relieve retailers of more than half a billion pounds worth of goods.


“Although Britain has been in a serious recession, it appears that many consumers have been happy to spend their money over the Internet, which is good news,” says Andrew Goodwill, fraud specialist with the 3rd Man.



“However, fraudsters show no signs of giving up. They know that online shopping has become big business and they try every scam imaginable to dupe retailers. More and more honest people are using their cards to buy over the Internet, but unfortunately more and more fraudsters are also upping their game.” 





Editor's Note:  Time to "up OUR game" or these "jokers" will continue to steal our identities, cash, and peace of mind.  Eliminate Typing, Start Swiping and "Card Not Present" fraud will be eliminated. It's really not that difficult to grasp the concept...is it?  


, , , , , ,
Reblog this post [with Zemanta]
Posted by at

How To Hack an ATM Part IX (Collect All 10!)

ATM Thefts
Posted by at

EFT Canada Announces Agreement with Bell Canada



Toronto, Sept. 10, 2009 -PIN Payments News Blog- EFT Canada Inc. (TSX VENTURE:EFT), a leader in electronic transaction processing, today announced an agreement with Bell Canada, the country's largest communications company, to provide its Bell Business Markets division with a fully integrated business-to-business (B2B) and business-to-consumer (B2C) electronic transaction processing platform.



The solution will enable customers of Bell Business Markets to automate and process the collection and disbursement of funds online.



The EFT Canada application is a division specific solution, acting as a virtual gateway, simplifies and automates the processing of electronic funds transfer in Canada. The solution is expected to assist the Bell Business Markets in competing for and completing special projects.



"Through our comprehensive and leading solution, the Bell Business Markets is gaining a powerful and easy to use transaction processing platform," said Jonathan Pasternak, EFT Canada President. "Having been chosen by Bell as a vendor and being able to meet their high standard vendor code of conduct and practices, further enforces our credibility in the marketplace."



EFT Canada, founded in 2003, is a financial processing company that offers a complete solution to the collection and payment processing needs of small and medium sized business merchants, banks, credit unions, and other financial firms in Canada and the United States. The Company develops, maintains and delivers innovative electronic transaction processing technologies, such as customized electronic payment and collection processing solutions and gift and loyalty card services, by drawing on its operational and applications expertise. For more information, please call Jonathan Pasternak 416-781-0666 or visit www.eftcanada.com .



Source: Company press release.



Reblog this post [with Zemanta]
Posted by at

TransFirst Releases Way Systems way5000



Boston, Sept. 11, 2009 -PIN Payments News Blog- WAY Systems, manufacturers of mobile POS solutions and TransFirst one of the leading providers for merchant acquiring solutions announced today the release of the way5000, a credit, PIN-Debit, low-cost, pocket sized mobile point of sale device. The way5000 will be fully supported and sold throughout the TransFirst sales network.



“WAY Systems is very pleased to continue our long time partnership with an industry leader like TransFirst. WAY has built a reputation for bringing high quality, low-cost mobile point of sale devices to the mobile merchant market which has long been an important market segment for TransFirst. We are excited to be able help TransFirst enhance their leadership position with those mobile merchants”, said Mike Ryan Director for Distribution Channels for WAY Systems.



“Mobile merchants are a key part of TransFirst’s overall strategy. WAY Systems is an excellent fit to ensure we provide our merchants a cutting edge product that rounds out our suite of products and services and provides our merchants with a robust mobile device”, said Steve Cadden President and Chief Operating Officer for TransFirst.



About WAY Systems, Inc.



WAY Systems has designed, developed, tested and delivered end to end payment solutions for mobile merchants all over the world. Our products and services are designed to meet the payment transaction needs of mobile merchants and exceed industry security standards. We empower merchants to conduct business any time any where and increase their revenue by accepting credit and pin based debit cards. WAY’s innovative mobile POS devices and dedication to service make us the ideal partner for you to conduct Transactions Without Boundaries. Users of WAY terminals are invited to explore the limitless possibilities of commerce.



About TransFirst



A leading provider of secure transaction processing services and payment enabling technologies, TransFirst offers innovative products and services designed with financial institution, independent sales organization, healthcare, eCommerce, government and merchant customers’ unique needs in mind. By collaborating with our customers and utilizing strong industry knowledge, we help them grow their businesses. Founded in 1995, TransFirst continues to attain significant market share and world-class expertise in growing and profitable industry segments. Built on a platform of personal service, customer commitment and flexible pricing, TransFirst is headquartered in Hauppauge, New York, and has operations facilities in Aurora, Colo., Louisville, Colo., Omaha, Neb., Kansas City, Kan., and executive headquarters in Dallas, Texas. Company-wide, TransFirst currently processes approximately $30 billion in annual sales volume for more than 175,000 merchants and more than 1,000 financial institutions. For additional information, please call 1-800-745-2659

or visit www.TransFirst.com )





Source: Company press release.
Posted by at

How to Hack an ATM - Part VIII (Collect All 10!)



Pair steal 800 lb ATM with $96G inside



By Sam Wood | Inquirer Staff Writer



In our ongoing series "How to Hack an ATM" we bring you this from Philly.com



No pictures yet, so here's a picture from a previous "How to Hack and ATM" post.



Police are looking for a pair of brazen, "sophisticated" thieves who disconnected an 800-pound ATM with about $96,000 inside and rolled it out of a Delaware County hospital on a dolly.



The ATM, minus the cash, and the van the thieves used for their getaway were found aflame in Southwest Philadelphia last night, more than 24 hours after the the heist at he Delaware County Memorial Hospital in Upper Darby.



Upper Darby Police Superintendant Michael Chitwood said the pair, wearing baseball caps and keeping their heads down to conceal their facial features from surveillance cameras, disconnected three cables and successfully disarmed the ATM's alarm to carry out their caper.



"This was sophisticated, well planned, well managed," Chitwood said. "When you view the video, they didn't have a care in the world. They knew what they were doing and where they were going.



With one carrying a clipboard and the other pushing a dolly, the pair entered the hospital's lobby about 8:24 p.m. Monday and left two minutes later with the ATM, which was valued at $17,000 and had in excess of $96,000 inside, police said.

At 8:45 p.m., they are seen leaving the parking lot in a white Ford econoline van.



Continue Reading
Posted by at

Wal*Mart Phisher Pleads Guilty



Guilty plea in Wal-Mart phishing case

11 September 2009 - 11:54 - Finextra



A member of a phishing gang that stole financial information from thousands of people and used it to open credit accounts at Wal-Mart stores has pleaded guilty.



Tien "Tim" Truong Nguyen, from California, pleaded guilty to conspiracy, access device fraud, aggravated identity theft and being a felon in possession of a firearm, the day before his case was set to go to trial.



Nguyen was arrested in 2007, accused of setting up Web sites designed to look like they belonged to banks and other firms like PayPal. He then sent out phishing e-mails directing victims to the sites, where they were asked to enter sensitive information.



The scam netted him, and Eastern European accomplices, thousands of credit and debit card numbers, social security numbers and other personal identification information.



Continue Reading at Finextra
Posted by at
Subscribe to: Posts (Atom)

Disqus for ePayment News