Industry Wary of Proposed House Bill HR 3904 (Overdraft Payments)

AN EMAIL NEWSLETTER PUBLISHED BY STRUNK & ASSOCIATES, L.P.

Industry Wary of Proposed House Bill HR 3904 Not Good Public Policy Says Former NCUA Chief On October 30, 2009, the House Financial Services Committee listened to testimony from both industry as well as consumer advocacy groups on proposed bill HR3904 which would put severe regulatory restrictions on overdraft payment programs for financial institutions. Dennis Dollar, former Chairman of the NCUA and now Principal Partner of Dollar Associates, commented on a number of issues surrounding the new bill in his formal remarks to the committee (CLICK HERE FOR ARCHIVED TAPING). He argued that overdraft payment services, when administered properly, are a valued service that credit union members and consumers appreciate over the traditional handling of NSF transactions. With overdraft protection, rather than being charged a NSF fee, the member is charged a comparable fee to honor the overdrawn item. "It is important to remember that an overdraft fee is not an additional fee above and beyond the NSF fee," according to Dollar. "Credit union members see value in these programs because they are able to realize the additional cost savings associated with avoiding late fees, merchant charges, and cancellations of service. In addition, these programs prevent the embarrassment and potential legal liability of writing a check that is returned for insufficient funds," he explained. Dollar also questioned the claim by critics that consumers see little to no advantage to these programs and feel ripped off by them. He contends that if consumers feel the services have no worth, why are they so popular and utilized by so many credit union members? "And the fact that financial institutions have increased earnings from these programs should not automatically be viewed as suspect, but rather should be seen as evidence that the consumer appreciates overdraft services and is comfortable utilizing them when needed," he contends. While the former regulator supports the financial institutions' right to offer overdraft services, he is quick to point out that he only supports programs that are fair and responsible. "Program disclosures should be well defined and easy to understand. Consumers should always be afforded the right to opt out upon request. Ongoing cumulative totals of overdraft fees should be clearly disclosed. Check processing order should also be disclosed; perhaps even providing options for the processing order left to the discretion of the consumer. And when technology allows it, an 'opt out' at the point of sale would be a best practice worth implementing." Most of these standards are the way responsible financial institutions handle their overdraft programs today. "Because some do not follow best practices does not, in my view, make a case to over-regulate those who do with punitive or burdensome legislation," he adds. "My background as a federal regulator who sat on the Federal Financial Institutions Examination Council from 2001 to 2004 leads me to believe that the regulatory agencies are best positioned to police this arena and to eliminate substandard overdraft services. I strongly urge that any statutory or regulatory action be focused on program abuse. Legislation that would largely dismantle these services through untenable restrictions, I emphasize again, would not be good public policy," he concludes. Strunk & Associates – Genuine Expertise Early in the development of its Overdraft Privilege Service Program, Strunk & Associates recognized that there was only one way to deal with the projected continual issuance of regulatory actions dealing Safety and Soundness and Consumer Protection in the financial industry – significant and ongoing investments in compliance and legal expertise with nationally recognized law firms. Strunk clients are provided with the most comprehensive up-to-date and detailed set of best practices, policies and disclosures in the industry. Our guidance package is designed to assist our clients in their compliance efforts to ensure that their practices and processes with the Strunk discretionary overdraft payment service program is reliably compliant, prudent, safe and responsible. Our ability to recognize and address the dynamics of regulatory forces and provide reliably compliant, prudent, safe, flexible and responsible solutions is an important Strunk core competency. More importantly, it provides a strategic set of assets for credit unions that differentiates Strunk & Associates from other overdraft payment service third party providers. Our Track Record For almost two decades, Strunk & Associates has provided nearly 2000 clients with the leading discretionary overdraft payment service. During this period, our clients’ practices and processes have remained compliant, prudent, safe and responsible. Our clients have undergone thousands of federal and state examinations without a single reported issue. Furthermore, no Strunk client, who has followed our recommended program guidelines, has ever been subject to negative press during their implementation or continued management of Strunk’s Overdraft Privilege Service Program. If you're looking to refresh, renew and improve underperforming areas of your existing overdraft payment program, call Strunk & Associates today at 800.728.3116. For additional information on Overdraft Privilege from Strunk & Associates, CLICK HERE. The Strunk Overdraft Privilege Service support and compliance programs go far beyond the "legal minimum." The Strunk program includes support for the broader issues of risk management, business continuity and the delivery of a sustained and a superior member service level. Contact Strunk & Associates today at 800.728.3116

By Marc Paine Executive Vice President Strunk & Associates, L.P. Well, October has been a busy month for Congress. It seems our legislators have found enough time to rejoin their pursuit of bills that address discretionary overdraft payment service programs. Two significant pieces of legislation are currently being considered on Capitol Hill. Legislation On October 19, 2009, Senator Chris Dodd (D-CT) disclosed S. 1799 – The Fairness and Accountability in Receiving (FAIR) Overdraft Coverage Act. Among the provisions in Dodd's proposed legislation are requirements for member consent prior to enrolling them in overdraft protection programs ("opt-in"). It also stipulates that members must be warned if an ATM or teller transaction would overdraw their account. Measures to stop financial institutions from manipulating the order in which they post transactions have been included in the bill as well as provisions that will limit the number of overdraft coverage fees credit unions can charge to one per month and six per year. The Dodd bill further requires that "fees be proportional to the cost of processing the overdraft." Representative Carolyn Maloney (D-NY) is co-sponsoring a House Bill (HR 3904) with Rep. Barney Frank (D-MA) that represents the companion bill to Senator Dodd's S. 1799 (see comments by Dennis Dollar, former Chairman of the NCUA in the left column article). Without a doubt, legislative concern with overdraft protection products has been driven by recent media coverage portraying all overdraft programs as predatory and exploitive. We know this grossly misrepresents overdraft payment service products as well as credit unions in general. But let's be realistic, it is more likely than ever that something will pass this Congress. Moving Forward I've attended a number of meetings and conventions during the last three months and got a chance to visit with friends and other participants who all seemed to want to know about the House Bill HR 3904, the Senate Bill S. 1799 and their impact on checks, debit cards and ATMs. Many financial institutions have asked us, "Shouldn't we wait until Congress acts?" Absolutly not! There is no reason to delay providing this service and allowing members to enjoy this valuable and well received program. Keep in mind that the great majority of changes being proposed by these proposed bills are entirely consistent with Strunk's existing overdraft protection recommendations. Due to the strong focus and emphasis we place on compliance and full disclosure during and after roll out of our overdraft payment program, our clients and their accountholders are well educated on the details of our discretionary overdraft payment program. Nothing is hidden from account holders. The entire Strunk regulatory staff and outside legal counsel are monitoring both bills very closely. It appears that workable compromises are being considered within both versions. I want to emphasize that Strunk and Associates believes that there is nothing in either proposed legislation that will prevent the continuance of discretionary overdraft payment service programs by credit unions. A Call To Action However, getting legislators to consider concessions that frame these bills into something that credit unions can live with, will not happen without proactive advocacy efforts undertaken by credit unions through their Leagues, CUNA, NAFCU and other organizations. We strongly urge you to stay on top of the issues involved in the legislation. Credit unions should challenge reporters in their local area to actually investigate and report on overdraft services by talking to actual members in their area and local credit union executives – rather than using "case histories" provided by consumer advocates. And it should not stop there. If you have a successful overdraft payment program with satisfied members, share your story with government representatives at the local, state and federal level. Telling the "other side" of the story need not be apologetic or defensive. With this in mind, we have prepared a one page information sheet that points out problematic issues associated with the HR 3904 and S. 1799 and provides information on the how to contact members of the House and Senate committees considering this legislation. CLICK HERE for your CALL TO ACTION INFORMATION SHEET. Strunk & Associates is proud of its leadership role in compliance and the development of best practices that drive successful overdraft programs and satisfied accountholders. We look forward to working with the credit union community in the future. Strunk and Associates will continue to assist our clients with any new compliance requirements and will assist with the development of any new best practices that are required to remain in full compliance. For our paper on The Correct Methods to Provide Overdraft Protection, CLICK HERE. And that’s the bottom line!

Related articles by Zemanta

• Say Goodbye to Debit Overdraft Fees (businesspundit.com)


• Daily Buzz: Crackdown on Excessive Gift Card Fees and More! (dailywd.womansday.com)


• Overdraft Fees Up 35% In Past Two Years [Overdraft Fees] (consumerist.com)


• New Rules Would Restrict Overdraft Fees on Debit Cards (nytimes.com)

Massive Fraud Hits Canadian Debit Card Holders

"Thousands of Cards...Millions of Dollars"



Finextra is reporting this morning that fraudsters in Canada have compromised thousands of cards after installing debit machines that recorded PIN numbers in stores.  According to the Canadian Broadcasting Corporation, there has been a massive debit-card fraud in B.C.'s Lower Mainland involving thousands of cards and possibly millions of dollars.  The fraud was committed through compromised debit machines at stores in the communities of Ladner, Delta, Langley, Surrey and possibly Vancouver.  



It appears debit-card pads were replaced with pads equipped with devices that transmitted PIN numbers and transaction information to a criminal organization.



CBC has learned the fraud involved some Safeway food stores, a credit union in Langley and a number of independent retailers. Most of the pads that were compromised were owned by TD Canada Trust. Anyone affected will be reimbursed, the bank said.



Kelly Hechler, the bank's senior corporate communications manager, told CBC News the bank is hoping new chip technology in debit cards will help eliminate this kind of crime. "It is really a good thing that chip is rolling out and that we're as far along as we are in getting chip cards out to people," Hechler said.

Related articles by Zemanta

• Massive B.C. fraud hits debit-card users (cbc.ca)


• McDonald's targeted by debit fraud (cbc.ca)


• Debit-card skimming scheme investigated (cbc.ca)

Gemalto in Exclusive Talks with XIRING to Acquire XIRING’s Banking Activity

Amsterdam, The Netherlands and Suresnes, France - Nov 23, 2009 - Gemalto (Euronext NL0000400653 - GTO), the world leader in digital security and XIRING, a leader in smart card based strong authentication solutions for e-banking and e-commerce, today announced that they have entered into exclusive negotiations with the objective to complete the acquisition by Gemalto of the XIRING banking activity.



The proposed transaction concerns all of the current activities of the banking business unit of XIRING, with all the associated products, IP and technologies, as dedicated to EMV based strong authentication solutions for e-banking and e-commerce.



XIRING is a pioneer of EMV based strong authentication solutions for e-banking and e-commerce. The combination of the banking activity from XIRING with its own, would position Gemalto as a leader in EMV based strong authentication solutions for e-banking and e-commerce.



The transaction is expected to be completed by year end. Upon completion of the transaction, XIRING would continue to operate in its non-banking activities independently from Gemalto.



The two companies will not comment on the proposed transaction terms until the achievement of negotiation and legal processes and signature of a final and binding contract.





Download the complete version (PDF, 54 KB)







About Gemalto



Gemalto (Euronext NL 0000400653 GTO) is the world leader in digital security with 2008 annual revenues of €1.68 billion, and 10,000 employees operating out of 75 offices, research and service centers in 40 countries.



Gemalto is at the heart of our evolving digital society. The freedom to communicate, travel, shop, bank, entertain, and work—anytime, anywhere—has become an integral part of what people want and expect, in ways that are convenient, enjoyable and secure.



Gemalto delivers on the growing demands of billions of people worldwide for mobile connectivity, identity and data protection, credit card safety, health and transportation services, e-government and national security. We do this by supplying to governments, wireless operators, banks and enterprises a wide range of secure personal devices, such as subscriber identification modules (SIM) in mobile phones, smart banking cards, electronic passports, and USB tokens for online identity protection. To complete the solution we also provide software, systems and services to help our customers achieve their goals.



As the use of Gemalto's software and secure devices increases with the number of people interacting in the digital and wireless world, the company is poised to thrive over the coming years.



For more information please visit www.gemalto.com.



About XIRING



Created in 1998, XIRING is a security solutions provider and develops security software embedded in smart card readers for strong authentication and digital signature. XIRING has distributed over 10 million strong authentication solutions based on banking cards and compliant with MasterCard and Visa programs, and is the leader of the professional solutions market for the SESAM-Vitale French healthcare scheme. In 2008, XIRING posted a turnover of €28.5 million up 20% and an operating margin of €3.5 million up 62%. XIRING is listed on the Alternext compartment of the NYSE-Euronext Paris exchange since September 18, 2006. ISIN code: FR0004155612, Mnemonic: ALXIR.



More information: http://www.xiring.com

Aite Group Says Fiserv Top Online Bill Payment Provider

Fiserv, Inc. today announced that the company was recognized as a top online bill payment processor in a recent report by Aite Group, a financial services research firm. Fiserv provides highly integrated, user-friendly online banking and bill payment solutions through the industry's most comprehensive network of financial institutions, billers and end-users.

Fiserv Recognized as a Top Online Bill Payment Provider by Aite Group

- Fiserv leads industry in end users, transactions and key features such as bill presentment -



Brookfield, Wis., November 23, 2009 - Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, today announced that the company was recognized as a top online bill payment processor in a recent report by Aite Group, a financial services research firm. Fiserv provides highly integrated, user-friendly online banking and bill payment solutions through the industry's most comprehensive network of financial institutions, billers and end-users.



In the report, Online Banking Bill Payments: A Vendor Performance Update, Aite Group highlighted the performance of leading online bill payment processors from 2006 through the first half of 2009. Aite evaluated each provider against 21 key criteria, including number of end-users, transaction market share, bill presentment capabilities and processing speed. Fiserv was recognized as one of the best overall performers in the assessment. According to Aite, Fiserv processes more transactions than all of the other providers in the report combined and supports the largest number of bill pay end-users in the industry. The company also leads the small business bill pay market in customers and transactions.



"By a wide margin, Fiserv commands the largest market share among consolidator processors by number of end-users," said Gwenn Bezard, research director, Aite Group. "Still, Fiserv has managed to steadily increase its relative market share by number of end-users over the past few years, from 73.4 percent in 2006 to 76.1 percent in the first half of 2009."



Reinforcing the company's core competencies in customer and channel management and payments, other report findings reiterate the strong performance of Fiserv, based on features that drive greater user satisfaction, including:

• Bill Presentment - Fiserv has the greatest share of electronic bills (e-bills) delivered within the online banking channel, with an estimated 93 percent of e-bills as of 2008.


• Processing Speed - Eighty percent of Fiserv payments are processed same-day or next-day, a leading figure among the providers evaluated in the report.


• Small Business Payments - Fiserv leads all other providers listed in the report in the number of small business customers and number of small business transactions, providing financial institutions with payments flexibility across multiple lines of business.

"Consumers are looking to their financial institutions to provide user-friendly bill payment options that integrate seamlessly into the online banking experience," said Erich Litch, senior vice president and general manager, Consumer Services, Fiserv. "Fiserv is focused on providing a superior online banking and bill payment experience through rich user interfaces and intuitive functionality, which drives user satisfaction. With the introduction and expansion of mobile and person-to-person payment options we are continuing to innovate and provide our financial institution clients the services they need to engage their customers today and in the future."



About Fiserv

Fiserv, Inc. (NASDAQ: FISV) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.



# # #

November (IN)SECURE Magazine Released

IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 23 has been released.



DOWNLOAD ISSUE 23 HERE

(November 2009)

Table of contents

• Microsoft's security patches year in review: A malware researcher's perspective


• A closer look at Red Condor Hosted Service


• Report: RSA Conference Europe 2009, London


• The U.S. Department of Homeland Security has a vision for stronger information security


• Q&A: Didier Stevens on malicious PDFs


• Protecting browsers, endpoints and enterprises against new Web-based attacks


• Mobile spam: An old challenge in a new guise


• Report: BruCON security conference, Brussels


• Are you putting your business at risk?


• Why out-of-band transactions verification is critical to protecting online banking


• Study uncovers alarming password usage behavior


• Q&A: Noise vs. Subversive Computing with Pascal Cretain


• Elevating email to an enterprise-class database application solution


• Ask the social engineer: Practice


• Report: Storage Expo 2009, London


• Jumping fences


• the ever decreasing perimeter.

Related articles by Zemanta

• Criminals Sitting on Stolen Data "Timebomb" (pindebit.blogspot.com)


• Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day (boycottnovell.com)


• 20% of cyber attacks OK? (warintel.blogspot.com)


• Hackers post new attack code for Internet Explorer (infoworld.com)


• Senate Panel: 80 Percent of Cyber Attacks Preventable (wired.com)

Hardware Required for PIN Debit - NYCE

NYCE Says PIN Debit Encryption Must Be Hardware Based

I was looking for more e-vidence that a software application for PIN Debit is unsafe and I happened to stumble upon the NYCE.net website which published a white paper called: "PIN Debit Security Awareness."



In it they explain how encryption works (see charts on left and below and click to enlarge)



The most interesting (and striking) piece of e-vidence supporting hardware (HomeATM) vs. a software (whomever) approach were two "key" statements regarding PIN Encryption.



Here they are...



1. "NEVER USE SOFTWARE" followed by another simple statement:





2. "ALWAYS EMPLOY SECURE HARDWARE" (see graphic below right...click to enlarge) 

I think those two statements sum it up rather NYCELY!

However, lest there be an ambivalence regarding whether hardware is the way to go...they go...on to say:

3. Secure encryption practices also depend on using secure hardware.



Financial institutions must ensure that all PINs and encryption keys never appear in the clear.



This control objective is most often accomplished by using secure hardware (also known as firmware) which masks PIN generation, encryption and decryption from human sight and, more importantly, from disclosure.



You (banks) should review the functionality of your secure hardware by assessing the vendor documentation and by asking your vendor to confirm that their devices meet the ANSI definition of tamper resistance.  (Editor's Note: Tamper Resistance is part of the certification process as a PCI 2.0 PIN Entry Device) 

It's NYCE to know they stand "firm" in their belief that Hardware is essential! 

To Read "Best Practices for PIN Encryption" Download the white paper

This paper is intended to help you:

• Learn about the "dos" and "don'ts," associated with American National Standards Institute (ANSI) standards and NYCE Network Operating Rules, for sound key management procedures and security.


• Understand your responsibility for safeguarding encryption keys, even if you outsource some tasks to third parties.


• Anticipate what you might expect from an audit or security review of your encryption key management procedures.


• Align your encryption key processes with bank regulatory requirements

Related articles

• New Standard for Encrypting Card Data in the Works - HomeATM Already Done (pindebit.blogspot.com)


• E(F)T Call Home(ATM) (pindebit.blogspot.com)


• Make the "Hack You" Link... (pindebit.blogspot.com)


• Chase Paymentech Predicts: PIN Debit Ubiquitous on Web by 2012 (pindebit.blogspot.com)


• Acculynk Most Closely Mimics Grocery Store Experience? (pindebit.blogspot.com)


• HomeATM at the (Security) Summit! (pindebit.blogspot.com)


• PIN on PED vs. PIN on the Web (pindebit.blogspot.com)


• HomeATM Receives First Ever Internet PCI 2.0 PED Certification (pindebit.blogspot.com)


• Internet PIN Debit White Paper - HomeATM (pindebit.blogspot.com)


• 3DES, DUKPT & E2EE Explained (information-security-resources.com)


• 
  
  

More On How SSL (used for online banking security) is Flawed

1. 1.  Critical Flaw in SSL Found, Software Makers Scrambling for Band-Aid ...
      
      
      
      
      Nov 5, 2009 ... A critical new flaw in SSL, or the Secure Sockets Layer used to protect Web traffic for online banking, shopping, and any other https ...
      
      pindebit.blogspot.com/2009/.../critical-flaw-in-ssl-found-software.html - Cached
      
      
      
      -More on SSL is SOL (i.e.) Forget about Secure Financial Transactions on the Web using Software ...
      
      
      
      Nov 6, 2009 ... Here's some more on the recently discovered/secretly addressed/accidentally exposed critical flaw in SSL which is what the online banking ...
      
      
      
      pindebit.blogspot.com/2009/.../more-on-ssl-is-sol-ie-forget-about.html - Cached -
      
      

      
      
      
      
      Show more results from pindebit.blogspot.com
      
      

      
      
      
      
      
      
      
      
   
   
   News results for ssl flaw
   
   
   
   SSL Flaw Could Have Been Used to Hack Twitter‎ - According to Ray, people should realize that "this is a serious bug and people need to patch it." PC World - 30 related articles »
   
   Security Pro Says New SSL Attack Can Hit Many Sites‎ - PC World - 11 related articles »
   
   
   
   
   
   
   
   
   
   
   
   
   1. SSL flaw revealed at Black Hat - The H Security: News and Features
      
      
      
      
      
      
      
      
      Jul 30, 2009 ... Moxie Marlinspikes and Dan Kaminsky have presented a significant flaw in the issuing of SSL certificates at the Black Hat conference.
      
      www.h-online.com/.../SSL-flaw-revealed-at-Black-Hat-742713.html - Cached -
      
      
      
      
      
      
      
      
      
   
   
   2. Major SSL Flaw Find Prompts Protocol Update - DarkReading
      
      
      
      
      
      
      
      
      Nov 5, 2009 ... Vendors, IETF, have been working on a fix since last month for a newly discovered vulnerability in the SSL protocol that spans browsers, ...
      
      www.darkreading.com/security/.../showArticle.jhtml?articleID...cid... - Cached -
      
      
      
      
      
   
   
   3. SSL flaw could have been used to hack Twitter
      
      
      
      
      
      
      
      
      Nov 16, 2009 ... A flaw in the protocol used to secure communications over the Internet could have been used to hack Twitter accounts, according to an IBM ...
      
      www.computerworld.com/.../SSL_flaw_could_have_been_used_to_hack_Twitter - Cached -
      
      
      
      
      
      
      
      
      
   
   
   4. Microsoft: SSL flaw is in operating system, not Web browser
      
      
      
      
      
      
      
      
      Aug 15, 2002 ... Microsoft said it's working on patches for its Windows operating system after finding that a recently discovered SSL flaw is in the OS, ...
      
      www.computerworld.com/action/article.do?command... - Cached - Similar -
      
      
      
      
      
      
      
      
      
   
   
   5. SSL flaw could have been used to hack Twitter | Topics | Macworld
      
      
      
      
      
      
      A researcher has shown how to hack Twitter using a previously disclosed bug in SSL.
      
      www.macworld.com/article/143881/2009/11/twitter_sslflaw.html - Cached -
      
      
      
      
      
      
      
      
      
   
   
   6. SSL flaw allows man-in-the-middle attacks - Security
      
      
      
      
      
      
      Nov 6, 2009 ... A vulnerability in the SSL protocol is causing a bit of stir after it was discovered that the flaw would allow an attacker to inject ...
      
      www.thetechherald.com/.../SSL-flaw-allows-man-in-the-middle-attacks - Cached -
      
      
      
      
      
      
      
      
      
   
   
   7. Major SSL Flaw Was Being Patched in Secret - The cat's out of the ...
      
      
      
      
      
      
      Nov 5, 2009 ... A serious design flaw in the SSL and TLS protocols has been kept secret since its discovery in August. Major technology companies have been ...
      
      news.softpedia.com/.../Major-SSL-Flaw-Was-Being-Patched-in-Secret-126241.shtml - Cached -
      
      
      
      
      
      
      
      
      
   
   
   8. Security Writer Questions Impact of SSL Flaw | threatpost
      
      
      
      
      
      
      It is a "man-in-the-middle" (MitM) attack in which an attacker can use an SSL feature called "negotiation" to inject bad stuff into an SSL session. ...
      
      threatpost.com/en.../security-writer-questions-impact-ssl-flaw-111209 - Cached -
      
      
      
      
      
      
      
      
      
   
   
   9. SSL Flaw Has Researchers Hustling to Fix | threatpost
      
      
      
      
      
      
      A flaw i n the SSL protocol that could affect company networks, hosting environments and key machines has security researchers scrambling. ...
      
      threatpost.com/en_us/.../ssl-flaw-has-researchers-hustling-fix-110509 - Cached -
      
      

      
      
      
      
      Show more results from threatpost.com
      
      

      
      
      
      
      
      
   
   
   10. Securosis Blog | Major SSL Flaw Discovered
       
       
       
       
       
       
       Nov 5, 2009 ... A major flaw has been found that enables a man-in-the-middle attacks against SSL connections. Several other media outlets are reporting, ...
       
       securosis.com/blog/major-ssl-flaw-discovered/ - Cached -
       
       
       
       
       
       
       
       
       
   
   
   11. SSL flaw fixing shows industry can work together > Other > Patch ...
       
       
       
       
       
       
       Aug 6, 2009 ... SSL flaw fixing shows industry can work together. Related Articles. Serious vulnerability in SSL discovered · Browser SSL warnings shown to ...
       
       www.securecomputing.net.au/.../152166,ssl-flaw-fixing-shows-industry-can-work-together.aspx - Cached -
       
       
       
       
       
       
       
       
       
   
   
   12. Programming news: Firefox SSL flaw, Rails BugMash event, browser ...
       
       
       
       
       
       
       Aug 3, 2009 ... Get highlights about a critical Firefox SSL flaw, ATL vulnerabilities, ActiveX flaw, Rx (LINQ to Events) in .NET 4, STM.
       
       blogs.techrepublic.com.com/programming-and-development/?p... - Cached -
       
       
       
       
       
       
       
       
       
   
   
   13. SSL flaw prompts security scramble - V3.co.uk - formerly vnunet.com
       
       
       
       
       
       
       Nov 6, 2009 ... Vendors work to protect against 'man in the middle' flaw.
       
       www.v3.co.uk/v3/news/2252655/ssl-flaw-prompts-security - Cached -
       
       
       
       
       
       
       
       
       
   
   
   14. Join The Revolution! » SSL Flaw by (Browser) Design?
       
       
       
       
       
       
       
       
       SSL Flaw by (Browser) Design? Posted by Eddy Nigg; July 21, 2009. A while ago, the two security “white hats” Alexander Sotirov and Mike Zusman announced ...
       
       https://blog.startcom.org/?p=200 - Cached -
       
       
       
       
       
       
       
       
       
   
   
   15. IBM researcher hacks Twitter using SSL flaw - Techworld.com
       
       
       
       
       
       
       An IBM researcher has shown how to hack Twitter using a previously disclosed bug in SSL. A flaw in the protocol...
       
       news.techworld.com/.../ibm-researcher-hacks-twitter-using-ssl-flaw/ - Cached -
       
       
       
       
       
       
       
       
       
   
   
   16. Experts war over seriousness of SSL flaw :: SearchSecurity.com.au
       
       
       
       
       
       
       Nov 6, 2009 ... The discoverers of a new SSL vulnerability warn it could have dire consequences. But another researcher isn't so sure it's a big threat.
       
       searchsecurity.techtarget.com.au/.../36853-Experts-war-over-seriousness-of-SSL-flaw - Cached -
       
       
       
       
       
       
       
       
       
   
   
   17. SSL Flaw Could Have Been Used to Hack Twitter - Legit Reviews
       
       
       
       
       
       
       Nov 16, 2009 ... SSL Flaw Could Have Been Used to Hack Twitter. A flaw in the protocol used to secure communications over the Internet could have been used ...
       
       legitreviews.com/news/6823/ - Cached -
       
       
       
       
       
       
       
       
       
   
   
   18. Mozilla aware of SSL flaw in Feb. Advisory issued in August ...
       
       
       
       
       
       
       Mozilla aware of SSL flaw in Feb. Advisory issued in August. By Sean Michael Kerner on August 3, 2009 1:05 PM. sr-firefox3.jpg ...
       
       blog.internetnews.com/skerner/.../mozilla-was-aware-of-ssl-flaw.html - Cached -
       
       
       
       
       
       
       
       
       
   
   
   19. SSL Flaw Exposed at Black Hat Conference - Web Hosting Industry ...
       
       
       
       
       
       
       Jul 31, 2009 ... theWHIR.com News: SSL Flaw Exposed at Black Hat Conference. ... vulnerabilities in the issuing process for SSL certificates that could allow ...
       
       www.thewhir.com/.../073109_SSL_Flaw_Exposed_at_Black_Hat_Conference - Cached -
       
       
       
       
       
       
       
       
       
   
   
   
   
   

Related articles by Zemanta

• Typing Mostly Misunderstood (pindebit.blogspot.com)


• SSL flaw could have been used to hack Twitter (macworld.com)


• Vendors scrambling to fix bug in Net's security (macworld.com)


• Man-In-the-Middle Vulnerability For SSL and TLS (it.slashdot.org)


• Vendors scramble to fix serious bug in Net's security (infoworld.com)


• Discovered SSL flaw (ecombizcenter.blogspot.com)


• HTTPS, SSL attack vector discovered; fix is on the way (arstechnica.com)


• New SSL attack can steal sensitive info from secure Web sites (infoworld.com)

50% of Americans Say Credit Card Interest Rates were Raised in Last Six Months

Fifty percent (50%) of Americans say interest rates on their credit cards have been raised in the past six months, as Congress seeks to limit the ability of banks to raise those rates.



Roughly 51 percent of credit card users say they pay their bill in full each month, avoiding interest payments, according to a Rasmussen Reports national telephone survey.



A majority of Americans, 77 percent, say credit card companies take advantage of consumers with their interest charges.



Among the report’s findings:



• 31 percent say their rates have not been raised and 19 percent were unsure.

• 69 percent say interest rate increases are likely to make them use credit cards less.

• 16 percent of Americans say they are carrying more debt than a year ago; 34 percent say they have less debt and 46 percent have more.



Nearly 50 percent of Americans say credit card companies need more government oversight, the poll found. Since 2001, the Rasmussen Reports have tracked and distributed public opinion polling as an electronic company.



To read the full report, go to www.rasmussenreports.com.



In other Rasmussen/Credit Card News, Eighty-three percent (83%) of adults say credit cards tempt people to buy things they cannot afford, according to a new Rasmussen Reports national telephone survey. Only eight percent (8%) disagree with that assessment. Another nine percent (9%) are not sure.