Feds Insure Open, Closed Left Out of Loop

Fed insures open loop cards but leave closed loop alone

In November 2008, the Federal Deposit Insurance Corp.'s board of directors approved its General Counsel's Opinion No. 8 requiring the funds held in FDIC-insured banks that secure open loop, stored value cards be secured up to $250,000. According to the FDIC ruling, "All funds underlying stored value products will be treated as deposits and subject to assessments."

The opinion was proposed in August 2005. Following a comment period required by regulatory agencies to allow feedback from consumers, merchants and financial institutions, the final ruling was implemented after all comments were considered.

Additionally, the approval comes in the wake of three large retailer bankruptcies during 2008 in which consumers lost over $100 million in nonused and invalidated gift cards.

"It's a very good opinion," said Gail Hillebrand, spokeswoman for Consumers Union, the advocacy group that publishes Consumer Reports magazine. "It makes it very clear there is a way now for banks to set up prepaid cards so consumers can get FDIC insurance."

Closed loop left out

According to Holli Targan, Attorney and Partner with the Jaffe, Raitt, Heuer & Weiss law firm, funds covered under FDIC insurance include network-branded payroll and gift card products only. Private label (merchant-branded) cards issued and funded by retailers are exempt.

"Explicitly excluded are funds backing closed loop cards, such as cards usable at a specific merchant or cluster of merchants," Targan said. "This Opinion says that FDIC insurance doesn't cover merchant branded cards, so if that merchant goes under, the consumer has no way of recouping their money.

"On the other hand, open loop cards – under the FDIC's definition – that are issued by a bank are covered if the bank fails. The cardholder could then make a claim and not lose the money that was on the card," she added. Cardholder funds for stored value cards held by an insured bank – as opposed to the pool of funds held by the card distributor with closed loop cards – are individually insured to FDIC limits.

New standards right on

"If you think about these new standards for open loop cards, it's just like a savings account at a bank," Targan said. "Banks sometimes go under, but when they are FDIC insured, you have confidence that your money is protected. Consequently, I think generally this opinion will make prepaid cards more attractive to consumers, which is a good thing for the ISOs and MLSs out there selling them."

Federal regulators, according to Targan, have normally been "sort of hands off" in relation to stored value products and have attempted to allow the market to develop without imposing too many regulatory burdens. However, the failings of Sharper Image Corp., CompUSA Inc. and Linens 'N' Things Inc., coupled with a petition filed by the Consumers Union with the Federal Trade Commission, got regulators' attention.

Consumers caught in between

In September 2008, the Consumers Union asked the FTC to protect consumers from losing money on gift cards when retailers filed for bankruptcy. "Gift cards shouldn't be the gift that stops giving when retailers go bankrupt," said Michelle Jun, Senior Attorney for Consumers Union.

Bankruptcy courts treat unused gift card funds as a debt and determine whether a bankrupt retailer must pay it. The retailer must then petition the court to allow it to continue to accept its gift cards. Consumers may lose the value of their cards if the retailer does not make such a request or if the court denies it. The only remaining option for consumers is to file a claim as an unsecured creditor to the bankruptcy proceeding.

"Gift cards have exploded in popularity in recent years, but consumer protections haven't kept pace with the record sales," Jun said. "With more retailer bankruptcies on the horizon, the FTC should make sure that consumers with gift cards are protected when companies go bust."

Prepaid center of attention

Targan believes the General Counsel's opinion is an indication the FDIC and other government entities know what is going on in the marketplace and will impose regulations when they think it's important to do so. Additional regulations recently imposed in several states require securitization of stored value card funds as well as more transparency with banking regulatory agencies.

"Since the last time the Counsel issued an opinion on this topic in 1996, the banking industry has developed new types of stored value products, and therefore they thought it was time to readdress it," Targan said. "I think this should be good for [financial services] because it will give some comfort to people holding or distributing open loop cards that now have the benefit of federal insurance."

Related articles by Zemanta

• Shortcuts: The Gift Card Comes Wrapped in Growing Risk
• US puts up record $300bn in Citigroup rescue
• Feds will spend to steady Citigroup
• When Gift Cards Short Circuit - Part Two

LML Files Patent Infringement Against 19

Patent firm files 19 infringement lawsuits 

Vancouver, B.C., Nov. 25, 2008 -- 

LML Patent Corp. (``LML''), a wholly-owned subsidiary of LML Payment Systems Inc. (the ``Corporation'') filed suit in the U.S. District Court for the Eastern District of Texas against all the payment companies who provide equipment, systems and services that convert paper checks into electronic transactions, including:

• JP Morgan Chase
• Wells Fargo Company
• Wachovia Corp  
• Citigroup, Inc.  
• Bank of New York Mellon 
  
• HSBC Holdings plc  
• Capital One Financial Corp.  
• ABN AMRO Holding N.V  
• Northern Trust Corp  
• Regions Financial Corp
  
• National City Corp.  
• Fifth Third Bank  
• Citizens Financial Group, Inc. (subsidiary of Royal Bank of Scotland) 
  
• M&T Bank Corp.  
• UnionBanCal Corp.  
• First National of Nebraska, Inc.,  
• Deutsche Bank Trust Company Americas (subsidiary of Deutsche Bank AG (Germany)  
• and PayPal, Inc. (subsidiary of eBay Inc). 

In the suit, LML alleges that the defendants infringe U.S. Patent No. RE40220. LML is seeking damages, injunctive and other relief for the alleged infringement of these patents.

"The filing of this lawsuit is consistent with our strategic objective to protect our intellectual property,'' said Patrick H. Gaines, chief executive officer and president of LML Patent Corp. and LML Payment Systems Inc. ``We have awarded several licenses to industry participants in the past and what we will not allow is these defendants to use our intellectual property without a proper license.''

LML is represented by the law firms McKool Smith LLP, Gillam & Smith, L.L.P. and Ward & Olivo.

About LML Payment Systems Inc. (http://www.lmlpayment.com )

LML Payment Systems Inc., through its subsidiaries Beanstream Internet Commerce Inc. in Canada and LML Payment Systems Corp. in the U.S., is a leading provider of financial payment processing solutions for e-commerce and traditional businesses. We provide credit card processing, online debit, electronic funds transfer, automated clearinghouse payment processing and authentication services, along with routing of selected transactions to third party processors and banks for authorization and settlement. Our intellectual property estate, owned by subsidiary LML Patent Corp., includes U.S. Patent No. RE40220, No. 6,354,491, No. 6,283,366, No. 6,164,528, and No. 5,484,988 all of which relate to electronic check processing methods and systems.

Source: Company press release.

PayNet Available in Vietnam

Vietnamese customers can now pay online via local PayPal version: PayNet

An online payment portal called PayNet has been made available to customers across Vietnam.

In Vietnam, there are over 60 million mobile subscribers, 15 million bank accounts and more than 20 million people using the internet.

Based on technology provided by electronic payment systems company OpenWay’s Way4, the service allows online shoppers to make transactions without the need for bank accounts or Visa and MasterCard-branded cards.Way4 is a payment processing framework for banks, processors and mobile operators, incorporating WAY4 Switch, WAY4 Card and Merchant Management, WAY4 Smart Card Personalisation, WAY4 Loan Management, WAY4 Behaviour Loyalty services.

Customers who are interested in paying online with PayNet must set up an account with a private code number. The money that shoppers have put into such an account is to be transferred to sellers and then deposited into banks. All the money that buyers put into the account will be deposited into banks after being transferred to sellers. All transactions are to be followed up with an email or SMS mobile phone message.

Related articles by Zemanta

• PayPal Introduces Text Authentication
• UATP to Expand Network to Hotels and Car Rentals?

Text Scams Coming

Text scam tries to fool bank customers

Nov 25, 2008 (Kerrville Daily Times - McClatchy-Tribune Information Services via COMTEX) --

Don't give out personal information to an unknown source. That's the message from Bank of the Hills Regional CEO Harold Wilson after area cell phones owners were inundated with text messages stating that Bank of the Hills debit cards had been deactivated.

According to Wilson, the text messages were sent out beginning Friday to Verizon and Sprint customers, and blanketed the area.

The Kerrville Police Department received two reports of the scam as of Monday afternoon.  The text message reads: "Bank of the Hills alert. Your debit card has been deactivated. Please contact us at (830) 448-0088 to reactivate your card." Callers to the number are offered two options -- to activate the card or to change the PIN number. After choosing an option, callers are prompted to give personal information, such as their debit card and personal identification numbers.

KPD spokesman Paul Gonzales said one of the victims' bank accounts was cleared out the day after responding to the text.

"After providing both the debit card and PIN number and further research, it was discovered that the text was a fraud, also known as a phishing scam," Gonzales said. "One victim's account was changed immediately resulting in no loss, while the second victim's account was depleted of approximately $1,500."

Bank of the Hills posted a warning on its Web site Friday about the scam, and Wilson said steps are being taken to identify from where the texts originated. "Scammers usually do this kind of activity on a Friday so they can have all weekend to use the information," Wilson said.  This is the second phishing scam this year to use Bank of the Hills' name. In May, bank customers were targeted by both e-mails and phone calls asking for account information.  Wilson said Bank of the Hills or any other bank would never try to solicit account information over the phone or by e-mail, especially PIN numbers.

"The advice is simple. No bank would ever ask anybody to reveal their PIN number," he said. "We don't know it, and we don't want to know it.

"Anytime someone is asking for a PIN number, it's a scam," Wilson added.  Gonzales advised that text messages, e-mails, telephone calls or letters requesting bank account or other personal ynformation should be ignored and turned over to the police.

Related articles by Zemanta

• Market for stolen goods valued at £184m
• RCMP release photos of suspected debit card skimmers
• Bank account details sold online for as little as £5
• Gas Station Skimming Becoming More Popular

SafePass from Bank of America

Bank of America Introduces SafePass

Yesterday, in a Finextra article, it was announced that PayPal has introduced it's 6 digit SMS program.  Now Bank of America has announced the release of the SafePass(R) Card - a "new wallet-sized card essentially builds on SafePass, a one-time-use, six-digit code sent as a text message to consumers' mobile devices to authorize and help safeguard sensitive transactions."

"The introduction of the SafePass Card extends this additional layer of security to customers who prefer to receive it through a card instead of their mobile phone," said Lance Drummond, e-Commerce and ATM executive for Bank of America. "Now, customers have an additional way to access security products that help them to manage their finances safely on-the-go."

The SafePass Card is available for a one-time fee of $19.99, while the mobile-phone-based SafePass is still a free service to all customers.

For more information on SafePass and the SafePass Card, visit http://www.bankofamerica.com/privacy/index.cfm?template=learn_about_safepass

Retail E-Commerce Growth Dropping

Retail E-Commerce Growth Drops Sharply - eMarketer

Retail E-Commerce Growth Drops Sharply
NOVEMBER 24, 2008

Online sales are still growing, but far more slowly.

2008 had already been shaping up to be the weakest holiday season yet for retail e-commerce. Based on just-released Q3 e-commerce data from the US Department of Commerce (DOC), eMarketer is predicting even more anemic growth—both for the holiday and the year.

The DOC estimated that e-commerce sales grew only 4.6% in Q3 2008, compared with Q3 2007.

In May 2008, eMarketer projected that retail e-commerce sales growth would drop to 14.3% this year compared with 2007. Benchmarked against the new DOC data, eMarketer predicts 2008 will now be the first year of single-digit growth of the decade.

Online sales (excluding travel) will total nearly $137 billion in 2008, up 7.2% year-over-year, compared with last year’s 19.8% growth rate.

eMarketer expects that consumers will spend only $30.3 billion online in November and December this year. Its May number was a mere 10.1% growth over last year’s holiday spending. But the new estimate is for just 4% growth.

The weak economy is placing downward pressure on e-commerce sales this season. Online shopping growth had already been slowing naturally as part of the channel’s maturation; the economy is slowing growth even more.

“Hopefully, we’re nearing the bottom of this,” says Jeffrey Grau, eMarketer’s e-commerce analyst. “People are going to be more frugal this holiday season."

Related articles by Zemanta

• Online Sales Grow 5.7% Reports Commerce Department
• Online Shopping Growth Stunted
• Sour E-conomy Doesn't E-qual Sour Grapes for E-Commerce
• Econopocalypse worse for economy than 9/11
• Big Retailers Feeling Pain on the Web and Off It
• Paradigm Shift: Retails 70%-22% Lead over Web Changes to 44%-49%

Bank of Terrorism

Terrorists are increasingly turning to credit cards, according to an expert on terrorist financing...

Credit cards serve two key terrorist functions, providing both operational funding and as a means of distributing money to group members. “Credit card exploitation and fraud has become a growth industry for terrorists,” writes IPSA International’s Dennis Lormel in a white paper entitled, “Terrorism and Credit Card Information Theft - Connecting the Dots

Lormel is a managing director with investigative consulting services provider IPSA. According to Lormel: “Credit card information theft and fraud represents a lucrative funding stream for terrorists and consequently poses a serious threat to our national security.”

While Lormel writes that there is no exact data on the amount of credit card use by terrorists, there are “ample” reports showing that terrorists do rely on credit card information in helping to reach their goals.

Terrorist reliance on credit cards appears to be on the rise. “I think it’s taken an upward path over the last few years,” Lormel says via phone, meaning “a limited number of people can do an incredible amount of damage.”

Continue reading at………….. http://www.creditcards.com/credit-card-news/terrorist-credit-cards-theft-1282.php

Terrorism and Credit Card Information Theft - Connecting the Dots
Summary of Key Points, Issues, Conclusions:

Although no empirical statistical data establishes a connection between credit card exploitation and terrorism, there are ample anecdotal case studies demonstrating terrorist reliance on credit card information to further heinous acts. Within this white paper, two cases are presented. Terrorist groups require financial support in order to
achieve goals and credit card information theft and fraud represents a lucrative funding stream for terrorists and consequently poses a serious threat to our National Security. Lormel suggests that terrorist financing training should focus on factors to
include:

• Types of terrorist groups
• Funding capacities
• Mechanisms for fundraising and operations
• Individuals and cells

At least twelve areas of systemic weaknesses allow for terrorist exploitation to raise and move funds. Of those, at least five of those areas involve credit card information and fraud: identity theft and fraud, credit cards, criminal activity, internet, and cyberfraud.

Lormel recommends best practices for detection and prevention of credit card information theft and fraud by terrorists:

• Identifying risk
• Understanding terrorists adaptability
• Vigilance
• Training

Name of Researcher: Natalie Prendergast

Institution: Integrated Center for Homeland Security, Texas A&M University

Date Posted: November 12, 2008

Related articles by Zemanta

• Identity Theft Plagues Canadians as Online Shopping Grows

PayPal Introduces Text Authentication

Finextra: PayPal introduces SMS-based authentication

PayPal introduces SMS-based authentication

Person-to-person online payments outfit PayPal has introduced an optional SMS text message-based two factor authentication system for customers logging into their accounts.

The PayPal SMS Security Key sends a six-digit code to users' mobile phones before they log in to their accounts. The customer then uses the code, along with their username and password, to sign in.

The system uses the same infrastructure as PayPal's Security Key offering. Developed by VeriSign and rolled out in the US last year, this provides customers with a small authentication token which displays a new one-time six-digit password every 30 seconds.  (Editor's Note:  I believe these are classified as "short-codes...here's some more info on "short codes")

Public Knowledge  are "confusing text messaging and provision of common short codes," Verizon said in its filing. Short codes are not a transmission-based service, and are not subject to the Communications Act, Verizon said. Short codes are six-digit numbers used for text messaging. Ever voted for American Idol on your cell phone, texted Google for directory assistance, or signed up for one of those monthly horoscope, ringtone or joke services advertised on TV?  Chances are you typed in a short code instead of a full-length phonen.  There are two different types of short codes – standard and premium rates.

Michael Barrett, chief information security officer, PayPal, says: "PayPal was built from the ground up with security in mind, and we've always been committed to using cutting-edge technology to protect our customers' accounts. Now, we're taking the additional protection provided by two-factor authentication and delivering it to something most people don't leave home without - their mobile phones."

Both the SMS code and security token systems are available to PayPal customers in the US, Australia, Austria, Canada and Germany.

PayPal says it does not charge for delivery of security codes to handsets but the mobile provider's standard text messaging charges will apply. Editor's Note:  Technically, PayPal can say they're not charging for delivery, but there's a revenue sharing plan I'm sure they are set up for, so don't believe that they aren't making anything. AT&T's standard rate is .20 cents per message, so if you buy something for $10.00 on PayPal, you're paying a 2% fee.  I'd like to learn more to see if they charge premium short code rates.  Anyway...the Finextra article continues:

The firm has been a popular target for cybercriminals. Back in 2006 IT security firm Sophos reported that over 75% of all phishing e-mails were aimed at users of PayPal or its parent company eBay.

Related articles by Zemanta

• VeriSign expands its two-factor token network
• Mobile Messaging Reaches Record-Breaking Numbers
• PIN patterns go mobile
• Are open phones more vulnerable?

Debit Card Use Rises 547% in South Africa

Credit card fraud cost South Africa R420-million in the past year and has increased by 146 percent, the South African Banking Risk Information Centre (Sabric) said on Monday.

"It is a frightening picture, it really is," said Sabric chief executive Kalyani Pillay.

"Fraud on RSA issued credit cards has increased by 146 percent between 2005/2006 and 2007/2008. This increase should be understood in the context of a huge rollout of cards by South African banks into the market."

It was estimated in 2006 that there were more than 25,5 million debit cards and 7,2 million credit cards in circulation in South Africa.  The amount of money spent using credit cards at point of sale devices increased by 101 percent between 2004 and 2007. The amount of money spent using debit cards soared by 547 percent in the same period.

Most fraud occurred with criminals using lost and stolen cards.  However, fraud with counterfeit cards caused the most losses in money terms.

"This card fraud type is the single biggest contributor to overall card fraud losses in 2007/2008," said Pillay, adding that it amounted to R118,3-million in the past year, up from R57,2-million in 2006/2007. Vigorous prevention programmes from banks saw a 67 percent drop in the number of false credit card applications. Fraud valued at R420-million was committed on South African issued credit cards, mainly in South Africa, between 2006/2007 and 2007/2008, said Pillay.

"South Africa mirrors the credit card fraud trends in the UK... Counterfeit card fraud remains the biggest driver of total card fraud losses both in the [United Kingdom] and RSA...

"The total card fraud losses in the UK in 2007 stood at 535,2 million pounds and in RSA it was R420-million between 2006/2007 and 2007/2008."

However, the banking industry prevented fraud valued at R573-million in 2007/2008.

Also, the retrieval of hand-held skimming devices, electronic devises used to steal card data from magnetic strips, increased by an average of 45 percent year-on-year since 2005. "A total of 254 hand-held skimming devices have been retrieved since 2005."

Pillay said these devices were small and easy for criminals to hide. Consumers must never lose sight of their credit cards, she emphasised. (continue reading in a new window)

Related articles by Zemanta

• Sexiest or Best Looking..What's More Attractive?
• Online fraudsters 'steal £3.3bn'
• Online Credit And Debt Card Fraud
• BBC: So How Secure Is Our Card Info?
• How to Access International ATMs

Wireless Identity Theft - More on Hackers 11

In an article published on IBLS (Internet Business Law Services)  the author talks about wireless hacking (See WarDriving 101), Hackers 11 and possible changes in laws relating to cybercriminal behavior...

Identity Theft from Wireless Networks : Internet Business Law

IBLS Editorial Department Staff Attorney
Monday, November 24, 2008

Identity theft is the unauthorized use of an individual's personal information, such as a social security number or bank accounts, for fraudulent purposes or to commit a crime. While the usual form of identity theft refers to the unauthorized use of personal information obtained from databases, another form has evolved; this form uses sophisticated hacking techniques over wireless networks to acquire the necessary private information. In this form of identity theft, hackers typically breach security systems and install programs to obtain personal and financial data that is then either sold to a third party, or used by the hackers for personal gain.

In August 2008, the U.S. Department of Justice filed charges against 11 individuals who allegedly obtained identity information over wireless networks from nine major U.S. retailers, resulting in the theft and sale of more than 40 million credit and debit card numbers. The hackers apparently garnered tens of millions of dollars from a broad-based scheme that involved citizens of the United States, Estonia, Ukraine, China and Belarus. Attorney General Michael Mukasey said, "so far as we know, this is the single largest and most complex identity theft case ever charged in this country, which they then allegedly sold to others or used themselves. And in total, they caused widespread losses by banks, retailers, and consumers."

The hackers used a tactic known as "wardriving" that involves driving around with a laptop computer and trying to access wireless networks in the range of the car. After hacking into the networks, the hackers use programs to locate card numbers and PIN passwords that are then sent to servers in the U.S. and Eastern Europe for online sale. The stolen numbers are "cashed-out" by encoding them on magnetic strips of blank cards to steal money from ATMs.

The Identity Theft and Assumption Deterrence Act of 1998 (18 U.S.C.S. § 1028) makes identity theft a federal crime, carrying penalties of up to 15 years imprisonment and a maximum fine of $250,000. The December 2007 amendments to the above Act provide that a person whose identity was stolen is a "true" victim; previously, only the credit grantors who suffered monetary losses were considered victims. This recent revision of the legislation also allows an identity theft victim to seek restitution if there is a conviction, and it establishes the Federal Trade Commission as a central agency to act as a clearinghouse for complaints and to assist victims of identity theft.

On a State level, in recent years, nearly 40 States have criminalized identity theft, with most making it a felony.

Some experts claim that the noticeable drop in identity theft cases in recent years makes additional state laws unnecessary. Others, however, claim that the current requirement that information must be stolen by means of interstate or foreign communications in order to be prosecutable under federal law, may provide a window of escape to many identity thieves. This is particularly significant because experts say that in the majority of identity theft cases, the victim knows the perpetrator personally. Experts have further warned that cyber-criminals will continue to find unique ways to steal personal information, and that the current laws do not carry particularly significant penalties to promote adequate deterrence.

Legal commentators have suggested that additional laws could make it a felony to damage ten or more computers through the use of spyware or keyloggers. Spyware -software that secretly gathers personal information about an online user while navigating the Internet- and keyloggers -a hardware device that can monitor a user's individual computer keystrokes- are among cyber-thieves' most effective identity theft tools. Another improvement could be to include cyber-extortion cases, where the criminal removes malicious software from a user's computer in exchange for payment, within the definition of identity theft crimes.

Related articles

• WarDriving 101
  
• 11 Charged in Theft of 40 Million Card Numbers
• 11 charged over customer-data theft

Look at Prepaid Processors - Javelin Strategy & Research

Javelin Strategy & Research has announced results from a study of how a prepaid card issuer should assess and choose a processing partner in order to obtain the greatest success from prepaid card programs. According to Javelin, the processor choice is often overlooked and undervalued by prepaid program managers - but growth in the complexity of prepaid products underscores the importance of selecting the right processor.

Results have been published in a white paper titled: Choosing a Prepaid Processor in an Evolving Market: A Study on Issuer and Program Manager Needs and will be presented during a complimentary webinar session on Wednesday, December 3rd, 2008 at 11:00am Pacific Standard Time.

Registration for the webinar can be accessed at https://visa.webex.com/visa/onstage/g.php?t=a&d=662825557. Attendees will be provided a link to access the materials, including the paper.

“Companies that want to enter or expand their prepaid card presence face important business decisions,” said Bruce Cundiff, (pictured at right) Director of Payments Research and Consulting at Javelin. “Using a thorough methodology to choose the right processor is integral to achieving success and a reliable return on any prepaid card program.”

There are, according to Javelin, 4 key components to an effective prepaid processing program.  These include:

• Managing the card
• Serving the cardholder
• Executing the transaction
• Getting the most from the platform.

A detailed discussion of each component provides decision-making guidance to prepaid issuers chartered with managing a program. The study also takes on several of the common misconceptions about the processor selection criteria, dispelling myths and setting the record straight based on perspectives from practitioners and current market trends

How to Start

Don’t start with the solution, start with the business objective. Find an experienced and consultative processor who can help crystallize your short-term and long-term needs and configure a tailored solution.

• Look for holistic processing. Companies entering the prepaid arena need to look at the full range of capabilities a processor offers and clearly understand how each component, from the platform to cardholder support, satisfies your operating requirements for the most effective program.
• Let customer preferences drive product innovation. As issuers develop new, niche products, find a processor with the flexibility and options to help satisfy customer needs expediently and reliably.
• Security and risk management are paramount. In prepaid card issuance, both with respect to fraud mitigation and also in terms of the scrutiny that issuers face to comply with money-laundering and homeland security standards, risk and compliance management can’t be overlooked.
• Plan for growth, anticipate evolution. As the market continues to mature, growth and change will follow. Prepaid issuers must look for a processor who has the foresight, scale and track record to help minimize growing pains.

Cundiff continues, “The evolution of the prepaid card segment will be driven by consumer needs and technology innovation that enhances functionality and security. Processors that continuously expand their offerings and essentially provide flexible solutions, will enable prepaid card issuers to strengthen and deepen their relationships with cardholders.”

Related articles by Zemanta

• Renovate your risk management process to improve your innovation capacity
• Paul Barsch: Can Mathematical Modeling Be Trusted?
• Fed's Kroszner Says Risk Needs to Be Central to Business Strategy

Symantec Report on Internet Underground Economy

Did you know that you can buy a keystroke logger for $23 or pay $10 to have someone host your phishing scam? Having a botnet at your fingertips will cost you $225, and a tool that exploits a vulnerability on a banking site averages $740 and runs as high as $3,000.

That's according to the Symantec Report on the Internet Underground Economy due to be released Monday.


Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.

Credit card numbers were the most popular item on sale and made up 31% of all the goods on offer. Coming in second were bank details which made up 20% of the items being offered on criminal chat channels.

The $5.3 billion figure was reached by multiplying the average amount of fraud perpetrated on a stolen card, $350, by the many millions Symantec observed being offered for sale. Similarly, the report said, if hi-tech thieves plundered all the bank accounts offered for sale they could net up to $1.7bn.

MOST POPULAR ITEMS
1)  Credit card information - 31%
2)  Financial accounts - 20%
3)  Spam and phishing information - 19%
4)  Withdrawal service - 7%
5)  Identity theft information - 7%
6)  Server accounts - 5%
7)  Compromised computers - 4%
8)  Website accounts - 3%
9)  Malicious applications - 2%
10) Retail accounts - 1%

Credit card numbers have proved so popular among hi-tech thieves because they are easy to obtain and use for fraudulent purposes.  Many of the methods favored by cyber criminals, such as phishing schemes, database attacks and magnetic strip skimmers, are designed to steal credit card information, it said.

The existence of a ready market for any stolen data and the growing use of credit cards also helped maintain their popularity, it said.  "High frequency use and the range of available methods for capturing credit card data would generate more opportunities for theft and compromise and, thus, lead to an increased supply on underground economy servers," said the report.

The price card thieves can expect for the numbers they offer for sale also varied by the country of origin. US card numbers were the cheapest because they were so ubiquitous - 74% of all cards offered for sale were from the US.

By contrast numbers from cards issued in Europe and the Middle East commanded a premium because they were relatively rare. 

Related articles by Zemanta

• Online fraudsters 'steal £3.3bn'
• Symantec says Internet underground economy is organized and rich
• Bank account details sold online for as little as £5
• Compromised legit sites power hack attacks
• How much is my credit card number worth on the black market?

UATP to Expand Network to Hotels and Car Rentals?

According to Commercial Payments International,  "This week, the payment network Universal Air Travel Plan indicated that it is considering expanding its existing merchant network in 2009 to both hotels and car rental vendors. (At present, over 240 airlines and travel agencies accept UATP for air travel, service fees, management fees and net fares payment.)

It believes the time may be right to make such a move as so many companies are looking for ways to cut costs. Merchants are usually charged lower service fees by UATP than by other corporate card networks.

If UATP proceeds with this strategy, it would represent more competition for the existing dominant payment networks such as MasterCard and Visa. UATP is already a significant payment network as far as airline payments go – the organization is expecting its charge volume to reach $12 billion in 2008, with further growth predicted for next year."

In related news, UATP announced yet another partnership...this time with Atlanta based Moneta.  Here's the press release:

UATP and Moneta Partnership Broadens Airline Payment Options - MarketWatch

Universal Air Travel Program (UATP), the low cost payment network privately owned by the world's airlines, announced it has partnered with Moneta to support Moneta's online payment wallet for the 250 airlines utilizing UATP payment gateway services. Moneta offers consumers, airline and merchants a convenient, safe and affordable payment method which is distributed and marketed through the consumer's bank. Airlines using the UATP payment gateway connection can activate Moneta on their retail checkout site with no infrastructure investment and minimal configuration.

"The Moneta-UATP partnership provides a low-cost payment option for airlines while enhancing consumer confidence and loyalty for both airlines and banks," said Ralph Kaiser, president and chief executive officer, UATP. "As our network of airlines continues to grow, we look forward to assisting Moneta in expanding their airline distribution."

Initially, Moneta transactions will use the U.S. ACH debit network, enabling consumers to pay directly from their checking or money market accounts. In 2009, Moneta plans to offer additional payment options including international debit payments, credit cards, pay later and pay early functionality. The Moneta service is free to consumers and is available to customers in the United States, Puerto Rico and U.S. Virgin Islands.

"Partnering with UATP underscores the ease of implementing Moneta's online wallet for airlines," said Guido Sacchi, CEO of Moneta. "By integrating into the UATP gateway service, airlines can take immediate advantage of lower online transaction costs. Additionally, airlines offering Moneta will enjoy the ability to reach new customers through our bank partner network. Airlines selecting the UATP-Moneta solution will realize not only cost savings, but the ability to market their airlines through online banking customers either on a per-market basis or around the country."

About Moneta Corporation

Moneta Corporation is a leading payments company offering secure, convenient methods for consumers to pay online merchants directly from their checking or money market accounts. Moneta partners with online merchants to accept and process payments, while providing financial institutions branding opportunities during the transaction process. Moneta's rapidly growing partner network enables online retailers and travel providers to attract valuable customers with a preference for paying directly from their well-established bank accounts. Moneta is a privately-held company headquartered in Atlanta, Ga. For more information visit www.monetacorp.com

Related articles by Zemanta

• Innovative Payment Methods for Network Marketers
• Online Money Transfer Service iKobo Calls It Quits
• Online fraudsters 'steal £3.3bn'
• Interchangeable - Antitrust and Visa

US Bails Out Citi

Government plans massive Citigroup rescue effort

Rushing to rescue Citigroup, the government agreed to shoulder hundreds of billions of dollars in possible losses at the stricken bank and to plow a fresh $20 billion into the company.

Regulators hope the dramatic action will bolster badly shaken confidence in the once-mighty banking giant as well as the nation's financial system, a goal that so far has been elusive despite a flurry of government interventions to battle the worst global crisis since the 1930s.

Wall Street appeared encouraged as stock futures moved higher ahead of the market opening in New York. Dow Jones industrial average futures rose almost 2 percent. Stock markets in Britain and Germany gained more than 4 percent in afternoon trading. Citigroup shares themselves climbed 44 percent to $5.64 in premarket trading.

"If they didn't help, the damage would be beyond imagination," said Teck-Kin Suan, economist at United Overseas Bank in Singapore.

The action, announced late Sunday by the Treasury Department, the Federal Reserve and the Federal Deposit Insurance Corp., is aimed at shoring up a huge financial institution whose collapse would wreak havoc on the already fragile financial system and the U.S. economy.   - continue reading

Related articles by Zemanta

• Citigroup, Under Siege, Holds Talks With U.S.
• Citi rescue plan in the works
• Sources: Government Working Citigroup Rescue Plan
• $20 Billion Rescue For Citigroup
• Plan to Rescue Citigroup Begins to Emerge

IBM - Holiday Blizzard of New Attacks

IBM Warning: Holidays To Bring Blizzard Of New Attacks on Consumers - DarkReading

ATLANTA - Based on both current and historical security trends, IBM Internet Security Systems (ISS) today announced five major areas of holiday security risk for consumers and businesses, along with four suggestions for avoiding these risks during the holiday season.



These risks include but are not limited to:



* A new wave of malcode-carrying spam - Throughout the year, the IBM ISS X-Force security research team has observed a growing wave of "parasitic" malcode. These are malicious email payloads that bypass end-user security software (anti-virus, personal firewalls, etc.) and compromise the target computer. Once compromised, the computer comes under the remote control of criminals. This holiday shopping season, the X-Force team expects a wave of socially engineered "holiday cheer" emails that pack a malicious punch.  (Editor's Note:  Bypass end user security...Computer under Remote Control?  Hmmmm....) 



* New phishing theme: Bank merger mania - As banks continue to struggle and merge, the X-Force believes criminals will exploit shaky consumer confidence in the banking industry with a wave of phishing attacks designed to fool banking customers into revealing personal information such as account numbers and passwords.



* Spoofed online portals - As Black Friday approaches, IBM ISS expects to see phishing gangs launch a new generation of fake online shopping portals that spoof well-known brands, in an effort to steal credit card information. They also will likely promote these counterfeit sites with emails, offering steep discounts or "special sales."  (Editor's Note:  Steal credit card information?  Can they do that?)



* Tainted toys and gadgets - Every Christmas brings an abundance of electronic gadgets, smart-phones and auto-play DVDs. Past X-Force research has shown that some of these toys are loaded with malware and can be used by cybercriminals as a backdoor for entry into corporate networks.

• Web Browsers- Browsing is risky business.  In the past year, cybercriminals have increased their efforts to deface public Web sites by hiding malicious links on legitimate Web sites. When people visit these tainted sites, the hidden links automatically exploit vulnerabilities within their Web browsers and install malware that siphons off confidential end user information.

Editor's Note:  Wait a minute here...you mean to tell me that there's vulnerabilities within Web browsers that can allow our "confidential" end user info  such as credit/debit card information... to be siphoned off?  And now it's possible to "hide" a malicious link on a "legitimate" site?  You've got to be kidding right? 



This certainly couldn't be true could it? ...otherwise we'd have to equip online shoppers with their own personal card swiping device to ensure their card information remains secure! 



Continue Reading the Story at Dark Reading Here:  (will open in a new window)

Enjoy your weekend!

Related articles by Zemanta

• Consumers Safer When Left To Their Own Devices


• [Sponsored] How vulnerable are software applications?


• Study: Online threats emerging faster


• New tool creates fake YouTube pages for spreading malware


• Security industry falling behind hacking technology


• Apple, Microsoft, and PHP headline IBM's list of most vulnerable software

Interchangeable...Antitrust and Visa

Visa Says U.S. Antitrust Agency Starts "Fourth Probe"

I trust that this won't be the last time either! Visa made their bed and now they've got to sleep in it. You reap what you sow...and now it seems that the words Visa and Antitrust go hand in hand...

Visa Inc., the world's largest credit-card company, said the U.S. Justice Department has opened its fourth investigation into a credit-card fee paid by retailers.

The Justice Department's document requests ``focus on certain Visa U.S.A. policies relating to merchant acceptance practices, including Visa U.S.A.'s policies regarding merchant surcharging and merchants' ability to steer customers to other forms of payment,'' Visa said in a filing today with the Securities and Exchange Commission. Visa said it's cooperating with the investigation.

Just last month, I posted that Visa and rival MasterCard Inc. settled with Discover Financial Services over a lawsuit accusing them of blocking banks from issuing their cards. A U.S. district judge ordered Visa and MasterCard in 2001 to stop forcing banks to choose between their cards and ones from Discover and American Express Co. Her order followed a Justice Department suit against the credit-card groups for antitrust violations. Visa sued in 2004, after the U.S. Supreme Court refused to hear the case.

Related articles by Zemanta

• Visa and MasterCard under DOJ Investigation
• Discover To Make a Killing and I'm Lovin' It!
• Discover Gets $2.75 Billion Antitrust Settlement from V/MC
• Discover Seeks $6 Billion in Damages from V/MC
• Interchangeable...Antitrust and Visa

Citi Going Down Too?

Wow...what a year.  Not to put PBT into the same category, but when they went down I was shocked, based on the amount of money they had raised.  Then Lehmann, Bear Stearns, etc.  Now it looks like Citi, with whom Pay By Touch partnered with in Singapore isn't going to make it.  They pre-date Lehmann, which came about during the Civil War era.  Unbelievable.  This from today's Wall Street Journal...

With roots stretching back to 1812 and more than 200 million customer accounts in 106 countries, Citigroup is an icon of global capitalism.

It is getting battered by the same financial storm that has already remade the face of Wall Street, forcing the sale of Bear Stearns Cos. and Merrill Lynch & Co. earlier this year, and triggering the bankruptcy filing of Lehman Brothers Holdings Inc.

Mr. Pandit and other Citigroup executives have told colleagues they are frustrated and befuddled by this week's 50% stock decline. Investors have dumped bank stocks en masse on fears that economic woes will batter financial companies worse than previously expected.

Weighing down the shares has been the Treasury Department's decision last week not to buy troubled assets from banks. Citigroup's balance sheet includes battered securities and loans that many investors hoped could be offloaded to the government.  Click to read the full report at The Wall Street Journal

Here's more on the story from various news wires:

Executives at Citigroup Inc., faced with a plunging stock price, began weighing the possibility of auctioning off pieces of the financial giant or even selling the company outright, according to people familiar with the matter.

The internal discussions are at a preliminary stage and don't signal that Citigroup's board and management are backing down from their insistence that the New York company has ample capital, funding and strategic direction, these people said. But with the stock down another 26% Thursday, its worst one-day percentage decline ever, Citigroup officials have decided they need to reckon with a range of scenarios
that were unthinkable only weeks ago.

Citigroup's board of directors is scheduled to have a formal meeting Friday to discuss the options, according to people familiar with the situation. Directors also have been talking by phone about what could be done to reverse the stock's slide.

Top executives were locked in meetings Thursday to hash out a stabilization strategy. Chief Executive Vikram Pandit scheduled a conference call for 8 a.m. Friday to discuss the situation with senior managers.

A Citigroup spokeswoman said in a statement Thursday evening: "Citi has a very strong capital and liquidity position" and is "focused on executing our strategy," which includes cutting expenses and selling assets. "We believe the benefits will be seen over time."

Free Shipping Motivates Online Shoppers Most

While half of U.S. online consumers say they shop online to find the best value during the holiday shopping season, more than three-quarters of online consumers say free shipping makes them more likely to buy from any particular online merchant, Forrester Research Inc. says in the report “Outlook for U.S. Online Holiday Sales, 2008.”

The report, authored by Forrester Research principal retail analyst Sucharita Mulpuru with analysts Carrie Johnson and Peter Hult, also notes that shipping can be a detriment to online shopping. 58% of consumers say shipping prices often deter them from buying online, and 55% complain it’s a hassle to return items ordered online.

The study also provides a look into consumers’ expectations of shipping policies, and how well online retailers delivered during the holiday shopping season last year. It notes that 24% of survey respondents said they experienced late holiday deliveries last year, and that the largest group of respondents, or 67%, expect standard shipping to deliver within 3-5 days. 27% expect standard shipping to deliver within 6-7 days; 3% within two days. 1% of consumers expect standard shipping to deliver the day after placing an order, but another 1% expect delivery within 10 days.

So, with that said, it's not surprise that...

More top 100 online retailers offer free shipping

Free shipping offers were more common this week than last week among the top 100 online retailers, as nine more introduced the offers while four discontinued them, a survey by Internet Retailer finds. In all, 67 offered free shipping on the web sites this week, up from 62 last week.

The survey compiled the number of free shipping offers presented on the web sites of the top 100 online retailers as listed in the Internet Retailer Top 500 Guide, 2008 Edition. It did not include any free-shipping offers that may have appeared only outside of the web sites, such as in e-mail marketing campaigns.

Retailers joining the free-shipping bandwagon this week include J.C. Penney, Overstock.com, Buy.com, PC Connection, Cabela’s, Foot Locker, J.Crew and American Girl.

Those no longer showing free-shipping offers that appeared on their sites last week were Spiegel Brands, American Eagle Outfitters and TogShop.com and Orchard Brands Corp.’s Blair.com.

Some free-shipping promotions this week were noticeably more elaborate than the crop offered last week. Newegg.com, for instance, noted that it was offering free-shipping on a more extensive range of products. Best Buy extended its free-shipping offer to cover orders of $75 and more for electronic games and accessories, then also offered free shipping on all orders of $99 or more Nov. 20-22. OfficeMax noted this week that it was offering free shipping on orders of $50 or more to addresses within 20 miles of an OfficeMax store.

Buy.com went from offering no free shipping last week to offering it on orders of $75 or more for sports and games products and on orders of $25 or more on books, music and video products.

Many retailers clarified that their free-shipping offers were only good for orders shipped to addresses within the 48 contiguous states, and several retailers put a time limit on their offers. J.C. Penney launched a free-shipping offer this week on all orders of $49 or more through Nov. 25. Saks Fifth Avenue extended its free-shipping offer on orders of $200 more through Nov. 23. Disney extended its offer on orders of $89 or more through Nov. 21. J. Crew introduced a free-shipping offer this week on orders of $150 or more through Nov. 20.

Related articles by Zemanta

• To Save Gas, Shoppers Stay Home and Click
• Retailers slash prices, but at what cost?

PIN-Flight Payments Processed by Handheld

Windows handheld collects in-flight payments

GuestLogix announced a Windows CE handheld computer that lets airline flight attendants accept payments via credit or debit cards. The "OnBoard PowerSeller 2" includes a PIN entry keypad, an MSR (magnetic strip reader), a Smart Card reader, an imager/barcode scanner, and a thermal printer, says GuestLogix.

No mention was given as to whether it is PCI certified.

GuestLogix calls the new PowerSeller 2 its "next generation" mobile payment handheld, apparently because the company's previous such product did not have a keypad allowing customers to enter their own PINs. The PED (pin entry device) subsystem is said to comply with ECBS (European Committee for Banking Standards) and a variety of other certifications. For high security, the PED hardware does its work independently, supplying output to applications running on the device but not requiring any assistance from them, the company says.

Thanks to the new PED, airline customers can now use both debit cards and credit cards to pay for duty-free goods, in-flight entertainment, and other items. The PowerSeller 2 reads cards via an onboard Smart Card reader or MSR, and can print receipts via its integral 2.3-inch thermal printer, GuestLogix says.

GuestLogix did not release pricing or availability information for the PowerSeller 2. More information may be available from the company's website, here.

Related articles by Zemanta

• It's PIN...It's Smart...It's Embedded into the Future of Payments
• Convenience and Security Boost Payment Card Industry
• U.K. Blames Abroad for Increased Fraud in Broad Campaign

Skimming Devices Thwarted by Using PIN Debit

I've posted quite a few times on gas station skimming.  (See related articles at the end of this post)

In fact, just yesterday, (previous post) I posted about an Illinois Credit Union that revoked "pay at the pump" privileges for it's card holders entirely. 

They even took the exorbitantly tell-tale steps of temporarily "barring" signature debit, use entirely...requiring their card holders to exclusively use PIN debit.  (for what I mean about "tell-tale" see: Bank Temporarily Bans Signature Debit, Mandates PIN to Reduce Threat!)

For those unfamiliar with the gas pump skimming technique, here's an overview:  A criminal can break into the gas pump, attach a tiny device to the computer that reads credit card information, fix the pump and walk away without any visible sign of the skimmer in inside

 “There’s an electronic skimming device inside the computer part (of the pump) and it passively collects data.”

The thief would then return to the pump at a later date, break back into it, remove the device, and then usually sell all the personal information to a third party, he added. Criminals will use the information online or to make counterfeit credit cards.

Trailing the stolen information is difficult, especially since victims usually don’t immediately realize their information has been stolen.

“If they go and use the card in elsewhere, say NY, Chicago, L.A. or somewhere or outside the county, it's almost impossible to catch them.  It is also nearly impossible for local agencies to track all the information.

The best way to protect against gas station skimmers, is by paying with cash, or go inside the gas station to use your card and use a debit card with a PIN number.

Related articles

• Sexiest or Best Looking..What's More Attractive?
• Bank Temporarily Bans Signature Debit, Mandates PIN to Reduce Threat!
• Use PIN Debit to Buy Gas and Save Big!!!
• What you risk by using debit card at the pump
• Pumping Gas Just Got Much Riskier - MSNBC
• ConsumerMan: Beware of debit card skimmers
• Credit, Debit Card Fraud and Skimming Cases Rise