Sunday, July 19, 2009

Online Banking Data Being Fed to the Phishes



BANKS and bank customers face an array of threats to their security as international criminal groups roll out a new generation of viruses, malware, fake websites and sophisticated phishing emails.

Internet banking experts say without co-ordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters.
Editor's Note:  That's what I've been saying for the last 15 months on this blog.  It was (not safe) safer to type your card numbers into a box at a merchant checkout center a year ago than it is today and it's (not safe) safer to do it today than it will be tomorrow. 

It's satisfying to see "Internet Banking Experts" start to to publicly admit there is an inherent weakness in the system. 

HomeATM's device (pictured above) is a secure solution to the phishing, DNS attack and cloned web site threats which permeate the online banking world.  Our solution exactly replicates how one would access their cash at an ATM.   1. You swipe your card, and 2. You Enter your PIN.  It's called 2FA (two-factor-authentication) and it would virtually eliminate phishing overnight.  The Track 2 data is "instantaneously" encrypted upon the swipe of the card and the PIN is also 3DES Encrypted and protected by DUKPT (Derived Unique Key Per Transaction).  Our unique end-to-end encryption methodology provides the most secure authentication and payment application available today. Period. 

Early next week, HomeATM expects to become the only eCommerce Payment company in either hemisphere to be both PCI 2.x Certified and TG-3 certified.  Swipe don't Type.  It's how retailers and consumers have been doing it at brick and mortar locations since the early 80's and it's how it should be done online.  Until now, there wasn't an affordable way to get consumers there very own SwipePIN device.  But HomeATM has gotten the price down to the point that banks could literally give them away...thus empowering their online banking customers to not only log-in securely but pay bills in real-time, send or receive money in real-time and conduct safe, secure online transactions.  I've stated that it is as simple as 1-2-3.  Two are already done.  The bank issues the card, the bank issue the PIN...now the bank can issue the HomeATM Internet POS terminal.   The story continues... 

Almost one-quarter of the entire Australian population has been affected by identity theft crimes, according to a recent survey by Veda Advantage and that number keeps growing each year.   "Last year some 450,000 Australians were the victims of fraud," NSW Attorney-General John Hatzistergos said last weekend as he announced new laws that effectively duplicate Queensland's cyber crime laws.

"Nearly a billion dollars was taken from people and confiscated by criminals, using a variety of different techniques, trading in people's personal information, such as passwords, pin numbers, names and addresses.

The state based approach to the problem will not work says Professor Bill Caelli from Queensland University of technology's Information Security Institute. Prof Caelli says only co-ordinated global action by governments can secure the net.
Speaking to the Sunday Mail from a major IT conference in Paris where the issue of securing the net is high on the agenda, Prof Caelli claimed "banks were simply not capable of providing secure internet banking."
There is a big discussion happening globally about web services such as internet banking. The question is, "Can you create large-scale secure transaction systems on the weband the answer is coming back as no."

Already this year, two of Australia's biggest banks have reported significant attacks on their internet banking portals. Both attacks came after significant investments by the banks to upgrade their online banking platforms.

"The criminals tend to target one bank and when that institution shuts them down they move to another bank so it goes in circles," said Gary Gill, head of forensics at KPMG.

Australia's biggest bank, the Commonwealth Bank, reported that a malicious attack had probably contributed to its banking website, Netbank, crashing on the busiest days of the year – the two days before the end of the financial year.

Steve Batten, the media spokesman for the Commonwealth Bank, said that Netbank was designed to handle 13,000 customers online concurrently.   Last Monday, 18,500 customers were logging in concurrently and 1.59 million hits were registered in the 24-hour period.  Mr Batten said that the bank suspected that some of that traffic was malicious.

In February ANZ Bank reported a sophisticated scam that led to a fake web page appearing to customers after they logged in to the ANZ internet banking site.







Related articles by Zemanta



Reblog this post [with Zemanta]
Posted by at
Labels:

Saturday, July 18, 2009

Millions Stolen as Scam Put's Banks in One Helluva SMS



By Lavern de Vries



Gauteng police are working with Vodacom to trace the victims of a
multimillion-rand SMS banking authentication scam, described by a top
security firm as the first of its kind.



Police spokesperson Superintendent Lungelo Dlamini said on Thursday
that members of the Joburg Commercial Crimes Unit were liaising with
commercial crime units across the country to determine how many people
had been affected by the rip-off.



Security experts have billed the scam as a world first.







"This incident is, as far as we know, a world first, which only
enforces our opinion that SMS-based authentication, while, slightly
more secure than the simple username-password combos, is, outdated, and
in our fast-paced and highly evolving cyberworld no longer sufficient
by itself."



Costin Raiu, chief security expert at
Kaspersky Lab, suggested that banks deploy better and more advanced
technology to stay ahead of criminals.



"This incident is, as far as we know, a world first, which only
enforces our opinion that SMS-based authentication, while, slightly
more secure than the simple username-password combos, is, outdated, and
in our fast-paced and highly evolving cyberworld no longer sufficient
by itself."



He advised readers to check their online accounts often and notify the bank immediately if suspicious transactions are found.



Banks should be able to recover clients' money if they were notified promptly, Raiu said.



It is not known which banks were involved in the scam.



Dlamini would not be drawn on how much money was allegedly siphoned by
a Vodacom engineer and his accomplice through an elaborate scam
involving the blocking and delaying of SMS banking alerts to Vodacom
clients.



A Gauteng newspaper had reported that the Vodacom engineer and his
partner allegedly stole R2,4-million. Other media reports said that
when the pair appeared in the Johannesburg Commercial Crimes Court on
Monday, the State prosecutor received another docket for another R3,3m.



Dlamini said the docket was with the court and police would not comment on the issue.



On Tuesday Vodacom released an internal letter informing employees of
the scam and asking them to "convey the facts to our families, friends
and customers".



Signed and sent out by Vodacom chief communications manager Dot Field,
it explained that the alleged fraud was committed with the help of
fraudulently created temporary dual SIMs.



A customer's internet bank account would be logged into, and the
one-time password from the bank would be sent to the temporary dual
SIM, which enabled the transfer of money out of the customer's internet
bank account to their own account. When the transaction was successful,
the temporary dual SIM would be deleted.



The email also implied that customers would have to compromise their
PIN and password via phishing (when fraudsters get hold of sensitive
information such as usernames, password and credit card details by
masquerading as a trustworthy entity) for this type of fraud to occur.



Dlamini said police suspected a syndicate was behind the scam, and more arrests were expected.










    • This article was originally published on page 1 of The Star on July 17, 2009








Related articles by Zemanta




Reblog this post [with Zemanta]

Posted by at

Almost 90% Don't Trust/Wouldn't Use Mobile Banking







We can see here that almost 90% of Smartphone owners said that they didn't trust mobile banking security 
or saw noneed to manage their finances from a mobile device.

Source: Compete.com Blog
Posted by at

Mob Steals Data - Lexis-Nexis Breach Linked to Bonanno Crime Family

Lexis-Nexis Breach Linked to Crime Family
Analyst: 'Days of Amateurs Committing Breaches are Well Behind Us'

Excerpts from BankInfoSecurity.com

How it Happened

According to the indictment, Lee Klein, one of eleven people charged in the indictment,  worked for the criminal "crew" ofThomas Fiore, an associate of the Bonanno organized crime family.

The indictment alleges that Klein illegally used "informationobtained from computer databases in order to acquire identificationinformation regarding potential victims of extortion" and peoplesuspected by Fiore's criminal organization of being involved with lawenforcement.

Klein allegedly provided Fiore with "corporation names,addresses and account numbers to facilitate the manufacture andnegotiation of counterfeit checks."  In addition, the indictment alleges that members of thecriminal crew used threats of force and violence, including conspiracyto commit murder, to advance the objectives of the enterprise.

Security Experts React to Mob Ties

"Althoughsensational in its headline 'Mob Steals Data,' we perhaps should focuson how the data was accessed and what was contained in theinformation," says information security and privacy expert Kevin Nixon,CISSP, CISM, CGEIT.

"We are experiencing some most extraordinary eventsrelated to global businesses, economics and confidential informationmovement via the merger and acquisition of companies, networks,databases and entire systems."

Analyst Nick Holland sees this case is indicative of the waythat data breaches are becoming the work of organized crime syndicates,both overseas and domestically. "The relative ease with which sensitivedata can be acquired by either high tech (malware) or low tech (placinga criminal within an organization) means makes it attractive fororganized criminals that have the resources to execute such attacks,"says Holland, of the Aite Group.

The Bonanno crime family was making money from the sale ofunauthorized identification documents (including social securitynumbers and health and life insurance applications). "If the mafiaconsiders that selling sensitive information is a legitimate line ofbusiness, then clearly the days of just amateurs committing breachesare well behind us," Holland observes.

Read the Article in it's Entirety


Reblog this post [with Zemanta]
Posted by at

Redecard's Internet Processing being Probed



Brazilian antitrust regulators areinvestigating Redecard SA, the local processor of payments forMastercard Inc., after the national internet association saidthe company impeded competition with conditions on onlinepayments.  Sao Paulo-based Redecard changed its contracts to requireonline payment systems such as EBay Inc.’s PayPal unit toprovide lists of clients and use its Komerci platform to processtransactions, the antitrust arm of Brazil’s Justice Ministrysaid in an e-mailed statement late yesterday. The antitrust bodybanned the contract changes as a preventive measure, accordingto the statement.  Redecard denied any wrongdoing and said it will cooperatewith authorities, according to a regulatory filing.


By Guillermo Parra-Bernal

SAO PAULO, July 17 (Reuters) - The antitrust unit of Brazil's Justice Ministry said it has opened an investigation into credit card operator Redecard (RDCD3.SA), sending the company's shares down 2.56 percent.   The Economic Law Secretariat at the Justice Ministry said Redecard would be investigated for imposing terms on online payments that might hamper free competition.

The probe comes as Brazil, Latin America's most populous country, moves to heighten competition in the $190 billion credit card industry, where customers and merchants complain about exorbitant costs and a dearth of options.

The Brazilian Internet Association, an industry guild based in Sao Paulo, asked regulators to investigate whether Redecard modified contractual terms to have online payment processors provide lists of clients.  Under the changes, Redecard would require Internet companies to provide a list with their customers and online stores.

As a preventive measure, the secretariat, known as SDE, banned the contractual changes, which were to take effect on Aug. 1. The association said the use of the MasterCard (MA.N) brand by Internet-based companies such as PayPal and Mercado Livre in Brazil would have become more restrictive, keeping consumer fees from falling.

Redecard, which has an exclusive contract with MasterCard, authorizes merchants, issuers and transactions and acts as a clearinghouse.



Related articles by Zemanta
Reblog this post [with Zemanta]
Posted by at

Friday, July 17, 2009

UK Article Says Time To PIN Down Banks in Fraud Battle


It's time to PIN down the banks in the prolonged battle against card fraud

Despite chip and pin technology becoming compulsory in 2006, figures released by the UK payments association Apacs show that last year, phone, internet and mail order card fraud increased to £300m and counterfeit fraud to £170m. However, banks often take a hard line when customers try to obtain refunds for fraudulent transactions.

Typically, banks claim the customer acted irresponsibly and so is not entitled to a refund. For example, in a case I recently dealt with, a bank refused to accept a customer had reported her card stolen until she produced mobile phone records proving she had placed the call. In light of this attitude, how can you get your money back?

First, you should trigger the bank's formal complaints procedure. Point out that under paragraph 12.12 of The Banking Code, banks must refund all funds withdrawn fraudulently where the customer retains the card, and all but £50 where a card is lost or stolen. You can access The Banking Code at http://www.bankingcode.org.uk/pdfdocs/PERSONAL_CODE_2008.PDF

There is one exception: where a customer has acted fraudulently or without reasonable care. So make sure you do not write down your pin or tell anyone what it is. Also, be quick to report lost or stolen cards or fraudulent transactions. Build up a paper trail – keep copies of letters and emails, and write down details of telephone calls. The more accurate the detail you can provide to the bank, the better.

If this doesn't work, you have six months to contact the Financial Ombudsman Service for an independent adjudication. This is a free service utilised by filling out a simple form. It can result in a negotiated settlement, or a decision by the ombudsman to which the bank will adhere but which does not bind you. For guidance on how the ombudsman may approach your case, see http://tinyurl.com/ ombudsmancashmachine

Finally, you can go to court. If your claim is for £5,000 or less, use the small claims process. It is designed to be used without the need for lawyers and results in a county court judgment.

http://www.guardian.co.uk/money/2009/jul/18/credit-card-fraud-refund-stolen-citizens-advice
Posted by at

Billeo Study on Online Bill Payment Behavior



Billeo study reveals consumer online bill payment behavior

Santa Clara, Calif., July 17, 2009 -- In an effort to retain some financial control in uncertain economic times, consumers are using tools to stay on top of bill payments. Billeo, Inc., the company that gives consumers unprecedented choice, control and convenience when paying bills online, conducted a 2008 customer behavior study focusing on online bill payment trends. The results show that consumers are utilizing free online tools to track, manage and organize their transactions. Three quarters of those who pay bills and shop online save electronic receipts of their transactions and identified ease of “tracking online purchases and payments” as a top motivator.

“The most important thing we glean from this study is that a growing number of consumers are not only more comfortable doing a variety of transactions online, but they prefer it,” said Murali Subbarao, founder & CEO of Billeo, Inc. “We believe that the new economic situation will make them more savvy about how and when they spend their money and how they manage and store their online shopping and bill payment information. In uncertain times, they have the ability to exercise more control over how and when they pay bills, as well as how they track and evaluate expenses. To stay in control, consumers simply need to have some very basic online tools.”

Billeo’s survey revealed that more than half of people who transact online never pay late fees.

The study found that more than 31 percent of those who transact online are baby boomers, and more than 58 percent are over the age of 45. The study also showed that more than 56 percent of those who transact online have attended college with more than half acquiring a graduate degree. In terms of credit cards, 90 percent have credit cards and 47 percent carry no debt on their cards.
“Currently, more than two-thirds of online consumers pay at least one of their monthly bills with a credit or debit card. As the growth rate for non-card based online bill payment slows, Aite Group believes that banks will find their highest rate of growth in online bill pay from card-based payers,” said Ron Shevlin, Senior Analyst for Aite Group. “There is an opportunity for banks and billers to acquire an attractive set of consumers - consumers that are relatively affluent, are a low credit risk and actively engaged and loyal to the firms with which they do business.”

In other research, Billeo found that credit card bills are the most popular bill paid online by consumers in terms of number of bills paid. Other categories in order of number of bills paid online were: Utilities, Telephone, Cable/Satellite Television, Wireless, and Insurance. In terms of average transaction amount, credit card bills were the highest with $602 per bill. Other categories in order of transaction amount include: Insurance (with $319), Utilities (with $217), Cable/Satellite Television (with $162), Wireless (with $159) and Telephone (with $143).

Billeo is a popular, secure web-based tool that streamlines the online transaction process by helping consumers pay their bills and shop online using their checking account, credit cards and several alternative methods. Billeo offers one-step password log-on to one-click completion of online shopping and bill pay forms. With Billeo, payments are directed to billing company and shopping websites, payments are instantaneous, and electronic receipts are automatically captured, saved and filed. Additionally, the Billeo Biller Directory provides links to over 7,000 companies that accept online bill payment across 26 categories, including utility, cable and credit card companies. It is the largest Biller Directory and defacto industry standard.

Splendid Search, a tool developed by Billeo to automatically save and categorize electronic copies of bill payment and shopping receipts, is available now to consumers. Splendid Search allows the search of financial transaction records by the retail store or company name, amount paid, credit card used, or even by date. Whether you want to save all of the records around the online booking of an airline ticket, hotel or car, are looking at all online transactions for a month, want to print a receipt for a rebate or in-store return, or want to file a warranty claim, Billeo automatically saves the full receipt, categorizes it and allows you to locate the right record in seconds. It takes all the work, frustration and clutter out of paying bills and shopping online.

Billeo’s award-winning toolbar for managing and tracking bill payments and online purchases recently received the Editor’s Choice award and a Four Star rating from PC Magazine, and is available at no charge at http://www.billeo.com/page/homepage.jsp?sitename=Billeo .

Billeo has a close working relationship with Visa and Discover Network and the service is featured at over 40 of the top US based card issuers, including: Bank of America, Wells Fargo, Wachovia, Chase, and Target.

About Billeo, Inc.

Billeo gives consumers a fast, easy and intelligent way to exercise choice and control over their online purchases and payments. Billeo functions as the catalyst to make online purchases and bill paying as easy and financially rewarding as possible. Billeo was founded by experts from the EBPP, card issuer, banking, ecommerce and technology industries. Over 40 banks, 6 of the top ten card issuers and over 7,000 companies across 26 categories are part of the trusted Billeo network.

Source: Company press release. 


Related articles by Zemanta
Reblog this post [with Zemanta]
Posted by at

APAX Expanding to Latin America


APAX Global Payment expanding services to Latin America & Caribbean

Panama City, July 17, 2009 -- After servicing the Latin American and Caribbean market from its London office for several years, on the 1st of July, APAX opened up an office in Panama City to facilitate the huge demand for its credit card processing and electronic payment products from merchants in that area. The Panama office is specialized in offering card processing and electronic payment solutions to merchants selling mostly digital goods online in that region of the world.

APAX CEO Peter Arnold states, "APAX has a worldwide credit card processing network that operates through our processing banks to provide merchants with reliable credit card processing services. We have become one of the most competitive card processing companies in the industry without compromising quality. Our organization is also a leading provider of electronic payment processing services (e.g., checks, EFT) to corporations and fulfillment companies. Within the last five years we have seen a steadily increasing demand for our products especially from online merchants of various industries. Panama and Costa Rica have become a hub for those merchants. It is a logical step for APAX to open an office in that region in order to better service our customers."

APAX Global Payment & Technologies AG is one of the leading international providers of electronic payment and risk management solutions. APAX is dedicated to serving cardholders and their merchants by facilitating payment anywhere and anytime. Worldwide, we support processing for more than 100,000 cardholders and their merchants from various industries a day. APAX provides accounts and credit card services both for business and private customers. For further information, please contact www.e-apax.com .

This press release was issued through 24-7PressRelease.com. For further information, visithttp://www.24-7pressrelease.com .

Source: Company press release.
Posted by at

Euronet Rebrands as ePay




Euronet launches new name, brand identity for prepaid division

London, July 17, 2009 -- Euronet Worldwide, Inc. (“Euronet”) (NASDAQ: EEFT), a leading electronic payments distributor, today announced the rebranding of its global Prepaid Division under the name epay. Previously operating under six different names worldwide, the change reinforces the distinct, but related strength of Euronet’s Prepaid subsidiaries across all regions. The new identity will provide the Division with a worldwide retail brand that is known for quality service and consistent products.

Currently, Euronet’s Prepaid Division is one of the largest international distributors of prepaid mobile airtime. The establishment of a single brand signifies the division’s transformation from a prepaid mobile top-up distributor to a leading provider of payment services and technology. The credibility and success of Euronet’s individual brands provide a strong platform for the newly created global brand to ensure the Division remains an exciting and rewarding partner for service providers and retailers worldwide.

The new epay logo design embraces existing strong elements from the logos of its parent company and sister subsidiaries to create one distinct, yet synergistic brand that stands for professional, innovative and spirited values. The design is channeled toward creating a visual impact in a crowded retail space.

“Our new name, epay, now unites all of our best-in-class companies under one brand to further promote our position as the leading worldwide payment and cash collection network provider,” said Gareth Gumbley, Euronet senior vice president and managing director, epay Division. “Just as our business strategy has evolved over the years to meet the needs of our customers, so must our brands. The new brand identity is a reflection of that evolution to deliver brand leadership and enhanced value to our customers. It brings together our successful elements — local market knowledge, operational expertise and international distribution reach — required by multinational retailers and global consumer brands."

Several Euronet prepaid subsidiaries already carry the epay name. The remaining companies: PaySpot, Telerecarga, Movilcarga, Brodos and Transact will now adopt the new branding. Working with some of the world’s largest retailers and consumer brands, Euronet’s prepaid division has experienced tremendous success within the prepaid industry. The new identity affirms the company's commitment to leading innovation in the ‘e’ payment market while providing a platform for further growth and expansion.

About epay

epay, a Division of Euronet Worldwide, Inc. (NASDAQ: EEFT), is a global business with a retail network of approximately 227,000 locations across a number of international markets including the UK, Germany, Spain, Italy, Australia, New Zealand, USA, Poland, Romania, Austria, Switzerland and Ireland. epay enables service providers to deliver electronic payment products and services to consumers through an extensive worldwide retail network. epay’s proprietary payment technology is backed by a cash collection service that manages the payment of funds back to the service providers and a range of marketing solutions to assist both the retailer and service provider to maximize their sales opportunities.

In 2008 epay processed over 700 million payment transactions with a total face value of $11 billion. epay’s product portfolio includes top-up or recharge services for prepaid mobile airtime, prepaid debit cards and e-wallets; payment services for bills, road tolls and money transfer; and marketing and distribution services for gift cards, digital content and transport tickets. epay’s commitment to customers is supported by a strong roadmap of innovative new e-payment products to bring to market. epay’s corporate headquarters is located in London, United Kingdom. For more information, please visit the company’s Web site www.epayworldwide.com .

About Euronet Worldwide, Inc.

Euronet Worldwide is an industry leader in processing secure electronic financial transactions. The Company offers payment and transaction processing solutions to financial institutions, mobile operators and retailers which include comprehensive ATM, POS and card outsourcing services; card issuing and merchant acquiring services; software solutions; consumer money transfer and bill payment services; and electronic distribution for prepaid mobile airtime and other prepaid products. Euronet operates and processes transactions from 42 countries.


Euronet's global payment network is extensive — including 9,205 ATMs, approximately 56,000 EFT POS terminals and a growing portfolio of outsourced debit and credit card services which are under management in 24 countries; card software solutions; a prepaid processing network of approximately 421,000 point-of-sale terminals across approximately 227,000 retailer locations in 20 countries; and a consumer-to-consumer money transfer network of approximately 77,100 locations serving more than 100 countries. With corporate headquarters in Leawood, Kansas, USA, and 35 worldwide offices, Euronet serves clients in approximately 140 countries. For more information, please visit the Company's Web site at www.euronetworldwide.com .

Source: Company press release.
Reblog this post [with Zemanta]
Posted by at

Merchant Solutions and JCB Sign Aquiring Agreement


Merchant Solutions Signs Acquiring Agreement with JCB International

Friday, July 17, 2009

SINGAPORE. - Merchant Solutions, the acquiring joint venture between global electronic payments processor First Data and Standard Chartered Bank, has signed an agreement to initiate merchant acquiring for JCB, a major global payment brand originated in Japan.

The agreement spans eight markets in Asia and will enable JCB card members to use their cards at thousands of purchase points in Hong Kong, Macau, China, Singapore, Malaysia, Brunei, Bangladesh and Sri Lanka.

Merchant Solutions already enables merchants to accept Visa, MasterCard and China UnionPay branded cards in many of these markets today, and they will now be able to capture more business as JCB cardholders travel across Asia.

According to the Japan National Tourist Organisation (JNTO), in 2007 overseas visitors to other parts of Asia exceeded 13 million. More than half of that number traveled to countries covered by the new arrangement between Merchant Solutions and JCB International, a wholly-owned subsidiary of JCB Co., Ltd., a brand holder of JCB, and a major issuer and acquirer in Japan. According to the JNTO, 1.3 million Japanese visitors traveled to Hong Kong during 2008, and according to the Hong Kong Tourism board, they spent 3.5 billion Hong Kong dollars.

"Merchant Solutions is very pleased to expand its acquiring network to include JCB cards" said Sean Hesh, CEO and managing director of Merchant Solutions. "JCB is a major global payment brand with a solid card member base in Asia. This arrangement delivers improved merchant coverage for JCB card members and increases payment options for our merchants, helping to drive their sales volumes"

"Our arrangement with Merchant Solutions is very exciting and will enhance JCB’s acceptance network further across Asia" said Kubo Masayuki, managing director, JCB International (Asia) Ltd. "With Merchant Solutions, our card members travelling across these Asian markets will be able to enjoy greater convenience than ever before"
Reblog this post [with Zemanta]
Posted by at

Forbes: Visa Puts Another $700M into Litigation Fund


Visa puts another $700 million in litigation fund
Associated Press, 07.17.09, 06:20 AM EDT


SANFRANCISCO -- Visa Inc., the world's largest credit and debit cardprocessor, said it has deposited $700 million into an account earmarkedfor litigation costs, a move that essentially acts as the repurchase ofclass B shares.Visaset aside $3 billion of proceeds from its March 2008 initial publicoffering to cover potential liabilities in lawsuits alleging Visaconspired to stifle competition and fix prices. The account providescoverage and potential payments for judgments or settlements in U.S.legal cases against Visa, and acts to protect Visa's commonshareholders from direct losses.

In December the company deposited $1.1 billion into the litigation escrow account. U.S.financial institutions are the sole holders of class B shares. Underthe plan, when Visa funds the account, only class B shareholders bearthe expense. Thus, as Visa funds the account, it reduces the conversionprice for class B shares into class A shares.

Continue Reading at Forbes


Related articles by Zemanta

Reblog this post [with Zemanta]
Posted by at

Bank Highway Robbery

Credit Card News - Bank RobberyBank Robbery 

Overdraft Fees Total $38,000,000,000 Billion

By Ashish Rajan, CardTrak.com

Bigbanks are making big increases in overdraft fees for debit cards andchecking accounts. The increases come amidst the growing cries to reignin the fees as well as limit bank policies such as hitting customersfor each transaction on a debit card and "big check first" policies. Anew survey has found that big banks charged a median price of $35 peroverdraft vs. all financial institutions with a median OD fee of $26.Overall, the national median for overdraft fees on consumer checkingaccounts, debit cards and ATMs increased 4%to $26 per incident in 2009 from $25 per incident in 2008. The Southled all US regions with a median charge per overdraft of $29.00 vs.$25.00 elsewhere. The Moebs Services research also shows 35% of allfinancial institutions allow consumers to overdraw their accounts at anATM or with a debit card for which a mediancharge of $26 is assessed and less than 20% of all financialinstitutions pay overdrawn checks in the order from large to small. 
Related articles by Zemanta
Reblog this post [with Zemanta]
Posted by at

MasterCard's Priceless Picks iPhone Application

MasterCard Launches Priceless Picks iPhone Application

MasterCardPricelessPicks.jpgMasterCard has announced the availability of the MasterCard Priceless Picks iPhone application which it says "gives consumers a location-based utility to find and share their favorite picks with friends and family. Leveraging the iPhone’s GPS technology, users can instantly find shopping deals, entertainment options, dining venues and special experiences just steps away from where they are or where they’re traveling to, for business or for pleasure. Priceless Picks is available for free download at the iPhone App Store."

Unique features of the MasterCard Priceless Picks app include:
  • User-generated content and partner generated offers
  • Priceless Picks separated into five categories including Priceless, Dining, Shopping, Entertainment and Other
  • Pinpoints Priceless Picks in your selected location
  • Add your own Priceless Pick by simply inputting the name,description and location along with your first name and a PricelessPick category
  • “Send to a Friend” allows you to share your Priceless Picks with others via email
“MasterCard continues to connect with consumers, enabling what is Priceless to them – be it a special experience, moment in time, place, or deal - and now we’re providing a forum for consumers to share their Priceless Picks,” said Chris Jogis, Senior Vice President, US Marketing, MasterCard Worldwide. “With the capabilities of the iPhone, we’ve taken Priceless Picks to a new level, taking advantage of the portability of the device and enabling users to quickly and easily identify and share unique experiences in a chosen locale.”

Marketing Campaign -- Priceless

MasterCard Priceless Picks will be supported by an advertising campaign that includes three new 15 second Priceless® television spots breaking next week, produced by McCann Erickson NY. The spots showcase a variety of real life situations where people share their special experiences by posting them to Priceless Picks on their iPhone – the best seat in the stadium to catch a foul ball, family-friendly restaurants and a great spot for a kiss.

The Priceless Picks app was conceived, developed and built by McCann Erickson, New York, the advertising agency of record for MasterCard, with technical support from MRM Worldwide and Ubermind.

MasterCard Priceless Picks marks the second in a series of iPhone applications that MasterCard is bringing consumers to make life a little easier every day. Priceless Picks joins the popular MasterCard ATM Hunter, which lets iPhone users easily locate the nearest ATM no matter where in the world they are.
Reblog this post [with Zemanta]
Posted by at

Zong and Gaia Go After Web Teens



Zong, Gaia Online partner to bring new payment method to Web teens

Palo Alto, Calif., July, 2009 -- Zong (www.Zong.com ), the most frictionless payment service for gaming and social media publishers, today announced that it has partnered with Gaia Online, the leading hangout for teens and young adults on the Web. Gaia’s more than eight million unique monthly visitors now have the option to purchase Gaia Cash, Gaia’s virtual currency, with their mobile phone number, via the Zong mobile payment platform. Gaia Cash can then be used to obtain digital goods on the site.

“With more than eight million members conducting in excess of 100,000 transactions daily, Gaia Online represents one of the world’s most vibrant online virtual economies,” said David Marcus, Founder and CEO, Zong. “We’re confident that Gaia Online’s teen-based membership community will find Zong to be even easier than a traditional credit or debit card-based payment, and this partnership underscores the tremendous economic potential of the high-growth virtual goods industry.”

With over nine years of operating experience, Zong has high-scale connectivity with more than 100 mobile carriers worldwide. The Zong mobile payments platform features the most extensive network of direct carrier connections across the globe. Given the financial, operational and security risks inherent with aggregated carrier relationships, direct relationships with carriers are a central consideration for virtual goods, social networking and gaming companies evaluating revenue-enhancing transaction platforms.

Founded in 2003, Gaia Online is on online community that provides a fun, social environment for its members to make friends, play games, and even watch movies in Gaia's virtual theaters. Gaia also offers a broad variety of multiplayer Flash games, has its own virtual currency and an active forum and message board community.

“As one of the most active online communities and economies, we believe strongly in giving our members a wide variety of payment options available across multiple technology platforms,” said Joe Hyrkin, Vice President of Sales and Business Development, Gaia Online. “Extending the Zong frictionless mobile payment platform as a mechanism for purchasing Gaia Cash is a great opportunity for us to help members more easily and creatively express themselves via purchases.”

About Zong

Zong is the leading mobile payment service used for monetizing Web audiences in the social media and gaming industries. Noted for its frictionless user experience, Zong converts "shoppers" into "buyers" at rates up to 10 times greater than traditional payment methods, like credit cards. Zong is featured in hundreds of top applications on popular social networks like Facebook and MySpace as well as leading virtual worlds and other online gaming sites. Founded in 2000, the company leverages direct connections with leading mobile network operators around the world to provide unrivaled connectivity to mobile subscribers. For more information, please visit http://www.zong.com .

About Gaia

Founded in 2003, Gaia Online is the leading hangout on the web. More than eight million visitors come to Gaia every month to make friends, play games, watch movies in Gaia Cinemas, Gaia's virtual theaters, and participate in the world's most active online community. Gaia provides a fun, social environment that inspires individuality and creativity. With everything from art contests to discussion forums on poetry, politics, celebrities and more, to fully customizable profiles, digital characters and cars, Gaia is a place where teens can create their own space and express their individual style. For more information, visit www.gaiaonline.com .

Source: Company press release.
Posted by at

Accertify Co-Founder Appointed as Merchant Risk Council Board Advisor


Chicago, Ill.,  Accertify www.accertify.com, a provider of leading-edge credit card fraud prevention solutions to online merchants, today announced that Gary Doernhoefer, Accertify co-founder and General Counsel, was appointed as a Merchant Risk Counsel Board Advisor.

The Merchant Risk Council is the pre-eminent trade association focused on electronic commerce risk and payments in the U.S. and globally. The merchant-led council sponsors industry networking, education and advocacy programs to make electronic commerce more efficient, safe and profitable.

“The MRC has a deep understanding of the fraud challenge facing e-commerce and has been a leader in bringing merchants together,” Doernhoefer said. “I look forward to helping the organization in addressing fraud and risk issues to improve the security and profitability of doing business online.”

“Gary has been helping merchants successfully fight online fraud for nearly a decade,” said Tom Donlea, MRC Executive Director. “His business and legal expertise will add tremendous value to our organization in dealing with the increasingly complex world of Internet crime.”



Related articles by Zemanta


Reblog this post [with Zemanta]
Posted by at

More on Monnet, the EU Challenger to V/MC

July 17, 2009

EU card takes on Visa-MasterCard duopoly

A new EU-wide payments card is set to take on the duopoly of MasterCard and Visa.

Currently at concept stage, and expected to launch in October, the card will simplify credit and debit payments within the Single Euro Payments Area (SEPA).   Payments on the card will not be charged cross-border fees.

French and German banks, including Deutsche Bank, Société Générale and BNP Paribas are working on plans for the card, which will be called Monnet after French economist Jean Monnet who strove for a united Europe.

Speaking at the European Banking Conference, Wiebe Ruttenberg, head of market infrastructure division at the European Central Bank (ECB), endorsed the proposals.
“We need at least one alternative card scheme in Europe to become a credible challenge to the duopoly,” Ruttenberg said.

Although all 27 EU member states are expected to adopt the cards, British payments specialist, the UK Cards Association, anticipates that it will have little impact in the UK.

A spokesperson for the group said: “Given that UK debit cards are all either Visa or MasterCard branded, and can be used overseas wherever those brands are accepted, the impact on UK consumers is likely to be limited.”

Story link: EU card takes on Visa-MasterCard duopoly



Related articles by Zemanta

Reblog this post [with Zemanta]
Posted by at

77% of All UK Card Fraud Involves Internet/CNP Transactions

Rise of the online credit card sharks: Annual crime figures reveal fraud soaring to £610m

By Matthew Hickley  Last updated at 11:23 AM on 17th July 2009 (excerpt)

The cost of card fraud in Britain is spiralling out of control...

Card fraud cost the UK £610million last year - up by 43 per cent in just two years - and more than three quarters (77%) of all offenses now involve Internet, telephone or mail order shopping where chip-and-pin technology offers no protection. (all Card NOT Present environments)


The British Crime Survey - based on interviews with 40,000 householders - shows there were 2.8million fraudulent card transactions last year, up 4 per cent year-on-year, and the proportion of cardholders who are victims has risen from 3.7 to 6.4 per cent in the past three years.

Card-not-present fraud accounts for 77 per cent of all incidents - almost 2.2million last year - and losses rose by 13 per cent to £328million.

A spokesman for the UK Cards Association trade body said the figureswere 'not good', but insisted they should be seen in the context of ahuge rise in online shopping.

Between 2001 and 2008, card-not-present fraud soared by 243 per centfrom £95.7million to £ 328.4million. But over the same period the totalvalue of online shopping in the UK leapt by 524 per cent, from£6.6billion to £41.2billion.




Related articles by Zemanta



Reblog this post [with Zemanta]
Posted by at

Interac Teams with Inside Contactless




Interac Connects With Contactless Debit Payments

According to Digital Transaction News, Canada’s Interac Association debit network is teaming with France-based semiconductor manufacturer Inside Contactless in a partnership that will include a test next year that will pair PIN-based debit cards with contactless payments. But to keep transactions moving quickly, cardholders will not need to enter a PIN.

The test will be yet another as card networks, processors, banks and vendors try to find a winning formula for the much-ballyhooed contactless card that uses radio technology to pass data between the card and payment terminal at close range. Issuers have pumped out millions of contactless cards, but there are fewer than 200,000 locations worldwide that accept them.

Posted by at

Thursday, July 16, 2009

Top 10 PIN Debit Networks

Here's a list of the Top 10 PIN-Based POS Debit Networks
Compiled by ATM & Debit News




Posted by at

Rhetorical Question of the Day: Are Web Applications a Security Concern?


Are Web Applications a Security Concern?

Editor's Note:  Here's an excerpt from an excellent article in today's New York Law Journal.  I think it adequately explains "todays" risks inherent with transacting on the web.  That said, I'm more worried about tomorrow than I am today.  After all, yesterday "https:// was safe, SSL was safer and EV SSL was safest.  Not today.  Click any graph to enlarge...JBF
by Richard Raysman and Peter Brown
New York Law Journal - July 16, 2009


...Several high-profile computer hackers have recently been indicted or face prison time as a result of their unlawful activities. For example, a hacker named "Max Vision," who stole almost 2 million credit card numbers from financial institutions, merchants and other hackers, recently pleaded guilty to federal wire fraud charges and is awaiting sentencing. In another matter, a 19-year-old blind hacker was sentenced to 135 months in prison for unauthorized access to telecommunication company information, among other crimes.[FOOTNOTE 1]

Also, in ongoing proceedings, an accused British hacker, who allegedly accessed data on NASA computers, is seeking judicial review of a prior order permitting his extradition to the United States, arguing he should not be held criminally responsible because he is a sufferer of Asperger's syndrome.[FOOTNOTE 2]

Facing similar concerns to operators of government networks, private companies with external Web sites can be susceptible to attackers looking to commit defacement or infiltrate computer networks to steal sensitive information. The increased corporate reliance on complex applications and technologies contribute to the potential for security vulnerabilities and an increased need for computer security.

A growing concern, legitimate Web sites continue to be targeted by hackers, with a reported 30,000 pages affected every day by malware attacks.[FOOTNOTE 3] Successful attacks can compromise confidential resources or consumer data and harm an organization's image. Further, an improperly configured Web server can be attacked directly to obtain unauthorized access to an organization's internal resources.

This article will discuss Web application security concerns, common Web application attacks and some of the enforcement actions taken by the Federal Trade Commission against companies that have suffered security breaches allegedly due to inadequate security practices.

SECURITY CONCERNS

Business sites have become an indispensable means to communicate with prospective customers and conduct transactions. Sites have become more dynamic, giving users new capabilities to run applications, query databases and access personal and financial content.

Highly interactive sites boast multiple ways to reach out to users, namely through login and informational fields, electronic shopping carts and data uploading systems that collect, process and electronically transmit potentially sensitive consumer information.

Such interactions are performed by Web applications, which are programs that act as the intermediary between a site's servers and its database servers such that data submitted or requested by users can be transmitted from a company's database to users' browsers.

For example, a database might maintain information related to login credentials, financial information, statistics, pricing or inventory information, or other sensitive data that, when accessed legitimately, gives a site its functionality for users and customers.

When a user's submission requires additions to or retrieval from a company's database, whether it be a simple search, account information request or e-commerce transaction, the application accesses the database servers to run the particular request, with the information displayed on users' screens.

However, as hackers and identity thieves have become more adept at exploiting programming vulnerabilities to gain access to a company's Web and database servers, the use of Web applications raises cybersecurity concerns. 

The intruders seek unauthorized access for several reasons, such as to deface a site (i.e., changing information on the server or redirect traffic to embarrass a company or make a political statement); steal sensitive data for illicit gains; plant malicious code to further a phishing scheme or other online scam; or create a distribution point for attack tools, spam, pornography or pirated software.[FOOTNOTE 4]

In addition, sensitive information transmitted unencrypted between the server and a user's browser may be intercepted or malicious entities may attempt to gain unauthorized access to resources elsewhere in the organization's network via a successful attack on the server.

Such attacks are consistent with a trend in malicious user behavior, which focuses on attacking applications accessible via the Internet, as opposed to attacking the operating system of the host platform.[FOOTNOTE 5] 

Indeed, the growth of attacks has been fueled by the easy availability of automated programs or "rootkits" that can perform a sweep across the Web to detect which sites have known vulnerabilities. Thus, if a site's applications are not secure, then sensitive consumer information could be at risk from one of many common exploits.

COMMON ATTACKS

In recent years, as the security of networks and server installations have improved, poorly written software applications and scripts that inadvertently allow attackers to compromise the security of a Web server or collect data from backend databases are the routine targets of attacks.

Common attacks include "structured query language" injection, where an hacker is able to input commands to a database, and "cross-site scripting," where an attacker manipulates the application to store malicious scripting language commands that are activated when a subsequent user opens the Web page.[FOOTNOTE 6]

Generally speaking, XSS refers to the act of injecting a malicious code into a Web page, which is then executed in the user's browser, in order to perform some sort of manipulation. XSS exploits the browser's (as well as the user's) trust that the page they are viewing is safe for downloading information and/or clicking on links presented.

XSS often takes advantage of Web servers that return dynamically generated pages. A successful attack potentially allows the hacker to redirect the page to a malicious location, hijack a user's browser, engage in computer network reconnaissance or plant backdoor programs, all while being completely transparent to the end users.[FOOTNOTE 7] As a result, a hacker can typically gain access to a company's database servers, deface Web pages, spread worms or execute malicious computer script.[FOOTNOTE 8]

Another common attack, SQL injection, allows commands to be executed directly against the database, thereby permitting disclosure and modification of the data within.

SQL is a computer language for querying and modifying data and the management of databases. The most common pathway for an SQL injection attack occurs when a hacker is permitted to enter SQL commands into a certain Web feature (e.g., login form, search query boxes, feedback forms) or directly into the browser address bar and query the database without authorization.

SQL injection usually involves a combination of inappropriate security permissions, unfiltered user input, and software code errors or omissions. Since SQL injection is possible even when no traditional software vulnerabilities exist, mitigation is often more complicated than simply applying a security patch.[FOOTNOTE 9]

With more and more Web servers comprising a front end for a database server, there is an ongoing risk that an intruder can compromise the database unless adequate security precautions are taken.

Read the Article in Full

Richard Raysman, a partner at Holland & Knight, and Peter Brown, a partner at Baker & Hostetler, are co-authors of "Computer Law: Drafting and Negotiating Forms and Agreements" (Law Journal Press).

:::FOOTNOTES::::






Reblog this post [with Zemanta]
Posted by at
Subscribe to: Posts (Atom)

Disqus for ePayment News