ViVOtech Selected to Enable First Deployment of MasterCard® PayPass™ Technology in Brazil by Redecard

ViVOtech Chosen to Enable MasterCard® PayPass™ Acceptance by Acquirer Redecard in Public Transportation, Restaurants, Convenience Stores, Movie Theaters, Parking Lots and Tourist Attractions

CARTES & IDentification 2009



CARTES, Paris--(BUSINESS WIRE)--Silicon Valley-based ViVOtech, the leader in Near Field Communication (NFC) and contactless payment systems, announced today that its worldwide best-selling contactless technology, ViVOpay, has been chosen to enable the first deployment of MasterCard® PayPass™ technology in Brazil by allowing the acquirer, Redecard, to enable multiple merchant locations for contactless card acceptance throughout multiple verticals. Redecard is the largest acquirer of MasterCard transactions in Latin America with 1.8 billion transactions per year in 1.3 million merchant locations.



MasterCard Worldwide, Credicard, Citibank’s credit card administrator for the Brazilian market, and Redecard have announced the launch of MasterCard PayPass contactless payment technology in Rio de Janeiro for public transportation and other quick service merchants. MasterCard says that PayPass is the first contactless payment product to be introduced for public transportation in Latin America.



Redecard used ViVOtech contactless technology to enable acceptance of MasterCard PayPass at multiple locations including the Pão de Açúcar (Sugar Loaf Mountain) lift, Supervia train stations, UCI cinemas, McDonald's fast food restaurants and Estapar/Riopark parking lots located in Rio. Coming soon, the Rio de Janeiro Metro system will also be enabled. This is just the beginning, as Redecard plans to add more PayPass merchant acceptance locations in the near future



“We are delighted that our ViVOtech contactless reader technology was chosen to enable this first MasterCard PayPass deployment in Brazil,” said Mohammad Khan, ViVOtech’s president and founder. “The expansion of the ViVOpay product line follows the increased usage of contactless payments from the original quick-service retail to vending, taxi, parking, transportation, transit and convenience stores.”



ViVOtech’s product line continues to evolve not only in hardware, but also in software and applications. ViVOtech’s infrastructure and application software products for mobile payments, promotions and marketing enable its 550,000 reader-installed base in 35 countries to function as communication and marketing devices, communicating with consumers using Near Field Communication and interim sticker technology enabled phones.



ViVOtech will be demonstrating its ViVOpay line of contactless payment readers, as well as its infrastructure and application software products for mobile payments, promotions and marketing, at the CARTES & IDentification 2009 show in Paris, November 17-19 at booth # 4 Q 028.



About ViVOtech



ViVOtech (www.vivotech.com) is the leading end-to-end enabler of next generation mobile payments, loyalty, and marketing solutions. ViVOtech provides Near Field Communication (NFC) mobile payment solutions, mobile marketing and loyalty applications software, Over-The-Air (OTA) provisioning infrastructure software, NFC smart posters, and contactless terminals. ViVOtech’s products are used by most prominent retailers all over the globe; the company has shipped over 550,000 contactless and NFC payment terminals to more than 35 countries. In 2009, ViVOtech received the prestigious Frost and Sullivan North American Smart Cards Product Line Strategy of the Year Award. ViVOtech’s investors include Citi, First Data Corporation, Motorola Ventures, NCR, and Nokia Growth Partners.

Javelin's Bank Safety Scorecard

Good News Holiday Shoppers: All Large Bank Debit Cards Now Offer Zero-Liability; Banks Also Bolster ID Fraud Prevention and Minimize SSN Use

Javelin’s Bank Safety Scorecard Rates Providers on 50 Customer Safety Measures

Bank of America, Regions Bank and Wells Fargo Rank Highest

SAN FRANCISCO--(BUSINESS WIRE)--Javelin Strategy & Research (http://www.javelinstrategy.com) today issued a research report ranking top banks and credit unions on 50 identity fraud Prevention, Detection and Resolution™ capabilities. The report scores how well an individual financial institution teams up with customers against criminals that committed $48B in identity crimes last year. Finishing first overall among 25 large US institutions was Bank of America, followed closely by Regions Bank and Wells Fargo. Javelin’s latest report finds that banks made dramatic strides in prevention of identity fraud, with detection capabilities showing little improvement.







"In a recession facing more identity fraud and an entire reshuffling of top banking providers, substantial improvements occurred in how banks work with customers to prevent identity crimes,” said James Van Dyke, President and Founder. "Consumers don’t just want to be protected by others; they want involvement in protecting their money and identity. Inventive criminals continually update their methods, and banks must do the same.”



Javelin’s 2009 Banking Identity Safety Scorecard uses website research and mystery-shopping methods to score the largest banks and credit unions that represent half of all U.S. consumer checking accounts. The 50 precise security measures are based on exacting analysis of three areas: consumer behavioral research, review of changing crime patterns, and new technologies available to banks and consumers. This year’s scorecard includes such areas as transaction-specific alerts via mobile devices, prohibitions over unauthorized online or overseas transactions, SMS text and e-mail notifications of suspicious activity, multi-factor authentication, zero-liability guarantees for most online and card purchases, and having a team specializing in identity theft resolution. Identity Fraud carried an average per-victim toll of $496 in out-of-pocket costs and 30 hours of personal resolution hours in 2008.

Key Findings of 2009 Banking Identity Safety Scorecard:

• Banks excelled in prevention capabilities, scoring an average of 27 percentage points higher than last year. Bank of America, BB&T and Fifth Third had the highest prevention scores.


• Financial institutions finally curtailed the use of full social security numbers for routine authentication. (Consumers: never divulge your full SSN unless absolutely necessary, and then only after the other parties’ identity is confirmed).


• Nearly nine in 10 banks now equip their customers with third-party security vendors for online safety, teaming up with companies such as McAfee and Symantec to ensure that they are better protected when banking online.


• Banks are strengthening education, with 100% of the top financial institutions now offering anti-phishing email education online – doubling from the previous year. Because consumers receive confusing and contradictory self-protection advice, banks have become trusted safety advisors.


• Highest identity fraud detection scores were posted by Regions Bank, Bank of America and Citibank.


• Detection capabilities showed meager improvement overall. Javelin calls for 18 alerts and notifications regarding changes to consumers’ accounts and personal information. Consumers typically are the first to spot fraud in half of all ID crimes, and with mobile technologies promising new capabilities, banks should take advantage of opportunities to further improve identity safety.


• ING, Navy Federal Credit Union, PNC Bank and Wells Fargo earned perfect scores in 11 identity fraud resolution criteria.


• 100% of top banks now offer zero-liability protection and next-day replacement of lost or stolen debit cards for most routine purchases, tightening parity with credit cards.

"Our 2009 scorecard shows that 100% of leading banks surveyed have extended zero-liability fraud guarantees for debit cards to cover PIN, signature and card-not-present purchases. Entering the holiday shopping period, customers of these institutions can have increased confidence that their debit card purchases will be fully protected from fraud," explains Mary Monahan, Managing Partner and Research Director. "As financial institutions continue to battle identity fraud criminals, institutions will gain an edge by partnering with their customers to more quickly and accurately block fraud."

Gemalto Announces ADR - Begins Trading in the OTC Today

Today Gemalto announced a sponsored Level 1 American Depositary Receipt (ADR) program in the United States that will begin trading today in the over-the-counter (OTC) market.  In addition, they announced the 2010-2013 Development Plan.  Both news releases are below.  

At an investor conference, the executive team presented more details of the plan in the telecom, banking and identity management/e-government security sectors.  The webcast from today's investor meeting will be posted at www.gemalto.com/investors.

Gemalto Establishes a Sponsored ADR Program

Amsterdam, November 19, 2009 - Gemalto (Euronext NL0000400653 - GTO), the world leader in digital security, today announced that the Company has established a sponsored Level 1 American Depositary Receipt (ADR) program in the United States.

Gemalto’s ADRs will trade in the United States beginning today in the over-the-counter (OTC) market. Under the program, each Gemalto ordinary share is represented by two ADRs.  Deutsche Bank is acting as the depositary bank for this program.

The ADR security identification numbers are:

ISIN: US36863N2080

CUSIP: 36863N 208

Olivier Piou, Chief Executive Officer of Gemalto commented: “American investors show great interest in Gemalto.  A reasonable proportion of our shares are already held by US investors. We are putting in place this program to offer even more US investors the opportunity to participate in the future of our Company.”

Gemalto 2010-2013 Development Plan

• Target €300 million of Profit from operations in 2013, more than 50% increase over 2009

• Plan combines revenue growth and margin expansion, with all segments increasing their profit

• Company will propose initiating a dividend distribution to shareholders

• Live audio webcast of Company presentation starting today at 4pm Central European Time

Amsterdam, November 19, 2009 - Gemalto, the world leader in digital security today announced its Development Plan for the period 2010 to 2013.

Through revenue growth and margin expansion the Company sets for itself an objective of expanding by more than 50% its Profit from operations(1), to  €300 million in 2013.

Gemalto also announced intention to initiate a dividend distribution to complement its existing

share buy-back program.  The Company plans to propose a dividend of between €0.20 and €0.25 related to fiscal year 2009 at the next annual general meeting of shareholders to be held in May 2010.

Gemalto will be holding a presentation of its 2010-2013 Development Plan beginning at 4pm CET and this conference will be accessible live via audio webcast at www.gemalto.com/investors.

Highlights of the 2010-2013 Development Plan:

• The Company’s €300 million Profit from operations objective for 2013 is based on both revenue growth and expansion of the Profit margin from operations. Organic growth anticipated in all business segments will be accelerated by bolt-on acquisitions.

• Each business segment - Mobile Communication, Secure Transactions and Security - is expected to expand its Profit from operations. Secure Transactions and Security are expected to contribute significantly to the company’s profit expansion throughout the period, and to deliver high single digit Profit margin from operations in 2011.

• The Company will continue to generate strong levels of operating cash flows, which will be re-invested to fuel organic growth, fund bolt-on acquisitions, as well as provide return to shareholders via a combination of share buy-back and a newly initiated dividend distribution.

• Gemalto will continue to tightly manage capital employed, and the Company ambitions to further increase its return on capital employed (ROCE) ratio.

Olivier Piou, Chief Executive Officer of Gemalto commented: “Gemalto plays at the heart of important megatrends. Our digital security solutions opportunities expand with the global rise in digital and wireless usage. Gemalto is in a unique position with its trusted customer relationships, its large installed base of connected smart objects and its ability to serve operators’ needs with software and services. We will leverage our core assets to expand both revenue and margin, from a well-established global base that has strong operating leverage and demonstrated ability to generate high levels of cash.  We are particularly energized by this ambitious plan, and are confident that it will create solid value for our stakeholders.”

----

(1) See Appendix 1 in the complete version for definition of the non-GAAP “Profit from operations” and “Profit margin from operations” measures.

Download the complete version (PDF, 95 KB)

About Gemalto

Gemalto (Euronext NL 0000400653 GTO) is the world leader in digital security with 2008 annual revenues of €1.68 billion, and 10,000 employees operating out of 75 offices, research and service centers in 40 countries.

Gemalto is at the heart of our evolving digital society. The freedom to communicate, travel, shop, bank, entertain, and work—anytime, anywhere—has become an integral part of what people want and expect, in ways that are convenient, enjoyable and secure.

Gemalto delivers on the growing demands of billions of people worldwide for mobile connectivity, identity and data protection, credit card safety, health and transportation services, e-government and national security. We do this by supplying to governments, wireless operators, banks and enterprises a wide range of secure personal devices, such as subscriber identification modules (SIM), Universal Integrated Circuit Card (UICC) in mobile phones, smart banking cards, smart card access badges, electronic passports, and USB tokens for online identity protection. To complete the solution we also provide software, systems and services to help our customers achieve their goals.

As the use of Gemalto's software and secure devices increases with the number of people interacting in the digital and wireless world, the company is poised to thrive over the coming years.

For more information please visit www.gemalto.com.

TrustWave Unveils TrustKeeper 3.0

Chicago, Nov. 19, 2009 -- Trustwave, the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, unveils TrustKeeper 3.0, the next generation of Trustwave’s industry leading compliance platform. TrustKeeper 3.0 is a new revolutionary approach to supporting Level 4 merchants’ efforts to validate compliance with the Payment Card Industry Data Security Standard.



PCI DSS is the payment card industry security requirement for entities that store, process or transmit cardholder data, and has been endorsed by all the major card brands — Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. Level 4 merchants are defined as those that process fewer than 20,000 e-commerce transactions and/or fewer than 1 million single card transactions per year.



Trustwave’s ground-breaking Web portal moves merchants through the compliance process with ease and efficiency by making the PCI compliance process accessible to the non-technical user. TrustKeeper 3.0 profiles merchant’s behavior pertaining to credit card acceptance and information security business practices. Using the information compiled, TrustKeeper 3.0 simplifies and automates the PCI DSS compliance process. This simplified process renders a result as to whether or not the merchant is compliant, which facilitates the compliance process for even the most inexperienced, non-technical merchants. Should a merchant be found non-compliant, TrustKeeper 3.0 provides actionable recommendations to mitigate any issues to better protect their customer’s data.



Acquirers and ISOs interested in implementing a PCI program for their merchant portfolios benefit from the innovative approach of TrustKeeper 3.0, which minimizes the effort required for their merchants to comply, thereby increasing adoption and lowering the financial risks associated with data compromises. TrustKeeper 3.0 features include:

• Easy Enrollment: A stream-lined registration process guides merchants into the compliance process with simple questions about their payment environment, ensuring each merchant is enrolled in a PCI program suitable for their business.


• Step-By-Step PCI Wizard: A personalized, guided interview that translates the language of the PCI assessment into terms merchants can understand, and uses their answers to complete the process on their behalf.


• TrustKeeper Agent: Merchants may download and install software on their Point-of-Sale (POS) systems, which further automates the PCI process by gathering important technical details needed for the PCI assessment. The TrustKeeper Agent also provides security features for the POS system.


• Online Educational and Compliance Tools: On-demand help text, tutorials and optional tools such as TrustKeeper’s Security Policy Advisor and Security Awareness Education ensure that merchants can efficiently complete the PCI process.


• Vulnerability Scan Management: Proprietary scanning technology ensures that both brick and mortar and e-commerce merchants maintain compliant networks and systems.


• Reporting for Program Sponsors: Real-time reporting provides acquirers and ISOs the ability to monitor the compliance progress of their merchant populations.


• Compliance Certificate: The Trustwave certificate identifies the measures taken by merchants to validate compliance.
  
  

To facilitate the compliance process for merchants around the world, TrustKeeper 3.0 has multi-lingual capabilities. Trustwave also has compliance call centers in Chicago and Warsaw, Poland, for merchants in need of additional support. The call centers are available 24 x 7 and support English, Spanish, German, French, Swedish, Polish, Flemish, Norwegian and Italian.



“Trustwave worked closely with smaller merchants and acquirers to thoroughly understand their security and compliance needs while developing TrustKeeper 3.0,” says Doug Klotnia, general manager, compliance division. “This new platform provides tools throughout the compliance process to support and facilitate merchant validation and allows program sponsors to effectively manage large-scale programs with added ease and functionality.”



“Smaller merchants often do not have the resources or IT experience to manage their compliance initiatives,” says Robert J. McCullen, chairman and CEO of Trustwave. “Our proprietary technology will facilitate their experience by ensuring that they understand the compliance standard and process, and provide actionable remediation recommendations to manage vulnerabilities and achieve compliance.”



About Trustwave

Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today’s challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations—ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com .





Source: Company press release.

ACI Worldwide to Acquire Essentis

New York, Nov. 17, 2009 -– ACI Worldwide, Inc. (Nasdaq: ACIW), a leading international provider of electronic payments software and solutions, today announced that it has entered into an agreement to acquire Euronet Essentis Limited (Essentis), a division of Euronet Worldwide. Essentis, based in Watford, UK, is a leading provider of payment solutions for card issuing and merchant acquiring around the world. ACI will market the Essentis solutions globally to financial service providers under the ACI brand.



Essentis provides proven card issuing and merchant management products, delivering reliability and scalability to high profile customers internationally. Essentis customers are able to handle large scale projects, with one organization acquiring transactions from more than 350,000 merchants and another organization issuing more than 12 million cards using Essentis products.



Philip Heasley, CEO of ACI Worldwide said, “ACI has a strategy of expanding its offerings and is committed to delivering the best payments solutions to its customers. The acquisition of Essentis continues that tradition. It enriches and deepens our retail banking product portfolio, and adds value and choice for our existing customer base in the back office space. The functionality and agility of Essentis products, which use technology and architecture similar to current ACI products, will enable us to expand our service-oriented architecture solutions.”



Essentis products are multi-platform, and they have been benchmarked on IBM® System z™ to show that they can meet the demands of the largest card issuers and merchant acquirers. This supports ACI’s alliance with IBM and enables the company to continue to offer the best solutions for the market on the platform that is used extensively in banks and payment processors around the world.



Louis Blatt, chief product officer at ACI Worldwide said, “The acquisition of Essentis enables us to combine leading products across the retail banking market and positions us at the forefront of the future of payment systems. The Essentis products will be an important part of ACI Agile Payments Solution™. They are built on an SOA architecture, and will deliver a range of different services that are fundamental to helping financial organizations become truly agile, as well as driving consolidation and operational efficiencies that can give them an essential competitive advantage.”



“This acquisition enables us to deliver comprehensive, market-leading payments solutions to meet changing industry needs. Many banks need to invest in their card and merchant systems to address payments efficiency improvements, to get better direct control over their cardholder and merchant relationships or to meet regional challenges such as SEPA in Europe. Back office solutions, including card issuing and management, are essential to ensuring these projects are effective and profitable,” said Bernard Delahaye, vice president strategy and planning at ACI Worldwide (EMEA).



The acquisition of Essentis is not expected to have any impact upon 2009 financial guidance.



About ACI Worldwide, Inc.

ACI Worldwide is a leading provider of software and services solutions to initiate, manage, secure and operate electronic payments for major banks, retailers and processors around the world. The company enables payment processing, online banking, fraud prevention and detection, and back-office services. ACI solutions provide agility, reliability, manageability and scale, to more than 750 customers in 90 countries. Visit ACI Worldwide at www.aciworldwide.com .



Source: Company press release.

Lower Interchange Would Harm Consumers - GAO

By Peter Eichenbaum - Bloomberg



Nov. 19 (Bloomberg) -- U.S. consumers may not save money and could wind up paying higher credit-card costs if lawmakers force payment networks including Visa Inc. and MasterCard Inc. to cut fees charged to merchants, a government watchdog said.



“Identifying such savings would be difficult,” the Government Accountability Office said in a report today. “Consumers also might face higher card-use costs if issuers raised other fees or interest rates to compensate for lost interchange fee income.”



The report may derail efforts to cut “swipe fees” paid by merchants on each transaction. Wal-Mart Stores Inc. and Target Corp. are among retailers asking Congress to reduce the fees. Bankers have said the current system helps merchants by guaranteeing payment and simplifying record-keeping. Changing the rules may crimp profit at lenders including Citigroup Inc., Bank of America Corp. and JPMorgan Chase & Co.



“From our perspective, it shows that consumers could be harmed,” Trish Wexler, a spokeswoman for the Electronic Payments Coalition, a Washington-based industry group that opposes interchange regulation, said of the report.

Banks use interchange revenue to pay for rewards programs and cover costs from cardholders who default. It’s also a source of revenue; interchange fees totaled $48 billion last year, according to the National Retail Federation, and accounted for 19 percent of revenue for card-issuing banks on the Visa and MasterCard networks, according to trade magazine Cards and Payments.

Continue Reading at Bloomberg

Related articles by Zemanta

• Looks Like Visa/MC Will Win the Interchange Fight... (pindebit.blogspot.com)

Salvation Army Kettles to Accept Credit/Debit Cards This Year

The red Salvation Army kettles will begin appearing outside Triangle stores today, and the fundraising standby comes with a new feature this year.



If you're short on cash, the bell-ringers will accept plastic at four locations.



Shoppers can walk up, swipe their Visa, MasterCard or American Express through a machine attached to one of the tripod's legs, punch in the amount of their donations and collect a receipt.



"With so many people telling us they don't carry cash, we want to make sure that we're not turning people away who may have donated," said spokeswoman Paige Bagwell.



In a year when requests for services have increased 35 percent and donations are down 15 percent, every potential donation matters more, Bagwell said.

Twelve Hacks of Christmas

On the first day of Christmas, my true love gave to me...some "card swipe ability!" 



McAfee, Inc. Warns Consumers about “The Twelve Scams of Christmas,” or Popular Online Attacks This Holiday Season

Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information

SANTA CLARA, Calif.--(BUSINESS WIRE)--As cybercriminals begin to take advantage of the holiday season, McAfee, Inc. (NYSE:MFE) today revealed the “Twelve Scams of Christmas” – the twelve most dangerous online scams that computer users should be cautious of this holiday season. According to Consumer Reports’ 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years, and McAfee warns consumers not to fall victim to the top scams this year.



“Cybercriminals’ use their best schemes during the holidays to steal people’s money, credit card information, social security number and identity,” said Jeff Green, senior vice president of McAfee Labs. “These thieves follow seasonal trends and create holiday-related Web sites, scams and other convincing e-mails that can trick even the most cautious users.”

McAfee’s Twelve Scams of Christmas



Scam I: Charity Phishing Scams – Be Careful Who You Give To

During the holiday season, hackers take advantage of citizens’ generosity by sending e-mails that appear to be from legitimate charitable organizations. In reality, they are fake Web sites designed to steal donations, credit card information and the identities of donors.



Scam II: Fake Invoices from Delivery Services to Steal Your Money

During the holidays, cybercriminals often send fake invoices and delivery notifications appearing to be from Federal Express, UPS or the U.S. Customs Service. They e-mail consumers asking for credit card details to credit back the account, or require users to open an online invoice or customs form to receive the package. Once completed, the person’s information is stolen or malware is automatically installed on their computer.



Scam III: Social Networking – A Cybercriminal “Wants to be Your Friend”

Cybercriminals take advantage of this social time of the year by sending authentic-looking “New Friend Request” e-mails from social networking sites. Internet users should beware that clicking on links in these e-mails can automatically install malware on computers and steal personal information.



Scam IV: The Dangers of Holiday E-Cards

Cyber thieves cash in on consumers who send holiday e-cards in an effort to be environmentally conscious. Last holiday season, McAfee Labs discovered a worm masked as Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions. Holiday-themed PowerPoint e-mail attachments are also popular among cybercriminals. Be careful what you click on.

Scam V: “Luxury” Holiday Jewelry Comes at a High Price

McAfee Labs recently uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering “discounted” luxury gifts from Cartier, Gucci, and Tag Heuer. Cybercriminals even use fraudulent logos of the Better Business Bureau to trick shoppers into buying products they never receive.

Scam VI: Practice Safe Holiday Shopping – Online Identity Theft on the Rise

Forrester Research Inc. predicts online holiday sales will increase this year, as more bargain hunters turn to the Web for deals. While users shop and surf on open hotspots, hackers can spy on their activity in an attempt to steal their personal information. McAfee tells users never to shop online from a public computer or on an open Wi-Fi network.



Scam VII: Christmas Carol Lyrics Can Be Dangerous – Risky Holiday Searches

During the holidays, hackers create fraudulent holiday-related Web sites for people searching for a holiday ringtone or wallpaper, Christmas carol lyrics or a festive screensaver. Downloading holiday-themed files may infect one’s computer with spyware, adware or other malware. McAfee found one Christmas carol download site that led searchers to adware, spyware and other potentially unwanted programs.



Scam VIII: Out of Work – Job-Related E-mail Scams

The U.S. unemployment rate recently spiked to 10.2 per cent, the highest level since 1983. Scammers are preying on desperate job-seekers in the poor economy, with the promise of high-paying jobs and work-from-home moneymaking opportunities. Once interested persons submit their information and pay their “set-up” fee, hackers steal their money instead of following through on the promised employment opportunity.



Scam IX: Outbidding for Crime – Auction Site Fraud

Scammers often lurk on auction sites during the holiday season. Buyers should beware of auction deals that appear too good to be true, because often times these purchases never reach their new owner.



Scam X: Password Stealing Scams

Password theft is rampant during the holidays, as thieves use low-cost tools to uncover a person’s password and send out malware to record keystrokes, called keylogging. Once criminals have access to one or more passwords, they gain vast access to consumers’ bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user’s account to their contacts.



Scam XI: E-Mail Banking Scams

Cybercriminals trick consumers into divulging their bank details by sending official-looking e-mails from financial institutions. They ask users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply. Then they often sell this information through an underground online black market.

McAfee Labs believes cybercriminals are more actively scamming consumers with this tactic during the holidays since people are monitoring their purchases closely.



Scam XII: Your Files for Ransom – Ransomware Scams

Hackers gain control of people’s computers through several of these holiday scams. They then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer holds the user’s files ransom by demanding payment in exchange for getting them back.

Related articles by Zemanta

• Senators blast Web sites for scamming shoppers (seattletimes.nwsource.com)


• Senators blast Web sites for scamming shoppers (sfgate.com)


• Cyber Crime: Unwelcome, Underground and Highly Successful (amog.com)

NovoPayment Awarded MasterCard Principal Member Status

MIAMI--(BUSINESS WIRE)--NovoPayment, Inc., Latin America’s leading prepaid program manager and service provider and parent company of Tebca and Servitebca, announced today that it has been granted a Principal Member license by MasterCard Worldwide for the issuance of MasterCard prepaid cards in the region, making it MasterCard’s first non-traditional institution in Latin America to receive the designation.



The announcement marks another milestone for NovoPayment, which was also first to issue Maestro/MasterCard branded prepaid open-loop cards to replace paper food and meal vouchers in Mexico, Venezuela and Peru, among other achievements. The license will allow NovoPayment to issue MasterCard payment cards directly. Nonetheless, the company plans to continue to work closely with existing and future bank partners, which it sees as key to the industry’s development.



“We are very pleased to be among the few privileged companies in the world to receive the Principal Member designation, not only because it will allow us to be more swift in deploying new programs and exploring new markets, but also for the recognition from a leader such as MasterCard and our fellow 2,400 members worldwide,” said Anabel Perez, president, CEO and co-founder of NovoPayment.



Founded in 2004, NovoPayment has quickly amassed the largest branded prepaid portfolio of any non-bank in Latin America, with multi-country programs in the areas of electronic benefits (EBT) such as meal and food vouchers branded Bonus® and Provis®, corporate cash management (fuel, payroll, incentives) and general-purpose reloadable cards (GPR) for growing unbanked and underserved market branded Plata®, as well as various prepaid programs targeted to mobile and pay TV operators, utilities, banks and retailers. The company, headquartered in Miami, Florida, operates in Mexico, Venezuela, Peru and Colombia under its subsidiaries Tebca and Servitebca.



About NovoPayment

NovoPayment® Inc., is Latin America’s premier prepaid card service provider and program manager, providing general purpose payments solutions for the region’s unbanked, as well as Electronic Benefits Transfer (EBT), payroll, incentive, cash management, fuel, mall and gift cards and other payments solutions for banks, utilities, telecommunications companies and government agencies. The company currently has more than 180 employees and more than 6,500 corporate clients. With a presence in Miami, Florida; Venezuela, Peru, Mexico and Colombia, NovoPayment’s portfolio includes more than 960,000 branded active cards (MasterCard®, Maestro®, Visa®, Visa Electron®), representing more than 30 million transactions and approximately $620 million annually. Among its accomplishments are the first pre-paid general purpose card in Latin America not to require a bank account and the first mobile P2P (Peer-to-Peer) funds transfer platform using SMS (short message service). For more information, visit www.novopayment.com.

MasterCard's Mobile Chip and PIN Displays

Here is a snippet from and article published in Evan Schuman's StorefrontBacktalk.  The piece talks about how MasterCard is trying to authenticate card not present transactions via mobile devices with "single use passwords" or "one-time-passwords" which have already been found to be vulnerable to real-time keyloggers.  Here's a couple paragraphs and some more info on real-time keylogging...

For regions where chip-and-PIN payment cards are popular, primarily Europe (and definitely not the U.S.), MasterCard is doing something that could boost Mobile Commerce: Users of both regular cell phones and Java-enabled smartphones can now get payment passwords displayed on their devices.

“This is interesting in that it’s the first public announcement I’ve seen, at least from a major player, to leverage the mobile phone to secure a card-based transaction,” said payments expert Todd Ablowitz, president of Double Diamond Group. “Of course, the question, as always, is about adoption. Can MasterCard and the other players looking to secure card-not-present (CNP) transactions get merchant and consumer adoption? How long will it take? No doubt there is a high level of fraud in CNP transactions, especially as related to card-present transactions, but will this be the solution? It remains to be seen. In the payments industry, that can take a long time to play out.”

MasterCard is offering two types of the new mobile Chip Authentication Program (CAP), an SMS version and a downloadable app for smartphones. Both options present single-use passwords in a fashion similar to the home-based card readers usually supplied to consumers by banks to authenticate card-not-present transactions.

(Editor's Note: Those One-Time-Passwords have been proven to be susceptible to real-time keylogging programs.  One step forward, two steps back...)  See:Real Time Keylogging Makes OTP Log-In Obsolete





Continue Reading at StorefrontBacktalk.com

More on Real-Time Key Logging: 



The NY Times had a story and a blog backgrounder focusing on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time. The capability came to light in a court filing (PDF) by Project Honey Pot against "John Doe" thieves. The case was filed in order to compel the banks — which are almost as secretive as the cyber-crooks — to reveal information such as IP addresses that could lead back to the miscreants. Or at least allow victims to be notified.



Real-time keyloggers were first discovered in the wild last year, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted:



"By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula. If [your] computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see."

advertisement

---

1. Tom Mahoney Says:
   
   November 19th, 2009 at 12:11 am Just what we all need, another big security hole for the bad guys to get into.
   
   
   
   


2. Mike Lyons Says:
   
   November 19th, 2009 at 10:14 am I concur Mr. Mahoney. Any safeguards in place to prevent money laundering through virtual bank accounts and unlicensed money remitters?
   
   
   
   

Related articles by Zemanta

• MasterCard Launches its Authentication Program for Mobile Devices (pindebit.blogspot.com)

Fiserv Announces Credit Union Client Conference - Innovate 2010

Fiserv, Inc., the leading global provider of financial services technology solutions, and the largest provider of business-driven technology solutions for credit unions, today announced that Innovate 2010, the second annual conference for all Fiserv credit union account processing clients, will be held September 13-17 at The Venetian in Las Vegas.

Fiserv Announces Credit Union Client Conference - Innovate 2010



Second annual conference for all Fiserv credit union account processing clients to be held in Las Vegas, September 13th-17th



Brookfield, Wis., November 19, 2009 - PIN Payments News Blog -  Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, and the largest provider of business-driven technology solutions for credit unions, today announced that Innovate 2010, the second annual conference for all Fiserv credit union account processing clients, will be held September 13-17 at The Venetian in Las Vegas, Nev.



Fiserv held its first conference for all Fiserv credit union account processing clients August 24-27, 2009 in Nashville, Tenn. at the Gaylord Opryland resort. Nearly 1,500 attended the event where the company delivered 200 hours of product training, demonstrations of new capabilities and thought-leadership classes. The Innovate 2009 Tech Expo showcased more than 75 exhibits, reinforcing the depth and breadth of the Fiserv credit union solutions portfolio and related business partners. 



"Fiserv is looking forward to hosting another world-class credit union-focused conference in 2010," said Sara L. Brooks, senior vice president strategy, marketing and offerings development. "Bringing together all of our credit union clients face-to-face for the first time this year was significant for our organization and for the clients we serve, and provided tangible evidence of what it means to be 'One Fiserv.' The combined impact and scope of having a single organization focused on the needs of credit unions was evident and we look forward to an exciting line-up of speakers and sessions in 2010."



About Fiserv

Fiserv, Inc. (NASDAQ: FISV) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.



#  #  #

Related articles by Zemanta

• Building on Experience, Fiserv Sharpens Focus on Online Business Banking (pindebit.blogspot.com)


• Fiserv Launches New ACH Onboarding Solution (pindebit.blogspot.com)


• Fiserv Ranks First in North America, Fifth Overall, in Chartis' RiskTech100 Report on Global Risk Technology Providers (pindebit.blogspot.com)


• Fiserv Launches Acumen: New Account Processing Solution for Credit Unions (pindebit.blogspot.com)


• Fiserv Examines Mutual Fund Advisory for Retirement in New White Paper (pindebit.blogspot.com)


• Fiserv Signs More Than 200 Credit Union Renewal Agreements (pindebit.blogspot.com)


• Banking Technology Readers Name Fiserv 'Best Financial Crime Prevention Supplier' (pindebit.blogspot.com)

Another Major Credit Card Security Breach Feared

Credit card security breach fear



Reports are being investigated of a major credit card scam in Spain.

According to the BBC, anyone who used a Visa or Mastercard credit card when in Spain may have had their card data compromised.

In Germany, as many as 100,000 cards are reportedly being recalled. UK customers will be contacted directly if they are thought to be at risk.

Card holders are being assured that they will be protected against this type of fraud, but are being advised to check their statements.  Spanish police are investigating a credit card processing company which is believed to be at the centre of the scam.



In a statement, Visa Europe confirmed that "it is aware of a possible card data security issue in Spain. No details are yet confirmed, but we do not believe that the issue is specific to Visa."   Both Visa and Mastercard say their systems have not been compromised. The problem appears to be somewhere in the payment chain. 



From the Associated Press:

Suspected credit card fraud warning

(UKPA) – 2 hours ago

Consumers are being warned to check their credit card statements after a suspected card fraud was uncovered in Spain. Spanish police are understood to be investigating a credit card processing company believed to be at the centre of the scam.



Thousands of cards that may have been compromised have already been re-called in Germany, and it is thought that any consumer who has had a payment processed by the Spanish company could be at risk, not just those who have used their cards in Spain.  But card providers sought to reassure consumers that they would not lose any money if they were the innocent victims of fraud.



Cardholders who are worried their details may have been compromised are being advised to keep a close eye on their account and report any unexpected transactions.



A Visa Europe spokesman said: "We cannot comment on the detail of specific investigations but Visa Europe is aware of a possible card data security issue in Spain.  "No details are yet confirmed, but we do not believe that the issue is specific to Visa.



"As is normal in these circumstances, we have contacted a number of our member banks to make them aware of the situation and some may decide to take action as a precautionary measure.



"In instances like this, our role is to support on-going investigations and to share the outcome with our member banks who can then act to protect cardholders."A MasterCard spokesman said the group was "monitoring developments" to find out the extent to which card account data had been placed at risk. He stressed that MasterCard's own systems had not been compromised

Related articles by Zemanta

• Credit card security breach fear (news.bbc.co.uk)


• Germany in 'credit card recall' (news.bbc.co.uk)


• What "Type" of Problems Can HomeATM Solve? (pindebit.blogspot.com)

Entrust President and CEO Bill Conner to Address Evolving Fraud Threats at Bank Forum

At BBS Paris 'Bank Forum,' layered security approach recommended to defend against malware



DALLAS, Nov. 18 /PIN Payments News Blog/ -- As advanced malware and man-in-the-browser attacks continue to cause havoc to online-banking channels in 2009, innovative solutions are available to help curb online fraud losses and enhance consumer trust. During Thursday's BBS Bank Forum in Paris, Entrust President and CEO Bill Conner will outline why today's elite banks and financial institutions must implement a strategic shift in policy to avoid being victimized in the new threat landscape of 2009 and beyond.



"Today's sophisticated fraud groups can employ any number of attack techniques -- man-in-the-browser, keyloggers, DNS poisoning and more -- to exploit all channels of banking communication, not just online," said Conner. "The goal is to implement a fundamental change to integrate the use of strong authentication and zero-touch fraud detection solutions that can adapt quickly and defend online fraud in real-time."



The BBS Paris Bank Forum will feature today's top executives from the Nordic banking industry who will converge to discuss a range of topics, including the impact of the financial crisis on the industry, card payment systems and electronic security. BBS plays an active role in the development of global banking standards and has led a number of workgroups at the European Committee for Banking Standards (ECBS) and Mobey Forum on mobile authentication, payments and financial services ecosystems.



Conner's presentation, "Evolution of Cybersecurity Threats for the Banking Industry," will demonstrate how today's threat landscape is rapidly changing to attack multiple access points, including online channels, mobile applications, call centers and automated voice response (AVR) systems.



According to the Anti-Phishing Working Group (APWG), more than 49,000 phishing sites were detected in June 2009 alone. That's the second-highest total on record since the organization was founded in 2003. The group's first-half 2009 Phishing Activity Trends Report also found that 1,676 brands were hijacked via phishing campaigns. A trend, according to APWG, that signifies that online fraudsters are expanding the kind and numbers of brands they target.(1)



Entrust currently provides security solutions to seven of the top-10 global financial institutions. Entrust IdentityGuard, combined with Entrust TransactionGuard's real-time, zero-touch fraud detection capabilities, provides a true integrated consumer authentication and fraud detection solution for financial institutions.



Owned by Nordic banks, BBS is a leading provider of electronic security, payment and information services. Established in 1972, BBS has successfully delivered multitudes of efficient payment services of national critical importance to Norway. In 2008, BBS had a turnover of NOK 1.7 billion. Headquartered in Oslo, BBS has, after the acquisition of Sagem Denmark and Sagem Manison Finland in June 2009, more than 1,000 employees in offices in Norway, Sweden, Denmark and Finland.

About Entrust

Entrust provides trusted solutions that secure digital identities and information for enterprises and governments in 2,000 organizations spanning 60 countries. Offering trusted security for less, Entrust solutions represent the right balance between affordability, expertise and service. These include SSL, strong authentication, fraud detection, digital certificates and PKI. For information, call 888-690-2424, e-mail entrust@entrust.com or visit www.entrust.com.



<p>(1) "Phishing Activity Trends Report," Anti-Phishing Working Group (APWG), July 2009. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.



SOURCE Entrust

Related articles by Zemanta

• Entrust President and CEO Bill Conner to Address Evolving Fraud Threats at Bank Forum (newswire.ca)


• Online Banking Provide Opportunity to Rebuild Trust Between Banks and Consumers, Says MasterCard CFO (pindebit.blogspot.com)

Paradigm Shifting Towards Hardware for Security

DarkReading



Startup Promises 'Disruptive,' Hardware-Based Endpoint Security Solution InZero box creates 'sandbox' that quarantines malware from PC, inventors say



Nov 17, 2009 | 04:57 PM By Tim Wilson

DarkReading



A startup company today launched a new hardware device that promises to prevent malware and viruses from ever entering the computer it protects.



The InZero Secure PC is essentially two computers in one: a standard computing module and a secure "InZero Gateway" module, the company says. The InZero Gateway module is directly connected to the Internet, isolating and hosting potentially dangerous network applications while transferring files to and from the computing module, which is permanently offline.



"Clearly, current software-based approaches to security are not working," says General Wesley Clark, chairman of the advisory board for InZero. "We believe this hardware approach is a new, disruptive solution."



"Essentially, it's a hardware 'sandbox' -- a strictly-enforced, hardware isolation mechanism" that separates the computer from its primary source of infection -- the Internet, says Phil Zimmerman, creator of PGP and an expert on data security and encryption, who has reviewed the technology and appeared at the announcement event.



"In effect, InZero's approach is not trying to understand malware, but instead to create an environment where malware cannot execute," the startup says.



Because the hardware is essentially a dedicated device without a traditional OS or applications, the malware it receives is rendered inert, InZero says. It can neither execute on the PC nor promulgate to other PCs. And because the hardware requires file transfer, it can be configured to prevent internal employees from executing tasks that are against corporate policy, says Lou Hughes, chairman and CEO of InZero.



The device is initially being targeted toward enterprises that have a business need for strong endpoint security, but the company hopes to eventually broaden its user base to include all types of enterprises and even consumers, officials said.



The device is priced at $50 to $80 per month, which includes updates, InZero says. "For about the price of a BlackBerry, you can go anywhere you want on the Internet without fear," Hughes said.



Adam Hils, principal research analyst at Gartner, who also appeared at the announcement, says InZero's technology is sound, but the startup's go-to-market strategy has yet to be proved.



"This product will start to get traction with the security elite, and it will probably be there for two or three years before it enters the mainstream," Hils said. "Once it enters that phase, then it can move on to the consumers."



The details on how the product works were a bit sketchy -- InZero requires reviewers to sign a nondisclosure agreement before getting the full product overview. Zimmerman says InZero might be protecting itself against competitors, but that the company could "publish the full architecture of the device, and it still wouldn't really help hackers to break it."



Press Release