Friday, October 17, 2008

11 Arrested in London DarkMarket Bust

Finextra: Police bust cyber fraud ring
Police bust cyber fraud ring

An online criminal forum that was used by thousands of fraudsters to buy and sell stolen credit card and bank details has been shut down following a two year FBI-led undercover operation.

The Dark Market site was used by cyber criminals around the world to buy and sell credit card data, user names and passwords, as well as equipment for carrying out financial crimes. The FBI - which shut the site down earlier this month - says at its peak Dark Market had over 2500 registered members.

The FBI infiltrated the forum, gathering intelligence on leading criminals before teaming with other agencies to identify the fraudsters.  Around 56 people have been arrested following co-ordinated raids carried out in the US, Germany, Turkey and the UK.

Britain's Serious Organised Crime Agency (Soca) arrested 11 people in London, Manchester and Leicester as part of the investigation into the Dark Market Web site.

Soca says sites like Dark Market are closely guarded and inaccessible to most Web users as they operate on an exclusive membership basis and by invitation only. The sites use breaking-news style updates on the latest compromised personal information.

Sharon Lemon, deputy director, e-crime, Soca says the people involved in this kind of activity are not technical experts but "thieves with keyboards".  "They have a certain arrogance - they think they are untouchable," she says.

"The message today is that no-one should feel confident that these forums are a secure place to operate," adds Lemon. "While some suspects remain at large in the UK and overseas, Soca and its partners will continue to identify these individuals and bring them to justice."  Soca says further arrests are expected both in the UK and abroad as the investigation continues.

The operation against the Dark Market forum also prevented $70 million in losses through the seizure of compromised victim accounts, says the FBI.

Says Shawn Henry, assistant director, cyber division, FBI: "In today's world of rapidly expanding technology, where cyber crimes are perpetrated instantly from anywhere in the world, law enforcement needs to be flexible and creative in our efforts to target these criminals.

"Leads in many of these investigations take us to the online world of Internet forums, where criminals go to engage in the business of selling and trading innocent person's credit card numbers and other personal information."

Henry says the arrests "are a good demonstration of the coordination taking place today between the FBI, the Serious Organised Crime Agency, and other law enforcement agencies around the globe".

Reblog this post [with Zemanta]

Forbes on Visa and Payments - Magazine Article
On The Cover/Top Stories
Hard Charger
Stephane Fitch 10.27.08

Visa is bulletproof to bad credit but not to new rivals and new ways to pay. That leaves boss Joe Saunders to revamp a business built on plastic or go the way of the rabbit ears antenna

The Dharavi slum in Mumbai is one of India’s most overcrowded and desperately poor places. On the northern edge of this sea of humanity and corrugated tin shacks stands a sign of hope: A row of leather shops is thriving by custommaking virtually any bag a customer desires. Inside Star Bags, Ehsan Ansari is doing such a brisk business that three months ago he began accepting Visa cards.

“Everywhere you want to be,” is how the world’s top purveyor of plastic has long touted itself. The notion rings true, even in India, where 71 million citizens can now swipe their Visa cards at a half-million outlets. Yet they tend to do so as a last resort rather than as a first choice. That’s because most shops accept plastic only grudgingly.

Star Bags’ Ansari does so only after tacking onto his price Visa’s 2% fee, plus 12.5% in sales tax he’d dodge on a cash sale. The story is much the same throughout the Third World. People who want to pay electronically are much less likely to whip out plastic than a mobile phone, which allows them to swap money or prepaid talk minutes, free of taxes and bank fees.

Finding a way to persuade 4 billion developing-world consumers to make their cards the centerpiece of their payment habits is only one of the items on the to-do list of Joseph Saunders, Visa’s new chief executive. Saunders, 62, is an industry warhorse who stumbled into his job ten months ahead of Visa’s March public offering. Rather than easing in, Saunders has been confronted with the need to answer a more pressing question than any his predecessors faced: What is the future of money, and does the world’s reigning king of consumer credit have a place in it?

Although most of the action is still going on behind the scenes, the rules are changing radically for how consumers will pay for things even a few years down the road—at home at least as fast as abroad. No player is as at risk as much as Visa. The U.S. accounted for 58% of its $4.6 billion in sales in the nine months through June and perhaps 75% of its $1.2 billion in profits. Yet the firm now faces a horde of rivals jumping the moats that once gave it a virtually unassailable position on its home turf.

Until Visa’s public offering, big banks were both its owners and closest allies. Now they’re in cahoots with Visa’s fiercest competitors, issuing cards for the likes of American Express and Discover, for big retailers launching a new generation of plastic and for insurgents like RevolutionMoney.

The attacks are supported by game-changing technologies, too. In the days of yore, competition was restrained partly by the limit on how many pieces of plastic Americans could stuff into their billfolds. Now microchips no bigger than a postage stamp are starting to serve the same function and can be stuck to wallets and cell phones by the dozen. E-payment innovators like PayPal and Bill Me Later, meanwhile, are expanding from Internet beachheads into traditional merchandising. And then there are the lawyers, attacking Visa for everything from allegedly usurious fees to anticompetitive practices.

Through it all Saunders talks a good game. “More and more people think they can fit in this business,” he concedes. “But in the U.S. we’ll be involved in mobile phone technology and make it more secure and simple to use a Visa account on the Internet. Elsewhere, if we close on 10% or 15% of the opportunity, we’ll double or triple in size.”

Visa is a formidable incumbent. The San Francisco-based firm started out as Bank of America’s in-house BankAmericard in 1958 and grew in California by offering consumers revolving credit. Bank of America expanded the brand nationally by franchising it to other banks. It was renamed Visa in 1976. Visa competed neck and neck with MasterCard until it pulled away after the marketing coup that came with being the exclusive plastic of the 1988 Seoul Olympics.

After Visa built a lead, the then chief executive Carl Pascarella boasted to FORBES in 2002 that his brand would double annual volume to 42 billion transactions by 2007. As he set to the task, the banks that collectively owned Visa put aside their parochial squabbles long enough to upgrade its capacity threefold in 2006 to handle 12,000 transactions a second. No sooner was that fire out than a decade-old legal battle with Wal-Mart and other big retailers climaxed. Visa and MasterCard agreed to slice fees they and their bank issuers charge on debit cards by 30% and shelled out billions in payments.

In the end, Visa exceeded Pascarella’s projections by 20%, handling 50 billion transactions worth $3.8 trillion last year. Yet it was something of a pyrrhic victory. Visa’s legal settlement virtually wiped its balance sheet of equity, and MasterCard positioned itself to recapitalize quicker by going public.

Visa’s regional boards decided to follow MasterCard’s lead by going public, too. Saunders, a lanky Chicago native who hangs Cubs memorabilia over his desk in San Francisco, has spent 30 years pushing plastic. He built Household International’s operation almost from scratch into a $30 billion (receivables outstanding) business. He moved in 2001 to moneylosing Providian Financial, a credit card issuer that he steered back to profitability and through a 2005 sale for $6.5 billion to Washington Mutual. While running the business for WaMu, Saunders took on a Visa committee search for a new chief executive and was eventually asked if he would be willing to skip his planned retirement and take the job himself.

“You couldn’t in a million years say ‘no’ if you have a competitive bone in your body,” he says.

Although it’s often compared with banks, Visa operates more like a switchboard, connecting millions of disparate players through its network. For each $100 a consumer spends with a Visa card, merchants cough up $2.10 in fees. The card-issuing bank pockets $1.75 and Visa about 17 cents for marketing and transaction processing. The rest goes to the merchant’s bank.

Wall Street loves the model and Visa’s dominance of it. With 1.6 billion cards in circulation, Visa towers over MasterCard, with 900 million cards out, and American Express, with 90 million. At a recent $57, Visa’s stock is up 30% from its March debut. That puts it at 42 times earnings in the year through June, which dwarfs Google’s multiple of 25. Its lofty valuation makes Visa, with a $48 billion market value, worth more than AmEx, which boasts multiple business lines and several times the revenue, income and head count.
Visa’s strategy is “growth, growth and more growth,” according to UBS analyst Adam Frisch, one in the army of analysts bullish on the firm. Frisch and others on Wall Street are counting on Saunders to keep Visa’s fee revenues growing 12% and earnings 20% annually well into the future.

Coming through would be no small feat. True, Visa is a rare island of calm amid the raging financial storm. No matter how many consumers default on Visa cards, the banks that issued them will eat the losses while Visa pockets processing fees. Safe from poor-quality credit, Visa is nevertheless highly dependent on the quantity of spending. That’s especially true in its biggest market, the U.S., where consumers are, by choice or necessity, ceasing to be the spendthrifts they once were.

Even as Saunders grapples with a receding economic tide, the competitive landscape around him is becoming more hostile. Until recently, rolling out a competing card was a daunting task. When Sears, Roebuck & Co. tried to do it with the Discover Card in 1986, banks’ agreements with Visa and MasterCard banned them from helping out. That forced Sears, Roebuck to itself send out Discover Cards to 22 million Sears cardholders, field thousands of salesmen to sign up retailers and install new data lines and payment gear at each point of sale. “You’d never have to do it the same way now,” says Tom E. Dailey, who ran Discover for Morgan Stanley.

Since 2001 the U.S. card payment processing business has come under the control of four companies, the largest of which is not a bank and has no interest in protecting Saunders’ franchise. First Data is run by Michael Capellas, the quirky former chief executive of computer maker Compaq and telecom outfit MCI in its post-WorldCom incarnation. Capellas’ Denver outfit handled 30 billion card transactions, with a value of $1.5 trillion last year, giving it a 50% share of the processing market. Three-quarters of the nation’s top 100 retailers rely on First Data to process payments.

What’s more, a quarter of the terminals in the 1.1 million stores First Data serves are remotely programmable—meaning they can be tweaked to accept new cards with a few keystrokes. When First Data snatches away the processing work on a $100 charge swiped on a Visa card, Visa still gets a 17-cent royalty for connecting First Data to the card-issuing bank; First Data gets 17 to 20 cents.

“Old-line payment networks like Visa still have a wealth of advantages, but they’ll have to innovate or die,” says James Van Dyke, founder of credit card analysis firm Javelin Strategy & Research.

First Data’s Capellas has been pushing merchants like Starbucks and Best Buy to expand prepaid and store-card operations. Capellas has been showing off a sticker embedded with a so-called near-field communication chip—a stamp-size gizmo that replaces a plastic card. More than 35,000 retail outlets can already accept the chips. Industry analysts expect Capellas eventually to go one step further and launch a new brand and payment network that competes head-to-head with Visa and MasterCard.

“We’ve traditionally been in the business of cooperating with [Visa], but you know, it’s a strategic question that comes up now and then,” says a coy Capellas.

“First Data tried to go around us before, and it didn’t work,” snarls Saunders. “They’re perfectly capable of issuing and processing private-label cards, doing it within their system and never coming near Visa.”

Among new rivals is RevolutionMoney. Since February it Chase Paymentech, Fifth Third Bank and WorldPay. What makes RevolutionMoney such a threat: It charges merchants only 0.5% of transaction value—75% less than they fork over to Visa and MasterCard.

RevolutionMoney expects that by year’s end its cards will be accepted in a million stores, including Wal-Mart and Macy’s, that account for more than 70% of chain store sales. Jason Hogg, its 37-year-old chief executive, hopes to strike a deal with First Data by December to further consolidate the card’s reach.

“I don’t need to bang on doors like Discover did for 20 years and lay fiber to stores to accept my cards,” says Hogg, whose father, Russell, ran MasterCard in the 1980s.

The real challenge for Hogg, and other upstarts, will be persuading banks—the primary beneficiaries of those lush Visa and MasterCard fees—to issue its cards. So far, First Bank & Trust of Brookings, S.D. is the only taker. Hogg says he’s nearing a pact with a big credit-card-issuing bank, however, that he boasts will render RevolutionCard the biggest thing since Discover (which currently has 50 million cards in circulation). One possible partner: Citigroup, which invested in RevolutionMoney. A Citi spokesman declined comment.

Meanwhile, Hogg has persuaded merchants to do some of the card-issuing work for him. Murphy Oil, which runs gas stations at 1,000 Wal-Marts, is offering a 3-cent-a-gallon discount to customers who pay with the RevolutionCard. Hogg hopes such incentives will get consumers to ask for his card.

One convert is Steve Case. The former AOL boss invested $10 million in RevolutionMoney last year, figuring high card fees represent a $60 billion annual “tax” on consumers.

“There’s an opportunity to use new technology and a fresh approach,” Case says. “The credit card industry is an oligopoly, and there hasn’t been much innovation in decades. RevolutionMoney is being driven by a groundswell of merchant dissatisfaction.”

Visa’s greatest threat may be changes in its bank ties. Institutions that once jealously protected it are now backing rivals. Citibank and Bank of America now offer American Express cards, the result of an antitrust lawsuit AmEx won against Visa and MasterCard in 2005. The bank-issued AmEx cards pay higher rewards than does the Visa Signature card, which is aimed at clients with household incomes above $125,000.

Some industry analysts believe Bank of America, Chase and Citigroup are considering buying Discover or starting rival payment networks. “I think it’s probably a matter of time before Bank of America revives the BankAmericard to compete directly with Visa,” says former Discover chief Dailey. Bank of America declined comment.

Even if Visa’s would-be rivals fail to gain traction, they’re adding to grousing by merchants and bankers that Visa overcharges for running ads and data centers—a claim that has been stoked by fee hikes of up to 30% in its fees since last year.

“If they [Visa] don’t keep delivering the products, I’ll go after them on pricing,” says Richard Davis, chief executive of U.S. Bancorp.

With Americans already packing an average of five charge cards, Saunders has been appealing to bankers like Davis by making his plastic smarter and thus more valuable in attracting customers. With security a growing concern, especially amid the rise of debit cards,which thieves can use to drain customer accounts, Visa has begun offering a cell phone message service to notify users when their (or their teenager’s) card is used. Cardholders can quickly call their bank and reject crooked transactions.

On the promotional front Visa has linked up 100 million Signature and Rewards accounts to receive merchant mailers. It will begin signing up the lower number of actual customers in the program (it won’t say how many there are) to receive coupons via mobile phones by year’s end.

Saunders is also going after the corporate market, long an AmEx stronghold. It throws in only 12% of Visa’s transaction volume but is growing 20% a year. U.S. Bancorp’s Davis is pushing Visa cards to corporate clients to keep tabs on spending. The cards can apprise, say, a car parts distributor when a salesman uses its card for smokes or girlie magazines rather than gas and meals. U.S. Bancorp can find out if a trucking client’s drivers are heavy users of, say, Texaco stations and work out discounts when the gasoline retailer’s diesel is charged to the bank’s Visa cards.

“The payments business is about moving money more transparently,” says Davis. “Nobody’s got the depth and technology that Visa has for that.”

When and how Visa unshackles customers from their wad of plastic is a tricky question—politically at least as much as technologically. Zapping money to a cabbie or babysitter via cell phone is technologically within reach, but Visa’s bank partners fear such transactions could cut them out of the fee flow. Other prickly issues include how to brand the service—Visa or Citibank—and what fee the cell networks will receive. Saunders just cut a deal that will enable users of Google’s much-anticipated Android cell phone to download Visa software this winter and begin replacing their credit cards early next year.

Visa’s e-commerce glass, meantime, is at best half-full. It directly captured nearly half the $164 billion in U.S. online spending last year. Another $31 billion went through PayPal, with card issuers earning fees on half that amount. Now PayPal is expanding beyond Internet strongholds. Airlines, including Southwest and Continental, already accept its payments.

With competition heating up in the U.S., Saunders is determined to expand abroad, where his main rival is still cash. In the U.S. one-third of the $9.7 trillion in consumer spending goes through credit and debit cards (Visa handles 48% of the card action and 18% of the total). In Asia, the Middle East, Central and South America and eastern Europe, less than 10% of the $9 trillion in annual consumer spending involves plastic.

During the decades Visa was bank-owned, its six regional associations squabbled over international expansion and failed to make much headway. Now that it’s public, Saunders faces a huge opportunity, as well as huge obstacles.

Merchants in many markets resent the fees American credit card giants exact. Australian retailers persuaded regulators in 2005 to force card issuers to cut fees nearly in half to around 1%. European Union regulators are considering similar cuts.

In China Visa faces protectionist party cadres. Despite its high-profile sponsorship of the Beijing Olympics, Visa has been virtually shut out in favor of government-backed China UnionPay. A Visa knockoff, it connects 14 Chinese banks. Visa gets second billing on most China UnionPay cards and gets fees when cardholders travel abroad. “There are severe limitations on what we can do,” Saunders says delicately.

In other developing markets Saunders’ challenge is to adapt his product to societies where both bank accounts and the concept of living on credit are foreign. In Brazil the number of cards in circulation has been growing 15% a year to 266 million, and Visa claims two-thirds of the market. Unfortunately the cards are used mostly to withdraw cash from ATMs; monthly retailer volume averages a piddling $40 per card.

Visa did persuade Brazil to replace $2.6 billion in food vouchers with prepaid cards in 2007. It has also embedded cards with chips for use at toll plazas. Its PassFirst lets Brazilians swipe cards, rather than use paper tickets, at stadiums and theaters.

The Dominican Republic is using Visa cards to distribute aid. The 800,000 Solidaridad prepaid cards entitle the poor to $10 to $20 in monthly assistance. The government expects to expand the operation to 1 million recipients and $300 million in aid next year.

Given its openness and size, India is perhaps Visa’s most fertile foreign test bed. Saunders believes the real opportunity lies with the 350 million middle-class Indians earning between $2 and $12 a day. Since few have computers or bank accounts, he hopes to capitalize on the Indian obsession with mobile phones; there are 305 million in use, and the figure is growing by 5 million a month.

Visa India has launched a version of electronic bill payment for mobile phones. It will roll out a service this fall, so any Indian with a mobile phone and a Visa card can transfer funds domestically to any other Visa cardholder for a 2% fee (to be split by the card-issuing bank, mobile phone vendor and Visa).

Saunders thinks it’s such a good idea, he plans to launch a similar service in the U.S. by the end of the year. Getting big banks to come on board and consumers to turn the service into a mainstay sums up the broader challenge faced by Saunders and Visa: find ways to make the best payment options work around the world and dominate the future of electronic payments, or leave the dominating to rivals.
Reblog this post [with Zemanta]

Canada Keeps Fighting to Change Interchange

Editor's Note:  This is the third time I've posted about Retail Council of Canada's "Stop Sticking it To Us" campaign.  They certainly are an incessant group getting a lot of publicity for their cause.  Here's the latest attack on V/MC as reported by the Business Edge in Ontario:

Coalition seeks lower price for credit-card services

Merchants say big card companies are stacking deck with 'hidden' fees

By Laura Severs - Business Edge
Published: 10/17/2008 - Vol. 4, No. 21

The cost of using credit cards is getting more pricey than priceless, according to Canadian merchants, who claim Visa Canada and MasterCard Canada are engaging in a cash grab.

Business associations across Canada have banded together in a coalition to fight what they call "hidden fees" that are coming out of their pockets.

Interchange fees - the percentage of each transaction that Visa and MasterCard collect from merchants every time a credit or debit card is used to pay for a purchase - cost Canadians $4.5 billion last year, says Derek Nighbor, senior vice-president of national affairs for the Toronto-based Retail Council of Canada (RCC).

"This is one issue where retailers and consumers are on the same page," says Nighbor, whose group is leading the charge behind the new "Stop Sticking It To Us" campaign.

The coalition includes 16 groups, including the Canadian Convenience Stores Association, the Canadian Jewellers Association, the Hotel Association of Canada and the British Columbia Restaurant and Foodservices Association.

Nighbor says retailers, restaurants and charities believe they should be paying a price for credit-card services, "but it has to be a fair price."

The coalition says its members are paying to prop up other services offered by Visa and MasterCard to consumers, such as loyalty points and rewards programs.

In just a three-week period last month, the coalition says, the credit-card companies collected more than $264 million in "hidden" fees from Canadians, with those funds coming primarily out of merchants' pockets.

Nighbor says studies have shown only 13 per cent of interchange fees go to the cost of processing credit-card purchases, with as much as 44 per cent being directed to the costs of rewards and marketing.

It's not just merchants that should be concerned, adds Nighbor. "Why should the average Canadian care? This is going to affect the cost of goods and services and it already has," he says.

The Canadian Federation of Independent Business (CFIB), which represents about 105,000 small businesses across the nation, has launched a similar campaign.

CFIB president Catherine Swift says the credit company cash grab involves new premium cards for consumers who spend above certain thresholds, with these cards carrying higher interchange fees for merchants.

Swift adds merchants may also be unaware that some credit cards that don't carry high interchange fees can be deemed as high-spend cards when the issuing bank detects a certain dollar amount has been reached, in turn triggering a higher interchange rate.

"The other interesting thing is when we first heard of these new cards, we heard that they would be a small proportion, one to two per cent, of the total number of cards," she says. "Initially that was the expectation, that it would be a pretty small slice for a premium card. But now we've heard that it's up to 30 per cent. They're (premium cards) being pumped out there so they can make more money."

The CFIB is also concerned about debit card fees merchants could be paying in the future if credit-card companies enter the debit-card sector in Canada, currently handled by Interac, whose members include banks, trust companies, credit unions and technology and payment-related companies.

She fears credit-card companies could favour a fee based on a percentage of the debit transaction size, increasing costs for merchants.

"These changes are designed for one reason, to reap larger profits for banks and credit-card firms and complicate the merchant's ability to know what they are paying to process transactions," says Swift who notes that consumers haven't asked for premium credit cards.

Both Visa and MasterCard declined to be interviewed for this story.

Instead, the two issued prepared statements.

Visa says that more retailers are choosing to accept their cards because of the value they deliver.

"Visa remains committed to the development of products and services that deliver value to all participants in the payment system," the statement says, adding that premium cards have been introduced to offer benefits comparable to competitive products such as American Express.

MasterCard says merchants are not required to accept credit cards, but are choosing to do so in increasing numbers. It also adds that contrary to the statements made by the CFIB and the RCC, there have always been different types of cards in Canada with different pricing structures.

"Just as retailers and independent businesses adjust prices from time to time in response to various market circumstances, card fees require adjustment as well. In fact, not all of the recent adjustments resulted in increased cost to the merchant," MasterCard says in its statement.

But at least one retailer says he's at the mercy of the credit-card companies after checking his most recent statements for interchange fee charges.

Brad Seamans, president of Calgary-based Rogers Rent-All Ltd., says instead of just one commission (interchange) rate, three different commission rates have appeared.

"One line item uses the old commission rate and the two (new) lines have commission rates about 18 and 30 per cent more than the other line. The first line is what it's always been," says Seamans, a CFIB member.

"It's early to say how much of a cost we are talking about, but it will probably be thousands of dollars a month in additional interchange fees."

Seamans adds merchants don't realistically have the option of not accepting credit cards.

"They are virtually currency these days and you have to use them if you want to do business," says Seamans, who is considering offering discounts if customers pay by cash or cheque instead of using plastic.

The Canadian Jewellers Association (CJA) is also apprehensive.

"We're concerned," says CJA president and CEO Ken Mulhall. "Our retailers are sensitive to the challenges in the economy these days and want to remain competitive, but if the fees keep increasing and impact their operating costs continuously it would be very challenging for the retailer."

Canada is one of the few countries where the government doesn't regulate credit-card fees, he adds.

"We've also noticed that Canada has one of the highest interchange rates and that's why we'd like to them step to the plate and show some leadership in this area."

Both the CFIB and RCC say that American Express is not a target of their campaigns, as the company has a smaller share of the credit-card market and already has higher fees for merchants who accept its cards.

Reblog this post [with Zemanta]

What Makes a Smart Card Smart?

What Makes a Smart Card Secure?

Download white paper

Smart card-enabled applications are becoming more prevalent in many of today’s businesses. The financial payments industry has moved to smart cards. The majority of the regional financial organizations worldwide have mandated that financial credit and debit cards must be smart card-enabled by a specified date. Plus, there has been rapid acceptance of contactless smart card technology for fast, convenient and secure credit and debit payment. The United States Federal government has adopted smart card technology for its major credentialing initiatives. The Department of Defense Common Access Card uses smart card technology for the credentialing of all military and civilian personnel. The Department of State uses contactless smart card technology for the electronic passport. Smart card-based identity credentials are now being issued to all Federal government employees to meet Homeland Security Presidential Directive 12. Enterprises are issuing smart ID badges to employees to secure physical and logical access. Plus, many government identity programs around the world are issuing smart card-based identity credentials to citizens.

All of these deployments see the use of smart card technology as an essential element for the integrity of their credentialing schemes. Smart cards are portable, personal security devices that can securely carry sensitive information, enable secure transactions, validate an individual’s identity within a secure system, and verify that an information requestor is authorized to access the information carried on the card. Smart cards not only maintain the integrity of the information stored on the card, but also make it available for secure interactions with the overall system.

A smart card includes an embedded secure integrated circuit (IC) that can be either a secure microcontroller with internal memory or a secure memory IC alone. The card connects to a reader with direct physical contact or with a remote contactless radio frequency (RF) interface. With an embedded microcontroller, smart cards have built-in tamper resistance and have the unique ability to securely store large amounts of data, carry out their own on-card functions (e.g., encryption and digital signatures), and interact intelligently with a smart card reader.

The smart card itself is only one component in a smart card-based system implementation. Security mechanisms are typically implemented in the card and at the operating system (OS), software, and system levels, providing layers of security to protect the system and information within the system from unauthorized access. In any smart card system implementation, the issuer needs to determine the risks that the system will be exposed to and implement the security measures necessary throughout the system to address those risks.

The government and financial payments industries have also led the way in establishing security evaluation and certification programs for the various layers of smart card security. Standardized evaluations and certifications use trusted third party labs to empirically verify that specific threats are prevented to a defined level of effectiveness, providing issuers with the confidence that certified products meet specified security requirements.

By placing a secure smart card in the hands of the user, organizations can implement a layered security architecture that addresses the expected risk of security breaches and implements an end-to-end chain of trust.

This white paper was developed by the Smart Card Alliance Contactless and Mobile Payment Council Security Work Group to provide an educational overview of the security measures designed into the smart card secure IC and of the use of these features and other system-level security measures to enhance the integrity of the overall system that is being deployed. It is intended to provide a basis of information on security considerations in smart card-based systems for those organizations that are intending to deploy smart card technology for payment, security or identity applications. The white paper answers the following questions:

  • What is a secure IC and what types of secure ICs are used in smart cards?
  • What security features are designed into secure memory ICs and secure microcontrollers that protect data and thwart attempted attacks?
  • What is the impact of contact and contactless interfaces on security?
  • What are the advantages of hardware vs. software in implementing cryptography on smart cards? How do the operating system and IC hardware countermeasures function together to enhance the overall security of the smart card IC? What levels of cryptographic algorithms are currently used in smart card deployments?
  • How do smart cards fit into overall system security? How is the financial industry using smart cards to improve the security of credit and debit payments?
  • What industry certifications and evaluations are available that organizations can use to gain confidence in the security implemented in various smart card products and in the interoperability of the technology among various component suppliers?

While the white paper focuses on the financial payments industry when discussing overall system security, the discussion of secure ICs, interfaces and cryptography applies to all industries and applications. Examples from other industries are included, with references provided for additional detail.

About the Contactless and Mobile Payments Council

The Contactless and Mobile Payments Council is one of several Smart Card Alliance technology and industry councils. The Council was formed to focus on facilitating the adoption of contactless and mobile payments in the U.S. through education programs for consumers, merchants and issuers. The group is bringing together financial payments industry leaders, merchants and suppliers. The Council’s primary goal is to inform and educate the market about the value of contactless and mobile payment and work to address misconceptions about the capabilities and security of contactless technology. Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects.

Reblog this post [with Zemanta]

Gas Station Skimming Becoming More Popular

Star Community Newspapers
Police investigate PIN code theft as scam moves into Plano
By Stephanie Flemmons, Staff Writer
(Created: Friday, October 17, 2008 10:52 AM CDT)

Early this month, Plano police started receiving reports of a national scam that has hit the city where thieves are snagging PIN codes and accessing fast cash.  Jerry Minton, Plano forgery and fraud detective, said a reported 45 cases are currently being investigated.

The scam has affected people nationwide. Minton said investigators are not too sure exactly how the PIN numbers are being compromised. He said the scary part is there is not a specific area targeted. The debit card scam is being tracked to all types of gas stations and ATM’s across the city, in neighboring cities and nationwide.

“Sometime people’s PIN numbers are being used in states they have not even visited,” Minton said. “The thieves are re-encoding a max drive on software and hardware they purchased. They can walk up to an ATM, pop it in and have the cash in hand.”

Minton said cardholders typically do not find out their card has been compromised until after the thief has conducted their “dirty business” or at the tail end, when they are finishing up. “The card could have been compromised two to three weeks or even one month before, and it’s just now being used.” Minton said. “This makes it hard to target a specific timeframe when the cards were compromised.”  The newest debit card scam is similar to the previous one where thieves retrieved bank information from credit cards and debit cards, but Minton said in this case, thieves do not have to make face-to-face contact to get the cash they desire.

The magnetic strip on the back of a debit card does not contain PIN number information, Minton said. The hard part, he said, is getting the PIN number.

“We don’t know if they have a trap and trade device, or something broadcasting out for a person nearby to receive on a laptop computer,” Minton said. “We don’t know exactly what they are doing. But, they have to be able to match up the PIN number with the max drive.”

The Plano PD and the Secret Service Dallas office have teamed up in this investigation.  Rob Caltabiano, assistant special agent in charge, said these type crimes are popping up everywhere. “They are nothing new, they just get more sophisticated,” Caltabiano said. “Every time we find out how they are doing it, another scam takes place.”

The Secret Service has an electronic crime task force that works on crimes such as this. The Plano PD has members on the task force, allowing them to work hand-in-hand.”  “Unfortunately this task force keeps busy,” Caltabiano said. “If we weren’t busy it would be a good thing.” Minton said detectives are also working with bank investigators and numerous stores.

“We are doing as much diligence as we can,” Minton said. “We are making sure we have a pretty good idea where the cards were compromised and not just singling out gas stations, or one person claiming they have bad business practices.”  Minton, along with another Plano detective, are interviewing each victim and investigating each case. He said no matter how much money was stolen from the victims, each case has its own impact.

“Anytime you take money out, you are expecting to have it in your account and you are counting on to pay your rent, groceries and bills, it will cause a bind,” Minton said. “I’ve seen many people who were put in a bind. Sometimes the overdraft fees assessed are more expensive than the money the thief took out.”

The importance of keeping track of daily activity that occurs in one’s account is getting more crucial everyday. The Federal Reserve Bank’s Regulation E stipulates as long as the consumer reports fraudulent activity in a timely manner, the bank is required to absorb the loss or try to recover it elsewhere.

ViewPoint Bank, based in Plano, is one of the many banks where the Plano police detectives are investigating fraudulent activity. Jennifer Kent, ViewPoint’s Account Service’s vice president, said the bank’s fraud department is working with the police in the investigation to determine how much exposure, if any, they have had.

“We encourage customers of all banks in the area to monitor accounts and immediately report unauthorized transactions to their bank,” Kent said. “When ViewPoint Bank becomes aware of an incident that may expose customers to fraud, all available resources are used to identify at risk customers. We make every attempt to contact the customer and close the account in order to prevent a loss.”

She said in some instances this involves blocking their debit card immediately and reissuing a new card number. She said typically affected customers are issued provisional credit for the unauthorized transactions and any related fees are refunded.

As part of the investigation, Minton said the targeted gas stations contact their own security team, who investigate every pump. He said it is the gas station’s responsibility to correct the problem if a skimmer or any illegal device is detected.  Recent reports target gas stations performing “inside jobs” and being behind the scam. But, Minton believes those reports are false. “They are servicing their pumps all the time,” Minton said. “The stores reputation is on the line. If customers don’t trust the stations point of sale terminals, then they will stop going to that particular station and their business will go under.”

Reblog this post [with Zemanta]

Loyalty Conference December 1st in NYC

Cards & Payments and ATM & Debit News will provide a high-impact event for banking and payments executives who want practical insights on how to identify, retain and grow the customers that drive franchise health and profitability.|

In one day you’ll hear loyalty strategies from leading banks including:

* Stef Erik Anderson, VP, Loyalty and Rewards, SunTrust Stef Anderson oversees the Bank’s consumer and small business rewards program, SunTrust Rewards, and is responsible for expansion of this program beyond the card product set.

* Steve Boehm, President, Wachovia Card Services Steve Boehm is responsible for the financial and operational performance of Wachovia’s credit and debit card businesses, as well as product development for bill payment services, pre-paid services (stored value and gift cards, travelers checks, etc), money movement services (ACH, wire, remittances) and other existing payment products.

* Liza Landsman, EVP, Internet and Channel Management, Citi Cards Liza Landsman oversees the business’ internet, inbound phones, statements and letters channels as well as the customer communication and sales efforts across these millions of touch points with the goal of driving maximum value and effectiveness for the Citi cardmembers.

* Bill Shaw, President, Cards, First Citizens Bank Bill Shaw has spent 38 years in the credit card industry with First Citizens Bank, Sun Bank, Signet Bank, and Visa, USA. He has operated a successful rewards program for high volume personal and business cardholders for thirteen years and a separate rewards program for lower volume personal cardholders for two years.

Reblog this post [with Zemanta]

Disqus for ePayment News