Wednesday, December 17, 2008

Terminal Disease Boosts Fraud

More terminals have been tampered with (toyed with?) at a Toys R Us in Sveedin.  2008 is coming to an end, and one of the buzz words of the year has got to be  card skimming.  

The tampering of these POS devices will undoubtedly erode the trust of consumers, which will contribute towards the acceptance of a personal swiping device such as the one devised by HomeATM.

Getting the PAN (personal account number) and PIN is so easy (with tampered  devices) it's like stealing candy from a baby.
  However, in these times, it's not the "sweet tooth" that's behind the's the "Bluetooth."

It's a contributing factor towards the paradigm shift taking place with online  vs. retail shopping and part of the reverse matriculation we perceive as inevitable.  Here's yet another story, of POS terminals being toyed with.
"Swedish police are unraveling a scheme where criminals stole credit card details by tampering with a point-of-sale (POS) terminals at a Toys R Us store in Malmö.

One terminal was found to be equipped with a bogus keyboard overlay that could record PINs (personal identification numbers) as well as details on the card's magnetic stripe, said Detective Chief Inspector Harald Runge.

The case is similar to one revealed earlier this year affecting several U.K. retailers, where point-of-sale devices were hacked to record debit and credit card details for use in frauds. It also demonstrates the increasing technical knowledge cybercriminals have gained in order to perpetuate card fraud.

It's the second time police have discovered a tampered POS terminal at Toys R Us, Runge said. Three months ago, two compromised terminals were found, rigged with Bluetooth transmitters to send card details, he said. 

In that case, at least 500 to 600 cards were compromised. The case came to light after people reported fraudulent withdrawals on their cards, Runge said. The withdrawals were made in Romania, a country known as a haven for cybercriminals. "We know that usually those people who do these crimes in Sweden are usually from Romania," Runge said.

In some instances, the card details are transmitted via a wireless mobile chip installed in the POS device, Engelsman said. In other cases, the terminals have a short-range Bluetooth capability. A fraudster can come back into the store to transfer the captured data to another Bluetooth-enabled device."

With the help of Swedish banks, it was determined the cards had all been used at Toys R Us, Runge said. Swedish police are now carrying a technical investigation into how the POS terminals were compromised, he said. In Romania, the authorities have photos of people who were making the fraudulent withdrawals, he said.

The Swedish card numbers and details recorded at Toys R Us may already be showing up on illegal Web sites where card details are sold, said Frank Engelsman, a fraud expert with Ultrascan Advanced Global Investigations, a company based in Netherlands. Runge said people who shopped at Toys R Us should ask their bank to issue them new cards.

It appears cybercriminals are already trying to sell those details. Four hundred Swedish card numbers have turned up in one of the underground cybercriminal databases that is located in Russia, Engelsman said. The card details sell for US$1 to $6, he said.

Engelsman said Ultrascan has seen a sharp uptick in the number of credit card details that are being tested. In order to sell a credit card record, the buyer often wants to ensure the card number is valid and hasn't been canceled. To do that, cybercriminals will charge a very small amount to an organization such as political campaign, Engelsman said.
The charge can be as little as $0.26. Cybercriminals will tend to vary the amounts, since banks will often cancel cards if their anti-fraud systems notice, for example, 1,000 cards all being charged for $0.13, Engelsman said.

Lately, "we've never seen so much testing before," Engelsman said. "After testing, they are going to use them [the cards]."

Tampering with the point-of-sale terminals is getting increasingly sophisticated. Engelsman said he's heard of teams of professional "burglars" who carefully break into a store at night and install equipment to record card details. They leave without a trace.

Terminals are also being rigged to record credit card details at certain peak shopping times when the most details can be captured for the least battery power. For example, a POS device would only record details from 1 p.m. to 3 p.m., Engelsman said.

The devices can also be programmed to only record, for example, American Express cards rather than Visa or MasterCard, Engelsman said. That's because some fraudsters, such as ones in North Africa, prefer American Express since the cards are more widely accepted in the area, he said.

Reblog this post [with Zemanta]

Airline Payment Summit Downloads

The Travel Payment Summit has made available, free presentation downloads from their conference earlier this month.  If interested, take a peek at them here:

Travel Payment Summit - free presentation downloads

Presentations from the Travel Payment Summit (TPS) held 03-04 December 2008 in Bad Homburg (Frankfurt) are now posted online and available for download free of charge!  (Editor's Note: Bad Homborg is another name for Frankfurt?...ya gotta get a kick outta that.  Hamburger bad...Frankfurter good?) 

Along with the latest trends in travel payments, including the move by airlines and travel companies to cut payment costs with lower-cost alternative payment options, see how the credit crisis is causing a rise in payment fraud, cutting into the bottom-line of the airline and travel industries and find out what can be done about it!

Click here to view those presentations

"Payments: A Cost or an Ancillary Revenue Opportunity?" will be one of the topics covered at the Airline Sales Channel Forum and Airline A-La-Carte Pricing Seminar being held concurrently on 12&13 May 2009 in Miami, USA.  These events will take airline ancillary revenue generation and a-la-carte pricing to a whole new level. Airline delegates may register for just $99 through 15 January 2009!

For more details please visit:

Reblog this post [with Zemanta]

Microsoft Critical IE Patch Today at 1:00 EST

Microsoft admitted last night that a serious flaw in security has left the majority of the world's Internet users exposed to attacks from hackers hoping to steal personal data and passwords.  As a result, they will release a "critical" patch later today.

The warning about the bug came last week, but has been exploited since the media reported about it, as "zero day" hackers seek to take advantage of the (window of opportunity?) flaw while it's there.

This has resulted in a flurry of activity at MS headquarters as they seek to devise a way to quell the threat.   Several engineering teams around the globe have been instructed to work 8 days a week until the fix is in.

According to one report I read;  MS said on Tuesday that in response to "the threat to customers" it immediately mobilized security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days." 

(Editor's note: Wasn't the world supposedly built in only seven?  What's that you say?  He rested on the 7th?)

In the meantime, they'll release an emergency patch today around 1:00 pm EST.   Every security expert is strongly recommending an immediate download.  Some background...a loophole in Internet Explorer (IE) allows criminals to commandeer victims' PCs by tricking them into visiting unsafe websites.   Once there,  they can be easily duped into giving up their personal information as they believe the situation is normal, but in reality it's all bleeped up.

Therefore, Microsoft has announced that they are releasing an emergency patch later today in the hope of fixing the security bug that allowed attackers to exploit the IE browser. The patch will be ready at 1 p.m. Eastern time via Windows Update, Windows Server Update Services and Microsoft Update.

The IE update will be labeled “critical,” which is the highest ranking update from Microsoft. This bug in IE has been all that people can talk about, some experts even warned that we should not use the browser until there is a fix. Microsoft as usual has been downplaying the threat.

Read full article

Reblog this post [with Zemanta]

Who's on Fifth Third? eBillme

Fifth Third Processing Solutions has announced a new partnership with eBillme to refer the payment alternative to its merchant processing customers.

"Extending payment option offerings at the online checkout is critical for online retail businesses to attract customers, increase orders and improve satisfaction and loyalty," says Donald Boeding, President of Merchant Services for Fifth Third Processing Solutions. "We believe our customers will see eBillme as a very appealing payment solution. We look forward to working with the eBillme team and to extending this payment option to our customers."

eBillme transactions occur securely, bank to bank, with no personal or financial information required or transmitted over the Internet. Because shoppers pay directly from their online bank account, they don't release any financial information online. This helps consumers manage their spending and debt, while better safeguarding themselves from identity theft and fraud risks.

eBillme's Buyer Protection Program takes security a step further. Provided at no cost to shoppers and retailers, the buyer protection features have the same or a better level of buyer protection than premium credit cards. Protection features include a return guarantee, price guarantee, in-transit protection, and fraud protection. Consumers can shop with confidence knowing their eBillme transaction is guaranteed and protected.

"The eBillme transaction model is uniquely designed to meet merchant demand under the current conditions of the economy to serve as a more secure way to pay cash online," says Marwan Forzely, President and CEO of eBillme. "We are very excited to be working with Fifth Third Processing Solutions to extend our payment alternative to their leading retail customers. eBillme gives merchants an opportunity to reach more customers and drive revenue while offering the industry's lowest transaction fees."
Reblog this post [with Zemanta]

Disqus for ePayment News