Tuesday, June 30, 2009

Visa Decides to Fund $.7 Billion Litigation Escrow Account

Visa Inc. Announces Decision to Fund Litigation Escrow Account

Press Release
Source: Visa Inc.

Tuesday June 30, 2009,

SAN FRANCISCO, June 30 /PRNewswire-FirstCall/ -- Visa Inc. (NYSE: V - News) today announced that the Company has decided to deposit $700 million ("Loss Funds") into the litigation escrow account previously established under the Company's retrospective responsibility plan (the "Plan"). Under the terms of the Plan, when the Company funds the litigation escrow, its U.S. financial institutions, the sole holders of Class B shares, bear a corresponding financial impact via a reduction in their as converted share count. As a result, the deposit of Loss Funds has the effect of a repurchase by the Company of $700 million of Class A Common Stock on an as converted basis. The deposit of the Loss Funds will be conducted in accordance with the Company's Certificate of Incorporation currently in effect.

About Visa: Visa operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 170 countries. For more information, visit www.corporate.visa.com

Reblog this post [with Zemanta]

MLHuillier Targets 1500 Outlets Nationwide

MLhuillier targets 1,500 outlets nationwide | The Freeman >> The Freeman Sections >> Cebu Business
Cebu Business
MLhuillier targets 1,500 outlets nationwide
By Rhia de Pablo Updated July 01, 2009 12:00 AM

CEBU, Philippines – Buoyed by the rapid success of its remittance business, Cebuano financial services company M.Lhuillier Philippines targets to open 1,500 outlets nationwide in the next two to three years to widen its ML Kwarta Padala network all over the country.

MLhuillier Philippines vice president Michael Lhuillier said that they envision to establish the widest reach of financial services to the public.

He said that right now, they are talking to a lot of different interested partners in Macau and other locations abroad that will expand their reach to Filipinos overseas.

Lhuillier said that last year, they have opened an office in Los Angeles, California and they are looking at strengthening this to service the remittance requirements of overseas Filipino workers (OFWs) stationed in North America and in Canada, which still has the highest number of Filipino workers.

He said that right now they have established 1, 200 different MLhuillier locations nationwide and they target to open 1,500 outlets for the next two to three years of operations.

“We always want to work harder and continue doing business. Amidst the financial crisis, we strive to be better for there is always a need to send money and to borrow money. We want to make sure that our systems are good so that we can service more people,” said Lhuillier.

He said that the take up of their loans have always remained on a steady trend as they have done this service for three generations already; however, their remittance segment has so far been gaining the fastest growth.

MLhuillier started their ML Kwarta Padala in 1996 initially targeting students and with that they have pioneered the electronic money transfer in the country and remodelled the old send out practice because now, a lot of Filipinos from different walks of life are already utilizing this service.

“Now, the whole industry is moving towards electronic money transfer but since we have pioneered this service, this now serves as our key advantage against our local and even multinational money transfer competitors,” said Lhuillier.

But getting at the level of success that MLhuillier is enjoying right now has not been an easy feat because it entailed a lot of hard work and investments on their part, according to Lhuillier.

He said that just last year; they have poured in more than two million pesos investment to purchase servers for their data center to maintain and upgrade the quality of their systems.

After they have opened a back-up office in Manila, they are also looking at setting up another back up office in either Hong Kong or in Los Angeles.

Meanwhile, aside from their plans of putting one MLhuillier branch in every municipality, they are looking at also opening up more 24 hours and seven days a week MLhuillier branches nationwide to provide more ease and convenience to their widely segmented clientele, said Lhuillier.

He added that they are also currently mounting up another value added feature in their ML Kwarta Padala service through utilizing cards that can be accessed through ATM machines.

Lhuillier outlaid plans of further diversifying their services to become a full pledged financial services institution.

He also said that they are looking at putting up their own bank in the near future “whenever opportunity would present itself.”

“Profit is the reward that comes later because we first look at the employment that we can generate from our investments. We are proud of being a Filipino company specifically a Cebuano company and we will constantly invest and throw back our resources to the country’s economy as well as provide employment to as many people,” said Lhuillier.

To learn more about MLhuillier, visit their website:

, , ,

Fidelity National Information Services Ranked Top Global Mobile Banking Vendor

I first reported this on May 6th,  PIN Payments Blog: FIS Ranked #1 in Vendor Matrix by ABI Research but FIS did their press release today, so here it is in their own words:

Fidelity National Information Services' Mobile Banking Solution Earns Top Ranking in Analyst Survey

FidelityNational Information Services has been ranked at the top of the latestVendor Matrix released by ABI Research.  Fiserv and Sybase claimed thesecond and third spots in the company’s new evaluation
JACKSONVILLE,Fla., June 30 /PRNewswire-FirstCall/ -- Fidelity National InformationServices(R) (NYSE: FIS), a global leader in processing and technologysolutions for financial institutions, has been ranked the number-onemobile banking vendor by ABI Research, a global research firmspecializing in the analysis and quantitative forecasting of emergingtrends in global connectivity.

FIS Mobile Banking is a comprehensive two-way mobile banking productand the first industry offering in production to provide all threemodes of mobile banking - SMS/text, mobile Web and downloadableapplication. FIS Mobile Banking is also iPhone certified.

Established in 1990, ABI Research provides in-depth analysis andquantitative forecasting of emerging trends in global connectivity.From offices in North America, Europe and Asia, ABI Research'sworldwide team of experts advises thousands of decision makers throughresearch and advisory services in seven key practice areas. The ABIVendor Matrix is an analytical tool developed by ABI Research toprovide a clear understanding of vendors' positions in specificmarkets, with vendors being assessed on the important parameters ofinnovation and implementation across several criteria unique to eachvendor matrix. For more information about ABI Research, visitwww.abiresearch.com.

"FIS has assembled a comprehensive suite of mobile banking solutionswhich can accommodate a financial institution whether they would liketo offer consumers an SMS, mobile Internet or downloadable application,all of which are integrated into FIS' core banking solutions," saidMark Beccue, senior analyst of consumer mobility for ABI Research, in arecent ABI Research press release. "That, combined with theirmarket-leading reach into financial institutions worldwide, whichbecame even larger with their recent announcement that they wouldacquire Metavante Technologies, secured them the top score," he said.

"We're honored to have the ABI analysts - and the industry as a whole -recognize the FIS mobile banking solution as the premier mobilesolution in the industry," said Anthony Jabbour, executive vicepresident for FIS core processing and e-payments. "The uniquetriple-play capability of FIS Mobile Banking, backed by the service andexpertise that are hallmarks of every FIS solution, clearlydifferentiates FIS Mobile Banking from the rest of the pack."

About Fidelity National Information Services

Fidelity National Information Services, Inc. (NYSE: FIS), a member ofthe S&P 500, is a leading provider of core processing forfinancial institutions; card issuer and transaction processingservices; and outsourcing services to financial institutions andretailers throughout the world. FIS has processing and technologyrelationships with 40 of the top 50 global banks, including nine of thetop 10 and has been ranked the number one banking technology providerin the world by American Banker and the research firm FinancialInsights in the annual FinTech 100 rankings. Headquartered inJacksonville, Fla., FIS maintains a strong global presence, servingmore than 14,000 financial institutions in more than 90 countriesworldwide. For more information on Fidelity National InformationServices, please visit www.fidelityinfoservices.com.

Forward-Looking Statements

This press release contains forward-looking statements that involve anumber of risks and uncertainties. Statements that are not historicalfacts, including statements about our beliefs and expectations, areforward-looking statements. Forward-looking statements are based onmanagement's beliefs, as well as assumptions made by, and informationcurrently available to, management. Because such statements are basedon expectations as to future economic performance and are notstatements of fact, actual results may differ materially from thoseprojected. We undertake no obligation to update any forward-lookingstatements, whether as a result of new information, future events orotherwise. The risks and uncertainties which forward-looking statementsare subject to include, but are not limited to: changes in generaleconomic, business and political conditions and other risks detailed inthe "Statement Regarding Forward-Looking Information," "Risk Factors"and other sections of the Company's Form 10-K and other filings withthe Securities and Exchange Commission.

SOURCE Fidelity National Information Services

To view a chart showing the rankings of the “Top 10” firms in this Vendor Matrix, please visit “Mobile Banking Vendor Matrix.”Registration on the ABI Research website (free) is required. Access tothe rankings and profiles of all companies surveyed is available toclients of ABI Research. 

Reblog this post [with Zemanta]

zoompass Blog Says "Prepayed = Prepared"

Paying with Zoompass

So you’ve had a fun night out with friends. You jump in a cab, get all the way home and realize you spent all your cash and forgot to go to the ATM before you left. You’ve got one unhappy cab driver on your hands, and a very expensive ride to the nearest ATM – which of course, is never your bank.


Not to worry – instead, just Zoom your friends and ask them to cover the cab fare, then use your Zoompass Prepaid MasterCard to pay for your ride.

The Zoompass Prepaid MasterCard is a contactless payment card that is linked to the funds in your Zoompass account so you can make purchases or withdraw cash. The Zoompass Prepaid MasterCard can be used anywhere MasterCard is accepted electronically, including online. You can also Tap & Go™ at the checkout using the PayPass™ feature for small, everyday purchases like coffee and movie tickets. It’s like having exact change wherever you go. What’s more, there are many PayPass-ready locations across Canada.

To get your Zoompass Prepaid MasterCard:

* Sign up for a Zoompass account at Zoompass.com
* Link your bank account to your Zoompass account and verify your information
* Make sure there is $15 in your Zoompass account by either transferring money from your bank account or requesting money from a friend or family member
* Request a Zoompass Prepaid MasterCard

It’s so easy – you’ll never be stuck with an empty wallet again. And there’s no cost to request the card.

prashant-fuloria-facebookThe Facebook Platform payments and monetization ecosystem continues to grow rapidly this year, and recently, Facebook has been getting more involved. A few weeks ago, Facebook started testing integration of its own virtual currency with Platform applications, and last week Facebook enabled payment support in 14 new currencies.

Now, we’ve learned that Facebook recently hired Prashant Fuloria, formerly a Director of Product Management at Google where he worked on Google Checkout amongst various other projects during his six year stint, as the new Director of Product Management responsible for Facebook payments. Highly regarded by colleagues, Fuloria left Google and started at Facebook last month.

With Fuloria’s hiring, the march of former Googlers two exits up the 101 to Facebook continues. At one point, nearly 10% of Facebook employees came from Google. Just a couple of weeks ago, Greg Badros, who headed up the AdSense engineering team for several years at Google, joined Facebook as a Director of Engineering.

Fuloria has his work cut out for him as he oversees the development, testing, and wider launch of Facebook payments services over the next several months. While Facebook only accepts credit card payments today, it is likely to expand its payments tests in the future, as the company seeks to monetize users across geographies and demographic profiles. Managing the integration of payments methods and systems into the Facebook experience is an increasingly important challenge for the company as it seeks to create a new, substantial direct-to-consumer revenue stream in a market that is known for its high operational costs, major fraud challenges, and international complexity.

Continue Reading at Inside Facebook

Kapersky Labs Warns on ATM Skimming

Be on your guard: ATM skimming will likely grow due to poor security - News - PC Authority
Be on your guard: ATM skimming will likely grow due to poor security:  by Daniel Long on Jun 30, 2009

ATM security is so poor worldwide, that many more machines are likely to be easily compromised in the future, warns Kaspersky

As the growth of ATM fraud increases around the world exponentially in recent times, anti-malware researchers are keen to solve a crisis in the making.

The bad guys are getting smarter, they're growing distinctively more sophisticated , warns Sergey Golovanov, senior malware Analyst for Kaspersky Lab in Moscow, who is speaking at the 10th Virus Analyst summit in Croatia. Golovanov is an expert on the cyber criminal groups who utilise ATM fraud. And in his work, he's seen some interesting trends pop up.

The problem says Golovanov, is not that security experts aren't looking for a way to solve the multitude of ATM security flaws; it's that their hands are tied. And then placed in a trench of concrete, so to speak.

"We haven't got very far yet...the systems used by banks are closed and they are not going to let outsiders access those systems", insists Golovanov, conjuring up a world where ATMs become easier to break into, because the good guys can't inspect the systems at the root of the cause.

Some ATMs in Russia and other Eastern localities have been found to infected with internal malware scripts that can capture the users details from within, without physical skimming props; a go-to cash making machine that spurts out easy money for criminal networks.

Continue Reading at PC Authority

CBA Forced to Shut Down NetBank Due to Phishing

Phishing Can Be Eliminated Easily.  Banks Issue Card, Banks Issue PIN, what's missing?  HomeATM's PCI 2.0 Certified PIN Entry Device, which would allow users to "swipe" their card and enter their PIN, as opposed to "typing" their UserName and Password.  What do you think phishers phish phor?  Right, the log-in details.  If consumers swiped their card and entered their PIN for online banking access (like they do for ATM access) Phishing would be eliminated...

Finextra: CBA takes NetBank offline as phishing activity spikes

CBA takes NetBank offline as phishing activity spikes
Commonwealth Bank of Australia's online banking operations have suffered multiple outages, sparking speculation that the bank has fallen prey to a massive Denial of Service attack by hackers.

NetBank began experiencing problems over the weekend before falling over Monday morning. The bank got the service back online early afternoon only for the system to stumble again later in the day.

CBA's Netbank has been the subject of fierce phishing activity since introducing a major upgrade last month.

Speaking to local newspapers, NetBank CEO Micahel Harte said the bank took the site offline when performance issues started to affect service quality early Monday.

Continue Reading at Finextra

, , ,

1 Out of 3 is Bad

Third of internet users too scared to use credit card to shop online
Almost a third of internet users are too frightened to hand over their credit details while shopping online, a report published by The Office of Fair Trading has found.

Among the people who do shop online, 37.8 feel it's as safe as shopping in a store.  That means that 62.2% don't feel secure when doing so. 
What makes them feel safe when shopping at a store?  Well the only difference is that they get to swipe their card into a point of sale device.  So, using logic 101, if they had a point-of-sale device they could use in the safety of their own home, we could empower more than 62 out of every 100 people to feel more secure.  Why is this important?   Because Chief executive John Fingleton said: "Onlineretailing is the future for many businesses and increasingly importantto the economy.

"Ifconsumers are not confident online, demand will grow at a slower rate.So we must tackle these concerns right now if the online market is togrow at its full potential."
The OFT said 30 per cent of internet users do not shop online because of a lack of trust. It added that, although consumer confidence is gradually improving, online markets cannot reach their full potential because it is still too low.

Minister for Consumer Affairs Gareth Thomas said: "UK consumers buy almost twice as much over the internet compared to their European neighbors.  "It's encouraging that the OFT's survey shows increasing consumer confidence when buying online - but people still have concerns.  "That's why we will be setting out proposals in our forthcoming consumer White Paper to better protect people from fraudsters and increase their consumer knowledge when shopping online."

The Interactive Media In Retail Group estimates that £43.8 billion was spent on online retail in the UK in 2008.  Consumer Direct released separate figures today which found that more people are seeking guidance about internet shopping transactions. Inquiries about online purchases now account for 10 per cent of calls to the consumer advice helpline compared with 6 per cent in 2006.

Reblog this post [with Zemanta]

And Here's Why! (Card Companies Will Remain Profitable)

CardTrak.com - News - CARD Act Impact

Like retailers who mark up stuff so they can offer a big discount, credit card issuers are beginning to jack up rates and fees ahead of the new regulations that will soon take effect. Some recent examples: Chase, Wells Fargo Financial and Bank of America. Chase announced it is raising its "Balance Transfer Fee" and "Cash Advance Fee" from 3% to 5% effective next month. Chase no longer caps either fee. Chase is also switching from fixed interest rates to variable. However, Chase says it may adjust the rates, fees and fee caps for special offers. According to CardTrak, Wells Fargo Financial is adding a 3% balance transfer fee with a $5 minimum and a $99 maximum to its "Cash on Demand" card next month. WFF also added a $35 annual fee and added a floor interest rate of 20.65%. Earlier this year, Bank of America increased its balance transfer fees. The BofA "Standard Balance Transfer Fee" is 4% with a $10 minimum. BofA ATM cash advances, bank cash advances, and cash equivalent transactions are now 5% with $15 minimum. Will there be more changes ahead of the "Credit CARD Act of 2009"? Duh!

On a side note, Bankrate did a study of the "fine print" involved with credit card company agreements: 
2009 Credit Card Study: The fine print

Study Says Credit Card Industry will Stay Profitable

Credit Card Industry Will Stay Profitable: Study

The credit card industry will continue to provide one of the most lucrative returns of the asset classes within banks' portfolios even after new U.S. credit card rules are put in place, analysts at Keefe, Bruyette and Woods said.

Read full story from ABC News - Brian Ross and the Investigative Team

Reblog this post [with Zemanta]

Heartland Completes Phase 1 of End to End Encryption Pilot

Back in February, in a post entitled Heartland Exposes It's Own Card: I wrote:  Is Heartland was going to take the position that they are a "plaintiff" rather than a "defendant" against claims from cardholders/issuers and V/MC themselves? Will they shoot back or is PCI DSS certification going to shoot down any argument that V/MC may have?  Heartland Payment Systems, Bob Carr shows one of his cards.

In their newly released 4th Quarter Earnings Report  he says that one of the biggest challenges they face in regards to the breach is "defending" claims that the "cardholders" "card issuers" V/MC, regulators (and others) have asserted (or may assert).  For the first time (that I've seen) he implies that:

they intend to vigorously defend any such claims, and  they have "meritorious defenses" to those claims.

So it appears that they are preparing to claim that they are the plaintiffs and the defendants are going to be the brands (V/MC)  Undoubtedly, they will use their PCI DSS certification as a launching pad to deter blame from them to others. PCI DSS may be the bullet that Heartland fires back with if V/MC tries to shoot them down.  This is going to be an interesting legal development and the PIN Payments Blog will keep a close eye on further developments...

Well, here's the latest development.  Heartland says they completed Phase 1 of their E2EE Pilot and identified "5 Zones" which the transaction has to travel through in order to obtain full end-to-end encryption.  Problem is, unlike PINs, Card Numbers are NOT received by Visa/MC encrypted.  So, they took advantage of this ailment and identified it.  It's a most interesting approach to the beginnings of their "vigorous" defense.  In the following press release you will see that they successfully ran (transmitted) an encrypted transaction through "4 of the 5 zones."  1 of the 5 could NOT be done, which logically "exposes" the culprit in the chain of command.  "The Card Brands."   Apparently the best move, when you're under the gun" is to turn it around and point the finger at the weakest link.  Clever indeed.

Here's their Press Release:

Heartland Payment Systems Successfully Completes First Phase of End-to-End Encryption Pilot

First AES-encrypted transaction from a merchant card reader to and through a major processor network completed

  • Press Release
  • Source: Heartland Payment Systems
  • On Tuesday June 30, 2009, 7:25 am EDT
PRINCETON, N.J.--(BUSINESS WIRE)--Heartland Payment Systems (NYSE: HPY - News), one of the nation’s largest payments processors, yesterday successfully completed the first phase of its end-to-end encryption pilot project. This first step involved the transmission of live AES (Advanced Encryption Standard)-encrypted card transactions from a merchant to Heartland’s processing platform. AES is the highest level of encryption and is currently on track to replace DES (Data Encryption Standard) and Triple DES as the desired standard for sensitive data.

According to Robert O. Carr, Heartland’s chairman and chief executive officer,  to his knowledge, this is the first time encrypted transactions have been sent from a merchant’s card reader to and through a major processor’s payments network. 

“Yesterday’s transactions involved a Texas-based merchant and multiple credit card, prepaid and signature debit card transactions testing each of the major card brands,” Carr explained. “These cards were read by our newly developed pilot tamper-resistant security module (TRSM) terminal. The data was encrypted as the electronic digits left the magnetic stripe and entered the TRSM hardware device. The data was then successfully transmitted to and through our processing platform for authorization and settlement.

“Typically, cardholder data is unencrypted as it leaves a merchant’s terminal and is not encrypted until it is either tokenized in a gateway or at rest in the processing platform’s data warehouse,” Carr explains. “This means cardholder data in transit is at risk of being compromised should it get in the hands of cyber criminals or hackers via such methods as network or memory sniffer malware. To protect data throughout the lifecycle of a credit, debit or prepaid card transaction, Heartland is developing end-to-end encryption technology we call E3™ that is designed to encrypt the transaction from the card read through our network and ultimately through transmission to the card brands.”

For Heartland, E3 protection involves five payment zones:

Zone 1: From data entry/card read at the merchant to the authorization network of the processor.

Zone 2: From the entry into the authorization network of the processor and through all points in which data is in motion within the network(s) of the processor and its sub-contractors.

Zone 3: While the data resides in a central processing unit (CPU) or a host security module (HSM).

Zone 4: In a direct access storage device (DASD) or archival storage.

Zone 5: From the processor to the authorization and settlement centers of the card brand or issuer.

“Monday’s successful test involved Zones 1, 2, 3 and 4,”
detailed Steven M. Elefant, Heartland’s executive director of end-to-end encryption. “We believe that protecting data in these zones alone will significantly impact the protection of cardholder data.

Editor's Note:  What? Imagine that, no Zone 5.  This is one helluva clever way to expose Zone 5 as the culprit in the system.  And it sets up their legal defense

“In Q4, Heartland expects to enhance protection in Zone 3,” Elefant continued. ”Protecting data in Zone 5 is contingent on the card brands. We are in active discussions with several of the brands, and our conversations have been very positive. Some card brands have indicated a willingness to pursue accepting transactions from those processors who send encrypted data. While we work on Zone 3 and collaborate with the brands on Zone 5, the next phase of this pilot project involves integrating a set of security-protected chips which we expect will further safeguard the data throughout the lifecycle of the transaction. Heartland plans to pilot this next phase in Q309.”

“We plan to continue to expedite the development of E3 and launch it commercially late this year,” Carr concluded. “We also plan to continue working with the ANSI ASC X9 Committee which is crafting an end-to-end encryption standard and follow that standard as much as practical. We are also working with established US equipment and software manufacturers to implement their TRSM devices into our E3 approach as soon as possible. We believe the marketplace will accept this higher level of payments security and are willing to share our knowledge and learnings with all industry stakeholders via the Payment Processors Information Sharing Council, FS-ISAC and Secure POS Vendor Alliance organizations.”

About Heartland Payment Systems

Heartland Payment Systems, Inc., a NYSE company trading under the symbol HPY, delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide. Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. For more information, please visit http://www.heartlandpaymentsystems.com and http://www.MerchantBillOfRights.com.

How to Hack an ATM Live Onstage Pulled from Black Hat Event

Juniper Networks Gags "ATM Jackpot" Researcher- Risky Business

According to Patrick Gray, at Risky.Biz, a demo, which would show Black Hat attendees how to jackpot (empty) an ATM on stage won't take place.  Here's a quick blurb:
Security and networking company Juniper yields to ATM vendor pressure...
June 30, 2009 --

RISKY.BIZ EXCLUSIVE -- A demonstration in which security researcher Barnaby Jack would "jackpot" an ATM live on stage at the upcoming Black Hat security conference in Las Vegas has been pulled by his employer.

Security and network device vendor Juniper Networks forced Mr. Jack to cancel his presentation, an anticipated highlight of the Black Hat event, following pressure from the affected ATM vendor. The demonstration would have seen the researcher hack an ATM live on stage, causing it to spit out cash, or "jackpot".

"The affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected," a statement issued by Juniper Networks reads. "Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research."

Continue Reading

Max Vision Pleads Guilty to Hacking 1.8 Million Credit Card Numbers

The Butler "did not" do it as Max Butler says it was "Max Vision"...Both face 60 years...Max

This is a follow-up to: PIN Debit Payments Blog: Max Vision/Blind Justice: posted last Dec 27, 2008. 

Max Butler, nicknamed Max Vision, now faces up to 60 years in prison after pleading guilty to hacking almost two-million credit card numbers.  As I stated back in December, this has the potential for either a good book or movie script, especially
if he were to eventually start working for the people instead of against the people, ala Frank Abagnale Jr. and that seems likely in light of a statement released by his attorney:

“Max Vision, known in this case as Max Butler, pled guilty today as a first step toward getting this sad chapter of his life behind him. It is unfortunate that his life circumstances in 2005 led him to participate in this criminal conduct, and he very much regrets doing so,” he wrote.
“Max has always preferred using his extraordinary computer skills his computer vision, for the good of society and the cyber world, and he hopes that he will be given the  opportunity in the future to once again don the white hat.”
Here is a quick backgrounder on Max Vision/Butler "The Equalizer." 

As "Max Vision," he was an incredibly skilled hacker and security expert who boasted that he'd never met a computer system he couldn't crack. As "The Equalizer," he was an FBI informant, reporting on the activities of other hackers.As Max Butler, he was a family man in Santa Clara, California who ran a Silicon Valley security firm. At Max Vision Network Security, he specialized in running "penetration tests," attempting to break into corporate networks to prove that their security wasn't as good as it could be.

Superhacker Max Butler Pleads Guilty
By Kevin Poulsen | Wired

PITTSBURGH — A skilled San Francisco-based computer hacker who once sought to unite the cyber underworld under his benign rule pleaded guilty to federal wire fraud charges here Monday, admitting he stole nearly 2 million credit card numbers from banks, businesses and other hackers, which were used to rack up $86 million in fraudulent charges.

Max Ray Butler, 36, faces up to 60 years in prison for the two felonies under law, but his actual sentence will be influenced by a number of factors, not least a plea agreement with federal prosecutors that was filed under seal Monday.

Wearing an ill-fitting orange jail uniform and round glasses, his hair cut short and neat, the six-foot-plus Butler towered over the burly deputy marshals that brought him into the court room. Once he settled into his seat, he spoke softly and evenly as he answered questions from the judge, frequently drawing admonishments to speak up for the benefit of the court reporter.

“I actually did the actions that are relevant in the indictment, and I am guilty,” Butler said, at one point.

Butler identified himself in court as “Max Vision,” the name he gave himself in the 1990s when he became a superstar in the computer security community. At that time Butler was billing himself out as a $100-an-hour computer security consultant, and he earned the respect of his peers for creating and curating...

Continue Reading at Wired

More on Max Vision:

Max Vision charged with hacking -- again
Sep 12, 2007 ... Federal prosecutors charge former security consultant Max Butler, better known amongst security researchers as "Max Vision," alleging that ...

Max Vision
: FBI pawn?
May 5, 2001... FBI agents called him 'the Equalizer': a security expert and confessed hacker who infiltrated the electronic underground to help the Bureau. www.securityfocus.com/news/203 - 34k

A 'White Hat' Goes to Jail

"Max Vision," a renowned hacker, security expert and FBI informant, is sentenced to prison in a case that angers many in the hacking and cracking community.

Phishing and Brandjacking Financial Brands

MarkMonitor Research Shows How Online Scammers Are Using the Financial Crisis to Prey on Consumer Trust in Leading Brands

Latest Brandjacking Index Examines How Fraudsters Abuse Financial Brands

SAN FRANCISCO, June 29 2009 – MarkMonitor®, the global leader in enterprise brand protection, today released the company’s latest Brandjacking Index® that studies how fraudsters are abusing major financial brand names and topical subjects like refinancing or unemployment to lure unsuspecting consumers to questionable websites. Examining four leading financial brands, the research indicates opportunistic fraudsters are quick to target citizens looking for ways to get back on their feet from financial challenges and the housing market bust.

“Scammers are preying upon consumer hardship, demonstrating incredible creativity in combining technology, social engineering techniques and current events,” said Frederick Felman, chief marketing officer at MarkMonitor. “In this digital age, as the Internet pervades business and leisure, scam artists and fraudsters are quick to profit at the expense of trusted brands across a wide spectrum of industries.”

For this Brandjacking Index, MarkMonitor chose four top U.S. and international bank brands to monitor for scams focusing on terms such as foreclosure, mortgage, refinance and unemployed. MarkMonitor sifted through 134 million public domain records and searched billions of Web pages and spam email messages during the study period.

Research from the sample of financial brands shows profound levels of brand abuse, most notably through phishing and suspected domain squatting. More than 7,300 cybersquatted domains were identified targeting the four financial brands in the study. Fraudsters registered domains that combined those financial brands with the focus terms at the rate of more than one domain per day between September 2008 and April 2009. Phishing attacks against the four financial brands numbered 10,000, representing a 36 percent increase in Q1 2009 from the previous quarter.

Some of the highlighted findings in this report are:
Opportunistic abuse exploits economic hardship

  • Morethan 7,300 domains exploited the four financial brands in the study,with 16 percent of the domains registered since September 2008
  • 24percent of these cybersquatted domains registered since September 2008used the focus terms – foreclosure, mortgage, refinance and unemployed– translating to a registration rate of more than one cybersquatteddomain per day exploiting the focus terms
  • Domains registered since September 2008 were 50 percent more likely to use the focus terms than domains registered earlier
  • 52percent of the domains identified in the study did not encrypt customerdata, putting consumers’ personal identity information at risk
Profound levels of phish attacks target a wide variety of companies  and industries
  • A record 502 organizations were phished in Q1 2009, an increase of 24 percent from Q1 2008
  • 93 organizations were phished for the first time in Q1 2009; 82 percent were financial brands
  • Whilefinancial services remain a popular target, payment service providerswere the most phished category, at 42 percent of total phish attacks
  • Socialmedia is one of the fastest-growing target category for phishers, withattacks increasing 241% against social media companies between Q1 2008and Q1 2009


TheBrandjacking Index is an independent report produced by MarkMonitorthat tracks and analyzes online abuses of leading brands. Thecornerstone of the report is the volume of public data analyzed byMarkMonitor using the company’s proprietary algorithms – no customerdata or proprietary customer information is used to create theBrandjacking Index. During the study period of January through April,2009, MarkMonitor searched approximately 134 million public recordsdaily for brand abuse in domain data as well as Internet feeds fromleading international Internet Service Providers (ISPs), emailproviders and other alliance partners.

About MarkMonitor

MarkMonitor,the global leader in enterprise brand protection, offers comprehensivesolutions and services that safeguard brands, reputation and revenuefrom online risks. With end-to-end solutions that address the growingthreats of online fraud, brand abuse and unauthorized channels,MarkMonitor enables a secure Internet for businesses and theircustomers. The company’s exclusive access to data combined with itspatented real-time prevention, detection and response capabilitiesprovide wide-ranging protection to the ever-changing online risks facedby brands today. For more information, visit www.markmonitor.com.

Reblog this post [with Zemanta]

Monday, June 29, 2009

Phishing Attacks Up 240% on Social Networking Sites

Report: Social Networking Phishing Attacks Up More Than 240%
U.S. extends its lead as No. 1 country hosting phishing attacks, according to MarkMonitor's new brandjacking report

Jun 29, 2009 | 02:39 PM By Kelly Jackson Higgins | DarkReading

Social networks are increasingly becoming a favorite method of attack for phishers as they look for more efficient ways to reach potential victims, according to a newly released report.

Overall, phishing attacks rose 36 percent in the first quarter of this year compared to the same period in 2008, according to a sampling of banking brands used in MarkMonitor's Brandjacking Index report for January through April 2009. And more than 500 organizations worldwide were phished in the first quarter of this year, up 14 percent from the fourth quarter of last year, according to MarkMonitor.

Phishing attacks on social networking sites increased more than 240 percent compared to the same time last year, just behind attacks on payment services, which jumped a whopping 285 percent versus the first quarter of '08. "They exploit the trust one user has with another [on a social network]. There's a tendency to open up something from one of your 'friends' on these sites," says Frederick Felman, chief marketing officer at MarkMonitor. "This is the biggest innovation in phishing attacks since RockPHISH, and it's more social than technical exploitation. RockPHISH was an infrastructure play, but this is using someone else's infrastructure to spread the badness."

The good news, however, is that social networks are relatively quick to shut down phishing attacks on their sites, Felman says.

Continue Dark Reading

Commonwealth Bank's Online Web Bank Fails

Commonwealth Bank's web bank fails | ASX: CBA
Glitch snarls CBA's online bank | Chris Zappone
June 29, 2009 - 2:22PM

Commonwealth Bank's web banking service NetBank failed today, in what could be a hacker attack, leaving thousands of customers unable to access their accounts via the internet.

A recorded message on the bank's phone access line acknowledged the problem with NetBank, saying it was ''working to resolve this as a matter of emergency.'' The bank blamed "intermittent network issues" and gave no set time for the entire system to be restored.

"Service is currently beginning to resume and some customers are being serviced," a spokesman for the bank said, although NetBank did not appear to be functioning by mid-afternoon.

The bank apologized to customers for the inconvenience.

Customers who tried to access their accounts online received a message saying, ''NetBank is temporarily unavailable,'' and urging them to try to phone their customer account line.  Customers unable to access their accounts should ring 132 221, the bank said.

Hacker attack?

Commonwealth Bank has attracted a flurry of phishing attempts, fraudulent emails and online scams in recent months, since launching an upgraded online banking portal.

Phishing is the use of fraudulent emails to scam customers out of personal details like bank account passwords.  (Editor's Note:  Again, if consumers were not trained to "type" their log-in details, such as a username and password, and instead, swiped their bank issued debit card and entered their bank issued PIN code, the threat of phishing would be eliminated.  It is how you access the bank's ATM so why wouldn't and shouldn't it be the way you access your online banking account?  Swipe, don't Type).

Although the network issues experienced today are thought to be unrelated, Commonwealth has taken the service down temporarily to run tests on the system to check its integrity, said chief information officer Michael Harte.  "We haven't completely ruled out an attempt to do a denial of service attack,'' he said.

Continue Reading at BusinessDay

, , , , ,

Introducing Bank of America Merchant Services

Bank of America and First Data Form Next-Generation Payment Solutions Company

CHARLOTTE, N.C. and DENVER, June 29 /PRNewswire/ -- Bank of America N.A. and First Data Corp. announced today the formation of a new company that will deliver next-generation payments solutions to merchants ranging from small business to commercial and corporate clients worldwide.

Bank of America Merchant Services, LLC will provide clients with the most comprehensive suite of innovative payments solutions including credit, debit and prepaid cards to merchant loyalty, check and eCommerce payments, the companies said.

Thomas Bell, chief strategy officer and president of First Data's financial services business, was named chief executive officer of Banc of America Merchant Services.

"The combination of First Data's world-class technology and industry experience with the power of Bank of America's brand and branch referral channel will enhance Banc of America Merchant Services' position as an efficient and innovative player in the payments market," Bell said.

Merchant clients also will benefit from new service offerings including loyalty and prepaid programs, along with mobile commerce and check solutions that will drive return traffic to their stores and provide their consumers with the security, convenience and rewards they have come to expect.

"For our clients, the most important transaction they have occurs the moment their customer pays them for what they do. This alliance provides stronger payments acceptance capabilities as well as enhanced business-reporting tools and a better experience for their customers," said Catherine P. Bessant, president of Bank of America's Global Product Solutions group. "The formation of this new company underscores our full commitment to the merchant services business."

For merchants seeking to expand their offerings in the fast-growing virtual marketplace, Banc of America Merchant Services will offer the scalability, integrated capabilities and deep understanding of the transactional process to deliver industry leading eCommerce solutions.

"The First Data, Bank of America alliance will create a payments company with more than 70 years of combined merchant experience," said Michael Capellas, chairman and CEO of First Data. "Together, we will help clients keep pace with the dynamic virtual marketplace by delivering secure, scalable and reliable payment processing and the broadest set of innovative payments solutions at highly competitive prices."

Bank of America will contribute approximately 240,000 merchant relationships and First Data will contribute approximately 140,000 merchant relationships to the new company. Following a transition period, First Data will provide the merchant processing and related services. The combined entity will process over one billion transactions per month.

Banc of America Merchant Services will be approximately 46.5 percent owned by Bank of America and 48.5 percent by First Data, with the remaining stake held by Rockmount Investments, LLC, an investment vehicle controlled by a third party investor.

Financial impacts from the transaction will be discussed when Bank of America releases second-quarter earnings on July 17. First Data will discuss financial impacts of the alliance on their next quarterly results call in August.

Bank of America Merrill Lynch acted as financial advisor and Wachtell, Lipton, Rosen & Katz acted as legal advisor to Bank of America. Sutherland Asbill & Brennan and Perkins Coie acted as legal advisors to First Data.

First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for 5.3 million merchant locations and thousands of card issuers in 37 countries. For more information, visit www.firstdata.com.

Bank of America

Bank of America is one of the world's largest financial institutions, serving individual consumers, small- and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services. The company provides unmatched convenience in the United States, serving approximately 55 million consumer and small business relationships with more than 6,100 retail banking offices, more than 18,500 ATMs and award-winning online banking with nearly 30 million active users. Bank of America is among the world's leading wealth management companies and is a global leader in corporate and investment banking and trading across a broad range of asset classes serving corporations, governments, institutions and individuals around the world. Bank of America offers industry-leading support to more than 4 million small business owners through a suite of innovative, easy-to-use online products and services. "Bank of America Merrill Lynch" describes the marketing name for the global banking and global markets businesses of Bank of America Corporation. The financial advisory services referred to above were performed by Merrill Lynch, Pierce, Fenner & Smith Incorporated, an investment banking affiliate of Bank of America Corporation and a registered broker-dealer and member of FINRA and SIPC. The company serves clients in more than 150 countries. Bank of America Corporation stock (NYSE: BAC) is a component of the Dow Jones Industrial Average and is listed on the New York Stock Exchange.

Website: http://www.bankofamerica.com

, , , , ,

Virtual Currency Virtually Banned in China

China Cracks Down on Virtual Currency, For Real - China Journal - WSJ

In the latest blow to online gamers in China, Beijing has prohibited the use of virtual money to buy real world goods.

‬‪‬‪Until now, online game players who win virtual currency have been able to use it to purchase all sorts of things, including real money, giving rise to a burgeoning trade in virtual currency, valued at 10 billion to 13 billion yuan in 2008, according to the China Internet Network Information Centre (CNNIC).

But no more. According to new regulations released jointly by the Ministry of Commerce and the Ministry of Culture last week, virtual currency should be exchanged only for virtual goods and services provided by the issuer of the currency.

Continue Reading at Wall Street Journal

Editor's Note: SecondLife is a prominent provider of Virtual Currency, to learn more about them, click here

Reblog this post [with Zemanta]

Wincor Nixdorf Partners with Sevenval for Mobile Banking Offers

Wincor Nixdorf partners with mobile specialist for new mobile banking offers

PADERBORN, Germany — Sevenval GmbH, a technology specialist in mobile Internet portals, and Wincor Nixdorf International have formed a strategic partnership, bundling their collective expertise to enable financial institutions to have access to mobile banking offerings.

According to a news release, the partnership allows Sevenval to expand its international activities by leveraging Wincor Nixdorf's PC/E Retail Banking Solution Suite with Sevenval’s multichannel output technology. In the future this will allow Wincor Nixdorf to map retail banks’ Internet portals and services on mobile terminals and home entertainment systems.

The new browser-based software PC/E Mobile Banking ensures that banks can offer financial services such as account information, funds transfers or sales of securities by mobile phone. The software makes use of the bank’s existing IT infrastructures and optimizes customer access to the mobile banking channel.

Wincor says the benefit for banks is that their mobile channels can be expanded without the need to develop additional, redundant infrastructures, and customers enjoy an optimal mobile banking experience. In addition, services familiar from Internet banking and high standards of security can be ensured on mobile terminal devices just as on stationary ones.

"The customization of the output format to the different mobile terminal devices guarantees that the complete solution is easy for bank customers to use and that the technical work, time involved and costs to banks remain modest," said Thomas Certa, head of solution marketing at Wincor Nixdorf. "Our cooperation with Sevenval means that we will be able to rely on technology components that have proven themselves on the market. This will help us in our ongoing, long-term objective of strengthening our solution portfolio for mobile banking and mobile payment."

Sevenval’s FIT technology is already in use at numerous banks in Europe. It automatically adapts online services for use on Internet-capable mobile telephones. Depending on the device features, Sevenval FIT Multi Channel Server optimizes the navigation, display and content of Internet banking portals on any mobile telephone with the support of a continually-updated profile database. Whether a customer has a classic mobile phone, PDA, BlackBerry or iPhone — for every product on the market, customers receive an optimized and easy-to-use version of the bank’s Internet services.

Newer mobile phones are often supported even before they are officially released for sale. Other Internet-capable devices such as games consoles, navigation systems or multimedia television set-top boxes are also added to the profile database.

"The solution’s flexible architecture also allows product information and other services such as financial information and ATM finders to be added," said Sascha Langfus, of Sevenval. "Owing to its multichannel product portfolio and international presence, Wincor Nixdorf is an ideal partner for us in our continued expansion of our leading market position in mobile banking."

Reblog this post [with Zemanta]

Michael Jackson Malware Campaigns Exploit Death

Michael Jackson's death themed malware campaigns spreading

The sudden death of Michael Jackson quickly opened a window of opportunity for cybercriminals to capitalize on.

With a malicious spam campaign, blackhat SEO search results poisoning which is serving scareware within the first 100 search results for Michael Jackson’s death, and an opportunistic participant in Zango adware’s network using typosquatting, malicious activity is prone to increase during the next couple of days.

Here are more details on the campaigns currently in circulation:

The malicious spam campaign is enticing users to visit a compromised web site (Beatz radio beatzradio.com.au) where the bogus Michael.Jackson.videos.scr screensaver is served.

A second, non-malicious spam campaign using a Michael Jackson theme is being spammed from legitimate emails in a desperate and amateur-ish attempt to harvest the emails of those who reply back - a practice which became obsolete with the time due to the much more sophisticated email harvesting techniques spammers have in a Web 2.0 world for instance.

Continue Reading at ZDNet

Michael Jackson   Malware  Jacko

Reblog this post [with Zemanta]

Online Banking at High Risk - Kapersky

Online banking at high risk from attack that knows your bank

by Daniel Long on Jun 29, 2009

There is a risk of banking websites falling prey to a new form of malicious keyboard logger, but there is a way to reduce your risk.

(Yeah, Swipe, Don't Type.  Pretty much eliminates keylogging doesn't it?  In fact it's key to logging-in securely)

Away from the physical world of ATM skimming practices, it's the online domain where criminals are continuing to refine the way they steal your personal banking data.

According to a current banking threat detailed by one of Kaspersky's leading chief security experts, banking websites are at significant risk of being attacked by ingenious malware scripts that can remember passwords entered by customers, using a clever screenshot tactic which reports details of the victim's passwords back to the attacker.

Special types of malware are being developed just for breaking the passwords found on different internet banking sites.

"Most of the banking fraud happening at the moment online is with Trojan horses. There's quite a lot of it that will hijack your online banking connection with different types of banks", says Costin Raiu, who forms part of the Global research and analytics team at Kaspersky Lab.

Continue Reading at PC Authority

Reblog this post [with Zemanta]

E-Banking Wire Transfers Risky

Hackers were not so clever

As technology soars, so too does cyber crime
By: Wassayos Ngamkham
Published: 29/06/2009 at 12:00 AM

Aspate of electronic money transfer scams has raised doubts about the security of state-of-the-art technology banking systems known as E-banking.

Despite the technological advances, bank-to-bank wire transfers are still considered risky because they are vulnerable to increasingly sophisticated hackers, Crime Suppression Division investigator Akkaradet Pimolsri said.

The arrest of two Russian hackers and a Thai man in a bank fraud gang is a case in point.

On June 15, Anton Soldatenkov, 26, Vnuchenko Oleksandr, 32, and Prakiat Bunmo!, 34, were arrested after withdrawing 6.5 million baht in cash from a Krung Thai Bank branch at Siam Eastern Industrial Park, in Rayong's Pluak Daeng district.

Five days earlier, two banks - Krung Thai Bank and Siam Commercial Bank - were allegedly tricked into transferring almost 10 million baht combined into the three men's account through the online banking system.

Continue Reading

Reblog this post [with Zemanta]

British Museum Company Says YESpay

Press Release

British Museum Company guarantees payments with high speed secure payment service from YESpay

June , 2009, London – The British Museum Company has selected YESpay’s EMBOSS Payment Processing Service to provide a high speed payment service that is fully accredited by its card acquirer and compliant with the Payment Card Industry Data Security Standard (PCI DSS) across seven locations and 34 tills.

The company, the commercial force behind the British Museum, needed an approved acquirer of EFT transactions and payments to run its settlement service.

Muna Khan, IT Manager, The British Museum Company, said, “We were concerned with the security of handling of our own payments and we had no way of tracking payments with our existing technology. We would occasionally receive phone calls from customers to advise that their monthly bill hadn’t been taken, which raised concerns of the level of service we were providing.”

The pre-accredited YESpay EMBOSS bureau service means all transactions are logged centrally in real time during online authorisation. Also, by running batched overnight settlements it means no further store intervention is required. The company’s end-to-end EMBOSS service and data centres are already fully PCI DSS compliant to Level 1.

Khan added, “We can log onto a secure site and instantly access a record of payments made. If there are any discrepancies between sales and payments not matching we can download statistics and check records.”

Rohit Patni, EVP Sales and Marketing, YESpay, said, “By outsourcing its card payments processing to YESpay, The British Museum has a high speed payment service to meet the demands of its business. The overhead of maintaining payments itself has been removed and it has freed up staff to concentrate on other issues. The company has considerably cut the costs of bank accreditation and complying with PCI requirements and only pays a low
monthly fee.”

The technology supports all major credit and debit card brands mail order and is ready to support other technology, such as kiosks.

PR Contact:Tanya Pring
Fieldworks (YESpay PR)
Tel: + 44 (0) 1435 873080

Clear Unclear About What Happens to Customers Data After Abruptly Closing Doors

Out of business, Clear may sell customer data - It would go to a similar provider authorized by the TSA

By Robert McMillan

IDG News Service - Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else's hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.

Until this week, the Clear service had given customers a way to skip long security lines in certain airports. For a $199 annual fee, air travelers could be pre-screened for flight and then use Clear's security checkpoints instead of the TSA's. Clear was run by New York's Verified Identity Pass, which also shut down on Monday.

Customers had to provide personal information, including credit card numbers, fingerprints and iris scans in order to participate in the program. After Clear abruptly shut its doors -- it has not yet declared bankruptcy -- some worried that this data could fall into the wrong hands.

"They had your social security information, credit information, where you lived, employment history, fingerprint information," said Clear customer David Maynor, who is chief technical officer with Errata Security in Atlanta. "They should be the only ones who have access to that information."

Maynor wants Clear to delete his information, but that isn't happening, the company said in a note posted to its Web site Thursday.

Continue Reading

Disqus for ePayment News