Friday, July 31, 2009

MasterCard/Visa See Debit Grow but"Credit Declined"

MasterCard Inc. saw U.S. debit card purchase volume rise 3.4% from year-earlier levels to $82 billion in the second quarter, and debit purchase transactions rose 11.3% to 2.11 billion. But U.S. credit purchase volumes fell 15.5% to $120 billion on 1.5 billion transactions, off 5.8%. Total worldwide transactions processed grew 7.9% to 5.63 billion...

Visa Inc. processed 10.3 billion transactions in its third fiscal 2009 quarter ended June 30, up 8.4% from 9.47 billion a year earlier. But most of the operating data Visa released Wednesday with its latest earnings report were for the quarter ended March 31, and they showed a 9.7% decline in U.S. credit payments volume and 3.9% decline in credit transactions from the year-earlier quarter. U.S. debit volumes, however, rose 4.7% and transactions increased 10.3%.

Reblog this post [with Zemanta]

Merchant Risk Council Adds New Board Members


Leaders from Accertify, GlobalCollect, Linden Lab and Microsoft Join MRC Board

(Seattle, WA—July 31, 2009) The Merchant Risk Council (MRC), a merchant-led trade association focused on electronic commerce risk and payments globally, today announced the results of their 2009-2010 board elections.

New MRC Board Director:
Mike Duffy – President and CEO, Chase Paymentech

Re-Elected MRC Board Directors:
Tom Sullivan – Sr. Director, Global Payments & Risk, Expedia, Inc.
Gerry Sweeney – Global Head, e-Commerce & Authentication, Visa, Inc.

New MRC Board Advisors:

Gary Doernhoefer – Co-Founder and General Counsel, Accertify, Inc.
Floris de Kort – Chief Commercial Officer, GlobalCollect
James Pierson – Trust and Safety Program Manager, Linden Lab
Ronda Sifford – CSAT Risk Management Group Manager, Microsoft

Re-Elected MRC Board Advisors:
Al Boddorf – Director, Global Financial Services, Dell, Inc.
Jerett Sauer – Director Loss Prevention, Gap Inc. Direct
Tom Keithley – Vice President of Credit Policy, PayPal
Mike Petitti – Chief Marketing Officer, Trustwave

Tom Sullivan has been re-elected as MRC Board Chair. Pete Pouridis, Vice President, Loss Prevention, Neiman Marcus Group Services has been re-elected as Board Secretary. Joining the MRC officers is new Board Treasurer, Karl Hebert, Director, Global e-Commerce Product Management, Wal-Mart.

“We are very proud to announce our new board,” said Tom Donlea, MRC Executive Director. “The electronic payment professionals who serve on our board represent the brightest minds in our industry. This group will prove invaluable in driving towards and achieving the vision, mission and strategic goals of the MRC.”

Outgoing MRC Board members include: Tim Laudenbach, Credit Risk Manager,; David Gee, Director of Finance & Administration, Blizzard Entertainment; Ori Eisen, Founder, Chairman and Chief Innovation Officer, 41st Parameter; and Jon Karl, Vice President of Business Development & Founder, iovation.

“Tim, David, Ori and Jon have been instrumental figures in the evolution of the Merchant Risk Council,” said Tom Sullivan, MRC Board Chair. “Their commitment, energy and expertise have been vital in educating our membership on the advancements and progression of electronic payment fraud prevention.”

Full 2009-2010 Merchant Risk Council Board Roster

MRC Directors:
  • Chair, Tom Sullivan – Sr. Director, Global Payments & Risk, Expedia, Inc.
  • Secretary, Pete Pouridis – Vice President, Loss Prevention, Neiman Marcus Group Services
  • William Lambson – Director, Global Commerce Payments and Risk, Adobe Systems, Inc.
  • Dave Moriarty – Director of Data Mining, Apple
  • Mike Duffy – CEO, Chase Paymentech
  • Perry Dembner – Vice President, Marketing, CyberSource Corporation
  • Brad Craig – Director of Risk Management, Discover Network
  • Gerry Sweeney – Global Head, e-Commerce & Authentication, Visa, Inc.
  • Dave Sessions – Vice President, Strategy and Business Development, Wal-Mart Global e-Commerce
MRC Advisors:
  • Gary Doernhoefer – Co-Founder and General Counsel, Accertify, Inc.
  • Al Boddorf – Director, Global Financial Services, Dell, Inc.
  • Jerett Sauer – Director Loss Prevention, Gap Inc. Direct
  • Floris de Kort – Vice President of Business Development, GlobalCollect
  • James Pierson – Trust and Safety Program Manager, Linden Lab
  • Ronda Sifford – CSAT Risk Management Group Manager, Microsoft
  • Tom Keithley – Vice President of Credit Policy, PayPal
  • Mike Petitti – Chief Marketing Officer, Trustwave
MRC Board Consultants:

The MRC Board will next convene at the Merchant Risk Council’s Semi-Annual Platinum Meeting in San Jose, CA, September 30-October 1, 2009.

About the Merchant Risk Council
The Merchant Risk Council (MRC) is a merchant-led trade association focused on electronic commerce risk and payments globally.  The MRC leads industry networking, education and advocacy programs to make electronic commerce more efficient, safe and profitable.
Today, with the power of its member-base, the MRC is the leading trade association for managing payments, preventing online fraud and promoting secure e-Commerce.  The MRC is dedicated to working with e-Commerce and multi-channel merchants, payment processors, credit card issuers, credit card companies, alternative payment providers, risk management experts, and law enforcement to make the Internet a safer and more profitable place to do business.
The MRC is headquartered in Seattle, Washington.
Jordan Rubin
Communications and Membership Manager
206.364.2789 office | 206.367.1115 fax

Reblog this post [with Zemanta]

In Two Weeks Your iPhone Will Be Hacked

Does the picture on the left look familiar?  Cause I've used it a dozen times in a dozen posts.  In fact,  most recently, about two posts ago.  The article below is justifies it's use once again.  And this is only the tip of the iceberg.  Smartphones use browsers.  Browsers are not safe.  Financial transactions need to be done outside the browser space.  It's the typing.  Researchers at Black Hat exposed a major vulnerability in the iPhone which would allow a hacker to send an SMS message and completely take over not only your iPhone but everybody in your contacts lists phones as well.   

iPhone vulnerable to hacker attacks, experts say

Flaws can be exploited to take complete control over an iPhone (and other smart phones)

LAS VEGAS - Security experts have uncovered flaws in Apple Inc.'s iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.

IPhone users needed to be warned that their devices are not secure and Apple should try to repair the vulnerability as soon as possible, they said at the Black Hat conference in Las Vegas, one of the world's top forums for exchanging information on computer security threats.

"It's scary. I don't want people taking over my iPhone," Charlie Miller, a security analyst with consulting firm Independent Security Evaluators, said in an interview.

Miller and Collin Mulliner, a Ph.D. student at the Technical University of Berlin, also discovered a method for hacking the iPhone that lets hackers easily knock a victim's iPhone off a carrier's network.

It prevents users from making calls, accessing the Internet and exchanging text messages, they added.

The two showed how they can disconnect an iPhone from the cellular network by sending it a single, maliciously crafted text message — a message the victim never sees. The messages exploit bugs in the way iPhones handle certain messages and are used to crash parts of the software.

1. The major issue is a security flaw involving SMS. Specifically, thehack can control an iPhone remotely, including your iPhone’s camera, Safari, and more. It can even send messages to friends in your address book, which is where this hack becomes scariest.
2. The hack works by sending you code in an SMS message (or a seriesof messages) that crashes your iPhone. After that, your iPhone istheirs to use.
3. The offending text would come in the form of a single square character. If you get the square character, turn off your phone IMMEDIATELY.
4. You only have to receive the message to get hacked; you don’t even have to do anything with the text message.
5. The flaw was discovered by noted security expert Charlie Miller, who has hacked everything from MacBook Airs to Second Life, and partner Collin Mullinger.
6. The attack was presented publicly at the Black Hat conference.The duo decided to do this after Apple gave them no response back inJuly, when they provided Apple with information on the security flaw.The goal is to bring attention to the flaw (which they are clearlygetting).
7. According to Reuters, now that the vulnerability is exposed, hackers could build software that mounts this SMS attack within the next two weeks.
8. Apparently Google Android, Windows Mobile phones, and Palm Presare vulnerable to similar hacks. The team demonstrated the attack on anAndroid phone and a Windows Mobile phone.-

They even said it's possible to remotely control an iPhone by sending 500 messages to a single victim's phone. Those messages contain the necessary commands for the attack and would get executed automatically by exploiting a weakness in the way the iPhone's memory responds to that volume of traffic.

Miller said messaging attacks are so attractive, and are going to become more common, because the underlying technology is a core phone feature that can't be turned off.

"It's such a powerful attack vector," Miller said. "All I need to know is your phone number. As long as their phone's on, I can send this and their phone's going to do something with this. ... It's always on, it's always there, the user doesn't have to do anything — it's the perfect attack vector."

They said the information they presented at Black Hat will give criminals enough information to develop software to break into iPhones within about two weeks. 

Continue Reading

Reblog this post [with Zemanta]

Jamaica Fraud Tops $3 Billion Dollars

Jamaica Gleaner News - Fraud hits historic high at $3b - Business - Friday | July 31, 2009
Fraud hits historic high at $3b
Published: Friday | July 31, 2009
Avia Collinder, Business Reporter

Detective Carl Berry of the Organized Crime Unit of the Jamaica Constabulary Force shows merchants and employees a fake credit card that was seized by the police, at a National Commercial Bank 'Merchant Fraud Seminar' in Kingston. To curtail its losses from credit card scams, NCB has partnered with the police on a series of seminars.

Corporate earnings lost to fraud hit $665 million for the first half of this year, prompting the police fraud squad to warn company managers and individuals to be more vigilant in the supervision of employees and pre-paying for goods and services.

But that outcome annu-alised is a more than a two-fold improvement, coming off a spectacular year for crooks in 2008 when monies lost to fraudulent activity passed the J$3 billion mark for the first time in Jamaica's history.

Continue Reading Mawn

Reblog this post [with Zemanta]

Think This is Safe? Think Differently!

Experts predict more mobile Trojan slip-ups on the way
As news that the Symbian Foundation has admitted it needs better safeguards to prevent malicious apps finding their way onto mobiles,

Fortify Software predicts this problem is going to get worse for mobile phone manufacturers and their operating system developers.

"The problem with mobile phones is that their processing capacity is increasing at a near-exponential rate, with some of the latest smartphones the technological equivalent of the PCs seen in the early part of this decade," said Richard Kirk, director of the application vulnerability specialist.

"And whilst the power of the average smartphone has soared on the last few years, the behind-the-scenes technology and security assurance practices required to prevent any security loopholes in the operating system and/or applications is not as up to speed as it is on the desktop/laptop platforms," he added.

Because of this, hackers and malware developers are now turning their attentions to the microcomputer many of us have in our pockets - the smartphone.

Editor's Note:  And the rush to bring a mobile payment platform that is "convenient" and "easy to use" will be a gold mine to hackers. 
A goldmine I say!

Reblog this post [with Zemanta]

4 Arrested in $422,000 ATM Scam

DSCF0593Gang charged in $422,000 ATM scam

Authorities in New York have arrested four people accused of stealing $422,000 by exploiting a regulation requiring banks to reimburse the accounts of customers who claim their ATM cards have been used without their permission.

The four defendants - Lam Dang, Eric Manganelli, John Tluczek and Marzena Tluczek - are charged with making false claims totalling more than $700,000, to more than 20 banks, including HSBC, Wachovia and Chase.

In each case, the defendants opened accounts and padded them with large deposits over the course of several months before draining them again, with withdrawals of $500 to $1000 per day, say prosecutors.

Once the accounts were empty, the scammers would contact the bank and say their ATM cards had been stolen or lost and that the withdrawals were unauthorized. After the banks reimbursed the "stolen" money, the defendants would close the accounts, according to the indictment.

The four are accused of exploiting regulation E of the federal Electronic Fund Transfer Act, which requires banks to reimburse victims within 10 days of reporting the fraud. 

Continue Reading at Finextra

Reblog this post [with Zemanta]

More on Clampi...It's the Big One!

"The best strategy to defend against Clampi is to use separate machines for Web surfingand funds transfer" 

"We weren't all thatworried about Storm, and we weren't all that worried about Conficker, This one you need to worry about." 

- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.

Finextra: Bank data-stealing Trojan infects hundreds of thousands of PCs - researcher
Bank data-stealing Trojan infects hundreds of thousands of PCs - researcher

A "tremendous" amount of financial data has been stolen by a Trojan that has infected hundreds of thousands of corporate and personal PCs, according to information security specialist SecureWorks.

Clampi, also known as Ligats, Ilomo or Rscan, has spread across Microsoft networks in a "worm-like fashion" and is "one of the largest and most professional thieving operations on the Internet" says Joe Stewart, director of malware research at SecureWorks' counter threat unit.
Once it has infected a PC, the Trojan monitors Web sessions to see if one of 4500 targeted sites are visited. If a victim uses one of these sites - which include those of banks, credit card companies, stock brokerages and insurance firms - it captures sensitive information such as usernames, passwords and PINs.

Continue Reading at Finextra

Reblog this post [with Zemanta]

Thursday, July 30, 2009

Security Researchers: Online Transactions Aren't Safe

If you think you are seeing a pattern over the last two days, about how insecure the internet is, especially when it comes to financial transactions, then you'll also notice that the Paradigm Shift I've been talking about is starting to take shape. 

It's becoming increasingly clear. 

  • Internet Security Broken
  • No Website is Safe
  • Online Transactions aren't safe
  • Use the Internet for browsing, use another device for payments.  
Read more about those bulletpoints in the related articles section below.  In the meantime, there's only one "another device" in the world designed for online transactions to be is PCI 2.x certified.  I think it's the one HomeATM built.  Yup, it is!    Does that mean we can fix web security.  We can when it comes to transactions.  Here's yet another article proving our methodology:

Security researchers: Online transactions aren’t as safe as we thought

Internet security is busted, said researchers at the Black Hat conference in Las Vegas today.

If this sounds familiar it’s because just a year ago, Dan Kaminsky (pictured left) found a flaw in the Internet’s address book, the Domain Name System, where hackers could fool DNS servers into redirecting traffic to bogus sites. The tech industry pulled together quickly to patch the hole and minimize the vulnerability.

The same thing happened here, as Kaminsky rounded up a coalition of companies to deal with a weakness in X.509, a cryptographic system used to create digital certificates. The digital certificates are the way that a web site can verify the identity of a unique users who is visiting the site and wants to do a transaction. It’s a lot like using a passport photo to identify someone standing in front of you. Everyone from to Microsoft uses it in so-called digital handshakes that precede e-commerce transactions.

When Kaminsky walked into the standing-room only auditorium where he talked about the flaws in X.509, he got a lot of applause. You would never know that a day earlier his own personal web site,, got hacked.

But Kaminsky held the crowd spellbound as he elaborated in great technical detail. Then he got started describing what he called the “crisis of authentication.” He showed that by altering a line in a digital certificate, hackers could fool users into believing that a site is legitimate when it really isn’t.

Businesses have invested hundreds of millions of dollars in the public key infrastructure system that was developed in the 1990s. Now Kaminsky, as well as grad student Len Sassaman (second from right) says we need to reboot the system. Tim Callen, (pictured far right), a vice president at Internet infrastructure authority VeriSign, pretty much agreed.

Continue Reading


Separate Machines Needed for Web Surfing and Transactions
Arenowned researcher has stated our case: "The best strategy to defendagainst Clampi is to use separate machines for Web surfing and fundstransfer" - Joe Stewart, one of the world's foremost...
Jul-30 - 2009 | More ->

No Websites, Legitimate or Not Can Be Trusted
Websense: This Past Month in Web ThreatsSTATE OF THE THREAT ABSTRACT:Theconjunction of technologies and the monetizing of hacking have resultedin a web environment where no websites,...
Jul-30 - 2009 | More ->


Reblog this post [with Zemanta]

Down on Main Street

Pain on Main Street: A First-Ever Drop in Card-Based Same-Store Sales

(July 30, 2009) As the recession continues to batter merchants of all sizes, small and medium-size retailers are getting hit especially hard, and as a result so are the acquirers that process their card transactions. Indeed, in a development apparently never seen before, same-store sales on Visa and MasterCard for these Main Street merchants were down fully 4.9% in the January through May period, according to research released this week by First Annapolis Consulting. By contrast, same-store sales for these same merchants had climbed modestly, by 1.5%, last year.

To get a picture of the current state of merchant acquiring, First Annapolis surveyed 17 acquirers—nine bank acquirers and eight non-bank processors--that account for more than half of all U.S. card-based payments. Besides the overall decline it discovered, the firm said 17 acquirers reported same-store sales plummeting by more than 10%. Overall, bank acquirers reported a steeper drop in sale-store sales than did the non-banks.

“To put this into perspective, card-based payments have never registered same-store growth declines overall, even in past recessions,” the Linthicum, Md.-based consulting and research firm said in a statement announcing its results...

Continue Reading at Digital Transactions

Reblog this post [with Zemanta]

Malware Numbers Intensify: 92k into 30 Million

PandaLabs announced a multi-year study that examines the proliferation of rogueware into the overall cybercriminal economy.

Click the graphic on the left and prepare to be shocked and amazed.  In 2006 there were less than 740,000 malware samples.  By the end of 2008 there were 15 million.  By the end of June 2009, there were 30 million.  I'm thinking Swiping vs. Typing here.

The report reviews the various forms of rogueware that have beencreated, and displays how this new class of malware has become aninstrumental player in the overall cybercriminal economy.

The study also provides in depth analysis on the increasinglysophisticated social engineering techniques used by cybercriminals todistribute rogueware via Facebook, MySpace, Twitter and Google.

PandaLabs predicts that it will record more than637,000 new rogueware samples by the end of Q3 2009, a tenfold increasein less than a year.

Approximately 35 million computers are newlyinfected with rogueware each month...

Cybercriminals Earn $34 million dollars per month on rogueware
Background: The History of Malware Growth

Malware has rapidly increased in volume and sophistication over in the past several years. The graph below illustrates the malware landscape from 2003 to 2006 over which the total number of malware samples doubled every year:

Barely five years ago, just 92,000 total malware strains existed; by the end of 2008, there were approximately 15 million. At the conclusion of this study in July 2009, PandaLabs detected more than 30 million malware samples in existence.

The reason behind this vast increase in malware is clear: money. In 2003, banking Trojans quietly emerged on the scene. These malicious codes, designed to steal online banking credentials, now rank among the most common forms of malware. Every day, we see new variants that have evolved technologically in order to evade the security measures banks have implemented.
Click either Graphic to Enlarge and Read

Reblog this post [with Zemanta]

Separate Machines Needed for Web Surfing and Transactions

A renowned researcher has stated our case:

"The best strategy to defend against Clampi
is to use separate machines for Web surfingand funds transfer"

- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.

"Using Windows, it's too dangerous todo transactions on the same machine you do for Web surfing," he says."You can't have any crossover between them."

Editor's Note:  Looks to me likethe message we've been trying to get out for 15 months is finallygetting out.  When one of the world's foremost authorities on web security says the only way to protect against Clampi is to use too separate machines,  we agree 100% .  After all, it was HomeATM who has stated unequivocally since day one, that people should use "separate machines" for Web surfing and financial transactions. That's why we created ours.  The fact that it is PCI 2.x and TG-3certified only strengthens the case for using it.    You surf the webon one machine (the PC) and conduct financial transactions on another. (our SafeTPIN device)


LAS VEGAS -- BLACK HAT USA 2009 -- A security researcher has discovered a Trojan that is designed to extract account data from as many as 4,600 of the world's most popular and wealthy businesses.

In "one of the largest and most professional thieving operations on the Internet," a Trojan called Clampi (also known as Ligats, llomo, or Rscan) has spread across Microsoft networks in a worm-like fashion, and may already have infected hundreds of thousands of corporate and home PC users, according to SecureWorks researcher Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.

"We weren't all that worried about Storm, and we weren't all that worried about Conficker," Stewart says. "This one you need to worry about."

The Trojan uses PsExec -- a popular, lightweight Telnet replacement tool that lets one system execute processes on other systems -- and a sophisticated process of encryption and packing to hide its origins and targets. So far, Stewart says, the Trojan appears to be targeting 4,600 Websites, of which he has identified approximately 1,400 in 70 countries.

Those 1,400 sites include some of the most popular and financially lucrative companies in the world. "This thing is like the Dun & Bradstreet of the underground hacking world," Stewart says. "It's attacking the sites with the most users and the most money." Among the industries being targeted are banks, credit card companies, stock brokerages, insurance, retail, advertising networks, and utilities.

Clampi is operated by a "serious and sophisticated organized crime group from Eastern Europe" and already has been implicated in numerous high-dollar thefts from banking institutions, Stewart says. "This attack is not being sold underground," he says. "You can't buy a Clampi kit like you can for other Trojans."

Clampi generally can avoid detection by antivirus software, and it even has the ability to discover which AV software a PC is using and take steps to avoid it, Stewart says. Enterprises currently can block Clampi with an intrusion prevention system, but Stewart says he doesn't expect that defense to last very long before the Trojan adapts.

The best strategy to defend against Clampi -- and other attacks that use a similar approach -- is to use separate machines for Web surfing and funds transfer, Stewart says. "Using Windows, it's too dangerous to do transactions on the same machine you do for Web surfing," he says. "You can't have any crossover between them." 

Read the Entire Article at Dark Reading

MasterCard Shares Rise after Reporting Strong Earnings

NEW YORK (Reuters) - MasterCard Inc, the world's second-largest credit card network, reported better-then-expected quarterly earnings Thursday as it raised fees charged to banks and cut expenses, sending its shares up 7 percent.

"It is a question of cost control," said Robert Dodd, an analyst at Morgan, Keegan & Co. "Marketing and advertising expenses were much lower than I expected."

The company's larger rival, Visa Inc, also reported better-than-expected quarterly earnings on Wednesday, helped by lower expenses.

But MasterCard Chief Financial Executive Robert Selander said the downturn in consumer spending would make it difficult for the company to meet its target of average annual revenue growth of 12 percent to 15 percent in the period 2009-2011.

"We don't expect the economic slowdown across the world will improve until sometime next year," Selander said in a conference call with analysts.

MasterCard's second-quarter net income was $349 million, or $2.67 per share, compared with a loss of $747 million, or $5.70 per share, a year earlier.  

Excluding special items, earnings were $2.67 a share, topping analysts' average forecast of $2.43, according to Reuters Estimates.

Expenses declined 13 percent to $722 million, excluding special items, as the company trimmed advertising and marketing spending by 36 percent and reduced personnel and administrative costs.  Continued...

Reblog this post [with Zemanta]

No Websites, Legitimate or Not Can Be Trusted

Websense:  This Past Month in Web Threats


The conjunction of technologies and the monetizing of hacking haveresulted in a web environment where no websites, legitimate or not canbe trusted.

Is Logging In with Username/Password "Careless and Negligent?"

I had to bring you an excerpt from a story in today's AsiaOne Business entitled "Credit Card Stolen? Mind the Pitfalls."   I especially liked the quote from the bank that did not want to be named.  (enlarged below)

BANKS in Singapore are standing by their policy of holding customersresponsible for transactions made on their lost or stolen cards if theydo not report the missing card in time.  Consumers who cry foul may have no leg to stand on, as the policy is stated in the fine print on the contract they have signed.

Acheck with seven banks and two credit card companies has found thatthose who hold Singapore-issued cards are liable for any unauthorizedtransaction made before the loss is reported.

Some, like DBS Bank and Citibank, will at most review cases individually.

One bank that did not want to be named told The Straits Times it wasunfair for banks to take the blame and shoulder the cost whencardholders themselves in most cases are careless or negligent. Theremay also be fraud involved.

So let me get this straight.   The consumer should take the blame because they are careless and negligent.  I wonder when banks will consider typing a "username and password" into a box on their online banking website "careless and negligent."  I wonder when banks will consider using a credit/debit card for an online purchase, by typing their card number into a box on a website "careless and negligent."  

Viruses, Malware and Botnet Zombies at an all time high

Editor's Note: Financial Transactions CANNOT be done on the web because the "wicked web" hackers  weaved have made it unsafe.  HomeATM is "hands down" doin' it right, by doin' outside the browser. 

You would think the information below would alarm people.  You would think the information below would paint a picture that the web is not safe.  You would think that.  Wouldn't you? 

The conjunction of technologies and the monetizing of hacking haveresulted in a web environment where no websites, legitimate or not canbe trusted.
Spam volumes have increased 141 percent since March, continuing the longest streak of increasing spam volumes ever, according to McAfee's Q2 Threats Report. The report also highlights the dramatic expansion of botnets and the threat from Auto-Run malware.

  • The number of viruses sent over email has increased by 300 per cent in the last three months, according to Network Box. 
Analysis of Internet threats in July 2009 shows the number of viruses is at its highest so far this year, peaking at around 12 viruses per customer per hour.

More than 14 million computers have been enslaved by cybercriminal botnets, a 16 percent increase over last quarter’s rise. The report confirmed McAfee’s first quarter prediction that the surge in botnet growth would send spam levels to new heights, surpassing their previous peak in October 2008 before the takedown of the spam-hosting ISP McColo.

  • McAfee researchers also found that, over the course of 30 days, Auto-Run malware had infected more than 27 million files. 
Auto-Run malware, which exploits Windows’ Auto-Run capabilities, does not require any user clicks to activate, and is most often spread through portable USB and storage devices. The rate of detection surpasses even that of the infamous Conficker worm by 400 percent, making Auto-Run the number one piece of malware detected around the world.

Botnets (also called zombie armies or drone armies) are networks of compromised computers infected with viruses or malware to turn them into “zombies” or “robots” – computers that can be controlled without the owners’ knowledge. Criminals use the collective computing power and connected bandwidth of these externally-controlled networks for malicious purposes and criminal activities, including, inter alia, generation of spam e-mails, launching of Distributed Denial of Service (DDoS) attacks, alteration or destruction of data, and identity theft.

  • Fourteen million additional computers have been turned into botnets or this quarter.
  • That averages to more than 150,000 computers infected every day, or 20 percent of the personal computers bought daily (Source: Gartner 2009).
As the number of bots continues to grow, malware writers have begun to offer malicious software as a service to those who control botnets. By exchanging or selling resources, cybercriminals distribute new malware to wider audiences instantaneously. Programs like Zeus - an easy-to-use Trojan creation tool - continue to make the creation and management of malware even easier.
I hate having to "type cast"...but anyone and everyone who types their card numbers into a box on a website will have those numbers swiped.

If Your Card Data is Going to Be Swiped, Shouldn't You be Doing the Swiping?

Reblog this post [with Zemanta]

Visa 3Q Net Up 73% On IPO Gain; Volume Drops 5%

Article -
BOSTON (Dow Jones)--Visa Inc.'s (V) fiscal third-quarter profit soared 73% from a year ago, as investment income and reduced expenses offset a slowdown in consumer spending.

In 4 p.m. New York Stock Exchange composite trading on Wednesday, the company's shares were at $66.78.On the heels of the results, investors pushed the stock down to $66 in after-hours trading.

The San Francisco-based company also reiterated its view that net revenue growth this year will be in the high single digits and at the lower end of the 11% to 15% range in 2010. The company said it expected earnings per share to grow at more than 20% through 2010 and predicted annual free cash flow of over $1 billion during this period.

Visa reported net income in the third quarter of $729 million, or 97 cents a class A common share, compared with $422 million, or 51 cents per class A common share, a year earlier. Excluding a one-time gain related to the sale of an equity stake through an initial public offering, net income totaled $507 million, or 67 cents per class A common share.

Its results beat analysts' estimates of net income of 64 cents a class A common share, according to Thomson Reuters.

Continue Reading at Wall Street Journal

Reblog this post [with Zemanta]

Wednesday, July 29, 2009

Syncada: Visa's New Onliine Payment Processing Business with US Bancorp

U.S. Bancorp, Visa launch online payment processing business

Minneapolis-based U.S. Bancorp and payment giant Visa have launched a new company that will be based in the Twin Cities.

The two companies said today they've partnered to create a Syncada - a standalone LLC that will use a global network of banks to electronically track invoices, process payments and finance inventory for corporations and governments that do business all over the world.

"I'd say this is an online bill payment tool for businesses," said Rick Langer, chief operating officer of Syncada, adding that much of corporate bill-paying today is done on paper.

U.S. Bancorp contributed its technology and 550 employees to the new company. Visa made an undisclosed capital investment in Syncada.

For now, Syncada is housed at U.S. Bancorp's downtown Minneapolis headquarters, but it will move into its own space soon, executives said. Syncada's board is evenly comprised of Visa and U.S. Bancorp officials.

U.S. Bancorp has offered online bill pay for its commercial customers for some time through a service the bank called PowerTrack.

"We invested in this business back in 1997 and we did our first transaction in 1998," said Rob Abele, president of U.S. Bank Corporate Payment Systems. "We've been successful in growing that business handsomely, but now we're reaching the point where we have more and more multinational customers asking for that solution outside U.S. borders."

But because U.S. Bancorp isn't licensed to do business all over the world, it'Sbeen limited in where it can provide those services to customers. By partnering with Visa, which has the experience and clout to assemble the global network of banks needed to make Syncada work, U.S. Bancorp can extend its reach.

"Whenever you are trying to do something like this ... you have to get enough banks involved and enough parties willing to work with those banks to make this work," said Nancy Atkinson, a senior analyst at Boston-based research firm Aite Group.

Visa's name and experience will go a long way toward building a strong network, Atkinson said, but there will be challenges - namely a handful of "competitors" that offer various aspects of what Syncada aims to sell.   "One of the problems is there is no industry standard for any of this," she said.

Nicole Garrison-Sprenger can be reached at (651) 228-5580.

Official Press Release

Visa and U.S. Bank Launch Syncada – a Global Financial Supply Chain Network

Visa Inc. (NYSE: V) and U.S. Bank, the lead bank of U.S. Bancorp (NYSE: USB), today announced the creation of Syncada – a joint venture that provides a business-to-business (B2B) network for corporations and governments to process and track invoices, make and receive payments around the world, and have payables or receivables financed through local and global financial institutions.

Syncada is unlike any other network in that it combines Visa’s proven experience in delivering commercial payment services to financial institutions and managing a multi-bank network, with U.S. Bank’s PowerTrack, an automated B2B e-invoicing, payment processing and trade finance network. The venture allows financial institutions of all sizes to offer their commercial clients standardized B2B invoice processing, financing and payment services across a variety of payment types and local currencies. Financial institutions can also build transaction and credit-based treasury management business by offering the network’s services to buyer and supplier clients.

Syncada extends the vision of both Visa and U.S. Bank to provide companies and governments a more efficient way to pay and be paid by replacing inefficient, paper-based B2B processes with an integrated, fully electronic financial supply chain platform.

Participants in Syncada’s network of buyers and suppliers can benefit from:
  • Lower costs from the elimination of expensive paper processes
  • Reduced billing and payment errors
  • A more accurate accounting of spending by category
  • Improved management of working capital and global cash needs
  • Access to financing through a global network of financial institutionsas new bank participants join
  • Seamless integration with a proven network using patented technology

Syncada has begun operations and initially serves U.S. Bank and its legacy client base from the PowerTrack network, which serves hundreds of customers, interacts with thousands of suppliers, and processed over $18 billion in invoices in 2008. U.S. Bank will continue to work with its customers uninterrupted through the Syncada network.

"Syncada complements Visa’s core payments business by expanding our capabilities in B2B supply chain management,” said Joseph W. Saunders, Chairman and CEO of Visa Inc. "By investing in this leading platform, we can offer Visa’s financial institution clients around the world access to Syncada’s services, backed by a comprehensive sales and support infrastructure that will help extend the reach and capabilities of Visa’s commercial product suite.”

"U.S. Bank’s stature in the payments business was built by decades of investment to create a powerful and efficient payment service for corporations and government institutions. PowerTrack has been key to our success in payments, and in attracting new commercial banking clients,” said Richard K. Davis, Chairman, President and CEO of U.S. Bancorp. "Taking what we built in PowerTrack, combining it with Visa’s deep experience in building a multi-bank network and transforming it into Syncada will enable the network to grow by expanding the offering to new partners around the globe. We’re proud to be an investor in Syncada, to be its first customer, and to continue to serve our U.S. Bank clients through the new entity.”

As part of the joint venture, Visa has made a capital investment in Syncada and will provide its experience in building and managing a multi-bank network, as well as marketing, sales and risk management support. U.S. Bank contributed assets – including its technology platform and certain personnel – and will provide expertise in automating general payables/receivables spend, in addition to focused expertise in multiple spend categories, including freight, utility, telecom and global trade payments.

Syncada will be headquartered in Minneapolis with operations in Chicago, Memphis, Toronto, Mumbai and Brussels. Syncada’s day-to-day operations are led by its independent management team.

About Visa Inc.: Visa Inc. operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world, and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 170 countries. For more information, visit

About U.S. Bancorp: U.S. Bancorp (NYSE: USB), with $266 billion in assets, is the parent company of U.S. Bank, the 6th-largest commercial bank in the United States. The company operates 2,850 banking offices and 5,173 ATMs in 24 states and provides a comprehensive line of banking, brokerage, insurance, investment, mortgage, trust and payment services products to consumers, businesses and institutions. Visit U.S. Bancorp on the web at

Reblog this post [with Zemanta]

Disqus for ePayment News