Friday, January 9, 2009

Software Breach 92 Times More Likely than Hardware Breach

Yesterday, DTN wrote that Fireman's Fund Insurance is offering SME's payment card breach insurance. That kinda gives you an idea how serious of a problem these breaches really are.

Remember, software is 92 times more likely to be breached than hardware. (In 400+ breaches, 92% were "software related" (combining POS and Online Shopping Cart software) while only 1% were hardware related). Source: Trustwave (PDF)

Oh, by the way, the 1% of hardware device breaches were the result of tampering, which is highly unlikely, if not virtually impossible, to occur with your own personal swiping device from HomeATM. I sincerely doubt anyone would break into your home and start fiddling with your personal card swiper and leave your big screen HDTV on the wall...don't you?

So which would you rather use if you were shopping online? A software based application, or a hardware based solution.

With Breaches Rising, Insurer Offers Card-Compromise Coverage

"Fireman’s Fund Insurance Co. this week unveiled what it says is the first coverage available to
small and medium-sized businesses for losses from payment card data breaches. News of the policy came on the same day that a non-profit research organization reported that data breaches increased 47% last year. The idea behind the coverage, according to Brian Gerritsen, product director at Novato, Calif.-based Fireman’s, is to give peace of mind to business owners who are diligent about complying with the Payment Card Industry data-security standard, or PCI, the card networks’ uniform protection rules that all card acceptors are supposed to meet.

Continue reading at Digital Transaction News

TJX Suspect Gets 30 Years

In a follow up to a series of posts I've dubbed "Hacker's 11, The Boston Globe reports that a suspect has been jailed in Turkey for an unrelated (well, related in the sense that he was found guilty of an unrelated cybercrime)  It is believed to be the harshest sentence ever for a cyber-related crime.

In a separate article, Finextra reports: "
Although US authorities filed extradition papers against Yastremskiy he has now been convicted in Turkey on the separate charges. According to local reports, he pleaded not guilty but was convicted yesterday in a court in the city of Antalya."

Here's the story from the Boston Globe:

Suspect in TJX data theft sentenced in Turkey in unrelated case - The Boston Globe

By Ross Kerber and Musa Kesler, Globe Correspondent | January 9, 2009

ISTANBUL - A Ukrainian man who authorities allege played a key role in the largest data theft on record was sentenced to 30 years in prison in Turkey yesterday in an unrelated case.

US prosecutors have said that Maksym Yastremskiy was instrumental in the sale of credit and debit card numbers stolen from the retailer TJX Cos. of Framingham and other companies. While the sentence may be one of the longest ever handed down in a cybercrime, the conviction could hamper his prosecution in the United States.

He and 10 others were charged last year with (Editor's Note: See  Graphic on Right)  being part of a ring of thieves from around the world that broke into nine major US retailers' computers systems, stealing customer data and then selling that information. The thieves allegedly hacked into the systems and installed programs to capture data.

Yastremskiy, according to prosecutors, earned more than $11 million from his illicit activities. He has also been charged in another US case, involving theft of data from a Texas restaurant chain.

Court documents indicate that in TJX's case, as many as 100 million card numbers were stolen. Prosecutors alleged the ringleader was Albert Gonzalez of Miami.

A 27-year-old business school graduate, Yastremskiy was arrested in 2007 while on vacation in the Turkish resort of Kemer. His attorney, Ridvan Yildiz, said he was charged with breaking into Turkish bank accounts electronically, to which he pleaded not guilty.

He was sentenced yesterday in Antalya, a city on Turkey's southwestern Mediterranean coast near the resort town.

Before sentencing, Yildiz said, Yastremskiy told the judge: "I am innocent. I didn't do anything to break bank accounts. Somebody else did it, not me. I want to be released from the jail."

Yastremskiy had also argued that a laptop computer found in his hotel room containing bank information belonged to a friend.

Yildiz plans to appeal the sentence to Turkey's highest court, known as the Yargitay.

The 30-year sentence was at the low end of the range of 24 to 72 years sought by prosecutors.

Mark Rasch, a former federal prosecutor and computer-crimes expert in Bethesda, Md., said the sentence was the longest he had ever heard of involving a cybercrime. It would be allowed under US laws only if the offenses had led to death or other extreme consequences, he said.

Yet the heavy sentence could give US prosecutors influence in obtaining Yastremskiy's cooperation against others. "This would be great leverage," Rasch said.

A previous defense attorney for Yastremskiy had said that US officials have sought to extradite him, but that Turkish law prevents that until after he serves his sentence.

Yesterday, US Justice Department officials would only say they continue to seek Yastremskiy his extradition. US prosecutors in Boston have already won several guilty pleas from minor figures in the case.

Ross Kerber can be reached at Kerber reported from Boston. Kesler, a correspondent for the newspaper Milliyet, reported from Istanbul

Reblog this post [with Zemanta]

POS Special Issue from JBF (not me)

The Journal of Business Forecasting (JBF) has published a special Point of Sale Issue.  Here's there press release.

Great Neck, N.Y., Jan. 9, 2009 -- As businesses continue to search for better ways to thrive in a volatile economic climate, the IBF offers guidance with a special issue of the Journal of Business Forecasting, which includes 12 articles on demand planning & forecasting with Point-of-Sales (POS) / Syndicated data. This issue has all you need to know about how to keep pace with consumer behaviors and make better decisions with consumption data. Winning companies are the ones leveraging consumption data for forecasting in this economic climate.

Over the past months, the world's current economy has forced change in demand planning and forecasting processes. Consumers continue to be less loyal, more demanding, and more cost conscious. In order to operate efficiently and profitably in this environment, making decisions based on what consumers are doing is extremely valuable. This special issue will give professionals best practices in forecasting & planning with POS/ Syndicated data that can spell survival for retailers who integrate them into their business strategy.

Highlights include the articles by demand planning & forecasting professionals, such as Jeff Brown's article (Consumer Driven Forecasting to Improve Inventory Flow: Brown Shoe Company's Journey) about how the Brown Shoe Company implemented a forecasting process to capture information about consumers' purchases so they could synchronize demand with factory operations. The article by Robin Simon gives the ABC's of POS-based demand planning and forecasting while the article by Larry Lapide from MIT discusses the what, why, and how of POS data. Hugh McCarthy from Nestle explains how to enhance the demand planning process with POS forecasting; Mike Borgos from Osram Sylvania tells how to maximize POS as a source of data and insight; and Richard Shapiro from Jarden Consumer Solutions gives details on how to use POS data in demand planning.

The Journal of Business Forecasting, a leading quarterly publication of the IBF for nearly 30 years, is complimentary with IBF membership. This commemorative Point-of-Sale (POS) and Syndicated Data Winter 2008-2009 issue will hit the shelves in January 2009.

To reserve your copy and download a free sample article from this special issue visit:

Source: Company press release.

Reblog this post [with Zemanta]

See You Later...

Amazon Cuts Ties with Bill Me Later, still holds equity stake.

On Dec. 31st, 2008, (to no one's surprise) Amazon removed Bill Me Later as a payment option from it's website. PayPal purchased  BillMeLater in October for $945 million and Amazon had invested in them almost a year earlier.

According to the The GreenSheet, "Amazon's statement offered no explanations; it simply said, "Bill Me Later will no longer be accepted as a payment method on Amazon. However, all sales and orders processed with Bill Me Later prior to the sunset date will continue to be processed." More than 1,000 online stores, catalogs and travel sites currently offer BML as a payment method they said.

In December of 2007, Amazon took and equity stake in Bill Me Later which competed with PayPal's Pay Later Service. 
The way Bill Me Later works is you enter your birth date and last four digits of your social security number online, and it does a credit check on you in three seconds to determine whether you are worth the risk. Bill Me Later pays the merchant, and sends you a bill. 

I imagine that Amazon will sell it's stake in BML but as of yet, no announcement has been made.

Reblog this post [with Zemanta]

Big Show Starts Sunday

What are you doing this Sunday?

Reblog this post [with Zemanta]

Disqus for ePayment News