Thursday, January 22, 2009

Inauguration Day Fraud

Heartland's Bad Ticker took a blow today as their stock dropped $5.93 to close at  $8.18. 

That's a devastating 42% decline! 

Can't say I didn't see it coming. Just didn't think it would happen this quickly.  Maybe their attempt to sway exposure by announcing the hack on inauguration day backfired on them...big time. 
Here's a screen shot of the final day's numbers.  (still dropping in after-hours trading)  Click the graphic to enlarge.

In another development, one of our readers, the founder of  a site called, (it looks like a great site, take a peek!)  forwarded me a video his site put together, which criticizes Heartland, for releasing news of the breach on inauguration day.

As I mentioned in the Tuesday's afternoon post, entitled: Largest Breach Ever? Deception Involved?, some people questioned the inauguration day release of Heartland's breach, a simple 1 page news release. One even stated: "that seems very deceptive" 

Apparently it seemed rather deceptive to the folks at InsideIDTheft as well. Here's their video, which puts a rather daunting perspective on the timing of the news release: 

Enjoy, and thanks Keith for sharing!

PIN Debit Payments Blog

Reblog this post [with Zemanta]

Heartland's Bad Ticker

We're going to follow Heartland's "Bad Ticker" from now until Valentines Day.  Yesterday there was some murmur's,  today started with some palpitations, and last time I looked, their was some severe chest pain.  So there's definitely been a Heartland Attack.

As Sanford used to say, "'s the big one..."   Rush them to the ER cause the last time I looked their stock was down $2.98 or 21.12%.

Update:  3.33 pm ET.   Well it doesn't look like they're gonna make it.  Stock is down $5.32 or almost 40%!  

To make it easy to follow, I've placed Heartland's Bad Ticker, complete with bad news,  just below the search button on the right.

Reblog this post [with Zemanta]

The Bad Guys Are Very Good - Heartland President

Yes, that's what he said.  I know what he meant, but nonetheless, it's the kind of line that both Norm Crosby and Yogi Berra would be proud of.

According to Heartland has closed the security hole that ultimately may lead their own extinction...especially considering how bad their ticker looks today.

I've posted comments throughout.

"Heartland says it has closed the security hole that allowed criminals to infiltrate their systems, but the matter is far from settled.

The company will likely have to pay big penalties to banks to reimburse the cost of issuing new cards, and analysts say the intrusion could even threaten the company's survival if the big card brands decide to cut off Heartland from connecting to their networks.

One big payment processor, CardSystems Solutions, went under after a 2005 data breach in which 40 million credit card accounts were compromised and the big card brands stopped doing business with CardSystems. Representatives for Visa Inc. and MasterCard Inc. declined to comment" 

(Editor's Note: If Heartland was PCI certified, I highly doubt they'll be "cut-off" by Visa/MC, however, that's not to say that they won't lose a significant portion of their 250,000 member base, especially considering that these merchants may be subjected to very expensive fraud-related remedies.  The merchant's will look to Heartland when the bills come.  I was surprised Heartland is not offering free credit report monitoring, so I won't be when they tell merchants to "deal with it."  Sounds like the clock is running for Heartland...also  sounds like they've got a bad-ticker...)

Speaking of tickers...I see that HPS is down almost 20% today.  (see live chart at end of this post)

Yesterday, I said in a post
"As people start to realize the magnitude of the breach, and therefore the losses associated with them, I expect HPS stock get "massacred" by...ironically, "Valentine's Day."    Maybe that "Valentine's Day Massacre" might be come earlier than I thought...

Getting back to the story, "the industry's security requirements call for payment processors to have separate networks — one for the financial transactions, and another for their general corporate tasks. Heartland wouldn't say how the malware got into the network that processes financial transactions or when it was planted there. (Why would that be?)

"If you're actually able to compromise that protected network, you're in, man — you have the keys to the kingdom," said Mike Rothman, senior vice president of strategy for security software vendor eIQnetworks Inc. "I presume they were able to sniff a large part of the payment traffic at the time the network was compromised."

Robert Baldwin, Heartland's president and chief financial officer, said the thieves accessed a part of Heartland's network that handles transactions for 175,000 of the 250,000 merchants the company works with. He said the program slipped past Heartland's antivirus software and was able to read data in unencrypted form as it was passed from Heartland to the card brands.  Baldwin said Heartland uses heavy encryption, which means its data is cloaked in special computer coding so unauthorized computers can't read it, but added that the data has to be sent in unencrypted form to the card brands, which is where the criminals were able to spot it. (Editor's Note:  "and  therein lies the problem)

"Baldwin emphasized that no PIN codes were believed stolen. Baldwin added that the company passed an industry-mandated security inspection in April."  (about which much will be written in coming days/weeks/months)

"Unfortunately the bad guys are very, very good," he  said. "The malware we encountered did not, and does not, get very well captured by antivirus software, (ya-think?)) so it's a challenge we're going to have to keep working as an industry to combat."

Continue Reading at

Reblog this post [with Zemanta]

SUBASE Command Members Cloned

According to the SUBASE website, "The U.S. Navy's submarine force has the world's most capable submarines, manned by the world's best trained and motivated submariners. During a political or military confrontation, anypotential adversary must assume that United States Navy submarines "are present" and consider the consequences."

However, according to the story below, there's a different kind of adversary out there, and they count on them being "not present."
   You think some people were up in arms when Dolly was cloned...when they catch these guys, I don't think they'll be sending them up river...they are going "down."

The Dolphin - Credit card cloning on the rise

GROTON, Conn. - Over the last few months, SUBASE command members have reported unauthorized credit card purchases on their personal credit card accounts occurring at retail stores and service stations throughout the country.

None of the naval members were "physically present" in these states and all were in possession of their personal credit cards. Based on this information, it appears that the naval members had their credit cards skimmed and subsequently cloned. Although cloning of credit cards in not considered new, over the last several years, this type of fraud is becoming increasing common with numerous incidents being reported.

Cloning is accomplished by unscrupulous individuals using a cell phone-sized device known as a "skimmer" wherein they are able to swipe the credit card or the leaked credit card information which captures the data on the magnetic strip of the card. The criminal can utilize this information to transfer the data and create a "new" credit card or activate an expired old credit card. The skimming device, costing less than $300 can hold numerous credit card/debit card numbers allowing a thief to later make a duplicate version of the credit or debit card.

Continue Reading at the Dolphin

Reblog this post [with Zemanta]

Canadian Payments Forecast

Technology Strategies International has released a report titled "Canadian Payments Forecast - 2009" forecasting that the Canadian debit and credit card market will be hit by the decline in personal expenditure on consumer goods and services as a result of the economic downturn, but over the long term both forms of payment will command a greater share of all consumer expenditure.

According to the report, "credit card payments will account for 38% of personal consumer expenditure by 2013, approximately double the share predicted for debit card payments."

“By 2013 we expect there to be about 130 million payment cards in circulation in Canada, with card based payments being accepted at about 720,000 merchants”, notes Christie Christelis, President of Technology Strategies International.

“There are a number of high growth segments in the Canadian payments market, the ones with the most promise being mobile contactless payments, cross-border debit and alternative methods for paying online,” he says.

Key findings of the study are:
  • The recession in Canada will result in lower growth for debit and credit card payments as consumers cut back on their expenditure
  • Credit card payments will be hit the hardest by the recession
  • Contactless payments will be the highest growth segment over the next five years, exhibiting phenomenal growth and encroaching on the areas currently dominated by cash and debit cards
  • Card issuers will use the EMV implementation card reissue cycle to issue cards with contactless payment functionality
  • Cross border payments will grow by 70% per year over the next five years
  • Alternative payment mechanisms for online payments (i.e. non-credit card payments) will account for one third of all online payments made by Canadians by 2013
  • Cash will remain the most frequently used form of payment in Canada

The 110 page report provides a comprehensive review, analysis and forecast of consumer payments in Canada. It identifies high growth segments in the Canadian payments market in the context of some important recent developments in the economy and the industry, including duality in the credit card market, the emerging battleground around merchant discount rates and Interac’s application to the Competition Bureau to convert to a for-profit organization. Detailed forecasts are presented for credit card payments, debit card payments, cash payments, cheque payments, contactless payments, cross-border payments, online payments, ABM installations and POS terminals.

Source: Company press release

Reblog this post [with Zemanta]

Follow PIN Debit Payments Blog on Twitter

I still don't understand the Twitter thing, but what the heck, maybe you can "tweet" me and explain it's attraction.   In the meantime, for those who partake, here's the new HomeATM PIN Debit Blog "Twit Cam."

I've also included it in the sidebar...didn't get prime time...down about 7 gadgets...

PIN Debit Payments Blog

Reblog this post [with Zemanta]

Disqus for ePayment News