Tuesday, February 3, 2009

UKashes in on UK Snowstorm

Snowed in Brits turn to online shopping- Ukash

Ukash, the international provider of online payments with cash, reported a growth in sales of its prepaid vouchers yesterday, as millions of UK workers were homebound after the heavy snowfall turned to shopping and entertainment online.

Year-on-year figures reflect a 79% increase in transactions online made using Ukash compared to the same day in 2008. The first Monday of February is often a poor day for retailers and providers of retail solutions such as Ukash, as the December and January spending hits consumers' pockets. However, the heavy snow fallen in the UK bumped the figures of redemption of Ukash across most retail sectors yesterday. A gaming site specialised in poker games saw a 96% increase in transactions with Ukash, followed closely by the 80% growth registered by a betting site. Bingo also enjoyed a peak yesterday, with a 81% growth, however the greatest surge was registered in VoIP (202%) as the UK turned to internet calling to share the extraordinary weather news with friends and family in the UK and abroad.

Mark Chirnside, CEO of Ukash, puts this excellent performance down to Ukash's wide availability and convenience: "With a large number of us unable to travel, local stores became by far the most convenient stations for the provision of goods yesterday. Four in five Ukash vouchers are acquired from convenience stores in the UK and, with the prospect of being 'homebound' in mind, customers had a perfect excuse to get down to their corner shop and get a convenient and safe way to spend a fun day shopping and playing online alone or with family."

Ukash prepaid vouchers are a safe and convenient way to spend online as they allow customers to pay without having to disclose sensitive financial information. Ukash is available from 275,000 locations throughout Europe and South Africa and also via Vodafone mobiles in the UK.   A recent research showed Ukash's average customer in the UK is in full time employment, has a bank account and a credit or debit card but prefers alternative and safer payment methods to transact online.

Reblog this post [with Zemanta]

E-Commerce Growth 2 Continue in '10

SAN FRANCISCO (Reuters) - E-commerce in the United States is expected to climb back to last year's levels by 2010 after experiencing slowing growth in 2009 due to the recession, a research group said on Monday.

Online sales in 2010 could reach approximately $176.9 billion, representing 13 percent growth, said Forrester Research in its five-year e-commerce forecast.  Last week, the group released data saying the online retail channel was expected to grow 11 percent to $156 billion in 2009, below the 13 percent growth seen in 2008, and the 15 percent growth it had earlier predicted for 2009.

"While there is the possibility of a bearish scenario in which no recovery surfaces in 2009, consumers appear to be enthused about a new president, and government plans to stimulate the economy," the report said. "Furthermore, few recessions have lasted longer than a year in total."  The deteriorating U.S. economy led to tepid online sales in 2008 as consumers cut back on all but the most necessary of purchases.

Online retailers faced severe competition from brick-and-mortar establishments that were heavily discounting merchandise, while giants from Amazon.com Inc to eBay Inc have acknowledged the challenging macroeconomic environment that has spooked not only consumers, but financial markets around the globe.

In 2009, greater numbers of affluent customers shifting their purchases from traditional retailers to online outlets will outweigh decreases seen from other customers stemming their spending overall, the report found.

But after an acceleration in 2010, Forrester predicts that growth will slow, with 10 percent, 9 percent, and 8 percent growth expected for 2011, 2012 and 2013, respectively.

"It's just the maturity of the market -- it's reaching its maximum size," Sucharita Mulpuru, author of the report, told Reuters. "Even a few years ago we would have suggested it would be single-digit growth then."

At the same time, e-commerce will pick up a greater piece of overall U.S. retail sales. (Editor's Note: As the Paradigm Shift gathers momentum)

"Despite the deceleration in growth, Web sales are nonetheless expected to be positive as e-commerce continues to capture market share from brick-and-mortar stores," the report found, citing Web shopping's convenience and the ability for consumers to search for low prices.

Whereas the online channel will make up 6 percent of total retail sales in 2009 and 2010, that will increase to 7 percent and 8 percent in 2011 and 2012, respectively.

Visa Issues Security Alert

Visa issues security alert (click pictures to enlarge and enable full viewing)

Source: Merchant Account Blog:

Visa has issued a security alert (relating to the recent Heartland breach?) outlining some specific applications and IP addresses to look out for.

What is unique about this alert is that Visa gave a very specific list of malicious applications to search for on a network/computer, and a specific list of IP’s to block.

This would indicate that Visa has explicitly identified threats, where they are originating from, and these locations are static enough that blocking them would actually do some good...

War Cloning Passport Cards on the Fly

War Cloning: Homeland Security's Passport Cards Can Be Cloned with $250 Worth of Equipment

You know those new Homeland Security Issued "Passport Cards?  Those wallet sized ones that allow American's to travel too and from Mexico and Canada?  Well if an Islamic terrorist had $250 bucks, he could drive by your house at 30 mph (or within 2 miles of it) clone it, and use your passport card to travel to and from Mexico and Canada under the guise of being you. Oh, cloning your driver's license is just as easy. 

The reason I'm bringing you this story is to provide an example of what hackers are capable of.  So let's all wave our contactless cards and NFC enabled phones when they become widely available because they're safe and secure and convenient, (personally,  I'm not buyin' it) 

What's more disturbing about this story is the fact that it creates a scenario whereby Homeland Security is actually potentially providing the instrument of mass destruction.  WarCloning is indeed the right word for this type of hack, as this story suggests the following hypothetical.

After a devastating attack on a major US city, it could be proven that on such and such a day, at such and such a time, you entered the US from Mexico, (your cloned DL and Passport card provide the evidence) and that two days later you purchased 250 pounds of fertilizer (your cloned debit card transaction record provides that proof)  went on to rent an industrial van, (proven by your cloned credit card transaction) drove to a specific location, and then...we'll you get the morbidity of my point.  You may or may not have alibi's to disprove the "evidence" but even if you did, the investigation was thrown enough off track to allow the true culprit to enter Canada via another passport card, and hop on a plane with a ticket bought online with yet another cloned card and fly to a cave in Pakistan to join his bin-buddies whom we (in fairness,  it's only Bin nearly a decade) can't seem to find.  Nice job Homeland Security.   
I've included a video of the act of cloning these cards.  Amazing.  This was dark reading indeed.  Here's the YouTube Video, followed by the excerpts of the story.

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses

Researcher demonstrates the ease of scanning and cloning new Homeland Security-issued IDs

With a $250 used RFID scanner he purchased on eBay and a low-profile antenna tucked away in his car, a security researcher recently cruised the streets along Fisherman's Wharf in San Francisco, where he captured -- and cloned -- a half-dozen electronic passports within an hour.

Chris Paget, who will demonstrate the privacy risks with these IDs at the Shmoocon hacker confab later this week in Washington, D.C., coined this newest RFID attack "war cloning" given its similarity to war-driving, or wireless sniffing. "War cloning -- it's the new hacker sport," he says.

The security weaknesses of the EPC Gen 2 RFID tags, which lack encryption and true authentication, have been well-known and of concern to privacy advocates for some time. These tags are being used in the new wallet-sized passport cards that the U.S. Department of Homeland Security offers under the new Western Hemisphere Travel Initiative for travel to and from Western Hemisphere countries. The e-cards are aimed at simplifying and speeding up the border-crossing process, providing U.S. Customs and border agents with information on the individual as he or she queues up to inspection booths at the border.

Until now, security researchers for the most part have shied way from hacking away at the new e-passports and e-driver's licenses to illustrate the potential privacy problems because the necessary scanners are expensive -- nearly $3,000 new -- and tough to get. "I found a way to procure equipment on the cheap and repair it and make it do exactly what I wanted it to do," Paget says. (Editor's Note:  That's great news, security researchers can't afford equipment, but fraudsters are "well-funded.")

Unlike previous RFID hacks that have been conducted within inches of the targeted ID, Paget's hack can scan RFID tags from 20 feet away. "This is a vicinity versus proximity read," he says. "The passport card is a real radio broadcast, so there's no real limit to the read range. It's conceivable that these things can be tracked from 100 meters -- a couple of miles."

Paget says he was able to drive his car at 30 miles per hour and capture an RFID tag in a matter of seconds. "The software for [copying them] lets you just choose the tag you want to copy, wave a blank tag in front of it, and it writes it out," he says.

Read Full Article at Dark Reading

Reblog this post [with Zemanta]

AmEx Joins Visa, MasterCard and JCB at EMVCo

Payments News: American Express Joins EMVCo As Fourth Owner-Member - February 03, 2009
EMVCo, the EMV standards body jointly owned by JCB International, MasterCard Worldwide and Visa Inc., has announced American Express as its fourth owner-member. According to the organization, "the addition of this latest international payment organisation aligns with EMVCo’s intent to attract further industry participation in the development of the EMV Specifications."

As an established supporter and end-user of EMV technology, American Express has acquired a one-fourth share of EMVCo from the respective holdings of JCB International, MasterCard Worldwide and Visa Inc., and will therefore have an equal interest in the organisation. EMVCo’s management structure has been changed to give American Express representation on the organisation’s Executive Committee and Board of Managers, in addition to equal participation in its working groups.

“EMVCo welcomes American Express as its fourth global payment system member,” said Tad Fordyce, Chairman of the EMVCo Executive Committee and Head of Global Cross Product Platforms at Visa Inc. “American Express will be able to lend expertise at both the technical and management level which will directly support the EMVCo goal to enhance global chip standards, and offer secure and interoperable payments at the point of sale around the world.”

Susan Hillel, Senior Vice President of Global Network Operations at American Express, says: “American Express is delighted to join and become a member of EMVCo. We are committed to driving interoperability in payments and know that our participation in EMVCo will facilitate this for our merchant, issuer and cardmember customers. Involvement by the four major payment organisations will drive secure and interoperable payments globally for transactions made with chip cards by aligning and progressing EMV Specifications. We look forward to working with JCB, MasterCard and Visa on this very critical industry initiative.”

Kazuhiro Matsumoto, member of the EMVCo Executive Committee and Executive Vice President of Global Infrastructure and Technologies at JCB International, comments: “The participation of American Express within EMVCo supports our focus on broadening industry involvement within the organisation and leveraging the experience of all major payment stakeholders. This new member will bring extensive industry knowledge and valuable chip card experience to EMVCo which will considerably benefit the smart card industry as a whole.”

Art Kranzley, member of the EMVCo Executive Committee and Chief Emerging Technology Officer at MasterCard Worldwide, adds: “The existing members of EMVCo recognise the benefits of expanding industry involvement in the ongoing development and support of the EMV Specifications. Achieving global chip standards and interoperability has never been more important as smart card payment technology is rapidly being deployed throughout the world. EMVCo looks forward to having American Express participate as a new owner-member who brings additional market experience and resource to the organisation.”

EMVCo’s growing commitment to increase industry engagement with its activities was demonstrated last year when it announced the launch of a new subscriber service. The programme will provide interested parties with an opportunity to access advanced information regarding revisions to the EMV Specifications and draft documents, and attend an annual user meeting. For further information visit http://www.emvco.com.

About EMVCo

EMVCo LLC was formed in February 1999 by Europay International, MasterCard International and Visa International to manage, maintain and enhance the EMV™ Integrated Circuit Card Specifications for Payment Systems. With the acquisition of Europay by MasterCard in 2002 and JCB Co., Ltd. joining the organisation in 2004, EMVCo is currently operated by JCB International, MasterCard Worldwide and Visa Inc.

Reblog this post [with Zemanta]

Data Breaches Cost $202 Per Compromise - Study

Ponemon Study Shows Data Breach Costs Continue to Rise
Fourth Annual Study Shows Significant Increase in Cost of Lost Business Americans Continue to Stay Attentive to the Loss or Theft of Personal Information

Menlo Park, CA and Traverse City – Press Release

PGP Corporation, a global leader in enterprise data protection, and the Ponemon Institute, a privacy and information management research firm, today announced results of the fourth annual U.S. Cost of a Data Breach Study. According to the study which examined 43 organizations across 17 different industry sectors, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared to $197 in 2007.

Editor's Note: That being the case, and assuming that the Heartland Breach compromised 100 million cardholders, I am shocked in amazement that their stock is hovering around the 8 or 9 dollars.

Within that number, the largest cost increase in 2008 concerns lost business created by abnormal churn, meaning turnover of customers. Since the study’s inception in 2005, this cost component has grown by more than $64 on a per victim basis, nearly a 40% increase.

The annual U.S. Cost of Data Breach Study tracks a wide range of cost factors, including expensive outlays for detection, escalation, notification and response along with legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit monitoring subscriptions. Other key findings from the study include the following:

  • Average total per-incident costs in 2008 were $6.65 million, compared to an average per-incident cost of $6.3 million in 2007.
  • Healthcare and financial services companies experienced the highest churn rate – 6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.
  • Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees.
  • More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008 - meaning that companies are becoming more experienced in managing breaches over time.
  • More than 88% of all cases in this year’s study involved insider negligence.
  • More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
  • The most significant cost decrease was seen in activities relating to post-breach response, which indicates that organizations are becoming more cost effective in managing data breaches.

"After four years of conducting this study, one thing remains constant, U.S. businesses continue to pay dearly for having a data breach,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."

The study, sponsored by PGP Corporation and independently conducted by the Ponemon Institute, examines the financial consequences of data breaches involving consumers’ personally identifiable information. The study uses objective methods for quantifying specific activities that result in direct, indirect and opportunity costs from the loss or theft of personal information, thus requiring notification to breach victims as required by law or policy.

“In this current economic climate, U.S. businesses can’t afford to give their customers any reason to go elsewhere," said Phillip Dunkelberger, president and CEO of PGP Corporation. “This study continues to show that the results of a data breach can seriously wound a company’s bottom line and reputation. This begs the question, when are organizations going to get proactive about protecting their critical data.”

The U.S. Cost of a Data Breach Study was derived from a detailed analysis of 43 data breach cases with a range of 4,200 to 113,000 records that were affected. The study found that there is a positive correlation between the number of records lost and the cost of an incident. Companies analyzed were from 17 different industries, including financial, retail, healthcare, services, education, technology, manufacturing, transportation, consumer, hotels and leisure, entertainment, marketing, pharmaceutical, communications, research, energy and defense. Copies of the study are available via this weblink: www.encryptionreports.com

About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About PGP Corporation
PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP® platform-enabled applications allow organizations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP® solutions are used by more than 80,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune® 100, 75 percent of the Fortune® Global 100, 87 percent of the German DAX Index, and 51 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies’ brands and reputations. Contact PGP Corporation at www.pgp.com

Media & Analyst Contacts for PGP Corporation:
North America:
Christina Grenier
PGP Corporation
+1 650 543 3697

Tom Rice
Merritt Group
+1 703 856 2218

Media Contact for Ponemon Institute:
Mike Spinney
Ponemon Institute
+ 978 597 0342

$143K in Card Fraud, Gets 2 Months Jail

Well this certainly sends a wonderful message to anyone out there (with questionable character, I might add) who may have lost their job during this tough economy.  Had he walked inside the same county pathologist house and stolen $143, he'd have gotten years in prison.  But he walks into his house of cards, steals $143,000, and he gets 2 months?  Something not sound right about that? 

San Mateo man gets jail time in $120,000 credit fraud case - Inside Bay Area

REDWOOD CITY — A San Mateo man accused of stealing nearly $120,000 from credit card companies by opening multiple bogus credit card accounts in the name of a county pathologist was sentenced Monday to two months in jail.

Rel Kempf, 63, pleaded no contest in December to four felony charges of identity theft, grand theft and forgery. He had initially been charged with 10 felony counts of grand theft and three counts of forgery.

Kempf opened five credit card accounts in the pathologist's name over an eight-year period, according to prosecutors. He set up the fraudulent accounts while working at a business that was run by the pathologist's wife and managed to run up the charges to nearly $120,000 by paying the minimum amount of the cards' balances each month, prosecutors said.

Kempf used the stolen funds to pay for vacation trips, airplane flights and other personal affairs, prosecutors said. Meanwhile, Kempf pulled the identical identity theft scam on his roommate to steal $23,000, according to prosecutors.

Disqus for ePayment News