Tuesday, April 28, 2009

CommSec Breached by Hackers

Source: News
Complete item: http://www.news.com.au/technology/story/0,28348,25396936-5014239,00.html

SECURITY at the nation's (Australia) biggest online trader has been exposed as wide open to attack by computer hackers.

Security flaws at CommSec potentially endangered accounts containing billions of dollars of mum-and-dad investors' money.

After a Herald Sun investigation, CommSec's 1.7 million customers have been strongly urged to change their passwords.  Editor's Note:  Passe' Words

Had any hackers entered the system they would have been able to access the personal details of CommSec's customer accounts and trade in other people's share portfolios.

Reblog this post [with Zemanta]

HomeATM at FinovateStartup09 Today

After a fantastic week in Las Vegas at the ETA Show, we are scheduled to participate in FinovateStartup09 tomorrow.  I depart Phoenix for San Francisco this morning to meet up with HomeATM CEO Ken Mages and COO, Mitch Cobrin who flew directly there from Las Vegas. 

It looks to be an exciting time and we look forward to meeting with several other providers of financial innovations whom were also invited to participate.  For more information on FinovateStartup09, click the following link: www.finovate.com   I've included a copy of our press release (below) announcing our participation which also provides more details about the event. 

HomeATM to Participate in FinovateStartup09

HomeATM has been invited to to discuss the merits of their innovative Internet PIN Debit Solution at FinovateStartup09, to be held in San Francisco on April 28th.


PRLog (Press Release)
Apr 10, 2009 – Chicago: HomeATM is pleased to announce that it will be participating at the FinovateStartup09 Conference, April 28, in San Francisco, California.   HomeATM CEO Ken Mages and COO Mitch Cobrin will be discussing the company's patented and PCI 2.0 Certifed Online PIN Debit Solution.  

HomeATM engineered and now manufactures the World's First and Only PIN Entry Device designed specifically for eCommerce use.  The Payment Card Industry, which consists of representatives from Visa, MasterCard, American Express, Discover and JCB International, approved the device last month in a milestone event toward PIN Debit on the web becoming ubiquitous.   A majority of industry experts agree that a hardware approach towards PIN Debit for the web is the only way to secure and protect valuable cardholder data from fraudsters.

"We are pleased to be able to demonstrate why a hardware approach to protecting cardholder data in a web based transaction is far more secure than any other approach imaginable,"
said John B. Frank, HomeATM Executive Advisor.  "Swiping one's card is not only exponentially more secure than typing in one's 14-16 digit Personal Account Number, but one could argue that it's also 14-16 times more convenient."  

The HomeATM PIN device plugs into any USB port in milliseconds and is Plug and Play...there is no software or drivers that need to be installed.  

"When a consumer swipes their card using HomeATM's SafeTPIN, it results in a "Card Present" transaction, which is not only a more secure way to process bank cards, but provides the merchant with significantly lower Interchange fees," Frank explained.  "By   incorporating a PIN Pad into their device, merchants enjoy a dually authenticated transaction, which  provides them with "true" PIN Debit Interchange as well."  

"The value we can provide internet merchants is enhanced with our recent  PCI 2.0 Certification,"
continued Frank.  "We can effectively remove the Internet Retailer from the scope of PCI DSS providing "instant compliance," which could potentially save them hundreds of thousands in costs associated with the compliance process"  

HomeATM's PCI 2.0 Certified SafeTPIN was also designed to be used as an authentication device, replacing easily hacked Username/Password:
protocols curiously employed by financial institutions for online banking.  Swiping one's bank card and entering their PIN outside the browser space provides military grade encryption as it uses Triple DES and DUKPT key management protocols.  

With the recent rash of breaches, it is important to provide consumers and merchants with the most secure payment and authentication mechanisms available.  In the brick and mortar world, that mechanism is PIN Debit.  HomeATM is poised to bring it to the other world...the world wide web.  

FinovateStartup is a spin-off of the New York City-based Finovate conference, the first demo-focused conference in financial technology. It is organized by Online Financial Innovations, a boutique banking technology research firm based in Seattle, Washington.

Select companies will have seven minutes on stage for a demonstration of their best products or services. Some areas to be covered are: Person-to-person (P2P) lending, new marketing tools, better online financial security, mobile banking and payments, Web 2.0 investing, personal finance, Online PIN Debit and next-generation online banking platforms.  FinovateStartup's debut last year had almost 300 executives, entrepreneurs and industry experts in attendance.

In other news, HomeATM will also be at the ETA Meeting & Expo April 21-23 at the Mandalay Bay Resort & Casino in Las Vegas.  Stop by and visit us at the FIS Booth #347 and get a FREE HomeATM PIN Device!  

For more info please visit Fidelity National Information Services website: http://www.fismoreinfo.com/merchant/index.asp

About HomeATM:

HomeATM owns a global patent for secure Internet PIN based transactions. Leveraging our E2EE PCI 2.0 PED certified solution, a merchant or remitter can move funds from their bank account or open loop/closed loop payment card in real-time. Utilizing HomeATM's patented solution with a bank issued card alleviates the burden for merchants to address fraud issues as HomeATM leverages the issuing bank's KYC/AML (Know Your Customer/Anti-
Money Laundering) protocols. No other payment solution serves Person-to-Person, Business-to-Consumer, Business-to-Business, and Mobile Payments with the speed, security and cost-effectiveness of HomeATM. HomeATM is EMV ready and already enjoys strategic relationships with Cardinal Commerce and UATP.

For further information, visit: http://HomeATMBlog.com or contact John B. Frank, Executive Advisor, jfrank@HomeATM.net or 612.432.6980

About Fidelity National Information Services

Fidelity National Information Services (FIS) is the world's top-ranked technology provider to the banking industry. With more than 24,000 experts in 90 countries, FIS delivers the most comprehensive range of solutions for the broadest range of financial markets, all with a singular focus: helping you succeed. Every FIS solution has the strength you need for profitability today, and the power to help you manage whatever comes next.  

Recently FIS entered into an agreement to acquire Metavante, a leading provider of banking and payment technologies to financial services firms and businesses worldwide. Metavante is based in Milwaukee, Wisconsin, with more than 5,900 employees and 8,000 clients worldwide. The combined company will be headquartered in Jacksonville, Florida, and will provide one of the most comprehensive ranges of integrated products and services, across more markets and more geographies than any other provider in the industry.
# # #

For more information visit: www.PINDebit.blogspot.com

To View the Official Press Release, click here

Reblog this post [with Zemanta]

Visa: Sell Class C Shares Sooner Than Later

UPDATE 1-Visa accelerates liquidation of Class C shares
  •  Non-U.S. banks can sell up to 30 pct of class C shares
  •  Liquidation could help banks raise money
  •  Visa shares fall 2.2 percent
Visa Inc said it had accelerated the timetable for non-U.S. financial institutions to sell their shares of the world's largest payments network, in a move that could help battered banks to raise money.

Non-U.S. banks holding shares known as "Class C" can sell up to 30 percent of them any time after July 1. The prior rules allowed banks to sell their shares beginning March 25, 2011.

Visa said the release of Class C shares would not have a dilutive effect. The credit card and debit network said the Class C shares would automatically be converted into Class A shares, tradable in the public market.

Created in October 2007 from the merger of Visa U.S., international and Canadian operations, Visa Inc went public last year in the largest initial stock offering from a U.S. company.  San Francisco-based Visa said the remaining Class C shares would continue to be subject to transfer restrictions that expire in 2011.  To participate in the program, the foreign financial institutions will need to apply to Visa's transfer agent between July 1 and Sept. 30.

Visa's shares fell 2.5 percent to $58.86 in morning New York Stock Exchange trade. The stock is up 13 percent in 2009.

Grappling With ACH Fraud - BTN

Bank Technology News | May 2009 | By Michael Sisk

The number of paper checks being converted to ACH transactions is growing exponentially, making the channel more enticing to thieves and increasing instances of fraud. It's a problem that's starting to get the attention of the industry, says Nick Holland, a senior analyst at Aite Group. He recently surveyed 23 U.S. banks and credit unions and found that 95 percent cited ACH fraud as an important or extremely important concern.

The driving factor is that ACH is being used in ways not originally intended and that security around the channel has not kept up. "Fraud moves to the point of least resistance," Holland says, and as the access to the ACH network grows and fraudsters' sophistication advances, the ACH network may be increasingly targeted.

Continue Reading at BTN

Debit Card Usage Continues to Grow

Figures show trend towards plastic in general.

Consumer spending using credit cards grew by 2% last year, according to the latest figures from UK payments association Apacs.  The organization revealed that £126.2bn was spent using credit cards in 2008, up from £123.8bn in 2007.  However, retail spending using credit cards - which does not include financial payments or travel costs, among others - recorded a slight fall of 0.6% over the year, totalling £60.7bn, down from the £61.1bn spent in 2007.

Debit cards continued to grow in popularity, seeing 9.5% growth in all consumer spending and 6.8% in the retail sector.

"Despite what started to happen across the economy last year these latest figures don't reveal any marked changes from the annual trends we've seen over the past few years," said Apacs director of communications Sandra Quinn.

"Most notably consumers are increasingly choosing to use their debit cards in preference to cash or checks and also, it seems, their credit cards."

Figures released this week by the British Bankers' Association revealed that there were 93m credit card transactions in the UK during March, up 0.6m from February's total.

62% of Major Applications Breached in Last 12 Months

Over 60% Of Breaches Tied To Flaws In Business-Critical Applications


If you still don't think security vulnerabilities in software will necessarily catch up with you, think again: 62 percent of organizations in the last 12 months suffered data breaches as a result of bugs being exploited in their major applications, according to a newly released survey.

Forrester Consulting, commissioned by Veracode, surveyed application developers and security and risk professionals in 200 organizations in the U.S. and U.K., and found that secure software development programs are rare -- only 34 percent said they have a software development lifecycle program that integrates security.

"The survey showed that people, process, and culture are the primary inhibitors," says Matt Moynahan, CEO of Veracode, in an interview. "Security is not a core competence of enterprises developing code."

Continue DarkReading

Bling Nation Chooses Phone Factor for Validation

Bling Nation Chooses PhoneFactor to Validate Consumers' High-Ticket Items and Suspicious Transactions
Community Payment Service Offers an Unprecedented Level of Transaction Security to Their Customers

OVERLAND PARK, KS -- (Marketwire) -- 04/28/09 -- PhoneFactor, a leading provider of security products and services, today announced that Bling Nation has selected its phone-based authentication technology to protect bank customers from fraud and identity theft.

Bling Nation provides a Community Payments Service for community banks. Through this service, Bling Nation enables financial institutions to more profitably and securely support payments between their local demand deposit account (DDA) customers and their merchant customers by bypassing the current global debit payment model and replacing it with an efficient, cost-effective and local payment network.

That's where PhoneFactor comes in. One of Bling Nation's key fraud prevention features is to have consumers validate high-ticket and suspicious transactions through PIN entry on their phone before transactions are authorized. PhoneFactor enables this two-factor authentication on consumers' mobile phones by having them authenticate not only the specific transaction, but also the amount. This advanced protection can be added to retail transactions as well as ecommerce and online banking transactions. In an online transaction, out-of-band transaction verification is critical for defeating man-in-the-middle attacks and keystroke loggers.

Puneet Agarwal, COO of Bling Nation, said they chose PhoneFactor because of the company's focus and expertise providing two-factor authentication for financial services applications.

"PhoneFactor also has a robust, highly reliable technical product, and the people are open to working with us to customize the solution for an easy and friendly customer experience," Agarwal said.

About PhoneFactor

PhoneFactor is a simple two-factor authentication service that provides far greater security than usernames and passwords. The award-winning service can use any phone (mobile or landline) as a second form of authentication. PhoneFactor can be setup in minutes and eliminates the need for tokens, smart cards or certificates. Learn more at www.phonefactor.com.

About Bling Nation

Bling Nation provides a local payment network, which allows banks to convert potential on-us debit transactions into actual on-us debit transactions by offering consumers secure contactless payments at the point of sale. Bling Nation's proprietary technology enables transactions to be processed more efficiently than a traditional credit or debit card network, delivering value for the bank, merchants and consumers through its Community Payments Service. For additional information, visit www.blingnation.com.

Company Contact:
Alison Hill

MRC to Lead Fraud Risk Discussion at NRF Conference


TELEPHONE: 206.364.2789
EMAIL: jordan@merchantriskcouncil.org


MRC Executive Director Leads In-depth Discussion on Major Fraud Prevention Advancements

(Seattle, WA—April 28, 2009) The Merchant Risk Council (MRC), a merchant-led trade association focused on electronic commerce risk and payments globally, today announced that Tom Donlea, MRC Executive Director, will moderate the session “What Every Loss Prevention/Risk Manager Must Know in Today’s Economy” as part of the National Retail Federation’s Loss Prevention Conference & EXPO in Los Angeles this June.

Donlea will lead an active panel of fraud experts from Apple, Inc. and Staples, Inc. The panel will discuss the most recent advancements that merchants have gained in fraud prevention, as well as highlight the top tips every multi-channel retailer needs to consider in minimizing risk.

“Electronic commerce plays a crucial role in our industry today,” said Rhett Asher, Vice President of Loss Prevention for the NRF, “Having such a talented group share their expertise about how to minimize the risk of fraud will be of great value to our attendees.”

The panelists for this session are veteran MRC members who will be providing attendees with real-world experiences, tips and tricks for combating e-Commerce fraud, including:
  • How to continuously improve your fraud/risk management system
  • The value of effectively managing and disputing chargebacks
  • The importance and impact of reporting fraud to law enforcement agencies
  • How payments can impact your particular e-Commerce business model (both good and bad)
This session takes place at 10:15 a.m. on Wednesday, June 17 as part of the NRF Loss Prevention Conference & EXPO at the Los Angeles Convention Center.

About Session Moderator

Tom Donlea, Executive Director, Merchant Risk Council

Tom manages a leading trade association for merchants, vendors, e-Commerce risk management professionals and law enforcement. The Merchant Risk Council (MRC) is a merchant-led trade association focused on electronic commerce risk and payments globally. The MRC leads industry networking, education and advocacy programs to make e-Commerce more efficient, safe and profitable.

About Session Panelists

Susan Grajek - Fraud Prevention Manager, Apple, Inc.

Susan leads the fraud prevention efforts for Apple’s online store and iTunes. Susan began her career in Retail Loss Prevention over a decade ago holding a myriad of positions such as Loss Prevention Coordinator, Regional LP Auditor, Credit Fraud Investigator and Assets Protection Manager. The last nine years have been fighting fraud in the world of e-Commerce. Susan also has held a Board seat with the MRC as well Conference Chair in the past.

Bob Sullivan – Director, Fraud Investigations, Staples, Inc.

Bob has been involved with Staples Asset Protection for over 15 years. As Director, Bob is responsible for all non-store investigations within Staples. For the last eight years, Bob’s primary role has been preventing online fraud attacks against Staples.com and Staples Canada. Bob’s background includes experience in Staples store security as well and distribution security. Prior to joining Staples, Bob was the Planning Director for a large New England Police department.

About the Merchant Risk Council

The Merchant Risk Council (MRC) is a merchant-led trade association focused on electronic commerce risk and payments globally. The MRC leads industry networking, education and advocacy programs to make electronic commerce more efficient, safe and profitable.

Today, with the power of its member-base, the MRC is the leading trade association for managing payments, preventing online fraud and promoting secure e-Commerce. The MRC is dedicated to working with e-Commerce and multi-channel merchants, payment processors, credit card issuers, credit card companies, alternative payment providers, risk management experts, and law enforcement to make the Internet a safer and more profitable place to do business.

The MRC Board of Directors and Advisors includes: Expedia, Inc., Adobe Systems, Inc., Neiman Marcus Direct, Apple, Inc., BestBuy.com, Bill Me Later, Blizzard Entertainment, Chase Paymentech, CyberSource Corporation, Dell, Inc., Discover Network, 41st Parameter, Gap, Inc. Direct, iovation, Microsoft, Trustwave, Visa, Inc. and Wal-Mart.

The MRC is headquartered in Seattle, Washington.

# # #

Jordan Rubin
Communications Manager
206.364.2789 office | 206.367.1115 fax

We have moved our offices. The MRC is now located at: 2400 North 45th Street, Suite 15 Seattle, WA 98103
Reblog this post [with Zemanta]

KoobFace: It's In Your FaceSpace

Image representing MySpace as depicted in Crun...Image via CrunchBase

Source: SunbeltBlog
Complete item: http://sunbeltblog.blogspot.com/2009/04/new-facebook-koobface-run.html

Koobface, a worm which steals Facebook or MySpace credentials and spams their credentials, is certainly alive and kicking.  ere's a run occurring right now. You get a message from a friend:


Which leads to a Facebook page:


Which, when clicked, pushes a fake video codec that downloads Koobface

Reblog this post [with Zemanta]

Twit or Twitout You: The Numbers Grow

Twitter Tally

Tweety Bird would never believe this.

Ifmedia attention is any indication, Twitter has exploded into an all-outphenomenon. Celebrities, politicians, entrepreneurs, business leadersand everyday users are flocking to the service en masse, generating a frenzy of activity and attention.

Everybody is talking about Twitter, but what do the numbers say?  Editor's Note:  This seems like a good time to let you know you can follow the PIN Payments Blog on Twitter by clicking this line.

eMarketer estimates there were roughly 6 million Twitter users in the US in 2008, or 3.8% of Internet users.

eMarketer projects that the number of Twitter users will jump to 18.1 million in 2010, representing 10.8% of Internet users.

By all measures, Twitter is growing, and quickly.

comScorereported that Twitter.com drew 4 million unique visitors from home,work and college/university locations in February 2009, up from 340,000a year earlier—a 1,086% increase.

Nielsen Online reported 7 million unique visitors to Twitter.com during the month, up even higher—1,381%—from 475,000 the prior year.

The Competefigures were higher for the month charted, and according to its latestfigures, Twitter had over 14 million unique users in March 2009.

comScore also reported a surge in March. After months ofdouble-digit growth, traffic to Twitter.com accelerated 131% to 9.3million visitors for the month.

And the number of Twitter users is considerably greater thanthe number of visitors to Twitter.com, as a result of the multipleaccess points for the service (for example, mobile devices and desktopapps).
What’s driving this phenomenal growth?

“Twitter lets people know what’s going on about things they careabout instantly, as it happens,” Evan Williams, Twitter’s CEO, told The New York Times. “In the best cases, Twitter makes people smarter and faster and more efficient.”

A survey of Twitter users from MarketingProfsbacks Mr. Williams’ views. On a scale from 1 to 5 (with 1 for stronglydisagree and 5 and for strongly agree), the phrase “I find it excitingto learn new things from people” averaged a score of 4.65 and “I valuegetting information in a timely manner” averaged 4.58.

“Above all, people on Twitter are truly motivated by learningnew things and getting information real-time, as it’s developing,” saidAnn Handley of MarketingProfs.

To follow eMarketer on Twitter, and definitely get smarter and faster and more efficient, click here
Source: IT Pro
Complete item: http://www.itpro.co.uk/610657/olympics-could-be-hit-by-cyber-attack-says-blunkett?CMP=NLC-Newsletters

Labour MP David Blunkett will warn that the London Olympics could be under threat from a severe cyber attack unless urgent action is taken, according to reports.

At a keynote this week's Infosecurity Conference, he will also claim that terrorists could use sophisticated hacking to cause a complete meltdown of computer and communication systems.

Blunkett will also stress that there is a woeful level of awareness of the cyber attack threat and urge that government, security experts and businesses work together to make Britain more secure.

In reference to the dangers posed to London 2012, he is to say that the threat of criminals engaging in sophisticated fraud can be compared to the danger of more traditional terrorism.

Visitor requirements such as ticketing, transportation and hotel bookings could be disrupted.

He will say that the Games represents an opportunity for fraudsters and those seeking to hurt the economy.

Blunkett will also claim that duplication and hacking into information could allow criminals to disrupt facilities and commit the theft of identity, credit cards and other personal data.

Last year, BT said that it will treat the London Olympics as a major incident.

David Blunkett's constituency had not responded to IT PRO's request for comment at the time of publication.
Reblog this post [with Zemanta]

Disqus for ePayment News