Skimming, Ram Raids Target Consumers and Their Cash
June 8, 2009 - Linda McGlasson, Managing Editor
The Heartland Payment Systems (HPY) data breach may be the fraud story of year (so far), but ATM and debit card thefts are growing steadily and frighteningly at financial institutions.
Witness the recent announcement by law enforcement in New York City that a criminal gang had stolen $500,000 from hundreds of customers' bank accounts via skimming devices that read and stored account information at Sovereign Bank branches in Staten Island. The gang installed cameras onto the machines, catching victims typing in their PIN numbers. They also used the information to clone the card information, according to police.
A recent survey by security vendor Actimize shows that almost 70 percent of financial institutions experienced an increase in ATM/debit card fraud claims in 2008 compared to 2007. Twenty-three percent of respondents say those claims jumped by 5 to 9 percent, while the rest noted growth of anywhere between 10 and 74 percent. These numbers are only expected to grow in 2009, as a result of the recession.
Half of the institutions surveyed say they were hit with fraud complaints that came out of some of the major data breaches, with more than 30 percent saying they had seen fraud incidents as a result of the TJX hack, and 30 percent cited the Heartland hack.
Approximately 80 percent of the survey respondents say the big data breaches can decrease consumer confidence in ATM/debit card use. About 15 percent say they have reissued cards to more than 20 percent of their cardholder customers. In 2008, the financial institutions surveyed lost an average of $744,321 -- with some as high as $12 million -- to ATM fraud alone, and an average of $145,560, or as high as $1 million, to data breaches.
Continue Reading at BankInfo Security
Tuesday, June 9, 2009
DENVER- PIN Payments Blog --Global technology and payments leader First Data today announced that Wells Fargo & Company (NYSE: WFC) has expanded its agreement for card processing services.
Under the terms of the agreement, Wells Fargo will move its newly-acquired Wachovia credit card portfolios to First Data for comprehensive card processing services.
First Data already provides data processing services, statement/letter
production and mailing, plastic card personalization and fraud services
for Wells Fargo’s seven million plus cardholder accounts within its
consumer credit and small business card portfolios.
Wells Fargo will add the Wachovia credit card accounts, the Wells Fargo Private Label card accounts and the Personal Credit management line of credit accounts to the existing Wells Fargo portfolios serviced on First Data’s system. Additional terms are not being disclosed.
Expanding our long-standing partnership with Wells Fargo clearly demonstrates that First Data’s single platform solution, economies of scale and continuous investment in technology enables our clients to grow and build stronger relationships with their customers,” said Matt Kardell, senior vice president, Sales and Strategic Account
Relationships for First Data.
Wells Fargo has been a First Data client since 1971 and through the years, Wells Fargo and First Data have worked closely together to drive innovation in the payments industry.
“Wells Fargo has enjoyed a long relationship with First Data and we are pleased to announce the expansion of our agreement,” said Kevin Rhein, head of Wells Fargo Card Services and Consumer Lending.
About Wells Fargo
Wells Fargo & Company is a diversified financial services company with $1.3 trillion in assets, providing banking, insurance, investments, mortgage and consumer finance through more than 10,400 stores, over
12,000 ATMs and the internet across North America and internationally.
About First Data
First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver
intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries. For more information, visit www.firstdata.com.
Washington DC restaurants blocks from the White House were arrested
last week for ..).
The Washington Post is reporting that all 8 people involved in the D.C. restaurant skimming ring plead guilty and each face (up to) 5 years in prison. Here's the story which follows up a post I ran last April 3rd.
By Jerry Markon | Washington Post Staff Writer | Tuesday, June 9, 2009
The charges began appearing on their credit card bills after they had eaten at well-known Washington restaurants: thousands of dollars for televisions and iPods at Target; hundreds more for American Express gift cards at Giant Food.
The cardholders, who hadn't made any of those purchases, called their banks, which contacted the U.S. Secret Service. Agents then tracked the fraudulent transactions back to the restaurants, prosecutors said.
It turned out that some servers at those restaurants -- Clyde's, M&S Grill and 701 -- had used hand-held skimming devices to steal credit card numbers and give them to three men, who used the numbers to buy purses and clothing at Gucci and Barneys, along with games and other merchandise. Numerous diners got stuck with the bill -- a $736,393 tab.
Federal prosecutors in Alexandria announced yesterday that eight people have pleaded guilty over the past two months in the conspiracy, a scheme that led to thousands of transactions with stolen credit card
numbers affecting more than 50 financial institutions. After realizing that it was all a scam, the banks absorbed the losses, officials said.
Among those who pleaded guilty and are facing up to five years in prison are three former servers at M&S Grill, one from Clyde's Restaurant and one from 701 Restaurant. Court documents said three
Maryland men, who pleaded guilty to charges including bank fraud and aggravated identity theft, conceived of the scam. One of the men paid the servers $20 for each swiped credit card number.
Continue Reading at The Washington Post
(Editor's Note: Hopefully some Mobile Payments Security?)eMarketer reports that Mobile Phone/Internet (especially smartphone) usage will surge, resulting in a ton of mobile applications.
HomeATM has designed a payment application for smartphones which enable them as secure payment devices.
Unlike other applications, (software based) our platform enables the user to attach a SmartSwipe to their Smartphone's earjack, swipe their card, (and enter their PIN if swiping a debit card) which activates that card as a payment instrument on a users smartphone.
If the user would like to activate another card, simply swipe it/enter PIN. Repeat this process with as many cards as you would like to activate in your m-wallet.
When you are done activating your cards, pass our SmartSwipe on to your friends and/or family and they can do the same to enable THEIR phone as a secure mobile payment device. In terms of security, your cardholder data is instantaneously encrypted and securely transmitted to the Hardware Security Module (HSM) at the Network Operations Center (NOC) Simply put, there is NO other Smartphone application more secure than HomeATM's SmartSwipe application.
Here's the eMarketer report:
Applicationsfor mobile devices date back to the 1990s, when Palm—by far the largestPDA player at the time—built an open platform that developers soonfilled with thousands of applications. Users downloaded applications toPCs and synchronized them with their PDAs.
Enter the Apple App Store in July 2008.
“Apple did not invent either the model of aftermarketapplications or the notion of building a store to house them,” saysNoah Elkin, eMarketer senior analyst and author of the new report, Mobile Applications: Moving Beyond Apple, “but it did succeed in radically improving an existing idea.”
Excitement over the iPhone and App Store transformed thesefunctional utilities into full-blown consumer experiences. Apple andothers in its wake have jolted the mobile advertising market and arepaving the way for paid branded applications.
As a result of rising smartphone popularity, eMarketerprojects that mobile Internet access will see significant gains overthe next five years, with the number of mobile Internet users reaching134 million in 2013.
Global economic forces are taking their toll on the mobile devicemarket, but smartphones have been spared the ravages of the economicdownturn.
Even in the face of a worldwide recession, the International Data Corporation (IDC) expects smartphone shipments to grow by 3.4% this year, and expand at triple the rate of feature phones in 2010.
This sales growth will dramatically reshape the device market. By 2013, Informa predicts smartphones will make up 38% of all handset sales worldwide, more than double their share in 2009.
“As integrated devices grow more sophisticated in functionality andmore accessible in price, consumers are responding by upgrading theirhandsets,” says Mr. Elkin. “And once they have experienced the mobileInternet through improved browsers or installed applications, theyappear unwilling to let it go.”
The size of the mobile applications market is something of amoving target, given how quickly app stores are proliferating and theircatalogs growing.
Piper Jaffray,one of few organizations to project the extent of the growth, estimatesthat combined spending on consumer and business mobile applicationswill top $13 billion worldwide by 2012, a nearly fivefold increase over2009.
“It is increasingly evident that for many marketers, mobileapplications constitute a necessary avenue for reaching and engagingwith their customers, either by building and marketing a proprietaryapplication or sponsoring a third-party app,” says Mr. Elkin.
“In bothcases, the essential challenge remains: to understand consumer behaviorand craft experiences that not only resonate with a target audience butalso integrate with other channels.”
To find out more about this topic, check out the new eMarketer report, Mobile Applications: Moving Beyond Apple (available only to Total Access subscribers).
June 9th |PIN Payments Blog
TrialPay, an ecommerce and payment solutions provider, announced the appointment of Clint Smith, an experienced general counsel who saw MySQL AB through its $1 billion acquisition by Sun Microsystems in 2008, to the executive team of the company. Before he worked at MySQL, Smith headed the legal departments at Macromedia and UUNET Technologies.
Smith comes to TrialPay with more than fifteen years of experience at technology and corporate law. He will take the position of TrialPay’s Vice President and General Counsel.
"I am excited to join the TrialPay team and help the company continue its impressive growth," said Smith. "The TrialPay platform helps online stores achieve dramatically better returns from their current consumer traffic. And the platform’s ease-of-use means that any online seller can implement TrialPay in only a few hours, making this business opportunity massively scalable."
“TrialPay has become a major player in the online payments space and will continue to introduce innovative payment and promotional tools to help online sellers maximize their profits,” said Alex Rampell, TrialPay’s CEO. “As a result, we’ve developed a need for more area experts like Clint to help shape the development of the company. Clint’s expertise in corporate law, intellectual property, technology policy, mergers and acquisitions, and international law makes him a valuable addition to our company, especially at this critical time in our growth.”
Online post offers sensitive data from wireless provider to the "highest bidder," but security experts are skeptical the breach is severe
By Kelly Jackson Higgins | DarkReading
Elaborate hoax or the real deal? An anonymous post on a popular security disclosure site during the weekend claiming to have accessed T-Mobile's databases, financial documents, and other sensitive data has the wireless provider currently investigating whether the data and systems are truly in the hands of bad guys.
A post on the Full Disclosure list asks for "serious offers" to purchase the supposedly stolen database access and documents from T-Mobile, and that the booty will go to the highest bidder. "We have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009," the post reads.
The purported perpetrators also include a long list of servers and a database table they say belongs to T-Mobile. But security experts say much of the information could have been gathered via a penetration test, and doesn't necessarily confirm they have the goods.
"I would have thought they would have provided a few snippets of actual recovered data," says Paul Henry, security and forensic analyst for Lumension Security. "The data they showed publicly is nothing more than that which could be produced with a well done pen test."
T-Mobile said in a statement Monday that if there's any evidence that customer data was breached, it would alert the victims ASAP. "The protection of our customers' information, and the safety and security of our systems, is absolutely paramount at T-Mobile. Regarding the recent claim, we are fully investigating the matter. As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible," the statement said. Continue Dark Reading
Here's a sampling of the website offering the information for sale. To see the entire page, click here
The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE
1900 MHz frequency-band, making it the largest 1900 MHz network in the
United States. Service is available in 98 of the 100 largest markets and 268 million potential customers.
Like Checkpoint Tmobile has been owned for some time. We have
everything, their databases, confidental documents, scripts and
programs from their servers,
financial documents up to 2009.
We already contacted with their competitors and they didn't show
interest in buying their data -probably because the mails got to the
wrong people- so now we are offering them for the highest bidder.
Please only serious offers, don't waste our time.
Contact: pwnmobile_at_safe-mail.netName Type Team Application Name ApplicationID Application
Operating System IP Address Facility Blank Blank Blank Tier 1 Apps Tier
2 Apps ? Prod
protun03 Prod IHAP Caller Tunes 64 CallerTunes 10.1.16.185 HP-UX 11.11 BOTHELL_7 #N/A 64 1
protun04 Prod IHAP Caller Tunes 64 CallerTunes 10.1.16.186 HP-UX 11.11 BOTHELL_7 #N/A 64 1
protun05 Prod IHAP Caller Tunes 64 CallerTunes 10.1.16.187 HP-UX 11.11 BOTHELL_7 #N/A 64 1
The Credit Card Fair Fee Act, a bill that would inject government into the interchange-setting process, has been resurrected after dying in committee last year. But this time there are more players around the table seemingly less inclined to sympathize with the defenders of the current bank card interchange system.
H.R. 2695, introduced Thursday, has the same chief sponsor as the Credit Card Fair Fee Act of 2008, U.S. Rep. John Conyers Jr., the Democrat who chairs the House Judiciary Committee. (Conyers has a Republican co-sponsor, U.S. Rep. Bill Shuster of Pennsylvania.) And many other things are similar between the old and new bills. Most importantly, the new one would grant limited antitrust immunity to interchange rates negotiated between merchants and Visa Inc. and MasterCard Inc., the only two networks big enough under the bill’s definitions to be covered by its provisions.
Continue Reading at Digital Transactions