Friday, June 26, 2009

Could Your Bank Have Saved You From Becoming a Victim of Fraud? Duh!

HomeATM's SafeTPIN could eliminate phishing, cloned bank websites AND "Account Takeover Fraud" in one fell, swipe.

Customers are complaining that lax monitoring of accounts has cost them thousands of pounds

Times Online - Lauren Thompson

Banks are not properly monitoring accounts for fraud, so putting their customers’ money at risk, a Times Money investigation has found.

Many people assume that their banks will pick up on unusual activity and stop transactions if they appear suspicious. However, fraud victims say that their banks have authorised transactions allowing several thousands of pounds to be spent in a few hours.

Sandra Quinn, of Apacs, the UK payments association, says: “There are no industry guidelines for how banks should monitor fraud. Each has a different policy. It is impossible for consumers to know which is best — or worst — because they do not publish their fraud figures or details of their monitoring policies.”

While there is nothing in the Banking Code that compels banks to monitor for fraud, they all say that they have “detection systems” to identify unusual spending patterns and potentially fraudulent transactions. But they deliberately do not tell consumers the type of transactions that may be flagged as suspicious in case it gives fraudsters too much information.

Alex Barnett, of Halifax, says: “We are unable to disclose what values or transaction patterns trip a fraud alert, mainly because this is assessed on an individual basis. A set of normal transactions for one person may not be normal for another.”

Concerns about monitoring have mounted as banks appear more reluctant to compensate victims of chip-and-PIN fraud. Times Money has been inundated with letters from readers who have had thousands of pounds withdrawn from accounts, only to find that their banks refuse to compensate them. Many have been “shoulder-surfed” — watched as they enter their PIN — then had their cards stolen and accounts drained at cash machines and in shops.

Under the Banking Code, consumers are not liable for such fraudulent transactions, but banks are refusing to pay out, telling customers that they "must have been" negligent with their PIN.

Jane Smith, 58, was a victim of fraud after an HSBC cash machine on Baker Street, Central London, swallowed her Abbey debit card. She went back to the branch as soon as it opened the next day, only to find that fraudsters had spent £4,000 — her entire overdraft — in less than 24 hours. Abbey initially refused to pay a refund, saying that she must have given her PIN to someone. It took her three months to recover the money.

She says: “I have been a loyal Abbey customer for 30 years (Editor's Note: which is probably the "only" reason it took three month instead of on) and have never been overdrawn until this happened.

Surely the bank should have noted the transactions and stopped them?”

Professor Ross Anderson, of the University of Cambridge computer laboratory, says that Mrs Smith’s story is common. “Banks have used chip-and-PIN to dump liability,” he says. “If a transaction is disputed and a PIN was used, it is either the customer or the merchant’s fault. Why should banks go to the trouble of running a complex detection system to flag up suspicious transactions? It is simpler to authorize transactions, especially once fraud becomes someone else’s problem.”

Emma Woolf, 27, had a similar problem with her Abbey business account. She was horrified to discover a balance of £23 when she logged on to online banking — her account should have contained about £10,000. Fraudsters had been draining the funds for three months, mainly by making cash withdrawals of up to £500 at a time. They had also changed the address on the account.
Miss Woolf, who lives in northwest London, says: “I have not made a cash withdrawal on my account for several years, so endless cash withdrawals are very out of character. Yet it was not flagged up by the fraud team.”

Like Mrs Smith, Abbey told Miss Woolf that she must have been negligent with her PIN and is refusing to pay back her money.
“I have kept my card in a safe since October and have never told anyone the PIN,” she says. “I have now lost £10,000 and my business cannot operate. It has been a nightmare.
Miss Woolf says that she is a victim of "account takeover fraud," which rose by 62 per cent last year, compared with 2007.

A fraudster contacts a bank, masquerading as the genuine cardholder, and then arranges for funds to be transferred out of the account, or changes the address and asks for a replacement card.
Editors Note:  Masquerading as the "genuine" cardholder fraud is UP 62%?  How so, or why so?  Two thoughts:  
1. The genuine cardholder should be "required" to prove they are genuine

What better way than swipe their card and enter their PIN? 
Two Factor Authentication with the same protocols as accessing an ATM...and

2. If they claim they "lost" the card, (and need a replacement) how's this for a thought to cut down on fraud that's rose 62% last year...Simply require them to physically come to the bank to get a new one and provide documentation.

The story continues...

Fraud costs the banking industry millions of pounds every year — and losses are increasing. Last year card fraud rose to £609.9 million, a 14 per cent increase on 2007. Cathy Neal, of Which?, the consumer organization, says that there needs to be greater clarity and consistency on how banks monitor fraud: “They will not pick up on highly unusual activity but will often stop transactions if a customer is abroad, for example.

“The vagueness of the Banking Code on fraud liability means that banks are inconsistent with compensation. Many victims are also not told how fraudsters stole account or card details, which can be very unsettling.”

Nina Gregory, 70, is taking Abbey to a small claims court next week after fraudsters took £2,800 from her Isa account two years ago while she was on holiday. The bank has refused to refund the money, a decision upheld by the Financial Ombudsman Service.

She says: “I went to Russia for five weeks and took my VIsa card with me. When I received my monthly statement when I got back, I saw that £200 had been withdrawn from cash machines in West London, every day for two weeks, until the money ran out. I have never withdrawn so much cash from a machine, or so regularly.
“However, Abbey insists that because the correct PIN was used, and the transactions took place near to my house, it cannot be fraud. It implied that I left my card at home and was somehow negligent with my PIN.”
Mrs Gregory, like many victims of fraud, says that she was made to feel like a criminal, adding:

“Abbey’s fraud department asked me lots of aggressive questions to try to establish how I had been negligent. Where did I keep my purse? Had I written down the PIN? To be accused of lying or colluding with fraudsters at my age is an insult.”

Continue Reading at Times Online

Reblog this post [with Zemanta]

iAWFUL (Internet Advocates Watchlist for Ugly Laws)

Government IT: The Top 10 Worst Internet Proposed Laws in the U.S.

From discriminatory taxes against the Internet to singling out Web operations for unfair treatment to efforts to "fix" social networking sites, the states are seemingly working night and day to conjure up laws that would impact the Internet in more bad ways than good. To highlight some of the really bad boys of Internet regulation, the advocacy group NetChoice has created the iAWFUL (Internet Advocates Watchlist for Ugly Laws) list. eWEEK takes a look at the iAWFUL top 10 list.

Click here to see the slide show

United Airlines Tells Travel Agencies to Eat Credit Card Fees

United Tells Travel Agents to Cover Credit Card Fees
Implications: How widely adopted will this change be? What will the effect be on consumers? On OTAs? On the airline industry?

Analysis: It appears United has taken the next step in the airline industry's never-ending quest to lower distribution costs or at least get others to shoulder the burden for them... United today informed a currently unknown number of travel agents that they would no longer be able to use the industry reconciliation system, ARC, to process tickets which were paid for with a credit card.

United is asking these travel agents to process credit card transactions themselves and then report the sale as a cash transaction. Until now, when a travel agency (or OTA) has sold a published ticket on United (or any other carrier) the credit card is actually processed by the airline. As such, the airline is responsible for paying the 2-3% (in rough numbers) that Amex, Visa, Mastercard and Discover charge for using their cards. In the new world proposed by United, agents will process the credit cards themselves (presumably along with an additional consumer fee) and then remit the full amount of the ticket back to United. This would obviously save a considerable amount of money for United if widely adopted.

Still too early to tell what this means for consumers but if the airline industry adopts United's moves broadly, consumers may be forced to pay one more fee if they are not willing or cannot visit an airline's website...

Continue Reading at GLGroup

, ,

If You Can't Beat 'em (Hackers) Hire 'em

UK looks to young geeks to secure cyberspace


LONDON (AP) — Britain is hiring former computer hackers to join a new security unit aimed at protecting cyberspace from foreign spies, thieves and terrorists, the country's terrorism minister said.

Alan West said the technology-savvy staff will join efforts to trace the source of — and prevent — cyber attacks on Britain's government, businesses and individuals. The country also will develop its capability to wage cyber warfare against the country's foes, he said.

Prime Minister Gordon Brown announced the creation of the unit Thursday as he published an updated national security strategy, detailing Britain's response to global terrorism and emerging threats.

"Just as in the 19th century we had to secure the seas for our national safety and prosperity, and in the 20th century we had to secure the air, in the 21st century we also have to secure our position in cyberspace," Brown said.

West said British government systems had probably come under cyber attack but that he did not know of any specific cases where sensitive data had been lost. British telecom BT Group PLC, one of the world's largest telecommunications providers, estimates it has about 1,000 attempted cyber attacks per day on its systems, West said.

Jonathan Evans, the head of Britain's domestic spy agency MI5, has previously warned that both China and Russia are using new technology to spy on Britain. Russia is accused of mounting large-scale attacks on Estonia's computer systems in 2008...

Continue Reading

Reblog this post [with Zemanta]

Trojan Steals Banking Details

Trojan Banbra’s New Variant Steals Banking Details

According to the researchers at Panda Security, the notorious 'Banbra Trojan' has been recently identified in another version. Essentially, this malware is designed to capture end-users' online banking details, the researchers stated.

Just like the other versions, the new Banbra.GIM, which affects Windows 2000, 2003, NT, XP, ME, 95 and 98, creeps into computers via an e-mail purporting to have come from a particular banking community in Brazil.

The Trojan succeeds in contaminating numerous PCs by pretending to be a genuine security software. That means the fraudulent e-mail supposedly from the bank presents software that seemingly guarantees the user security while he conducts online banking transactions. But the program actually steals crucial banking details, the researchers elucidated.

Should Global Cash Lose It's License?

Arizona regulators say Vegas ATM company, Global Cash, should lose license

Casino City Times: An Arizona agency says Global Cash Access Inc. of Las Vegas can't be trusted as a casino vendor because it committed theft and fraud years ago, and in recent years has lied to regulators about that scandal and other issues. The harsh words about the company are in a June 3 report from the Arizona Department of Gaming recommending Global Cash lose its license to do business in that state, where it now contracts with about 20 Indian casinos. Global Cash, which provides gaming-credit services and ATMs in casinos, revealed the Arizona action earlier this month and said it plans to contest the recommendation. The Arizona report says that from 1999 to 2002, Global Cash deliberately miscoded transactions involving Visa by disguising cash transactions as retail purchases, meaning it would pay a lower fee to banks issuing the Visa cards. Global Cash made $26 million with this scheme, the Arizona report says.

Continue Reading

Simple Steps to Keep Your Identity Safe Online

Simple steps to keep your identity safe online

June is Internet Safety Month, and simple identity theft protection steps such as shredding your mail and keeping careful tabs on your bank accounts and credit cards are essential first layers of protection against identity thieves. But there is an open door in many homes that is inviting criminals into personal information, and it is often left unprotected - the computer.

A recent study by online security provider Tiversa found more than 13 million online files have been breached over the last year, and P2P sharing services seem to be a popular way for criminals to get in.

There are steps consumers can take to reduce their risk for identity theft through the use of P2P file sharing services. LifeLock offers the following online safety tips:

  • Install file-sharing software carefully, taking special note of default settings and permissions placed on shared folders
  • Use security software and make sure you keep it up-to-date. You can set most anti-virus and anti-spyware protection programs to update automatically and regularly
  • Be sure to close your connections when you are done with a file-sharing session. Closing the window doesn't automatically close the connection, which could leave your computer's information vulnerable
  • Maintain backups of all important documents. This will ensure your information is maintained for your personal use should you need to delete it from your computer or any file
  • Talk with your family about safe file-sharing practices, and create separate user accounts for others who may use your computer. By separating accounts you can prevent others from installing software on your computer that may expose your information
  • Before providing personal information to your doctor, attorney, insurance company, employer or anyone else make sure to ask for details on how they will keep this data secure

Identity theft is costing Americans more than $1.8 billion annually, according to the Federal Trade Commission, and the latest FTC reports show the number of identity theft complaints has grown by 80 percent since 2000. Among the forms of identity theft and fraud reported to the FTC in 2008 are credit card fraud, medical benefit fraud and falsified government or employment documents.

VisaNet IPO: $4.3 Billion, Worlds Largest in Over a Year

Finextra: VisaNet IPO totals $4.3m
VisaNet IPO totals $4.3m
Visa's Brazilian affiliate VisaNet is raising around $4.3 billion in its initial public offering, the biggest in the world for over a year.

The Sao Paulo-based credit card company's shareholders - including Visa, Banco Bradesco, Banco do Brasil and Banco Santander - sold 559.81 million shares at a price of 15 reais each.

Book-building in the IPO closed out yesterday with shares set to begin trading on the Brazilian Stock Exchange on Monday.

According to a Reuters report, on Wednesday 19 brokerages were banned from participating in the IPO for allegedly releasing unapproved advertising material about the sale.

VisaNet was the first Brazilian IPO of the year and the country's biggest ever.


How Convenient is it when 20% of Fraud Victims Can't Get Their Money Back?

When "Convenience creates Inconvenience" is it time for a Change?

I know that everyone is pushing convenience over security when it comes to financial transactions, but did you know that 1 out of 5 victims of credit/debit card fraud never see their money again? 

New research has found that one in five victims of financial fraud have not managed to retrieve the money they have lost. Some one in four people surveyed by Which? said they had been a victim of financial fraud and while most had managed to reclaim the lost money from their bank or credit card provider, 20 per cent of victims said they had been left out of pocket.

There is a rule that banks are enforcing which statesthat if a customer acts without "reasonable" care to limit risks, theywill have a hard time getting their money back. 
For example, if a customer enters their PIN while a criminal is overlooking their shoulder, the banks could argue that you should have covered the keypad with your hand.  Question is, when will that rule apply to consumers who "type" their numbers into a box on the web? 

It seems to me (although one could make a "Post hoc ergo propter hoc" case against this argument) that if banks refuse to refund money because you "typed/entered" your PIN without taking proper precaution to cover it with your hand, then consumers should known better than to  "type/enter" their credit/debit card number on the web.

My point is, that it is NOT reasonable to believe that your card numbers won't be intercepted by hackers, when there are stories saying that it happens every day.  My point is also that card companies assume the risks of "insecurity" because they make so much money on "convenience."  (that and the fact that insecure transactions have higher interchange and thus higher profit)  The card companies have consumers trained to "type vs. swipe" and they have them trained to believe in zero-liability, but according to this article, the facts are that consumers actually stand a 20% chance of having that zero liability transformed into 100% liability.
Martyn Hocking, the editor of Which?, said: "Identity fraud is"inconvenient" and stressful, and can also be costly if you're unable torecover your losses.
As consumers become more aware of this fact, will they choose security over "inconvenience"?   If so, I predict it won't be long before we'll see a major behavioral change/shift in the way consumers shop online.  So the question begsto be asked, how convenient is it when the so-called convenience actually causesinconvenience?  If an ounce of prevention is worth a pound of cure,then how long before consumers "weigh in" on the pros and cons of convenience and tip the scalestoward security?

Here is an excerpt from an article from  Compare and Save dot com:

"Clever" criminals cause credit card fraud rise

Which? has issued best-practice credit card guidance.  Many people who suffer from a certain type of credit card fraud are facing difficulty with reclaiming their money, according to the consumer group.
Which? said in new analysis released today that one in five ID theft victims do not get a refund from their bank or credit card provider.
ID theft occurs when a fraudster impersonates a cardholder in order to gain access to their accounts.

It is commonly achieved through criminals looking over a victim's shoulder while they are entering their pin at a cash machine or in a shop and then stealing the card.

Victims can have a hard time getting the money back, as bank rules state that claims can be turned down if the customer acted without "reasonable" care to limit risks.


Continue Reading

Reblog this post [with Zemanta]

Twitter CEO Says No Advertisements will Target Tweeters

Twitter CEO pours cold water on ecommerce ad claims

The chief executive of Twitter has denied that the website will soon launch a service allowing companies to push product recommendations to users.

Rumors of the new ads began last week after Todd Chaffee, a partner at Institutional Venture Partners which has invested in Twitter, told the New York Times Bits blog that such a service is likely to be launched to help the site generate revenues in the near future.

The recommendations would aim to take advantage of the fact that Twitter is used by many people to ask friends and followers for product advice and would take the form of automatic replies to individual tweets containing ecommerce links and money off vouchers, he said.

Evan Williams, chief executive of Twitter, responded to the claims in a comment on a Business Insider article by stating: "Todd ... is not actually on Twitter's board and, in this article, he's brainstorming on his own.

"These are not in the least bit concrete plans of the company."

A study recently conducted by Harvard Business School found that 90 per cent of all posts on Twitter are generated by the top ten per cent of users sending the highest number of tweets.

This news story was brought to you by
Bluhalo, a leading UK

Whitepaper - How To Defend Against New Botnek Attacks

According to Symantec's MessageLabs Intelligence, botnets were responsible for 90% of spam in 2008. More importantly, these compromised "robot" computer networks do not seem to be going away anytime soon.

The ever changing nature of botnets make them hard to detect and even harder to defend against. MessageLabs' latest industry white paper, "How to Defend Against New Botnet Attacks" aims to help you understand how to fight them.

About Bots
or A Bout w/Bots

A "bot" is a type of malware that allows an attacker to take control over an affected computer. Also known as “Web robots”, bots are usually part of a network of infected machines, known as a “botnet”, which is typically made up of victim machines that stretch across the globe.

Since a bot infected computer does the bidding of its master, many people refer to these victim machines as “zombies.”

The cybercriminals that control these bots are called botherders or botmasters.

Some botnets might have a few hundred or a couple thousand computers, but others have tens and even hundreds of thousands of zombies at their disposal. Many of these computers are infected without their owners' knowledge. Some possible warning signs? A bot might cause your computer to slow down, display mysterious messages, or even crash.

How Bots Work

Bots sneak onto a person’s computer in many ways. Bots often spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are instructed to carry out a task. After a computer is taken over by a bot, it can be used to carry out a variety of automated tasks.

To download the whitepaper from ZDNet, click here

NRF and RILA Call Off Merger

NRF, RILA End Merger Discussions

For Immediate Release

Contact: Scott Krugmanor

NRF, RILA End Merger Discussions
Associations Continue to Work Together to Represent Retail Industry

Washington,June 24--The National Retail Federation (NRF) and the Retail IndustryLeaders Association (RILA) today announced that the two organizationshave ended merger discussions.

“Following a deliberativeprocess, RILA and NRF have ended discussions aimed at merging the twoorganizations. NRF and RILA will devote all resources to continuing thework they are each doing to address the serious issues that America’sconsumers and retailers are facing in today’s economic environment,”said the two boards of directors in a joint statement.

TheRetail Industry Leaders Association (RILA) promotes consumer choice andeconomic freedom through public policy and industry operationalexcellence. RILA members include the largest and most successfulcompanies in the retail industry. RILA provides its members with uniqueeducational forums, effective public policy advocacy, and advancementof the retail industry.

The National Retail Federation is theworld's largest retail trade association, with membership thatcomprises all retail formats and channels of distribution includingdepartment, specialty, discount, catalog, Internet, independent stores,chain restaurants, drug stores and grocery stores as well as theindustry's key trading partners of retail goods and services. NRF'smission is to advance and protect the interests of the retail industryand to help retailers achieve excellence in all areas of theirbusiness.


Reblog this post [with Zemanta]

UK Spy Chief Warns of Blackberry/iPhone Threat

UK Spy chief warns of terrorism threat to Blackberrys and iPhones (he won't even have one)

By Tim Shipman, Deputy Political Editor
Last updated at 11:13 PM on 25th June 2009

Editors Note: It's not that the phones themselves are unsafe, it's the fact that the new phones use web browsers. So, more e-vidence that you might want to think twice about typing your credit/debit card numbers into a smart phone. Guess what? Same goes for typing your credit/debit numbers into a box on a merchant website. Here's a story from the UK"s Mail Online:

Security Minister Lord West has warned that BlackBerrys and iPhones are vulnerable to attack from spies, criminals and terrorists. He said Britain must be alert to the growing threat of cyber attacks on computers and internet-enabled smart phones, which costs the country several billion pounds a year.

Lord West, unveiling the UK's first Cyber Security Strategy yesterday, said: 'With an email, more people see what you have written than if you wrote a postcard.
Security Minister Lord West has revealed that he refuses to have a smartphone because of fears of internet hacking

'When you get a new phone you open yourself up to all the internet issues. Suddenly, people can get access to all sorts of data. We know terrorists use the internet for radicalisation, but there is a fear they will move down that path.

'As their ability to use the web grows, there will be more opportunity for these attacks.'

The initiaitive, which will feature an M15-run Office for Cyber Security to coordinate Government policy, will also see teenage computer hackers drafted in to the GCHQ listening post in Cheltenhamto hunt down cyberterrorists attempting to infiltrate Whitehall computer systems.

Officials refuse to say how many times government computers are targeted, but admit that BT alone faces 1,000 attacks every day.

Lord West has revealed he is personally refusing to use any of the new generation of multi-media phones that are on the market.
Security experts have already warned that some mobile phone owners who use text messages to access bank account details face the risk of having confidential information stolen.

Lord West, who has a Nokia business mobile, said today: It's one reason why I have this Stone Age phone.'He said fashionable smart mobiles are at risk if linked to the internet.

Reblog this post [with Zemanta]

Disqus for ePayment News