Thursday, July 2, 2009
MasterCard Puts the 13-Year-Old Wal-Mart Case in the Rear-View Mirror
(July2, 2009) MasterCard Inc. plans to pay off its remaining $400 millionsettlement obligation to retailers over debit card acceptance early fora discounted $335 million, according to a filing the card network madeon Thursday with the Securities and Exchange Commission. Attorneys forthe retailer plaintiffs have signed on to the proposed deal, whichwould happen Sept. 30 if it gets the required court approval.
The casestarted in 1996 when retailers, upset about what they said was the highcost of accepting Visa- and MasterCard-branded signature debit cards,filed lawsuits challenging what were then the bank-owned cardassociations over their so-called honor-all-cards rules. The rulesrequired merchants that accepted Visa and MasterCard credit cards toalso accept the associations’ debit cards. The cases were consolidatedas a class action with more than 8 million plaintiffs and became knownas the “Wal-Mart case” because of the participation of Wal-Mart StoresInc., the nation’s largest retailer.
The cardassociations settled in 2003 for just over $3 billion—reportedly arecord—as the case was headed to trial in U.S. District Court inBrooklyn, N.Y. MasterCard’s portion called for payments into asettlement fund of $125 million by the end of 2003, followed by nineannual payments of $100 million. Visa’s initial payments of $225million were to be followed by annual payments of $200 million endingin December 2012. The card associations also agreed to drop theirhonor-all-cards rules and temporarily lowered signature-debitinterchange.
Continue Reading at Digital Transactions
Munich, Germany, July 2, 2009 -- The SmartPayment Association (SPA), which brings together the industry's largestmanufacturers of payment smart cards, has completed its 2008 internalmarket monitoring activity, undertaken in order to get a betterunderstanding of the current status of the payment smart card marketand its key trends.
- With more than 580 million payment smart cards delivered by its members, SPA represents the vast majority of the payment smart cards market. This figure corresponds to a 39% year-on-year growth (2008 vs. 2007), showing the ongoing momentum of EMV deployment.
- Over 25% growth in all regions with the fastest growth seen in North America, where shipments have more than doubled, CISEEMEA (CIS countries, Eastern Europe, Middle East and Africa) with +65% and South Asia with +49%.
- Open-platform is gaining ground and now represents 15% of all shipments, a 72% increase compared to last year. This can be explained by the development of multi-applicative EMV cards. The 70% year-on-year growth in large memory product shipments and the large increase in open-platform dual interface card shipments confirm this trend.
- Both dual interface and pure contactless cards confirm SPA's expectations, outperforming the market with year-on-year growth rates of 140% and 66% respectively.
- DDA technology is continuing to gain importance, with 69% growth year-on-year, representing 25% of SPA members' shipments in 2008. Migration to DDA has started worldwide, and both Visa and MasterCard mandate that all cards should support DDA by 2011 in Europe. The SPA is about to publish a whitepaper that will present the status of DDA migration and highlight DDA success stories. This document will also outline the impact of DDA migration on banks at both technical and business levels.
The detailed figures of the SPA 2008 market monitoring are only available to its contributing members.
About the Smart Payment Association
Foundedin December 2004, The Smart Payment Association (SPA) is anon-for-profit organisation dedicated to promoting and facilitating theuse of smart cards for payment. The SPA members are Gemalto, Giesecke& Devrient, Oberthur Technologies and Sagem Orga.
The Association's main objective is to accelerate the transition from traditional, magnetic stripe cards to chip based cards by:
- promoting the benefits of smart cards for financial institutions by publishing use cases and success stories on innovative applications;
- ensuring optimal interoperability between all system components, for both payment and value-added applications;
- becoming the voice of the payment industry towards standardization committees and payment associations.
The day before yesterday, in a post entitled: "How to Hack an ATM Live Onstage, Pulled from Black Hat Event" I talked about the decision by Juniper to postpone the presentation. The talk, which would have revealed flaws in theautomated teller machines (ATM) of an undisclosed vendors, will bepostponed until the vulnerabilities are fixed, Juniper said in astatement. The original description of the presentation stated that theresearcher, Barnaby Jack, would "retrace the steps I took to interfacewith, analyze, and find a vulnerability in a line of popular new modelATMs," and would "explore both local and remote attack vectors, andfinish with a live demonstration of an attack on an unmodified, stockATM."
Here's more directly from Juniper's Blog
Juniper’s Decision To Postpone “Jackpotting Automated Teller Machines”
Yesterday, Juniper postponed a scheduled Blackhat USA 2009 presentation by one of our employees, Barnaby Jack, entitled "Jackpotting Automated Teller Machines." This decision has grabbed the attention of the press, the Twittersphere and Blogosphere, and understandably so.
The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and - ultimately - the public. To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen.
Therefore, we felt it our responsibility to delay the presentation until all those protection measures were put into place. Unfortunately, there isn't enough time before Blackhat to make that happen.
We did not arrive at this decision easily. Indeed, we feel that Barnaby's research is important, vital to the advancement of the state of security and should be discussed in an open forum. However, Juniper is also committed to the responsible disclosure of security vulnerabilities, and to protecting the public from them.
We look forward to sharing our findings with the security community in time and, rest assured, we will.
Australia uncovers international credit card scam
Updated July 02, 2009 11:53 AM
SYDNEY (AP) -- Australian authorities have uncovered a 6 million Australian dollar ($4.8 million) international credit card scam that used stolen personal information from people as far away as Britain and Spain, officials said Thursday.
Seven people were arrested Wednesday in searches carried out by a multi-agency team in Sydney and Melbourne, Australian Federal Police said in a statement.
The syndicate allegedly used the stolen personal details to manufacture more than 200 fake credit cards and driver's licenses a week and used them to make up to AU$500,000 in weekly purchases of electronic goods, gift cards, phone cards and alcohol, the statement said.
Federal police Assistant Commissioner Mandy Newton said the personal information was stolen from card holders in Australia, Spain, Britain and Malaysia.
"What we are identifying is a global issue, it is not just in Australia," Newton said. More than 1,200 credit card numbers have been involved in the scam since March, Newton said. The syndicate first came to the attention of police during a 2008 Department of Immigration investigation into a suspected illegal work racket, which uncovered evidence of the credit card fraud.
That investigation identified several illegal immigrants who had been arrested for shopping along the east coast using fraudulent credit cards and who are believed to have been used as shoppers by the syndicate, said Immigration Department investigator Peter Richards, without identifying their nationalities.
The seven people will be charged with offenses including dealing in the proceeds of crime, participating in a criminal group, and making and using false instruments.
The Sad Tale of Abandoned Shopping Carts Browsingand comparing products before adding them to an online shopping carttakes time and effort, but leaving those products is as easy as“click.”And that’s a problem for online retailers.
According to an e-tailing group survey, nearly 60% of US online retailers survey are seeing cart abandonment rates of over 20% this year.
A study by PayPal and comScore found 45% of US online shoppers had abandoned shopping carts multiple times in just three weeks.
Most importantly from the merchants’ point of view, the average cost of abandoned goods in those shopping carts was $109.
In the same study, 46% of online shoppers said high shipping charges were a “very important reason” for emptying carts.
Other reasons for abandonment included:
- Wanted to comparison shop: 37%
- Lack of money: 36%
- Wanted to look for a coupon: 27%
- Wanted to shop offline: 26%
- Couldn’t find preferred pay option: 24%
- Item unavailable at checkout: 23%
- Couldn’t find customer support: 22%
- Security concerns: 21%
“Sweetening the deal with free shipping, coupons and specialdiscounts is a great way to encourage online shoppers to complete theirpurchases.”
And makes leaving carts behind a little bit harder.
Never miss a trend. Learn more about an eMarketer Total Access subscription, today.
(July 2, 2009) NYCE Payments Network LLC expects to start testing Internet-based debit transactions by the end of the year and to start a commercial service some time next year, says Steven A. Rathgaber, president and chief operating officer of the Secaucus, N.J.-based electronic funds transfer network. The service will rely on single-use debit card technology from Verient Inc., a San Jose, Calif.-based technology company.
A unit of Metavante Corp., NYCE signed an agreement with Verient last fall and had originally expected to get a pilot for the online service, which it calls SafeDebit, under way early this year (Digital Transactions News, Nov. 18, 2008). Rathgaber says technology implementation has gone smoothly, but the network has had to contend with the inevitable complexities regarding pricing and other business arrangements that arise when a number of banks, merchants, and networks must work together. “There’s a lot of parties at the dance,” he notes.
Continue Reading at Digital Transaction News
Month Of Twitter Bugs Goes Live With Mini-URL Flaws
Researcher launches Day One of daily third-party Twitter app vulnerability disclosures, while some members of Twitter christen July 1 "TwitterSec Day"
The Month of Bugs phenomenon is back, with a new project aimed at exposing vulnerabilities in third-party Twitter applications.
Day One of The Month of Twitter Bugs project revealed four new cross-site scripting (XSS) vulnerabilities in the popular bit.ly URL-shortening tool used by many Twitter users to shorten links to fit into the 140-character Tweet limit. Bit.ly is also integrated into the popular TweetDeck Twitter interface. The controversial month-of-bugs concept -- where researchers disclose new vulnerabilities daily for a month -- was started three years ago by HD Moore, who brought attention to browser security issues with his Month of Browser Bugs project.
"I hope to raise the awareness of developers using the Twitter API to develop more secure code, as they should understand that that by developing insecure code, they are not only exposing their own users to threats, but the entire Twitter community," says Aviv Raff, the researcher behind the project.
Continue Dark Reading
Or for more information, go straight to the source, this from: http://aviv.raffon.net/
Back in July 2006, I had the opportunity to be part of a cool initiative called “Month of Browser Bugs”. This initiative was created by H.D Moore in order to raise the awareness of security vulnerabilities in web browsers. Back then it was mainly focused on system Active-X issues, but it also provided some great examples of how, so called “unexploitable” vulnerabilities, can still be abused for a remote code execution. The initiative was a great success, in my opinion, and made the browser vendors more attentive to security vulnerabilities in their products (e.g. In Internet Explorer 8, installed Active-X controls are now not running automatically, and can be opted-in to run on specific sites).
Today, three years after the “Month of Browser Bugs”, I’ve decided to declare July 2009 as “Month of Twitter Bugs” (MoTB). I’m doing so in order to raise the awareness of the Twitter API issue I recently blogged about. MoTB could have been easily converted to any other “Month of Web2.0 service bugs”, and I hope that Twitter and other Web2.0 API providers will work closely with their API consumers to develop more secure products.
Each day I will publish a new vulnerability in a 3rd party Twitter service on the twitpwn.com web site. As those vulnerabilities can be exploited to create a Twitter worm, I’m going to give the 3rd party service provider and Twitter at-least 24 hours heads-up before I publish the vulnerability.
Even though I have enough vulnerabilities for this month, you are more than welcomed to send me (via email or twitter) vulnerabilities you find in 3rd party Twitter services. I will do my best to publish all submitted vulnerabilities. I will, of course, credit the submitter.
The PIN Payments Blog has focused on eCommerce and security since it's inaugural post in March of 2008.
As I have come to learn, some believe I do it to bash the industry for supporting products which encourage consumers to enter (type) their card number, or their username and password into boxes on the web, or click their mouse...but that's not why I do it.
I do it because I understand that the information superhighway known as the web, is exactly that. An information superhighway. It's also known as the web, and what a wicked web it is...hackers, keyloggers, screen scrapers, data stealing malware, zombies, etc.
Think of hackers as Big Nasty Spiders and your financial data as a big meaty fly. Get the picture? If not, there's one on above on the left.
When websites ask you to enter (type) your credit card or debit card numbers into a box, I know that it's Pandorian in nature and I want to prevent you from boxing yourself in. Consumers cannot "realistically" expect that their card numbers are going to be safe. Sure it may "seem" convenient, but things aren't always as they seem, are they? On the flip side, sometimes they are...and it sure "seems" that as time goes by, hackers get more advanced thus create more advanced programs designed to steal your financial information. Who knows what they'll come up with tomorrow?
This much I do know. When I started this blog, it was safer to type your cardholder data into the web than it is today. And it's safer today than it will be tomorrow. Therefore, the day after tomorrow seems to be the day when everyone will understand that "what we are trying to do here on the blog" is come from help...not anger industry insiders, nor do we want to be perceived as viciously criticizing so-called competitors.
What we try to do here is best represent the truth on this blog...and the truth is, IT IS NOT SAFE TO TYPE YOUR CREDIT CARD NUMBERS INTO A BROWSER.
Speaking of competitors (and truth) HomeATM created a software-based PIN platform years ago, and contrary to a YouTube video floating around out there on the web, it was not a so-called competitor, but HomeATM, who conducted the "first" software-based PIN debit transaction on the web. We did it in 2005, (documentation available upon request) in front of a bunch of Intel "higher ups" who in addition to asking if we were crazy, (like PC's they know the risks inside and out) practically laughed us out of the room.. .That experience instigated our engineering department to re-evaluate how PIN transactions should be conducted on the web, and there is only one way. "Outside the Browser Space." (OBS)
So, we scrapped the software PIN debit thingy and went to work on creating a secure terminal with a built-in PIN Pad...and lo and behold, HomeATM conducted the "first" end-to-end-encrypted PIN Debit application using the Internet. (using a "secure" 3DES, protected by DUKPT hardware device, just like they do it in the stores!)
Now, there were two more tasks at hand. The first one was achieved last March 17th, ironically while HomeATM Chairman and CEO, Ken Mages and I were listening to PCI General Manager, Bob Russo speak. named HomeATM was certified as the first manufacturer in the world with a PIN Entry Device specifically designed for eCommerce usage as PCI 2.x Certified and listed us on their website.
Final task. Get our manufacturing costs down to a price point where distribution to the masses is feasible.
The mountain: Credit/Debit Card Terminals cost $500.00+ and PIN Pads cost $150.00+ (and encrypting the PIN Pad costs an additional $25.00+)
The result: HomeATM becomes the first company in the world to manufacture and offer a credit/debit card terminal with integrated PIN Pad for less than $25.00! (including PIN Pad encryption!)
The end result? "HomeATM Knows PIN." That said, I suspect, (k)no(w), make that know, that yesterday's doubting Thomas' will become tomorrows believers/customers...especially as new reports, like the one released by Trend Micro (below) state what we have stated from day one. It's a dangerous and scary world (wide web) out there!
If that's not scary enough, here's more...did you know that a signature debit transaction is at least 10 times LESS secure than a PIN Debit transaction? That's in the brick and mortar world. So how many times LESS secure is a "card not present" (no signature) debit transaction vs. a PIN Debit transaction? Yet signature debit is being pushed by issuers "over" PIN debit. Why? All in unison! Because they make more money! Yup, the less secure the transaction, the more money they make. At whose expense? Two guesses. If you said consumers and/or merchants your right.
In it's first Focus Report, Trend Micro examines the growth of data-stealing malware, the most dangerous of web threats today. Growth of this threat is unprecedented and you are in exponentially MORE danger today, than when the PIN Payments Blog first started emphasizing the inherent dangers of conducting eCommerce on the web.
According to Anti-Phishing Working Group (APWG) statistics, the number of sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December 2008—an 827 percent increase from January
While the term "data-stealing malware" is a relatively new one, itssole purpose for existence is a familiar story: To steal proprietaryinformation such as online banking credentials, credit card numbers,social security numbers, passwords, and more from compromised networksand PCs in order to fuel an underground cyber crime economy driven byprofit-seeking criminal networks that cross geopolitical boundaries.
Trojans are the fastest growing category of data-stealing malware,according to data from TrendLabs, Trend Micro's global network ofresearch, service, and support centers committed to constant threatsurveillance and attack prevention. Trojan attacks pose a seriousthreat to computer security. True to their name, they typically arrivedisguised as something benign such as a screen saver, game, or joke.Based on TrendLabs research:
- In2007, 52 percent of data-stealing malware were Trojans; in 2008, thatnumber increased to 87 percent; as of Q1 2009, 93 percent ofdata-stealing malware were Trojans.
- Trojans and Trojan spywareare the predominant type of data-stealing malware in all regionsmonitored by TrendLabs, including Australia, Asia, Africa, SouthAmerica, North America and Europe.
81.6% of Survey Respondents Prefer "Swiping" to "Typing!"
Below you will find partial results of our 5 question survey.
If you haven't yet participated in our survey, please refresh the page and do so. We value your insight. There are only five questions and it won't take but about 30 seconds of your time! Thanks in advance!
Here's a question, rhetorical as it may be..."When you go shopping at a brick and mortar store, would you "write down" your credit or debit card number on a piece of paper and hand it to the cashier, or worse yet, just leave it on the counter?
So when it comes to "online shopping" it does not take a lot of imagination to see the analogy here, does it?
While 73.7% of respondents to our survey believe it is "unsafe" to "type" their account numbers into a box on a website, and even higher number of respondents (81.6%) agree that it makes much more sense to replicate the brick and mortar experience and would prefer to swipe their card in the safety of their own home, rather than type their card number into a box on a merchant's website.
79.9% believe it makes more sense to swipe their card and enter their PIN to log-in to their online banking account rather than "type" their username and password.
Here's a blurb from "The Street" which is reporting that they'll pay off the remaining $400 million balance with a $335m lump payment at the end of Q3...
MasterCard (MA Quote)plans to pay $335 million by the end of the third quarter to pay offthe remainder of a six-year-old class action suit alleging theelectronic payments company violated federal antitrust regulations.
The Purchase, N.Y.-based company settled a class action lawsuit in June2003 with a number of U.S. merchants that took issue with certainantitrust aspects of the payment card industry. Under the settlement,MasterCard was required to pay $125 million in 2003 and $100 millionannually each December from 2004 through 2012.
The company said in a Securities and Exchange Commission filingon Thursday that it had entered into an agreement the prior day thatwould allow for MasterCard to prepay its obligations of the remaining$400 million at a discounted amount of $335 million on Sept. 30.
Continue Reading at "The Street"
Prepaid Cards and Coinstar Kiosks Enable Gaming Payment for Those without Credit Cards
Predominantly designed for the youth market, Rixty is a flexible payment option for any age bracket due to its ease of use and accessibility. By rolling out at more than 9,000 Coinstar(R) kiosks in the US, users will enjoy the convenience of adding to their online accounts by simply choosing the Rixty option when exchanging their coins for free at local Coinstar machines. In addition to the Coinstar kiosks, users will also have the option of buying prepaid cards through the in-store racks at more than 1,000 retail locations, including Cumberland Farms and Hess convenience stores.
Realizing that merchants have traditionally faced difficulty reaching younger audiences that often have limited access to more traditional payment forms, such as credit cards, Rixty aims to reduce that transactional friction and allow users to spend freely across a variety of online publishers.
"Rixty started with the idea that there should be some way to allow online entertainment enthusiasts, particularly the younger generation, the ability to enjoy what's available without relying on a credit card," said Ted Sorom, CEO, Rixty. "Our goal is simple: To provide anyone and everyone the freedom to choose how and where they spend their online entertainment dollars. Rixty does this by converting loose change into online purchasing power."
Rixty is launching with top publishers in the massively multi-player online (MMO) game space, including Perfect World Entertainment, ijji.com, GamesCampus, Ntreev USA, Ndoors Interactive, Inc., ourWorld.com, and Three Rings Design, publisher of Puzzle Pirates and Whirled. Rixty supports business models from microtransactions to subscriptions and is compatible with all types of online entertainment, including downloadable games, virtual worlds, casual and social games on social networks, digital downloads such as music mp3s, videos and games, mobile games and ringtones. The cash-based system also empowers the younger audience to take control of their entertainment spending without requiring adult involvement or a bank account.
"Rixty's new payment solution enables many of our young gamers who don't have credit cards or Paypal to purchase in-game items in Trickster, Grand Chase and Pangya," said Chris Lee, CEO, Ntreev USA. "We are very excited to partner with Rixty."
Merchants have searched for ways to attract new customers who might have previously experienced barriers to entry, which Rixty addresses with a cash option most e-commerce outlets have lacked. In addition, Rixty offers merchants the opportunity to be "discovered" by showcasing new games and online goods on the Rixty website.
"We are very pleased to add Rixty to our payment offerings," said David Chang, executive vice president, GamesCampus. "Rixty allows our users to buy items through their unique payment channels, allowing us to expand our paying customer base."
"What's great about Rixty is its ability to reach a broad spectrum of users from a wide demographic in various age groups," said Joon Kim, customer service manager, Perfect World Entertainment. "Rixty is convenient, easy to use, and widely available in many places."
Rixty is an alternative payment system designed specifically for today's online youth, empowering them to take control of their entertainment spending and giving them access to the online world of multiplayer and downloadable games, virtual worlds, social networks, digital downloads, mobile games and ringtones. Rixty never charges users fees and by reducing payment friction, Rixty converts more users into paying customers, significantly increasing online publisher's revenues. For more information, visit www.rixty.com.
All trademarks are the property of their respective owners.
In the past, I've playfully (and not so playfully) been more than a little harsh on Visa, but my, my, this Steve Reeves makes me look like a shareholder...lol
Visa Keeps Throwing Away Billions for Lawsuits | The StockMasters
by Steve Reeves
Its a good thing Visa Inc. (NYSE:V) raked in $6.2 billion in revenue last year as today they are setting aside another $700 million to cover lawsuits. Let's not forget Visa put $3 Billion in its litigation fund in March 2008, and another $1.1 billion in December. But hey, what the hell, just charge it!
Editors Note: I took the liberty to add those up, and the total figure is a whopping $4.8 Billion dollars in their litigation escrow fund. Guilty conscience or not, they do seem to have covered their butt in case a company points (for example) that although PIN debit is the most secure and safest form of payment in the brick and mortar space, it's amazingly absent in the fraud ridden web space, costing Internet Retailers hundreds of millions of dollars on Interchange fees. Brick and Mortar retailers are up in arms over Interchange, but Internet Merchants are curiously quiet, yet they are the ones that pay the highest fees. So, $4,800,000,000 since March of 2008 equivocates to $340,000,000 per month over the last 15 months.
Anyway, back to Steve Reeves story...
Visa Inc. shares aren't doing much today, standing still at $62 on today's news, here's a quick look at the high's and low's for Visa's share price:% From 52-Wk High ($ 82.84 ) -31.30 %
% From 52-Wk Low ($ 41.78 ) 33.78 %
% From 200-Day MA ($ 57.44 ) 8.96 %
% From 50-Day MA ($ 65.27 ) -3.46 %
Price % Change (52-Week) -23.80 %
The credit and debit card network has spent $2.1 billion in a settlement with American Express Co (AXP.N) over anti-competitive practices, and last year it agreed to pay $1.89 billion to Discover Financial Services (DFS) over several quarters in a similar settlement.
Visa said the new addition to its litigation account had the effect of a $700 million repurchase of the company's common shares. Under the terms of its initial public offering, Visa's U.S. bank shareholders agreed to have their stakes diluted to fund litigation in order to save other shareholders from direct losses from lawsuits in certain U.S. court cases.
Visa -- for shareholders, they are everywhere you want to be, except when it comes to massive lawsuits.
Visa on Wednesday said that it had sold roughly 136.5 million shares VisaNet do Brasil through its Visa International subsidiary, in connection with the Brazilian unit’s initial public offering.
The company plans to keep about half of the roughly $1 billion proceeds from the sale of the VisaNet do Brasil shares. VisaNet, the credit card processor, raised 8.4 billion reais ($4.3 billion) in its initial public offering last month.
The Wall Street Journal reports that Visa Inc. (V) said its international arm's initial public offering in Brazil was the first IPO in the Brazilian market this year. For its offering, the credit-card transaction processing giant said it would retain about half of the proceeds after taxes, and said it would record a gain of about $235 million from the sale in its fiscal third quarter ended June 30.
The company said its subsidiary, Visa International, sold 136.5 million shares of VisaNet do Brasil in the IPO.
Continue Reading at the Wall Street Journal
"The increased variety and volume of attacks is inevitable given cyber criminals' desire to obtain personal and confidential information, and gain access to financial accounts,'' Raymond Choo at the Australian Institute of Criminology said.
"There have been a number of cases in Australia and overseas about cyber criminals stealing funds from bank accounts by hacking into those accounts through the internet,'' Dr Choo said.
"Cyber attacks will be more targeted especially organizations in the financial services industries and their top executives will be targeted more heavily than others, with financial gain being the ultimate goal.''CBA's NetBank woes blamed on cyber attack
NetBank woes - cyber attacks set to spread | Chris Zappone July 2, 2009
Commonwealth Bank says it still cannot pinpoint the source of a presumed cyber attack blamed for preventing customers from accessing their online accounts, highlighting a security risk expected to become more common in coming years.
Thousands of Commonwealth Bank's 2.5 million NetBank customers continue to be prevented from viewing accounts and carrying out transactions today, nearly a week after the bank was target of what it says was probably a denial-of-service attack by hackers.
D-O-S attacks involve flooding a computer with large volumes of malicious data, in order to knock it offline. The malicious data, now quarantined by the Commonwealth Bank, "was coming from offshore'', CBA chief information officer Michael Harte said.
"We still don't know the origin of it and why there would be such large volume,'' he said. "We're doing further forensics (on the suspicious emails) to make sure we're absolutely safe.''
Mr Harte said a suspicious spike in traffic, beginning Sunday, came amid the end-of-the-year volumes from legitimate customers, which were also higher than expected for the recently launched NetBank platform.
This morning, NetBank customers logging in were warned "that some transactions completed between 27/3 and 29/6 are not displaying on some accounts within NetBank".