Friday, August 7, 2009

Outage Costs PayPal Users Up To $32 Million -- Report (EBAY)

According to the Silicon Alley Insider, Monday's outage cost PayPal users between $7 and $32 Million...

eBay's (EBAY) payments business PayPal went down Monday for about 4.5 hours.

Uptime monitoring service Royal Pingdom estimates the outage cost PayPal's vendors between $7 million and $32 million.

Pingdom: According to eBay (which owns PayPal), about $2,000 in payments flow through PayPal’s systems every second. This means that PayPal processes about $7.2 million in payments every hour for its users.

On its official blog PayPal has stated that the service was completely down, globally, for about one hour. So the outage cost PayPal users at least around $7 million. But PayPal also admits that it took an additional 3.5 hours after that before the service was fully restored, something we also need to take into account.

This means that the outage and following service problems cost Paypal users somewhere between $7 million and $32 million in lost payments.

Continue Reading

Reblog this post [with Zemanta]

MasterCard Becomes The First Card Brand To Publish PCI Fines

Evan Schuman's "Storefront Backtalk" is reporting that MasterCard has published it's PCI fines in a move to remove itself from the PCI shadow of Visa...

MasterCard has become the first card brand to publish its PCI fines and related requirements, a move that could be the latest signal that MasterCard wants to step out of the PCI shadow of its larger rival, Visa. The dollars themselves do not reflect a radical change, although they do include some healthy increases.

“The noncompliance assessment structure now contains escalating assessments per violation within a calendar year,” said the document sent to members earlier this summer. “Maximum assessments for initial noncompliance for Level 2 and Level 3 merchants have increased to $25,000 and $10,000, respectively. Furthermore, the $500,000 annual aggregate maximum for acquirer noncompliance assessments related to program noncompliance has been discontinued.”

As for those escalations, MasterCard has grouped Levels 1 and 2 together. The first violation for those groups is $25K, jumps to $50K for the second violation, $100K for the third violation and $200K for the fourth. Level 3 retailers face first through fourth violation fines of $10K, $20K, $40K and $80K. Service providers that are ranked either Level 1 or Level 2 will see first through fourth violation fines of $25K, $50K, $100K and $200K.

Continue Reading at Storefront Backtalk

Editors Note:  Want to find out how you can remove your company from the scope of PCI compliance?  Send me an email:

Survey Says...Swipe!

Survey finds e-threats adapting to online behavioral trends

Editor's Note:  If the cardholder "swiped" instead of "typed" then the malware would be rendered non-consequential.  When the cardholder "swipes" their card, the cardholder data is immediately "encrypted" inside our PCI 2.x certified card reader with built-in PIN Pad.  The 3DES DUKPT encrypted file is then sent via the Internet (not the Web) to a secure HSM.  No data is ever in the clear so the cardholder is SAFE from the threat of Malware...and keylogging and phishing. 

Mountain View, Calif., Aug. 7, 2009 -- Malware writing has become a full-fledged business -- shaped after corporate models, according to BitDefender®, an award-winning provider of innovative anti-malware security solutions. Today, BitDefender released the results of its malware and spam survey from January through June 2009, showing HTML newsletter-impersonating spam and web 2.0 phishing attempts witnessing a sharp rise.

Malware Threats in Review

During the fist six months of 2009, malware writers have continued their efforts to infect computer users in order to receive direct financial gain and/or to seize control over their machines. According to the report, Trojan-type malware is on the rise, accounting for 83 percent of the global malware detected in the wild.

While Trojans were the most active e-threats in the last six months, the notorious Downadup Internet worm caused the most damage to users. Downadup managed to infect a record number of worldwide computers (about 11 million) and made headlines of most, if not all, computer magazines and mainstream media. Targeting systems with unpatched MS08-067 vulnerabilities, the worm can send itself to any clean computer it has already infected on the same network and looks to gain access to file shares. Although Microsoft issued an out-of-cycle patch for the vulnerability, the infection is still in the wild, with hundreds of systems compromised on a daily basis.

"The Internet is one of the most important communications vehicles -- used for business, schooling and leisure. It has also become a channel for criminals to gain access to a vast number of computer systems, financial data and information," said Vlad Vâlceanu, Head of BitDefender Antispam Research Lab. "Cybercriminals are not going to stop looking for ways to enhance their e-threats, which is why it is essential for computer users to make sure they have a security solution in place that can provide them with advanced, proactive protection."

BitDefender found that during the last six months, the most active countries in terms of spreading malware were China, France and the United States, followed by Romania, Spain and Australia.

BitDefender estimates that more than 55,000 users fall victim to phishing scams each month, totaling an impressive 330,000 victims from January through June 2009. In order to successfully deceive their victims, phishers must impersonate (aka spoof) the genuine page as accurately as possible. However, while replicating the original webpage is simply a matter of copy-and-pasting, the spam message usually contains misspelled words and/or negligent formatting.

This is not the case with most of the phishing raids targeting Bank of America. Not only is the text impeccably laid out, but the phishing page has also been crafted with an unusual attention to detail, suggesting that the people responsible for the phishing attacks are a highly organized gang of cyber-criminals.

"Most importantly, unlike malware, phishing and spam are universal e-threats -- they work on any computer, regardless of their operating systems and security patches," Vâlceanu commented. "Extra caution and a highly-rated antimalware solution with antispam, antiphishing and antimalware modules are a must-have for anyone surfing the web."

For more information on this survey, please visit .

To stay up-to-date on the latest e-threats, sign-up for BitDefender's RSS feeds here.

About BitDefender®

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Source: Company press release. 

Reblog this post [with Zemanta]

Does Bing have More Bang than Google?

The Bing Bang

Bing it On!

By Don Davis - Internet Retailer

Search engines account for much of the traffic to retailers’ web sites, and Google dominates search. That means any challenge to Google’s near-monopoly position in search is big news—and potentially good news—for e-retailers.

Google today faces a big challenge indeed, from software giant Microsoft Corp., which threw down the gauntlet June 3 with the launch of its new search engine, Bing. Microsoft is backing up Bing with a major national advertising campaign, has cut deals to make Bing the default search engine on millions of PCs and mobile phones, and says it’s willing to spend billions more to gain search market share.

And there’s one more reason to believe Google finally has a worthy competitor: Microsoft just might have built a better search engine.

Instead of just providing a list of links to web pages, Bing’s search results page categorizes results, makes it easy to refine queries, lets users track queries, provides a glimpse into the web page listed, and summarizes the content of consumer and expert reviews from across the web.

“It’s very cool to see someone making a bold move forward in search,” says Eric Archuleta, CEO of online musical instruments retailer Musician’s Hut. “I’m a fan of Bing. It’s helpful to me to find more information, instead of just an index. It’s going to be a great tool for shoppers.”

He’s not alone in praising Microsoft’s work. Bing “will so improve the search experience that users will demand other engines follow suit,” wrote analyst Shar VanBoskirk of Forrester Research Inc. in a recent report entitled “Bing: The Next Big Search Thing.”

Retailers are also high on Bing for another reason: It could give them an alternative to Google for paid search, and prompt Google, Microsoft and Yahoo to court marketers’ dollars with innovations and better pricing.

Continue Reading

Reblog this post [with Zemanta]

Amazon Builds Android App

Amazon builds an Android app to let more customers shop via mobile phone Inc. has introduced its latest mobile shopping application, Amazon App for Android, which is available as a free download to a user’s Android operating system-based device in the online Android Market.

The Amazon mobile app includes the experimental Amazon Remembers feature, first introduced in the e-retailer’s iPhone and iPod Touch app, that gives Android users two different ways to use their device camera to find and remember items available for sale on they can either snap a photo of an item or a barcode and then receive a product match. For many photos and barcodes, matches are instant; other items take a few minutes, Amazon says.

Android is an open-source operating system that can be customized for Internet-enabled handheld devices. Amazon’s App for Android can be downloaded from, or by searching for “” in the Android Market section of an Android mobile device.

“Customers have been requesting an Amazon shopping application on their Android devices,” says Sam Hall, director of Amazon Mobile. “In addition to their favorite Amazon shopping features, Amazon App for Android users can use Amazon Remembers to easily keep track of the items they see in their daily lives and even instantly match photos and barcodes to products available at”

Continue Reading at Internet Retailer
Reblog this post [with Zemanta]

Debit Cards Overtake Credit Cards

The Wall Street Journal is reporting that Debit is replacing Credit when it comes to consumer payment choices.
"As the credit-card industry reinvents itself amid a dismal economyand a new regulatory regimen, consumers are rebelling. They’re goingdebit.
Some 58.2% of card transactions are now paid for with debit cards,compared to 41.8% with credit cards, according to data from the NilsonReport. Debit cards now represent 38.3% of card dollars spent, comparedto only 26% in 2002. 

Recent research from Javelin indicates that credit cards are nearly twice as likely to fall prey to card fraud." 

Continue Reading at WSJ Blogs

Reblog this post [with Zemanta]

Internet Gambling Payment Processor Indicted

Internet Gambling Payment Processor Charged With Bank Fraud, Money Laundering and Illegal Gambling Offenses

NEW YORK, Aug. 6 /PRNewswire-USNewswire/ -- Lev L. Dassin, the Acting U.S. Attorney for the Southern District of New York, and Joseph M. Demarest, Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (FBI), announced today the filing of an indictment charging Douglas Rennick with bank fraud and other offenses stemming from his role in processing more than $350 million for Internet gambling companies. According to the indictment filed yesterday in Manhattan federal court:

Since at least 2007 through June 2009, Rennick opened a number of bank accounts in the United States under various corporate names, such as KJB Financial Corporation, Account Services Corporation and Check Payment Financial Co. In opening the accounts, he and his co-conspirators falsely represented that the accounts would be used for such purposes as issuing rebate checks, refund checks, sponsorship checks, affiliate checks and minor payroll processing. In fact, Rennick and his co-conspirators used the accounts to receive funds from offshore Internet gambling companies that offered, variously, poker, blackjack, slots and other casino games. Rennick and his co-conspirators then disbursed those funds via checks to U.S. residents seeking to cash out their gambling winnings. Rennick and his co-conspirators provided false and misleading information to U.S. banks about the purpose of the accounts because the banks would not have processed the transactions had they known they were gambling-related. In total, Rennick and his co-conspirators processed more than $350 million transferred from a Cyprus bank account to various U.S. bank accounts for this purpose.

Rennick is charged with one count each of conspiracy to commit bank fraud, conspiracy to engage in money laundering and conspiracy to operate an illegal gambling business. If found guilty, Rennick faces a maximum term of 30 years in prison and a $1 million fine on the bank fraud charge, 20 years in prison and a $500,000 fine on the money laundering charge, and five years in prison and a $250,000 fine on the gambling charge. The indictment also seeks the forfeiture of at least approximately $565,908,288, which represents the amount of proceeds obtained as a result of the illegal gambling and bank fraud conspiracies. The case has been assigned to U.S. District Judge Sidney H. Stein.

Rennick, 34, currently resides in Canada.

Mr. Dassin praised the investigative work of the FBI and thanked the Department of Homeland Security's U.S. Immigration and Customs Enforcement and the Internal Revenue Service for their assistance in the investigation. Mr. Dassin added that the investigation is continuing.

Assistant U.S. Attorneys Arlo Devlin-Brown and Jonathan New are in charge of the prosecution, and Assistant U.S. Attorney Jeffrey Alberts is in charge of the forfeiture in this case.

The charges contained in the indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

SOURCE U.S. Department of Justice

Reblog this post [with Zemanta]

NCR's Ethical Hacking Curruculum

NCR stays ahead of criminals through ethical hacking curriculum

Partnership with University of Abertay Dundee leads to proactive global security solutions for ATMs

NCR Corporation(NYSE: NCR), the global leader in ATMs, is staying ahead of criminalhacking threats to ATMs by having academia help uncover potentialthreats first.

Working with the University of Abertay Dundeein Dundee, Scotland, NCR has developed the world’s leadingcorporate-academic alliance devoted to uncovering and addressingcriminal hacking threats posed to ATMs.  Rather than reacting to knownthreats as they arise, the security intelligence gained and adoptedbetween NCR and the University of Abertay through the ‘Ethical Hacking’ program is designed to stop would-be hackers and viruses before crimes occur.

Approved and partially-funded through the United Kingdom ’s Knowledge Transfer Partnership (KTP), the awarded contracts represent a joint venture between the University of Abertay Dundeeand NCR Labs, the advanced development arm of NCR. The aim of theprogram is to ensure that consumer trust in self-service is notcompromised by criminal actions involving ATMs.

The current contract, the second to be approvedthrough the KTP, focuses on personal authentication measures requiredto gain access to ATMs. The critical knowledge of illicit access toATMs is an ongoing and growing threat to many ATM users.

“NCR is committed to holding its place as theindustry leader in defending the integrity of the ATM channel for thosewho place their financial trust in us,” said Mark Grossi, head of NCRLabs. “This relationship is one of the ways NCR stays at the forefrontof technology in our proactive fight against ATM crime.”

“The support from the Knowledge TransferPartnership and NCR has enabled the university to develop world-leadingresearch and education that have a significant impact on globalsecurity,” said Colin McLean, program tutor, school of computing andcreative technologies, University of Abertay Dundee. “We’ve enjoyed building a relationship with NCR and take pride in thecontributions these students have made in preventing unlawful criminalthreats.”

The success from NCR’s partnership with the University of Abertayhas led to notable achievements for both parties. The university hassince implemented an ethical hacking program and offers two degrees –Bachelor of Science and Masters of Science in Ethical Hacking.Additionally, NCR has incorporated the program’s findings on crimeprevention into its research and development to provide secure ATMsolutions to financial institutions.

All program proposals receive approval through theKnowledge Transfer Partnership, which was designed to capitalize on thewide-ranging knowledge, technology and skills found within the U.K. Each program is funded in part by the Technology Strategy Board and 17 other funding organizations.
NCR is a leading provider of hardware and software security solutions for ATMs.  Among NCR’s ATM security portfolio:

  • NCR has sold more than 50,000 licenses of Solidcore for APTRA™, the only proven security solution to preserve system integrity and prevent malware on ATMs. 

  • NCR’s latest family of ATMs, NCR SelfServ,is the first to introduce a protected USB architecture that isself-contained within the ATM, helping mitigate the risk of fraudulentconnection of unauthorized USB devices.

  • Fraudulent Device Inhibitor (FDI) is an externalilluminated hardware feature or kit that makes it difficult forcriminals to attach foreign devices on or around an NCR ATM card reader.

  • Intelligent Fraud Detection (IFD) is a uniqueapproach to countering ATM fraud. Designed to be flexible, NCR IFD candetect a variety of fraudulent devices that criminals may attempt toadd to the ATM fascia. The deployer receives an instant alert as soonas a fraudulent device has been added to the ATM, even before any fraudhas taken place.
About NCR Corporation
NCR Corporation (NYSE: NCR) is a global technology company leadinghow the world connects, interacts and transacts with business. NCR’sassisted- and self-service solutions and comprehensive support servicesaddress the needs of retail, financial, travel, healthcare,hospitality, entertainment, gaming and public sector organizations inmore than 100 countries.  NCR ( is headquartered in Duluth, Georgia.
# # #
NCR is a trademark of NCR Corporation in the United States and other countries.

News Media Contact
Jeff Dudash
NCR Corporation

Reblog this post [with Zemanta]

Disqus for ePayment News