Tuesday, August 18, 2009

Hacking...New and Improved by 100,000

Internet Retailer published an article discussing yesterday's new debit and credit card fraud indictments...and are advising Internet Retailers not to let down their guard.  Based on the fact that Albert Gonzalez, a.k.a "Soup Nazi" has been in jail since March of 2008 and the number of SQL attacks has quadrupled since then, I would say that is good advice.

Here's an excerpt from the story...

“You should be just as nervous today as you
were yesterday, because there’s not just one of these guys,” says
Andrew Lauter, chief technology officer of fraud-prevention firm
Accertify LLC. “Everything he knew and learned has probably been
disseminated to another 100,000 bad guys.”

Editor's Note:  And they've more than likely improved it with more than lemon since then...

There are several lessons for online retailers in this story, security experts say.

One is that, although the data was stolen by breaching systems in bricks-and-mortar stores, often the card numbers are used to make fraudulent purchases at retailer’s Internet sites, says Michael Petitti, chief marketing officer of payment security firm Trustwave. That’s because the criminal often can complete a web purchase with just a card number, the kind of data this crime ring allegedly stole in large numbers.

It’s also noteworthy, Petitti says, that the way they broke into computer networks involved an attack known as SQL injection, in which the hacker enters into an information field software code that, if not blocked, gives the hacker broad access to data in a computer network. In the case of online retailers, SQL injection attacks often take place on checkout pages where consumers are asked to type in such information as name and address.  (and credit/debit card numbers)

However, increasingly hackers are carrying out such attacks on non-payment pages, such as customer support pages of a web site, figuring those pages are not as carefully reviewed by security experts, Petitti says. Even online social network pages that request information can be targeted in a SQL injection attack, he adds. He says the solution is to make sure a qualified security expert reviews any new web site application to make sure it’s not vulnerable to this type of attack.

Another result of this massive fraud is that criminals now often have more information about a consumer—not just card data but in many cases name and address, for instance, says Paul Brock, senior manager of managed services at payment processing and security firm CyberSource Corp. In addition, hackers have become adept at hiding their true Internet address, often by taking over the PCs of unsuspecting consumers.

Thus, a criminal who has card data about a consumer who lives in Los Angeles can take over a computer in that city and make a purchase from an online retailer that appears to be coming from the area where the legitimate cardholder lives, even though the hacker may be in another country.

Read the Entire Story at Internet Retailer.com

Reblog this post [with Zemanta]

More Rights for Credit Card Users...Begins Thursday

Starting Thursday, Credit Card Users Get More Rights
By Nancy Trejos Washington Post Staff Writer  | Tuesday, August 18, 2009

The first phase of the landmark credit card legislation signed by
President Obama in May will take effect this week, forcing card issuers
to give consumers more time to pay their bills and to consider interest
rate increases.

Starting Thursday, issuers must give customers 45 days' notice
before raising their interest rates, instead of 15 days as previously
required. Customers can then choose to pay what they owe at the
original rate over time but will not be able to use the card for future

Continue Reading at Washington Post

Elavon Extends Keycorp Joint Venture

Elavon Secures Three Year Extension for Keycorp Joint Venture

ATLANTA, - August 18, 2009 - Elavon, a leading global card acquirer, has extended its joint venture agreement with Cleveland-based KeyCorp (NYSE: KEY) for KeyBank's merchant referral business. KeyBank markets Elavon's merchant processing services to business customers through 21 geographic districts spanning across a 13-state network of almost 1,000 commercial office and retail branch locations. The agreement extends an over 10-year relationship between Elavon and KeyCorp.

"Elavon's flexible and robust processing network is backed by industry-leading customer service, which translates into the best possible scenario for our clients," said Carl Stauffeneger, senior vice president and head of KeyBank's payments product group. "We continue to take notice of Elavon's industry leadership, PCI compliance initiatives and strong performance, and are pleased to continue our mutually beneficial relationship."

The extended agreement allows for KeyBank to continue offering white-labeled merchant services backed by a company solely dedicated to the payments industry. Elavon's entire, robust solutions offerings are available to KeyBank merchants, from credit and debit processing to Dynamic Currency Conversion, Electronic Check, Gift Card, professional services and free online reporting.

An added benefit to KeyBank merchants is enrollment in Elavon's PCI Compliance Program, a comprehensive approach to assisting merchants meet compliance requirements that includes education, validation, scanning services and financial protection of up to $100,000 in the event of a data breach.

Stuart Harvey, chief executive officer of Elavon, said his company appreciates the relationship it has had with KeyCorp for more than a decade. "KeyCorp is a strong leader in regional banking," Harvey said. "Their commitment to providing exceptional value and innovation to customers has resulted in strong portfolio performance, and we look forward to continuing our relationship."

About Elavon:

Elavon's Global Acquiring Solutions organization is a part of U.S.
Bancorp. Elavon provides end-to-end payment processing services to more
than one million merchants in the United States, Europe, Canada and
Puerto Rico. Solutions include credit and debit card processing,
electronic check services, gift cards, dynamic currency conversion,
multi-currency support, and cross-border acquiring. Elavon's services
are marketed through multiple alliance partner channels including
financial institutions, trade associations and ISOs. Elavon has
solutions to meet the needs of merchants in specialized markets
including small business, retail, hospitality/T&E, health care,
education and the public sector. Visit Elavon online at www.elavon.com.

About KeyCorp:

Cleveland-based KeyCorp is one of the nation's largest bank-based
financial services companies, with assets of approximately $98 billion.
BusinessWeek Magazine named Key the top bank in its Customer Service
Champ 2009 edition, ranking Key 11th out of the top-25 companies that
include many known for their customer service acumen. Key companies
provide investment management, retail and commercial banking, consumer
finance, and investment banking products and services to individuals
and companies throughout the United States and, for certain businesses,
internationally. For more information, visit https://www.key.com/.

Reblog this post [with Zemanta]

SmartPhone Users Surfing Without Security

Smartphone Users Surf Sans Security

Despite being aware of the potential risks of mobile Internet use, smartphone owners don't take security seriously.

August 18, 2009 - By Michelle Megna:

Smartphone users say security isn't a critical concern, with a recent survey finding that the majority of smartphone users are more concerned about losing their phone or personal data.

That's in spite of acknowledging the wealth of threats -- ranging from phishing scams to viruses -- that could impact them.

According to a survey conducted by security software firm Trend Micro, 44 percent of mobile phone owners said they believed surfing the Web on a smartphone is just as safe, if not safer, than doing so on their PC.

The report, which polled 1,000 smartphone owners 18 years and older, also found that for smartphone users, losing a phone or contact information and personal data is more alarming to them than infections or phishing schemes.

Furthermore, only 23 percent of smartphone owners use security software already installed on their smartphones, with one out of five respondents saying they don't think installing security software on their phones would be very effective since they feel there's limited risk in smartphone surfing. That's somewhat grim news for firms like Trend Micro, which are promoting their own mobile security software as a defense against mobile threats. Trend Micro, for instance, offers its Trend Smart Surfing application through the iPhone App Store...

Continue Reading


PIN Debit Payments Blog: Trend Micro Revamps Online Threat ...

Aug 03, 2009

3, 2009 -- TrendWatch (www.trendmicro.com/us/trendwatch/index.html ), Trend Micro's online threat resource center, is revamped and refreshed with even more free tools, information, news and advisories, and resources for customers and ...

PIN Debit Payments Blog: The Spider and the Fly (Keep Typing vs ...
Jul 02, 2009

In it's first Focus Report, Trend Micro examines the growth of data-stealing malware, the most dangerous of web threats today. Growth of this threat is unprecedented and you are in exponentially MORE danger today, than when the PIN ...

Reblog this post [with Zemanta]

Follet Selects Thales HSMs for PCI DSS Compliance

Follett Higher Education Group Selects Thales HSMs to Assist with PCI DSS Compliance

New Encryption and Key Management Approach Automates Manual Processes

Stoneham, MA – 18 August 2009: Thales, leader in information systems and communications security, announces that Follett Higher Education Group has selected its encryption and key management solutions. As a result Follett has eliminated time-consuming manual processes for managing encryption keys – a key requirement for compliance under the Payment Card Industry Data Security Standard (PCI DSS).

Follett Higher Education Group sells more than 23 million textbooks annually in stores and online, and operates more than 700 campus bookstores for colleges and universities across the United States. For every transaction the company protects its customers’ personal data from breaches, complying with PCI DSS. Prior to selecting the Thales solution Follett security administrators manually replaced or rotated old encryption keys by hand in order to fulfill one of the PCI DSS requirements.

By installing Thales hardware security modules (HSMs) from the nCipher product line, Follett has substituted time consuming and unreliable manual processes with an automated key management, storage and generation process. Thales HSMs are deployed on a server and safely distribute encryption keys to Follett’s e-commerce and point of sale systems. As a result Follett can rotate encryption keys in a fraction of the time compared with the manual process. Thales HSMs also store the encryption keys in hardware, a best practice for protecting encryption keys.

“With Thales HSMs, we can easily protect, manage, and rotate encryption keys, enabling PCI DSS compliance without the need for expensive manual controls,” said Irwin Gafen, Follett’s director of wholesale and distribution systems. “Our keys are safe from internal and external tampering, safeguarding our encrypted data against theft or manipulation. Our customers’ personal data is protected and we are protected from the potentially high costs of compromised data.”

After evaluating a number of competitive solutions on the market, Follett selected Thales HSMs based on the solution’s flexibility and ease-of-use. Follett also capitalized on Thales’s professional services team, which reviewed the company’s security procedures, policies, and systems. The team then developed an implementation plan that fully supported Follett’s needs and continued PCI DSS compliance.

“The increasingly high standards of regulation and industry best practices require organizations to better protect sensitive data such as customer details and credit card account information, and encryption has emerged as the preferred method for achieving this”, says Serge Dujardin, Vice President Sales for the information systems security activities of Thales. “The Thales nCipher product line delivers a versatile platform that allows companies of all sizes to securely and cost-effectively protect their data and comply with PCI DSS requirements. We are delighted that Follett have chosen Thales HSMs to protect their sensitive customer data.”

About Follett Higher Education Group (www.fheg.follett.com)
Follett Higher Education Group of Oak Brook, Illinois, is the leading provider of bookstore services and the foremost supplier of used books in North America. Follett services five million students and over 400,000 faculty members through more than 700 stores. Follett also services more than 1,600 independent campus stores with its wholesale services, and has the most visited ecommerce collegiate website, efollett.com, that provides services and products through a network of more than 900 campus stores.

Notes to editor
Thales is one of the world leaders in the provision of Information and Communication Systems Security solutions for government, defense, critical infrastructure operators, enterprises and the finance industry. Thales’s unique position in the market is due to its end-to-end security offering spanning the entire value chain in the security domain. The comprehensive offering includes architecture design, security and encryption product development, evaluation and certification preparation and through-life management services.

Thales has forty years of unrivalled track record in protecting information from Sensitive But Unclassified up to Top Secret and a comprehensive portfolio of security products and services, which includes network security products, application security products and secured telephony products.

About Thales
Thales is a global technology leader for the Aerospace, Space, Defence, Security and Transportation markets. In 2008, the company generated revenues of 12.7 billion euros with 68,000 employees in 50 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers as local partners. www.thalesgroup.com


Press Agency

Alexia Ward/Sole Chirco

Tel. +44 (0) 207 608 2500


Liz Harris    


+44 (0)1223 723612     


Reblog this post [with Zemanta]

First American Implements Level 4 PCI DSS Compliance Program

First American Payment Systems Partners with Trustwave to Implement Level 4 PCI DSS Compliance Program

CHICAGO (August 17, 2009) - First American Payment Systems, L.P. ("First American"), one of the fastest growing electronic payments processors in the U.S., has partnered with Trustwave to create a program called PCI Smart in order to help merchants achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS). Trustwave is the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world.

PCI DSS is the payment card industry security requirement for entities that store, process or transmit cardholder data, and has been endorsed by all the major card brands - Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB.

Committed to assisting merchants meet their PCI DSS compliance obligations, PCI Smart will provide First American merchants with access to TrustKeeper®, Trustwave's on-demand compliance management solution. TrustKeeper provides the automated tools necessary to support on-going compliance such as quarterly network vulnerability scans. Merchants will also have access to online tools and, in many cases, advanced technology for system monitoring.

To better assist First American merchants in their compliance efforts, PCI Smart will also provide merchants with access to Trustwave's PCI Assistant, an on-demand online video tutorial. PCI Assistant will help guide merchants through general cardholder data security, the PCI DSS and how to comply with the PCI DSS. Compliance support services are also available for those businesses requiring additional guidance to become PCI DSS compliant.

"Many merchants do not have the resources or technological background to manage compliance efforts on their own," said Neil L. Randel, Chairman and CEO of First American. "This partnership will provide our merchants the guidance and expertise necessary to validate PCI DSS compliance."

"Our statistics show that card-present merchants represent the largest percentage of compromised merchants in North America," says Robert J. McCullen, Chairman and CEO of Trustwave. "Trustwave's technology will help merchants manage their compliance efforts and secure their network environment."

About First American
First American Payment Systems, L.P. is a rapidly growing merchant acquirer that provides comprehensive electronic transaction processing services for more than 90,000 merchants throughout the United States. In addition to credit, debit and EBT card processing, First American also offers a complete line of proprietary products and services including Secur-Chex® check services, FirstAdvantage® gift cards, FirstPay.Net™ e-commerce solutions, FirstFund® ACH software, Govolution® government e-payments, national ATM sales, and Merimac Capital® point-of-sale equipment and ATM leasing. For more information, visit www.first-american.net.

About Trustwave
Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations—ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com

Reblog this post [with Zemanta]

Web Insecurity Part Deaux (Don't...Trust It)

Trust No One

The Internet is like the Wild West. It used to be that you could protect yourself from the vast majority of malicious software and other Internet security threats by simply watching the sites you visited. Going to ‘freepiratedsoftware.com’ could very likely end up infecting or compromising your system while a site like Amazon.com, or CNN.com could be trusted.

That no longer seems to be the case.

Trusted, legitimate sites are
being compromised more frequently resulting in users unwittingly
downloading malicious software and infecting their computers.

One of
the most recent cases was the site of a major British music producer being compromised for a few days before having the malicious software removed.

What does that mean to you? Well, mainly it means that you can trust
no one absolutely
. Certainly your odds of being compromised or infected
while visiting a major, legitimate web site are significantly smaller
than if you were to visit a site like ‘freepiratedsoftware.com’, but
the burden of watching your back and protecting your data falls
on….well, you.

Tony Bradley is an information security and unified
communications expert with more than a decade of enterprise IT
experience. He tweets as
and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

Editor's Note:  The fly is to the spider what credit and debit card data is to the hacker.  Not coincidentally, they both use the web to capture their prey.  I'm glad that word is finally starting to get out
that the web cannot be trusted.  Not even (sic) "trusted/legitimate
sites.  Not even for a second. 

What does this mean?  It means that
HomeATM's approach to an E-Commerce E-Cosystem was "spot on."  Myriad
attacks designed to steal your financial data have cropped up over the
last 6 months and flaws in browsers
cannot prevent these "types" of attacks from occurring.  You can focus on "detection" but you cannot prevent it.

I was going to say that  it will get worse before it gets better, but the fact is it won't get better...it'll just get worse. 

then, one day, everyone will see what I've been espousing for 17 months
on this blog.  The web is not safe and in order to conduct secure
financial transactions, they MUST be done outside the browser space. 
Plain and simply put, a browser cannot be secured.  Not with https, SSL
or even
EV SSL, which was exposed as "not being spoof proof" at the recent BlackHat conference a couple weeks back. 

anyone else noticed that the focus has gone from "PREVENTION" to
"DETECTION?"  Want detection?  I detect that "typing" is the "cause"
and the "effect" is hacking. 
Eliminate TYPING and you'll
eliminate the effect is has on financial fraud because pick and pecking your credit
or debit card data into a box at a merchant checkout website is exactly
the "type" of behavior hackers love.  

Reblog this post [with Zemanta]

VerifySmart Corporation Solves $56 Billion World Wide Problem

VerifySmart(TM) Corp. solves the consumer and merchant credit/debit card fraud that has reached world wide epic proportions

Editor's Note:  They solved it?  They wiped out credit and debit card fraud?  All $56 Billion dollars worth?  Congrats! 


Taguig, Metro Manila, Philippines, Aug. 18, 2009--VerifySmart(TM) Corp. (VSMR: OTCBB): VerifySmart(TM) (VSC), a global leader in secure and fraud free payment processing services, is pleased to announce the launch of its integrated and highly scalable e-commerce system along with its enhanced website.


Globally, the number of payment transactions and money transfers conducted online, electronically, or through Credit/Debit cards has increased dramatically in a very few short years. In 2008, in excess of $10 Trillion was exchanged in various electronic forms across the world.

The credit/debit card technology that has been introduced in the last decade was developed to allow consumers the ease of purchases and transfers online. With the increase of electronic transactions, the instances of fraud have increased exponentially. Until now, there has been little effort made towards security, resulting in an ever increasing problem of ID theft and Credit/Debit card fraud that has reached in excess of $56 Billion annually.


As an industry leader, VerifySmart(TM) Corp. has spent four years and millions of dollars to develop and is now marketing a solution to combat the problem that technology created. Our patent pending (PCT Approved) technology has been filed in 29 Countries based on strategic importance and wireless penetration rate.

The software operates through the use of a cellular phone for secured verification of monetary transactions. VerifySmart(TM) Corp. technology notifies the cardholder of the purchase through the cellular phone and empowers the cardholder to approve or decline his/her purchase. The result is a guaranteed transaction and acceptance providing safety and security for the cardholder and merchant, a first in the industry and providing a level of security unprecedented in other Credit/Debit cards.

Our industry changing transaction services model is non-invasive (requires no system changes) with instant identity verification that is inexpensive to implement and simple to use. The software has been developed to include debit card purchases, internet purchases, ATMs, passport, money transfers, remittances and mortgage verification.

An industry and global first, Verify Transfer is a suite of services that offers the following Transaction and Authentication based features:

  • Seamlessly integrated with VSC's VeriSmart Card and VerifyNGo two
    factor authentication

  • Provides virtual bank functionality and allows merchants full fund
    management control

  • Merchants can issue and assign VeriSmart Cards to end users and load
    cards anytime, anywhere electronically (completely secured). Typical
    use includes payroll services and transactional fund disbursement in
    real time.

  • Ability to garner interest in new markets via the foreign exchange
    module which enables merchants and end users a full view of their
    account balance and transaction history in two currencies

  • Access to a full reporting and record management system allowing
    complete visibility of individual customer transaction history and
    macro roll up reports

  • Unrivalled merchant and end user peace of mind enabled by utilizing
    the patent-pending VerifyNGo two factor authentication to complete
    funds transferred


VerifySmart Corp. has designed and developed a Proprietary Hardware/Software Solution that solves Credit/Debit Card fraud by using a proprietary two Factor Authentication.

The Company's Core Technology is designed to meet the needs of the Security challenged Transaction Processing Industry. Present day solutions, such as Verified by Visa, Chip and Pin and CVV Code (all of which can be compromised) have not reduced payment card fraud by any significant factor.

The VerifySmart solution has reduced fraud to zero in earlier production pilots. The Company's proven and highly scalable solution is gaining worldwide attention and placing VerifySmart at the forefront of the fraud prevention revolution.

Source: Company press release.

Reblog this post [with Zemanta]

Latest Quarterly E-Commerce Report

Yesterday, the Department of Commerce released their Quarterly E-Commerce Report:

Latest Quarterly E-Commerce Report

The 2nd Quarter 2009 Retail E-Commerce Sales Report was released on August 17, 2009, and available as:

Cautious consumer spending had an impact on online sales in the second quarter.Online retail sales in the second quarter
were down 4.5% from Q2 last year, the Department of Commerce reports.
Sales in Q2 2009 were $30.8 billion compared to $32.2 billion a year
ago, on a basis that does not adjust for trading days or price changes.
On an adjusted basis, sales declined 4.4% to $32.4 billion from $33.9
billion a year earlier.

Editor's Note: T
retail sales fell 10.7% on an
adjusted basis. However, almost all of that decline was the result of
falling gasoline prices and the pullback in auto sales. Factoring out
those two areas, the report states that retail sales fell 1.7% in Q2 vs. a year ago. The
Commerce Department reports a plus or minus factor of 2.1% in its
online sales estimate.

Reblog this post [with Zemanta]

Transaction Banking Takes Off

Mid-sized US banks see credit crunch as opportunity for transaction banking growth, according to new survey

A new report from Fundtech summarizes survey results from 80
executives of mid-size US banks. The survey uncovers the bankers’
opinions about the challenges and opportunities they see in the market

Highlights of the survey are as follows :

  • 79% believe that the banking crisis has created growth
    opportunities for mid-sized institutions

  • 37% believe there is
    "unprecedented opportunity" to grow their transaction banking business

  • 50% say their bank is investing more in transaction banking than other technology areas at this time;

  • 75% say that the most effective way to compete in the market today is to extend personalized service and relationships;

  • 75%
    see an increased amount of fraud now versus 12 months ago
    ; 72% have
    increased the amount of resources directed to combating fraud;

  • 61%
    say they are increasing the number of "hard dollar" charges for their
    corporate clients, reducing the number of no-charge services.

    The survey was taken in May at Fundtech's annual Client Conference during a panel discussion that included five senior bankers from: AgriBank (St. Paul, Minn.), First Bank (St. Louis, Mo.), 1st Source Bank (South Bend, Ind.), Frost Bank (Austin, Tex.) and Umpqua Bank (Portland, Ore.).

    The panelists agreed that the first step in building a strategy around service is investing in product functionality that outpaces their competitors. John Baker, SVP of product strategies and treasury management at Umpqua Bank, stressed the importance of being able to offer the latest technology. "Umpqua, which recently won a large loan customer due to its investment in a breadth of treasury management services, is a good example of the ability of a mid-sized bank to compete with larger players by investing in the right technologies," Baker said.

    "This survey clearly shows that there is significant opportunity for small-to-mid size banks to expand their transaction banking business; and that successful banks are expanding the level of personalized service by investing in technologies that encourage relationship-oriented banking," said George Ravich chief marketing officer at Fundtech.

    The full report, including additional survey results, can be downloaded from the Fundtech website at: www.fundtech.com/library in the Reports section.

    About Fundtech

    Fundtech (Nasdaq:FNDT), was founded in 1993, and is a leading provider of software and services to banks of all sizes around the world. Payments systems include wire transfers, ACH origination, cross-border payments and remittance. Cash management systems are designed for large corporate through small business clients. Fundtech operates the world's largest SWIFT service bureau. We offer an extensive line of financial supply chain applications including electronic invoice presentment and supply chain financing. And we are the leading provider of CLS systems to the world's largest banks. More than 1,000 clients throughout the world rely on Fundtech solutions to improve operational efficiency and provide greater competitiveness through innovative business-to-business services. For more information, visit www.fundtech.com.

Reblog this post [with Zemanta]

PaymentOne Raises $7 Million

Looks like the venture capital industry is making some payments industry movement.  Jambool raised $5 million for "virtual" currency (didn't that fall flat on its face with Beenz which turned out to be a fart in the wind?) and another $7 million goes to PaymentOne...

SAN JOSE, CA -- (Marketwire) -- 08/18/09 -- PaymentOne, the leader in alternative payments for digital merchants, today announced it closed a $7 million round of equity and debt financing led by AER Investments LLC.

The new funding will be used to expand and accelerate the organic growth and mobile related product development as well as set the foundation for executing on strategic acquisition targets to complement the company's suite of payment gateway services. The series B round on financing caps a period of strong momentum for the company. Over the past six months the client base has grown by more than 35% and the company has expanded net profit fivefold.

PaymentOne clients have generated over $3 billion dollars of incremental revenue in the last 36 months by using the company's compelling "no credit card required" alternatives. The company's flagship PhoneBill(TM) service allows merchants to have their consumers easily and safely charge fees to landline, broadband and/or mobile phone bills. "The response to our payment services is extraordinary in this market," said Joe Lynam, CEO, PaymentOne. "Growth continues to be fueled by the expanding market of premium digital services, smart mobile devices and the consumers fear and inconvenience of using a credit card for such small ticket items. Factor in the credit card crisis and digital merchants view providing consumers with card alternatives as a must-have versus a nice to have."

AER Investment maintains a portfolio of strong relationships with numerous online and mobile-based merchants, and sees PaymentOne as unique stand alone investment opportunity as well as a strategic fit with their merchant portfolio.

"We're delighted with PaymentOne's success serving some of the world's top brands in a rapidly expanding market," said Warren Rustin, Managing Director, AER. "And, we're very enthusiastic about the growth prospects and the combined merchant value proposition as we integrate our marketing products and expertise with our portfolio partners."

About PaymentOne

PaymentOne Corporation is one of the world's fastest growing
online Payment Services Providers (PSPs). Founded in July 2000,
PaymentOne has pioneered payment and marketing services that connect
digital merchants and network operators and accelerate the adoption of
online content and services by over 25%. Based in Silicon Valley,
PaymentOne has generated over $3 billion in new digital revenue over
the last 36 months for its clients and partners. The company manages a
network of over 1000 telecommunication/broadband providers, mobile
operators and content partners including leading ISPs, BSPs, Telcos,
broadband operators and media companies such as America Online, Sulake
(Habbo), Blizzard Entertainment and Time Inc. The company's flagship
PhoneBill service provides merchants with access to over 220 million
consumers with mobile, broadband and landline accounts.

To learn more about PaymentOne, visit www.PaymentOne.com : or call 800-747-4028.

About AER Investments

AER is a special purpose LLC established to provide growth capital
to a select group of strategically aligned private companies. AER's
current portfolio investments include both early and late stage
companies. The company focuses exclusively on online media, mobile
services and marketing enterprises closely aligned with its core vision
of enabling large-scale consumer adoption of digital media. AER is
headquartered in Boca Raton, Florida. For more information about AER
contact the company at 561-750-5131.

Brad Singer


Email Contact :


Reblog this post [with Zemanta]

The Heartland Hacker is the Hannaford and TJX Hacker?

"Soup Nazi" Charged with 130 More Million Card Swipes

Various news agencies are reporting that Albert Gonzalez, who is known online
as "soupnazi," was indicted with more charges of credit and debit card hacking.  They say he targeted customers of convenience store giant 7-Eleven
Inc. and supermarket chain Hannaford Brothers, Co. Inc.   In addition, they are claiming he also
targeted Heartland Payment Systems, a New Jersey-based card payment
processor.  Gonzalez has been in the police custody since the May of 2008, when he
had been arrested in connection to another prominent data theft at the
Dave & Buster’s restaurant chain, and is presently awaiting his
trial for the case.  I've done several posts on Gonzalez...search the HomeATM Blog for "Hackers 11" to read past posts.

According to reports, on Monday, federal prosecutors have charged Gonzalez in the theft of 130 million  credit and debit card numbers. The "soup nazi" has been indicted with the highest number of credit/debit card theft in the history of the United States.  He also held the previous record with the 40 million stolen from TJX.

It is estimated that "he swiped" about 130 million accounts; this amount adds in to the previous pile of 40 million that he had already stolen. Two other unnamed Russian assailants are being sought in the case, but it is clearly Gonzalez, who is the mastermind behind the entire swiping operations.

to the indictment, Gonazalez and his two Russian co-conspirators would
hack into corporate computer networks and secretly place "malware," or
malicious software, that would allow them backdoor access to the
networks later to steal data.  With the TJX breached they used a method called "wardriving."  (see Wardriving 101)

After they stole the data, an unspecified amount of the stolen credit/ debit card numbers were sold online. Some of the cards were also used to make a number of unauthorized purchases and withdrawals from banks. The complete indictment has been filed in the United States District Court in Newark.

Here's more from the Wall Street Journal:

Arrest in Epic Cyber Swindle 

[Photo of albert gonzalez released to wired.com by secret service]A 28-year-old American, believed by prosecutors to be one of the nation's
cybercrime kingpins, was indicted Monday along with two Russian accomplices on
charges that they carried out the largest hacking and identity-theft caper in
U.S. history.

Federal prosecutors alleged the three masterminded a global scheme to steal
data from more than 130 million credit and debit cards by hacking into the
computer systems of five major companies, including Hannaford Bros.
supermarkets, 7-Eleven
and Heartland Payment Systems Inc., a credit-card processing company.

U.S. Secret Service courtesy of wired.com

Photo of Albert Gonzalez released to wired.com by Secret

The indictment in federal district court in New Jersey marks the latest and largest in at least five years of crime that has brought its alleged orchestrator, Albert Gonzalez of Miami, in and out of federal grasp. Detained in 2003, Mr. Gonzalez was briefly an informant to the Secret Service before he allegedly returned to commit even bolder crimes.

Authorities have previously alleged that Mr. Gonzalez was the ringleader of a data breach that siphoned off more than 40 million credit-card numbers from TJX Cos. and others in recent years, costing the parent company of the TJ Maxx retail chain about $200 million.

Mr. Gonzalez is in federal custody in Brooklyn, N.Y., awaiting trial for alleged efforts to hack into the network of the national restaurant chain Dave & Buster's Inc. He also faces charges in Boston in the TJX matter.

The alleged thefts in Monday's indictment took place from October 2006 to May 2008.

Mr. Gonzalez is "a very important player in a sophisticated ring that has real results at the street level of bank, retail, debit- and credit-card fraud," said Seth Kosto, an assistant U.S. attorney in New Jersey who specializes in computer fraud.


Reblog this post [with Zemanta]

Disqus for ePayment News