Thursday, September 17, 2009

CNNMoney.com Takes a Look at Cybercrime





CNN Money.com has a great article on Cybercrime today.  Did you know that the number of NEW Web Security Threats Tripled this year? 



Yup...we are now looking at a mere 1.7 Million Threats. 
Let me put that in perspective for you...



If I were to do a unique post on each threat...assuming each post took 30 minutes...and assuming I worked 12 hours a day...7 days a week for 365 days a year...it would take me a mere 194 years before I was done.  (that would be me...pictured on the right...years before completion)



Put another way, if I actually had started this project on September 17th, 1815, I still would not be finished.  (What's that?  Oh...you are correct...I would've been done on September 17th 1815...considering the number of Web threats I would have needed to post about back then, but you get my drift) 



So don't be looking for me to even start...not gonna duet..not even one.  After all, it''s a hellava lot easier to surmise all 1.7 million threats with just one post, in "three simple words"..."








Don't Type...Swipe!



Here are a couple of excerpts...starting with a basic warning.  By the way, I wish the media would start calling "Enter" "Type"!  Don't Enter...Swipe! doesn't rhyme...





"Cybercriminals can see what you enter (TYPE!)

on your screen and steal your credit card information or bank account information."








Cybercrime: A (not so) secret underground economy





Cybercriminals are making a killing off of stolen identities, creating their own market for

buying and selling credit card and bank account information on the cheap.






Cybercrime has become a rapidly growing underground business built by savvy criminals, who buy and sell valuable stolen financial information from millions of unsuspecting Internet users every year in an on online black market.





"Most cybercriminals are very, very interested in financial gain by compromising customer accounts," said FBI special agent Austin Berglas, who supervises the Bureau's New York Internet crimes squad. "Believe it or not, there are people who fall victim to their scams, and we see it every day."





Because cybercriminals are so skilled at hacking into thousands of computers every day, the crime is potentially a billion-dollar business. If every stolen credit card and bank account had been wiped clean last year, that would have netted cybercriminals some $8 billion, according to data from Symantec, maker of the Norton antivirus software.

As a result of the lucrative payout, more and more online criminals are entering the game. In fact, the number of new Internet security threats rose nearly three-fold last year to 1.7 million.



Those cyber attacks mostly come from malware, or malicious software, that hands control of your computer, and anything on it or entered into it, over to the bad guys without you even knowing it. The most common forms of malware
include keystroke logging, spyware, viruses, worms and Trojan horses.







"Credit cards and bank account information made up 51% of the goods advertised on the underground economy last year, up from 38% in 2007. Credit cards are most popular because they're the cheapest stolen commodity."



Security software also helps, but it far from solves the problem. To avoid detection, many cybercriminals will send out just a handful of viruses before modifying the code and sending it out again.




"The truth is that 'fingerprint' security technology is no longer effective," said Rowan Trollope, senior vice president of product development at Symantec. "The bad guys that got involved are organized professionals, and they figured out how to get around our technology."




Editor's Note:  For those who have may have been thinking all along that I've been blowing this out of proportion (the fact that the web is not safe for financial transactions unless done "outside the browser space" and "instantaneously encrypted) " I've got three things to say to you.  "Don't Type"...Swipe.  (or if you are a member of the media) "Do Not Enter!" 



I assure you I'm not blowing this out of proportion.  I'm coming from help here.  In fact, I'd give you the "shirt off my back" to help you understand how unsafe it is to enter/type your card numbers into a box on a merchant's checkout...





What size do you need?

















Reblog this post [with Zemanta]

The Battle Has Needlessly Begun and Congress is Ready to Screw it Up!

Retailers, Banks Battle Over Credit Card Fees - washingtonpost.com
The battle is on. In one corner we've got a tag team consisting of the National Association of Convenience Stores, the National Retail Federation and the Merchants Payments Coalition who all seam to be "teeming" with anger.

In the other corner, you've got the infamous Dynamic Du(opoly).

Unfortunately, the referee of this bout is the Government Accountability Office.

I say both sides should team together and kick the referee out of the ring. When the bell sounds consumers can decide who the winner is.

My personal belief is that once Congress steps in, everyone will lose. The Tag Team, Teh Dynamic Duo(poly) and the Consumers. Seems to be their history. Lose Lose Lose situations always occur when the Con(gress)Man gets involved.

I say: "Let the people decide!" If consumers want to pay with their credit/debit card let them pay with their credit/debit card. If they want to pay with cash, let them pay with cash. If retailers want to offer a discount for cash, let them offer a discount for cash. It's called free will and it's called free enterprise.

Earlier I posted a press release from Visa stating that, "By a 2-to-1 margin, consumers say retailers should pay the cost of accepting credit and debit cards."

If the study is indeed accurate, then the solution is simple. Let the "TWO PEOPLE" pay with their credit and debit cards and let the "OTHER ONE" pay with cash. Everybody wins!
Who needs the (insert expletive here) con(gress)man or a congressional committee wasting hundreds of thousands, if not millions of tax-payer dollars, doing a study to determine which cry baby gets the bottle?

It's not really difficult to solve (unless of course, government sticks their noses into it...if they do, I say to both Visa/MasterCard and the Retailers...take a lesson from Mike Tyson...bite it off!) You 'ear what I'm sayin'?

Let's just KISS (keep it simple stupid) and Make Up. Both sides should agree to let the consumers decide how they want to pay. Both sides should agree to let the merchants decide if they want to discount the price to save on interchange. But by all means, let's try and keep the government out of this. Involving them is as stupid as typing your credit card or debit card numbers into a box on a website...


Retailers Battle Credit Card Fees - Banks Say Interchange Charges Are Fair
A battle is brewing over the processing fees that banks charge merchants each time a customer uses a credit or debit card.

Congress is considering three bills that would regulate the so-called interchange fees -- which generally amount to 1 to 2 percent of a total sale and totaled $48 billion in 2008. Meanwhile, the Government Accountability Office is doing a study of the fees, (oh please...let the people decide!) as required by a law signed by President Obama in May that bans many unfair credit card industry practices.


Merchants across the country and the card industry are waging a fight for public support. The merchants say the fees are excessive and eat into their already small profit margins, forcing them to pass on the cost to consumers. The card issuers say they are providing merchants a much-needed service as more Americans choose to pay for their purchases with plastic.

Both sides have created YouTube videos, bought newspaper ads and released studies to prove their points. Large national chains such as 7-Eleven have embarked on petition drives.

The Merchants Payments Coalition will release a study on Thursday of how European countries, Canada and New Zealand handle interchange fees. Merchants in those countries generally pay lower interchange fees. (Editor's Note: here's the PDF version of the Study)

The study found that if American merchants paid the same swipe fees as those in Australia the past four years, the net savings would total $125 billion. Editor's Question: In whose pocket did that $125 billion go? I don't need a study to tell you it wasn't the consumers...

Again...let the people decide.

Continue Reading at the Washington Post


Reblog this post [with Zemanta]

Web 2.0 Targeted by 2.0 out of 3.0 Hackers

Here's some more on the Websense Internet Security Report...



"Security software vendor Websense claims 95 percent of user-generated comments on blogs and message boards are either spam or contain malicious code."  (Editor's Note:  Please leave 5% of your comment below)


Social networking and user-generated content sites have become a haven for spam, spyware and phishers, according to the latest Internet security report from San Diego, Calif.-based security software maker Websense.



The report found that 95 percent of user-generated comments on blogs, message boards and chatrooms are either spam or malicious. Websense's Threat Seeker network scanned more than 40 million Web sites and 10 million e-mails every hour over the past six months to compile its research report. 
Reblog this post [with Zemanta]

ISTS Worldwide Press Release

Thanks to ISTS for following the PIN Payments News Blog on Twitter





Hi, PIN Payments News Blog.

ISTS Worldwide, Inc. (RETAILPAYMENTS) is now following your tweets on Twitter.

Fremont, Calif., Sept. 17, 2009 -PIN Payments News Blog- ISTS Worldwide Inc, a leading technology consulting organization, specializing in consumer and card processing systems, announces that it will extend its use of the Microsoft technology stack to deliver innovative payment processing solutions based on SQL Server 2008 and BizTalk Server 2009. The new solutions will provide ISTS customers with leading applications for payment switching, authorization, settlement, card-issuing and reporting. The ISTS solution competency also extends to gift and prepaid cards, loyalty, mobile payments, enrollment applications, promotions at POS, ecommerce and the mobile channels.



“At ISTS we seek to offer a fully integrated solution framework offering and believe that the advanced integration capabilities of BizTalk Server will provide the required interoperability and support for industry standards on a cost effective platform for our clients,” said Mustafa Shehabi, Sr. VP Sales & Marketing at ISTS Worldwide, Inc.



“At a time of cost-cutting and IT consolidation, the breadth of our platform and the commitment of ISTS and other payments technology leaders make Microsoft uniquely able to quickly enable participants in the payments value chain by connecting systems that drive new operational efficiencies and innovative customer experiences,” said Susan Hauser, vice president, Worldwide Financial Services, Microsoft.



Sequoia Retail Systems – an independent provider of point of sale, inventory control, mobility and ecommerce solutions for higher education institutions, contracted ISTS to implement a secure, token-based ecommerce application known as “ePOS”. The completion of this project means that its customers are assured of the highest level of security for all transactions on their site. The solution is based on Microsoft .NET 3.0 infrastructure



Sequoia CEO Jim Zaorski states, that while he appreciates the efforts of ISTS, “it is what I have come to expect from them in terms of their analytical, design, programming, and QA functions. In our view ISTS occupies a unique position among offshore contactors, they bring many years of experience focused entirely on payment and retail applications to any project on day one. Their experience with some of the largest players in the industry often make them a superior alternative to our own in house and off shore teams in terms of experience, price, and performance."



“ISTS and Microsoft will continue to partner to bring innovation in the world of consumer payments – innovation here is stifled because of legacy and archaic technology – ISTS sees a huge opportunity to extend Microsoft’s core platforms to influence back office and consumer facing applications for large and small customers alike,” said Viren Rana – CEO of ISTS Worldwide.



Source: Company press release.




Reblog this post [with Zemanta]

Introducting Google Internet Stats

Google Internet Stats



Google Internet Stats

Welcome to our collection of the latest Internet stats

This Google resource brings together the latest industry facts and insights. These have been collected from a number of third party sources covering a range of topics from macroscopic economic and media trends to how consumer behaviour and technology are changing over time.





Reblog this post [with Zemanta]

Heartland Named to Bank Technology News "FutureNow" List



Princeton, N.J., Sept. 17, 2009 -PIN Payments News Blog- Bank Technology News ranked Heartland Payment Systems(R) (NYSE: HPY), one of the nation's largest payments processors, as the #1 innovator in The FutureNow List, acknowledging the company for its work to further secure its systems and the payments ecosystem with end-to-end encryption. Heartland's new E3TM end-to-end encryption solution was described as "this year's biggest security invention."



Heartland's E3technology is being designed to safeguard cardholder data at rest and in motion throughout the lifecycle of payments transactions from the moment of card swipe ... to and through the payment processor's network ... and to the card brands.



According to the magazine, the company's E3 solution "has the greatest potential of any new product to impact the security of America's financial system in the coming year. And by bringing it to market just about seven months after the company announced the discovery of its massive data breach, Heartland wins kudos for reacting expeditiously to both save the company and set a standard for the rest of the industry to follow."



The FutureNow List is an annual security innovation ranking. It recognizes 10 companies that set themselves apart with their security innovations and the contributions these products will make to improving security within financial services organizations. Heartland was the only payments processor to make the list.



"We are honored to receive this acknowledgement from Bank Technology News in recognition of our E3 end-to-end encryption solution," said Bob Carr, Heartland's chairman and chief executive officer. "Our goal is to provide a secure and compelling solution that protects cardholders and merchants from the growing threat of cyber crime."



For more information on E3, visit E3secure.com.



Bank Technology News' FutureNow List ranking is available at: http://www.americanbanker.com/btn_issues/22_9/the-futurenow-list-1001433-1.html



About Heartland Payment Systems



Heartland Payment Systems (NYSE: HPY), the 5th largest payments processor in the United States, delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide. Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. For more information, please visit HeartlandPaymentSystems.com, MerchantBillOfRights.com and CostOfABurger.com.



Source: Company press release.



Reblog this post [with Zemanta]

NCR is First ATM Manufacturer to Receive PA-DSS Certification



NCR APTRA™ software meets requirements to protect sensitive customer data on ATMs



DULUTH, Ga. – NCR Corporation (NYSE: NCR), the global leader in ATM security, is the first ATM manufacturer to receive PA-DSS certification from the PCI Security Council. PA-DSS is a comprehensive standard intended to help organizations proactively protect customer account data, through requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.



According to PCI, the goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store sensitive data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements.



he latest version of NCR APTRA Advance NDC has been certified by PCI. APTRA Advance NDC makes it possible to drive a single application across multiple vendors’ hardware in NDC host environments. Providing many transactions “out of the box” as well as a platform for the rapid deployment of new functionality, APTRA Advance NDC drives transactions on more than 150,000 ATMs for more than 2,000 customers, making it the most popular self-service software in the world.


NCR also was the first ATM manufacturer to receive EMV certification.



“At NCR, ATM security is one of the pillars of our business, and we are committed to being at the forefront of the industry in order to protect the privacy and data of our customers and the consumers they serve,” said Michael O’Laughlin, general manager, NCR Financial Services. “More financial institutions turn to APTRA to run their ATMs than any other software, so it is critical that we work closely with PCI to certify this mission-critical software for PA-DSS compliance.”



NCR is a leading provider of hardware and software security solutions for ATMs. Among NCR’s ATM security portfolio:



NCR has sold more than 50,000 licenses of Solidcore for APTRA™, the only proven security solution to preserve system integrity and prevent malware on ATMs.



NCR’s latest family of ATMs, NCR SelfServ, is the first to introduce a protected USB architecture that is self-contained within the ATM, helping mitigate the risk of fraudulent connection of unauthorized USB devices.



Fraudulent Device Inhibitor (FDI) is an external illuminated hardware feature or kit that makes it difficult for criminals to attach foreign devices on or around an NCR ATM card reader.



Intelligent Fraud Detection (IFD) is a unique approach to countering ATM fraud. Designed to be flexible, NCR IFD can detect a variety of fraudulent devices that criminals may attempt to add to the ATM fascia. The deployer receives an instant alert as soon as a fraudulent device has been added to the ATM, even before any fraud has taken place.



About NCR Corporation

NCR Corporation (NYSE: NCR) is a global technology company leading how the world connects, interacts and transacts with business. NCR’s assisted- and self-service solutions and comprehensive support services address the needs of retail, financial, travel, healthcare, hospitality, entertainment, gaming and public sector organizations in more than 100 countries. NCR (www.ncr.com) is headquartered in Duluth, Georgia.



# # #



NCR is a trademark of NCR Corporation in the United States and other countries.

67% of Banks Say Fraud Losses Have Grown Over Past Year



Latest research from Norkom Technologies exposes banks’ increased vulnerability to fraud and diminished ability to prevent it



Dublin, Ireland -
250 financial crime professionals working in banks across the globe say measures taken by their organizations to reduce costs in the wake of last year’s financial crisis are leaving them and their customers increasingly vulnerable to criminal attack.

Respondents in Norkom’s annual survey of financial crime fighting activities in the world’s banks, say that cuts to their own departmental spending plans are weakening their ability to keep pace with a rising tide of criminal attack and that general cost cutting across their businesses is further weakening the banks’ defenses.

  • 71% of respondents say fraud attacks against their business have increased over the past year and it’s clear that, not only the number, but the severity of attacks is rising.



  • 67% say their financial losses to fraud have grown over the same period.  For almost a quarter (22%) that growth has been greater than one-fifth. 

At the same time, around a third have seen their financial crime prevention budgets reduced.  For some, those cuts have been dramatic. 12% say they’ve lost a quarter of their anti-money laundering (AML) budget.  The figure is only slightly lower for fraud at 9%. 50% agree that general cost-cutting across their organizations is weakening their defenses.

david_dixon

“It’s ironic that the very actions banks are taking to shore up their damaged finances may sabotage their chances of recovery,” says David Dixon, Norkom’s Director of Global Solutions. “However, we do see a path out of the dilemma. There is clear evidence that advanced crime fighting approaches, underpinned by consolidated technologies, can reduce fraud losses and, simultaneously, reduce operating costs in crime fighting departments.”



Last year’s research revealed that 64% of organizations had reduced operating costs by up to 30% by using consolidated crime fighting technologies.  66% also said their ability to detect crime had improved by up to 40%.  This year’s research reinforces those findings.  79% of respondents using a consolidated technology approach said that it had allowed them to improve their ‘percentage of fraud detected’ performance (the amount of fraud detected and prevented as a proportion of total fraud reported to them by their customers).  63% have also seen their operating costs decrease.



There is clear evidence, too, that technology can help in another way, directly in relation to fraud. 56% of all companies using common case and workflow management tools within their fraud technology solutions are achieving dramatic reductions in their fraud losses, thanks to the ability it gives them to take action quickly to stop crime in its tracks.



“In the final analysis, two lessons emerge from this research,” says Dixon. "First, that attempts to save money by cutting financial crime budgets are likely to be counter-productive. Second, that fraud losses can be reduced through the use of consolidating technologies which, in turn, allow business processes to be streamlined. So, if the twin imperatives are to cut losses and stem costs, there’s good news on both fronts.”

Norkom_whitepaper

42% of respondents say they now have a single software solution – deployed enterprise-wide – to detect and investigate AML; 17%, for fraud.  48% of the remainder have deployed an overarching technology that consolidates information from their different detection systems in order to enhance investigation management. A further 30% plan to implement such technology within the next 12 to 24 months.



For your free copy of Norkom’s research whitepaper, ‘
Fighting crime – defending the bottom line’, log onto www.norkom.com/press/whitepapers.html.



NOTES FOR EDITORS


Research methodology

This report is based upon original research conducted among senior executives from a representative sample of international financial services organizations.  The respondent group covered the full spectrum of financial services companies including retail banks, commercial banks and integrated financial services companies.  41% of the organizations polled had assets between US$10 billion and US$500 billion, while 12% had assets over US$500 billion.



About Norkom Technologies (
www.norkom.com)

Norkom Technologies (AIM: NORK.L, IEX: NORK.IE) enables financial organizations to take intelligent action, control defenses, and evolve strategies against fraud, money laundering, and other types of financial crime. By combining a unique investigative technology platform with deep domain expertise, Norkom has established a solid track record of reducing financial losses, protecting users’ reputations, improving operational efficiencies and lowering the cost of information technology.



For more information, please contact:


Fiona McLoughlin, Marketing Manager

T:                +35318739612       





Reblog this post [with Zemanta]

Credit Card Launced by Mobile Network Operator

Credit card launched by mobile network operator



Mobile network operator mobilkom austria has launched a credit card,
in conjunction with its wholly-owned bank and Visa Europe, that provides a range of mobile services.



The A1 Visa card is issued by Al Bank – mobilkom austria’s own bank – and enables users to collect points for a new A1 mobile phone, as well as providing transaction confirmation and answering queries via SMS. This means that after each transaction, cardholders receive a text message showing the amount and the receiver of the payment. In addition, A1 Visa cardholders are entitled to a mobile insurance package.



Hannes Ametsreiter, CEO of mobilkom austria and Telekom Austria, said the mobile network operator is the first player to offer its clients a combination of a classic finance product and mobile services.



Kurt Tojner, country manager for Visa Europe Austria, said: “We are happy to offer an innovative payment solution in co-operation with A1 that will provide users with a combination of mobile communication services and the large Visa retail network. This will open up the way to the development of mobile payment solutions, such as the use of Visa’s payWave wireless technology.”



Ametsreiter added that the co-operation between mobilkom austria and Visa Europe opens up many opportunities for new synergies. “The next step could be to integrate the A1 Visa card into the next generation of NFC-enabled mobile phones, thus creating a wireless payment method. The result will be an entirely new form of safe and convenient cashless mobile payment,” said Ametsreiter.











Issue: 2009/16

Date: 17 Sep 2009



Reblog this post [with Zemanta]

How SSL Encrypted Web Connections Are Intercepted




September 17, 2009 Published by  SearchSecurity.com





Threat Monitor



SearchSecurity.com















How SSL-encrypted Web connections are intercepted

Sherri Davidoff, Contributor



Encrypted Web connections are routinely intercepted by enterprises for legitimate reasons. Unfortunately, attackers can use the same methods for tapping into "secure" connections, most often because of endpoint weaknesses.



In this tip, we'll examine how enterprises and attackers intercept Web connections that are encrypted using the Transport Layer Security (TLS) protocol or its predecessor, the Secure Sockets Layer (SSL) protocol.

Read more

Reblog this post [with Zemanta]

Webinar: Global Payments Study Reveals Need for Increased Connectivity










webinar header

AvantGardBanner




COMPLIMENTARY WEBINAR







Global Payments Study Reveals Requirements for Increased Connectivity Between Suppliers, Buyers, Banks and Other Trading Partners



Guest Speakers:

Laurie McCulley, Principal, Treasury Strategies



Martin Bina, Treasury Operations Manager,

European Shared Services, Caterpillar, Inc.






btn_register








Many corporations are challenged by lack of infrastructure to support routing and approval of payments.  As a result, many corporations still operate off of spreadsheets in a highly manual environment.  This causes poor visibility to cash out-flows, high operational costs and risk of fraud.  Compounding these challenges, many companies also rely on a fragmented array of systems for bank and enterprise connectivity.

According to a recent SunGard AvantGard sponsored study, 30% of corporations in the 5B+ category are managing with 21 or more cash management banks. Additionally, 40% report that they are operating with 11 or more payment initiation systems, and 25% of the total have more than 21 systems.

Core to a successful payments strategy is the value that can be generated for trading partners when true collaboration and connectivity is created.  The value is in gaining data transparency, efficiency and networking across the financial supply chain and the ability to accelerate the velocity of free cash flow. 

Register Now to attend this complimentary webinar to learn how streamlining connectivity and consolidating data can help reduce friction and attain visibility across the EcoSystem of buyers, suppliers and other trading partners which can help facilitate supply chain finance and uncover hidden cash and opportunities.  Learn how advancements in bank and enterprise connectivity are helping set the stage for the future of supply chain finance.
Webinar Topics:



  • Overview of Key Findings



  • Bank Communication



  • The Role of SWIFT, SEPA,

    Payment Factories



  • Best Practices from Caterpillar





Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals



CTP-color-small


Webinar Details:



Date:
October 1, 2009



Time: 11:00 AM EST



Approximate Duration: 1 hour





btn_register







Guest Speakers:



Laurie McCulley, Principal, Treasury Strategies



McCulleyLaurie



Martin Bina, Treasury Operations Manager, European Shared Services, Caterpillar, Inc.



Martin+Binasmall 


Disqus for ePayment News