Friday, September 18, 2009

"Chat in the Middle" Phishing Attack





Online Banking just became even more dangerous than it already was with new phishing attack...

"Chat-in-the-Middle" Phishing Attack Attempts to Steal Consumers' Data via Bogus Live-Chat Support





A new, unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab. RSA has coined this as a "Chat-in-the-Middle" phishing attack and it is first executed through routine means but then presents a more advanced layer of perpetrating online fraud. The phishing attack may dupe bank customers into entering their usernames and passwords into an ordinary phishing site but the addition of a bogus live chat support window can obtain even more credentials via a live chat session initiated by fraudsters.



During the live chat session, the fraudster behind the attack presents himself as a representative of the bank's fraud department and attempts to dupe customers who are online into divulging sensitive information - such as answers to secret questions that are used for online customer authentication. This attack is currently targeting a single U.S.-based financial institution.





Upon detecting the attack RSA immediately informed the affected financial institution and commenced a standard phishing attack shut-down procedure through the RSA Anti-Fraud Command Center and its RSA FraudAction service. (RSA cannot identify this bank in order to protect its security and privacy.) The attack is hosted on a well-known fast flux network for "hire" from fraudster to fraudster, which hosts a wealth of malicious websites such as phishing attacks,

Trojans infection points, mule recruitment websites, and more.



The Design of the Attack


The phishing attack starts out as a normal phishing website that prompts customers for their usernames and passwords. Usually at this point, after providing access credentials, phishing victims are redirected either to the next page (or pages) of the phishing website or to the genuine bank website. However, this attack proceeds with a new, advanced technique for obtaining additional information on victims – instead of being redirected to the next page of the phishing kit or the genuine site, a fake live-chat support window appears launched by the fraudster as part of the attack .





Continue Reading 







Reblog this post [with Zemanta]

53% of German Companies Victim of Breach over Last 12 Months



PGP Corporation announced the results from The Ponemon Institute's third annual study on encryption usage in the enterprise - The 2009 Annual Study: German Enterprise Encryption Trends.



This year's study surveyed 490 IT and security practitioners, 27 percent of whom hold positions at managerial level or higher, and identifies the trends in enterprise encryption planning strategies, budgeting and spending, deployment methodologies and impact on data breach incidents.



The fundamental conclusion on the basis of study participants' responses is that data protection is a significant problem in Germany.





Fifty-three percent of all companies and organisations suffered at least one instance of data loss during the past twelve months, representing an increase of over 55 percent on the figure for 2008 (click graphic on left to enlarge)



Continue Reading at Help Net Security



Click Here to Download the Report



Reblog this post [with Zemanta]


Ebay Pushes EU to Change Competition Laws

ecommerce and shopping cart newsSeptember 17, 2009

By the ZippyCart Shopping Carts Content Team



Ebay wants to grow their market share in the European Union and, in an effort to help improve the laws to help them sell online, they had 750,000 Ebay users sign a petition. The petition handed to the European Parliament urges the government to reform the laws to prevent companies from blocking online sales.



Companies like Ebay and Amazon really want to expand their business operations into the European market, but these laws are preventing them from selling many brands via their online ecommerce stores.

The law in question, which Ebay feels is unjust, allows luxury goods manufacturers to decide who they want to sell their products online. The petition Ebay submitted says manufacturers should not be able to "insist that Internet retailers must have an offline retail store before they can sell online".



Continue Reading


Reblog this post [with Zemanta]

Splash and MoreMagic Solutions Offer Mobile Money Transfer in Sierra Leone











Available for Zain and Africell Mobile Phones; First Mobile Money Service in Sierra Leone



Freetown, Sierra Leone; Newton, MA, US, September 18, 2009 - PIN Payments News Blog: Splash Mobile Money Limited ("Splash"), a leading mobile payment system provider, and MoreMagic Solutions, a leading mobile transactions provider, announced today the availability of Sierra Leone’s first mobile money transfer system, enabled by MoreMagic Solutions industry-leading MWallet platform. Splash customers in Sierra Leone can now send money using just the mobile phone, quickly, easily, cheaply and without any requirement to have a bank account.



Splash customers use the service by visiting a Splash agent location, including branches of GT Bank. Customers transfer money by completing a free registration, purchasing SplashCash™ and sending it by text to any Zain or Africell mobile phone. The recipient then exchanges the SplashCash™ for cash at any agent location. Agents are currently concentrated in Freetown, Bo, and Makeni, with many more locations due to open throughout Sierra Leone before the end of the year.



"Splash promises to provide access to basic financial services to many Sierra Leoneans for the first time," said Ben Farren, Director of Splash. "Unbanked customers can now send money across the Country at the touch of a button."

"In Sierra Leone, mobile phone customers often travel far from home to support their families, and managing salaries in a secure way can be a challenge," said Pankaj Gulati, chairman and CEO, MoreMagic Solutions. "MoreMagic Solutions is pleased to support Splash in delivering SplashCash™, a truly innovative way for customers to manage their household money using the mobile phone."



Splash

Launched in early 2008, Splash Mobile Money Limited, designs and delivers mobile payment solutions in West Africa. www.splash-cash.com



MoreMagic Solutions

With deployments in more than 50 countries worldwide, MoreMagic Solutions offers transaction platforms for mobile operators, financial institutions, content providers, and distributors, enabling consumers to purchase goods and services on demand using a mobile phone, POS, or web.  The MoreMagic Solutions high-throughput payment engine and pre-packaged applications enable revenue-generating services, including mobile recharge and mobile money transfer, both domestic and international; mobile banking; bill payment; and mobile commerce; with integration into diverse network environments, languages, and currencies. Through MoreMagic Solutions worldwide distribution, MNO-branded services are available for out-of-country customers, enabling communications with relatives back home, and increased usage on mobile networks worldwide.



Contacts

Ben Farron

Splash

benfarren@mac.com

www.splash-cash.com

Carol J. Meier

MoreMagic Solutions

cjmeier@moremagic.com

www.moremagic.com



$32 Million Transcript of Heartland CEO Testimony





Heartland spends $32 million during first half on breach-related activities

Heartland Payment Systems Inc. spent about $32 million in the first six months of this year on forensics, legal work and other activities related to the December 2007 database breach that resulted in the theft of millions of credit and debit card numbers, CEO Robert Carr told the U.S. Senate Committee on Homeland Security and Government affairs this week.



Here's the entire transcript: 

Complete Testimony of Robert O. Carr Before Senate Committee

One in Eight Brits Hit by Online Fraud - Survey





Finextra - According to a survey commissioned by Internet security outfit VeriSign, one in eight of the UK's adult population have fallen victim to online ID fraud in the last year.



The YouGov survey of over 2000 Brits found that these fraud victims have had on average £463 stolen, with a quarter claiming to still be in dispute over compensation for the money taken. In total, £2.65 billion was stolen online from UK consumers in the last 12 months.



Despite the high proportion of victims, VeriSign says British Web users are conscientious when it comes to online shopping. Over three quarters (82%) of respondents claim to buy only from sites with enhanced security settings.



Young people are less likely to be hit by criminals, with only five per cent of 18 to 25 year olds stating that they have been online ID fraud victims, compared to 14% of people aged 45 to 54.



Continue Reading

eCrime Researchers Summit October 19th-21st



Cambridge, Mass., Sept. 17, 2009 -- The Anti-Phishing Working Group (http://apwg.org/ ) (APWG) announced it has opened registration for its eCrime Congress | Tacoma 2009 (http://apwg.org/events/2009_gm.html ), a three-day program beginning October 19, 2009.



The eCrime Congress program interrogates the current electronic crime threatscape that menaces online commerce today and tomorrow, and posits resources, tactics, and techniques to constructively engage them. APWG is the world's leading pan-industrial and law enforcement association focused on eliminating fraud and identity theft (http://apwg.org/events/events.html ).



No event combines the topical richness in exploring the electronic crime phenomenon and delegate heterogeneity like the fall APWG eCrime conferences, drawing thought leadership from technologists from many disciplines as well as from the financial services, retail and communications industries, law enforcement, and university research centers in the US, Europe and Australasia.



"No single sector holds the solution to electronic crime. At the APWG's conferences, all stakeholders can stand face-to-face and shoulder-to-shoulder to engage the eCrime phenomenon comprehensively, in ways that create dialog across affected constituencies - and inspire concerted action," said APWG Secretary General Peter Cassidy.



eCrime Congress | Tacoma 2009 will include a one-day, General Members (members-only) meeting on Oct. 19, followed by two days of open sessions on Oct. 20 and 21, examining such subjects as: crimeware's evolution, botnets' evolution, malvertising, Website vulnerabilities, business process logic abuse, telephony-based phishing, eCriminal tracking, counter-eCrime consumer safety instruction and the abuse of the Domain Name System by eCrime gangs.





The AWPG eCrime Researchers Summit (eCRS) on Oct. 20 and 21, held contiguously with the APWG General Members' meeting, will be presenting papers on counter-forensics, wireless network vulnerabilities,improvement of phishing-attack countermeasures, identification of vulnerable websites, phishing detection techniques, mechanisms for tracing the provenance of phishing attacks and much more. The eCRS, the world's only peer-reviewed technical conference dedicated exclusively to electronic crime research, is held every year with IEEE Standards Association (IEEE-SA) serving as the conference's Technical Sponsor.



The conference agenda and registration links are here:





http://www.antiphishing.org/events/2009_gm.html

Reblog this post [with Zemanta]

Finovate 2009 Reminder





Finovate 2009 is almost here and with it your chance to see the future of finance and banking before anyone else. In today's hyper-competitive market, finding and implementing the next great innovative idea (before your competition does) is critical.



Finovate will return to Manhattan on September 29, 2009 to once again showcase the best new financial and banking technology innovations from established leading companies and hot young startups. Finovate 2009 will showcase 32 of the most innovative ideas in financial technology (ideas you need to know about). Because of it's unique fast-paced format that is packed with value, the event is on pace to attract even more attendees than last year.



Handpicked from hundreds, the companies get a mere 7 minutes on stage to demo (no powerpoint allowed) their latest and greatest. Last year, almost 400 executives, entrepreneurs and industry experts attended the event’s action-packed day. Overwhelmingly, they said they’d come back. Will you join them?



Attendees from companies like American Express, Discover, Citi, Bank of America, ING Direct, Forrester, Wall Street Journal, NY Times, Fidelity, the Economist, RBC Venture Partners, Intuit, Microsoft, HSBC, Bloomberg Ventures, Visa, Lincoln Financial, CNNMoney, Money Magazine, PayPal, Ally, Canaan Partners, Yahoo!, Federal Reserve Bank, American Banker, The Hartford, USAA, AARP and many more.



Plus, don't forget to use your special offer code fan2009 to save an additional $100 on the ticket price. If you register before next Tuesday you can save a total of $200 off the last-minute ticket price! Register now.

Consumers Will Be Hurt By Interchange Regulation: 5 Articles of Proof



Yesterday I posted about the battle between the retailers and the banks over interchange fees. The Battle Has Needlessly Begun and Congress is Ready to Screw it Up.  Earlier today I posted the National Association of Convenience Stores Press Release on Interchange Fees.



Now I bring you the press release from the Electronic Payments Coalition...a release which dispels the theory put forth by the Merchant Payments Colation that they would pass the "swipe fee" savings on to the consumer. (common sense dictates that the merchants would pocket the savings) As I said in yesterday's post:
The study found that if American merchants paid the same swipe fees as those in Australia the past four years, the net savings would total $125 billion. Editor's Question: In whose pocket did that $125 billion go? I don't need a study to tell you it "wasn't the consumers"...



Here's the Press Release:



WASHINGTON, Sept. 17 /PRNewswire/ -- The Electronic Payments Coalition issued the following statement:



Today, the Electronic Payments Coalition released key evidence from several sources, demonstrating conclusively that consumers would be hurt by interchange regulation in the form of higher fees, fewer benefits, and zero savings at the cash register.



Despite the misleading claims of giant retailers who want to shift this cost, merchants themselves have confirmed that they would not pass savings on to their customers.



Representatives of the U.S. government, international economic experts, the Reserve Bank of Australia, and merchants themselves have acknowledged that consumers would see no savings from any interchange regulation.

It's simple: merchants don't want to pay their fair share, and they want consumers to foot the bill. And that's not fair.



CRA International




However, "there is no evidence that losses to consumers have been offset by reductions in retail prices." (pp. 1, 4, 13, 58) Neither merchants nor the RBA has presented any empirical evidence showing the extent to which the benefits of interchange fee reductions were passed onto consumers. Rather, "[o]ne of the main effects of the RBA's interventions has been a redistribution of wealth in favour of merchants." (pp. 1, 4, 13, 20, 58) In fact, the CRA study showed that since 2003, when that regulation was implemented, cardholder fees have risen by 22% for standard cards, between 47%-77% for rewards cards, and cardholders now pay AU$480 more in credit card fees each year. The value of rewards also fell 23% during that period.



Robert Stillman, William Bishop, Kyla Malcolm, and Nicole Hildebrandt, "Regulatory intervention in the payment card industry by the Reserve Bank of Australia: Analysis of the Evidence" (28 April 2008), available at
http://www.crai.com/ecp/assets/Regulatory_Intervention.pdf.



GAO Study




(p. 2) "Since Australia's regulators acted in 2003, total merchant discount fees paid by merchants have declined, but no conclusive evidence exists that lower interchange fees led merchants to reduce retail prices for goods; further, some costs for card users, such as annual and other fees, have increased. Few data exist on the impact of the actions taken in Mexico (beginning in 2004) and Israel (beginning in the late 1990s). Because of the limited data on effects, and because the structure and regulation of credit and debit card markets in these countries differ from those in the United States, estimating the impact of taking similar actions in the United States is difficult."

CREDIT AND DEBIT CARDS Federal Entities Are Taking Actions to Limit Their Interchange Fees, but Additional Revenue Collection Cost Savings May Exist (GAO-08-558)



Tom Robinson
, owner of Rotten Robbie's convenience stores, in testimony before the House Judiciary Committee



Mr. Keller
: Let me just be crystal-clear. Let's say you are paying 2-percent interchange fees now, and the Conyers bill passes, and you go to the arbitrator, and the arbitrator says 'I agree 100 percent with Rotten Robbie, and it is going to be 1 percent,' will Rotten Robbie customers get a discount when they go to buy donuts or gasoline or Coca-Cola as a result of that taking interchange fees from 2 percent to 1 percent?

Mr. Robinson: Well, I don't think the marketplace works exactly like that.

Mr. Keller: But your whole argument -

Mr. Robinson: But, ultimately, ultimately, the answer to your question, the consumer will benefit.

Mr. Keller: Okay. That is the $64,000 question, because your whole argument is you want lower interchange fees because it is better for consumers. And so that is why I want to give you the chance. He is saying it is not going to benefit consumers. Is it going to benefit consumers or not?

Mr. Robinson: There is not a businessman that does not attempt to keep the margin.



May 15, 2008




Credit Union Times,
May 15, 2009, reporting on a panel discussion at the Chicago Federal Reserve:



"A banking regulator from Australia acknowledged that there was no evidence [prices had been lowered as a result of regulation] in his country, which has dramatically lowered credit card interchange. 'That is a very hard question to answer,' said John Simon, chief manager for the Payments Policy Department of the Reserve Bank of Australia, responding to a question from an attendee at the Federal Reserve Bank of Chicago's 2009 Payments Conference. 'There are so many different things that might go into a price change of 98-cent can of Coke to a 96-cent can of Coke that it's impossible to say whether or not that reflected the lowered interchange rate or something else, a global economic downturn, for example.'"



"Review of the Reserve Bank of Australia and Payments System Board" for the Standing Committee on Economics, Finance, and Public Administration, June 2006




"The committee was concerned by evidence which suggested that some merchants are profiteering from the ability to surcharge. While the committee notes proposals for surcharges to be capped at a merchant's costs, it does not believe a cap would be entirely effective. Surcharging - and in particular excessive surcharging - occurs in markets not subject to high levels of competition. If merchants in these markets want to charge excessively, they could simply do so through the prices of goods and services. If surcharges were to be capped, it is possible that other prices would rise to compensate for the lost revenue."



For more information on this and other issues in the interchange debate, contact Trish Wexler of the Electronic Payments Coalition at trish@electronicpaymentscoalition.com.





SOURCE Electronic Payments Coalition


Banking Salaries Require Fed Approval



Fed plans to approve banking salaries: report

Want to read something really scary?  Here ya go...



Fri Sep 18, 5:04 AM  NEW YORK (AFP) - The Federal Reserve would be required to approve salaries for tens of thousands of US bank workers, as part of a plan to curb risk-taking at financial institutions, The Wall Street Journal reported Friday.



"The Fed's plan would, for the first time, inject government regulators deep into compensation decisions traditionally reserved for the banks' corporate boards and executives," the report said.  The proposal would see the Fed empowered to ban any compensation policies it believes encourage bank employees -- from chief executives, to traders, to loan officers -- to take too much risk.



"The US' largest banks, about 25 in number, would get especially close scrutiny.




A final proposal "is still a few weeks from completion and could be revised along the way," the report said citing unnamed persons familiar with the matter. The move requires a vote by the Fed board, but not a Congressional green light.



How scary is that?  The last line in the story states: France and Germany, Europe's leading economies, are lobbying for strict limits on executive's compensation.



Reblog this post [with Zemanta]

Brits Ditch Checks

BRITS DITCH CHEQUES AS FAST PAYMENTS GATHERS MOMENTUM



The total value of cheques cleared in the UK in the second quarter fell a massive 20% compared to the same period in 2008, as Brits continued to turn to debit cards and the Faster Payments Service.



According to the UK Payments Administration, the value of all cheques cleared, including those issued by companies, fell by 20.9% to £219.23 during the quarter. The actual number of cheques cleared was also down 13.7% on Q2 2008.

Cheques - which are set to be phased out in the UK by 2018 - accounted for just 7.8% of all non-cash payment volumes in the quarter, declining from 19.7% in Q2 2003....



More on this story: http://www.finextra.com/fullstory.asp?id=20516.   Editor's Note:  According to the Drudge Report, the Brits are not alone as Obama has also ditched czechs...



Reblog this post [with Zemanta]

Study: U.S. Pays More for Interchange Fees






More on the Merchant Payments Coalition and their New Study...





A new study by the Merchants Payments Coalition finds that Americans pay a much higher percentage for interchange charges than the rest of the industrialized world.









WASHINGTON, DC – A new study by the Merchants Payments Coalition (MPC) www.unfaircreditcardfees.com found that if U.S. consumers paid the same low credit and debit card swipe fees as consumers in Australia pay, then the net benefit would have totaled $125 billion over the last four years.



Interchange fees, or “swipe fees,” cost Americans an average of $2 on every $100 they spend with credit cards — a higher percentage than anywhere else in the industrialized world. Why? Because other countries and their governments have been able to negotiate with the big banks and credit card companies for fair rates and transparency, the MPC notes.



NACS is one of the founding members of the MPC
.





But, in the United States merchants and their customers are still forced to pay sky-high interchange fees.

Interchange fees started out in the 1960s as a way for banks to cover the cost of processing credit card transactions. But even as technology has dropped that cost dramatically, the banks and credit card companies have pushed swipe fees higher and higher, turning it into a cash cow. For many businesses, credit card fees are now their single-highest non-labor operating cost.



With almost any other equipment, supplier or service, retailers can comparison-shop, negotiate or otherwise influence its final cost of doing business. Store owners can conserve on energy usage and seek out the most competitive prices for merchandise, just to cite a few examples.



Not so with credit card interchange fees. Visa and MasterCard control more than 80 percent of the marketplace. They set the fees in secret, give businesses no ability to negotiate and virtually insist they be buried in the price of merchandise. Unfortunately, the card companies’ hidden fees get passed on to all consumers in the form of higher prices and lower value for nearly everything they buy.











“It’s bad enough that the credit card companies force these hidden fees on us and our customers when we can least afford it,” noted NACS Vice Chairman of Government Relations Tom Robinson, president of Robinson Oil Corporation.

“But when we are paying more than anywhere else in the world, and other countries have taken action to protect their citizens from abuse, it is inconceivable that our government would turn a blind eye to the issue. It is time for Congress to step up and defend the principles of the free-market economy by taking action on (interchange) fees.”



Though Congress and the White House have addressed other credit card reforms, the MPC is arguing that any fix will be incomplete without addressing interchange fees. Consider:



  • Banks raked in an estimated $48 billion in interchange fees in 2008 – an average of $427 per American household in just one year.

  • This $48 billion total is more than triple the amount collected as recently as in 2001.

  • Hidden interchange fees cost Americans more than all credit card annual fees, cash advance fees, over-the-limit fees, and late fees combined.

  • U.S. interchange fees are the highest in the developed world. The U.S. pays approximately 60 percent of interchange fees globally – about double the U.S. percentage share of global GDP.



Compared to the rest of the world, U.S. interchange fees are more than two times the rates in the U.K. and New Zealand, four times the rates in Australia and more than six times the cross-border rates recently agreed upon by MasterCard and the European Union.



Meanwhile, the payments industry hit back with its own “study.”



In a September 17 press release, Visa announced the findings of a new study that shows that “consumers believe retailers benefit far more from accepting credit and debit cards than they pay in costs.



The press release noted that consumers believe merchants see card cost acceptance as a part of doing business, much like paying for utilities such as electricity.  "



Among the survey's findings:



  • By a 2-to-1 margin, consumers say retailers should pay the cost of accepting credit and debit cards.


  • 78 percent of consumers believe the value and benefits retailers receive from accepting credit and debit cards outweigh the costs of accepting them.


  • 83 percent of those surveyed believe that any savings retailers realize will be used to increase their own bottom lines and will not be passed on to consumers.


  • 91 percent of consumers say they are more likely to shop at stores that accept credit and debit cards.

“Retailers and their well-funded trade associations have filed lawsuits and are aggressively lobbying Congress to allow them to shift their business costs to consumers by allowing merchants to charge checkout fees whenever consumers use credit or debit cards. At the same time, national convenience store chains have launched misleading, in-store petition campaigns to cover for their checkout fee efforts, noted Visa’s press release.



"The response is loud and clear: consumers aren't buying the message convenience store chains and big retailers are selling," said Bill Sheedy, group president of the Americas for Visa Inc., in the release. "This research demonstrates that consumers are well aware that legislation is a Trojan horse that likely will lead to higher prices for cardholders while retailers pocket the savings."



Reblog this post [with Zemanta]

Disqus for ePayment News