Wednesday, November 11, 2009

Todos Delivers 20 Millionth eBanking Security Product







Todos protects 20M + from online fraud



Gothenburg, Sweden, Nov. 11, 2009 -- Thanks to continued rapid growth in 2009, Todos has passed a significant milestone. In September 2009, it delivered its 20 millionth eBanking security product.



In a world where identity theft, spyware, phishing and man-in-the-middle attacks threaten consumer confidence in online banking, Todos is busy strengthening the bonds of trust between banks and their customers. Millions of people around the world feel safer online thanks to Todos.



The company's success allows it to invest in innovative products, such as the Todos C400 and C200 advanced smart card readers. Todos has already shipped 6m of these sophisticated devices while other vendors struggle to bring similar products to market.



Todos's advanced smartcard readers fully eliminate the danger of man-in-the-middle and man-in-the-browser attacks, sidestepping the dangers highlighted by Ross Anderson earlier this year in his Cambridge University report* "Optimised to Fail".



The smartcard readers provide enhanced transaction authentication without having to connect to the user's PC. They are user-friendly and bank-friendly at the same time.



Two security features enhance trust, confidence and usability. Todos's unique Dynamic Signatures allows banks to adjust the level of security in proportion to the level of risk involved in each transaction. It is the only technology that enables Sign-What-You-See in both connected and unconnected mode. Secure Domain Separation prevents cross-channel attacks by keeping eCommerce, eBanking authentication, logon and transactions separate.



"This is a real milestone for Todos," says Ove Wedsjö, the company's CEO. "When it comes to eBanking and eCommerce security, it shows that Todos is setting the pace in business, technology and trust."



Todos AB helps banks and other businesses create trusted, secure relationships with their customers online. Founded in 1987, Todos designs, develops, delivers and supports security solutions for eBanking and eCommerce strong transaction authentication. We have delivered over 20m products to 100+ financial institutions in more than 30 countries. When trust matters, trust Todos.



Source: Company press release.




Banks Become Creative in Seeking to Secure Customers' Relationships





www.thewowcard.com from Maestro offers “2008’s most innovative promotional product.”



DALLAS--PPNB--During 2009, bank customers have experienced frustration and uncertainty in their banking relationships. With 115 U. S. bank failures this year and another 400 banks considered at risk, some customers wonder if their banks will survive the economic downturn. Banks also continue to frustrate businesses with limited lending.



Smart banks recognize that customers need reassurance, so many community bankers are sponsoring creative, effective programs to secure relationships, while most national banks offer financial awards to attract new accounts.



One of the most cost-effective promotions used by community banks is “The WOW card,” a branded personal assistance program available from Maestro. As Maestro signed its 3,000th distributor; “The WOW Card” also became one of three national nominees for “Best Executive Gift Award” from the Promotional Products Association International.



“Extraco Banks’ internal results using Maestro’s WOW Card-Branded Personal Assistance was so strong that we hope to use it with our customers in 2010,” said Mary Coleman, of Texas-based Extraco Banks.



“Maestro’s Branded Personal Assistance offered a great platform to help connect our bank presidents to our best customers,” noted Bob McElrath of Minnesota-based Frandsen Financial Corporation.



Taking a different tact offering effortless savings, Bank of Texas created “Quicksave” to allow customers to transfer a designated amount into savings with each check card purchase or online bill pay. Bank of Texas then matches a portion of the savings.



Some rewards programs, such as ones offered by Capitol One and Chase Bank, encourage customers to make more transactions by paying bills online, using debit cards, opening CDs and more.



Most national banks, meanwhile, are sticking to financial incentives to attract new customers.



Bank of America and Citibank have rolled out programs offering $100 to $125 bonuses for opening new checking accounts, promoting them in targeted mailings.



About Maestro




Maestro offers WOW Branded Personal Assistance through distributors who sell to companies that want to empower customers, prospects and employees with a branded gift of time and convenience. Recipients of WOW VIP cards are able to call highly-trained, technology-enabled personal concierges 24/7 for assistance in accomplishing tasks or finding information in a fraction of the time they could do it themselves. See “How it Works” at www.thewowcard.com

Reblog this post [with Zemanta]

ICBC, UMPay and American Express Launch China’s First Dual-currency, Mobile Payment Credit Card





NEW YORK--(BUSINESS WIRE)--Earlier today in Beijing, the ICBC Mobile Payment American Express® Card, China’s first dual-currency credit card with mobile account payment capabilities and features, was officially launched by the Industrial and Commercial Bank of China (ICBC), Union Mobile Pay (UMPay) and American Express.



ICBC is the largest commercial bank in the world by assets and profitability, and the largest credit card issuer in China. The ICBC Mobile Payment American Express Card combines the leading credit card platform of ICBC, the advanced mobile e-commerce services of UMPay (a leading mobile payments company in China), and the global merchant network and marketing resources of American Express. The Card signals a new era of collaboration among banks, mobile payment providers and credit card organizations, and will provide unparalleled levels of integration, efficiency and control for Chinese consumers.



The new Card leverages the “anywhere-and-anytime” advantages of mobile phones and the payment advantages of credit cards to provide consumers with secure, convenient, and flexible online, offline, and mobile payment options.



After designating their mobile phone number to their credit card account and activating their mobile payment function, Cardmembers can select merchants accepting mobile payments from their mobile phones, and authorize their payments for digital downloads, utilities, and other online and offline goods. The transactions will be automatically charged to their ICBC Mobile Payment American Express Card accounts. Cardmembers can choose to settle their charges in either US dollar or Renminbi and they don’t have to pay those charges until they receive their credit card statement.



“ICBC is the biggest commercial bank in China, and we continue to reinvent our products and services to meet the changing needs of our customers,” said Luan Jian Sheng, President and Head of Card Center from ICBC. “ICBC has issued more than 50 million credit cards and is the leading credit card brand in China. By integrating the respective advantages of ICBC, American Express and UMPay, we are able to bring our success in the credit card business to new heights by providing advanced and more convenient payment products to consumers in China.”



“As a leading global merchant acquirer and worldwide payment network, American Express believes emerging payments will provide significant potential going forward. We intend to remain active in this space,” said Kula Kulendran, American Express Executive Vice President and Head of Global Network Services in Japan, Asia Pacific and Australia.



“China has the largest mobile phone subscriber population in the world, and we are delighted to work with ICBC and UMPay to develop new mobile payment opportunities in this market. The launch of this new Card marks a new milestone for American Express in China. It will bring a new transaction channel, a new marketing tool and, ultimately, all new potential for the business growth of merchants throughout China. We look forward to a long-term, successful partnership,” added Kulendran.



“With mobile handset users in China fast approaching 700 million, mobile e-commerce has been a growing consumer need and market trend in China,” said Zhang Bin, General Manager of UMPay. “Convenient, prompt, and reliable mobile payment is a pre-requisite for the development of mobile e-commerce. UMPay has market leading infrastructure and know-how in China’s mobile e-commerce market. We fully expect the new ICBC Mobile Payment American Express Card to play an important role in the country’s mobile payment and e-commerce markets.”

About Industrial and Commercial Bank of China


ICBC is the largest wholesale and retail bank in China by assets and deposits and is a market leader in many business areas including corporate and personal loans, deposits, mortgages, e-banking, custodian services and inter-bank clearing. It provides a wide range of commercial banking services to corporate and individual customers. ICBC has approximately 16,000 outlets and employs 382,000 people across China. It had total assets of RMB 11.43 trillion at the end of June, 2009.



About Union Mobile Pay


UMPay is a joint venture founded in August 2003 by China Mobile and China UnionPay. UMPay specializes in mobile payment, providing China Mobile subscribers with innovative payment products such as Mobile Wallet and the Financial Message Service, and allows merchants to enjoy broader, faster and easier payment channels.



About American Express


American Express Company is a leading global payments, network and travel company founded in 1850. Since 1996, American Express has been pursuing a strategy of opening its merchant network and card product portfolio to third party issuers around the world. By leveraging its global infrastructure and the powerful appeal of the brand, American Express has gained even broader reach for its network worldwide. American Express has now established 131 partnerships in 130 markets across the world.





Reblog this post [with Zemanta]

Banking Technology Readers Name Fiserv 'Best Financial Crime Prevention Supplier'





The winners in the 10th Annual Banking Technology Awards and the Readers' Choice Awards were announced at a gala dinner at the Grosvenor House Hotel in London's Lane last night, with some 400 guests taking part in an evening of celebration.  Congratulations to all of the winners, of course; but also congratulations to all those who were runners-up or highly commended. And thanks to so many people who took part.






To view the Readers' Choice Award winners please click here
To view the Banking Technology Award winners please click here





Fiserv, Inc. announced today that it has been named "Best Financial Crime Prevention Supplier" by readers of Banking Technology magazine. The European Banking Technology Awards reflect excellence across a range of IT activities in banking and financial services, and recognizes in particular solutions that show quality of innovation. Please contact me with additional questions.



Banking Technology Readers Name Fiserv 'Best Financial Crime Prevention Supplier'



Brookfield, Wis., November 11, 2009 -PIN Payments News Blog-  Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, today announced that it has been named "Best Financial Crime Prevention Supplier" by readers of Banking Technology magazine.



The European Banking Technology Awards reflect excellence across a range of IT activities in banking and financial services, and recognizes in particular solutions that show quality of innovation. The award winners were announced at a gala held on Thursday, November 5, at the Grosvenor House Hotel in London.



Part of the Fiserv core competency in risk and compliance, the Financial Crime Risk Management solution suite from Fiserv provides a comprehensive portfolio of fraud risk mitigation and anti-money laundering capabilities that can help organizations achieve the ultimate goal of 'de-risking' each and every transaction throughout its lifecycle. The platform can also significantly improve operational efficiency through enhanced detection capabilities, fewer false positives, reduced revenue losses and streamlined workflow.



Simon Moss, general manager, Fraud and Compliance Solutions at Fiserv, said, "We thank the readers of Banking Technology for honoring Fiserv, and see this award as recognition of the investment made by Fiserv in the risk management area, and the hard work of our associates. Fiserv will continue to innovate to help ensure our clients are well equipped to efficiently detect and mitigate financial crime."



About Fiserv

Fiserv, Inc. (NASDAQ: FISV) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.





#   #   #



Reblog this post [with Zemanta]

Federal Court Grants Heartland Payment Systems’ Application for an Order to Show Cause Against VeriFone



Verifone/Heartland Spat Continues in Courts



PRINCETON, N.J.--PIN Payments News Blog--On Monday, the New Jersey Federal Court granted Heartland Payment Systems’ application for an order to show cause against VeriFone Holdings Inc. The return date for an expedited hearing on Heartland‘s injunction on its Lanham Act false-advertising claims was set for December 7, 2009. No motion to transfer these claims to the Northern District of California as requested by VeriFone was granted at the hearing. In addition, VeriFone took down the website that was using the Heartland name to lure Heartland customers.



The need for the court hearing resulted from the public relations attack VeriFone launched against Heartland last week claiming Heartland can no longer support its customers using VeriFone terminals.



“VeriFone is deliberately attempting to confuse our customers by making false claims that we cannot service VeriFone equipment,” commented Bob Carr, Heartland’s chairman and chief executive officer. “VeriFone wrongly asserts that we expect our merchants to contact VeriFone for direct support. We strongly encourage our customers NOT to register for it.”



According to Carr, providing confidential business information to VeriFone could put that information at risk. “There is no reason a hardware manufacturer needs that kind of data other than for the purpose of passing it to our competitors and VeriFone’s partners as new business leads.”



The discord between Heartland and VeriFone began when Heartland refused to work exclusively with VeriFone to produce “E3™” terminals featuring Heartland’s state-of-the-art end-to-end encryption technology.



“VeriFone demanded we use them as our sole E3 terminal provider. This is counter to our objective of making E3 quickly and widely available to merchants. Our refusal to have an exclusive arrangement with VeriFone infuriated that company,” Carr continued.



VeriFone also wanted to impose an unprecedented per-transaction fee/tax never before levied on processors, merchants or consumers ― a “junk fee” that comes with no added value or acceptance of any responsibility.



“This arbitrary fee would tax merchants ― and ultimately consumers ― for the enhanced security Heartland will offer with no junk fees. VeriFone’s fee would not deliver any additional or value-added services to our merchants or consumers. Heartland is not willing to pay this new recurring junk fee and pass it onto our customers or consumers.”



Carr reiterated that Heartland is fully capable ― and will remain fully capable ― of servicing its customers. Heartland is the only entity that can provide full service ― including ongoing service of VeriFone terminals ― to its customers. Heartland customers should NOT register for “uninterrupted continuation of support” as promoted by VeriFone.







Reblog this post [with Zemanta]

Ukash in Ukraine

Image representing Ukash as depicted in CrunchBaseImage via CrunchBase

London, Nov. 11, 2009 –- Ukash, which has the largest prepaid-cash issuing estate in the world, has announced an agreement with PrivatBank to offer its fast growing e-cash product to consumers in the Ukraine as it continues to pursue its aim of making online shopping available to everybody, anywhere in the world.



Ukash vouchers, which are available from 300,000 global physical issuing points in 17 countries, provide e-commerce solutions by allowing customers to shop, play and pay online using cash. Ukash will be available via numerous PrivatBank channels in the Ukraine including over the counter in 3,500 bank branches and online using the Privat24 internet and mobile banking service.



The vouchers will also be available from nearly 6,800 ATMs and approximately 1,800 self-service kiosks located in convenient public areas, enabling consumers to purchase Ukash outside of banking hours.



Founded in 1992, PrivatBank has operations in Russia, Georgia, Latvia, Portugal and Cyprus, and is the largest commercial bank in the Ukraine with 23% of the country’s 46m population employing its services. The Ukraine’s extensive expatriate workforce will also be able to benefit from the ability to use Ukash to spend online at both local and international websites.



Mark Chirnside, chief executive officer, Ukash said: “We are pleased to announce that Ukash is now available in the Ukraine, in association with the country’s biggest commercial bank, PrivatBank. Our aim is to achieve a more socially inclusive approach to online shopping by helping the unbanked, as well as alleviating the fear of online fraud felt by many. We are happy to announce that customers in the Ukraine can now shop online safely using cash, and we feel sure that our introduction there will be as successful as our other recent endeavours.”



The alternative payment vouchers will also soon be available from in excess of 55,000 shops in the Ukraine via PrivatBank’s network of point of sale card processing terminals, and Smart Voucher is already working alongside PrivatBank and Skype to facilitate the SkypeCredit program in the Ukraine.



Future plans for Ukash, which can also be obtained online in 12 countries with more to come soon, include continuing its physical expansion into other countries in this region – starting with Russia.



About Ukash ®



Ukash ® is the fastest growing global e-commerce payment solution to enable consumers from anywhere in the world to shop, pay and play online safely using cash. Ukash is a secure payment method developed to protect personal identity and financial information when making online transactions; eliminating the threat of credit and debit card fraud for consumers and repudiations and charge-backs for retailers.



Established in 2001 under the holding company Smart Voucher Ltd, Ukash has grown to more than 300,000 physical points of purchase in 17 countries around the world. In 2008, Ukash ® established a strategic partnership with South African payments giant Blue Label Telecoms – part owned by Microsoft, to develop the brand’s services.
Reblog this post [with Zemanta]

Melissa Hathaway Won't Bank Online



In a post by Eric Chabrow, at GovInfoSecurity, he writes about a quick conversation he had with Melissa Hathaway.  (not pictured on the right) 



Bottom line?  Melissa doesn't bank online.  Oh...and the FBI Director has sworn off online banking after nearly falling victim to a sophisticated phishing attack.  (See:
FBI Director Swears Off Online Banking after Nearly Getting Phried

Confidence in the security of online shopping is down, down, down.  Oh...and it's going to get worse before it gets better.  UNLESS we stop using the web/browser for financial transactions and start using a PCI 2.x Certified device which eliminates the threats AND morphs the "Card Not Present" environment (the web) into a "Card Present" one. 

So the question that begs to be asked of thse financial institutions..."When are they going to wake up to the fact that financial transactions simply cannot be conducted in a browser space?   How long are they going to be stuck on band-aids? 


It is time to re-evaluate the entire process.   When the web came along, everybody jumped in without feeling the water and now it's reached it's boiling point.  Again, the browser is not safe for financial transactions.  Been saying it for 20 months, but more importantly, large organizations such as IBM are stating the same thing.  (unprecedented state of web insecurity...a separate machine is needed for online banking, etc.)



Here's some insight on how
the one-time leading candidate as President Obama's CyberSecurity Tsarina  (See: Melissa Hathaway Logs Off as Cyber-Security Tsar/Czar) feels about online banking/shopping... 



Does Melissa Hathaway Bank Online?

Eric ChabrowEric Chabrow - Gov Info Security



Melissa Hathaway should know better than anyone about the safety - or vulnerability - of our computer networks, having conducted the 60-day cybersecurity policy review of the federal government's and nation's IT infrastructure for President Obama.



Now a senior adviser at the Belfer Center for Science and International Affairs at Harvard University's Kennedy School of Government, Hathaway spoke with me on Tuesday about the current state of our cybersecurity posture (that podcast interview will be posted presently). I ended our conversation by asking how secure should people feel about banking and shopping online. Hathaway's response:





"E-commerce fraud is up significantly, I think over 70 percent, as to the recent statistics that I saw.



It's important to have better credentialing and authentication of customers online in order to assure the security with banking and e-commerce broadly."

Do you bank online?

"Occasionally, I shop online. I do not do banking online."

Is that because you don't trust the current environment?

"I believe that the banks ... that they will cover all liabilities if your accounts were taken. I just don't have the comfort level of e-commerce yet based on current technology."



Hathaway's time at the White House analyzing IT vulnerabilities didn't sway her to stop banking. She has never banked online. I asked if I should reassess my online banking addiction. Her response wasn't comforting:

"I think that certainly your bank will cover you if there is a problem, but I think that as you are going to perhaps an unknown vendor out in cyberspace, and you're going to give them your credit card, you should think twice about that."





Reblog this post [with Zemanta]

Why Hasn't More Been Done About Card Not Present (CNP) Fraud?

There's an interesting article on Compare & Save by Emma Skinner. 



She asks a simple, yet pertinent question: 



Why hasn't more been done about CNP fraud? 



Well, Emma, you'll be happy to know that because our point of sale terminal, designed specifically for web-based financial transactions, has been PCI 2.x certified by Visa, MasterCard, AMEX, Discover and JCB, they have effectively certified our device as one which can conduct "card present" transactions in what was previously a Card Not Present environment.



This is fantastic news for financial institutions, merchants and consumers because...although CNP transactions make up about 10% of all transactions, it is responsible for 54% of total fraud losses.  It occurs because the customer cannot physically swipe their card when purchasing online.  Now, with PCI certification, they can.



I was ordering a takeaway the other night and needed to pay by card over the phone because I almost never have any cash on me for fear of losing it.



After placing my order I started to give my card details to authorize the payment when I suddenly remembered statistics which showed how much Card Not Present (CNP) fraud has increased over the past 10 years.



My takeaway was tasty but it was tainted by this slight hint of concern because I have personal experience of taking card details for CNP transactions and I really know how much trust is placed in the hands of the cashier.



While I was studying for my degree I had a part-time job in a local off licence which offered home deliveries. If customers wanted some alcohol delivered to their door, all they had to do was ring the shop, tell us what they wanted and where it was going to, and then pay for it using their card over the phone by giving us their card details.



To authorize the transaction we needed:

  • The long card number (PAN) Primary Account Number


  • The start date

  • The end date

  • The issue number

  • The last 3 digits of the security code on the signature strip

  • The house number and the numbers from the postcode of the card’s billing address

The next step would be to enter the information into the point of sale machine and the card would be processed thus completing the sale. 



(Editor's Note:  That would be the first and only step if the consumer was equipped with our PCI 2.x certified personal point of sale terminal/PIN Pad.)



"I was then left with a precious piece of paper in front of me containing all of the customer’s card details. Luckily, I am a very honest person and handled the data with the sensitivity and respect it deserved by immediately handing it to my superior to be destroyed.  If I wasn’t so honest, it would have been very easy for me to take down the details and use that card to purchase items online."

You can now understand why I didn’t fully enjoy my takeaway that night – I feared that I had placed maybe a little too much trust in the stranger on the other end of the phone and decided to keep an extra vigilant eye on my card statement for the next month.

"It prompted me to think about why CNP transactions were still deemed a viable payment method and to look into why more hasn’t been put in place to protect everyone in the sales process from what I deemed to be a seemingly huge oversight."

The result was the news article ‘How to protect yourself from Card Not Present (CNP) fraud’ which you can read by clicking the link.



Editor's Note:  Actually, the result of those exact same questions is HomeATM's PCI 2.x Certified PIN Entry Device.  What you have (CARD PRESENT) and what you know (PIN) = the Elimination of the CNP environment. 



Thus...HomeATM eliminates the CNP environment by morphing that same environment into a "Card Present" one. 



Swipe Card, Enter PIN.   We instantaneously 3DES DUKPT end-to-end encrypt the data inside our device meaning the data never enters the browser.  (BNP) Browser Not Present! 








Reblog this post [with Zemanta]

Prosper.com Lands Capital One Co-Founder and Investment



Nigel Morris Joins Board of Directors and QED Investors Invests in Prosper



SAN FRANCISCO--PIN Payments News Blog- Prosper, the largest peer-to-peer lending marketplace in the U.S. with over $180 million in loans and 870,000 members, today announced that Nigel W. Morris, Co-Founder of Capital One, has joined its Board of Directors and his venture capital firm, QED Investors, has invested in the company.



“The future of consumer and small business finance is changing rapidly, and Prosper is at the forefront of this transformation,” said Nigel Morris, Managing Partner of QED Investors. “By disintermediating banks, Prosper’s model allows consumers to directly benefit, both on the lending and borrowing sides. We are excited to be part of a company that will play a pivotal role in the future of lending.”



“To maximize and fast track our growth and revenue potential, we’re honing our strategy to holistically approach marketing and risk modeling,” said Chris Larsen, Chief Executive Officer and Co-founder of Prosper. “Bringing in Nigel Morris and his team of operationally-oriented investors will immediately enhance our own team’s analytical capability. And just as Nigel and his team were able to deploy such a capability at Capital One to revolutionize the consumer lending industry, we expect our team at Prosper to revolutionize the P2P lending space."



Nigel Morris co-founded Capital One in 1994, and during his ten-year tenure, Capital One’s customer base grew to an extraordinary 45 million, managed loans increased to more than $70 billion and the company emerged as one of the top seven issuers of MasterCard and Visa credit cards in the world.



Nigel Morris is currently the managing partner of QED Investors, a direct investment fund focused on high-growth companies that leverage the power of data strategies. In addition, he works in an advisory capacity with General Atlantic Partners, Columbia Capital, and Oliver Wyman. He also serves on the board of The Economist Group, London Business School, and Venture Philanthropy Partners.





About Prosper

Prosper is America’s largest peer-to-peer lending marketplace with over 870,000 and $184 million in loans. It pioneered peer-to-peer lending, which allows people to invest in each other in a way that is socially and financially rewarding. Prosper's auction model provides an open and transparent way to get a personal loan or invest in loans on terms that are favorable to everyone involved in the transaction.



People and institutions list and bid on loans using Prosper's online auction platform. Borrowers can list loan requests between $1,000 and $25,000 on Prosper and set the maximum rate they are willing to pay an investor for the loan, and tell their story. People and institutional investors register on Prosper as lenders, then set their minimum interest rates, and bid in increments of $25 to $25,000 on loan listings they select. In addition to criteria commonly used by institutional lenders, such as credit scores and histories, Prosper lenders can consider borrowers' personal stories, endorsements from friends, and community affiliations.



Once the auction ends, Prosper takes the bids with the lowest rates and combines them to facilitate the funding of one simple loan to the borrower, and then issues what are called "Notes" to all the winning bidders. Prosper handles all on-going loan administration tasks including loan repayment and collections on behalf of the matched borrowers and investors. Prosper members are then able to trade Notes with other members on the Folio Investing Note Trader platform, provided by Foliofn Investments, Inc. Follow Prosper on twitter @prosperloans Notes offered by Prospectus.

Study Finds Credit Card Companies Con Consumers and Small Businesses



C4CC Study Finds That Credit Card Companies’ Recent Rush to Raise Interest Rates and Implement New Fees Is Par for the Course as Credit Card Companies Con Customers and Small Businesses



INDIANAPOLIS- PIN Payments News Blog- On the heels of reports that credit companies are in a rush to raise interest rates to historic highs and implement new fees before regulation that limits such action takes effect, Consumers for Competitive Choice (C4CC), a diverse, national coalition of Americans including consumers and small businesses who support a consumer-focused economy, has just released a study titled, “The Credit Card Con,” (PDF/50 pages) which examines the industry’s notoriously bad acts.



The study notes that Visa and MasterCard have taken advantage of their dominant market positions to raise prices while curtailing credit. Even as the nation’s automobile, manufacturing, entertainment, real estate and retail sales industries have struggled to make ends meet – cutting prices to bolster sales and jobs to cut costs – the credit card duopolists report strong profits – a direct result of raising interest rates and implementing new fees for card holders. This in addition to the already excessive transaction fees that cost American consumers $48 billion in 2008 alone – triple the level in 2001.



“This is certainly not the reaction that Congress expected when responding to a mounting public outcry by passing the Credit Card Accountability, Responsibility and Disclosure Act of 2009 (CARD Act),” said Bob Johnson, president of C4CC. “However, rather than react responsibly, the industry has flouted the will of Congress and the Administration by moving quickly to raise rates, increase fees, and reduce available credit before the law takes effect next year. These are the types of tactics that the credit card industry is infamously known for – and they have to stop.”



The report comes amidst new laws that Congress is considering related to credit cards and financial services. With unemployment hitting double digits and small business growth being impaired, it is imperative that our representatives and senators in Washington take steps to reduce this unfair burden. As bills begin to wind their way through the committee process, it is critical that important issues such as transaction fees are addressed in any legislation that is put forward.



To access the study, click here.



About The Credit Card Con



The Credit Card Con is a project by the Consumers for Competitive Choice. For more information, visit The Credit Card Con website at www.thecreditcardcon.com.

Alleged International Hacking Ring Caught in $9 Million Fraud



Yesterday the Justice Department announced eight indictments in the RBS WorldPay ATM Robbery.  Refreshing your memory... during the RBS WorldPay ATM heist, 44 counterfeit payroll debit cards were used to withdraw more than $9 million from at least 2,100 ATMs in at least 280 cities worldwide in about 12 hours. 



Last year I blogged about the amazing RBS WorldPay Heist.  The original post follows this press release from the Department of Justice:



Justice News Banner

Department of Justice

Office of Public Affairs



FOR IMMEDIATE RELEASE



Alleged International Hacking Ring Caught in $9 Million Fraud

Major Credit Card Processor Victimized in Elaborate Theft of Account Numbers



Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person known only as "Hacker 3;" have been indicted by a federal grand jury in Atlanta, Ga., on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland.



Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, each of Tallinn, Estonia, have also been indicted by a federal grand jury in Atlanta, Ga., for access device fraud.



The 16-count indictment charges Tsurikov, Pleshchuk, Covelin and "Hacker 3" with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft. The indictment alleges that the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.



Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of "cashers" with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.



The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the "cashers" were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tsurikov, Pleshchuk and other co-defendants . Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach.



International cooperation was a significant factor in the resolution of this case. In a joint investigation with U.S. law enforcement authorities, Estonian Central Criminal Police apprehended Tsurikov, Ronald Tsoi, Evelin Tsoi and Jevgenov in Estonia earlier this year. Each is facing related charges in Estonia. Tsurikov is also in custody in Estonia and is pending extradition to the United States. Federal prosecution of the Estonian defendants has been closely coordinated with the Estonian Office of the Prosecutor General. Furthermore, cooperation between the Hong Kong Police Force and the FBI also led to a parallel investigation in Hong Kong, resulting in the identification and arrest of two individuals who were responsible for withdrawing RBS WorldPay funds from ATMs there. The Netherlands Police Agency National Crime Squad High Tech Crime Unit and the Netherlands National Public Prosecutor’s Office also provided significant assistance.



Tsurikov, Pleshchuk, Covelin and "Hacker 3" each face a maximum sentence of up to 20 years in prison for conspiracy to commit wire fraud and each wire fraud count; up to five years in prison for conspiracy to commit computer fraud; up to five or 10 years in prison for each count of computer fraud; a two-year mandatory minimum sentence for aggravated identity theft; and fines up to $3.5 million dollars. The charges against Grudijev, the Tsois and Jevgenov carry a maximum of up to 15 years in prison for each count and a fine of up to $250,000. The indictment also seeks criminal forfeiture of $9.4 million from the defendants.



"The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners, particularly between the United States and Estonia. Through our close cooperation, both nations have demonstrated our commitment to identifying sophisticated attacks on U.S. financial networks that are directed and operated from overseas and our commitment to bringing the perpetrators to justice," said Assistant Attorney General of the Criminal Division Lanny A. Breuer.



"Last November, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organized computer fraud attack ever conducted. Today, almost exactly one year later, the leaders of this attack have been charged. This investigation has broken the back of one of the most sophisticated computer hacking rings in the world. This success would not have been possible without the efforts of the victim, and unprecedented cooperation from various law enforcement agencies worldwide," said Acting U.S. Attorney Sally Quillian Yates of the Northern District of Georgia.



"Through the diligent efforts of the victim company and multiple law enforcement agencies within the United States and around the world, the leaders of a technically advanced computer hacking group were identified and indicted in Atlanta, sending a clear message to cyber-criminals across the globe, said FBI Atlanta Field Office Special Agent-in-Charge Greg Jones. "Justice will not stop at international borders, but continue with the on-going cooperation between the FBI and other agencies such as the Estonian Central Criminal Police and the Netherlands Police Agency."



This case is being prosecuted by Assistant U.S. Attorneys Lawrence R. Sommerfeld and Gerald Sachs of the U.S. Attorneys Office for the Northern District of Georgia and by Senior Counsel Kimberly Kiefer Peretti of the Criminal Division’s Computer Crime and Intellectual Property Section. Treaty assistance was provided by the Criminal Division’s Office of International Affairs counsels Betsy Burke, Blair Berman, Roman Chaban, Judith Friedman, Deborah Gaynus, Linda McKinney and Mary McLaren.



This case is being investigated by the FBI. Assistance was provided by international law enforcement partners. The U.S. Secret Service also participated in the investigation. RBS World Pay immediately reported the crime and has assisted in the investigation.



Here is the original post regarding the RBS WorldPay Breach:

Mother of All Hacks Coming?

December 24th, 2008 - PIN Payments Blog



There is a disturbing development brewing in the payments world.   It's bad enough when a retailer's computer  security is breached but now we've got us a completely different ballgame.  When hackers penetrate the computer systems of major acquirers and processors, well to use a famous quote, "We've got a problem Houston." 



This could turn out to be a "Royal pain in the ***" for Visa and Mastercard themselves because acquirers like Royal Bank of Scotland link directly into their networks. 



On the surface, this appears to be "one small step for hackers but it's "one giant step" for hack-kind."  

 

According to reports I've read this morning,  according to Gartner Research analyst Avivah Litan, this could be the beginnings of the mother of all hack attacks...



“It’s very bad news,” says distinguished analyst Avivah Litan. Unlike retailers’ computer systems, processors’ systems connect directly to the networks of Visa Inc. and MasterCard Inc. “An attacker that breaks into a processor conceivably can get into the heart of the system,” and attacks on acquirers and processors are increasing."








Reblog this post [with Zemanta]

State Bank of Bussey Selects Precision Bank Platform from Fiserv



Scalability of account processing platform key to expanding bank's decision



Brookfield, Wis., November 11, 2009 - Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, today announced that State Bank of Bussey, a full-service community bank based in Bussey, Iowa, has selected the Precision(TM) bank platform to provide an enterprise-wide technology solution. Founded in 1931, the $52-million asset bank has doubled in size in the past three years while serving south central Iowa.



State Bank of Bussey, which is now processing in-house on Precision, also selected a variety of value-added Fiserv solutions, including COLD Storage, Accounts Payable and Letter Writer for Precision, to streamline the bank's operations and enhance customer service. This multi-product implementation leverages Fiserv's core competencies in processing services and customer and channel management.



"We chose Fiserv because they are experts in the banking market," said Tony Latcham, chief executive officer, State Bank of Bussey. "Because we're a small bank, we need a well-respected, dependable partner that can help us with compliance, technology and support, so we're not carrying everything on our shoulders and can focus on serving our customers." 



In 2006, the bank added a new branch in neighboring Oskaloosa, Iowa, which enabled State Bank of Bussey to expand its footprint while moving closer to the agricultural base it targets. "Because of our rapid expansion over the past three years, it's important for us to have a solution that can grow with us and meet any future technology needs. Precision from Fiserv has the capabilities to serve us now and into the future, as well as a team of experts who can help us stay ahead of regulatory requirements," said Dawn Playle, accounting/operations specialist for State Bank of Bussey.



The tight integration and usability provided by Fiserv solutions is proving invaluable to State Bank of Bussey. "When a customer comes in, we want the staff to feel confident using the system that accesses information," said Latcham. "It's nice to have a system that's not only accurate, but also easy to work with." The Precision Bank Platform is designed to automate tasks, reduce staff touch-points and enhance efficiencies. The ability to customize the solution at individual workstations enables bank staff to have faster access to key data, and thus provide more timely and higher quality customer service.



"State Bank of Bussey's accelerated growth in the past few years is impressive, especially since it is solely the result of local loans and deposits," said Mark Blankespoor, general manager for the Precision bank platform. "The bank is thriving because its team is made up of retail and agricultural banking experts, and remains dedicated to the people of south central Iowa. At Fiserv, our mission is to help banks of every size thrive and succeed. We're looking forward to a long partnership with State Bank of Bussey."



About State Bank of Bussey

State Bank of Bussey was founded in 1931, and has operated under the same charter since that time. With locations in Oskaloosa, Lovilia and Bussey, the FDIC-insured bank extends a full range of products and services to its customers in south central Iowa. Positioned in a strong agricultural region, State Bank of Bussey offers expertise in agricultural and commercial lending, offering a wide variety of services from operating credit to real estate loans. For more information, visit www.sbbussey.com.

Reblog this post [with Zemanta]

Disqus for ePayment News