Wednesday, December 23, 2009

Hackers Target Online Banking - Video CBS

Rise in Cyber Crime





HomeATM Provides the only PCI 2.x PED Solution available. Genuine Two Factor Authentication for online banking sessions. (we replicate ATM Access) We also add a real-time "any bankcard to any bankcard" P2P Instant Transfer. Oh, and a transactional revenue sharing model which provides a return on investment for our PIN Entry Device. All done with Instantaneous Triple DES/DUKPT End to End Encryption.





Watch CBS News Videos Online



CBS Reports: If you bank online, be warned that hackers are getting better at stealing money from personal accounts. Last year, Americans filed more than 275,000 complaints about cyber crime. Bob Orr reports.













Online Banking Customers Are Prime Targets of Cyber Criminals



In a headline that will define 2010, CBS lets us know the intent of hackers. Cash Money. Mark my words. In 2010 Financial Institution's will learn that the browser space is untenable.  .



Banks can spend millions on security on "their" IT, but hackers don't need to go after the bank. They can go after the online banking customers.



Malware grew exponentially in 2009. Phishing has become more sophisticated. If phishing is words, and malware is music, then fraudsters will "rock" our world in 2010. (Unless we start conducting transactions "outside the browser space.")



HomeATM has the the symphony for the devil. Please allow me to introduce ourselves, ...we do it "outside the box."   It's that "TYPE" of thinking that can solve the problem.  Until then, they are stuck on band-aids and the band-aids are stuck on you....



Hackers Target Financial Institutions


Online Banking Customers Are Prime Targets of Cyber Criminals






Massachusetts's Highest Court Delivers Retailers a Data Breach Liability Gift



Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift

...Massachusetts’s highest court (the Supreme Judicial Court or “Supreme Court” as referenced herein) delivered retailers a significant holiday gift in the form of an opinion slamming the door on some financial institutions seeking to recover reissuance costs arising out a retailer’s payment card data breach.



The Cumis Insurance Society, Inc. v. B.J. Wholesale Club, Inc. decision (“Supreme Court Decision”) analyzed and ruled upon most of the mainstream legal theories issuing banks have used to attempt to recover card reissuance costs, including breach of contract under a third party beneficiary theory, fraud, negligence, negligent misrepresentation and breach of unfair/deceptive practices laws (in this case M.G.L. Chapter . 93A, section 11). We have previously commented on multiple  decisions involving retailer payment card breaches similar to the BJ Wholesale breach and PCI liability in general, including a 3rd Circuit federal appellate decision that allowed issuing banks to proceed forward with a third party beneficiary breach of contract theory.



This blog post dives into and analyzes the Supreme Court Decision, and looks at it in context against similar decisions. Overall, in terms of issuing banks recovering for payment card breaches, the game does not appear to be litigation in the courts, but rather in the backroom contracts and recovery processes contained in the card brand operating regulations that most retailers agree to comply with.





Continue Reading




Editor's Note:  For those of you who are interested, I've provided a primer on the case below:



Case Background:






Background. We recite the undisputed facts in the summary judgment record, reserving some facts for later discussion. Visa and MasterCard are membership organizations in which issuing and acquiring banks join in order to participate in point of sale transactions using the Visa and MasterCard brands. Issuing banks such as the plaintiff credit unions issue the physical plastic credit cards to cardholders, determine the amount of the authorized credit line available to each cardholder, and approve or decline each transaction when the cardholder presents the credit card to make a purchase.



When a cardholder presents a credit card to a merchant, the merchant transmits the information encoded on the back of the credit card to the acquiring bank. The acquiring bank, in turn, transmits the information to Visa or MasterCard, which submits the request to the appropriate issuer. The issuer then relays its decision to approve or decline the transaction back through the same channels to the merchant. After the transaction is approved, the acquiring bank acquires the merchant's Visa or MasterCard receipt, pays the merchant for the amount of the transaction, and seeks payment from the issuing bank; the issuing bank pays the acquiring bank and debits the cardholder's account. Approximately 16,000 issuers are members of the Visa organization and approximately 20,000 issuers are members of MasterCard. At least 20 million merchants participate in the Visa and MasterCard payment processing systems, but none are members and none contract directly with Visa or MasterCard.



Visa and MasterCard each issue extensive operating regulations that govern the payment processing system and their members' obligations. Every financial institution that becomes a member of the Visa and MasterCard organizations must sign a contract that includes a provision that it will comply with these regulations; acquirers are also contractually obligated to ensure that their merchants comply. Both Visa and MasterCard regulations prohibit merchants and acquirers from storing magnetic stripe data from the back of credit cards, in whole or in part, after a transaction is completed.



In February, 2004, Visa and MasterCard determined that computer thieves had gained access to the computer systems on which BJ's stored credit card transaction data at more than 150 stores, and that the breach had been ongoing since July, 2003. The breach provided the thieves access to the full magnetic stripe data from approximately 9.2 million cardholder accounts, allowing them access to cardholder names, account numbers, account expiration dates, and proprietary Visa and MasterCard security data. It was ultimately determined that the third-party transaction processing software used by BJ's was permanently storing the magnetic stripe data in transaction logs. The agreements between BJ's and Fifth Third contained a requirement that BJ's comply with Visa and MasterCard's regulations, including those prohibiting BJ's from storing any magnetic stripe data after a transaction was completed; the agreements among Fifth Third and Visa and MasterCard required Fifth Third to ensure that its merchants complied with the regulations. BJ's conceded that it was retaining the magnetic stripe data.



Visa and MasterCard notified all their member issuing banks that had issued any of the possibly compromised accounts. In response to this notification, the plaintiff credit unions closed all their potentially compromised accounts, without regard to whether fraudulent charges had been made on a particular account; advised cardholders to destroy their old plastic credit cards; and issued new account numbers and new plastic credit cards to all affected cardholders. Cumis paid the plaintiff credit unions millions of dollars for fraudulent transactions made using the compromised accounts; the plaintiff credit unions and Cumis then commenced this action.





[1] In order to resolve potential customer disputes, merchants are permitted to store the customer's name, credit card number, and the card's expiration date.



[2] In addition, MasterCard reimbursed issuers, including the plaintiff credit unions, $2.4 million for fraudulent transactions.











Disney, Chase Launch Disney RewardsSM Visa® Debit Card

Offering Chase Checking Account Customers a way to enjoy Disney Perks and Rewards





NEW YORK--(BUSINESS WIRE)--Disney and Chase today announced a new offering in the Chase family of Disney Rewards Visa Cards, the Disney Rewardssm Visa Debit Card. The new card gives Chase checking account customers access to valuable Disney perks and rewards through the control and accountability of a debit card.



The Disney Rewards Debit Card introduces a whole new world of Disney benefits to debit cardholders.”



“This is an excellent new choice for Chase customers who prefer to make purchases with debit cards because of the immediacy and financial control it provides,” said Charlie Scharf, chief executive officer of Retail Financial Services for Chase. “The Disney Rewards Debit Card introduces a whole new world of Disney benefits to debit cardholders.”



With the Disney Rewards Debit Card, benefits start immediately: Cardmember save on Disney merchandise when they use the card and also enjoy Theme Park perks, including:

  • A Character Meet ‘N’ Greet Photo Opportunity at Walt Disney World® and the Disneyland® Resorts that includes a complimentary 5x7 photo

  • 10% off select merchandise purchases of $50 or more at Disney Store locations and DisneyStore.com, and at select locations at Walt Disney World® and the Disneyland® Resorts

In addition, Cardmembers earn points on qualifying debit card purchases* that they can redeem for Disney Theme Park passes, hotel stays, meals, movies, toys, music, books and much more. Chase customers also choose from four exclusive Disney character design cards: two Mickey Mouse versions, a puppy from “101 Dalmatians,” and a group of several beloved Disney characters.



“If you love Disney, this is the debit card for you. It helps you get more of the Disney you love – and makes your Disney experiences even better – from a personal photo opportunity with characters at our Theme Parks to extra savings while shopping at the Disney Store or at our Theme Parks,” says Jenny Cohen, Senior Vice President of Customer Relationship Management at The Walt Disney Company.



Disney Rewards Debit Card has an annual fee of $25. In their first year, Cardmembers get this value back in the form of 25 bonus Disney Dream Reward DollarsSM after making five qualifying debit card purchases.*



* Qualifying purchases include card purchases made without using a PIN. One Disney Dream Reward Dollar is equal to $1 when redeeming for Disney goods and offerings.



About The Walt Disney Company



The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with five business segments; media networks, parks and resorts, studio entertainment, interactive media and consumer products. Disney is a Dow 30 company, with revenues of over $36 billion in its most recent fiscal year.



About Chase



Chase is the U.S. consumer and commercial banking brand of JPMorgan Chase & Co. (NYSE: JPM), which operates more than 5,100 branches and 14,000 ATMs nationally under the Chase and WaMu brands. Chase has 151 million credit cards issued and serves consumers and small businesses through bank branches, ATMs and mortgage offices as well as through relationships with auto dealerships and schools and universities. It also serves 26,000 commercial banking clients, including corporations, municipalities, financial institutions and not-for-profit entities.

Payments Council: Where we Live Shapes How we Pay



The UK Payments Administration has put together an interactive digital map of the United Kingdom.  Their press release follows:  To take a look at the different regions and how they compare (or differ) click here.







Latest study shows that where we live shapes how we pay

23 Dec 2009



The Payments Council has created an online, interactive map to demonstrate the varied payment attitudes, preferences and behaviours that can be seen in the different regions across the UK



Payments Council research reveals:

  • Plastic cards: If you live in the South East you are most likely to have a plastic card (97%), whereas if you live in the West Midlands you are least likely to have one (86%).

  • Phone or internet banking: If you live in the South East you are most likely to use phone or internet banking (59 per cent), whilst if you are in the North East you are least likely to (46%).

  • Cash: Adults in East Anglia make the lowest number of cash machine withdrawals (51 per person annually).

  • Cheque usage:  Fewer Scots write cheques* than in any other region (20% compared to the average for Britain of 31%), whilst Londoners depend on cheques the most (39%). The national average of people using cheques regularly fell by 6% between 2008 and 2009.

Taking a broad North-South** view, more Southerners hold plastic cards (95%) compared to their northern neighbours (91%); when it comes to cash withdrawals there isn’t a significant North South divide - Northerners and Southerners tend to make a similar number of cash withdrawals, both in terms of volume (59 and 58 respectively) and value (£3,855 and £3,920 respectively). There are however, more cheque users in the South as 35% of adults regularly use cheques for spontaneous payments, compared to 27% in the North.



Sandra Quinn, director of communications, says:



"This research, on the whole, confirms long standing trends; increasing reliance on debit cards and phone or internet banking and a noticeable decline in use of cheques. That said, while there are clear nationwide trends there are also parts of the country which stand out in comparison to the national statistics, for example the proportion of adults in the North East using internet or phone banking, which at 46 per cent is 7 per cent below the national average.



“Payment Regions brings together these regional variations and offers a fascinating insight into how our payment habits compare with those of our neighbours. It also demonstrates how as a nation our payment habits have evolved to take advantage of new technology and to meet the needs of our ever more demanding lifestyles."



To access the digital map, please click here.

The 9 Coolest Hacks Of 2009



If you don't follow Dark Reading... and have a passing interest on how financial transactions conducted via a browser are subject to myriad threats from cybercriminals...you should 



Whether they are reporting on that next "next gen" banking trojan or writing about that critical flaw in SSL encryption, used by top banks use to secure their online banking sessions, they are on top of their game.



Today they came out with their Coolest Hacks of 2009.  Here's their introduction and the list, which links back to the Dark Reading site where you can sign up for their newsletter, should you be so inclined.



DarkReading  |  By Kelly Jackson Higgins



Hackers are always probing for ways to crack new technology, even elements so personal you would never imagine they could be hacked -- like, well, your face. Extreme hacks that hit close to home and we can see in the mirror remind us of just how much technology has infiltrated the everyday, and how fragile it ultimately can be at the hands of the bad guys.



This year saw some creative and unusual hacks that gamed biometric facial identities, weaponized iPod Touches, dug up actual missile defense data on a second-hand hard drive, replaced application updates with malware in midstream, and even found a way to silence a teenager's frenzy of text messaging. And don't get us started on a phony Bill Gates "LinkedIN" e-vite that landed in multiple corporate emailboxes unscathed.



These are among the hacks we have selected as nine of the coolest hacks covered here at
Dark Reading in 2009 -- sometimes off-the-wall and in-your-face (pun intended) vulnerabilities that were exposed and exploited by creative and imaginative researchers who are all about staying one step ahead of the bad guys, and maybe having a little fun along the way.

So kick back, relax (if you can), and take a look back at the more offbeat yet profound hacks of the year.





SafeNet to Acquire Assured Decisions, LLC

 SafeNet, Inc.Acquisition to Strengthen SafeNet’s Cyber Security Strategy with new technology and professional consulting services





BALTIMORE--(BUSINESS WIRE)--SafeNet, Inc., a global leader in information security, today announced that it has completed the acquisition of Assured Decisions, LLC, a leading provider of professional consulting services to the government’s cyber security community. Assured Decisions will become part of SafeNet’s Cyber Security group.



“The unique expertise brought to SafeNet by Assured Decisions enables us to expand our solutions that protect the data within the U.S. Government’s cyber space,” said Chris Fedde, SafeNet’s president and chief operating officer. “Assured Decision’s expertise will be leveraged throughout SafeNet’s customer base; in addition their product line complements SafeNet’s solutions for government and commercial customers already purchasing data protection products like Authentication, Hardware Security Modules (HSM), File and Database Encryption, and High Speed Encryptors. Combined these products provide data centric solutions within the enterprise, after it leaves the enterprise and as it is distributed.”



Assured Decisions has been a leader in providing professional consulting services including engineering secure solutions that protect electronic information systems and facilitate secure information sharing since 2001. The company’s MDeX solution is used by organizations with high assurance information transfer requirements to quickly and securely exchange information between departments, agencies and allies thereby protecting national security.



“We are pleased to be joining SafeNet, an industry leader in information security,” said Edward Sheehan, Managing Member and President, Assured Decisions. “Organizations continue to invest in information flow control, data sharing and ubiquitous data protection. SafeNet’s plans to expand our MDeX solution through other parts of the government community and global industries that need to share and route information in an assured and controlled manner is another step in protecting overall national security.”



About SafeNet, Inc.



SafeNet is a global leader in information security, founded more than 25 years ago. The Company protects identities, transactions, communications, data and software licensing through a full spectrum of encryption technologies, including hardware, software, and chips. More than 25,000 corporate and government customers in 100 countries including UBS, Nokia, Fujitsu, Hitachi, Bank of America, Adobe, Cisco, Microsoft, Samsung, Texas Instruments, the U.S. Departments of Defense and Homeland Security, the U.S. Internal Revenue Service, trust their security needs to SafeNet. In 2007, SafeNet was acquired by Vector Capital, a $2 billion private equity firm specializing in the technology sector. For more information, visit www.safenet-inc.com.



Editor's Note: SafeNet is a registered trademark of SafeNet, Inc. All other trademarks are the property of their respective owners.

Twitter Vet Jack Dorsey on Why Square is What's Next in Payments



PYMNTS.com published an interview with Jack Dorsey regarding his "Square" this morning.



When buzz began bubbling up around Square about a month ago, the industry took notice. Many charged that was due mainly in part because the driving force behind Square was the co-founder of Twitter, Jack Dorsey. Many industry insiders, like MagTek CEO Mimi Hart, raised security concerns around where the consumer's data was encrypted.



PYMNTS.com asked "Paying with Plastic" author and industry expert David S. Evans to speak with Dorsey about why Square is "what's next" in payments.



Continue Reading at PYMNTS.com







Press Release: Mom is a Merchant?



PYMNTS.com Exclusive Interview with Twitter Vet Jack Dorsey on Square



BOSTON--(BUSINESS WIRE)--PYMNTS.com just published an interview with Twitter Co-Founder, Jack Dorsey on his recent launch of Square. Dorsey highlighted that the device is just a small component of what Square is about. He and his “Square-mates” want to redesign the payments experience and innovate the process of establishing merchant accounts.



The full interview can be found here, http://www.pymnts.com/twitter-vet-jack-dorsey-on-why-square-is-what-s-next-in-payments/.



PYMNTS.com is a joint venture between Business Wire, a Berkshire Hathaway Company, and Market Platform Dynamics. It provides a platform for industry professionals to share content related to their latest company and product developments, to tap into the collective commentary and analysis from experts, bloggers and industry pundits, and to interact with industry thought leaders on topics of critical importance to the future of the sector.



For information on PYMNTS.com contact info@PYMNTS.com. You can also follow PYMNTS.com on Twitter at http://twitter.com/PYMNTS and join the PYMNTS Linked In group.



About Market Platform Dynamics (MPD):



MPD is a management consulting firm that ignites catalyst businesses by leveraging new technologies, business models and pricing strategies. MPD has a wealth of experience within industries that are characterized by complex platform-centered ecosystems, including payments, mobile/telecoms, digital and advertising-supported media, and software-based businesses.



MPD works with both incumbents and new entrants, offering a unique lens into the dynamics that shape the competitive playing field. In addition to traditional consulting-based services, MPD’s Catalyst Ventures provides intellectual and human capital to new firms. MPD’s experts include economists, econometricians, product development specialists, and strategic marketers who apply cutting-edge business theory and statistical methods to the practical problems of building and growing a profitable catalyst business. MPD is headquartered in Cambridge, MA, and has offices in London and Hong Kong.



For more information visit www.marketplatforms.com.



About Business Wire



Business Wire, a Berkshire Hathaway company, is utilized by tens of thousands of member companies and organizations worldwide to functionally enhance and communicate investor relations and public relations content to target audiences. As a recognized disclosure service in the United States, Canada and a dozen European countries, Business Wire facilitates the simultaneous flow of market-moving press releases from corporations to financial markets and their audiences, including regulatory authorities, media, investors, financial information systems and consumer news services. Business Wire also handles XBRL tagging, document formatting and regulatory filing into EDGAR, SEDAR, FSA and other systems.



Founded in 1961, Business Wire has dual headquarters in San Francisco and New York, with 30 bureaus in cities including Los Angeles, Chicago, Boston, Miami, Paris, Frankfurt, London, Brussels, Tokyo, Toronto and Sydney and reciprocal offices throughout the world. Business Wire's patented NX data platform supports XML, XHTML and XBRL code that enhances news release interactivity, social media sharing and search engine optimization. More information about Business Wire and its services is located on its website at www.BusinessWire.com.

Online Banking: Product Development Roadmap 2010









A New Report From Aite Group
Online banking executives are optimistic about their budgets for 2010, with half of those surveyed anticipating significant budget increases.

Boston, MA, – A new report from Aite Group, LLC assesses financial institutions' development priorities for the online channel in 2010. The report, which is based on Aite Group interviews with senior online channel executives from 20 of the 100 largest U.S. banks, reveals that executives are optimistic about their budgets for 2010. Among the banks surveyed, half anticipate budget increases more than 15% higher than 2009 budgets.

The year ahead looks to be a good one for investment into and strategic focus on banks' online channels. Driving this renewed focus is a stronger commitment from senior management, according to interviewees. Banks will pursue different online strategies. Some will pinpoint online sales and marketing, while others will focus on online service or improving the customer experience. One theme cuts across all the strategies: channel integration. Many online channel executives stressed the need to improve their bank's ability to integrate sales, service and the customer experience across channels.



"Despite the attention that the online channel has received and its promise to revolutionize traditional banking, many banks have never truly embraced it as a primary channel for customer interactions and transactions," says Ron Shevlin, senior analyst with Aite Group and author of this report. "The tide is finally turning. The combination of two forces - banks waking up to the reality of consumer behavior, and the ascent of a younger group of managers with a more accepting view of technology - is finally helping to bring about this change."



This 24-page Impact Report contains 16 figures and one table. Clients of Aite Group's Retail Banking service can download the report by clicking on the icon to the right.



RIM Confirms Blackberry E-Mail Outage



Research In Motion Ltd. said late Tuesday its technicians are working to resolve e-mail messaging delays on its Blackberry smart phones in North and South America.



Phone calling and texting services appeared to be functional, but users in the Americas have been unable to send or receive e-mail messages. Would-be users tweeted their frustration on social networking site Twitter. Some said they also could not connect to the Internet.



Waterloo, Ontario-based Research in Motion Ltd. said in a statement it apologizes for any inconvenience experienced by customers.



It marks the second time in less than a week that BlackBerry users in North America have had to deal with e-mail outages on their Blackberry devices. Research In Motion said last Thursday that technicians had isolated and resolved the issue and were investigating the cause. RIM didn't say how many users were affected or how long that outage lasted.



More Info:



RIM confirms BlackBerry e-mail problems--again

CNET News - Michelle Meyers - ‎39 minutes ago‎



RIM apologizes for any inconvenience experienced by customers," an e-mailed statement read. This, of course, comes on the heels of similar short-lived ...

RIM Confirms (Another) BlackBerry E-Mail Outage PC Magazine

RIM Says Some Blackberry Users Suffering Delays BusinessWeek

BlackBerry Service Hit by Second Outage in a Week PC World

CNN

all 250 news articles »

Disqus for ePayment News