Friday, March 30, 2012

Global Payments Affirms Its at the Center of Massive Visa/MasterCard Data Breach

Global Payments Inc. now confirms it is the source of the huge breach affecting cards carrying the major network brands.

The company issued the following statement late Friday afternoon:

Global Payments Inc. (NYSE: GPN), a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system. In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter.

"It is reassuring that our security processes detected an intrusion. It is crucial to understand that this incident does not involve our merchants or their relationships with their customers," said Chairman and CEO Paul R. Garcia.

Global Payments will hold a conference call Monday, April 2, 2012 at 8:00 AM EDT. Callers may access the conference call via the investor relations page of the Company's Web site at by clicking the "Webcast" button; or callers in North America may dial 1-888-895-3550 and callers outside North America may dial 1-706-758-8809. The pass code is "GPN."

Global Payments Breach May Have Exposed up to 10 Million Cards in Massive Payment Data Breach

As previously reported on ePayment News, Security blogger Brian Krebs broke a story earlier today alerting readers that Visa and MasterCard are alerting banks about a massive data breach (Mr. Krebs reported up to 10 Million cardholder may be compromised) at what was then an unnamed third party U.S. processor.  

First thought that came to mind was Heartland Payment Systems, not because I believed it was them, but they were involved in the last massive security breach.  Since I don't believe that lightning would strike twice, I started thinking whom this 3rd party processor might be.  First Data? Bain Capital's WorldPay? (formerly RBS) Global Payments?  Bingo!

ePayment News has learned that the culprit in this massive security breach is in fact, Atlanta based Global Payments, who have yet to make an official statement from their headquarters.

Mr. Krebs has stated that Global Payments is expected to issue a statement today.

Stay tuned...

Welcome to the High Stakes World of Mobile Payments (Infographic)

The High Stakes World of Mobile Payments [Infographic]

When we created our immensely popular and wildly informative infographic last year explaining just what a mobile payment is, we were gratified that so many people found it useful.
Now we're being asked about all of the companies that seem to be jumping into the mobile payment game. It's a good question. Almost every day a new player enters the market.
And why is that? Because so much is at stake. The expectation is that a large percentage of the $6.2 trillion in credit card transactions is going to migrate to mobile. (And that doesn't even include other transaction types that could be supplanted by mobile payments.)
So we thought we'd try to shed some light on the companies that are entering the market and how they're placing their bets. And what better way to do that than with another infographic. Our shiny, new infographic shows the game, the stakes, the players and their wagers.
We'll be honest: it's hard to keep all the players and their bets straight. So if you see a company we missed, or think we need to move our chips to another bet, let us know in the comments below.
Click on the big poker chips in the infographic to learn more about the companies in each category. Use the embed code below the infographic to publish it on your website or blog.

The high stakes world of mobile payments [Infographic]  Compliments of

Global Payments Identified as Source of Massive Security Breach According to WSJ

Update: Global Payments Inc., GPN -9.06%  has been identified by WSJ as the U.S. Processor hit by a massive security breach...and trading of their shares has been halted according to Reuters...

March 30 (Reuters) - MasterCard Inc and Visa Inc have notified U.S. banks of a potential security breach, the latest in a string of incidents that have put the personal information of millions of credit card holders at risk.

The companies, which are the two largest global credit card processors, said the issue stemmed from a third-party vendor and not their own internal systems.

Following news of the breach, the shares of Atlanta-based Global Payments Inc were halted after dropping more than 9.1 percent.

Several other processing companies, including Heartland Payment Systems Inc, VeriFone Systems Inc and First Data denied responsibility for the potential breach. Card Systems Inc and WorldPay did not immediately respond to inquiries about the matter.  read more

A Nickel for Your Thoughts? Canada Eliminates the Penny...

Canada to eliminate the penny

In Economic Action Plan 2012, the Government of Canada has announced that it will modernize Canada's currency set by eliminating the penny from Canada's coinage system... read more

Another Massive Processor Breach - 10 Million Cards May be Compromised

  1. MasterCard, VISA Warn of Processor Breach

    VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach “massive,” and say it may involve more than 10 million compromised card numbers.
    Reports are surfacing that credit card issuers Visa and MasterCard are warning banks of a massive breach at an undisclosed payments processor.
    According to Brian Krebs, the breach occurred sometime between between Jan. 21, 2012 and Feb. 25, 2012 and may involve somewhere in the neighborhood of 10 million compromised card numbers.
    Krebs reports that Visa issued the following statement in response to his initial coverage of the breaking news story"
    "Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet."
    "Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards."
    "It’s important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa’s zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity. Additional consumer security tips are available at"
    "Every business that handles payment card information is expected to protect the security and privacy of their customers’ financial information by adhering to the highest data protection standards. Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises."

    1. MasterCard and VISA Warning Banks of Massive Processor Breach

      WebProNews - 1 hour ago
      The breach is said to be 'massive' with as many as 10 million card numbers possibly ... and there is no word yet on which card processor was compromised.
      Blog: Visa, MasterCard warn of 'massive' security breach‎ ZDNet (blog)
      Millions Of Mastercard And Visa Cards Reported Compromised In ...‎ Forbes
      Massive security breach leaves cardholders vulnerable‎ CNET
      TIME Hot Hardware
      all 287 news articles »

    2. Visa, MasterCard confirm credit card security breach

      ZDNet (blog) - 16 minutes ago
      ... banks of a major potential breach at a US-based credit card processor(see Visa, MasterCard warn of 'massive' security breach and Analysts on Visa, ...

    3. Visa, MasterCard scramble after massive data breach

      Nanaimo Daily News - 10 minutes ago
      ... were scrambling on Friday to thwart cyber crooks who looted a massivetrove of precious account data, evidently from a payment processor in New York.

    4. MasterCard, Visa Warn Banks Of Breach; Global Payments Hit

      Investor's Business Daily - 12 minutes ago
      ... INVESTOR'S BUSINESS DAILY Posted 12:45 PM ET Credit cardprocessors Visa ... MasterCard (MA) are warning banks of a potentialmassive security breach ...
    5. MasterCard Warns of Possible Data Breach

      MyFox Philadelphia - 2 hours ago
      ... it is investigating a potential breach at a US-based credit cardprocessor... said financial sector sources "are calling the breach'massive' and say ...

    6. MasterCard tells banks of possible security breach - 1 hour ago
      The credit-card processor said the issue involves a company based in the US and is ... a "massivebreach that may affect more than 10 million cardholders.
    7. MasterCard Admits to Massive Theft of User Credit Card Data

      KSEE - 9 minutes ago
      The name of that institution is unknown, but processors have long been a target ... folks in the card business who are seeing signs of this breachmushroom.

Thursday, March 29, 2012

Nielsen Reports that 50% of U.S. Mobile Phone Owners Have Smartphones

Here's a big shift happening right before our eyes: Smartphones now account for 50% of all mobile phones in the United States, Nielsen reports

Don't expect smartphone growth to slow any time soon. In the last three months, 66% of all mobile phones sold were smartphones. 

Webinar Replay: Why NFC Has to be More than Just About Payments

Why NFC Has To Be More Than Just Payments


March 15th: Presented By

John Devlin
Group Director, Security and ID

View Replay

MNOs are in danger of killing the goose that lays the golden egg. Since MNOs have not evolved their business models for NFC, they continue to focus on contactless payments as they struggle to identify the opportunities of NFC. They have not recognized that they are now in danger of either missing out altogether as other payment providers move in and cut them out of the loop or strangling NFC with an outdated business model and preventing payment from reaching the tipping point. A summary of the primary opportunities for additional revenue streams and applications that can be derived from NFC will be included.
This webinar will address the issues that face NFC, identifying why the technology celebrates its 10th birthday this year but has yet to gain serious commercial backing on a global scale. Points of discussion will centre around the complexities of the ecosystem and certification processes, how it can be simplified, and why service providers need to do more to communicate to retailers and consumers about the added benefit that NFC offers each group, as well as the inherent security that is built into contactless payments. Given recent stories around Google Wallet being hacked twice, technology and service providers need to be fully aware of the implication of any perceived lack of security and the harm that this could do to user uptake.

65% of of Telecom Execs Surveyed Say "Real Potential" of NFC Lies Outside Payments

Travel, Ticketing, Telematics (Automotive) Advertising, Location Based Offers and Marketing come up big...

NFC is the 3rd Interface: First we talked, then we typed, now we will tap...

The latest survey from BillingViews ( finds that 65 percent of respondents believe that applications other than mobile payments will catalyze mass use of near field communications (NFC) technology. The survey panel consists of 20 executives from major telecom operators in every global region who are responsible for billing, payments, customer care, and IT strategy. Full details of the survey responses are available at
While NFC has been hyped as an enabling technology for mobile payments, the convenience factors surmised to drive it are not overwhelming. As a result, payment is not what is most likely to drive mass uptake of NFC technology. Rather, it is the transmission of common, personal data at the heart of billions of online and day-to-day transactions that is a more likely catalyst. With NFC, transmission is conducted through a simple “tap,” an action which is being dubbed “the Third Interface.”
"We all suffer from fatigue regarding processes, like online ordering, that require us to enter repeatedly the same basic information about ourselves, our payment methods, our delivery addresses, and so forth,” says Alex Leslie, Publisher of BillingViews. With NFC, Leslie explains, we can simply tap to transmit that information in an unlimited number of scenarios. “Once people become accustomed to the convenience of tapping to transmit basic personal data, it is more likely they will turn to NFC to facilitate mobile payment transactions as well.”
The concept of tapping as the “Third Interface” emerged at February’s Mobile World Congress™ event in Barcelona. “I was chatting with VP of Business Development for Inside Secure, Andre Ponton, who suggested that the world should look at NFC as the ‘third interface’ because ‘first we typed, then we talked, and now we will tap,’” explains Leslie. This point of view provided the impetus for BillingViews’ survey.
While the potential for NFC is massive, the dangers are as well. More connected machines result in a greater potential for breaches. NFC provides no records, and therefore no audit trail. The signaling technology is not new and is already compromised. Security relating to NFC transactions remains a critical concern as Third Interface applications that leverage this technology begin to emerge.
About BillingViews
BillingViews is the global home for billing, payment, and customer experience information in the communications and media industries. Its goal is to facilitate dialogue between executive level business and IT decision makers and the greater communications and media IT marketplace through focused, data-driven research and publications. BillingViews content is available free at

HID Global and NXP Enable Mobile Access for NFC Phones

NXP and HID Global Enable Mobile Access for NFC Phones

Leaders Offer Mobile Physical Access Systems for the Enterprise

EINDHOVEN, Netherlands & IRVINE, Calif.--()--NXP Semiconductors N.V. (NASDAQ: NXPI) and HID Global, both trusted leaders in solutions for the delivery of secure identity, today announced their collaboration to introduce a global, generic Mobile Access solution for NFC-enabled mobile phones. NFC enables the secure and convenient sharing of information from one device to another over short distances based upon existing contactless standards, making it ideal for deploying easy-to use mobile access control applications.
HID Global and NXP helped create the current market for card-based physical access systems and are now jointly moving these solutions to mobile phones as NFC becomes a standard feature.
The contactless cards that employees use to enter corporate buildings and parking garages can now be transferred to an NFC-enabled phone storing digital access credentials. 
The credentials are stored on NXP’s embedded Secure Element within the handset and are presented by the mobile phone in a manner that is compatible with access control readers and systems. As the use of NFC smart phones for access control becomes increasingly more popular, consumers and enterprises can expect the same high level of security with improved convenience on a mobile device.
The jointly developed solution also leverages NXP and HID Global advanced reader technologies within a physical access control infrastructure. The solution supports existing HID Global readers and those based on the company’s iCLASS SIO-Enabled (iCLASS SE®) platform that fuels the migration of physical access control technology beyond traditional cards and readers by enabling deployment of mobile access with digital credentials. HID’s iCLASS SE readers will be powered by NXP’s new CLRC663 reader ICs and fully support 13.56 MHz smart cards that are ISO14443 compliant, including MIFARE DESFIRE EV1.
To ensure maximum compatibility, the new Mobile Access management solution from NXP and HID Global is backward-compatible with newer HID Global iCLASS® readers, and is forward-compatible to HID Global’s Trusted Identity Platform® (TIP™) ecosystem. Existing HID customers can upgrade certain iCLASS implementations to support the use of NFC-enabled mobile phones without the need to physically replace the installed readers. NXP’s technology supports the management of multiple applications such as payment, e-government, access management and ticketing, all via one microcontroller that assures secure and convenient recognition without compromising security, performance and design productivity.
Dr. Selva Selvaratnam, senior vice president and chief technology officer with HID Global, said, “NXP is playing a vital role in the adoption of NFC technology among handset manufacturers and developer communities. By working together, this application can be deployed immediately on a significant number of mobile phones. We are excited to team up and combine our leadership positions in the access management market to offer the industry new leading-edge solutions.”
Henri Ardevol, vice president and general manager, secure transactions with NXP Semiconductors, said, “We are very pleased to co-operate with HID Global on the development of this new solution. As leading enterprises continue to invest in mobile technology and security infrastructure, our collaboration brings real value and convenience around the world. In addition, combining HID Global’s iCLASS SE readers with our MIFARE DESFire and NFC technology ensures greater interoperability in access management and accelerates adoption of NFC applications within the enterprise space.”
Technical Details
NXP and HID Global have based their Mobile Access solution on NXP’s PN65 family of NFC ICs for low power, high-performance communication and tamper-resistant secure data storage. The PN65 features NXP’s market leading, high performance NFC radio controller PN544 and an embedded Secure Element (eSE). The eSE incorporates NXP’s advanced SmartMX technology used to safeguard hundreds of millions of bank cards; electronic passports and eID cards; transportation tickets; and other card and credentials around the world. The NXP ICs will support HID Global’s Secure Identity Object (SIO™) technology for portable credential provisioning, storage and lifecycle management, and HID’s Trusted Identity Platform (TIP) for endpoint management and security. HID’s SIOs introduce a new standards-based, technology-independent and flexible identity data structure that enables smart card technologies to be deployed for use on a wide range of portable platforms including NFC phones. The SIO data structure provides new levels of security, portability and performance, and makes it possible for facility and security managers to remotely manage credential provisioning on designated mobile devices. It also enables them to dynamically increase security levels and address future changes in requirements via simple firmware updates.
About HID Global
HID Global is the trusted source for secure identity solutions for millions of customers around the world. Recognized for robust quality, innovative designs and industry leadership, HID Global is the supplier of choice for OEMs, system integrators, and application developers serving a variety of markets. These markets include physical and logical access control, including strong authentication and credential management; card printing and personalization; highly secure government ID; and identification technologies used in animal ID and industry and logistics applications. The company's primary brands include HID®, ActivIdentity™, FARGO®, and LaserCard®. Headquartered in Irvine, California, HID Global has over 2,100 employees worldwide and operates international offices that support more than 100 countries. HID Global is an ASSA ABLOY Group brand. For more information, visit
About NXP Semiconductors
NXP Semiconductors N.V. (NASDAQ: NXPI) provides High Performance Mixed Signal and Standard Product solutions that leverage its leading RF, Analog, Power Management, Interface, Security and Digital Processing expertise. These innovations are used in a wide range of automotive, identification, wireless infrastructure, lighting, industrial, mobile, consumer and computing applications. A global semiconductor company with operations in more than 25 countries, NXP posted revenue of $4.2 billion in 2011. Additional information can be found by visiting

KDDI Selects Gemalto for Japan's First Mobile NFC Launch

CARTES in Asia 2012
HONG KONG--()--CARTES in Asia - Gemalto (Euronext NL0000400653), the world leader in digital security, announces being selected by KDDI for Japan’s first commercial launch of mobile NFC services. KDDI serves over 34 million subscribers in Japan. Successfully launched in January, Gemalto provides a one-stop service to KDDI, encompassing its Allynis Trusted Service Manager (TSM) software and UpTeq NFC high-end security device.
“As Japan is where mobile proximity started many years ago, with consumers already actively using mobile contactless services, we anticipate quick user adoption of this new service.”
The launch is a part of the recently announced Japan Mobile NFC Consortium that brings together the country’s three largest operators to coordinate the adoption of multiple international standards for NFC. Subscribers are able to experience various types of contactless services ranging from mobile payments, transportation services, e-driver’s licenses, e-ticketing as well as information acquisition from smart posters. The launch sees participation from a wide-range of leading industries including car manufacturers, airlines and cinema operators. The launch in Japan will also allow end users to use NFC services both domestically and outside of Japan.
KDDI’s early migration to Gemalto’s Upteq NFC high-end security SIM-format device provides a solid protection for the operator’s investments in NFC with lower risks and higher returns. KDDI began last year to insert UpTeq NFC in handsets in place of the standard SIM/UICC so they are ready now to mass deploy NFC services. This further permits the operator to progressively incorporate new partners without the need to extensively pre-qualify each and every service and application or anticipate all the subscriber configurations ahead of time. Service providers and KDDI are able to easily deploy and manage new services and install additional applications with full flexibility, after card issuance to end users. KDDI’s mobile NFC program will be based on international standards compliant with GSMA’s Pay-Buy-Mobile specifications, allowing for faster market rollout and ensuring a high level of security for transactions.
With more than 45 NFC projects globally, Gemalto has unrivalled experience in managing the complexity of building a mobile contactless ecosystem,” said Kenichi Bandou, Senior Manager, KDDI. “As Japan is where mobile proximity started many years ago, with consumers already actively using mobile contactless services, we anticipate quick user adoption of this new service.”
KDDI’s decision to proceed with commercialization was based on their subscribers’ positive feedback that the pilot program brought much convenience and added value to their daily lives,” added Tan Teck-Lee, President Asia, Gemalto. “Built from our extensive engagements across key digital security markets worldwide, Gemalto’s end-to-end NFC solution will enable further massive deployment of mobile contactless services across Japan. It is also the first step towards NFC roaming capability, which will enable mobile users to make purchases in globally compatible contactless point of sales wherever they are when they travel abroad.”

EMV Chip in the US – an Informal Survey

A smartcard graphic, without banklogos or simi...
A smartcard graphic, without banklogos or similar copyright/trademark concerns. Card holder's name and card numbers are made up. The 3 by 5 mm security chip embedded in the card is shown enlarged in the inset. Chip inset taken from Janke's "Smartcard.JPG" (Also GFDL). (Photo credit: Wikipedia)

LONDON--()--It’s been a long time coming, but there are indications that the US is finally going to adopt EMV chip. This technology has already been embraced by the rest of the world as a way to make card payments more secure. Recently, Visa, MasterCard, and Discover have announced measures to encourage EMV migration in the States, several banks have started issuing chip cards (albeit only to frequent travelers) and some merchants are upgrading to EMV-compliant POS terminals. But many questions still remain.
Over the past few months, Auriemma Consulting Group and Savantor undertook a “listening tour” to answer some of those questions. The firms interviewed senior officers at a handful of banks, retailers and other payments organizations to get a feel for what they are thinking and how they see the EMV chip story panning out in the US. Some interesting and important themes emerged, including:
  • Everyone believes migration to EMV chip in the US is now inevitable, but few expect it to happen before the newly mandated headlines.
  • Many do not regard EMV chip as a high-priority, long-term strategic issue.
  • Chip with signature verification is expected to be deployed, rather than Chip + Pin.
  • Mobile NFC and other emerging payments models increase uncertainty.
  • Large retailers are the main drivers of EMV migration, with many other stakeholders adopting a “wait and see” attitude.
  • There is a lack of central coordination and leadership.
Jointly, Savantor and ACG have released a white paper detailing the findings of their research. For a free copy, please contact either firm at the phone number or email addresses below.
About Auriemma Consulting Group
Auriemma Consulting Group (ACG) is a full-service management consulting firm serving the payments and lending industries since 1984. With offices in New York and London, ACG consultants are experienced practitioners, drawn from the credit card, private label, auto finance, mortgage, and retail banking industries that we serve.
About Savantor
Founded in the UK in 1997 and headquartered in London, Savantor offers a wide range of experienced, practitioner advice to financial institutions on the subject of business and operational change, with a particular focus on card payments.

Disqus for ePayment News