VeriFone Secure Retail Payments

Payment Security Web Portal Brought to You by VeriFone

News

These are the most recent news articles we have collected. For our archived news collection, please click here.

July 2010

Suspect sought in Lethbridge debit card skimming scam– www.calgaryherald.com – 7/23/10 – “Police in Lethbridge are seeking a suspect in a skimming scam that used stolen debit card data from fast-food outlets in the city.”
WPA2 Broken Again And, This Time, No Patch– storefrontbacktalk.com – 7/21/10 – “Wireless security is broken—again. And this time, it’s WPA2, the WiFi security protocol that meets PCI-DSS requirements.”
Police foil debit card swiping scheme– www.thestarphoenix.com – 7/21/10 – “People who have magnetic stripe debit cards might consider switching to chip technology after 600 of the older cards were comprised during the weekend.”
Bail denied in debit card skimming case– www.country95.fm – 7/21/10 – “Bail was denied Wednesday morning for 23-year old Abdel Madjid Benzabe-Meloua. Regional Police arrested a suspect July 9th in our city, after a tip from ATB officials. The individual had numerous "cloned" debit cards and $1,200 cash.”
President Enacts Swipe Fee Reforms – www.nacsonline.com – 7/21/10 – “With the stroke of a pen, debit card swipe fee relief became a reality today as President Obama signed into law a comprehensive financial services reform bill.”
Massachusetts Facility Reports Data Breach of 800,000 Records– www.ihealthbeat.org – 7/20/10 – “On Monday, officials at South Shore Hospital in Massachusetts announced that the personal information of about 800,000 individuals could be missing after an off-site contractor responsible for destroying the computer files did not receive all of them, the Boston Globe reports.”
Fraud/Debit Skimming Investigation– www.police.saskatoon.sk.ca – 7/20/10 – “A 21 year old Quebec man is facing charges following a debit card skimming scam which took place over the weekend in Saskatoon.”
Debit card skimmer caught in Saskatoon– video.ca.msn.com – 7/20/10 – “Saskatoon police have charged one man over a debit card skimming operation, Jennifer Quesnel reports.”
Police say skimming very serious problem– www.azcentral.com – 7/20/10 – “Scottsdale police want to warn people of the increasing skimming problem in the valley. They recently found two skimmer devices on two bank machines on the same day last week.”
Man charged in debit-card scam after hotel staff find $100,000 in cash– www.vancouversun.com – 7/20/10 – “A 21-year-old Quebec man has been charged in connection with a debit-card skimming scam that netted nearly $100,000 in cash.”
US risks becoming a global centre for card fraud warns senior Fed staffer– www.finextra.com – 7/20/10 – “A senior official at the US Federal Reserve has expressed alarm that the country is being left isolated by its reliance on mag-stripe cards while the rest of the world moves to more secure EMV-based Chip and PIN payment technology. ”
Semtek Announces PCI DSS De-scoping of Major National Retailers– www.semtek.com – 7/20/10 – “Semtek announced today that two of its national retail clients have successfully received new Reports of Compliance (ROC) from their PCI Qualified Security Assessors that have resulted in major de-scoping of their retail systems environments from PCI DSS auditing requirements.”
Soccer balls and payment cards: A push for global standards– portalsandrails.frbatlanta.org – 7/19/10 – “I am generally not a soccer fan but over the past few weeks I found myself curiously engaged in that nationalistic spectacle called the World Cup.”
Police finds skimmers on Scottsdale, Ariz. bank ATMs– www.securityinfowatch.com – 7/19/10 – “Police are warning ATM customers about two ATM skimmers found at Scottsdale bank locations this past week.”
Governor Brewer calls for increased effort to combat a rise in credit card skimmers– www.abc15.com/– 7/19/10 – “Governor Jan Brewer is taking new measures to combat a rise in the number of credit card "skimmers" found around the Valley.”
Card skimmer found at Woodstock bank ATM – www.country1073.ca – 7/19/10 – “Woodstock police are investigating after an observant citizen called them Sunday afternoon to report they had discovered a debit card skimming device attached to an A-T-M at the Toronto Dominion Bank branch located at 539 Dundas Street.”
Public warn of gas station card ‘skimmers’– www.aurorasentinel.com – 7/15/10 – “Police are warning area gas stations to be on the lookout for “skimming devices” that can steal sensitive information from credit cards at area gas pumps.”
Senators reintroduce identity theft measure– www.nextgov.com – 7/14/10 – “A measure reintroduced in the Senate on Wednesday would trump state regulations that seek to protect consumers from identity theft by establishing a national law that requires public and private institutions to safeguard sensitive data and to notify people whose personal information might have been compromised.”
Fraud Could Come from North after Canada Phases in EMV Cards– www.americanbanker.com – 7/14/10 – “The first deadlines for Canadian banks and merchants to shift to the EMV Integrated Circuit Card Specifications will hit in October, and security experts are warning that U.S. payments ...”
Pay-At-The-Pump Skimming on the Rise– www.bankinfosecurity.com – 7/12/10 – “At a Shell station in Alachua, FL, last week, a service technician found a skimming device on a pay-at-the-pump terminal when he opened the machine for a routine maintenance check.”
Can Canadian Example Chip Away at EMV Resistance in U.S.?– www.americanbanker.com – 7/9/10 – “In their wallets, millions of U.S. consumers carry payment cards with chips that can support a highly regarded security format used in much of the industrialized world”
Aurora gas stations targeted in credit card theft scheme– www.kdvr.com – 7/16/10 – “Aurora Police have issued a crime alert to gas stations throughout the city, warning them about the discovery of a credit card skimming device found inside a gas pump earlier this month.”
Debit Card Skimming Scam :: Gang Bust by FIA Lahore with ABL FRMU Collaboration– news.fmota.com – 7/16/10 – “The main culprits in this scam are Muhammad Asif bearing CNIC Number 35201-3814830-3, Ashfaq Arif bearing CNIC 35202-4532072-5 and Javed Iqbal.”
Senate Sends Swipe Fee Reform to President Obama – www.nacsonline.com – 7/16/10 – “The Senate cast the final vote yesterday on the financial services reform bill, sending debit card swipe fee reform to President Obama for his signature.”
MasterCard: Most banks agree to breach settlement– www.businessweek.com – 7/15/10 – “MasterCard Inc. said Thursday nearly all of the banks with claims related to a 2008 data security breach have agreed to accept a settlement.”
Alert: ATM Skimmers Found in Scottsdale– www.myfoxphoenix.com – 7/15/10 – “Scottsdale Police are warning ATM and bank card users about skimmers that have been found on two ATM machines near Scottsdale and Shea -- and there could be more.”
Public warn of gas station card ‘skimmers’– www.aurorasentinel.com – 7/15/10 – “Police are warning area gas stations to be on the lookout for “skimming devices” that can steal sensitive information from credit cards at area gas pumps.”
PD Finds Skimmers On Scottsdale Bank ATMs– www.kpho.com – 7/15/10 – “Police are warning ATM customers about two ATM skimmers found at Scottsdale bank locations this past week.”
Visa moves to reduce payment card data in retail systems– www.computerworld.com – 7/15/10 – “A new payment card security initiative launched by Visa Inc. Wednesday could eliminate the need for retailers and other organizations to store full, 16-digit credit and debit card numbers on their systems.”
Zeus takes aim at credit authentication services– ww.securecomputing.net.au – 7/15/10 – “The infamous Zeus malware botnet has begun harvesting user bank data by posing as a credit card verification scheme.”
Visa To Acquirers: Stop Forcing PAN Retention– www.storefrontbacktalk.com – 7/14/10 – “Visa on Wednesday (July 14) sent a direct message to acquiring banks: Stop making retailers retain credit card information unless you want to stop servicing Visa.”
Not PCI Compliant? No Problem– www.practicalecommerce.com – 7/14/10 – “By Practical eCommerce's count, there are nearly 600 English-language shopping carts. These include hosted carts, licensed software carts and open-source carts.”
Visa Best Practices for Primary Account Number Storage and Truncation – www.visa.com – 7/14/10 – “Due to misinterpretation of Visa dispute processing rules, some acquirers require their merchants to unnecessarily store full Primary Account Numbers (PANs) for exception processing to resolve disputes.”
Visa Best Practice: Tozenization – www.visa.com – 7/14/10 – “As part of these best practices, Visa recommended that entities use tokens (such as a transaction ID or a surrogate value) to replace the Primary Account Number (PAN) for use in payment-related and ancillary business functions.”
Bank, Customer Headed to Trial– www.bankinfosecurity.com – 7/13/10 – “In a move pushing the Experi-Metal vs. Comerica Bank case closer to a courtroom showdown over "reasonable security," a district court judge has denied Comerica's motion for summary judgment.”
Debit card skimming 'epidemic': police– www.cbc.ca – 7/13/10 – “Criminals across the country are stealing debit card terminals, installing equipment to record card information and PIN codes, then replacing them and using the skimmed data to clean out bank accounts, according to police.”
Enough With The PCI Finger Pointing Already– storefrontbacktalk.com/ – 7/12/10 – “When it comes to PCI compliance, I am sick and tired of everyone pointing fingers at someone else. Nobody wants to be in the line of fire when (not “if”) a breach happens.”
TJX Settles Another Data Breach Lawsuit And Puts Itself In Charge Of The Oversight – storefrontbacktalk.com – 7/11/10 – “You have to wonder who is left among the U.S. entities that have not sued—and then settled with—TJX for its infamous data breach of more than 100 million card numbers. The latest to come up to the till: The Louisiana Municipal Police Employees’ Retirement System.”
Pay-At-The-Pump Skimming on the Rise– www.bankinfosecurity.com – 7/12/10 – “At a Shell station in Alachua, FL, last week, a service technician found a skimming device on a pay-at-the-pump terminal when he opened the machine for a routine maintenance check.”
Man Charged in Debit Card Skimming Operation– cjocfm.com – 7/12/10 – “Lethbridge Regional Police have arrested a man and charged him with several offences relating to a debit card skimming operation.”
Trustwave Chairman, CEO, and President Robert McCullen shares lessons learned – issuu.com – 7/10/10 – “Trustwave Chairman, CEO, and President Robert McCullen shares lessons learned from the company's breach investigations for clients.”
When SC Magazine and the security industry met with the PCI Security Standards Council's European director– www.scmagazineuk.com – 7/9/10 – “I have been intrigued by the way that the Payment Card Industry Data Security Standard (PCI DSS) is enforced for some time now. After all, it is not controlled by a government-appointed regulator, its enforcement level seems to be minimal, and quite frankly I have often perceived it to be an ‘opt-in' benchmark.”
Two more credit card skimmers found at gas pumps near I-75 - Gainesville Sun– www.gainesville.com – 7/9/10 – “Law enforcement officers from various agencies continued on Friday to check the pumps of gas stations along Interstate 75 through Alachua County for devices that could get the credit card information of customers.”
PCI Security Standards Council Expands Global Reach with Appointment of European Director - www.scottrade.com - 7/08/2010 - Today, the PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), announced the appointment of Jeremy King as European Director for the PCI SSC.”
Canada's newly introduced data breach is a start, but it lacks teeth– www.scmagazineus.com – 7/8/10 – “The Parliament of Canada recently introduced Bill C29, also known as an act that amends the Personal Information Protection and Electronic Documents Act (PIPEDA).”
More credit card skimming devices found in gas pumps – www.gainesville.com – 7/8/10 – “Two days after a worker discovered an illegal credit card skimming device inside a gas pump at a station near the interchange of Interstate 75 and Newberry Road, more such devices have been discovered at a nearby gas station, the Alachua County Sheriff’s Office said Thursday.”
Card Fraud Soars, But Not Fraud Rate. Thanks To Visa– storefrontbacktalk.com – 7/8/10 – “Here’s an interesting stat: As payment card fraud continues to soar each year, the actual rate of fraud—in an X cents per $100 perspective—has remained impressively the same, according to new figures released by The Nilson Report this week.”
The Changing Nature of US Card Payment Fraud: Industry and Public Policy Options – www.kansascityfed.org – 7/7/10 – “The rapid transition to card payments has sparked a search for effective countermeasures to those who exploit card payment security vulnerabilities to commit payment fraud. A review of these vulnerabilities finds that they are tied together by an information-intensive payment approval system.”
Apple iTunes Fraud Is Firm's Latest Hurdle – www.smartmoney.com – 7/7/10 – “Apple is facing another public relations challenge after an app developer breached hundreds of its iTunes user accounts, triggering customer complaints about fraudulent activity, according to The Wall Street Journal. ”
Card breach linked to national company– www.wlfi.com – 7/2/10 – “A local security breach with credit and debit cards has been linked to a national company.”
Hidden credit card skimmer found in local gas pump – www.gainesville.com – 7/1/10 – “An alert technician found a device on a gas pump apparently designed to capture credit card information this week. The device, known as a credit card skimmer, was seized by the Alachua County Sheriff's Office.”
Investor, TJX settle suit over data theft– www.boston.com/ – 7/7/10 – “TJX Cos., which owns the T.J. Maxx and Marshalls discount retail chains, has settled an investor lawsuit related to the theft of millions of its customers’ credit card numbers.”
Card skimmed in City, transaction made in Karachi– www.deccanherald.com – 7/6/10 – “In a shocking incident, a woman’s debit card was allegedly skimmed at a coffee shop on Lavelle Road and two transactions worth about Rs 19,000 were carried out at Karachi, Pakistan.”
UH Database Security Breach Puts Thousands At Risk– www.kitv.com – 7/6/10 – “A security breach at the University of Hawaii-Manoa could affect 53,000 people.”
New twist in ATM skimmer scams can empty your account– www.usatoday.com – 7/6/10 – “Thieves are using high-tech skimmers to steal account information at automatic teller machines — and victims don't know they have a problem until they see their statements.”
Credit Card Hackers Visit Hotels All Too Often– www.nytimes.com – 7/5/10 – “HERE’S something that the struggling hotel sector prefers not to spotlight: it is a favorite target of hackers.”
Card breach linked to national company– www.wlfi.com – 7/2/10 – “A local security breach with credit and debit cards has been linked to a national company. Lafayette Police detective B.T. Brown said the security issue affected the Camilles Sidewalk Cafe restaurants in the area.”
New Twist In ATM Skimmer Scams Can Empty Out Your Bank Account– www.wusa9.com – 7/2/10 – “It is happening in the DC area. Bank statements showing money missing from checking accounts or charges consumers never made. The culprit? Thieves using high-tech new ATM skimmers to steal account information.”
Risky Software Still in Place as a Visa Deadline Passes – www.digitaltransactions.net – 7/2/10 – “Although many U.S. merchants and processors have met Visa Inc.’s July 1 deadline for replacing unapproved point-of-sale software applications with ones that meet requirements of the Payment Application data-security standard, or PA-DSS, many non-compliant card-processing applications remain in the marketplace, Visa says.”
Card skimmer found at Dumbarton bank – www.lennoxherald.co.uk – 7/1/10 – “HUNDREDS of bank customers are at risk from fraud after a card “skimmer” was found attached to a cash machine.”
Visa Revokes PCI Approval From Ingenico PIN Pads Following Breach– www.storefrontbacktalk.com – 7/1/10 – “In a move that seems to reflect a very different PCI approach coming from Visa, the world’s largest card brand has ripped the PCI approval from two Ingenico PIN entry devices (PEDs) after a data breach."

June 2010

Visa to Aid Merchants That Miss Security Deadlines– www.americanbanker.com – 6/30/10 – “Visa Inc. said it is planning to help merchants that fail to meet two July 1 payment security deadlines.”
FTC says scammers stole millions, using virtual companies– www.computerworld.com – 6/27/10 – “The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.”
Tokenization vs encryption: RSA touts tokens to reduce PCI DSS pain– searchsecurity.techtarget.com – 6/23/10 – “Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit credit card number with an encryption algorithm to card-based tokens, which substitute a random token with the hope that it could reduce the scope of a PCI DSS assessment. Robert Griffin, technical director at RSA, the security division of EMC Corp., has been the lead architect in a number of encryption and tokenization projects.”
Police Warn Of Okla. Skimming Scam– www.koco.com – 6/30/10 – “Police said they're uncovering an underground network of people who look to buy and sell consumer credit and debit card numbers, including victims in the Oklahoma City area.”
Blue Cross Blue Shield security breach – www.accessnorthga.com – 6/30/10 – “Georgia's largest health insurance company is warning that 70,000 Georgians may have had their medical information, their credit card and social security information wrongly accessed.”
Destination Hotels card-processing system hacked– www.computerworld.com – 6/29/10 – “Hackers have broken into the payment processing system of Destination Hotels & Resorts, a high-end chain best known for its resort hotels in destinations such as Vail, Colorado; Lake Tahoe, California; and Maui, Hawaii.”
Skimming suspect faces additional charges– www.shreveporttimes.com – 6/29/10 – “A man arrested this month for stealing people’s credit card information with a skimming device while working at a local fast food restaurant faces more charges.”
Security glitch exposes WellPoint data again– www.google.com – 6/29/10 – “WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer's records.”
39 Breaches in 1st Half of 2010– www.bankinfosecurity.com – 6/28/10 – “Already in the first six months of 2010, financial institutions have been involved with more than half the total data breaches they suffered in 2009 - and experts don't see the pace decreasing.”
Kiwi cops tops for netting skimmers – www.stuff.co.nz – 6/27/10 – “POLICE have scooped a major international crime-fighting award for stopping credit card skimmers.”
TNS Helps Industry Strengthen Payment Transaction Security– www.pymnts.com – 6/28/10 – “Transaction Network Services is playing an increasing role in helping acquirers and merchants protect sensitive cardholder information as payment transaction security continues to be a major issue for everyone involved in the industry.”
Task Force: Valet Busted in Credit Card Skimming Scam – www.nbclosangeles.com – 6/28/10 – “Southern California has long been ground zero for credit card skimmers and identity theft hackers. Thousands of times a day in Southern California, trusting drivers hand their cars over to valets.”
U.K. Gang Caught for Chip-and-Pin Scheme – www.nacsonline.com – 6/28/10 – “A group of U.K. thieves has been caught after siphoning off £725,000 from gasoline customers’ credit and debit cards in a chip-and-pin scam, the BBC reports.”
FTC Says Scammers Stole Millions, Using Virtual Companies– www.pcworld.com – 6/27/10 – “The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.”
RCMP bust another credit card skimmer scam– www.richmond-news.com – 6/25/10 – “Another credit card skimming scam has been shut down. Richmond RCMP have arrested a 24-year-old male whom they say had been illegally stealing credit card information at a local restaurant.”
Big Breach at Anthem Blue Cross– www.healthdatamanagement.com – 6/25/10 – “Anthem Blue Cross, the trade name for Blue Cross of California, is notifying about 230,000 members and applicants for insurance that a Web site used to apply for individual health insurance policies was breached.”
Outsourced payment card services to take off by 2015– www.zdnetasia.com – 6/24/10 – “Retailers are buckling under the strain of having to store, manage and locate key customer account information as well as remain compliant with industry standards. In order to manage their credit card data security, a new RSA study suggests that companies look at secure payment services such as data encryption and tokenization.”
Destination Hotels & Resorts Reacts Swiftly to Credit Card Interception– www.prnewswire.com – 6/24/10 – “Destination Hotels & Resorts reported today that it has responded quickly to being victimized by a credit card fraud scheme, and guests at 21 of its hotels in the United States may have been victims as well. Destination said it uncovered a malicious software program inserted into its credit card processing system from a remote source.”
OU Reports Virus, Security Breach– www.koco.com – 6/24/10 – “The University of Oklahoma is warning students about a security breach that may put their personal information at risk. The university said its Information Technology department noticed unusual Internet activity on a laptop computer associated with its network.”
TNS White Paper: Card Data Security in an IP World– www.paymentsnews.com – 6/24/10 – “While a shift to IP based payment systems (from legacy systems) offers many advantages to businesses, it also presents a much more advantageous environment for cybercriminals to operate as the protocols are easily understood; they can easily remain anonymous on public IP networks, and maintain hundreds or thousands of simultaneous connections for malicious purposes such as Denial of Service, which can make payment networks unavailable for processing transactions.”
700-Plus Credit Cards Stolen from Hotel– abcnews.go.com – 6/24/10 – “Computer hackers targeting travelers at luxury hotels across the country made off with hundreds of thousands of dollars during the past three months by breaking into the computer system of a national hotel chain and stealing the guests' credit card information, Texas police officials told ABC News today”
Dozens of Driskill guests' credit card numbers swiped– www.statesman.com – 6/24/10 – “The credit card numbers of dozens of recent guests at the downtown Driskill Hotel were stolen after thieves hacked into the accounting network for the hotel's management company, officials said.”
Thinking About Security ROI From The Thief’s Perspective – storefrontbacktalk.com – 6/24/10 – “Retail IT execs have always been very good at making risk-based security budget decisions. They know how to calculate the probability of a certain attack method being used against them, its chances for success and the likely cost to the chain if it succeeds.”
Will Senate Bill Force The U.S. To Go Chip-And-PIN?– www. – 6/24/10 – “With Wal-Mart’s recent push for Chip-and-PIN in the U.S., the debate has been what could possibly push the banks into supporting such a costly move. One financial blog is making a compelling argument that the U.S. Senate may be about to jump into the U.S. EMV case.”
Dave & Buster’s Gets 20 Years In Gonzales Settlement– storefrontbacktalk.com – 6/24/10 – “Dave & Buster’s will spend the next 20 years under the watchful eye of the FTC, according to a consent agreement finalized this month.”
Chip-And-PIN Breach: Bluetooth, Burned Hole In Back Of Card Reader – storefrontbacktalk.com – 6/24/10 – “For those who are arguing that Chip-and-PIN represents the gold standard in card security, there was a cold splash of reality this week. Four fraudsters from London were sentenced to jail for their parts in a nine-month string of thefts that netted almost $1.1 million by tampering with Chip-and-PIN card readers at gas stations.”
Will the Durbin Amendment lead to Chip + PIN in the US?– www.smartcardalliance.org – 6/23/10 – “Amidst all the hype, politics and lobbying in the Durbin Amendment interchange fees debate, is a little-noticed component that could have a big impact on the state of payment technology in the US.”
Bank of New Zealand patents new anti-fraud card system – www.monstersandcritics.com – 6/23/10 – “The Bank of New Zealand (BNZ) said Wednesday that it had acquired worldwide patents for technology that stops criminals from skimming debit and credit card at automatic teller machines (ATMs).”
Spaniard Victim of Card Scam– www.thebalitimes.com – 6/23/10 – “A Spanish man has complained to Kuta Police that his credit card was skimmed and used for unauthorised purchases while he was staying in Bali in April.”
New PCI DSS Guide for Merchants– blog.elementps.com – 6/23/10 – “We just published a new PCI compliance resource guide for merchants. The guide is intended to provide simple and quick information security steps for small to mid-size merchants that accept credit and/or debit cards as a form of payment.”
Chip-and-PIN fraud gang jailed– www.zdnet.co.uk – 6/22/10 – “A gang of four Londoners have been jailed for a Chip-and-PIN fraud operation which netted £725,000. The BBC reported on Monday that Theogenes De Montford, the ring-leader, was given four and a half years, while Rajakumar Thevathasan, Rashid Hassan, and Usman Mahmood each received three and a half year jail sentences at Southwark Crown Court.”
Payment card industry compliance deadlines to hit UK business– www.computing.co.uk – 6/18/10 – “Payment Card Industry (PCI) compliance deadlines due at the beginning of July could mean a rise in credit card processing costs for small firms who don't comply.”
Internet Fraud Alert Program Launched – www.informationweek.com – 6/18/10 – “Internet Fraud Alert, a new program aimed at sharing information about stolen account credentials and mitigating the potential losses associated with online fraud, launched Thursday.”
Security budgets stable or increasing at financial firms– www.securecomputing.net.au – 6/21/10 – “Despite the global financial crisis, information security budgets at financial institutions generally are staying stable, many even have increased, according to a study conducted by accounting and consulting firm Deloitte.”
ATM Skimming: How Effective is Jitter?– www.bankinfosecurity.com – 6/21/10 – “ATM skimming -- it is the fastest-growing electronic-fraud risk, according to the U.S. Secret Service, accounting for more than $1 billion in annual losses. And some industry experts estimate skimming-related losses to be as much as three times higher.”
Man jailed over chip and pin fraud– www.google.com – 6/21/10 – “One of the UK's most prolific chip and pin fraudsters, from west London, has been jailed for four-and-a-half years.”
Assessor Validates VeriFone’s VeriShield Protect End-to-End Encryption Solution– pymnts.com – 6/21/10 – “VeriFone Systems, Inc. (NYSE: PAY), and Coalfire Systems, Inc., today announced that an independent assessment by Coalfire has determined that VeriFone’s VeriShield Protect end-to-end encryption solution meets all Visa Data Field Encryption guidelines as well as other industry standards.”
Secret Service: ATM Card Skimming Five Times Higher This Year– activerain.com – 6/20/10 – “ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight.”
FBI investigates credit card scam– www.daily-times.com – 6/18/10 – “A Durango restaurant unknowingly served up some very expensive ribs two months ago. More than 270 credit card accounts were used in purchases across the country after the computer systems at two Serious Texas Bar-B-Q restaurants in Durango were breached between February and April, FBI Special Agent Darrin Jones said.”
Police bust massive global credit card fraud ring– www.securecomputing.net.au – 6/17/10 – “Police in 12 countries have arrested 178 individuals linked to an international credit card fraud ring.”
MasterCard Experimenting With Card That Displays One-Time Password– www. – 6/17/10 – “In a MasterCard experiment announced this month with a bank in Turkey, the payment powerhouse has radically revamped what a credit or debit card should look—and act—like.”
Area Banks' Security Challenge– www.countytimes.com – 6/17/10 – “Identity theft has topped the Federal Trade Commission’s list of consumer complaints for the past eight years, and almost 10 million Americans were victims last year alone—up 22 percent over the previous year, according to Profit Protection, a nationwide company that helps the banking industry keep abreast of the ever-changing challenges posed by Internet hackers and personal data thieves.”
Visa To Franchisors: “We’re Here To Talk, Not To Listen”– storefrontbacktalk.com – 6/17/10 – “When it comes to PCI compliance for franchisors, Visa is completely out of touch with reality. Well, perhaps not completely out of touch with reality. But based on a 9-hour Visa Franchisor Payment Systems Security Symposium on Wednesday (June 16), the brand is pretty darn close.”
Internet sleuths get new way to report stolen data– www.google.com – 6/17/10 – “A new program being spearheaded by Microsoft Corp. is designed to provide a trusted way for researchers to report stolen credit card numbers and other data they've found in the dark corners of the Internet.”
PCI Compliance - Are UK Businesses Ready?– www.freshbusinessthinking.com – 6/17/10 – “The Payment Card Industry Data Security Standard (PCI DSS) will apply to organisations in the UK from September 30th 2010.”
Global fraud tool on the horizon – www.greensheet.com – 6/16/10 – “The international fraud fight may have an interesting new aspect. A global firm called ValidSoft is preparing to implement a program designed to authenticate payment card purchases by measuring proximity between a card transaction and the cardholder's cell phone.”
Security breach pushes First Victoria to block signature-based transactions on debit cards– www.victoriaadvocate.com – 6/16/10 – “First Victoria bank placed blocks on its MasterCard debit cards after a small amount of card numbers was compromised by a third-party source. The bank suspects the issue has to do with a merchant somewhere in the southwestern United States, said Don Sparks, senior vice president and bank services manager for First Victoria.”
Fraud And Overdraft Regs Threaten Debit Card Profitability– www.digitaltransactions.net – 6/16/10 – “Debit cards are more popular than ever, but issuers see threats to the bottom line from rising fraud and more regulation. Loss rates rose 43% on signature debit cards and 24% for PIN-debit cards in 2009, according to the Pulse EFT network’s fifth-annual survey of the debit market.”
Toxic Waste: Old PIN Pads Never Die, But They Really Should– storefrontbacktalk.com – 6/16/10 – “Do you accept PIN-based debit cards at your stores? Have you been accepting these PIN transactions for more than, say, six years? Lastly, are you aware that the first Visa-mandated sunset date for your old PIN Entry Devices (PEDs) is July 1, 2010?”
A Look at the Cost of Payments Acceptance by UK Merchants– www.paymentsnews.com – 6/15/10 – “Earlier today, the British Retail Consortium published its Cost of Payment Collection Survey 2009. The survey, based on data covering 53% of total UK retail sales, found that debit cards are the most used form of payment representing 44% of UK retail sales.”
Online fraud costs UK businesses £400k each, says report– www.computerweekly.com – 6/15/10 – “Online fraud cost UK businesses an average of £400,000 last year, a report reveals. The 2010 edition of the UK Online Fraud Report, commissioned by CyberSource, shows that merchants expect to lose 1.8% of online revenues to payment fraud, but 48% expect to lose less than 1%.”
Consumers Trust Retailers' Security The Least – www.darkreading.com – 6/15/10 – “Consumers in the U.S. trust retailers, government, and banks less than consumers in other countries, a new survey conducted by IBM Guardium found. And, overall, retailers are the least trusted entity in the world, while government is the most.”
Australia: card fraud to fall due to microchip technology– www.istockanalyst.com – 6/15/10 – “The latest figures from the Australian Payment Clearing Association, the payments industry regulator, reveal that the cost of payment fraud rose by 13% in 2009 to 9.4 cents per A$1,000 transacted. With the increasing implementation of microchip card technology in the country, Datamonitor expects the value of payment fraud to fall in 2010.”
Quebec man jailed for card skimming – timestranscript.canadaeast.com – 6/11/10 – “A Laval man was sentenced to six months in jail yesterday for his role in a criminal bank card skimming operation in New Brunswick.”
10 of the Top Data Breaches of the Decade– abcnews.go.com – 6/14/10 – “The Internet cried foul last week when news broke that an AT&T security breach exposed the e-mail addresses of at least 100,000 owners of Apple's iPad 3G.”
South Africa: Beware ATM Fraud, Banks Warn Clients– allafrica.com – 6/14/10 – “THE big four banks were on high alert for international ATM fraud syndicates planning to cash in on unsuspecting local customers and visitors during the World Cup.”
Simplify PCI Compliance for Data Security – www.businessweek.com – 6/11/10 – “If your business accepts credit or debit payments, it’s likely that you’re required to comply with the Payment Card Industry Data Security Standard.”
At least 40 Dixie Cafe customers impacted by hackers– www.todaysthv.com – 6/11/10 – “Hackers strike a popular Arkansas restaurant, with dozens of diners affected.Executives with the Dixie Cafe say they just discovered the breach this week, hitting two locations in Little Rock and Hot Springs.”
Cloud Computing: Would PCI Compliance Help or Hurt Security?– www.cio.com – 6/10/10 – “These days it's not that great a compliment to say something's as safe as banks, let alone credit cards or those swipe-card readers at the convenience store.”
At least 40 Dixie Cafe customers impacted by hackers– www.todaysthv.com – 6/10/10 – “Executives with the Dixie Cafe say they just discovered the breach this week, hitting two locations in Little Rock and Hot Springs. The company is working with local and federal authorities to get to the bottom of all this.”
Forgotten Apps Pose PCI Danger, Visa List Shows– www.storefrontbacktalk.com – 6/10/10 – “Tucked away in forgotten corners of your network sits a wide range of old, forlorn applications. Beyond collecting electronic cobwebs, these apps potentially pose one of the most serious threats to your data security.”
Why Open Source Drives PCI Nuts– www.storefrontbacktalk.com – 6/10/10 – “The big advantage to open-source software is that anyone can change it. And the big disadvantage to open source? Anyone can change it.”
Debit card "phishing" scam reported in Chippewa Falls– www.wqow.com – 6/9/10 – “On 06/09/10, several Chippewa Falls area residents reported to local law enforcement and various financial institutions that they had received automated calls on their land line and cell phones alerting them to the fact that their VISA debit card accounts had been de-activated due to a security breach.”
Debit card fraud operation in city – www.parisstaronline.com – 6/9/10 – “City police are investigating a debit-card fraud operation that operated over a three-month period, with a local restaurant suspected at the centre of things.”
ATM Skimmer Striking Washtenaw Co. – www.clickondetroit.com – 6/9/10 – “Washtenaw County authorities are asking the public to be on the lookout for a man who is accused of trying to steal ATM card numbers.”
Small U.S. banks protest debit fee restrictions– www.reuters.com – 6/9/10 – “U.S. community banks said a proposal to require big banks to reduce fees they charge merchants would in fact force smaller lenders to boost the fees they charge consumers.”
Police: Bulgarian linked to ‘skim’ had 46 $20 bills– chronicle.northcoastnow.com – 6/9/10 – “A Bulgarian national suspected of attaching a card-reading device to a North Ridgeville ATM last month had $920 in $20 bills concealed in a pair of gloves that police found during a search of his car, according to an unsealed search warrant.”
$217,000 'Skimmed' From ATMs – online.wsj.com – 6/9/10 – “"Cloned" debit cards have been used to steal more than $200,000 from Long Island banks between April and the end of May, police said.”
Elavon Selects Semtek, Voltage Security for End-to-End Data Protection– www.paymentsnews.com – 6/8/10 – “Elavon has announced that Semtek and Voltage Security have been selected to include end-to-end encryption capabilities in its acquiring and gateway solutions.”
How to Raise Risk Awareness– www.bankinfosecurity.com – 6/8/10 – “Ana Foster is the Risk Manager and Compliance Officer at Cambridge Trust Company in Massachusetts, and increasingly she sees risk awareness as a significant part of her job.”
Semtek and Elavon Enter Into Global Security Services Agreement– www.prnewswire.com – 6/8/10 – “Semtek Innovative Solutions Corporation announced today it has entered into a multi-year, global agreement with Elavon, a wholly owned subsidiary of U.S. Bancorp (NYSE: USB) and a leading global payments provider, to provide the merchant processor with end-to-end security services and infrastructure for the Elavon merchant portfolio. ”
Payment fraud costing more– www.bankingday.com – 6/8/10 – “The cost of payment fraud increased 13 per cent last year, rising from 8.27 cents per $1000 transacted in the year to December 2008 to 9.38 cents in 2009.”
Eftpos card-skimming occurring in NSW – news.theage.com.au – 6/8/10 – “Fraud squad detectives are urging people to use Eftpos machines with caution after fresh reports of card skimming on the NSW north coast.”
Card Fraudsters Suspend High-Tech Breaches for More Old-School Methods– www.cuinsight.com – 6/8/10 – “One of the attractive benefits of skimming for fraudsters is not only the millions of dollars that they can get away with, but that the process is cheap maintains Karen Postma, TMG (The Members Group), in her latest fraud white paper, "A Throw Back Threat."”
FTC Approves Final Settlement With Restaurant Chain– www.collectionscreditrisk.com – 6/8/10 – “The Federal Trade Commission approved a final settlement order with Dave & Buster's Holdings Inc., an entertainment and restaurant chain.”
Don't keep quiet after a data security breach– searchsecurity.techtarget.com – 6/7/10 – “Cybercriminals have upped the ante against organizations by relentlessly targeting them in more ruthless ways. The amount of data corporations are losing is increasing.”
Card-skimmer raid on Salisbury Commonwealth Bank ATM– www.adelaidenow.com.au – 6/7/10 – “Both devices were attached to stand-alone Commonwealth Bank ATM machines - the first last Tuesday at Northpark Shopping Centre, Prospect, and the second yesterday at Parabanks Shopping Centre in Salisbury.”
2010 Data Breach Timeline– www.bankinfosecurity.com – 6/7/10 – “The following is a list of data breaches that have affected U.S. financial institutions in 2010. The information was compiled from the 2010 Data Breach Report by the Identity Theft Resource Center (ITRC), based in San Diego, CA.”
Complying With Visa’s July 1 PA-DSS Mandate– www. storefrontbacktalk.com – 6/1/10 – “In the same way you wouldn’t buy your gold Rolex from a street vendor, you shouldn’t buy a software payment application that is not on the PCI Council’s list of PA-DSS validated applications.”
More ATMs sealed off in town– www. – 6/7/10 – “Cash machines in a north-east town have been cordoned off for the second time in a week amid fears that fraudsters have targeted them.”
Card-skimmer raid on Salisbury Commonwealth Bank ATM– www.adelaidenow.com.au – 6/7/10 – “The second atm skimming device dicovered in less than a week may be the work of the same offenders, police say.”
Card warning over thid ATM skimmer fears– news.stv.tv – 6/6/10 – “Police fear a third card-skimming device - used to steal bank card details - may have been attached to a cash machine in Stonehaven.”
Bulgarian suspected of installing ATM ’skimmer’– chronicle.northcoastnow.com – 6/5/10 – “A sharp-eyed Charter One Bank employee discovered a card-reading device attached to an ATM outside the bank’s North Ridgeville branch last Sunday.”
Study Quantifies the Heavy Damage of Card Data Breaches– www.digitaltransactions.ne – 6/4/10 – “Everyone knows data breaches are expensive and affect a lot of people, but just how much is startling.”
Debit card skimming in Brantford – www.easy101.com – 6/4/10 – “Over the past 5 days, Brantford police have heard from 10 local citizens concerning debit card fraud after they noticed irregularities in their bank accounts.”
Disney Clerk Accused Of Credit Card Skimming– www.wesh.com – 6/3/10 – “Authorities said a Walt Disney World employee used skimming devices at several of the resort’s hotels to steal credit card information from guests.”
Restaurant patrons find credit card info stolen– www.wthr.com – 6/3/10 – “At least one bank is cautioning debit and credit card users to beware of fraudulent charges to their accounts. This, as dozens of customers of a local restaurant discover their numbers have been stolen.”
First Data Looks at Fraud Trends: "Fraud as a Service"– www.paymentsnews.com – 6/3/10 – “A new white paper titled "Fraud Trends in 2010: Top Threats From a Growing Underground Economy" by Rick Van Luvender Director, First Data InfoSec Incident Response Center, First Data Corp. is now available.”
Local restaurant targeted by online hackers– www.fox59.com – 6/2/10 – “A local restaurant reports a security breach affecting its customers. Hackers tapped into the credit card machines at Marco's, stealing credit and debit card numbers from several customers, wiping out their bank accounts.”
Bossier City man charged with credit card "skimming"– www.shreveporttimes.com – 6/2/10 – “A Bossier City man faces theft charges after allegedly using a skimming device to steal people’s credit card information.”
FS-ISAC Releases Cyber Attack against Payment Processes (CAPP) Results– www.paymentsnews.com – 6/2/10 – “The Financial Services Information Sharing and Analysis Center (FS-ISAC) has released the Executive Summary of the results of a three-day nationwide cyber attack simulation exercise conducted in February.”
Police seek suspect in credit card fraud case– www.pnj.com – 6/2/10 – “Police are looking for a Pensacola man wanted in connection with the theft and use of customer credit and debit card numbers from a local business.”
FS-ISAC 2010 Cyber Attack against Payment Processes (CAPP) Exercise Executive Summary– www.fsisac.com – 6/1/10 – “As part of its mission to share information regarding cyber threats and help respond to attacks against the financial services sector, the Financial Services Information Sharing and Analysis Center (FS-ISAC) organized and held the Cyber Attack against Payment Processes (CAPP) Exercise on February 9 - 11, 2010.”
Payment processing trends: What every operator should know– www.fastcasual.com – 6/1/10 – “While there are many trends in the credit and debit card industry, security is the trend that most restaurants should put at the top of their list.”
Merchants, Banks, And The Payment Security World To Unite At PCI Security Standards Council Community Meetings; Details And Dates Announced – www.pcisecuritystandards.org – 6/1/10 – “Today, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard , PIN Transaction Security requirements and the Payment Application Data Security Standard, announced dates and locations for its 2010 Community Meetings, the Council’s annual forums for engaging with Participating Organizations and members of the assessment community on the PCI standards.”
Is U.S. Ready for Chip & PIN?– www.bankinfosecurity.com – 6/1/10 – “Is the U.S. ready for chip and PIN payment card authentication? Or are American financial institutions and merchants too invested in current technologies to even consider such a move?”
Fake a Credit Card– www.wired.com – 6/1/10 – “Fraudsters rack up millions of dollars in merchandise using fake credit cards with legit numbers hacked off the Internet. Detective Bob Watts of Newport Beach PD shows how it's done.”
Payment processing trends: What every operator should know– www.fastcasual.com – 6/1/10 – “While there are many trends in the credit and debit card industry, security is the trend that most restaurants should put at the top of their list.”

May 2010

Geist: Security breach disclosure bill has bark but no bite– www.thestar.com – 5/31/10 – “Last week Industry Minister Tony Clement unveiled two bills touted as important components of the government’s national digital strategy.”
Visa Eases up on Triple DES Deadline in Face of ‘Migration Challenges’– www.digitaltransactions.net – 5/28/10 – “Visa Inc. has “relaxed enforcement” of the July 1, 2010, deadline for petroleum retailers to install software that meets the so-called Triple Data Encryption Standard (also called 3DES or TDES) in response to requests from the major oil companies, including ExxonMobil, the card network said in a statement released this week.”
ITunes security lapse frustrates Apple user– www.cbc.ca – 5/28/10 – “A security breach with Apple's music program iTunes has left a sour note with a once-devoted fan.”
Card skimmer found at Dumbarton bank – www.lennoxherald.co.uk – 5/28/10 – “HUNDREDS of bank customers are at risk from fraud after a card “skimmer” was found attached to a cash machine.”
End-to-End Encryption Security Requirements– spva.org. – 5/27/10 – “Targeted to vendors of POS devices, this guideline sets a baseline for the payments industry and represents the first step to further strengthen payment security standards globally.”
Top Tier Merchants and the Challenge of Card Data Security – www.mercatoradvisorygroup.com – 5/27/10 – “New insight into the issues posed by PCI and card number security for merchant category leaders provides guidance and cautions”
Winter Park Bank Customers Victimized by Skimmer– www.wesh.com – 5/27/10 – “Winter Park Police said two people have come forward to complain about fraudulent activity on their bankcards.”
Secure POS Vendor Alliance Releases End-to-End Encryption Security Requirements– www.spva.org – 5/27/10 – “The Secure POS Vendor Alliance (SPVA), a non-profit business organization founded by Hypercom, Ingenico S.A., and VeriFone today announced the release of its End-to-End Encryption Security Requirements related to payment card data in payment card reading devices.”
Skimming on the increase– www.abc.net.au – 5/27/10 – “The 22 year old Perth resident thought her details were protected and no one else could touch her money until October last year when thieves stole more than $2,000 from her bank account.”
Thieves Steal ATM Data In Winter Park– www.clickorlando.com – 5/27/10 – “Police said thieves have swiped information using card skimmers from automated teller machines across Winter Park.”
Cyber Thieves Rob Treasury Credit Union– krebsonsecurity.com – 5/27/10 – “Organized cyber thieves stole more than $100,000 from a small credit union in Salt Lake City last week, in a brazen online robbery that involved dozens of co-conspirators, KrebsOnSecurity has learned.”
U.S. EMV Conversion Seen As Possible-Eventually– www.paymentssource.com – 5/26/10 – “The day when the United States joins many other large markets globally in converting to EMV chip-and-PIN cards from magnetic stripe versions will not occur any time soon. But it will come eventually, one observer predicts.”
American Express may have failed to encrypt data– www.securecomputing.net.au – 5/26/10 – “American Express may be in hot water after a computer engineer discovered a portion of the card brand's website, which claims to be secure, is sending private information in the clear.”
New PCI Stats Show First Time Drop In Level 1 Compliance– storefrontbacktalk.com – 5/26/10 – “New PCI DSS compliance stats for the U.S. released by Visa on Monday (May 26) showed—for the first time—a drop in the compliance rate for Level 1 retailers, albeit a tiny one, from 96 percent to 95 percent.”
What Will It Take To Make Chip-and-PIN Happen In The U.S.?– storefrontbacktalk.com – 5/24/10 – “Despite an aggressive campaign launched this month by Wal-Mart to push for its adoption, it looks increasingly likely that to have Chip-and-PIN (EMV) adopted in the U.S. will require government intervention.”
Foreign hackers are targeting small business, says BBB– www.hometownsource.com – 05/26/10 – “The Better Business Bureau of Minnesota and North Dakota (BBB) and the Minnesota Cyber Crime Task Force (MCCTF) are issuing a warning to all small businesses that process credit cards.”
American Express may have failed to encrypt data– www.securecomputing.net.au – 05/26/10 – “American Express may be in hot water after a computer engineer discovered a portion of the card brand's website, which claims to be secure, is sending private information in the clear.”
Fighting the Skimming Factor– www.bankinfosecurity.com – 05/25/10 – “Debit card compromises are a growing concern for banks, credit unions and retailers. ATM and POS skimming attacks, as well as database breaches, are growing.”
The Story Behind The Hackers Behind The Largest Credit Card Number Heist– www.techdirt.com – 05/25/10 – “A few years ago, the story broke about how TJX, the corporate parent of a series of retail stores, including TJ Maxx and Marshalls, had suffered a huge data breach, after some hackers had accessed its computer network via an insecure wireless connection at one of the stores.”
Visa General PED Frequently Asked Questions Update for May 2010 – partnernetwork.visa.com – 05/25/10 – “PCI alignment for PIN and PED security represents a partnership to standardize data and device security requirements, testing methodology, and approval processes.”
District food servers charged in theft of patrons' credit card numbers– www.washingtonpost.com – 05/24/10 – “Three servers at the Cheesecake Factory restaurant on Wisconsin Avenue in the District allegedly stole credit card numbers from patrons as part of a scheme that racked up more than $117,000 in fraudulent charges between 2008 and last year, authorities say.”
Ready to Outsmart PCI? New Techs Help IT Comply– analytics.informationweek.com – 05/23/10 – “The PCI Data Security Standard is costly, complex and rigged against the retailers, merchants and processors that must comply with it.”
Local restaurant's computer hacked, customers' card numbers stolen– www.woai.com – 05/22/10 – “The computer system at a local Mexican restaurant was hacked, and investigators believe thieves made off with the credit card numbers of hundreds of customers.”
PCI Compliance Doesn't Have To Be Painful – www.informationweek.com – 05/22/10 – “Two technologies--end-to-end encryption and tokenization--may go a long way toward protecting credit-card data.”
Hotel liability and data security – www.hotelnewsnow.com – 05/21/10 – “In an attempt to understand hotel liability as it pertains to information security, HotelNewsNow.com sought the counsel of Robert Braun, partner with Jeffer Mangels Butler & Marmaro. What follows are his answers to relevant questions on the subject. (This is the sixth installment in a seven-part series about hotel information data security.)”
Aldaco's issues credit card breach alert– www.mysanantonio.com – 05/21/10 – “Blanca Aldaco released a statement and posted on the Aldaco's website(www.aldacos-stoneoak.com) that there has been a data security breach at Aldaco's at Stone Oak.”
Taking Credit Card Security Seriously – www.nacsonline.com – 05/20/10 – “A recent Forbes article addresses PCI DSS, specifically as it relates to compliance by small companies. While larger merchants (as defined by their PCI DSS merchant level) are subject to independent audits of their processes and systems, the smaller merchants instead can rely on a self-assessment questionnaire, "where they essentially grade themselves," according to Forbes.”
Wal-Mart: “It’s Time For Chip-And-PIN In The U.S.”– storefrontbacktalk.com – 05/20/10 – “With major card brands and the banks strongly opposed to Chip-and-PIN efforts in the United States, there’s only one way it’s going to happen–and that happened Wednesday (May 19): Wal-Mart publicly forced the issue.”
Customer finds skimming device at Pasco ATM – suncoastpasco.tbo.com – 05/19/10 – “The Bank of America customer had trouble getting his card into the drive-up ATM on Saturday morning, Pasco County Sheriff's Detective Natalie McSwane said outside the sheriff's administrative offices today.”
Heartland in $41.4M settlement with MasterCard– www.google.com – 05/19/10 – “Heartland Payment Systems Inc., which processes credit card payments, said Wednesday that it will pay MasterCard issuers $41.4 million to settle claims over a 2008 data security breach.”
Heartland, MasterCard Forge a $41 Million Data-Breach Settlement– www.digitaltransactions.net – 05/19/10 – “Continuing its massive clean-up in the wake of the payment card industry’s biggest data breach, merchant acquirer Heartland Payment Systems Inc. late on Wednesday announced a $41.4 million settlement with MasterCard Inc.”
Heartland Payment Systems and MasterCard Agree to $41.4 Million Intrusion Settlement – www.marketwatch.com – 05/19/10 – “Heartland Payment Systems, the nation's fifth largest payments processor, has entered into a settlement agreement with MasterCard Worldwide to resolve claims from MasterCard and its issuers related to the 2008 criminal intrusion into Heartland's payment system environment.”
Nine Arrested In Long Beach Raid – www.contracostatimes.com – 05/19/10 – “Five females and four males were arrested during a raid in Long Beach Tuesday as a result of an investigation into stolen property and drug activity in Manhattan Beach, police said.”
ATM skimmer found in South Yarra– www.abc.net.au – 05/19/10 – “Police are warning people to be vigilant after a skimming device was found attached to an automatic teller machine at South Yarra last week.”
N$11 000 skimmed from credit card– www.namibian.com.na– 05/18/10 – “According to an investigation launched by Bank Windhoek Otjiwarongo, the fraudsters used the cloned Bank Windhoek debit card to buy groceries worth N$4 000 at a Shoprite branch at Rundu.”
Busted German Credit Card Thieves Redefine 'Schadenfreude'– blogs.forbes.com – 05/18/10 – “According to blogger Brian Krebs, a group of hackers have eviscerated an underground hacker forum by posting database dumps of their private information and communication, including email addresses and private messages sent between users.”
Hotel data breaches the result of basic failures within industry– www.hotelnewsnow.com – 05/17/10 – “This is the first installment in a five-part series about hotel information data security.”
Taking Credit Card Security Seriously– www.forbes.com – 05/17/10 – “The easiest way for small businesses to address the information security requirements imposed by credit card companies is the wrong way.”
Bank vs. Business: Judge Rejects Motions– www.bankinfosecurity.com – 05/17/10 – “The judge in the PlainsCapital Bank case struck down the bank's requests to waive a jury trial and to move the case to arbitration.”
PCI: The Threats And The Opportunities For VARs– www.bsminfo.com – 5/16/10 – “For anyone supplying merchants with hardware, software, or services, the Payment Card Industry Data Security Standard (PCI DSS) represents both a profound challenge and a major opportunity.”
Officials: Hacking was outside eatery– www.macon.com – 05/15/10 – “A security breach that has compromised the credit and debit cards of recent customers at the Mellow Mushroom in Warner Robins is believed to have occurred outside the restaurant, police and the restaurant’s lawyer said Friday.
Arrest in India over TJX data theft– www.computerworlduk.com – 05/14/10 – “A Ukrainian man has been arrested in India, in connection with the most notorious hacking incident in US history.”
Three face charges over fake gift card scam– www.democratandchronicle.com – 05/14/10 – “Three people, including two alleged illegal immigrants, face federal charges that they used fake gift cards to steal nearly $200,000 from retailers across the Northeast.”
Malaysians held over B10m ATM card scam– www.bangkokpost.com – 05/14/10 – “Police have arrested two Malaysian men on charges of creating fake ATM cards to withdraw more than 10 million baht from the accounts of more than 100 bank card holders.”
Kinross gran loses savings to card thieves – www.perthshireadvertiser.co.uk – 05/14/10 – “Thieves are using hi-tech equipment to steal funds from Big County residents’ bank accounts – before transferring the cash to the Middle East.”
Credit union blocks debit, credit cards– www.macon.com – 05/14/10 – “Warner Robins-based Robins Federal Credit Union has blocked, because of a breach, about 2,000 debit and credits cards that were used at a local but unknown merchant.”
South Africa card fraud rises – www.iol.co.za – 05/13/10 – “The number of card skimming attempts has increased significantly this year, according to recent statistics released by FNB Credit Card's Fraud department on Thursday.”
Information of 2,000 Robins Credit Union Cardholders is Breached – www.13wmaz.com – 05/13/10 – “Robins Federal Credit Union says credit card and debit card information for 2,000 of its cardholders has been breached -- and the accounts have been blocked because of what the credit union calls "the large amount of fraud."
Encryption: The New Buzzword in Data Security– usa.visa.com – 05/13/10 – “In many data security discussions in the past year, end-to-end encryption has been on the top of the list of emerging technologies that businesses are considering to enhance their own data security.”
New payment security rules may focus on using tokens to mask card data– www.internetretailer.com – 05/13/10 – “41% of payment security professionals polled in a new study say they think upcoming payment security standards slated for release in October will promote turning cardholder data into a token to keep it secure.”
PCI SSC: Understanding the PTS Security Requirements Version 3.0– register.webcastgroup.com – 05/13/10 – “Event Date: Tuesday, May 18, 2010 @ 3:00 PM ET / 12:00 PM PT. This session will provide a detailed explanation of Version 3.0 of the PTS Security Requirements from Jeremy King, PCI SSC PTS working group representative and MasterCard Worldwide Business Leader, Payment System Integrity.”
New Data Breach Law Says Assessor—Not Visa—Has The Final Word– storefrontbacktalk.com – 05/12/10 – “One of the top ongoing concerns about PCI compliance—the absence of a true safe harbor—has been obliterated in the state of Washington, thanks to a new law signed by Gov. Chris Gregoire.”
PCI Issues New POS Standard– www.bankinfosecurity.com – 05/12/10 – “A new measure to strengthen credit card data protection was released by the PCI Security Standards Council today.”
Picante restaurant is victim of credit card scam– www.berkeleyside.com – 05/12/10 – “Picante, the popular Mexican restaurant on 6th Street, has been the target of an international credit card fraud operation, its owner says today.”
You could be handing your bank info to a thief– www.abc15.com – 05/12/10 – “They're easy and convenient and if you watch your balance using a debit card instead of credit is a good way to manage your money. But at what price?”
Data-Breach Risks Rise With Social Networking, Mobile-Payment App Use– www.americanbanker.com – 05/12/10 – “The fast growth of social-networking sites containing users' personal information is drawing concern from some payment data-security experts who say the risk of exposing consumers' sensitive data is rising.”
Police search for suspected ATM scammer– www.wptv.com – 5/12/10 – “Police are on the lookout for a man they say is using a skimmer to steal ATM numbers and drain victims' bank accounts.”
Inside the TJX/Heartland Investigations– www.bankinfosecurity.com – 5/11/10 – “With the recent sentencing of the last of Albert Gonzalez' co-conspirators in the TJX and Heartland data breaches, a long, hard criminal investigation comes to a close.”
Delray Beach Police Search For ATM Skimmer– www.wpbf.com – 05/11/10 – “Police in Delray Beach are searching for a man they said stole at least $1,000 in cash from ATMs using "skimmed" card information.”
Criminals find a gold mine in stolen debit card numbers– www.vancouversun.com – 05/11/10 – “They’re organized criminals, but they don’t tattoo gang names on their bodies, they don’t wear colours, and they don’t come up with snappy names.
Shanghai police crack down on credit card fraud– english.peopledaily.com.cn – 05/11/10 – “Police in Shanghai on Monday vowed to crack down on credit card fraud by foreigners as statistics revealed that large-scale international fairs like the Expo tend to attract card scammers to the host city.”
Card skimmer found at Tesco cash machine– www.thisisnorthdevon.co.uk – 05/11/10 – “Fraudsters have been using a "card skimmer" to try to rip off people using a cash machine at Tesco in Barnstaple.”
Card cloning device found at Barnstaple cash machine– news.bbc.co.uk – 05/11/10 – “A device which clones the details of debit and credit cards has been removed from a Barnstaple cash machine.”
Visa fraud alert puts banks, payment processors on guard– www.computerworld.com – 05/11/10 – “Visa Inc. last week sent a fraud alert to banks and payment processors warning them to look out for a "large batch settlement fraud scheme" involving a merchant account in East Europe.”
Hack Pack. The biggest identity theft case ever. right here in Miami. – www.miaminewtimes.com – 05/10/10 – “Andres Torres was dozing on a couch with the blinds drawn when he heard a chorus of boots pounding the stairs.”
ATM Hack Demo Planned For Black Hat – www.informationweek.com – 05/10/10 – “A banned demonstration of remote and local ATM vulnerability exploits is set to resurface at the Black Hat Security Conference July 24th - July 29th in Las Vegas.”
Heartland breach expenses pegged at $140M -- so far– www.computerworld.com – 05/10/10 – “The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up.”
Laval police stop phoney debit-card scam– www.globalsaskatoon.com – 05/10/10 – “Laval police say they have broken up a fraudulant debit-card ring.”
Coder Journeys From Wall Street to Prison– www.wired.com – 05/07/10 – “More than a month has elapsed since the years-long investigation and prosecution of TJX hacker Albert Gonzalez came to a dramatic end, with Gonzalez sentenced to 20 years in prison for the largest identity-theft case in U.S. history.”
Even Vendors See a Far-off Horizon for End-to-End Encryption– www.digitaltransactions.net – 05/07/10 – “End-to-end encryption of payment card data is all the rage among vendors to the merchant-acquiring industry, but vendors themselves believe it will take a long time for merchants to begin using their new technology.”
Heartland Breach: Consumer Settlement Proposed– www.bankinfosecurity.com – 05/0610 – “A proposed settlement of the consumer class action suit brought against payments processor Heartland Payments System got preliminary approval from a U.S. District Court judge in late April.”
Police: no leads in card-skimmer planting – www.northjersey.com – 05/06/10 – “The owner of the Exxon Mobile gas station on Pompton Avenue in Cedar Grove on Monday sought the speedy investigation of the two electronic card-skimming gadgets discovered attached to the station’s gas pumps last week.”
Building Trust and Growing the Brand: The Role of Privacy and Security in Retail 2010– www.retailsystemsresearch.com – 05/06/10 – “Retailers need customer data to respond more quickly to changes in demand patterns, to reduce out-of-stocks, to match product offerings with customers who want to buy them, and to improve their service to customers. But customer-specific information can go well beyond transactional sales data.”
Debit card fraud hits Hawkesbury, at least 130 clients affected– thereview.ca – 05/05/10 – “A large-scale debit card skimming operation in Hawkesbury resulted in significant financial withdrawals from the bank accounts of at least 130 Hawkesbury-area clients last weekend, according to the Ontario Provincial Police (OPP).”
Police seek information on card skimmer– dailyme.com – 05/05/10 – “Police are asking for help identifying an unknown suspect believed to be using a device that steals bank card numbers and pin codes from ATM machines in several western states to withdraw money from Vancouver-area machines.
End-to-End Encryption in Card Payments: An Introduction– www.aitegroup.com – 05/05/10 – “Vendors perceive merchants to be as likely to purchase E2EE solutions to offload PCI DDS requirements as they are to secure card data.”
Secret Service: ATM Card Skimming Five Times Higher This Year– advice.cio.com – 05/05/10 – “ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight.”
Reno police warn of gas station credit fraud– www.rgj.com – 05/04/10 – “Reno police say the arrest of two suspects in California ended a series of more than 100 thefts of credit card information at local gas stations in February.”
Nevada Specifies New Details For Encryption: What you Need to Know– www.brighttalk.com – 05/04/10 – “Nevada's Senate Bill No. 227 which came into effect on January 1, 2010, brings a surprising degree of specificity to defining encryption; encryption is the "protection of data in electronic or optimal form, in storage or in transit".”
Bank account thefts are traced to alleged snooping at drive-up– www.telegram.com – 05/04/10 – “The man waiting in the automated teller machine drive-up line looked like any other customer. But authorities said he was really peering at customers, eying their PIN numbers then stealing cash from their accounts.”
PCI compliance encryption includes hardening key management systems– searchsecurity.techtarget.com – 05/03/10 – “As companies deploy encryption to protect cardholder data, French security giant, Thales Group is making the case for hardware security modules (HSMs) to protect the underlying key management systems at the heart of all encryption systems.”
A ‘Russian roulette’ of risk results after data breaches- www.kansascity.com – 05/01/10 – “Even after an investigation by federal agents, the mystery lingers over how crooks stole credit card numbers from Llywelyn’s Pub.
Credit Card Fraud Syndicate Arrested – en.vivanews.com – 4/29/10 – “Fiscal, Monetary, and Foreign Exchange Unit of the Directorate of Crime and Investigation of Special Crimes of Jakarta Police Department arrested a credit card fraud syndicate.”

April 2010

Announce A Data Breach And Say It's No Big Deal?– www.cbsnews.com – 04/30/10 – “Data Breach Etiquette Rule #8: The moment you announce you screwed up and exposed customers’ payment data to cyberthieves is a really bad time to lecture customers that “it’s a lot less bad than it looks” and that “it’s important to remember you’re never responsible if someone uses your credit card without your permission.””
PCI council launches certification program for IT staff– www.computerworld.com – 04/30/10 – “The organization responsible for administering the Payment Card Industry Data Security Standard (PCI DSS) has launched a new program to help enterprises conduct self-assessments of their compliance with the standard.”
Two men face 300 charges in credit scam– www.edmontonjournal.com – 04/30/10 – “Edmonton police have laid more than 300 charges against two men in connection with a series of frauds involving counterfeit or stolen credit cards, bank cards, SIN cards and citizenship certificates.
Jakarta Cops Bust Credit Card Skimmer Suspects– www.thejakartaglobe.com – 04/29/10 – “Jakarta Police have arrested three people believed to be part of a sophisticated credit card fraud ring that allegedly swindled US and European nationals.”
What's wrong with the PCI security standard– www.sfgate.com – 04/29/10 – “The security standard used to protect credit cards isn't up to the task and upgrades that are planned for this fall do virtually nothing to improve it, a security expert told Interop attendees this week.”
Inside the TJX/Heartland Investigations– www.bankinfosecurity.com – 04/29/10 – “In an exclusive interview, Kim Peretti, former senior counsel with the Department of Justice, offers an inside look at these investigations.”
Retailers to Banks: Give Us Chip and PIN, Electronic Checks– www.banktech.com – 04/29/10 – “Executives at three of the largest payment-generating retailers — Walmart, Best Buy and T-Mobile — were on hand at the NACHA Payments conference this week to tell bankers what they want and the trends they see on the horizon.”
Retailers to Banks: Give Us Chip and PIN, Electronic Checks– www.banktech.com – 04/29/10 – “Executives at three of the largest payment-generating retailers — Walmart, Best Buy and T-Mobile — were on hand at the NACHA Payments conference this week to tell bankers what they want and the trends they see on the horizon.”
RBS chief victim of credit card fraud – www.walesonline.co.uk – 04/29/10 – “Banking chief Sir Philip Hampton has been a victim of credit card fraud, he revealed. The RBS chairman said his card details have been stolen two or three times by people in remote parts of the world he has never visited.”
Announcing A Data Breach And Saying It’s No Big Deal: Bad Move, Blippy– storefrontbacktalk.com – 04/29/10 – “On Friday (April 23), Kaplan announced on the company’s blog that four customers had their credit card numbers exposed on the site because Google cached some of its early testing. For some reason, Blippy publicly tested with live payment card numbers.”
Did Retailers Learn Any Lessons From Gonzalez?– storefrontbacktalk.com – 04/29/10 – “Albert Gonzalez succeeded—for several years, at least—as arguably the world’s most effective cyberthief, breaking into many of the largest retail chains (Target, 7-Eleven, TJX, JCPenney, Sports Authority, etc.).”
Blippy Fiasco Shows PCI Applies To Everybody—At Least It Should– www.storefrontbacktalk.com – 04/29/10 – “In our increasingly strange new world of social networking and mobile commerce, a whole range of unexpected places will need to deal with PCI DSS.”
Credit Card Fraud Syndicate Arrested – en.vivanews.com – 4/29/10 – “Fiscal, Monetary, and Foreign Exchange Unit of the Directorate of Crime and Investigation of Special Crimes of Jakarta Police Department arrested a credit card fraud syndicate.”
Cops: skimming devices were 'secreted' in gas pumps – www.northjersey.com – 4/29/10 – “Police are asking drivers who’ve gassed up at the Cedar Grove Exxon on Pompton Avenue in recent days to check their bank and credit statements for billing irregularities.”
What's wrong with the PCI security standard – www.networkworld.com – 04/29/10 – “The security standard used to protect credit cards isn't up to the task and upgrades that are planned for this fall do virtually nothing to improve it, a security expert told Interop attendees this week.”
Costs Of Data Breaches Much Higher In U.S. Than In Other Countries, Study Says – www.darkreading.com – 04/28/10 – “A data breach in the United States could cost enterprises twice as much as the same breach costs companies in other countries with less stringent disclosure and notification laws, according to a study published today.”
Debit card skimming scheme busted– www.globaltvcalgary.com – 04/28/10 – “Police have busted a sophisticated debit card skimming scheme and charged two Ontarians.”
Infosec 2010: What is lost data actually worth? – www.v3.co.uk – 04/28/10 – “With the Information Commissioner's Office (ICO) now able to fine firms up to £500,000 for any data losses, and more information than ever being stored, the safeguarding of that data is a major concern for all businesses.”
Engaging Your Staff in Data Protection– itmanagement.earthweb.com – 04/28/10 – “As security experts know all too well, staff knowingly and intentionally circumvent your carefully designed security protocols.”
Report: Tier 1 Merchants Pay $122,000 More For PCI Assessments – www.darkreading.com – 04/27/10 – “When it comes to annual costs for PCI assessments, not all engagements are created equal: Larger, Tier 1 merchants pay an average of $122,000 more, according to a survey of PCI qualified security assessors (QSAs) released today.”
InfoSec 2010: Europe to mandate reporting of serious breaches– www.v3.co.uk – 04/27/10 – “Organisations could soon be forced to report all serious data breaches to the Information Commissioner's Office (ICO), as part of an upcoming review of a European Union directive on the reporting of data losses.”
U.S. businesses face skimming fraud increase– www.scmagazineus.com – 4/27/10 – “U.S. banks are grappling with a recent increase in skimming attacks, which are being carried out by Eastern European gangs aiming to steal consumer bank account numbers and PINs, according to a Gartner analyst.”
ATM skimming gear busted by bank customer– www.cbc.ca – 4/27/10 – “Calgary police have arrested two Ontario men in what they described as a sophisticated operation targeting debit information at bank machines across Canada."
U.S. businesses face skimming fraud increase– www.scmagazineus.com – 4/27/10 – “U.S. banks are grappling with a recent increase in skimming attacks, which are being carried out by Eastern European gangs aiming to steal consumer bank account numbers and PINs, according to a Gartner analyst.”
Card skimmers jailed – fraudblog.dilloninvestigates.com – 4/27/10 – “Three card-skimmers ended up before the courts in Dublin in the last week. Nita Florin (35) is awaiting sentence after being caught with fake bank statements, driver's licence, passport and tax forms.”
Skimming discovered at bustling BMO Centre– www.metronews.ca – 4/27/10 – “Police say a quick-thinking man alerted them to an alleged debit skimming scheme at a busy BMO Centre over the weekend.”
Same bank machine targeted twice by skimmers– calgary.ctv.ca – 4/27/10 – “Police are investigating two card skimming cases that happened days apart at the same bank machine.”
Police arrest two people in Whitby credit card fraud– toronto.ctv.ca – 4/26/10 – “Durham Regional police say they have arrested two people and are looking for two more in connection with a continuing credit card fraud scheme in Whitby.”
Blippy to hire CSO, conduct audits after credit card breach– www.scmagazineus.com – 4/26/10 – “Blippy, a Silcon Valley start-up that enables users to share details in real time about purchases they make, plans to invest millions in information security following revelations that it exposed the credit card numbers of a small number of people through Google's search index.”
Women Accused of ATM Skimming Arraigned– darien.danville.patch.com – 4/24/10 – “Three Romanian women from New York were arraigned in Stamford Superior Court Friday on charges that stem from an ATM skimming incident that took place at People's Bank in downtown Darien the morning prior.”
Local debit cards affected in breach– www.wlfi.com – 4/24/10 – “Lafayette police say a national debit card security breach is hitting close to home.”
Blippy.com exposes users' credit and debit card numbers in security breach – latimesblogs.latimes.com – 4/23/10 – “August Capital partner David Hornik just announced on Blippy.com that he ponied up $8 million to lead a second round of funding for the controversial new website that shares credit card and online purchases with friends on the Web.”
Perth ATM users warned to be vigilant– www.perthshireadvertiser.co.uk – 4/23/10 – “Police are warning Perth bank customers to exercise extreme caution following the discovery of two covert card-reading devices on ATMs.”
Pub Looking Into Credit Card 'Processing Error'– www.wlky.com – 4/22/10 – “An investigation is under way following several incidents of credit card fraud. Louisville Metro Police told WLKY the U.S. Secret Service is investigating this case.”
PCI Compliance: Are U.K. Businesses Ready? – www.nacsonline.com. – 4/22/10 – “A new white paper released by CIO Business Technology Leadership reveals that U.K. businesses lag far behind their U.S. colleagues in meeting PCI security standards, with only 11 percent of U.K. organizations currently certified as PCI compliant.”
Two Romanian nationals charged with stealing bank account numbers – www.post-gazette.com – 4/21/10 – “Two Romanian nationals are in federal custody for allegedly using card skimmers to steal the account numbers from PNC Bank card users and then using those accounts to spend some $200,000.”
A Merchant Processing Score: The Anti-PCI– www.storefrontbacktalk.com – 4/21/10 – “Consider this scenario: You’re nervous. It’s the last day of a month-long assessment done by your Acquirer. They have had a team of IT forensics people booked in a conference room at your offices for the last 30 days, tearing apart your IT environment.”
TJX Adds Again To Its Breach Cost, But It Doesn’t Really Matter– www.storefrontbacktalk.com – 4/21/10 – “With TJX having suffered well more than $47 million in out-of-pocket expenses from its infamous data breach (announced in 2006 but beginning as early as 2003), the $20 billion retailer is preparing to write still more checks.”
Are Physical Attacks On POS PIN Pads On The Rise? Using Distance As A Defense– www.storefrontbacktalk.com – 4/21/10 – “One of the oldest tenets in security is that professional thieves will always attack the perceived weak point of security. A burglar will hit the back door until it’s reinforced with multiple deadbolts and then he’ll turn to the window.”
Tri Counties Bank says VISA credit breach is concern for its customers– www.chicoer.com – 4/21/10 – “Tri Counties Bank confirmed Wednesday it has sent out certified letters to at least 220 customers whose VISA credit and debit card information may have been illegally obtained.”
Two Romanian nationals charged with stealing bank account numbers– www.post-gazette.com – 4/21/10 – “Two Romanian nationals are in federal custody for allegedly using card skimmers to steal the account numbers from PNC Bank card users and then using those accounts to spend some $200,000.”
SCAM ALERT: Business credit card machine hacked; fraudulent purchases made– www.kfvs12.com/ – 4/20/10 – “Several area residents have come forward saying someone made fraudulent charges on their account.”
Credit Card Scammers Hit Walmart for $250,000– www.risnews.com – 4/20/10 – “Three cashiers were arrested for stealing more than $250,000 from a Walmart where they were employed.”
Injection tops list of web application security risks– www.securecomputing.net.au – 4/20/10 – “Injection flaws, particularly of the SQL kind, are now the most critical web application security risk for enterprises, according to a newly-updated report from the Open Web Application Security Project (OWASP).”
Quantum cryptography takes a step forward– www.securecomputing.net.au – 4/20/10 – “The next stage of encryption could be upon us after tests of quantum cryptography had a successful operation.”
The Security Conundrum – Part 1: The Puzzle– pymnts.com – 4/20/10 – “In recent weeks I have picked a number of conversation threads on the on-going difficulties of securing transactions, such as the recent PYMNTS.com posts of Mohammad Khan and Jack Jania or the ANSI X9 call for new standards to secure debit transactions.”
Mass. Eye and Ear Alerts Patients to Laptop Theft and Data Breach – www.newswise.com – 4/20/10 – “On February 19, 2010, a laptop belonging to a physician affiliated with the Massachusetts Eye and Ear Infirmary was stolen while the physician was lecturing in South Korea.”
Report: 10 percent of fraud victims fall victim to bogus ATM withdrawals– www.securityinfowatch.com – 4/19/10 – “According to a new report released earlier this month by Javelin Strategy & Research on ATM and PIN fraud, 10 percent of fraud victims in the U.S. experience fraudulent ATM cash withdrawals.”
Police Warn Regulator Over POS-System Hacking– www.paymentssource.com – 4/19/10 – “Korean federal police are asking the Financial Supervisory Service of Korea to ensure card issuers heighten credit card security, an official from the regulator confirms to PaymentsSource.”
Hancock Breach Reveals New Trend– www.bankinfosecurity.com – 4/19/10 – “The Hancock Fabrics data breach continues to raise new questions about the security of point of sale (POS) devices at retail stores.”
Security: 10 Most Dangerous Web App Security Risks– www.eweek.com – 4/19/10 – “With Web applications remaining a popular target for attackers, Web app security sometimes seems like a digital version of the "Good, the Bad and the Ugly.”
More than 100 report credit card fraud in Cedar Falls– wcfcourier.com – 4/18/10 – “Reports of credit card fraud keep rolling into the Cedar Falls police department. About 100 victims had come forward as of noon Wednesday, said Police Chief Jeff Olson.”
Paradise lost: a decade of data breaches– www.computerworld.com.au – 4/19/10 – “Do you think the moat around Australia extends around your business and hackers won’t target you? It doesn’t, and research says data breaches will be the elephant-in-the-conference-room at your next IT meet.”
Man charged for importing card skimmers– www.securecomputing.net.au/ – 4/19/10 – “Australian Customs won a small victory in the fight against bank fraud, arresting a 23-year-old Chinese man arriving at Brisbane International Airport late last week who was allegedly carrying tools used to "skim" bank cards.”
Card gang strike at Tesco store– www.portsmouth.co.uk – 4/16/10 – “Polise are hunting a gang who stole thousands of pounds by putting a card skimmer on a cash machine at a Tesco store on Hayling Island.”
Post-TJX: More Cooperation Needed– www.bankinfosecurity.com – 4/16/10 – “As the final chapter of the TJX data breach draws to a close with the sentencing of the last hacking conspirator, security experts say greater international cooperation is necessary to prevent future incidents.”
Final Conspirator in Credit Card Hacking Ring Gets 5 Years– www.wired.com – 4/15/10 – “Damon Patrick Toey, the “trusted subordinate” of TJX hacker Albert Gonzalez, was sentenced in Boston on Thursday to 5 years in prison.
Secret Service urges caution after discovery of credit card skimming scheme– www.independentmail.com – 4/15/10 – “The United States Secret Service says it has found evidence of an international credit and debit card fraud scheme in South Carolina and is urging consumers to exercise caution.”
The Latest PCI Compliance Stats Disappointing For Level 3s– www.storefrontbacktalk.com – 4/14/10 – “The latest PCI compliance stats—released by Visa this month—are a mixed bag, with Level 1s plateauing at about 15 major chains still non-compliant. But at the small and midsize merchant level, the numbers are so unimpressive that Visa has given up specifying the numbers. Not a good sign.”
Brokerage coughs up $375,000 for website breach– www.theregister.co.uk – 4/14/10 – “US brokerage D.A. Davidson has agreed to pay $375,000 to settle charges that lax security practices allowed criminal hackers from Latvia to pilfer the confidential information of some 192,000 of its customers.”
Credit card skimmer discovered in Wachovia ATM in Rockville location– www.gazette.net – 4/14/10 – “Cases of a hard-to-detect form of credit card fraud are showing up more frequently in the Washington, D.C., region, police say, including a recent case in Rockville, where a skimming device that reads encrypted credit card data was found in a Wachovia Bank branch Automated Teller Machine.”
New PCI Changes: Network Segmentation, One-Way PAN Hashing– www.storefrontbacktalk.com – 4/14/10 – “When the new version of PCI becomes the law of the card-processing land in October, it will include new rules and clarifications on a wide range of key retail payment complaints.”
PCI Rules Uncovered– www.verticalsystemsreseller.com – 4/12/10 – “Payment card industry (PCI) security. If one term and its related acronyms have been bandied about the channel and beyond over the past few years, this is it.”
Ingenico and Element Form a Strategic Partnership to Secure End-to-End Transaction Processing– www.marketwatch.com – 4/13/10 – “Ingenico, the leading worldwide provider of payment solutions, announced today that it has partnered with Element Payment Services, Inc., a leading provider of PCI DSS compliant payment processing solutions to software providers and merchants.”
ATM fraud losses down 36 per cent – www.cpifinancial.net – 4/13/10 – “EAST reports a 36 per cent drop in ATM related fraud losses in 2009, with total losses of $425 million reported. Overall ATM related fraud attacks rose eight per cent with a total of 13,269 incidents reported (up from 12,278 incidents in 2008). This rise has been led by a 209 per cent increase in the number of cases of card trapping (up to 2,166 incidents from 701 in 2008).”
Hypercom and First Data Team to Step Up Payment Industry’s Attack on Card Data Fraud – www.businesswire.com/ – 4/12/10 – “High security electronic payment and digital transactions solutions provider Hypercom Corporation and First Data Corporation today announced that First Data has approved Hypercom as an encrypting service organization for remote key injection and that Hypercom’s HyperSafe® Remote Key System will be available through First Data’s TASQ Technology.”
Malaysian man wanted over alleged $50 million card-skimming operation in Victoria arrested at Darwin airport– www.heraldsun.com.au – 4/13/10 – “The man had been implicated in a syndicate which allegedly stole money from Victorian teller machines, using data stolen from interstate bank account-holders.”
Does New Breach Law Have Teeth?– www.bankinfosecurity.com – 4/12/10 – “In response to the Heartland Payment Systems data breach and similar incidents, Washington has become the third state to pass legislation incorporating the Payment Card Industry Data Security Standard (PCI) to help financial institutions recover costs from credit/debit card breaches.”
Man-in-the-Middle Attacks against SSL– www.schneier.com – 4/12/10 – “A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much.”
Elizabeth Residents Charged In Identity Theft Scheme– njtoday.net – 4/12/10 – “An Elizabeth man and his girlfriend have been indicted for their roles in a scheme to steal other people’s identities and engage in credit card fraud, Attorney General Paula T. Dow and Criminal Justice Director Stephen J. Taylor announced.”
U.S. Dept. of Justice on Emerging Threats: Lessons from TJX, Heartland, and Other Breaches– www.bankinfosecurity.com – 4/10/10 – “Trends in debit and other payment card thefts;Lessons learned from recent breaches; Evolution of breach prosecutions; Steps you can take to avoid being the next victim.”
Payment Card Trapping Rises in Europe– www.pcworld.com – 4/8/10 – “Criminals are increasingly trying to trap debit and other payment cards within cash machines for later retrieval, according to a new report.”
Video: Data breaches to cost more in the cloud– www.securecomputing.net.au – 4/9/10 – “Remedying a data breach costs 40 percent more for businesses that store their data offshore, a study of Australian incidents has found.”
Report: ATM fraud on the rise– www.scmagazineus.com – 4/8/10 – “Nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 – which represents a “considerable increase” over 2008, according to a report released Tuesday by Javelin Strategy & Research.”
Lengthy jail term would waste fraudster's intellect: lawyer – www.timescolonist.com – 4/8/10 – “A co-founder of a Bank Street business that sold devices to forge bank cards was a "middle man" who acted more like a "petulant teenager" than the mastermind of a sophisticated criminal organization, his lawyer argued Thursday.”
Romanian police and FBI break up 70-strong eBay fraud ring– www.securecomputing.net.au – 4/8/10 – “Romanian authorities, in conjunction with US law enforcement, have arrested 70 individuals from three different organised cybercrime groups on charges they perpetrated online auction scams that targeted eBay users.”
BofA Insider to Plead Guilty to Hacking ATMs– www.pcworld.com – 4/7/10 – “A Bank of America computer specialist is set to plead guilty to charges that he hacked the bank's automated tellers to dispense cash without recording the activity.”
Stop the Madness! Payment Apps are on the iPad too soon– blogs.forrester.com – 4/7/10 – “Even though the iPad is barely birthed, there is already a push to provide payment applications for the device. It's time to pull the emergency brake on this trend. Are these applications PA-DSS certified?”
Police alerted to card skimmer – www.piquenewsmagazine.com – 4/7/10 – “Despite most banks switching over to cards with chips, thieves haven't given up trying to steal bank card numbers and pin codes.”
PCI Compliance Is Good; Data Security Is Better – www.storefrontbacktalk.com – 4/7/10 – “If you are like many CIOs, a lot of your security budget is driven by compliance requirements, including PCI DSS. Although many merchants feel they are secure once they achieve PCI compliance, that is not necessarily true.”
Key Logger: Key Stroke and Screen Capture– usa.visa.com/ – 4/7/10 – “To promote the security and integrity of the payment system, Visa is committed to helping clients and payment system participants better understand their responsibilities related to securing cardholder data and protecting the payment industry.”
Javelin report: ATM attacks growing in sophistication – searchfinancialsecurity.techtarget.com – 4/6/10 – “ATM attacks have shifted from basic skimming into attacks on ATM software and ATM networks, fraudulent mobile alerts, and account takeover via stolen information and call centers, according to a report released Tuesday by Javelin Strategy & Research.”
Credit Card Skimmer Bust– www.myfoxny.com – 4/6/10 – “Two restaurant workers are accused of using a credit-card skimmer to steal about $60,000 from customers.”
Police lay more EFTPOS skimming charges– www.securecomputing.net.au – 4/6/10 – “Police have laid charges against two men in NSW and Queensland over their alleged involvement in EFTPOS skimming scams.”
PCI Council readying end-to-end encryption guidance– searchsecurity.techtarget.com – 4/6/10 – “The PCI Security Standards Council is studying a number of emerging technologies and plans to issue a guidance document on end-to-end encryption when it releases the next version of the PCI Data Security Standards (PCI DSS), due out in October.”
Stillwater / Restaurant warns of credit breach– www.twincities.com – 4/6/10 – “More than a dozen people who visited Mad Capper Saloon & Eatery in downtown Stillwater in the past few weeks may have had their credit card information stolen by a thief who apparently obtained the numbers via an unsecured router.”
Case postponed for phishing scame suspects– www.thepost.co.za – 4/6/10 – “The bail application of two Nigerian men allegedly involved in a phishing scam that stole up to R55 million from Internet bankers was postponed to the end of the month, Pretoria police said on Tuesday.”
Police nab alleged card skimmers– www.couriermail.com.au – 4/6/10 – “An alleged EFTPOS skimmer poised to commit mass credit and savings card fraud across Queensland has been charged.”
Oxford County : Debit Card Skimmer Found in Tillsonburg– www.cd989.com – 4/6/10 – “If you used the TD bank machine at the Tillsonburg Town Centre Mall today, OPP are asking you to check your bank records.”
Visa reports rise in retail terminal key-logger attacks– www.bankingtimes.co.uk – 4/6/10 – “Visa has recently alerted its transaction processing members and their clients to an increase in keylogger attacks involving retailers.”
Madison County detectives solve ID theft cases; victims ate at same restaurant– www.bnd.com – 4/5/10 – “Madison County sheriff's detectives say their big break in solving a string of identity-theft cases was when they learned all four victims dined recently at the same restaurant.”
ATM card skimmer found in Rockville– voices.washingtonpost.com – 4/5/10 – “Rockville Police found a skimming device used to capture bank card numbers on a Wachovia Bank automated teller machine Saturday night, NBC 4 reports.”
St. Louis man charged with ID theft– www.thetelegraph.com – 4/5/10 – “Madison County sheriff's deputies have tracked down and arrested a man from St. Louis suspected of "skimming" information from credit cards at an Alton restaurant.”
Ocoee Publix Employees Find Skimmer On ATM– www.wesh.com/ – 4/2/10 – “Employees at one Orange County Publix said they found a skimming device on the store's ATM.”
Skimming Device Found On ATM At Publix – www.wftv.com – 4/2/10 – “At a busy Publix store, an identity thief put a skimming device on an ATM. Police aren't even sure how many victims may have had their bank information stolen."
MasterCard Launches 3 New PCI 360 Webinar Modules – www.iian.ibeam.com – 4/1/10 – “MasterCard takes a look into PCI, its stakeholders, and what it means to be PCI compliant. This module specifically discusses the role of MasterCard with the PCI SSC, the Site Data Protection Program and the PCI 360 Education Program."
The Fatally Flawed Assumptions In The Gonzalez Case – www.storefrontbacktalk.com – 4/1/10 – “As attorneys and retailers argued recently about the sentencing and secrecy of Albert Gonzalez’s criminal empire, various fundamental retail realities were forgotten."
JCPenney’s Breach: Differences From Feds, Gonzalez, JCPenney Itself – www.storefrontbacktalk.com – 4/1/10 – “In November 2007, Albert Gonzalez’s crew was in the midst of hitting their laundry list of major retailers when they used their SQL attack on JCPenney. But just how deep they penetrated the $18 billion clothing chain is unclear, with the Justice Department, JCPenney and intercepted messages from Gonzalez IM conversations all painting very different pictures."
Scammers Use iPhone to Plan Crime– www.cultofmac.com – 4/1/10 – “Two men charged in federal court with planting credit card skimmers at gas stations used an iPhone to plan the crime.”
Gonzalez Sentence Is No Deterrent to Hackers, Security Expert Warns– www.digitaltransactions.net – 4/1/10 – “The 20-year sentence imposed last week on Albert Gonzalez of Miami, the computer hacker who led the attack on Heartland Payment Systems, TJX Cos., and other major retailers, won’t deter future data breaches, a security expert says.”

March 2010

Credit card skimming scam suspected in Berkeley – articles.sfgate.com – 3/31/10 – “Berkeley police are probing thefts of credit card and debit card information that may be the work of criminals known as skimmers, officials said Tuesday.”
Budgeting For A Data Breach – www.storefrontbacktalk.com – 3/31/10 – “It has been said that there are two kinds of systems in this world: Those that have been breached, and those that are going to be breached. If this premise is true, doesn’t it make sense for CIOs to budget for a serious data breach or similar contingency?"
Tokenization: Cut Data Loss Incidents – www.aberdeen.com – 4/1/10 – “Better Evaluate Solutions Technology solution providers and payment processors have recently aligned to promote alternatives - including tokenization and end-to-end encryption - for the protection or elimination of stored cardholder data throughout the payment processing lifecycle."
Merchant Link, AJB Software Design Partner for TransactionVault – www.paymentsnews.com – 3/31/10 – “Merchant Link has announced that it has partnered with AJB Software Design, a provider of electronic payment authorization and data delivery solutions, to integrate Merchant Link’s TransactionVault, a tokenization technology to remove customer credit card data at the point of sale."
Hosted Payment Pages and Fields – paymentsviews.com – 3/31/10 – “As a volunteer at several non-profits, I have, of course, jumped or gotten pulled into those organizations’ payment issues."
Whitepaper: CyberSource Enterprise Payment – forms.cybersource.com – 3/31/10 – “In this whitepaper, you’ll see why three popular payment security myths have impeded many companies from seeing a path to Enterprise Payment Security 2.0, and what you can do to get your company on track."
Card Skimmer Used at Eden Prairie ATM – www.myfoxtwincities.com– 3/30/10 – “Police in Eden Prairie, Minnesota are warning of credit card skimmers at ATM machines after a card scanner fell off a machine earlier this month.”Tokenization eases merchant PCI compliance– www.computerworld.com – 3/30/10 – “Today, it's expected that merchants accept electronic payments and that those payments are secure with no data leaks or breaches of any kind.”
Second credit-card 'skimmer' sentenced in Maplewood case – www.twincities.com – 3/30/10 – “A second man has been sentenced in federal court for helping orchestrate a scheme to alter lost and stolen credit cards by attaching a "skimming device" to ATMs, including a machine at the TCF Bank in Maplewood."
Credit card skimming scam suspected in Berkeley – www.sfgate.com – 3/30/10 – “Berkeley police are probing thefts of credit card and debit card information that may be the work of criminals known as skimmers, officials said Tuesday."
Government Stops Shielding Corporate Breach ‘Victims’ – www.wired.com – 3/30/10 – “For the past few months, national retailer J.C. Penney has been fighting an under-seal court battle to keep you from knowing that its payment card network was breached by U.S. and Eastern European hackers."
Ohio Skimming Scam Nets $50K – www.bankinfosecurity.com – 3/30/10 – “An ATM skimming gang hit a Norwood, Ohio bank and stole $50,000 from more than 120 customer accounts."
Credit Card Skimmer Used at US Bank ATM in Eden Prairie – www.myfoxtwincities.com – 3/30/10 – “Police in Eden Prairie, Minnesota are warning of credit card skimmers at ATM machines after a card scanner fell off a machine earlier this month."
JC Penney Tried to Block Publication of Data Breach – www.pcworld.com – 3/30/10 – “Retailer JC Penney fought to keep its name secret during court proceedings related to the largest breach of credit card data on record, according to documents unsealed on Monday."
Aberdeen Group Recommends End To End Encryption to All Merchants – retailpayments.blogspot.com – 3/30/10 – “In November 2009, Aberdeen Group published their research paper titled, “The 2009 PCI DSS and Protecting Cardholder Data Report.”
State Security Breach Notification Laws – www.ncsl.org – 3/30/10 – “Forty-five states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information."
Bank Employee Finds Skimmer On ATM – www.clickorlando.com – 3/29/10 – “A bank employee noticed a "skimmer" on another Central Florida branch's ATM, prompting a police investigation."
Aite Group: E2EE is the best fraud protection technology available today – retailpayments.blogspot.com – 3/29/10 – “Aite Group published a report in March 2010, titled “Card Fraud in the United States: The Case for Encryption."
TJX Accomplice Sentenced to 7 Years in Prison – www.wired.com – 3/29/10 – “A hacker who helped TJX hacker Albert Gonzalez and others gain access to corporate networks was sentenced to 7 years and one day on Monday."
Skimmer Found On Daytona Beach ATM – www.wesh.com – 3/29/10 – “It may not have looked different to bank customers, but an automated teller machine at a Daytona Beach bank was rigged to steal debit card information from customers."
Man Caught On Camera Installing ATM Skimmer – www.wftv.com – 3/29/10 – “A Bank of America ATM was rigged by a thief with a skimming device on it and the subtle differences are things you’d never notice. The device could read every ATM card that went into the machine and also record people's PIN numbers."
Fifth Third Banks Charts New Security Course – www.americanbanker.com – 3/29/10 – “Man-in-the-middle attacks and other assaults on the browser are becoming more common and pose a challenge to the whole banking industry, says Joe Bernik, chief information security officer at Cincinnati-based Fifth Third Bank."
Data-Theft Ring Targeted Wet Seal, But No Card Information Stolen – www.paymentssource.com – 3/29/10 – “Retailer The Wet Seal Inc. acknowledged March 29 it was one of several retailers targeted by a card data-theft ring involving Albert Gonzalez, the hacker a U.S. District Court in Massachusetts sentenced last week for his role in stealing consumer card and financial information from a string of companies."
Skimmer found at Reading cash point – www.readingchronicle.co.uk – 3/29/10 – “BANK customers are being urged to be on their guard after a skimming machine was found at a Reading cash machine."
80% of Retailers believe E2E Encryption is very important in protecting customer information – retailpayments.blogspot.com – 3/29/10 – “Retail Systems Research recently published “Building Trust and Growing the Brand: The Role of Privacy and Security in Retail 2010.” (March 2010)."
QSA's Recommend End to End Encryption for Cardholder Data Protection – retailpayments.blogspot.com – 3/29/10 – “The Ponemon Institute recently published a study on PCI Compliance titled “PCI DSS Trends 2010: QSA Insights Report.” Published in March 2010, the study surveyed 155 QSAs worldwide to their opinions on PCI Compliance, PCI Compliance Costs, and encryption technology."
Visa launches Southeast Asia’s first mobile-based one-time password for online shopping – www.thaipr.net – 3/29/10 – “Visa cardholders in Thailand are the first in Southeast Asia to be able to use a mobile phone based one-time password to authenticate themselves when they use their Visa card for purchases over the internet."
ID theft hits 3.3 million college students – www.startribune.com – 3/27/10 – “Thieves stole computer data from Oakdale-based ECMC getting sensitive information about federal student loans. It is believed to be one of the biggest U.S. cases of student identity theft."
Local industry keen to mirror UK’s data breach fines – www.securecomputing.net.au – 3/26/10 – “Australia should follow Britain's lead in heavily fining organisations for serious data losses, according to security industry figures discussing the development with iTnews. "
Thieves Use Skimmer To Take $50,000 From ATM Customers – www.wlwt.com – 3/26/10 – “Norwood police are looking for the men who used an ATM skimmer to steal money from dozens of bank accounts."
Durham cops help crack 'sophisticated' ATM fraud ring – newsdurhamregion.com – 3/26/10 – “One Durham Region resident is among six people charged in connection with a sophisticated debit card fraud ring that had the potential to bilk banks out of millions of dollars."
ATM skimmer found at Buranda – south-east-advertiser.whereilive.com.au – 3/26/10 – “Police have warned southside ATM users to be vigilant after a card skimmer was discovered attached to a cash machine at a Buranda shopping centre yesterday.”
Gonzalez Lawyers, Judges Debate Data Breach Costs – storefrontbacktalk.com/ – 3/25/10 – “When two Boston-based federal judges sentence Albert Gonzalez Thursday (March 25) and Friday (March 26) for a rash of retail cyber-break-ins that he confessed to orchestrating, the exact sentence may be academic.”
Heartland Preps for Its Big End-to-End Encryption Rollout – www.digitaltransactions.net – 3/25/10 – “Merchant acquirer Heartland Payment Systems Inc.’s sales force will begin selling the company’s new end-to-end encryption system in the second quarter following testing that began last June, the company says.”
Visa to chop old-style credit cards – www.stuff.co.nz – 3/24/10 – “Visa will move to chip cards for all its credit cards from next month, with the days of signing for purchases to end in 2012."
New ICO penalties change the data security playing field– www.infosecurity-magazine.com – 3/24/10 – “As Infosecurity readers may be aware, on April 6, the ballgame for data security in the UK changes because, as from that date, the Information Commissioners' Office (ICO) has the power to fine organisations up to 500,000 pounds - up from 5,000 pounds previously - for serious data leaks or losses.”
Law Enforcement Appliance Subverts SSL – www.wired.com – 3/24/10 – “That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means."
The Spy in the Middle – www.crypto.com – 3/24/10 – “A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much."
TJX Hacker Paid $75K As Secret Service Informant – www.crn.com – 3/24/10 – “Notorious Miami hacker Albert Gonzalez was being paid $75,000 a year by the U.S. Secret Service to work as an undercover informant at the time he spearheaded the TJX hack in 2007, CNN reports.”
Thousands of dollars taken from bank accounts linked to ATM card skimmer – www.washingtonpost.com/ – 3/24/10 – “Thousands of dollars in unauthorized withdrawals were made from bank accounts in the Washington area after a skimming device was attached to an ATM in Alexandria, authorities said.”
Card-skimmer suspect still at large, cops say – www.recordonline.com – 3/24/10 – “Stealing other people's private ATM or credit card numbers does not require a computer science degree.”
New Washington Law Protects Credit Unions In Data Breaches – www.paymentssource.com – 3/24/10 – “A new law signed by Gov. Christine Gregoire Monday will lift some of the burdens on credit unions for reissuing credit cards in data breaches by making the offending parties liable.”
Fifth Third Data Breach Means New Debit Cards – www.wcpo.com – 3/24/10 – “Another week, another data breach affecting some Cincinnati area bank customers. This time, however, it's not PNC/National City customers affected, but rather some customers of Fifth Third bank.”
Eight Electronic Skimmers Found at Richfield Gas Stations – www.kcsg.com – 3/24/10 – “Two people were arrested Friday when identity theft took a high tech turn in Richfield. Electronic credit card skimming devices were found in two gas stations in Richfield on March 17.”
Utah police arrest suspected ATM skimmers; may be related to Reno-Sparks cases – www.rgj.com – 3/24/10 – “A Utah police department has arrested two men on charges they illegally hooked up devices to gas station pumps to collect ATM personal identification numbers from unsuspecting customers there.”
22 Banking Breaches So Far in 2010 – www.bankinfosecurity.com – 3/23/10 – “There have been 173 reported data breaches so far in 2010, and 22 of these involve financial services companies.
PCI Compliance Thought Leader Q&A: Dr. Anton Chuvakin – blog.elementps.com – 3/22/10 – “This month we’ve interviewed PCI Compliance Thought Leader Dr. Anton Chuvakipci compliance bookn, a recognized security expert in the field of log management and PCI DSS compliance.”
First Data's composite security system - a game changer? – www.greensheet.com – 3/22/10 – “Processing giant First Data Corp. recently launched a pilot security program to guard merchant POS systems, and the company hopes it will become a benchmark in the fight against data theft.”
Event Information: ETA Trustwave Webinar: Global Security Report 2010 – www.trustwave.com – 3/22/10 – “The Electronic Transactions Association and Trustwave invite you to attend a complimentary interactive webinar titled, Global Security Report 2010: Statistics and Trends.”
OIA worker accused of skimming money from parking-garage customers – www.orlandosentinel.com – 3/20/10 – “An Orlando International Airport toll-booth worker has been accused of defrauding people who paid for parking with their credit cards.”
N.B. arrests put spotlight on attempts to stamp out identity theft, fraud – timestranscript.canadaeast.com – 3/20/10 – “No matter how crafty criminals get in their attempts to steal banking information from consumers, Canada's banks are trying just as hard to thwart them.”
Suspected card skimming scam in Darwin – www.abc.net.au – 3/19/10 – “A Darwin woman says $2000 has been stolen from her bank account after a suspected card skimming incident at a Commonwealth Bank ATM.”
'Credit card theft? There's an app for that' – www.newscientist.com/ – 3/19/10 – “"Interested in credit card theft? There's an app for that." So says Gunter Ollmann, a security researcher at Damballa, a company based in Atlanta, Georgia.”
Thieves Steal National Store Chain’s PIN Pads – www.paymentssource.com – 3/18/10 – “Thieves stole an undisclosed number of PIN pads from Hancock Fabrics Inc. stores, replacing them with counterfeit terminals that illegally captured customer card data.”
PCI And Cloud Computing: It’s All About Scope – storefrontbacktalk.com – 3/18/10 – “The cloud is all the rage in corporate computing, and with good reason: It promises to significantly reduce your IT infrastructure investment and operating costs while improving availability.”
PNC/National City Cards Hit With Fraud – www.wcpo.com – 3/18/10 – “9News was first to report on a major data breach affecting hundreds of former customers of National City Bank, now with PNC.”
Fifth Third Processing Solutions Announces Enterprise Security and Encryption – www.your-story.org – 3/17/10 – “Fifth Third Processing Solutions, a premier full-service payment solutions provider, has designed a solution that encrypts critical payment and cardholder data at the front end of the payments process and maintains the security of that data through all of the processor systems.”
Credit card servers hacked at Small Dog Electronics – www.burlingtonfreepress.com – 3/18/10 – “Customers who donated to Haiti quake relief have information compromised; the breach compromised 1,225 cards, including those belonging to 179 Vermonters.”
Data Breaches Are Heaviest at Hotels – online.wsj.com – 3/18/10 – “Hackers are now stealing credit-card data from hotels more often than any other industry, according to data-security companies.”
Mary's Pizza hit by hackers – www.pressdemocrat.com – 3/17/10 – “Patrons of Mary's Pizza in downtown Sonoma will be alerted this week that their credit card numbers may have been stolen by an international computer hacker.”
Join CyberSource on March 24th, 2010 – www.cybersource.com – 3/17/10 – “Join CyberSource on March 24th, 2010 11am PT, 12pm MT, 1pm CT, 2pm ET. Managing Fraud Management 2010, Thwart botnet attacks. Boost productivity. Scale operations with less cost.”
Once More into the Breach – www.americanbanker.com – 3/17/10 – “The Heartland Payment Systems breach happened a long time ago—almost two years to be exact. But its lingering impact is still being felt across the payments industry.”
Radiant Systems and RBS WorldPay Announce the Launch of Token Replacement – www.businesswire.com – 3/15/10 – “Radiant Systems, Inc. (Nasdaq: RADS) today announced the release of Token Replacement, a new payment security feature that allocates a unique identifier, or token, to cardholder data at the RBS WorldPay host to prevent personal information from being stored on the point of sale.”
T.G.I. Friday’s Adopts Payment Token Service – www.paymentssource.com – 3/15/10 – “More than 300 T.G.I. Friday’s restaurants plan to use a payment card security method that masks sensitive transaction data with a numerical token, says Merchant Link, the company providing the TransactionVault service.”
FBI reports online crime losses double in 2009 – www.securecomputing.net.au – 3/15/10 – “Figures from the FBI's Internet Crime Complaint Centfe (IC3) show that the cost of internet fraud more than doubled in 2009.”
HSBC admits to understating data theft – www.securecomputing.net.au – 3/15/10 – “HSBC has admitted that it grossly understated the extent of a recent customer data heist.”
Businesses warned of new spam threat – www.securecomputing.net.u – 3/15/10 – “Business networks could be swamped by new trend in spam whereby messages are sent via the resource-hungry Transport Layer Security (TLS) protocol, according to new intelligence from Symantec Hosted Services.”
Royal Bank of Scotland raiders' huge £6m haul in just 12 hours – www.dailyrecord.co.uk – 3/14/10 – “Computer hackers linked to the Russian mafia robbed Royal Bank of Scotland customers of £6million in 12 hours.”
Walking a Tightrope Between PCI Compliance and Holistic Threat Management – www.risnews.com – 3/14/10 – “New PCI security standards continue to evolve and new deadlines approach. Securing your data from hackers is a high priority for every retailer, but is your checklist for comprehensive data security complete?”
N.J. authorities use high tech methods to nab cyber criminals – www.nj.com – 3/14/10 – “They are criminal cases that make most lawmen’s heads spin. The perpetrators can strike from any corner of the globe, and instead of guns they use invisible weapons called “bots” and “logic bombs.”
White-collar crime affects us all – www.winnipegfreepress.com – 3/13/10 – “When it comes to crime, media like it blue-collar style. Nothing draws readers' and viewers' fearful interest like murders, sexual assaults, drug orgies and other illicit depravity.”
Stores taking steps to protect pin pads – telegraphjournal.canadaeast.com – 3/13/10 – “Customers who make debit transactions need to be protected by the local businesses handing them the pin pad, a valley police officer says.”
Accused card skimmer indicted by Feds – www.timesherald.com – 3/13/10 – “A Philadelphia man was indicted in federal court Thursday for allegedly skimming numerous credit card accounts of customers at a Plymouth Meeting pizza restaurant.”
Hancock Fabrics Hackers Switch Stores' PIN Pads – blogs.forbes.com – 3/12/10 – “Targeting point-of-sale devices with malicious software is standard practice, as the wave of retail hackings over the last few years have shown.”
Thieves skim customer data from debit terminals – www.cbc.ca – 3/12/10 – “Thieves are accessing personal financial information using the old-fashioned smash-and-grab method, but what they're grabbing are point-of-sale terminals, not merchandise.”
CISO out of a job following RSA Conference appearance – www.securecomputing.net.au – 3/12/10 – “Pennsylvania CISO Bob Maley is out of a job, days after he joined a group of other state IT security chiefs on an RSA Conference panel and reportedly offered candid remarks about a recent data breach.”
More than 100 charges in ATM scam – www.winnipegsun.com – 3/12/10 – “Two Winnipeg men are facing more than 100 criminal charges after they allegedly tampered with automated teller machines to steal debit card data and money from dozens of unsuspecting victims.”
Thieves Skim Customer Data From Debit Terminals – news.aol.ca – 3/12/10 – “Thieves are accessing personal financial information using the old-fashioned smash-and-grab method, but what they're grabbing are point-of-sale terminals, not merchandise.
TJX Hacking Conspirator Gets 4 Years – www.wired.com – 3/11/10 – “Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy.”
PCI: What's Next and When? – www.bankinfosecurity.com – 3/11/10 – “How will the Payment Card Industry Data Security Standard (PCI DSS) be amended, and when? These are the key questions in payments security, and Bob Russo, GM of the PCI Security Standards Council, is prepared to start answering them.”
Thieves Clone Debit Cards in Jamaica – www.jamaica-star.com – 3/11/10 – “Holders of debit cards from various banks in the island are being urged to practise extra security measures when using automated teller machines, as criminals have devised new means through which to capture and steal account information.”
Duo jailed for card cloning – www.news24.com – 3/11/10 – “Two members of a credit card cloning syndicate were jailed by a Cape Town court on Thursday, one for seven years, the other for nine.
Romanian national convicted within ATM “skimming” scheme in Connecticut – www.thaindian.com – 3/11/10 – “A Romanian national was convicted for participating in a plot that “skimmed” ATM machines, resulting in thousands of dollars being lost, prosecutors said Wednesday.”
Merchant Risk Council's Annual Merchant Fraud Survey – www.paymentsnews.com – 3/10/10 – “The Merchant Risk Council (MRC), a merchant-led trade association focused on electronic commerce risk and payment strategies, has announced the results of its Annual Merchant Fraud Survey, sponsored by CyberSource Corporation.”
Counterfeit Card Fraud Drops by Half in the UK – www.pcworld.com/ – 3/10/10 – “Fraud losses due to counterfeit payment cards fell by half in 2009 from the year prior in the U.K., but online banking losses continued to rise, according to new banking industry figures released Wednesday.”
Reports of Compromised CC Information at Monoprice – www.blu-ray.com – 3/10/10 – “mmPopular audio/video cable retailer Monoprice has temporarily closed its website until March 15 while it performs "maintenance." The website doesn't go into further detail, but it allegedly shuttered after receiving several emails and phone calls from customers complaining about "odd" charges on the credit and debit cards they had used when purchasing from Monoprice.
Detroit twins, accused ring-leaders in credit card fraud uncovered in Saginaw, plead guilty – www.mlive.com – 3/9/10 – “Two suspected ringleaders in a Detroit-based counterfeiting scheme uncovered in Saginaw County have entered guilty pleas in U.S. District Court in Bay City.”
Trio charged in relation to debit machine tampering – telegraphjournal.canadaeast.com – 3/9/10 – “Three Quebec men appeared in Hampton provincial court on Monday to face charges related to tampering with debit and credit card machines.”
Survey: 9% Have Experienced ID Theft – www.bankinfosecurity.com – 3/8/10 – “About 9 percent of Americans have experienced an identity theft crime directly or through an immediate family member, a new survey shows. Of those crimes, nearly 6 percent involved medical identity theft.”
Securing payment data: The key to combatting card crime – www.retail-week.com – 3/8/10 – “While PCI compliance is vital for beating card payment fraud, end-to-end encryption is the real answer, according to Verifone marketing director Tony Saunders.”
Sophisticated Minnesota fraud ring has global tentacles – www.startribune.com – 3/8/10 – “A joint state and federal task force has been quietly targeting what investigators say is a sophisticated organized crime ring in the Twin Cities with about 200 members who have allegedly stolen identities, taken over bank and credit card accounts, distributed counterfeit checks and currency and defrauded businesses and banks nationwide.”
Police are investigating identity theft, grand larceny at local bank – www.strausnews.com – 3/8/10 – “The Village of Goshen Police Department is investigating a scheme to commit identity theft and grand larceny at the Goshen branch of the Bank of America, located at 54 West Main Street.”
Firms slow to awaken to cybersecurity threat – www.law.com – 3/8/10 – “An oddly worded e-mail was the first sign of something amiss at Los Angeles firm Gipson Hoffman & Pancione. It didn't read like the messages the firm's attorneys usually sent each other — didn't pass the "smell test.”"
Visa Europe releases industry’s first guidelines on data field encryption specification – www.visapromotions.net – 3/8/10 – “Visa Europe, Europe’s leading payment system, today launched the industry’s first guidance for data field encryption solutions by providing the minimum security practices needed to help support Payment Card Industry Data Security Standard (DSS) compliance.”
Top 10 hot topics at RSA 2010– www.securecomputing.net.au – 3/8/10 – “All in all it's been a fascinating show. The quality of keynote speakers was very high, with only a few boring rants, and people have been both knowledgeable and willing to share.”
Cops have image of Goshen ATM suspect – www.recordonline.com – 3/6/10 – “A bank surveillance camera captured the image of a suspected thief attaching an electronic "skimming" device to a Bank of America automatic teller machine at 54 West Main St., village police said Friday.”
PCI Compliance Deadline Fast Approaching for Merchants – www.americanbanker.com – 3/6/10 – “Merchants need to better protect consumer card data - and fast. But with a summer deadline looming to comply with card industry security standards, the work to get them up to speed is going to be taxing on smaller banks and merchant acquirers.”
Hancock acknowledges security breach– www.tradingmarkets.com – 3/6/10 – “Craft and fabric retailer Hancock Fabrics on Friday said PIN pads in some of its stores were stolen last fall and replaced with fraudulent pads, which could have led to identity theft for some of its customers.”
WEBINAR: Card Fraud in the United States: The Case for Encryption – www.aitegroup.com – 3/6/10 – “Join Aite Group senior analyst Nick Holland as he provides directional guidance on the most effective forms of card fraud management in the United States today. Based on recent Aite Group research, this webinar will examine the current U.S. card fraud landscape and present available fraud prevention solutions.”
Banks step up card security – www.straitstimes.com – 3/5/10 – “Singapore banks are rolling out a slew of measures to make card payment transactions more secure.”
Alleged card skimmer faces court – www.securecomputing.net.au – 3/5/10 – “A 36-year-old Romanian national has been extradited from Queensland to Sydney on ATM-skimming charges - the second such extradition from the state in as many months.”
Massachusetts High Court Rejects CUs’ Appeal In BJ Wholesale Card Breach – www.paymentssource.com
– 3/5/10 – “The state Supreme Court upheld a lower court ruling dismissing a suit by CUMIS Insurance Society and 130 credit unions claiming they were owed recompense in the 2004 credit card breach at BJ Wholesale Club.”
ISOs Said To Gain Knowledge From Large Merchants’ PCI Compliance Tribulations – www.paymentssource.com – 3/5/10 – “A recent study that focuses on Payment Card Industry Data Security Standard compliance among large merchants also is helpful for educating independent sales organizations and the smaller merchants with which they typically work, observers note.”
Area Dining Establishments Informed of Possible Data Security Breach – www.prnewswire.com – 3/5/10 – “Officials of The Westin Bonaventure Hotel & Suites which is independently owned by Today's IV, Inc. and operated by Interstate Hotels & Resorts, Inc. under a license issued by Westin Hotel Management, L.P. announced that the hotel's four restaurants—Lake View Bistro, Lobby Court Bar, Bonavista Lounge, L.A. Prime—and its valet parking operations may have suffered a data security breach between April 2009 and December 2009.”
Argos buries unencrypted credit card data in email receipts – www.theregister.co.uk – 3/5/10 – “Catalogue firm Argos has been criticised for an email security breach that exposed customers’ credit card details and CCV security numbers.”
Three men steal bank card information from customers – www.croatiantimes.com – 3/5/10 – “Police have arrested a director, a waiter and their accessory at a Zagreb city centre restaurant for stealing data from guests’ credit cards and using them.”
Howard Schmidt Dismisses Cyberwar Fears – www.bankinfosecurity.com – 3/5/10 – “White House Cybersecurity Coordinator Howard Schmidt isn't buying into the grim forecasts that the United States is ill prepared to defend the government's and nation's critical information assets from an immense virtual attack by political adversaries or cyber criminals.”
PCI tokenization push promising but premature, experts say – searchsecurity.techtarget.com – 3/4/10 – “Tokenization technology has the potential to protect credit card data while reducing the scope of a PCI DSS assessment, but a lack of standards and some complexity issues are cause for concern, panelists said Wednesday, at RSA Conference 2010.”
Florin Necula, Accused ATM Scammer, Swallows Flash Drive To Destroy Evidence – www.huffingtonpost.com – 3/4/10 – “While in custody of the Secret Service, Florin Necula, accused of scamming ATM machines, reportedly swallowed a flash drive in what seems to have been a desperate bid to hide incriminating evidence.”
At RSA Conference, experts dismiss end-to-end encryption claims – searchsecurity.techtarget.com
– 3/4/10 – “Fresh off of announcing a massive data breach at his company in 2009, Bob Carr, CEO of Heartland Payment Systems Inc., said the payment processing giant would convince the industry to make fundamental changes in the way it protects credit card data.”
Heartland Aftershocks: Still at Risk? – www.bankinfosecurity.com – 3/4/10 – “Earlier this week, First National Bank of Durango, CO came forward to reveal that as many as 5,000 of its customers were at risk because of new fraudulent transactions tied to the Heartland Payment Systems data breach.”
Survey says 89 per cent of firms not compliant with PCI-DSS – www.computing.co.uk – 3/4/10 – “A UK-specific survey of 100 retail, financial and hospitality firms has found that only 11 per cent are certified as compliant with new credit card standards to be brought in during June.”
Global computer hacking ring busted – www.straitstimes.com – 3/4/10 – “mm Spanish police have arrested three men and smashed a massive computer network that infected 13 million PCs with a virus that stole credit card numbers and other data.
Security Breach Notification Laws Reinforce Need for Cyber Insurance – www.insurancejournal.com – 3/4/10 – “With more than 40 states now enforcing privacy and security breach notification laws, underwriters are working hard to scoop up the business this niche creates, while also tweaking their policy forms to provide the broadest and most comprehensive coverage.”
NY man faces federal fraud charges after incident at Columbia airport – www.wistv.com – 3/3/10 – “A New York man faces federal fraud charges after trying to fly out of Columbia Metropolitan Airport using a stolen credit card, according to officials.”
INTERAC(R) Reminds Canadians to Practice Debit Card Safety During Fraud Prevention Month – www.newswire.ca – 3/3/10 – “March is Fraud Prevention Month and Interac Association, Canada's leading payment network, is reminding Canadians to continue to practice debit card safety routinely, even if they have a chip debit card.”
All N.B. banks hit by latest scam: official – telegraphjournal.canadaeast.com – 3/3/10 – “It's unclear how many people have fallen victim to a debit card scam, but banks have spent much of the week contacting card holders across the province.”
Security is weak in the cloud: RSA President – www.securecomputing.net.au – 3/3/10 – “Service providers need to demonstrate their ability to effectively enforce policy, prove compliance and manage multi-tenancy environments, so enterprises can outsource infrastructure to the cloud, Art Coviello, president of RSA, said during his keynote address at the RSA Conference in San Francisco overnight.”
Two charged in regional gas station credit-card scheme – www.contracostatimes.com – 3/3/10 – “Two men have been charged with rigging gas pumps to steal motorists' credit-card information in a scheme that police believe extends throughout Northern California.”
Skimming Concerns? Here’s What You Need to Know – www.nacsonline.com – 3/3/10 – “A number of news reports over the past month have focused on the topic of credit card skimming. NACS payments consultant Gray Taylor separates fact from fiction, and provide tips for what retailers and consumers can do to minimize the likelihood they are a target.”
Over 50% of apps vulnerable to security breaches – www.securecomputing.net.au – 3/3/10 – “More than half of internally developed, open source, outsourced and commercial applications are vulnerable to security breaches.”
Protecting Cardholder Data - End-to-End Encryption and Tokenization – register.webcastgroup.com – 3/3/10 – “Event Date: Thursday, March 18, 2010 @ 1:00 PM ET / 10:00 AM PT. Join us for what promises to be a highly informative and in-depth discussion of tokenization and end-to-end encryption. ”
SA 2010: Encryption and anti-virus are failing, warn experts – www.securecomputing.net.au – 3/3/10 – “The effectiveness of traditional anti-virus and encryption systems is failing, according to a panel of experts at the RSA 2010 conference in San Francisco”
Kaspersky calls for international internet government – www.securecomputing.net.au – 3/2/10 – “World governments need to create an international governance and policing organisation to combat the growing problem of cyber crime, according to Eugene Kaspersky, chief executive at security vendor Kaspersky Lab.”
Should Retailers Use PCI Training To Enhance—Or Replace—Their QSA? – www.storefrontbacktalk.com – 3/2/10 – “Details of the PCI Council’s new “Merchant QSA” training program will be finalized in a few months, but it’s unclear how retailers will use it.”
FTC To ControlScan: Your Web Site Security Seals Are Lies – storefrontbacktalk.com – 3/2/10 – “The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest firms issuing “Verified Secure Breach Protection” seals doesn’t really verify much at all.”
Contactless payment card limit raised to £15 – news.bbc.co.uk – 3/2/10 – “UK credit or debit cardholders can now spend up to £15 without offering a Pin number or a signature after the payment limit was raised for contactless cards.”
Woodside’s ATM Skimmers – sunnysidepost.com – 3/2/10 – “Three individuals with ties to Eastern Europe have been charged with putting “skimmer” devices on a Woodside bank’s ATMs last week in order to steal the account numbers and other personal information from customers’ credit/debit cards used at the machines.”
Data Breaches Revealed At Local Hospitals – www.thebostonchannel.com – 3/2/10 – “The U.S. Department of Health and Human Services has begun posting details about data breaches at doctor's offices, hospitals, health plans and other organizations subject to medical privacy laws.”
Debit cards | People urged to take steps to protect their PINs in wake of case where locals have reported illegal transactions – dailygleaner.canadaeast.com – 3/2/10 – “The Oromocto RCMP is investigating a string of debit card frauds that have affected customers in the Fredericton region.”
Trio Charged With Enabling ATM Skimmers – www.northcountrygazette.org – 3/2/10 – “Three individuals with ties to Eastern Europe have been charged with putting “skimmer” devices on a Woodside bank’s ATMs last week in order to steal the account numbers and other personal information from customers’ credit/debit cards used at the machines.”
What's Ahead For PCI? – www.americanbanker.com – 3/2/10 – “In the last several years, awareness of issues around payment card security and PCI standards has grown exponentially.”
Protegrity Creates a New Ground Breaking Scalable Tokenization Solution – www.marketwire.com – 3/2/10 – “Protegrity USA, Inc., an innovative leader in providing Data Security Management Solutions, today announced a ground-breaking tokenization enhancement to the upcoming release of the Protegrity Data Protection System (DPS) 5.2, the newest version of the Protegrity award-winning comprehensive data protection platform.”
Average Annual Cost of PCI Compliance Audit? $225,000 – www.nacsonline.com – 3/2/10 – “A new study reveals that merchants who undergo network audits to ensure PCI DSS compliance pay an average of $225,000 each year, with two percent of those failing the audits, Network World reports.”
Cybercriminals still consider hotels easy targets for credit card info – content.usatoday.com – 3/2/10 – “Are you more vulnerable to credit card theft if you stay in a hotel? No need to get paranoid, but it is a valid question, since online security firm Trustwave Spiderlabs consider hotels hackers' No. 1 target.”
Could a Cyberattack Hit Stocks You Own? – www.smartmoney.com – 3/2/10 – “Last week, Intel revealed in an SEC filing that its networks had been the cyber victim of “sophisticated attacks,” turning the chip maker into the latest casualty of computer hacking.”
How VARs (and ISVs) Can Navigate the World of Payment Processing – www.verticalsystemsreseller.com – 3/2/10 – “n recent years, savvy, forward-thinking VARs have begun to venture out of their comfort zone by tapping a variety of vertical niches.”
BPD eyes suspects in skimmer case – beniciaherald.wordpress.com – 3/2/10 – “Benicia Police Department investigators are working with the Martinez Police Department to see if Benicia residents are among the thousands bilked in a multi-state identity theft scheme that may have been solved with the arrest Friday of two Los Angeles County men, Lt. Mike Daley said Monday.”
Accused denies knowing accomplice – www.dailynews.co.za – 3/1/10 – “One of two men facing 34 counts of fraud involving cloned and stolen credit cards denied knowing his accomplice during their trial in the Bellville Specialised Commercial Crime Court on Tuesday."
According to RILA Survey: Protecting Customer Data is a Top Priority for Retailers – www.rila.org – 3/1/10 – “ccording to a report released today by the Retail Industry Leaders Association (RILA) in partnership with Retail Systems Research (RSR), more than ever before retailers are viewing the issues of privacy and security as strategic imperatives within their organizations.”
Thales and Ponemon Institute PCI DSS survey reveals that encryption is the most effective means for end-to-end protection – www.realwire.com – 3/1/10 – “Thales, leader in information systems and communications security, announces the industry’s first ever look into Qualified Security Assessors’ (QSAs) preferences, recommendations and costs.”
First Data Extends Payment Card Security Trial to Hundreds of Merchants – www.businesswire.com – 3/1/10 – “First Data Corporation, a global leader in electronic commerce and payment processing, today announced the expansion of a merchant pilot of the First Data® TransArmorSM solution.”
WHAS11 Investigation: ATM scam steals $1B per year with skimmers – www.whas11.com – 3/1/10 – “We use them all the time and most of us consider ATMs to be safe. But everyday hundreds of thousands of dollars are stolen from people and their personal information taken seconds after they swipe their cards.”
Wyndham computers hacked into again for credit card names, numbers – content.usatoday.com – 3/1/10 – “mm Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing customer's credit card information, according to an IDG New Service article on CIO.com.”
Why trust a hotel chain that’s had three data breaches in a year? – www www.networkworld.com 3/1/10 – “Never mind three strikes and you're out. How about three strikes and I'm not even thinking about checking in to your hotel?”
Digital Thieves Dominate Data Breaches – www.pcworld.com – 3/1/10 – “For the first time, hackers have become the biggest cause behind publicly reported data breaches, according to a recent report.”
Verizon shares framework to gather, analyze security incident data – www.computerworld.com – 3/1/10 – “The idea behind the Verizon Business incident-sharing metrics framework, which underpins the company's highly regarded data breach investigation reports, is that those who do not learn from security incidents are doomed to repeat them.”

February 2010

Man finds card skimmer at ATM – www.abc.net.au – 2/27/10 – “The Major Fraud Squad is investigating the discovery of an ATM card skimming device in the Perth northern suburb of Innaloo.”
Alleged thief was arrested in 2008 in Nevada -- claycord.blogspot.com – 2/27/10 – “One of the two men Martinez Police arrested yesterday for gas pump skimming and identity theft has been arrested before in Las Vegas for credit card fraud and identity crimes.”
Curious cops bust Durham-wide fraud scheme – www.newsdurhamregion.com – 2/26/10 – “Police seize thousands of dollars worth of goods from trio of suspects.”
Mass. Privacy Law: Are You Compliant? – www.bankinfosecurity.com – 2/26/10 – “Monday, March 1, was the deadline for entities doing business in Massachusetts to comply with a tough new state law designed to safeguard residents' personal information.”
Skimming device seized at shopping centre – www.securecomputing.net.au – 2/26/10 – “Police seized an ATM card skimming device in Sydney's inner west yesterday following a tip-off from a security guard.”
Card skimmer found at bank ATM – www.watoday.com.au – 2/26/10 – “A card skimming device was seized from a Commonwealth Bank ATM in Scarborough last night.”
Suspicious activity leads to arrest on credit card fraud charges – www.strausnews.com – 2/26/10 – “This police story started on Tuesday, Feb. 16, at the Radio Shack store in Monroe and ended with a 21-year-old Queens man in Orange County Jail in Goshen.”
Wyndham Hotels Hacked Again – www.pcworld.com – 2/26/10 – “Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data.”
Ottawa Regional warns patients of security breach – mywebtimes.com – 2/26/10 – “Ottawa Regional Hospital patients who have paid their bill online were notified this week their credit card and checking account information may have been put at risk.”
Martinez police arrest two in credit card skimming operation – www.contracostatimes.com – 2/26/10 – “Police arrested two men from Armenia on Friday suspected of running a sophisticated credit card skimming operation that may have cost Bay Area motorists hundreds of thousands of dollars.”
Why intrusion prevention systems fail to protect web applications – www.scmagazineus.com – 2/26/10 – “here is overwhelming evidence in reports such as the SANS Top Cyber Security Risks and the Verizon Data Breach Investigation Report that web applications are the Achilles' heel of most networks and criminals know it.”
Five Security Missteps Made in the Name of Compliance – www.csoonline.com – 2/26/10 – “In the hurry to meet a regulatory compliance deadline, companies risk making some costly security mistakes. Here are five examples.”
Large-scale credit card data robbery in Helsinki - www.helsinkitimes.fi - 2/25/10 - "The data from as many as 100,000 credit cards were endangered by a security breach, the financial paper Kauppalehti reports."
The Cost Of A Breach, Heartland Style: At Least $129 Million; Might Be $229 Million - www.storefrontbacktalk.com - 2/24/10 - "In its latest financial report, Heartland Payment Systems reported that it dropped $129 million on data breach costs last year (an incident that briefly placed Heartland on Visa' Bad Boy Breach List)."
Missed A Vulnerability Scan? The PCI Council Just Threw You A Lifeline - www.storefrontbacktalk.com - 2/24/10 - "The PCI Council may have thrown a compliance lifeline to retailers that are missing a required quarterly external vulnerability scan."
U.S. v. HARRIS - www.leagle.com - 2/24/10 - "Defendant-Appellant Andrea Renee Harris (Harris) pleaded guilty to one count of bank fraud, in violation of 18 U.S.C. § 1344, on March 18, 2008, and was sentenced in November 2008. On July 15, 2008, in an unrelated case, Defendant-Appellant DeMarquis LaDelle Williams (Williams) pleaded guilty to one count of conspiracy to traffic in or use unauthorized access devices, in violation 18 U.S.C. §§ 371 and 1029(a)(2), and was sentenced on December 3, 2008."
Secret Service Investigating Debit-Only Breach Of An Alabama Dairy Queen - www.storefrontbacktalk.com - 2/24/10 - "For the mysterious data breach crime folder, the U.S. Secret Service is investigating a series of payment card thefts—originating at an Alabama Dairy Queen—that has only been impacting debit cards."
Federal Trade Commission links wide data breach to file sharing – www.washingtonpost.com – 2/23/10 – “The Federal Trade Commission said Monday that it has uncovered widespread data breaches at companies, schools and local governments whose employees are swapping music, software and movie files over the Internet.”
1 arrested, 3 sought in ATM 'skimmer' scheme - suncoastpinellas.tbo.com - 2/22/10 - "Four Bulgarian men put "skimmers" on ATM machines at SunTrust banks in Hillsborough and Pinellas counties last summer and obtained identifying information on hundreds of bank accounts, according to a federal complaint."
89 percent of ANZ organisations face cyber attack - computerworld.co.nz - 2/22/10 - "Symantec study finds 43 percent of ANZ IT executives rate security their number one issue."
PCI compliance requirements affect IT risk assessments - searchsecurity.techtarget.com - 2/22/10 - "The chapter from the book PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, explains the relationship between PCI compliance requirements and risk management."
More people report debit info stolen at Rocklin gas pumps - www.sacbee.com - 2/22/10 - "Rocklin police said Thursday that a growing number of people are reporting that their debit card information was stolen by a sophisticated device hidden in two Rocklin gas pumps."
Jail door slams on skimming scam - www.southwestreviewnews.com - 2/21/10 - "A woman turned herself in to the West St. Paul Police Department Feb. 16 for her role in a credit card skimming scam that has affected at least 15 victims and pilfered over $30,000 in goods."
San Mateo out to stop ‘skimming’ – www.sfexaminer.com – 2/20/10 – “Chris Feasel has been a victim of identity theft twice. But that doesn’t stop the San Mateo deputy district attorney from going to the ATM or filling up at a gas station.”
Data-Centric Security: Mix Technology, Process - www.informationweek.com - 2/20/10 - "Aligning protection with data involves navigating corporate politics and business requirements and seeking out knowledge owners. A few key technologies can help, too."
Customer Vs. Bank: Who is Liable for Fraud Losses? - www.bankinfosecurity.com - 2/22/10 - "At first this court case was a curiosity: Experi-Metal Inc. (EMI), a Michigan-based metal supply company, sued Comerica Bank, claiming that the bank exposed its customers to phishing attacks."
Verizon Incident Metrics Framework Released – securityblog.verizonbusiness.com – 2/19/10 – “Many of you who read our blog regularly are familiar with our ‘Data Breach Investigations Report’. We hope that you’ve found past reports informative, useful, and above all, actionable. The production of the DBIR has been driven by our desire to help solve what we see as two of the most significant problems facing our industry.”
Broad New Hacking Attack Detected - online.wsj.com - 2/18/10 - "Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach."
Police Not Giving Up In Hunt For ATM 'Skimmer' – www.journal-topics.com – 2/18/10 – “Elk Grove Village and Addison police remain on the hunt for a man who used a "skimmer" to steal information from cards at automatic teller machines (ATMs) to create fake cards that he would then use to plunder bank accounts.”
Broad New Hacking Attack Detected – online.wsj.com – 2/18/10 – “Global Offensive Snagged Corporate, Personal Data at nearly 2,500 Companies; Operation Is Still Running”
Business Counter-Sues Bank in Fraud Dispute – www.bankinfosecurity.com – 2/18/10 – “The Texas machinery company that was sued by its bank after a data breach has filed a countersuit against the institution, saying it "won't be bullied."
Cottage Grove woman arrested in identity theft scam - www.twincities.com - 2/17/10 - "A Cottage Grove woman suspected of going on a spending spree with a Coon Rapids man after he skimmed customers' credit card information from a T.G.I. Friday's where he worked as a waiter has turned herself in to West St. Paul police."
Debit-card skimmers hit Windsor, Ont. - www.cbc.ca - 2/17/10 - "Hundreds of people in the Windsor, Ont., area say their debit cards were skimmed and their bank accounts raided by what police believe is a sophisticated crime ring based in Quebec."
"Iceman" hacker gets 13 years - www.securecomputing.net.au - 2/17/10 - "A San Francisco man charged with hacking into financial institutions and then hawking the stolen data in an online forum has been sentenced to 13 years in a US federal prison."
Are Chip and PIN Credit Cards Coming? - www.foxbusiness.com- 2/17/10 - "The U.K. is all abuzz about "chip and PIN," but it's not a popular pub snack or a nickname for the newest celebrity power couple. It's the credit card security system rolled out in recent years to stem a wave of credit card crime."
Police warn of credit card 'skimming' at gas stations - www.abc4.com- 2/17/10 - "Utah police investigators said crooks have installed electronic "skimming" devices at 180 gas stations from Salt Lake to Provo in an attempt to steal bank card and pin numbers."
Top 25 Programming Errors: Should Software Developers be Liable? - www.bankinfosecurity.com- 2/16/10 - "Should software developers be held liable for their programming errors? A consortium of international cybersecurity experts says yes - and will present its plan for such a program on Tuesday. But at least one dissenting voice calls the effort "counterproductive and silly."
Sneak Preview of Upcoming Privacy and Security Report - www.retailsystemsresearch.com - 2/16/10 - "Next week, we will be releasing our first privacy and security benchmark since the beginning of 2008, and what has taken place in that time span is quite intriguing."
Windsor cops bombarded with calls from victims of debit card scam - www.windsorstar.com - 2/16/10 - "A debit card scam uncovered by Windsor police over the weekend has now claimed hundreds of victims and morphed into the largest investigation the financial crimes unit has handled in recent years. "
'Skimming' device found on Sandy gas pump - www.sltrib.com - 2/16/10 - "Thieves racked up more than $11,000 in fraudulent charges on Utah credit and debit cards after stealing the numbers with a "skimming" device placed inside a Sandy gas station pump, police said."
Criminals 'skimming' account information at gas pumps - www.ksl.com - 2/16/10 - "Police in Sandy say criminals have been using an electronic device attached to gas pumps that allows them access to credit and debit accounts."
SQL Injections Resulted In Rise In Data Breaches During 2009 - www.spamfighter.com - 2/16/10 - "Research emphasizes that in 40% of the total incidences of computer attacks, SQL injection was used to compromise data."
Accused EFTPOS skimmer granted bail - www.watoday.com.au - 2/16/10 - "A British man allegedly involved in a multi-million fraud targeting McDonald’s customers around Perth has been granted bail despite prosecution claims he will flee the country "‘business class".
Police extradite alleged card skimmer - www.securecomputing.net.au - 2/16/10 - "Victorian Police have extradited a 31-year-old Malaysian man from Brisbane who is believed to be linked to a card skimming syndicate."
Chip and Pin fraud claims dismissed - tech.uk.msn.com - 2/16/10 - "Credit and debit card providers have dismissed claims that fraudsters were able to exploit flaws in the Chip and Pin payment system to use stolen cards."
Shell hit by massive data breach – www.theregister.co.uk – 2/15/10 – “Shell has been hit by a massive data breach - the contact database for 176,000 staff and contractors at the firm has been copied and forwarded to lobbyists and activists opposed to the company.”
2010 Identity Fraud Study: Threats and Trends - www.bankinfosecurity.com - 2/15/10 - "Identity fraud crimes expanded at a 12% rate in 2009. What can we expect to see in 2010?"
Cambridge researchers show that the Chip and PIN system is vulnerable to fraud - www.cl.cam.ac.uk - 2/11/10 - "Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond, researchers at the Computer Laboratory, University of Cambridge, have shown that flaws in the Chip and PIN system allow criminals to use stolen credit and debit cards, without knowing the correct PIN."
Detectives Search for "Skimming" Suspect in Sparks - www.ktvn.com. - 2/15/10 - "Dozens of people have reported unauthorized charges on their debit and credit card accounts during the last couple of months."
Woman Wanted in Skimmed Credit Card Shopping Spree - www.myfoxtwincities.com - 2/13/10 - "Police in West St. Paul, Minnesota are looking a woman who went on a shopping spree using credit card information "skimmed" by a former TGI Friday's server."
‘Card skimmers’ at gas pumps stealing information, police say - www.columbian.com - 2/13/10 - "Someone has been placing skimmers on gas pumps to illegally harvest customers’ debit or credit card and PIN numbers and use them to make fraudulent purchases, police say."
MasterCard is pleased to announce the 8th Annual Global Risk Management Conference - The Americas - www.mastercard.com/arm - 2/12/10 - "Join MasterCard, industry thought leaders, and your colleagues in collaborative and thought provoking sessions focused on arming you with the latest knowledge and strategies for mitigating fraud."
W. St. Paul Police investigate "skimming" credit card fraud - www.kstp.com. - 2/12/10 - "W. St. Paul Police Dept. in cooperation with four other departments are searching for a second suspect connected with an identity fraud and credit card fraud scheme."
ID theft still on the rise, though victims respond faster - www.securecomputing.net.au - 2/12/10 - "Incidents of identity theft and the total cost of fraud once again climbed last year, but consumers are becoming better equipped to respond to the occurrences of theft, according to a report released from Javelin Strategy & Research."
Thief uses skimmer to steal ATM info - abclocal.go.com - 2/12/10 - "Suburban police are warning the public about a series of incidents in which a crook attaches card readers and small cameras to ATMs in order to steal card information."
Security Versus Scope: Choose One - www.storefrontbacktalk.com - 2/11/10 - "Tokenization and end-to-end encryption are designed to secure information both in transit and at rest."
PCI Standards Training Program - www.pcisecuritystandards.org - 2/12/10 - "A comprehensive PCI Standards Training program offered directly by PCI SSC. The Payment Card Industry Security Standards Council (PCI SSC) is pleased to announce the first six months of dates and locations for the 2010 PCI SSC Standards Training."
Breach Prevention is Critical as HIPAA Compliance Worlds Collide - www.healthleadersmedia.com - 2/12/10 - "Privacy and security officers have to comply with more rules than ever."
Chip and pin should be overhauled to protect millions of bank customers - www.telegraph.co.uk - 2/12/10 - "Experts at Cambridge University believe the system is "broken" after they tricked it into accepting transactions without using a valid personal identification number."
Lengthy jail term would waste fraudster's intellect: lawyer - www.ottawacitizen.com - 2/12/10 - "Forging bank cards wrong, but 'mischievous' man hopes to contribute to society, judge told."
Researchers find huge weakness in European payment cards - www.computerworld.com - 2/12/10 - "Hundreds of millions of payment cards throughout Europe have a flaw that could allow criminals with a stolen card to enter any random PIN to complete a transaction, according to researchers from the University of Cambridge."
PCI DSS regulations should not be written off as being unsuitable, as an understanding of the terms and options are often ignored - www.scmagazineuk.com - 2/11/10 - "Credit card companies should be encouraged to work with smaller vendors when it comes to compliance, but it is too soon to write off PCI regulations."
Voltage Security Completes Independent Security Review - finance.yahoo.com - 2/11/10 - "Conforms to Visa Best Practices for Data Field Encryption; Format-Preserving Encryption Meets Recommendations for End-to-End Encryption."
New flaws in chip and pin system revealed - www.bbc.co.uk - 2/11/10 - "Most of us do not think twice about paying for something in a high street shop by keying in our pin. It is easy, fast and in most cases it works."
PCI DSS regulations not suitable for small businesses, says web hoster - www.securecomputing.net.au - 2/11/10 - "A claim has been made by a small business owner that if the Payment Card Industry Data Security Standard (PCI DSS) regulations were enforced, it would "cripple" such enterprises."
Credit card data security: Who's responsible? - www.networkworld.com - 2/11/10 - "About a year ago security at Heartland Payment Systems Inc. was breached and information affecting more than 100 million credit cards stolen. Was it Heartland's fault, or should the credit card companies shoulder more of the responsibility?"
Lawrence Welk Resort Furious with Visa - www.courthousenews.com - 2/11/10 - "The Lawrence Welk Resort says a tech company disabled its computer security system, making 1,427 customers' credit cards vulnerable to ID theft."
How the Cambridge chip and PIN attack works - resources.zdnet.co.uk - 2/11/10 - "Cambridge University researchers have uncovered a major security flaw in chip and PIN, the UK's standard payment card system."
Could Visa’s New No-Signature Rule Hurt Contactless Payments? - www.digitaltransactions.net - 2/11/10 - "Visa Inc.’s announcement this week that starting this summer it will no longer require signatures for transactions of $25 or less at most U.S. merchants heralds a policy that will result in faster and smoother transactions but could also undermine the payments industry’s move toward contactless technology."
Identify theft continues to keep Metro’s Electronic Crimes Unit busy - www.lasvegasweekly.com - 2/10/10 - "The fraud took 48 hours from start to finish — a credit card that was swiped at a high-end fashion retailer in Las Vegas on Monday was counterfeited and being used by Wednesday, often in Greece, Turkey, Morocco, Germany or Spain."

Police arrest credit card skimmer supplier - www.thejakartapost.com - 2/10/10 - "Police have arrested a man who allegedly supplied devices to illegally duplicate credit cards in Indonesia."
Card-skimming gang hits Melbourne ATMs - moorabbin-glen-eira-leader.whereilive.com.au - 2/9/10 - "Three fraudsters have been using fake cards at ATMs to steal from people’s bank accounts."
Sydney fraudsters use Melbourne ATMs to drain accounts - www.smh.com.au - 2/9/10 - "Sydney fraudsters using fake cards are draining cash from ATMs across Melbourne."
Credit card information used to buy gift cards - www.owensoundsuntimes.com. - 2/9/10 - "A man who used "skimmed" credit card information to buy nearly $6,000 worth of gift cards at a local variety store pleaded guilty to six counts of fraud."
Card skimming syndicate hits Melbourne - www.securecomputing.net.au - 2/9/10 - "Victorian detectives are investigating links between three ATM fraudsters in Melbourne and a major card skimming syndicate in NSW."
Visa to Expand 'No Signature Required' Program - www.csnews.com - 2/9/10 - "Visa Inc. said it plans to offer its No Signature Required program to the majority of merchant categories in the United States beginning July 2010."
XAC To Use Voltage Security’s SecureData Program - www.paymentssource.com - 2/9/10 - "Point-of-sale terminal maker XAC Automation Corp. will use advanced payment-data encryption technology from Voltage Security Inc. in its new devices, Voltage announced this week."
Police Officer Victim of Debit Card Skimming - www.atv.ca - 2/6/10 - "The very person who alerts the public about crime and scams in Saanich is a victim herself. Last weekend, Saanich Police Sgt. Julie Fast attempted to buy a muffin for $2, when her debit card was declined. "
Pinpad scam resurfaces - www.bclocalnews.com - 2/5/10 - "A number of Kamloops businesses should be expecting a visit from the RCMP in the near future."
Hackers Feast on SQL Injection Exploits - www.esecurityplanet.com - 2/5/10 - "Hackers used SQL injection tactics to access corporate networks in 60 percent of significant data breach incidents reviewed by 7Safe, a leading computer security and forensics consulting firm in London."
Cybersecurity Enhancement Act passed by US House - www.securecomputing.net.au - 2/5/10 - "One week after having nearly 50 of its websites defaced by hackers, the US House of Representatives has passed a bill that would seek to improve cybersecurity within the federal government and the public sector."
Hospitality Industry Hit Hardest By Hacks - www.darkreading.com - 2/5/10 - "Trustwave report on data breach investigations shows hotels were breached more than financial institutions last year, and nearly all attacks were after payment-card data "
Criminals exploiting flood of leaked personal data - www.securecomputing.net.au - 2/5/10 - "Incidences of personal data being stolen and sold online have soared by 230 per cent since 2007, according to new figures from fraud database firm Lucid Intelligence."
Rash of debit card fraud hits Flagler - www.news-journalonline.com - 2/5/10 - "While Steve Woodsmall traversed northeast Florida, stopping off at the doctor, refereeing a basketball game, thieves were on a spending spree -- on his dime."
The 2009 PCI DSS and Protecting Cardholder Data Report - www.aberdeen.com - 2/4/10 - "This benchmark report, Aberdeen's third annual study on PCI DSS and Protecting Cardholder Data, provides year-over-year insights into the progress that affected organizations have made in achieving and sustaining compliance with the Payment Card Industry Data Security Standard, as well as the specific areas of greatest challenge."
PCI DSS Releases FAQ about End to End Encryption - retailpayments.blogspot.com - 2/4/10 - "While major updates to the PCI Data Security Standard get issues with new versions, such as the one to be published later this year, the PCI Security Standards Council often releases FAQ’s that provide clarification or guidance to merchants and QSA’s. In December, the PCI SSC published an FAQ dealing with the impact of end to end encryption on PCI Scope."
Credit union's Visa debit cards breached - www.recordonline.com - 2/4/10 - "A debit card problem has affected some cards issued by Hudson Heritage Federal Credit Union. About 85 accounts were potentially exposed, and the bank has issued new cards to the affected accounts and is monitoring for possible fraudulent activity, said bank President and CEO Michael Ciriello. Bank officials think the breach occurred either at a specific merchant or a third-party transaction processor that was not abiding by Visa's rules."
Hackers Target Hotels for Card Data As Malware Gets More Insidious - www.digitaltransactions.net - 2/4/10 - "A growing emphasis by computer hackers on stealing payment card data from hotels and resorts and their increasingly sophisticated malicious software and attack methods are two highlights in a new report from security consulting and technology firm Trustwave Holdings Inc."
Hacker attacks Ceridian; data from 27,000 at risk - www. startribune.com - 2/4/10 - "A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially revealed the names, Social Security numbers, and, in some cases, the birth dates and bank accounts of 27,000 employees working at 1,900 companies nationwide."
107.5 Kiss FM - Debit Card Fraud Prompts Warning - www.1075Kiss.com - 2/4/10 - "Police say there could be more than 60 victims of a debit card skimming scam in the North Okanagan. One person is said to have been victimized of $1,000, twice, while another had $800 taken from an account."
Encryption, PIN Security, EMV Top Busy Agenda for PCI Council in 2010 - www.digitaltransactions.net - 2/4/10 - "A busy year is on tap for the PCI Security Standards Council, with revisions due not only for the main Payment Card Industry data-security standard but also standards governing PIN-entry devices and payment-processing software applications."
Laval police seize 5,000 fake credit, debit cards - www.montrealgazette.com - 2/3/10 - "Laval police acting on a tip from customs agents arrested a man they suspect was able produce massive quantities of counterfeit credit and debit cards from the comfort of his own basement."
Las Cruces Credit theft sours winery experience - www.lcsun-news.com - 2/3/10 - "It certainly wasn't the wine or the bowtie pasta at St. Clair Winery & Bistro that left a bad taste in Bianca Villani's mouth. It was the call from Visa, informing her that someone in Maryland was trying to put hundreds of dollars of purchases on her card and the cards of two of her other friends - who had also gone to the Dec. 11 dinner."
Report Details Hacks Targeting Google, Others - www.wired.com - 2/3/10 - "It’s been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies."
Making The Best Of Today's Payment Processing Security Options - www.bsminfo.com - 2/2/10 - "There's been a lot of press in the past couple years concerning payment processing. While huge breaches may not have shaken consumer confidence (the use of cards continues to far outpace the use of cash), the financial burden placed on everyone from the card issuers down to the merchant have many clamoring for reform. Currently, there are a number of trends concerning reform, associated security, and card processing in general that could affect point of sale (POS) VARs."
More Arrests Made In ATM Skimming Scheme - www.youtube.com - 2/5/10 - "A third suspect has been arrested on charges of stealing ATM card numbers from unsuspecting customers."
Cybersecurity Enhancement Act passed by US House - www.www.securecomputing.net.au - 2/2/10 - "One week after having nearly 50 of its websites defaced by hackers, the US House of Representatives has passed a bill that would seek to improve cybersecurity within the federal government and the public sector."
Pin pad thefts in Caledon not isolated - www.allistonherald.com - 2/2/10 - "In November 2009 and again in January 2010, a Caledon fast food restaurant contacted the Caledon OPP to report one of its debit machines had been replaced or tampered with."
Five months to detect a breach - www.net-security.org/ - 2/2/10 - "When it comes to cyber attacks and breaches, the hospitality industry has been the most heavily targeted industry in 2009."
ATM Skimming Ring Targeted in MA - www.bankinfosecurity.com - 2/2/10 - "The U.S. Secret Service has broken up an alleged ring of ATM skimmers in Massachusetts, announcing the arrests of three suspects -- including one man who was in possession of nearly $100,000 when he was arrested."
Possible skimmer scheme in Vernon - www.castanet.net - 2/2/10 - "A new wave of debit fraud may be hitting the North Okanagan."
Are chip and PIN credit cards coming to the US? www.bankrate.com - 2/2/10 - " The U.K. is all abuzz about "chip and PIN," but it's not a popular pub snack or a nickname for the newest celebrity power couple. It's the credit card security system rolled out in recent years to stem a wave of credit card crime."
CyberSource Online Fraud Report-11th Annual Online Payment Fraud Trends, Merchant Practices and Benchmarks - www.cybersource.com - 2/2/10 - "Download your copy of CyberSource's Online Fraud Report- New 2010 Edition! Compare your results. Most companies reported improved metrics in 2009, but see the challenge increasing due to “cleaner” fraud. 60% say enhancing automated detection will be their primary focus in 2010. See which tools they plan to use. Read about this and over 25 other fraud management benchmarks, trends, and practices."
VeriFone’s PAYware Mobile Now Available on App Store as Credit Card Encryption Sleeve Begins Shipping - www.businesswire.com - 2/1/10 - "VeriFone Holdings, Inc. (NYSE: PAY) today announced it is shipping its PAYware Mobile secure credit card encryption sleeve for iPhone and that the complementary PAYware Mobile App is now available on the App Store. PAYware Mobile provides small businesses with simple and secure card processing capabilities using the revolutionary iPhone. The app and patent-pending card encryption technology are provided free in conjunction with a low cost PAYware gateway services agreement."
Cybercrime Checks Into The Hotel Industry - www.forbes.com - 2/1/10 - "Over the past year America's hotels have had some uninvited guests: a wave of increasingly sophisticated invasions by organized cybercriminals. That's one finding of a report that cybersecurity researcher Nicholas Percoco plans to present Tuesday at the Black Hat security conference in Arlington, Va. His data shows a spike in hacking incidents that successfully targeted hotels and resorts, what Percoco describes as relatively unprotected sources of thousands or even millions of credit card account details."
Rethinking the Fortifications: Q&A With Heartland CIO Steven Elefant - www.technewsworld.com - 2/1/10 - "It's been a year since a hacker wheedled into Heartland Payment Systems' network and carried out one of the largest criminal credit card data breaches ever. The fallout from that break-in is still clearing, but Heartland's CIO Steven Elefant says the company has instituted changes to way it handles sensitive data, starting with an encryption system that's truly end-to-end, not just point-to-point."

January 2010

Cocoa Beach police find illegal ATM skimmer - www.floridatoday.com - 1/31/10 - "Someone attached a “skimming device” to an ATM at Bank of America on North Atlantic Avenue in Cocoa Beach, and police believe an unknown number of victims may be susceptible to identity theft. A skimmer is an electronic device that criminals attach to the card-reading slot of an ATM. These devices are disguised to look like they are part of the ATM — but unsuspecting victims swipe their cards through them while accessing their accounts."
Two more arrested in alleged ATM scheme - www.boston.com - 1/30/10 - "Two more suspects, including one who was in possession of nearly $100,000 when he was arrested, are facing charges in an alleged scheme to steal ATM card data from unwitting customers in Eastern Massachusetts, authorities said yesterday."
Two more arrested in alleged ATM scheme - www.boston.com - 1/30/10 - "Two more suspects, including one who was in possession of nearly $100,000 when he was arrested, are facing charges in an alleged scheme to steal ATM card data from unwitting customers in Eastern Massachusetts, authorities said yesterday. One of the two, Anton Venkov, 40, of Toronto, was arrested Thursday by the US Secret Service in Boston and charged with using counterfeit bank account access codes and aiding and abetting the plot."
4 Arrested in Skimmer Scam Gwinnet County Skimming Scheme - www.wsbradio.com - 1/29/10 - "Gwinnett County Police have arrested four people, including a juvenile, in a fraud involving debit cards. Police say Cortes Luciano worked at a fast-food restaurant on Pleasant Hill Road and used a skimmer to get customers' credit card information when they paid for their food. One of the at least 26 victims, says they charged 400 bucks with her card. "The only time it's ever out of my hands is when I have to hand it over to pay for something, instead of swiping it myself," says Missy Vogel."
U.S. Secret Service estimates an annual loss of $1 billion specifically from ATM skimming - www.rgj.com - 1/29/10 - "Their debit or credit cards were safely tucked away in wallets, never out of sight. No one else knew their confidential PIN numbers. But somehow, transactions for hundreds of dollars were made using their bank accounts, some at stores they had never visited in cities as far away as Florida and Ohio. Now, Reno residents John Scott and Misty Hinton want to know how this happened. Both had their debit cards cloned and then used at their bank's ATM machines to withdraw $280 multiple times."
Old National also hit by ATM scam - www.wlfi.com - 1/28/10 - "One Old National Bank location was compromised by an automated teller machine (ATM) "skimming device" earlier this month, a spokeswoman confirmed Thursday. A handful of local residents were affected, she said, but the bank has been able to secure the information of any debit cards that may have been compromised."
Restaurant debit machine compromised in BC Canada - www.bclocalnews.com - 1/28/10 - "A restaurant debit machine compromised last fall recorded about $25,000 in fraudulent activity before the breach was noticed. Const. Janelle Shoihet said the tampering was reported to police Jan. 13, after a bank brought the breach to the White Rock business’ attention. Shoihet would not disclose which restaurant was targeted, stating customers at risk are typically contacted through banks and credit card companies."
Researchers slam 3-D Secure as insecure - www.securecomputing.net.au - 1/28/10 - "Verified by Visa and SecureCode 'fatally flawed'. University of Cambridge researchers have launched a withering attack on the 3-D Secure protocol used by Visa and MasterCard to authenticate online customers, branding it "a textbook example of how not to design an authentication protocol"."
New PCI Phone Rules: A Number Spoken Is Just As Risky As One Typed - www.storefrontbacktalk.com - 1/28/10 - "Last week, PCI changed its policy on audio recordings. It now instructs retailers to treat a digital audio capture exactly the same as if it was written. This means that all of those call centers asking for credit card details over the phone must dispose of those recordings, or at least the parts that store the prohibited data, immediately. The PCI community has been debating the audio rules for years, with our first story on it back in August 2007. (No, we won’t say that this is the first sound decision from PCI in years. Plays on words and data security stories rarely mix well.)"
Data Breach Cost Numbers Games - www.storefrontbacktalk.com - 1/28/10 - "Over the last few weeks, one of the most common questions we’re hearing discussed is “Is PCI really worth it?” These are multi-billion-dollar retail chains asking this question. But there’s a lot more behind the question than it might initially seem. In a marked contrast to the same kinds of questions two years ago, the intent is not to ignore security. Indeed, many of the chains considering some a heresy question are already putting in place security procedures that go well beyond current PCI requirements."
Nation's toughest personal info law about to take effect - www.gcn.com - 1/27/10 - "Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law, passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls."
Bob Russo: No major PCI DSS revision expected in 2010 - searchsecurity.techtarget.com - 1/27/10 - "PCI Security Standards Council general manager Bob Russo said the next revision of the Payment Card Industry Data Security Standard (PCI DSS), due in October, will contain clarifications but no major changes to the standard. "There won't be any surprises," Russo said. "We're more likely to see guidance documents." Encryption, virtualization and the use of more secure payment terminals are expected to gain more attention."
Study: Of All Breaches, Those Caused by Hacking Are the Costliest - www.digitaltransactions.net - 1/27/10 - "The cost of data breaches rose slightly last year, but breaches resulting from computer hacking incurred by far the highest losses, according to a new report from privacy and data-security research firm Ponemon Institute LLC. The average cost per compromised customer record rose to $204 in 2009 from $202 in 2008 and $138 as recently as 2005, according to Traverse City, Mich.-based Ponemon’s '2009 Annual Study: Cost of a Data Breach.'"
PNC Bank ATMs Hacked Into, Customers Discover Money Missing - www.thepittsburghchannel.com - 1/27/10 - "A Pittsburgh couple discovered $1,400 missing after their PNC Bank account was hacked into. The woman, who did not want to be identified, told Channel 4 Action News that her husband noticed the money missing from a checking account after a trip to the PNC location in Forest Hills. "I reconcile my bank statements religiously, so I noticed it right away," the woman told Channel 4 Action News' Tara Edwards."
US oil industry hit by cyberattacks: Was China involved? - www.axcessnews.com - 1/26/10 - "At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable "bid data" detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show."
Crime Spree Targets Arizona Drivers - www.kpho.com - 1/26/10 - "It's an old crime with a new target. According to the Arizona Department of Weights and Measures, someone is stealing credit card information from drivers filling up at the pump at various gas stations. Police in Kingman, Bullhead City and Lake Havasu City have reported a rash of skimming scams at various gas stations and they said the crooks could be headed to Phoenix. Investigators said the scam artists are installing small devices, like a flash drive, into the credit card portion of the gas pump that will then record the personal data of drivers when they swipe their cards."
Encryption on the Front Lines of Defense - www.americanbanker.com - 1/26/10 - "An increasing number of companies are concerned that current standards to protect payment card data may be subpar, and have seized on encryption. Some of the biggest names in payments have endorsed encryption, with several vendors offering or testing systems that encode card data as soon as it hits the processing chain. And though there is no standardized approach for delivering encryption capabilities, there is a growing consensus that it is becoming a crucial element of a security strategy."
ATM fraud up in recent weeks - www.rgj.com - 1/26/10 - "Their debit or credit cards were safely tucked away in wallets, never out of sight. No one else knew their confidential PIN numbers. But somehow, transactions for hundreds of dollars were made using their bank accounts, some at stores they had never visited in cities as far away as Florida and Ohio. Now, Reno residents John Scott and Misty Hinton want to know how this happened."
PCI QSAs, certifications to get new scrutiny - searchsecurity.techtarget.com - 1/26/10 - "The Payment Card Industry Security Standards Council (PCI SSC), under pressure from merchants to improve the training of its certified Qualified Security Assessors (QSA), has detailed plans to beef up its PCI QSA certification review process, adding much needed staff and funding to improve oversight of the individuals who conduct PCI Data Security Standard (DSS) compliance assessments."
Different technologies vie to protect payments - www.digitalidnews.com - 1/25/10 - "End-to-end encryption, dynamic cryptograms and EMV are all options being considered to protect payment transaction data in the U.S. The goal is to prevent data breaches, such as the one with Heartland Payment Systems in 2008, and make it easier for merchants and processors to secure the information. It’s estimated that tens of million of payment card numbers were compromised when hackers planted malicious software in Heartland’s system. Processors and merchants are supposed to comply with the Payment Card Industry Data Security Standard, a specification that many say is confusing, onerous and doesn’t do enough to protect payment card information."
Simulated onslaught to bolster security - www.greensheet.com - 1/25/10 - "On Feb. 9 to 11, 2010, payments industry organizations will take part in a cyber attack simulation exercise designed to test the security of payment networks, educate organizations on system vulnerabilities and recommend improvements to better secure those networks. The exercise, dubbed the Cyber Attack against Payment Processes (CAPP), is being organized by the Financial Services Information Sharing and Analysis Center."
Data Breach Report: Malicious Attacks Doubled in 2009 - www.bankinfosecurity.com - 1/25/10 - "Malicious criminal attacks have doubled, and the average cost of a data breach has increased to $204 per compromised record. These are the headlines from the 5th annual "Cost of a Data Breach" study by the Ponemon Institute. The study shows that the total cost of a data breach rose to $204 from $202 per compromised record. Dr. Larry Ponemon, President and CEO of the Ponemon Institute, says the increase is a "big deal" because it shows that data breaches continue to be a costly event for all organizations."
BRUCE RUTHERFORD NAMED NEW PCI SECURITY STANDARDS COUNCIL CHAIRPERSON - www.pcisecuritystandards.org - 1/25/10 - "Today, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council."
Four indicted in courthouse credit card scam - www.seattlepi.com - 1/24/10 - "A federal grand jury has indicted four people accused of paying insiders at a courthouse and a local fast-food joint to steal dozens of victims' debit or credit card numbers, then fraudulently using the information to purchase hundreds of thousand dollars' worth of gift cards. Diamond Alexander, Jr., Crystal Lee, Cassie St. Cyr and Timur Harris all pleaded not guilty to six counts of bank fraud."
Waiter pleads guilty to identity theft, fraud - www.sfgate.com - 1/23/10 - "A former Kansas City man has admitted stealing credit card information from customers while he was a waiter at a Country Club Plaza restaurant. John David Woody of Los Angeles pleaded guilty to identity theft and credit card fraud on Friday in federal court in Kansas City. The 35-year-old admitted that he stole information from 20 customers at the Brio Tuscan Grille in July and August 2008. Prosecutors say Woody used an electronic device to skim the magnetic strip on the back of credit cards to obtain the information. He then used the credit card numbers to purchase goods online, including thousands of dollars worth of DVDs."
STRATEGIC SECURITY TESTING WEBCAST - www.coresecurity.com - 1/22/10 - "In this webcast, noted security and penetration testing expert Dr. Eric Cole will share his insight into how organizations can rapidly improve their resiliency to today’s most advanced malware and hacking techniques via more frequent and proactive assessment. Attackers continue to take advantage of widespread security vulnerabilities located throughout the enterprise IT stack to infiltrate sensitive assets and access protected data, perhaps best evidenced by the recent IE zero day attacks that compromised massive companies including Google."
Joint force operation leads to arrests for debit card fraud in Toronto - www.newswire.uk - 1/22/10 - "The continuing joint force partnership to combat credit debit and credit card frauds between the Ontario Provincial Police (OPP) Organized Crime Enforcement Bureau (OCEB) - Identity Crimes Unit and Durham Regional Police Major Crime - Fraud Unit (DRPS) has resulted in the arrest of seven males and two females for point-of-sale terminal "pin pad" tampering."
Westpac blocks 10,000 skimmed cards in NSW - www.news.com.au - 1/22/10 - "MORE than 10,000 cards have been blocked in just over a week by one of the biggest banks. The move comes as the full impact of EFTPOS skimming emerged earlier this week. Police revealed on Wednesday that $50 million had been stolen from NSW bank accounts by the biggest skimming operation in the state's history. The Daily Telegraph has learned Westpac/St George Bank has blocked between 10,000 and 11,000 debit and credit cards in the past 10 days."
BCA Also Breached from Australia - en.vivanews.com - 1/22/10 - "Indonesia-based Bank Central Asia installs ATMs all over the provinces in Indonesia. The international banking criminals saw this as a chance to crack the system and steal the money. BCA is not only breached from Toronto, Canada, but also Australia."
10 Faces of Fraud in 2010 - www.bankinfosecurity.com - 1/22/10 - "Ghosts of Crimes Past and Present Will Haunt the Future of Banking Institutions and Customers "The more things change, the more things stay the same." This old saying holds true when it comes to the different types of fraud hitting financial institutions. In 2009, institutions were hit from every angle with fraud schemes -- some were old, and some were new variations."
Thousands of shoppers' credit cards may have been 'skimmed' at ASDA - www.thenorthernecho.co.uk - 1/22/10 - "POLICE have warned shoppers to check their bank accounts after a sophisticated credit card skimming device was discovered. The machine was found by an alert shopper at the Asda supermarket in Whinbush Way, Darlington. Police said last night that the skimmer may have been operating for at least two days and they had no idea how many people may have unwittingly given up their credit card details."
Independent QSA Technical Assessment of VeriShield Protect - retailpayments.blogspot.com - 1/21/10 - "VeriFone has contracted with Coalfire Systems, Inc. a leading IT security consulting firm and PCI QSA to conduct an independent technical assessment of VeriShield Protect. The goal of this assessment is to determine if VeriShield Protect meets and follows industry standards, how a proper implementation of VeriShield Protect can improve the security of a retailer’s cardholder environment and the impact VeriShield Protect can have on reducing PCI scope and compliance costs."
Gartner urges users to get off IE6 - www.securecomputing.net.au - 1/21/10 - "Gartner's Neil MacDonald has claimed that in the longer term, there are three key things to learn from Operation Aurora: run more users as standard user, get off IE6 as soon as possible, and use defence-in-depth at the endpoint."
The Secure POS Vendor Alliance Broadens its International Reach with Five New Payment Company Members - www.businesswire.com - 1/21/10 - "The inaugural year of the Secure POS Vendor Alliance (SPVA) wrapped up with the same enthusiasm with which it began – capped off by the membership of five more leading payment and enterprise security companies. Joining the SPVA are Elavon, ID TECH, Independent Purchasing Cooperative, Inc. (IPC), Voltage Security, Inc., and the first Asia-based company, GHL Systems Berhad."
Heartland Breach: State of Payments Security 1 Year Later - www.bankinfosecurity.com - 1/21/10 - "It has now been one year since the Heartland Payments System breach was made public. What lessons have been learned and what more needs to be done to improve the security of the payment industry? We asked four information security experts for their take on Heartland: One year later."
BBB Initiative Arms Small Business Owners With the Tools to Protect Business and Customer Data - www.prnewswire.com - 1/21/10 - "Better Business Bureau and partners Symantec Corporation, Visa Inc., Kroll's Fraud Solutions and NACHA – The Electronic Payments Association today launched a new national education initiative to help small business owners overcome any previous reluctance to taking the necessary steps to protect their sensitive customer and business data, so they won't become the next victim of a data breach."
Javelin Study: End-to-End Encryption, Tokenization, and EMV in the US - www.paymentsnews.com - 1/21/10 - "Javelin has announced a new report titled "End-to-End Encryption, Tokenization, and EMV in the US: Vendor Analysis of Emerging Technologies and Best Hybrid Solutions" that "assesses the capabilities of end-to-end encryption, tokenization, virtual terminals, magnetic-stripe security and the EMV standard as solutions to combat payment-related data breaches.""
Some Banks Try Again For Class-Action Heartland Lawsuit - www.storefrontbacktalk.com - 1/21/10 - "Shortly after Heartland tried to sweep away most of the lawsuits against with a series of recent negotiated settlements, a group of banks is trying to persuade other banks to reject the settlement offer and support a class-action lawsuit against Heartland."
Gangs skim $50m from EFTPOS machines - www.news.com.au - 1/21/10 - "POLICE admit that Australia is in the midst of its biggest ever EFTPOS skimming crime wave. An unprecedented attack by an international criminal gang on retailers' EFTPOS machines has seen $50 million fleeced from hard working Australians. The wave of attacks on EFTPOS machines in NSW was yesterday described by NSW fraud squad head Detective Superintendent Colin Dyson as "the biggest I've seen"."
Addressing Data Breaches: How to Decrease Fraud Losses while Creating Customer Loyalty - www.javelinstrategy.com - 1/20/10 - "Join Javelin Strategy & Research for a complimentary webinar presentation addressing data breaches. With about 11% of consumers receiving breach notifications in the past three years, concern over personal data security and identity fraud is also on the rise."
Heartland Moves to Encrypted Payment System - www.pcworld.com - 1/20/10 - "Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr."
2 arrested in ATM tampering scheme - www.cbc.ca - 1/20/10 - "Winnipeg police have arrested two men in connection to a tampering scheme that targeted automated teller machines in the city. A 29-year-old and a 39-year-old are facing more than 100 counts relating to offences including wearing disguises with intent to commit crimes, forgery, and unlawful use of credit card data."
Central Bank Tells Account Holders Their Funds Are Safe Amid ATM Scam - www.thejakartaglobe.com - 1/20/10 - "Bank Indonesia on Wednesday sought to assure bank customers that their money was safe and that those who have reported an unexplained dwindling of their accounts would have the missing sums reimbursed. More than a dozen customers of three banks in Bali have reported that their accounts had decreased significantly with money withdrawn without their consent, police said. The central bank later announced that six lenders nationwide had reported customers losing funds."
Proposed VISA/Heartland Data Breach Settlement May Pay Banks and Credit Unions Pennies on the Dollar - www.prnewswire.com - 1/20/10 - "Banks and credit unions that issued VISA payment cards compromised by the Heartland Payment Systems data breach, the largest data breach in history, should carefully review the proposed settlement between Heartland and VISA. The proposed settlement has many weaknesses: (1) it may offer little compensation to payment card issuers, (2) it gives banks and credit unions little time to decide whether to participate, (3) it releases Heartland and other parties that may be liable, and (4) it is being touted for reasons that are not entirely accurate."
Thales and Voltage Security Forge Technology Integration and Partnership to Deliver End-to-End Encryption and Key Management to Secure Payments - www.pymnts.com - 1/20/10 - "Thales, leader in information systems and communications security, and Voltage Security, Inc., the global leader in end-to-end data protection, announce a technology integration and partnership centered around delivering End-to-End Encryption and key management solutions for the payments industry and broader enterprise security applications. Through the partnership, the two companies have worked together to integrate Voltage SecureData technology with Thales hardware security modules (HSMs) for customers, Heartland Payment Systems being an example."
Are Tokenization And End-To-End Encryption Substitutes? - www.storefrontbacktalk.com - 1/20/10 - "If your goal is to limit your PCI scope, should you pursue tokenization or end-to-end encryption? Or should you do both? I find it interesting that many large (L1 and L2) merchants are actively pursuing both options, and I’m wondering if that really makes sense from either a PCI or an economic perspective. Maybe tokenization and end-to-end encryption are just two closely related approaches that can, when properly implemented, accomplish the same thing: minimize your total PCI scope."
Two Charged In Debit Card Fraud - www.cjob.com - 1/20/10 - "Police have arrested two Winnipeg men in an ATM fraud case that detectives believe could have resulted in more than a million dollars in theft. Police allege the pair who are brothers-in-law were living lavish lifestyles from money they were skimming off of stolen debit card information. Police say their investigation started last fall. Detectives say there were at least 38 incidents where the suspects would put a devise over a legitimate ATM to steal credit card data and swipe PIN numbers using tiny cameras."
Heartland's Acquiring Banks Sued - www.bankinfosecurity.com - 1/20/10 - "Five financial institutions have filed a class action suit alleging that two acquiring banks, Heartland Bank and Key Bank, should be included as defendants and share responsibility for damages caused by the Heartland Payment Systems data breach. Lone Star National Bank, PBC Credit Union, O Bee Credit Union, Seaboard Federal Credit Union and Pennsylvania State Employees Credit Union filed the class action complaint in the U.S. Southern District Court in Houston, TX on Tuesday."
Getting PCI Compliant—Now What? - CSP Magazine - 1/20/10 - "For the past several years, major data breaches of payment information have made headlines, sending shock waves through many businesses and industries, including the retail petroleum and convenience sectors. No one, from big corporations to the local taco stand, wants to be caught exposing its customers’ data—and encountering the legal and financial burden that a breach could place on a company."
Five Quebecers arrested for $1 million debit and credit card skimming fraud - www.pivotalpayments.com - 1/20/10 - "At least 11 Winnipeg businesses - and potentially more in other provinces - were victims of a debit card fraud scam, for which one man and four youth were just arrested by Winnipeg police. The man, Thomas Wayne Hope, and the four 17-year-olds - all from Quebec - had been stealing debit card PIN pads, inserting skimming devices, and then returning the devices."
Heartland Moves to Encrypted Payment System - www.pcworld.com - 1/20/10 - "Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr. "End-to-end encryption is a good way to mitigate the risk of having the kind of compromise that we and hundreds of other companies have had," Carr said in an interview."
The 2009 PCI DSS and Protecting Cardholder Data Report - www.pcworld.com - 1/20/10 - "Best-in-Class companies spent 45% less than all others to achieve initial PCI compliance. Best-in-Class companies spend 55% less annually than all others to sustain PCI compliance. Best-in-Class companies reduced audit deficiencies related to PCI by 7.5% on a year-over-year basis, compared to Laggards."
Skimmer in Sydney Rd ATMs - moreland-leader.whereilive.com.au - 1/20/10 - "TWO more card skimming devices have been found on ATMs in Sydney Rd. Detective Sen-Constable Mark Perna of Moreland CIU said a man using a Commonwealth Bank ATM in Brunswick felt the card entry slot was a little loose and was able to pull it off. “The skimmer covered the card entrance and had a microchip that reads the magnetic strip as the card enters,” Detective Sen-Constable Perna said."
Couple Wanted In ATM Skimming Scheme - www.fox5vegas.com - 1/19/10 - "A man and woman caught on camera placing a device on an ATM machine were attempting to steal debit card information, police said Tuesday. Photos released to FOX5 show the couple using the ATM twice in the same day. In one photo the man appears to be doing something to the machine while the woman is keeping an eye out for other customers."
Card reader found attached to ATM in Freehold Township - www.app.com - 1/19/10 - "Police are warning residents about a device that was attached to a West Main Street bank's ATM to record account information. An off-duty juvenile corrections officer found the device when he went to the Bank of America at 510 West Main St. around 3 p.m. Saturday, police said. As he tried to use the machine, he began having problems with his card, said Detective Sgt. Jerry Kiwit."
E-Commerce Data Security 2010: Learning From 2009's Debacles - www.technewsworld.com - 1/19/10 - "Tough economic times brought a surge in online shopping. As more people turn to the Web, merchant readiness for handling confidential data is more critical than ever for a successful online presence. Etailers must have their data protection systems in place before flipping the switch, rather than having a major disaster to clean up after a breach occurs. 2009 was the first year since 2005 that the number of data breach incidents recorded actually dropped. If that makes you feel a little more secure -- there is a counter side."
Taiwan man arrested for credit card fraud - enews.mcot.net - 1/18/10 - "A Taiwanese was arrested after attempting to use a stolen credit card to buy a pricey laptop at a Bangkok department store. Li Wen Ming, suspected of being part of a large Malaysian credit card fraud syndicate, attracted the attention of the shop owner, who verified that the legal card holder is Canadian. Police investigators seized other 17 false credit cards, a skimmer used for the theft of credit card information and other fraud tools in Mr Li’s possession."
NSW police target skimming scams - www.bigpondnews.com - 1/18/10 - "Credit card and debit card holders are being targeted in a new 'skimming' fraud scam. Police in New South Wales have formed a Strike Force to investigate the use of skimming devices. The Commonwealth Bank has confirmed financial institutions had been advised of a security issue on Friday."
DarkMarket mastermind pleads guilty - www.securecomputing.net.au - 1/18/10 - "A Sri Lankan man living in London admitted last week to being the mastermind behind the online hacker forum DarkMarket, which has been called one of the most nefarious criminal websites in the world. Renukanth Subramaniam, 33, pleaded guilty in London to conspiracy to defraud, according to a court spokeswoman. Subramaniam, who used the alias "JiLsi", admitted that he set up DarkMarket, a site that fostered cybercriminal collaboration and resulted in tens of millions of dollars of losses, according to a news release issued by the Serious Organised Crime Agency (SOCA) in London."
Information Security Clauses and Certifications - Part 1 - enews.mcot.net - 1/17/10 - "Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches."
Smaller Merchants May Offer Less Credit Card Security - www.creditcardguide.com - 1/16/10 - "According to a recent survey, credit card security may not be as alive and well as most consumers assume. The study surveyed 560 U.S. and multinational organizations for the degree to which they complied with the Payment Card Industry’s Data Security Standard (PCI DSS). The survey was conducted by the Ponemon Institute, a company specializing in research into privacy and information security policy."
Secure Remote Payment Council Announces Formation - www.paymentsnews.com - 1/15/10 - "The Secure Remote Payment Council, (SRPc) held its formation meeting and inaugural Board of Directors meeting in Dallas in December to install its Board, elect officers and set its 2010 agenda. The SRPc says it is "dedicated to the growth, development and market adoption of secure eCommerce and mobile payment methods"."
Debit-card 'skimming' scams - www.consumerreports.org - 1/15/10 - "Whether by choice or necessity, American consumers are increasingly relying on debit rather than credit cards. Debit-card spending has risen steadily, growing from 47.7 percent of purchases made with plastic in 2003 to 58.9 percent in 2008."
Winnipeg police bust fraud ring that stole PIN pads - www.vancouverite.com - 1/15/10 - "Police are asking merchants using debit card PIN pads to check units in their stores after cops busted a fraud ring that stole approximately $1 million. The group stole and replaced PIN pads after rigging them electronically so they could steal credit and debit card information of clients. It is not clear how many Winnipeg residents had their pin numbers stolen."
PCI DSS Expert Panel - Common Questions Answered - Trustwave and ETA - 1/14/10 - "The Electronic Transactions Association and Trustwave invite you to attend a complimentary interactive webinar titled, PCI DSS Expert Panel - Common Questions Answered. During this webinar, compliance and security experts from Trustwave will talk about the challenges faced by merchants when becoming PCI DSS compliant. This webinar is appropriate for most businesses but is primarily focused on helping those businesses with questions about validating PCI DSS compliance."
$900 withdrawn as debit card fraudsters hit again - www2.canada.com - 1/13/10 - "Editor: I wanted to make Optimist readers aware that debit card skimming has struck once again in Tsawwassen. I was a victim on Jan. 5 when thieves withdrew $900 (two separate transactions of $500 and $400) from my account using a TD Green Machine ATM. I noticed that morning and immediately contacted TD Easyline."
ATM skimmer discovered at Clayton Bank of America - www.ksdk.com - 1/13/10 - "It's becoming one of the most dangerous tools in America: ATM skimmers. Such a device can wirelessly and illegally transmit financial information from an ATM to a thief. A skimmer was found last month at a Clayton branch of Bank of America. It's believed that the skimmer was removed before any bank accounts were looted. Authorities say it's a very common scam across the country, but this is the first time a 'skimmer' has been reported in the St. Louis-area."
Card Industry Has a Compelling Case for Data Encryption, Report Says - www.digitaltransactions.net - 1/13/10 - "End-to-end encryption of cardholder account data during the transaction process is an imperfect solution to payment card fraud, but it’s the most practical out there now for the U.S., a new report about fraud management from Aite Group LLC concludes. The report estimates that fraud cost the U.S. card industry $8.6 billion in 2008. The fraud rate, however, 0.4% of $2.1 trillion in charge volume in 2008, has been stable for several years, according to report author Nick Holland."
Annual Security Trends Web Seminar - www.sonicwall.com - 1/12/10 - "2009 was a year of major shifts in network and computer security. Demands such as Social Networking, Virtualization, Consolidation, Downsizing and Outsourcing drove the agenda for nearly every organization. So what's in store for 2010?"
Alert Debit Card Fraud related to Arco 1950 S. Delaware - hancsm.wordpress.com - 1/11/10 - "SMPD received 80 reported cases of ATM/Debit card skimmer fraud during the month of December. SMPD Detectives were able to determine that the Suspects surreptitiously broke into a gas pump paying machine, and attached “a skimmer device” to the back of the key pad at the ARCO Gas Station located at 1950 South Delaware Street. The skimmer was connected to a wireless recording device which captures the ATM card number and the PIN number."
Prosecutor: drug ring shipped marijuana by FedEx - www.seattlepi.com - 1/11/10 - "A 31-year-old Seattle man described by federal prosecutors as the leader of a crime ring involved in both drug trafficking and bank fraud has been sentenced to 8 1/2 years in prison. Mario Earl was sentenced Monday for conspiracy to distribute marijuana and bank fraud. The U.S. attorney's office says the ring was distributing large amounts of marijuana in the Chicago area."
ATM Skimming Incidents Increase - www.bankinfosecurity.com - 1/11/10 - "In Raleigh, NC, 300 members of State Employees Credit Union had money skimmed from their accounts. The skimmer may have been placed at a gas station, say police. SECU is second largest credit union in the U.S., with $18.4 billion in assets. "This type of thing happens all the time, unfortunately," says Leanne Phelps, senior vice president of SECU's card and record services department."
Security upgrade on way at pump - www.bankinfosecurity.com - 1/10/10 - "A looming requirement to upgrade encryption security at the gasoline pump could put many convenience store operators in a tough spot financially, said Chris Newton, president of the Texas Petroleum Marketers and Convenience Store Association. By July, payment network Visa wants debit card payments requiring a PIN code to be made at terminals equipped with the Triple Data Encryption Standard, a tighter security method than what’s in use at some gasoline retailers."
Heartland in $60 mln settlement agreement with Visa - www.reuters.com - 1/7/10 - "Heartland Payment Systems Inc (HPY.N) said it reached a $60 million settlement agreement with Visa Inc (V.N), under which it will pay issuers of Visa-branded credit and debit cards for data security breach claims. Heartland, the fifth-largest payments processor in the United States, said the settlement was with respect to losses issuers may have incurred from a criminal breach of its payment systems in 2008."
Cyber Attack Exercise Planned - www.bankinfosecurity.com - 1/7/10 - "How prepared is the financial services industry in the event of a cyber attack? The Financial Services Information Sharing and Analysis Center (FS-ISAC), a national industry forum, will conduct Cyber Attack Against Payment Processes (CAPP), an exercise to measure the ability of financial institutions, payment processors, businesses and retailers to respond and recover from major cyber incidents."
Calls made to catch credit card skimmers - www.gympietimes.com - 1/7/10 - "THE Commonwealth Bank has confirmed that a skimming device was placed on the Commonwealth Bank Automatic Teller Machine (ATM) at Centro Gympie Shopping Centre. Commonwealth Bank media manager Steve Patten told The Gympie Times that the device was discovered and removed on December 9, but no customers’ details had been compromised."
Heartland Breach Shows Why Compliance Is Not Enough - www.pcworld.com - 1/6/10 - "Nearly a year after Heartland Payment Systems disclosed what turned out to be the biggest breach involving payment card data, the company remains a potent example of how compliance with industry standards is no guarantee of security. Princeton, N.J.-based Heartland last Jan. 20 disclosed that intruders had broken into its systems and stolen data on what was later revealed to be a staggering 130 million credit and debit cards."
A Look at PCI in 2010 - www.storefrontbacktalk.com - 1/6/10 - "What are the PCI stories we are likely to see in the coming year? We know there is a new/revised version of PCI due to become effective in October, but what are the likely changes? And let’s not forget the card brands themselves or the technology vendors who constantly promise to make merchants’ lives easier (if maybe a little more expensive). With a new year in front of us (and caution behind), here are some forecasts and speculation for the coming year in PCI."
Calls made to catch credit card skimmers - www.which4u.com - 1/6/10 - "People are being urged to get in touch with police if they have any information about a number of credit fraudsters currently in operation. Detectives from the Wollongong Local Area Command reveal that since October they have received more than 100 complaints from consumers that money has been stolen from their bank accounts."
Javelin Complimentary Webinar: 10 Trends for 2010 - www.javelinstrategy.com - 1/5/10 - "Facing limited budgets, increased regulation and higher fraud incidence, banks must prioritize scarce investment funds to seize key opportunities in the mobile channel, social media, P2P, reworked offerings for consumers and merchants, data breaches and PCI compliance, and even new solutions for ATMs, PIN and real-time systems. Capturing consumer trust is more important than ever as consumers say their trust in financial institutions has worsened over the past twelve months by a ratio of nine-to-one, according to a nationally-representative November, 2009 online survey of 3,294 individuals. "
PHOTOS: Man accused of using skimming device on North Naples bank ATM - www.naplesnews.com - 1/5/10 - "Collier County deputies believe the same man, who was suspected of placing a skimming device on an ATM at a North Naples bank, has struck again. This time a skimmer was placed at the SunTrust Bank located at 801 Laurel Oak Drive, North Naples, on Nov. 27 and again on Dec. 12. In the first incident, deputies say a skimmer was placed on an ATM at the SunTrust Bank, 2420 Vanderbilt Beach Road, on Nov. 14. Several customers subsequently reported the fraudulent use of their debit card numbers on the east coast of Florida."
Skimming Scams – Identity Theft Gets Sophisticated - www.13wham.com - 1/4/10 - "Identity thieves have been using more sophisticated devices, but now, a new state law targets thieves who use skimming devices, which are small and hard to spot. In an example caught on camera, one woman gets her already-skimmed card back, suspecting nothing. But a decoder, connected to a computer, has already sent her account information to thieves in another state. "Once they use it they'll discard it,” said security officer Jason Ingalls."
Data breaches affect million state residents - www.boston.com - 1/3/10 - "One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years, according to records provided to the Globe by state officials.Many thousands of the leaks were first reported between June and November - including confidential data on customers of Blue Cross Blue Shield of Massachusetts, Eastern Bank, JPMorgan Chase Bank, and other major institutions, documents released by state regulators revealed."
Target Admits It Was Breached - www.storefrontbacktalk.com - 1/2/10 - "Years after it was breached by a member of Albert Gonzalez’s cyberthief gang, some 17 months after it’s name was quietly kept out of an indictment where it was referenced and five months after StorefrontBacktalk published its involvement, Target has confirmed that it was the victim of a data breach. “Target was one of the companies affected by an intrusion that occurred two years ago. However, the exposure—both in time and number of accounts—was extremely limited,” said Target spokesperson Amy Reilly."
Five security themes to watch in 2010 - www.techtarget.com - 1/1/10 - "The first decade of this millennium closed out with a lot of economic uncertainties. Tightening IT budgets at many enterprises forced some security firms to struggle; others closed their doors. The year was also marred with the largest data breach in history and embarrassing attacks on social networks. Rather than releasing major security innovations, experts used 2009 to talk about cloud computing insecurities and the need to focus on security basics. In 2010, there could be less hyperbole and more action."
Skimming Ring Suspects Sought for I.D. Theft - www.mountainenterprise.com - 1/1/10 - "Several residents of the Mountain Communities reported identity theft incidents early in 2009 after purchasing gasoline in Lebec. Photographs of those who have been seen allegedly placing credit card “skimming” devices in self service gas station card readers from Los Angeles through Bakersfield were released by Bakersfield Police Department (BPD) Tuesday, Dec. 29. Investigators for BPD have identified two of the suspects using stolen credit card information through recently reported skimming device operation at local gas stations."
Skimming Ring Suspects Sought for I.D. Theft - www.risnews.com - 1/10 - "Senior retailer managers who have relegated PCI compliance responsibilities to lower levels of the organization may be missing a critical opportunity to protect and even grow the business."
TNS, Semtek and VeriFone Partnership Provides Managed End-to-End Encryption for Merchants and Acquirers - www.tnsi.com - Winter 2010 - "TNS has joined forces with Semtek and VeriFone to provide managed decryption and communication services as part of a comprehensive end-to-end card processing encryption solution for the payments industry."

December 2009

New ATM skimming alert - www.whereilive.com - 12/31/09 - "OFFICERS from the State Crime Operations Command, Fraud and Corporate Crimes Group are investigating the location of a skimming device on an Automatic Teller Machine (ATM) at Clayfield on December 27. Police were notified of the device found on Sandgate Road around 5pm when a customer noticed a round watch type battery and printer circuit board with wiring below the clear plastic card entry slot."
ATM checks urged as skimmer found in Clayfield - www.news.com.au - 12/31/09 - "CARD-skimming crimes have exploded in Queensland and are set to become even more rampant because of "redundant technology" used by banks. Police have issued the warning following the discovery of another card-skimming device at Clayfield in Brisbane's north on Sunday."
Security breach reported by Internet trading site collective2.com - www.investmentnews.com - 12/30/09 - "Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company's computer database had been breached by a hacker and that all users should log in to change their passwords immediately. That e-mail, from Collective2 LLC founder Matthew Klein, stated that the information accessed by the hacker included names, e-mail addresses, passwords and credit card information."
Informant tells of role in FBI probes - www.ocregister.com - 12/30/09 - "Since he was a teen, Craig Monteilh has pretended to be someone he wasn't – Russian, Muslim, a white supremacist. It was a skill he learned early, says Monteilh, a 47-year-old Irvine man who, according to court records, provided information to the FBI. He learned to gain people's trust – even while pretending to be someone else. It's a skill that FBI agents and police officers helped him hone, he says. It's a skill that he sharpened in his role as an informant in several investigations."
Raleigh Bank Thinks Thieves Skimming Customers at Fuel Pumps - www.mync.com - 12/30/09 - "Police are investigating widespread credit and debit card fraud after hundreds of customers reported fraudulent transactions. State Employees Credit Union said around 300 of its customers had been impacted, and it was unclear Tuesday if other banks had also been impacted."
Card-skimming device found in ATM - www.smh.com.au - 12/30/09 - "Queensland police have warned people to check all ATMs before using them after a card-skimming device was found on a machine fitted with an anti-skimming mechanism in Brisbane. Officers were notified of the device on Sandgate Road, Clayfield, on December 27, which consisted of a round, watch-type battery and printer circuit board with wiring below the clear plastic card entry slot."
Source of stolen credit information was a restaurant - www.adn.com - 12/30/09 - "The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday. Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago."
Source of stolen credit card information was a restaurant - www.adn.com - 12/29/09 - "The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday. Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago."
Albert Gonzalez Pleads Guilty in Heartland, 7-11 Breaches — Updated - www.wired.com - 12/29/09 - "Florida computer hacker Albert Gonzalez pleaded guilty to conspiracy charges Tuesday for intrusions into Heartland Payment Systems, Hannaford Brothers supermarket chain, 7-Eleven and two unidentified companies — marking his third and final guilty plea in what prosecutors have called the largest identity theft scheme in U.S. history. Appearing in federal court in Boston, Gonzalez, a former Secret Service informant, pleaded guilty to two counts of conspiracy to gain unauthorized access to computers, and to commit wire fraud."
Citi Expands Denial of Summer Breach - www.paymentssource.com - 12/29/09 - "Citigroup Inc. elaborated on its denial that its systems had been breached last summer, suggesting that, if a breach occurred, it would have happened at a third party. "As with virtually all financial institutions, there are instances of fraud or breaches of third-party systems that result in our taking actions to protect our customers and Citi … , [but] there has been no breach of Citi's systems," the New York company said in a press release last week."
Source of stolen credit information was a restaurant - www.turnto23.com - 12/29/09 - "Bakersfield Police Investigators have identified two of the men who they said are responsible for using stolen credit card information through the recently reported skimming device operation at local gas stations. During the month of December, detectives from the Bakersfield Police Department said they discovered credit card information was likely being compromised at local convenience store gas station pumps."
ATM skimmers charged - www.sunshinecoastdaily.com.au - 12/27/09 - "TWO Romanian men have been charged over a series of “skimming” offences on ATMs across south-east Queensland. The pair appeared in Caboolture Court yesterday after being arrested during Operation Hotel Sweeper. They were refused bail and will reappear in court on January 13."
RPD arrested four for “ATM skimming” in 2009 - www.raleighpublicrecord.com - 12/25/09 - "A form of bank fraud that can victimize hundreds within hours is growing in sophistication and increasingly targeting the Raleigh area. The Raleigh Police Department arrested four suspects in 2009 as a result of multiple investigations into cases of “skimming,” where thieves use electronic devices to steal financial information. Although the arrests stem from only three cases in 2008 and 2009, the crimes can impact a large number of people."
Credit card theft device embedded in local gas pumps, Bakersfield police say - www.bakersfield.com - 12/24/09 - "During the month of December 2009, Bakersfield Police Department detectives discovered credit card information was likely being compromised at local convenience store gas station pumps. The information obtained was later used, by the offenders, to conduct purchases at Target and Wal-Mart stores located in other California cities."
Local Alaska retailer hacked, credit card info stolen - www.adn.com - 12/24/09 - "At least 150 Anchorage residents, possibly hundreds more, had their debit and credit card information stolen when a local retailer's computer records were apparently targeted by hackers, according to Anchorage police. Police estimate the number of local victims could range as high as 1,000 or more in what looks to be an organized nationwide scheme to steal account information and use it to buy goods to be sold for cash."
Cybersecurity czar's first task: reboot policy - www.minnpost.com - 12/23/09 - "Newly named cybersecurity "czar” Howard Schmidt, a former executive at eBay and Microsoft, faces the task of reengineering US policy to combat a growing, yet often neglected, threat to the country’s economy and digital infrastructure."
Rocklin Police Investigate ATM Scam - www.kcra.com - 12/23/09 - "Rocklin police are investigating an identity theft scheme that left at least two dozen people out thousands of dollars. Police said thieves installed credit card skimming devices on two pumps at the AMPM on Sunset Boulevard in Rocklin. The devices allowed the thieves to copy and use handfuls of people's credit cards. "It was a computer ribbon type device with a transmitter that was no bigger than a cigarette box," said Lt. Lon Milka."
Six Months Later, MasterCard Softens a Controversial PCI Rule - www.digitaltransactions.net - 12/23/09 - "MasterCard Inc. is changing a controversial policy, and pushing back a deadline, that it announced only six months ago regarding enforcement of the Payment Card Industry data-security standard. With the changes, which involve assessing computer systems for PCI compliance, MasterCard could be viewed as responding to valid complaints after first disclosing the planned changes, or it could be viewed has having done a flip-flop. Or both at the same time."
NYPD Daily Blotter - www.nypost.com - 12/23/09 - "Cops are looking for two high-tech thieves who hacked into at least four people's bank accounts after installing a "skimmer" at an East Village ATM. The bandits on Dec. 9 placed the device -- which grabs electronic info off bank cards -- over the card-reader slot at a Bank of America cash machine on Lafayette Street, police said. The thieves used the info to clone bank cards and withdraw customers' cash."
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift - www.infolawgroup.com - 12/23/09 - "While the proverbial jury is still out concerning retailers’ sales success this 2009 holiday season, Massachusetts’s highest court (the Supreme Judicial Court or “Supreme Court” as referenced herein) delivered retailers a significant holiday gift in the form of an opinion slamming the door on some financial institutions seeking to recover reissuance costs arising out a retailer’s payment card data breach."
Skimmer at Commonwealth Bank ATM in Perth mall sparks fraud fears - www.perthnow.com.au - 12/23/09 - "A SOPHISTICATED skimming device has been attached to a Commonwealth Bank ATM in the Perth CBD. It was incorporated into a facia fitted to the machine in the Murray Street mall. The skimmer was found yesterday afternoon - as the city swelled with Christmas shoppers - after a report from a member of the public."
Cash machine 'skimmer' alert - www.sunderlandecho.com - 12/23/09 - "An eagle-eyed shopper spotted the device, which copies customers' bank card details, and alerted security guards at the store. A spy-camera, which snaps people as they enter their secret pin code, was also found as police investigated the cash machine. Police say scammers attached the bank card skimmer and camera shortly after 9am on Friday, December 11. But it was quickly spotted and reported to police the same morning."
McDonald's card skim 'netted $5 million' - www.sbs.com.au - 12/23/09 - "Two men are being sent from Sydney to Perth to face charges in connection to stealing up to $5 million from about 4,000 customers at fast food outlets in what police say is Australia's biggest-ever single card skimming operation."
FBI Probes Hack at Citibank - www.wsj.com - 12/22/09 - "The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials. The attack took aim at Citigroup's Citibank subsidiary, which includes its North American retail bank and other businesses. It couldn't be learned whether the thieves gained access to Citibank's systems directly or through third parties."
Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack - www.wired.com - 12/22/09 - "The two great friends talked every day and shared information about all of their exploits — sexual, narcotic and hacking — according to prosecutors. Now another thing they’ll have to share information about is their experience in federal prison."
Settlements Still Leave Many Post-Breach Legal Woes for Heartland - www.digitaltransactions.net - 12/22/09 - "With two settlements announced in less than a week, merchant acquirer Heartland Payment Systems Inc. is putting some of the legal repercussions of its huge data breach behind it as 2009 draws to a close. But most of the legal troubles Heartland faces in the wake of the breach it announced last January still await resolution."
Fuel Dispenser Skimming in Alaska - www.bankinfosecurity.com - 12/22/09 - "Howard Schmidt, the information security expert who President Obama tapped Tuesday as his cybersecurity coordinator and who served as a senior cybersecurity adviser in the Bush administration, is characterized as a no-nonsense leader who will take no guff from senior White House advisers in advancing the administration's cybersecurity initiatives."
7-Eleven Hack From Russia Led to ATM Looting in New York - www.wired.com - 12/21/09 - "Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days. After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards."
UPDATE 1-Heartland to settle class actions over cyber breach - www.reuters.com - 12/21/09 - "Credit card processor Heartland Payment Systems Inc (HPY.N) said it would settle consumer cardholder class actions tied to claims arising from breach of its system by cyber thieves, and pay up to $2.4 million to class members submitting valid claims."
Major PCI Change: A Call To VAR Action - www.vertmarkets.com - 12/21/09 - "About one month prior to this issue, a group of restaurants filed a lawsuit against a POS software manufacturer for what the restaurants are saying is a lack of compliance with the Payment Card Industry Data Security Standard (PCI DSS). They say the lack of compliance allowed Romanian hackers to breach their POS systems. It remains to be seen whether the suit has merit, but it really doesn’t matter."
UK retail Wi-Fi security still patchy - www.theregister.co.uk - 12/21/09 - "Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist. The cybercrooks, who lifted more than 21 million credit card records, leapfrogged onto the retailer's credit card database after first breaking into the wireless network of a regional store, a subsequent investigation ahead of upcoming US trials revealed."
Fuel Dispenser Skimming in Alaska - www.alaskadispatch.com - 12/18/09 - "In news that hit a little closer to home, one Dispatch staffer had her debit card number stolen this week. Her theory? It was lifted by some kind of skimming device at the Carrs Huffman gas station. When she called to report the crime, police told her it's happened to over 100 people in the last week. Called for comment, an APD spokeswoman would only say many Huffman area residents have had their cards compromised, and it's under investigation."
Attack Of the RAM Scrapers - www.darkreading.com - 12/18/09 - "The inclusion of RAM scrapers in a recent Verizon Business list of the top data breach attack vectors prompted a bit of buzz about what exactly RAM scraping is and how much of a threat it poses. A RAM scraper as identified in the Verizon Business Data Breach Investigation report is a piece of customized malware created to grab credit card, PIN, and other confidential information out of a system's volatile memory."
Radiant Systems Calls for Industry to Unite Against Data Thieves - www.yahoo.com - 12/18/09 - "Radiant Systems, Inc. (Nasdaq: RADS - News) today issued a new challenge to the industry to come together to dramatically improve data security in the transaction-processing industry. “Our vision is to encourage all involved in transaction processing to move from a mindset of independent compliance to one of collaborative security that will greatly reduce the risk of data theft,” said John Heyman, chief executive officer at Radiant Systems."
Credit card skimmer found on Vancouver gas pump - www.tri-cityherald.com - 12/18/09 - "Police have recovered an illegal credit card skimming device from a convenience store gas pump in Vancouver. They are warning customers to be aware their credit or debit card information may have been stolen by identity thieves. The device was found Monday by an employee servicing the pump."
Smart Card Alliance Webinar: Top 10 Reasons U.S. Should Consider EMV - www.smartcardalliance.org - 12/18/09 - "EMV/chip technology will be the topic of a January 2010 webinar from the Smart Card Alliance, featuring speakers from Aite Group, Bank of Nova Scotia, KeyPoint Consulting and Visa on the reasons behind the global migration to this technology, and the possibilities for U.S. adoption."
People report credit card information stolen after using Paso Robles gas station - www.sanluisobispo.com - 12/18/09 - "The Paso Robles Police Department has taken 16 reports from people saying their credit or debit card information was stolen after they pumped gas. Police believe a "skimmer" - an illegal credit card reading device - was installed at the ARCO station on Ramada Drive for about two weeks from late November to early December, Officer Ty Lewis said. However, it was removed before police became aware of it, he added. Since the crimes usually aren't reported until a victim receives their bank statement, Lewis said, the criminals have time to remove the devices before they are discovered."
Heartland Pays Amex $3.6 Million Over 2008 Data Breach - www.pcworld.com - 12/17/09 - "Heartland Payment Systems will pay American Express US$3.6 million to settle charges relating to the 2008 hacking of its payment system network. This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year."
Study: Best-in-class merchants spend less for payment processing compliance but are more secure - www.pivotalpayments.com - 12/17/09 - "PCI compliance can be an intimidating thing for businesses with merchant accounts, especially smaller businesses that feel they cannot spend the money required to adequately protect their payment processing infrastructure."
Credit unions adding fee to debit card use because of skimming costs - www2.tbo.com - 12/17/09 - "If you belong to a credit union, some unexpected fees may be coming your way. At least three Bay Area credit unions are charging members for using their PIN number at stores and gas stations. This week, Bay Gulf Credit Union began assessing members 50 cents each time they punch in their PIN for a purchase. In November, GTE Federal Credit Union started charging 25 cents per transaction. The Railroad and Industrial Federal Credit Union also charges $1 every time you use your PIN. The fees are taking some members by surprise."
MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline - www.storefrontbacktalk.com - 12/16/09 - "MasterCard has quietly backed off from a much-complained-about plan to require Level 2 merchants to—for the first time—have an onsite QSA assessment completed by the end of 2010. Having a New Year’s Eve deadline—on the heels of the all-encompassing holiday season—was a recipe for tons of missed deadlines. The first MasterCard change made this month was pushing the Dec. 31, 2010, deadline back six months, to June 30, 2011. But MasterCard has also made two other key PCI changes."
Police find skimmers, but damage already done - www.kingmandailyminer.com - 12/16/09 - "Those who paid at the pump while filling their tank at two gas stations along Beale Street in the last four months are being advised to check their credit card statements. Citigroup and Discover credit services have identified dozens of accounts that were compromised through the use of a skimming device at the pump at the Exxon station at 999 W. Beale Street and the Chevron station across the street. Police believe the skimming devices were installed in July, but the crooks didn't actually begin accessing the accounts until September."
Fraudsters target festive shoppers - www.finda.com.au - 12/16/09 - "AFTER a recent increase in card skimmers located on automatic teller machines (ATM), police are encouraging the public to remain vigilant this festive season. Detectives from the State Crime Operations Command Fraud and Corporate Crime Group are working with regional police regarding a group of offenders who are targeting well-frequented ATMs across the south-east. Skimmers have been located fitted to ATMs in Tugan, Capalaba, Brisbane and on the Sunshine Coast during the past month."
When It Comes To PCI Compliance, Franchisors Are Screwed - www.storefrontbacktalk.com - 12/16/09 - "When it comes to franchise-based retailers, PCI Compliance is broken, plain and simple. It simply does not address the complexities of the franchisee/franchisor business model and, in the end, leaves the franchisor holding the bag. Because each franchisee is a separate merchant, most large franchise organizations are only required to meet PCI Level 4 requirements. Chains are forced to make tough decisions about how much risk they are willing to accept and what they are willing (or not willing) to do to protect their brand integrity."
ID thieves allegedly used fake credit cards at casinos - www.buffalonews.com - 12/15/09 - "Seven members of an alleged identity theft gang were arraigned Monday afternoon in federal court. Federal prosecutors accuse them of obtaining information from victims’ credit and bank cards, and using that information to make fake credit cards. They then used the bogus credit cards to withdraw $198,700 from Seneca Nation casinos in Niagara Falls and Salamanca, Assistant U. S. Attorney Aaron J. Mango said. Secret Service agents and state police are continuing to investigate."
Three Montreal men charged in Lower Mainland card skimming operation - www.news1130.com - 12/15/09 - "Three Montreal men have been arrested and charged after RCMP broke up a credit card and debit card skimming operation across the Lower Mainland. Searches of a rental car and two hotel rooms uncovered pin pads, counterfeit credit cards, modified gift cards, two “Personal Digital Assistant” (PDA) devices, two laptops, electronic tools, printed circuit boards, credit card readers, supplies for modifying pin pads and cash. RCMP say the three men were the "techie guys" in the operation, and their high-tech equipment is capable of storing the information of up to 5,000 cards."
BJ's, Bank Not Liable for Credit Card Fraud - www.courthousenews.com - 12/15/09 - "Credit unions and their insurer can't collect damages after thieves racked up millions of dollars in fraudulent purchases using credit-card information stolen from BJ's Wholesale Club, the Massachusetts Supreme Court ruled. Thieves gained access to the credit-card accounts of 9.2 million BJ's customers and used the information to make unauthorized purchases. Cumis Insurance Society and the credit unions who issued the cards sued BJ's Wholesale Club for breach of a third-party contract, based on BJ's agreement with Fifth Third Bank not to store customers' magnetic-stripe data."
Document Reveals TJX Hacker’s Assistance to Prosecutors - www.wired.com - 12/15/09 - "Admitted TJX hacker Albert Gonzalez has identified two Russian accomplices who helped him hack into numerous companies and steal more than 130 million credit and debit card numbers. Gonzalez told prosecutors that the hackers breached at least four card processing companies, as well as a series of foreign banks, a brokerage house and several retail store chains, according to a sentencing memo filed by his lawyer on Tuesday that was incorrectly redacted."
Gartner in two-factor authentication warning - www.securecomputing.net.au - 12/15/09 - "Organisations must employ a multi-layered approach to fraud prevention if they are to thwart increasingly persistent hacking attacks that can now circumvent two-factor authentication devices, according to analyst firm Gartner. In a new report released today, Where Strong Authentication Fails, Gartner recommends that organisations firstly monitor user access behaviour, by analysing all of a user's web traffic and spotting any automated programs."
PIN entry devices: Plan now for July 2010 - www.greensheet.com - 12/14/09 - "If you are an acquirer, ISO or merchant level salesperson, you are not alone if you do not fully understand the PIN entry device (PED) security initiative, now managed under the PCI Security Standards Council's (PCI SSC) PIN Transaction Security program. Typically, it's not that merchants and those serving them don't want to comply; it's that they don't know where to start. PED requirements are made all the more intimidating by the multitude of terms and acronyms used. "
10 Faces of Fraud for 2010 - www.bankinfosecurity.com - 12/14/09 - "'The more things change, the more things stay the same.' This old saying holds true when it comes to the different types of fraud hitting financial institutions. In 2009, institutions were hit from every angle with fraud schemes -- some were old, and some were new variations. Here is a roundup of the 10 predominant types of fraud that institutions and their customers can expect to see in 2010, according to industry experts."
Businesses still plagued by data breaches - www.masshightech.com - 12/11/09 - "As businesses face a March deadline under an oft-delayed state law to protect customer and employee personal information, data breaches affecting Massachusetts residents remain strikingly frequent. More than 1 million Massachusetts residents were hit by 807 data breach instances from Nov. 1, 2007, to Oct. 31 of this year, according to a report by the Massachusetts Office of Consumer Affairs and Business Regulation, which monitors and enforces state data breach regulations. In the six weeks since, 59 additional breaches have been reported to the state."
Fraudsters hack credit card holders - www.14wfie.com - 12/11/09 - "The Evansville Police Department say they have been taking complaints about credit card numbers being stolen and used in different states. Police say victims have been coming all week long. The one common factor in all these cases is that the victims belong to Integra Bank. Victims say they were notified by Integra; however, one woman says she doesn't believe that's where the breach occurred."
Amazon.com Had Malicious Botnet Hiding in (EC2) Cloud - www.saasdir.com - 12/11/09 - "The security breach that all anti cloud campaigners had been waiting for has finally happened. A unnamed website which is hosted on Amazon’s (AMZN) Elastic Compute Cloud Servers (EC2) suffered an attack from one of the most notorious botnet’s, Zeus. The Zeus Trojan is America’s most malicious botnet as it has the ability to steal data by key logging exactly what the user is typing. This means that details such as login credentials, account numbers and credit card information can be obtained and then used by the hackers."
National data breach notification bill passed in U.S. House - www.scmagazineus.com - 12/10/09 - "A national data breach notification bill was passed in the U.S. House of Representatives on Tuesday. The Data Accountability and Trust Act would require any organization that experiences a breach of electronic data containing personal information to notify all U.S. individuals whose information is breached. The law requires that the Federal Trade Commission to also be notified. In addition, organizations would be required to designate an information security officer and establish a data security policy."
Scammers scrape RAM for bank card data - www.securityfocus.com - 12/10/09 - "Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say. "Typically, these are specialized malware used in more targeted attack. Often times, they are customized to to work with specific vendors' point-of-sale systems, so they understand how the data is formatted and stored"."
Report finds most data breaches are 'utterly preventable' - www.securecomputing.net.au - 12/10/09 - "Most security breaches are caused by malware, an SQL injection attack or the exposure of remote access credentials such as a VPN password, according to a report by Verizon Business. Verizon's 2009 Supplemental Data Breach Investigations Report, released today, said that malware such as keyloggers and spyware were responsible for the majority of data breaches. Mark Goudie, managing principal at Verizon Business, told iTnews that the biggest surprise was that SQL injection attacks - which he described as "utterly preventable" - were still responsible for causing so much damage."
Heartland Lawsuit Dismissed, “Insufficient Evidence” Of Weak Security - www.storefrontbacktalk.com - 12/10/09 - "A federal judge dismissed a data breach-related lawsuit against Heartland Payment Systems on Monday (Dec. 7), saying that the plaintiffs hadn’t proved any of their allegations that Heartland knew it had inadequate security and lied about it to shareholders. The judge’s detailed ruling sheds light on the environment data breach retail victims are likely to face in court and could provide some guidance on how they should act when discussing those breaches."
Latest Statistics on Payments Fraud in Australia - www.paymentsnews.com - 12/09/09 - "The Australian Payments Clearing Association (APCA), the payments industry self- regulatory body, has released the latest fraud statistics for cheques, debit cards and credit and charge cards for the 12 months ending 30 June 2009. During the period Australia’s total rate of fraud (cheque and payment cards) has risen by 2 cents for every $1,000 of payments from 7 cents to 9 cents in every $1,000. While the total card fraud rate (debit card, credit card and charge card) increased by 1 cent in every $1,000 to 33 cents (up from 32 cents), it remains low by global standards."
Protecting Encryption Keys Takes Spotlight in Enterprise Data Security - www.your-story.org - 12/09/09 - "Mastering encryption key management is one of the next big obstacles in data protection for chief information security officers to overcome, according to Gary Palgon, nuBridges’ vice president of Product Management and an industry expert on data security. After a spate of embarrassing and costly data breaches, and a plethora of industry data security mandates, breach notification laws and government privacy laws, organizations have responded and are doing a much better job of protecting payment card data and personally identifiable information from cyber criminals and accidental loss using encryption."
Credit Card Skimmer Found On Gas Pump - www.clipsyndicate.com - 12/09/09 - "A device used by thieves to intercept credit card information was found Monday on a gas station pump."
Verizon: Data Breaches Getting More Sophisticated - www.wired.com - 12/09/09 - "Methods of stealing data are becoming increasingly sophisticated, but attackers are still gaining initial access to networks through known, preventable vulnerabilities, according to a report released by Verizon Business on Wednesday. “The attackers still usually get in the network through some relatively mundane attacks,” said Wade Baker, research and intelligence principal for Verizon Business’s RISK Team, in an interview."
Verizon Business Issues 2009 Supplemental Data Breach Report Profiling 15 Most Common Attacks - www.verizonbusiness.com - 12/09/09 - "The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold. In the “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” Verizon Business security experts tap the company’s detailed investigative records to identify, rank and profile the most common attacks."
The Point-Of-Sale Problem - www.storefrontbacktalk.com - 12/09/09 - "Albert Gonzalez—who has already pleaded guilty to masterminding a cyberthief ring that stole data from TJX, BJ’s Wholesale Club, Boston Market and Sports Authority, among other major chains—signed papers this month agreeing to plead guilty to the remaining federal charges against him. But one of the retail chain victims, which federal officials have yet to officially identify, asked the court to protect its “dignity” by preventing the government from releasing the chain’s name."
The Point-Of-Sale Problem - www.kptv.com - 12/08/09 - "A device used by thieves to intercept credit card information was found Monday on a gas station pump in Vancouver, police said. Vancouver police said the skimming device had been plugged into the wiring behind the panel of a gas pump at the 7-Eleven at 5600 E. Fourth Plain Blvd. It didn't impact customers' ability to purchase gas and it was well hidden from view, according to officers. An employee servicing the gas pump Monday afternoon discovered the device."
The Point-Of-Sale Problem - www.informationweek.com - 12/07/09 - "Point-of-sale systems, where customer credit or debit cards are swiped for payment, are one of the most frequently used computing systems in the developed world. They're also targeted by criminals. For instance, in 2005 attackers compromised POS systems at a Marshalls retail store and stole cardholder data. That same year, attackers stole the source code for Wal-Mart's custom-built POS systems."
Data Breaches in 2009 – a year in review - www.assassin711.com - 12/05/09 - "Welcome to my blog site! This blog is dedicated to technology, IT security, life, and humor. Please feel free to share your comments on this blog or contact me for any reason. Sincerely, Aamir Lakhani"
Webinar: Secure Commerce Payment Data - Dec 8, 2009 - www.cybersource.com - 12/04/09 - "Manage payment security without adding more proverbial locks and bolts to your infrastructure. Secure your payment process – including PCI compliance – with less cost, complexity and time. Discover how your peers are adopting a safer, more secure approach by eliminating all contact with payment data - a strategy we call Enterprise Payment Security 2.0."
The Merchants Strike Back? - www.abc.net.au - 12/04/09 - "The Commonwealth Bank says it plans to further boost its retail security systems, including anti-skimming devices on ATMs in the Illawarra. The upgrade comes after hundreds of people lost tens of thousands of dollars in northern Wollongong when their credit card details were skimmed at a service station at Austinmer. Police say the illegal activity has stopped but an investigation into the illegal transactions is still ongoing. The bank's head of financial crime management, Richard Moore, says the anti-skimming devices are part of a program to significantly help in preventing fraudulent activity."
Police warn about holiday scams - www.wtoctv.com - 12/04/09 - "Police are warning people about the increase of scams during the holiday season. Police recently found a couple of skimmer devices placed on bank ATM machines. The device steals your debit card information and pin. There has also been more reports of internet fraud such as false sweepstakes that ask you to cash a counterfeit check, and phising web sites which pose as a bank and ask for your personal information."
Long Island, NY - Police Warn of ATM Skimmers - www.vosizneias.com - 12/03/09 - "Nassau County Police are on the lookout for two bad guys trying to put skimmers on ATM's. "A skimmer is a device used to obtain information from your ATM card," said Nassau County Police Detective Mike Bitsko. When you are using an ATM, if something does not look right, move on to a different machine. When entering your PIN, make sure that you cover the keyboard or the ATM machine. Also, when entering the bank, make sure that no one follows you in without using their ATM card," said Bitsko."
The Merchants Strike Back? - www.infolawgroup.com - 12/03/09 - "With the recent news of several restaurants teaming up to sue point-of-sale system provider Radiant Systems (a copy of the complaint can be found here) for failing to comply with the PCI Standard, it appears that some merchants may be in a mood to strike back in the aftermath of a payment card security breach. This lawsuit comes in the wake of a couple lawsuits against payment card security assessor Savvis for allegedly failing to properly validate a processors' Visa CISP compliance (admittedly in this case it is the merchant bank suing the assessor, but a similar cause of action could exist for a merchant if its assessor makes a mistake in verifying PCI compliance)."
Merchant e-Solutions Offers Free Tokenization Services - www.paymentsnews.com - 12/03/09 - "Merchant e-Solutions has announced that it is providing merchants with a tokenization solution at no extra cost to protect sensitive credit card data and reduce the burden of PCI compliance. In focusing on the requirements of multi-channel merchants in retail, mail order/telephone order (MOTO) and ecommerce (card-not-present) businesses, merchants using this secure technology through the MeS proprietary platform, payment gateway or virtual terminal, will find it easier to comply with PCI requirements."
Howard Schmidt: mobile devices next attack vector - www.securecomputing.net.au - 12/03/09 - "As servers and desktops become too tough to crack, malicious hackers will turn their attentions to smart phones such as the iPhone, former Microsoft security officer Howard Schmidt told a gathering of security professionals in Sydney today. Speaking to the Australian Information Security Association annual seminar day, Schmidt (pictured) said the recent exploit from 21-year-old Wollongong hacker Ashley Towns was the "tip of the iceberg"."
Abbotsford Police issue photos of 'clueless' suspects - www.bclocalnews.com - 12/03/09 - "Police are circulating photos of three "clueless" fraud suspects after they hit business establishments in both Abbotsford and Coquitlam last week. Abbotsford fraud investigators want the public to identify three people who attempted to skim debit and credit card information with a stolen PIN pad, said Const. Ian MacDonald. RCMP investigated after the suspects allegedly stole a PIN pad device from a Coquitlam furniture store on Nov. 26."
Bank didn't notice ATM skimmer for a week - www.smh.com.au - 12/03/09 - "The Commonwealth Bank has admitted an ATM skimming device was fitted to a South-East Queensland cash machine for nearly a week before anyone noticed. The skimmer, which is used by criminals to capture bank card details later used to steal money and in identity fraud, was discovered at a Commonwealth Bank machine at Stockland Caloundra, on the Sunshine Coast, on November 25."
Ajax fraudsters guilty of criminal organization charge - www.newsdurhamregion.com - 12/03/09 - "Two Ajax men have been found guilty of participating in a criminal organization for their roles in a debit card-skimming operation that targeted at least one Durham bank. Ian Laffan, 34, and Corrie Wheartly, 37, pleaded guilty to numerous charges including conspiracy to commit an indictable offence and fraud in mid-November. They also pleaded guilty to participating in a criminal organization, a relatively new section of the Criminal Code that addresses organized crime."
Visa, MasterCard, AMEX Grilled Over Web Scams - www.forbes.com - 12/03/09 - "Sen. John D. Rockefeller, D. W.Va., wants to turn the spotlight on an often overlooked participant in some of the Web's shadiest schemes: credit card companies. In an open letter sent Thursday to Visa ( V - news - people ), MasterCard ( MA - news - people ) and American Express ( AXP - news - people ), Rockefeller demanded that the companies provide information on the safeguards they have in place to prevent and respond to the hidden fees charged by a small group of grey market companies that make misleading offers to consumers on hundreds of seemingly reputable e-commerce sites."
Police hunt pair who tried to put card-skimmer in ATM - www.newsday.com - 12/02/09 - "Police are searching for a man and woman who broke a light on a bank ATM in an attempt to insert a card-skimming device. Nassau County police said the incident took place at the Wachovia Bank on Plandome Road in Manhasset Sept. 10 between 7:54 p.m. and 11:44 p.m. The pair's images were captured by the automated teller machine camera. Police said the incident left the ATM inoperable."
Police hunt pair who tried to put card-skimmer in ATM - www.am-ny.com - 12/02/09 - "Police are searching for a man and woman who broke a light on a bank ATM in an attempt to insert a card-skimming device. Nassau County police said the incident took place at the Wachovia Bank on Plandome Road in Manhasset Sept. 10 between 7:54 p.m. and 11:44 p.m. The pair's images were captured by the automated teller machine camera. Police said the incident left the ATM inoperable."
Recognizing the payment industry achievements of 2009 and looking ahead - www.scmagazineus.com - 12/02/09 - "When I took over as chair of the PCI Security Standards Council in January, I knew it was going to be a busy year. I've witnessed the payment community come together in unprecedented ways by putting aside individual opinions and staying focused on how we can continue to evolve and develop the PCI Data Security Standard (PCI DSS) to best protect cardholder data on a global level."
Debit card skimming heats up - www.bclocalnews.com - 12/02/09 - "Police are grappling with a major spike in debit card skimming activity in the Lower Mainland. Fraudsters have stepped up their efforts to illegally harvest card data and passwords, forge fake cards and then suck money out of victims' bank accounts, according to Sgt. Tony Farahbakhchian, the RCMP's Pacific region counterfeit coordinator. "The increase is significant," he said, but added he doesn't have precise numbers of banking customers affected."
Eldersburg Bank of America patrons fall prey to ATM skimming scheme - www.eldersburg.net - 12/01/09 - "Thieves recently stole thousands of dollars from users of Eldersburg’s Bank of America ATM located at 6400 Ridge Road, state police said. Trooper Corey Green of the Maryland State Police said there were several methods that a thief could use to steal bank card information, including using cell phone cameras to capture critical information. The method in this case was a card skimmer, which is equipment installed on an ATM machine and disguised so as to not look out of the ordinary."
Police looking for nasty combo - www.bclocalnews.com - 12/01/09 - "It’s 9:45 p.m. on a Saturday night when two young men walk into a Wendy’s restaurant, looking for something to eat. Just minutes before closing, the pair heads up to the till and places an order. They pay with cash and, after a few moments, an employee places some food on a tray and briefly walks away. It takes the two men mere seconds to pull off one of the costliest scams plaguing the retail world these days."
Hancock Fabrics: 4th State Linked to Possible Breach - www.bankinfosecurity.com - 12/01/09 - "A fourth state has been linked to the recent fraud associated with national retailer Hancock Fabrics. An Oklahoma-based bank reported it had to replace 1,000 cards last week because of fraud linked to Hancock stores, according to Elaine Dodd, vice president of the Oklahoma Bankers Association Fraud Division. The United States Secret Service is investigating the incidents, Dodd says. In November, bank customers in California, Wisconsin and Missouri reported fraudulent ATM withdrawals that police say are tied to credit and debit card transactions conducted with Hancock Fabrics stores."
Decoding the Encryption Enigma - Transaction Trends Magazine - 12/09 - "As the industry tries to stay ahead of clever thieves with tactical fixes and a safer infrastructure, some companies are turning to end-to-end encryption to safeguard data."