VeriFone Secure Retail Payments

Payment Security Web Portal Brought to You by VeriFone

News

These are the most recent news articles we have collected. For our archived news collection, please click here.

February 2010

Cybersecurity Enhancement Act passed by US House - http://www.securecomputing.net.au - 2/5/10 - "One week after having nearly 50 of its websites defaced by hackers, the US House of Representatives has passed a bill that would seek to improve cybersecurity within the federal government and the public sector."
Hospitality Industry Hit Hardest By Hacks - www.darkreading.com - 2/4/10 - "Trustwave report on data breach investigations shows hotels were breached more than financial institutions last year, and nearly all attacks were after payment-card data "
Criminals exploiting flood of leaked personal data - www.securecomputing.net.au - 2/5/10 - "Incidences of personal data being stolen and sold online have soared by 230 per cent since 2007, according to new figures from fraud database firm Lucid Intelligence."
Rash of debit card fraud hits Flagler - www.news-journalonline.com - 2/5/10 - "While Steve Woodsmall traversed northeast Florida, stopping off at the doctor, refereeing a basketball game, thieves were on a spending spree -- on his dime."
The 2009 PCI DSS and Protecting Cardholder Data Report - www.aberdeen.com - 2/4/10 - "This benchmark report, Aberdeen's third annual study on PCI DSS and Protecting Cardholder Data, provides year-over-year insights into the progress that affected organizations have made in achieving and sustaining compliance with the Payment Card Industry Data Security Standard, as well as the specific areas of greatest challenge."
PCI DSS Releases FAQ about End to End Encryption - retailpayments.blogspot.com - 2/4/10 - "While major updates to the PCI Data Security Standard get issues with new versions, such as the one to be published later this year, the PCI Security Standards Council often releases FAQ’s that provide clarification or guidance to merchants and QSA’s. In December, the PCI SSC published an FAQ dealing with the impact of end to end encryption on PCI Scope."
Credit union's Visa debit cards breached - www.recordonline.com - 2/4/10 - "A debit card problem has affected some cards issued by Hudson Heritage Federal Credit Union. About 85 accounts were potentially exposed, and the bank has issued new cards to the affected accounts and is monitoring for possible fraudulent activity, said bank President and CEO Michael Ciriello. Bank officials think the breach occurred either at a specific merchant or a third-party transaction processor that was not abiding by Visa's rules."
Hackers Target Hotels for Card Data As Malware Gets More Insidious - www.digitaltransactions.net - 2/4/10 - "A growing emphasis by computer hackers on stealing payment card data from hotels and resorts and their increasingly sophisticated malicious software and attack methods are two highlights in a new report from security consulting and technology firm Trustwave Holdings Inc."
Hacker attacks Ceridian; data from 27,000 at risk - www. startribune.com - 2/4/10 - "A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially revealed the names, Social Security numbers, and, in some cases, the birth dates and bank accounts of 27,000 employees working at 1,900 companies nationwide."
107.5 Kiss FM - Debit Card Fraud Prompts Warning - www.1075Kiss.com - 2/4/10 - "Police say there could be more than 60 victims of a debit card skimming scam in the North Okanagan. One person is said to have been victimized of $1,000, twice, while another had $800 taken from an account."
Las Cruces Credit theft sours winery experience - www.lcsun-news.com - 2/3/10 - "It certainly wasn't the wine or the bowtie pasta at St. Clair Winery & Bistro that left a bad taste in Bianca Villani's mouth. It was the call from Visa, informing her that someone in Maryland was trying to put hundreds of dollars of purchases on her card and the cards of two of her other friends - who had also gone to the Dec. 11 dinner."
Report Details Hacks Targeting Google, Others - www.wired.com - 2/3/10 - "It’s been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies."
Making The Best Of Today's Payment Processing Security Options - www.bsminfo.com - 2/2/10 - "There's been a lot of press in the past couple years concerning payment processing. While huge breaches may not have shaken consumer confidence (the use of cards continues to far outpace the use of cash), the financial burden placed on everyone from the card issuers down to the merchant have many clamoring for reform. Currently, there are a number of trends concerning reform, associated security, and card processing in general that could affect point of sale (POS) VARs."
CyberSource Online Fraud Report-11th Annual Online Payment Fraud Trends, Merchant Practices and Benchmarks - www.cybersource.com - 2/2/10 - "Download your copy of CyberSource's Online Fraud Report- New 2010 Edition! Compare your results. Most companies reported improved metrics in 2009, but see the challenge increasing due to “cleaner” fraud. 60% say enhancing automated detection will be their primary focus in 2010. See which tools they plan to use. Read about this and over 25 other fraud management benchmarks, trends, and practices."
VeriFone’s PAYware Mobile Now Available on App Store as Credit Card Encryption Sleeve Begins Shipping - www.businesswire.com - 2/1/10 - "VeriFone Holdings, Inc. (NYSE: PAY) today announced it is shipping its PAYware Mobile secure credit card encryption sleeve for iPhone and that the complementary PAYware Mobile App is now available on the App Store. PAYware Mobile provides small businesses with simple and secure card processing capabilities using the revolutionary iPhone. The app and patent-pending card encryption technology are provided free in conjunction with a low cost PAYware gateway services agreement."
Cybercrime Checks Into The Hotel Industry - www.forbes.com - 2/1/10 - "Over the past year America's hotels have had some uninvited guests: a wave of increasingly sophisticated invasions by organized cybercriminals. That's one finding of a report that cybersecurity researcher Nicholas Percoco plans to present Tuesday at the Black Hat security conference in Arlington, Va. His data shows a spike in hacking incidents that successfully targeted hotels and resorts, what Percoco describes as relatively unprotected sources of thousands or even millions of credit card account details."
Rethinking the Fortifications: Q&A With Heartland CIO Steven Elefant - www.technewsworld.com - 2/1/10 - "It's been a year since a hacker wheedled into Heartland Payment Systems' network and carried out one of the largest criminal credit card data breaches ever. The fallout from that break-in is still clearing, but Heartland's CIO Steven Elefant says the company has instituted changes to way it handles sensitive data, starting with an encryption system that's truly end-to-end, not just point-to-point."

January 2010

Cocoa Beach police find illegal ATM skimmer - www.floridatoday.com - 1/31/10 - "Someone attached a “skimming device” to an ATM at Bank of America on North Atlantic Avenue in Cocoa Beach, and police believe an unknown number of victims may be susceptible to identity theft. A skimmer is an electronic device that criminals attach to the card-reading slot of an ATM. These devices are disguised to look like they are part of the ATM — but unsuspecting victims swipe their cards through them while accessing their accounts."
Two more arrested in alleged ATM scheme - www.boston.com - 1/30/10 - "Two more suspects, including one who was in possession of nearly $100,000 when he was arrested, are facing charges in an alleged scheme to steal ATM card data from unwitting customers in Eastern Massachusetts, authorities said yesterday. One of the two, Anton Venkov, 40, of Toronto, was arrested Thursday by the US Secret Service in Boston and charged with using counterfeit bank account access codes and aiding and abetting the plot."
4 Arrested in Skimmer Scam Gwinnet County Skimming Scheme - www.wsbradio.com - 1/29/10 - "Gwinnett County Police have arrested four people, including a juvenile, in a fraud involving debit cards. Police say Cortes Luciano worked at a fast-food restaurant on Pleasant Hill Road and used a skimmer to get customers' credit card information when they paid for their food. One of the at least 26 victims, says they charged 400 bucks with her card. "The only time it's ever out of my hands is when I have to hand it over to pay for something, instead of swiping it myself," says Missy Vogel."
U.S. Secret Service estimates an annual loss of $1 billion specifically from ATM skimming - www.rgj.com - 1/29/10 - "Their debit or credit cards were safely tucked away in wallets, never out of sight. No one else knew their confidential PIN numbers. But somehow, transactions for hundreds of dollars were made using their bank accounts, some at stores they had never visited in cities as far away as Florida and Ohio. Now, Reno residents John Scott and Misty Hinton want to know how this happened. Both had their debit cards cloned and then used at their bank's ATM machines to withdraw $280 multiple times."
Old National also hit by ATM scam - www.wlfi.com - 1/28/10 - "One Old National Bank location was compromised by an automated teller machine (ATM) "skimming device" earlier this month, a spokeswoman confirmed Thursday. A handful of local residents were affected, she said, but the bank has been able to secure the information of any debit cards that may have been compromised."
Restaurant debit machine compromised in BC Canada - www.bclocalnews.com - 1/28/10 - "A restaurant debit machine compromised last fall recorded about $25,000 in fraudulent activity before the breach was noticed. Const. Janelle Shoihet said the tampering was reported to police Jan. 13, after a bank brought the breach to the White Rock business’ attention. Shoihet would not disclose which restaurant was targeted, stating customers at risk are typically contacted through banks and credit card companies."
Researchers slam 3-D Secure as insecure - www.securecomputing.net.au - 1/28/10 - "Verified by Visa and SecureCode 'fatally flawed'. University of Cambridge researchers have launched a withering attack on the 3-D Secure protocol used by Visa and MasterCard to authenticate online customers, branding it "a textbook example of how not to design an authentication protocol"."
New PCI Phone Rules: A Number Spoken Is Just As Risky As One Typed - www.storefrontbacktalk.com - 1/28/10 - "Last week, PCI changed its policy on audio recordings. It now instructs retailers to treat a digital audio capture exactly the same as if it was written. This means that all of those call centers asking for credit card details over the phone must dispose of those recordings, or at least the parts that store the prohibited data, immediately. The PCI community has been debating the audio rules for years, with our first story on it back in August 2007. (No, we won’t say that this is the first sound decision from PCI in years. Plays on words and data security stories rarely mix well.)"
Data Breach Cost Numbers Games - www.storefrontbacktalk.com - 1/28/10 - "Over the last few weeks, one of the most common questions we’re hearing discussed is “Is PCI really worth it?” These are multi-billion-dollar retail chains asking this question. But there’s a lot more behind the question than it might initially seem. In a marked contrast to the same kinds of questions two years ago, the intent is not to ignore security. Indeed, many of the chains considering some a heresy question are already putting in place security procedures that go well beyond current PCI requirements."
Nation's toughest personal info law about to take effect - www.gcn.com - 1/27/10 - "Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law, passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls."
Bob Russo: No major PCI DSS revision expected in 2010 - searchsecurity.techtarget.com - 1/27/10 - "PCI Security Standards Council general manager Bob Russo said the next revision of the Payment Card Industry Data Security Standard (PCI DSS), due in October, will contain clarifications but no major changes to the standard. "There won't be any surprises," Russo said. "We're more likely to see guidance documents." Encryption, virtualization and the use of more secure payment terminals are expected to gain more attention."
Study: Of All Breaches, Those Caused by Hacking Are the Costliest - www.digitaltransactions.net - 1/27/10 - "The cost of data breaches rose slightly last year, but breaches resulting from computer hacking incurred by far the highest losses, according to a new report from privacy and data-security research firm Ponemon Institute LLC. The average cost per compromised customer record rose to $204 in 2009 from $202 in 2008 and $138 as recently as 2005, according to Traverse City, Mich.-based Ponemon’s '2009 Annual Study: Cost of a Data Breach.'"
PNC Bank ATMs Hacked Into, Customers Discover Money Missing - www.thepittsburghchannel.com - 1/27/10 - "A Pittsburgh couple discovered $1,400 missing after their PNC Bank account was hacked into. The woman, who did not want to be identified, told Channel 4 Action News that her husband noticed the money missing from a checking account after a trip to the PNC location in Forest Hills. "I reconcile my bank statements religiously, so I noticed it right away," the woman told Channel 4 Action News' Tara Edwards."
US oil industry hit by cyberattacks: Was China involved? - www.axcessnews.com - 1/26/10 - "At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable "bid data" detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show."
Crime Spree Targets Arizona Drivers - www.kpho.com - 1/26/10 - "It's an old crime with a new target. According to the Arizona Department of Weights and Measures, someone is stealing credit card information from drivers filling up at the pump at various gas stations. Police in Kingman, Bullhead City and Lake Havasu City have reported a rash of skimming scams at various gas stations and they said the crooks could be headed to Phoenix. Investigators said the scam artists are installing small devices, like a flash drive, into the credit card portion of the gas pump that will then record the personal data of drivers when they swipe their cards."
Encryption on the Front Lines of Defense - www.americanbanker.com - 1/26/10 - "An increasing number of companies are concerned that current standards to protect payment card data may be subpar, and have seized on encryption. Some of the biggest names in payments have endorsed encryption, with several vendors offering or testing systems that encode card data as soon as it hits the processing chain. And though there is no standardized approach for delivering encryption capabilities, there is a growing consensus that it is becoming a crucial element of a security strategy."
ATM fraud up in recent weeks - www.rgj.com - 1/26/10 - "Their debit or credit cards were safely tucked away in wallets, never out of sight. No one else knew their confidential PIN numbers. But somehow, transactions for hundreds of dollars were made using their bank accounts, some at stores they had never visited in cities as far away as Florida and Ohio. Now, Reno residents John Scott and Misty Hinton want to know how this happened."
PCI QSAs, certifications to get new scrutiny - searchsecurity.techtarget.com - 1/26/10 - "The Payment Card Industry Security Standards Council (PCI SSC), under pressure from merchants to improve the training of its certified Qualified Security Assessors (QSA), has detailed plans to beef up its PCI QSA certification review process, adding much needed staff and funding to improve oversight of the individuals who conduct PCI Data Security Standard (DSS) compliance assessments."
Different technologies vie to protect payments - www.digitalidnews.com - 1/25/10 - "End-to-end encryption, dynamic cryptograms and EMV are all options being considered to protect payment transaction data in the U.S. The goal is to prevent data breaches, such as the one with Heartland Payment Systems in 2008, and make it easier for merchants and processors to secure the information. It’s estimated that tens of million of payment card numbers were compromised when hackers planted malicious software in Heartland’s system. Processors and merchants are supposed to comply with the Payment Card Industry Data Security Standard, a specification that many say is confusing, onerous and doesn’t do enough to protect payment card information."
Simulated onslaught to bolster security - www.greensheet.com - 1/25/10 - "On Feb. 9 to 11, 2010, payments industry organizations will take part in a cyber attack simulation exercise designed to test the security of payment networks, educate organizations on system vulnerabilities and recommend improvements to better secure those networks. The exercise, dubbed the Cyber Attack against Payment Processes (CAPP), is being organized by the Financial Services Information Sharing and Analysis Center."
Data Breach Report: Malicious Attacks Doubled in 2009 - www.bankinfosecurity.com - 1/25/10 - "Malicious criminal attacks have doubled, and the average cost of a data breach has increased to $204 per compromised record. These are the headlines from the 5th annual "Cost of a Data Breach" study by the Ponemon Institute. The study shows that the total cost of a data breach rose to $204 from $202 per compromised record. Dr. Larry Ponemon, President and CEO of the Ponemon Institute, says the increase is a "big deal" because it shows that data breaches continue to be a costly event for all organizations."
BRUCE RUTHERFORD NAMED NEW PCI SECURITY STANDARDS COUNCIL CHAIRPERSON - www.pcisecuritystandards.org - 1/25/10 - "Today, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council."
Four indicted in courthouse credit card scam - www.seattlepi.com - 1/24/10 - "A federal grand jury has indicted four people accused of paying insiders at a courthouse and a local fast-food joint to steal dozens of victims' debit or credit card numbers, then fraudulently using the information to purchase hundreds of thousand dollars' worth of gift cards. Diamond Alexander, Jr., Crystal Lee, Cassie St. Cyr and Timur Harris all pleaded not guilty to six counts of bank fraud."
Waiter pleads guilty to identity theft, fraud - www.sfgate.com - 1/23/10 - "A former Kansas City man has admitted stealing credit card information from customers while he was a waiter at a Country Club Plaza restaurant. John David Woody of Los Angeles pleaded guilty to identity theft and credit card fraud on Friday in federal court in Kansas City. The 35-year-old admitted that he stole information from 20 customers at the Brio Tuscan Grille in July and August 2008. Prosecutors say Woody used an electronic device to skim the magnetic strip on the back of credit cards to obtain the information. He then used the credit card numbers to purchase goods online, including thousands of dollars worth of DVDs."
STRATEGIC SECURITY TESTING WEBCAST - www.coresecurity.com - 1/22/10 - "In this webcast, noted security and penetration testing expert Dr. Eric Cole will share his insight into how organizations can rapidly improve their resiliency to today’s most advanced malware and hacking techniques via more frequent and proactive assessment. Attackers continue to take advantage of widespread security vulnerabilities located throughout the enterprise IT stack to infiltrate sensitive assets and access protected data, perhaps best evidenced by the recent IE zero day attacks that compromised massive companies including Google."
Joint force operation leads to arrests for debit card fraud in Toronto - www.newswire.uk - 1/22/10 - "The continuing joint force partnership to combat credit debit and credit card frauds between the Ontario Provincial Police (OPP) Organized Crime Enforcement Bureau (OCEB) - Identity Crimes Unit and Durham Regional Police Major Crime - Fraud Unit (DRPS) has resulted in the arrest of seven males and two females for point-of-sale terminal "pin pad" tampering."
Westpac blocks 10,000 skimmed cards in NSW - www.news.com.au - 1/22/10 - "MORE than 10,000 cards have been blocked in just over a week by one of the biggest banks. The move comes as the full impact of EFTPOS skimming emerged earlier this week. Police revealed on Wednesday that $50 million had been stolen from NSW bank accounts by the biggest skimming operation in the state's history. The Daily Telegraph has learned Westpac/St George Bank has blocked between 10,000 and 11,000 debit and credit cards in the past 10 days."
BCA Also Breached from Australia - en.vivanews.com - 1/22/10 - "Indonesia-based Bank Central Asia installs ATMs all over the provinces in Indonesia. The international banking criminals saw this as a chance to crack the system and steal the money. BCA is not only breached from Toronto, Canada, but also Australia."
10 Faces of Fraud in 2010 - www.bankinfosecurity.com - 1/22/10 - "Ghosts of Crimes Past and Present Will Haunt the Future of Banking Institutions and Customers "The more things change, the more things stay the same." This old saying holds true when it comes to the different types of fraud hitting financial institutions. In 2009, institutions were hit from every angle with fraud schemes -- some were old, and some were new variations."
Thousands of shoppers' credit cards may have been 'skimmed' at ASDA - www.thenorthernecho.co.uk - 1/22/10 - "POLICE have warned shoppers to check their bank accounts after a sophisticated credit card skimming device was discovered. The machine was found by an alert shopper at the Asda supermarket in Whinbush Way, Darlington. Police said last night that the skimmer may have been operating for at least two days and they had no idea how many people may have unwittingly given up their credit card details."
Independent QSA Technical Assessment of VeriShield Protect - retailpayments.blogspot.com - 1/21/10 - "VeriFone has contracted with Coalfire Systems, Inc. a leading IT security consulting firm and PCI QSA to conduct an independent technical assessment of VeriShield Protect. The goal of this assessment is to determine if VeriShield Protect meets and follows industry standards, how a proper implementation of VeriShield Protect can improve the security of a retailer’s cardholder environment and the impact VeriShield Protect can have on reducing PCI scope and compliance costs."
Gartner urges users to get off IE6 - www.securecomputing.net.au - 1/21/10 - "Gartner's Neil MacDonald has claimed that in the longer term, there are three key things to learn from Operation Aurora: run more users as standard user, get off IE6 as soon as possible, and use defence-in-depth at the endpoint."
The Secure POS Vendor Alliance Broadens its International Reach with Five New Payment Company Members - www.businesswire.com - 1/21/10 - "The inaugural year of the Secure POS Vendor Alliance (SPVA) wrapped up with the same enthusiasm with which it began – capped off by the membership of five more leading payment and enterprise security companies. Joining the SPVA are Elavon, ID TECH, Independent Purchasing Cooperative, Inc. (IPC), Voltage Security, Inc., and the first Asia-based company, GHL Systems Berhad."
Heartland Breach: State of Payments Security 1 Year Later - www.bankinfosecurity.com - 1/21/10 - "It has now been one year since the Heartland Payments System breach was made public. What lessons have been learned and what more needs to be done to improve the security of the payment industry? We asked four information security experts for their take on Heartland: One year later."
BBB Initiative Arms Small Business Owners With the Tools to Protect Business and Customer Data - www.prnewswire.com - 1/21/10 - "Better Business Bureau and partners Symantec Corporation, Visa Inc., Kroll's Fraud Solutions and NACHA – The Electronic Payments Association today launched a new national education initiative to help small business owners overcome any previous reluctance to taking the necessary steps to protect their sensitive customer and business data, so they won't become the next victim of a data breach."
Javelin Study: End-to-End Encryption, Tokenization, and EMV in the US - www.paymentsnews.com - 1/21/10 - "Javelin has announced a new report titled "End-to-End Encryption, Tokenization, and EMV in the US: Vendor Analysis of Emerging Technologies and Best Hybrid Solutions" that "assesses the capabilities of end-to-end encryption, tokenization, virtual terminals, magnetic-stripe security and the EMV standard as solutions to combat payment-related data breaches.""
Some Banks Try Again For Class-Action Heartland Lawsuit - www.storefrontbacktalk.com - 1/21/10 - "Shortly after Heartland tried to sweep away most of the lawsuits against with a series of recent negotiated settlements, a group of banks is trying to persuade other banks to reject the settlement offer and support a class-action lawsuit against Heartland."
Gangs skim $50m from EFTPOS machines - www.news.com.au - 1/21/10 - "POLICE admit that Australia is in the midst of its biggest ever EFTPOS skimming crime wave. An unprecedented attack by an international criminal gang on retailers' EFTPOS machines has seen $50 million fleeced from hard working Australians. The wave of attacks on EFTPOS machines in NSW was yesterday described by NSW fraud squad head Detective Superintendent Colin Dyson as "the biggest I've seen"."
Addressing Data Breaches: How to Decrease Fraud Losses while Creating Customer Loyalty - www.javelinstrategy.com - 1/20/10 - "Join Javelin Strategy & Research for a complimentary webinar presentation addressing data breaches. With about 11% of consumers receiving breach notifications in the past three years, concern over personal data security and identity fraud is also on the rise."
Heartland Moves to Encrypted Payment System - www.pcworld.com - 1/20/10 - "Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr."
2 arrested in ATM tampering scheme - www.cbc.ca - 1/20/10 - "Winnipeg police have arrested two men in connection to a tampering scheme that targeted automated teller machines in the city. A 29-year-old and a 39-year-old are facing more than 100 counts relating to offences including wearing disguises with intent to commit crimes, forgery, and unlawful use of credit card data."
Central Bank Tells Account Holders Their Funds Are Safe Amid ATM Scam - www.thejakartaglobe.com - 1/20/10 - "Bank Indonesia on Wednesday sought to assure bank customers that their money was safe and that those who have reported an unexplained dwindling of their accounts would have the missing sums reimbursed. More than a dozen customers of three banks in Bali have reported that their accounts had decreased significantly with money withdrawn without their consent, police said. The central bank later announced that six lenders nationwide had reported customers losing funds."
Proposed VISA/Heartland Data Breach Settlement May Pay Banks and Credit Unions Pennies on the Dollar - www.prnewswire.com - 1/20/10 - "Banks and credit unions that issued VISA payment cards compromised by the Heartland Payment Systems data breach, the largest data breach in history, should carefully review the proposed settlement between Heartland and VISA. The proposed settlement has many weaknesses: (1) it may offer little compensation to payment card issuers, (2) it gives banks and credit unions little time to decide whether to participate, (3) it releases Heartland and other parties that may be liable, and (4) it is being touted for reasons that are not entirely accurate."
Thales and Voltage Security Forge Technology Integration and Partnership to Deliver End-to-End Encryption and Key Management to Secure Payments - www.pymnts.com - 1/20/10 - "Thales, leader in information systems and communications security, and Voltage Security, Inc., the global leader in end-to-end data protection, announce a technology integration and partnership centered around delivering End-to-End Encryption and key management solutions for the payments industry and broader enterprise security applications. Through the partnership, the two companies have worked together to integrate Voltage SecureData technology with Thales hardware security modules (HSMs) for customers, Heartland Payment Systems being an example."
Are Tokenization And End-To-End Encryption Substitutes? - www.storefrontbacktalk.com - 1/20/10 - "If your goal is to limit your PCI scope, should you pursue tokenization or end-to-end encryption? Or should you do both? I find it interesting that many large (L1 and L2) merchants are actively pursuing both options, and I’m wondering if that really makes sense from either a PCI or an economic perspective. Maybe tokenization and end-to-end encryption are just two closely related approaches that can, when properly implemented, accomplish the same thing: minimize your total PCI scope."
Two Charged In Debit Card Fraud - www.cjob.com - 1/20/10 - "Police have arrested two Winnipeg men in an ATM fraud case that detectives believe could have resulted in more than a million dollars in theft. Police allege the pair who are brothers-in-law were living lavish lifestyles from money they were skimming off of stolen debit card information. Police say their investigation started last fall. Detectives say there were at least 38 incidents where the suspects would put a devise over a legitimate ATM to steal credit card data and swipe PIN numbers using tiny cameras."
Heartland's Acquiring Banks Sued - www.bankinfosecurity.com - 1/20/10 - "Five financial institutions have filed a class action suit alleging that two acquiring banks, Heartland Bank and Key Bank, should be included as defendants and share responsibility for damages caused by the Heartland Payment Systems data breach. Lone Star National Bank, PBC Credit Union, O Bee Credit Union, Seaboard Federal Credit Union and Pennsylvania State Employees Credit Union filed the class action complaint in the U.S. Southern District Court in Houston, TX on Tuesday."
Getting PCI Compliant—Now What? - CSP Magazine - 1/20/10 - "For the past several years, major data breaches of payment information have made headlines, sending shock waves through many businesses and industries, including the retail petroleum and convenience sectors. No one, from big corporations to the local taco stand, wants to be caught exposing its customers’ data—and encountering the legal and financial burden that a breach could place on a company."
Five Quebecers arrested for $1 million debit and credit card skimming fraud - www.pivotalpayments.com - 1/20/10 - "At least 11 Winnipeg businesses - and potentially more in other provinces - were victims of a debit card fraud scam, for which one man and four youth were just arrested by Winnipeg police. The man, Thomas Wayne Hope, and the four 17-year-olds - all from Quebec - had been stealing debit card PIN pads, inserting skimming devices, and then returning the devices."
Heartland Moves to Encrypted Payment System - www.pcworld.com - 1/20/10 - "Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr. "End-to-end encryption is a good way to mitigate the risk of having the kind of compromise that we and hundreds of other companies have had," Carr said in an interview."
The 2009 PCI DSS and Protecting Cardholder Data Report - www.pcworld.com - 1/20/10 - "Best-in-Class companies spent 45% less than all others to achieve initial PCI compliance. Best-in-Class companies spend 55% less annually than all others to sustain PCI compliance. Best-in-Class companies reduced audit deficiencies related to PCI by 7.5% on a year-over-year basis, compared to Laggards."
Skimmer in Sydney Rd ATMs - moreland-leader.whereilive.com.au - 1/20/10 - "TWO more card skimming devices have been found on ATMs in Sydney Rd. Detective Sen-Constable Mark Perna of Moreland CIU said a man using a Commonwealth Bank ATM in Brunswick felt the card entry slot was a little loose and was able to pull it off. “The skimmer covered the card entrance and had a microchip that reads the magnetic strip as the card enters,” Detective Sen-Constable Perna said."
Couple Wanted In ATM Skimming Scheme - www.fox5vegas.com - 1/19/10 - "A man and woman caught on camera placing a device on an ATM machine were attempting to steal debit card information, police said Tuesday. Photos released to FOX5 show the couple using the ATM twice in the same day. In one photo the man appears to be doing something to the machine while the woman is keeping an eye out for other customers."
Card reader found attached to ATM in Freehold Township - www.app.com - 1/19/10 - "Police are warning residents about a device that was attached to a West Main Street bank's ATM to record account information. An off-duty juvenile corrections officer found the device when he went to the Bank of America at 510 West Main St. around 3 p.m. Saturday, police said. As he tried to use the machine, he began having problems with his card, said Detective Sgt. Jerry Kiwit."
E-Commerce Data Security 2010: Learning From 2009's Debacles - www.technewsworld.com - 1/19/10 - "Tough economic times brought a surge in online shopping. As more people turn to the Web, merchant readiness for handling confidential data is more critical than ever for a successful online presence. Etailers must have their data protection systems in place before flipping the switch, rather than having a major disaster to clean up after a breach occurs. 2009 was the first year since 2005 that the number of data breach incidents recorded actually dropped. If that makes you feel a little more secure -- there is a counter side."
Taiwan man arrested for credit card fraud - enews.mcot.net - 1/18/10 - "A Taiwanese was arrested after attempting to use a stolen credit card to buy a pricey laptop at a Bangkok department store. Li Wen Ming, suspected of being part of a large Malaysian credit card fraud syndicate, attracted the attention of the shop owner, who verified that the legal card holder is Canadian. Police investigators seized other 17 false credit cards, a skimmer used for the theft of credit card information and other fraud tools in Mr Li’s possession."
NSW police target skimming scams - www.bigpondnews.com - 1/18/10 - "Credit card and debit card holders are being targeted in a new 'skimming' fraud scam. Police in New South Wales have formed a Strike Force to investigate the use of skimming devices. The Commonwealth Bank has confirmed financial institutions had been advised of a security issue on Friday."
DarkMarket mastermind pleads guilty - www.securecomputing.net.au - 1/18/10 - "A Sri Lankan man living in London admitted last week to being the mastermind behind the online hacker forum DarkMarket, which has been called one of the most nefarious criminal websites in the world. Renukanth Subramaniam, 33, pleaded guilty in London to conspiracy to defraud, according to a court spokeswoman. Subramaniam, who used the alias "JiLsi", admitted that he set up DarkMarket, a site that fostered cybercriminal collaboration and resulted in tens of millions of dollars of losses, according to a news release issued by the Serious Organised Crime Agency (SOCA) in London."
Information Security Clauses and Certifications - Part 1 - enews.mcot.net - 1/17/10 - "Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches."
Smaller Merchants May Offer Less Credit Card Security - www.creditcardguide.com - 1/16/10 - "According to a recent survey, credit card security may not be as alive and well as most consumers assume. The study surveyed 560 U.S. and multinational organizations for the degree to which they complied with the Payment Card Industry’s Data Security Standard (PCI DSS). The survey was conducted by the Ponemon Institute, a company specializing in research into privacy and information security policy."
Secure Remote Payment Council Announces Formation - www.paymentsnews.com - 1/15/10 - "The Secure Remote Payment Council, (SRPc) held its formation meeting and inaugural Board of Directors meeting in Dallas in December to install its Board, elect officers and set its 2010 agenda. The SRPc says it is "dedicated to the growth, development and market adoption of secure eCommerce and mobile payment methods"."
Debit-card 'skimming' scams - www.consumerreports.org - 1/15/10 - "Whether by choice or necessity, American consumers are increasingly relying on debit rather than credit cards. Debit-card spending has risen steadily, growing from 47.7 percent of purchases made with plastic in 2003 to 58.9 percent in 2008."
Winnipeg police bust fraud ring that stole PIN pads - www.vancouverite.com - 1/15/10 - "Police are asking merchants using debit card PIN pads to check units in their stores after cops busted a fraud ring that stole approximately $1 million. The group stole and replaced PIN pads after rigging them electronically so they could steal credit and debit card information of clients. It is not clear how many Winnipeg residents had their pin numbers stolen."
PCI DSS Expert Panel - Common Questions Answered - Trustwave and ETA - 1/14/10 - "The Electronic Transactions Association and Trustwave invite you to attend a complimentary interactive webinar titled, PCI DSS Expert Panel - Common Questions Answered. During this webinar, compliance and security experts from Trustwave will talk about the challenges faced by merchants when becoming PCI DSS compliant. This webinar is appropriate for most businesses but is primarily focused on helping those businesses with questions about validating PCI DSS compliance."
$900 withdrawn as debit card fraudsters hit again - www2.canada.com - 1/13/10 - "Editor: I wanted to make Optimist readers aware that debit card skimming has struck once again in Tsawwassen. I was a victim on Jan. 5 when thieves withdrew $900 (two separate transactions of $500 and $400) from my account using a TD Green Machine ATM. I noticed that morning and immediately contacted TD Easyline."
ATM skimmer discovered at Clayton Bank of America - www.ksdk.com - 1/13/10 - "It's becoming one of the most dangerous tools in America: ATM skimmers. Such a device can wirelessly and illegally transmit financial information from an ATM to a thief. A skimmer was found last month at a Clayton branch of Bank of America. It's believed that the skimmer was removed before any bank accounts were looted. Authorities say it's a very common scam across the country, but this is the first time a 'skimmer' has been reported in the St. Louis-area."
Card Industry Has a Compelling Case for Data Encryption, Report Says - www.digitaltransactions.net - 1/13/10 - "End-to-end encryption of cardholder account data during the transaction process is an imperfect solution to payment card fraud, but it’s the most practical out there now for the U.S., a new report about fraud management from Aite Group LLC concludes. The report estimates that fraud cost the U.S. card industry $8.6 billion in 2008. The fraud rate, however, 0.4% of $2.1 trillion in charge volume in 2008, has been stable for several years, according to report author Nick Holland."
Annual Security Trends Web Seminar - www.sonicwall.com - 1/12/10 - "2009 was a year of major shifts in network and computer security. Demands such as Social Networking, Virtualization, Consolidation, Downsizing and Outsourcing drove the agenda for nearly every organization. So what's in store for 2010?"
Alert Debit Card Fraud related to Arco 1950 S. Delaware - hancsm.wordpress.com - 1/11/10 - "SMPD received 80 reported cases of ATM/Debit card skimmer fraud during the month of December. SMPD Detectives were able to determine that the Suspects surreptitiously broke into a gas pump paying machine, and attached “a skimmer device” to the back of the key pad at the ARCO Gas Station located at 1950 South Delaware Street. The skimmer was connected to a wireless recording device which captures the ATM card number and the PIN number."
Prosecutor: drug ring shipped marijuana by FedEx - www.seattlepi.com - 1/11/10 - "A 31-year-old Seattle man described by federal prosecutors as the leader of a crime ring involved in both drug trafficking and bank fraud has been sentenced to 8 1/2 years in prison. Mario Earl was sentenced Monday for conspiracy to distribute marijuana and bank fraud. The U.S. attorney's office says the ring was distributing large amounts of marijuana in the Chicago area."
ATM Skimming Incidents Increase - www.bankinfosecurity.com - 1/11/10 - "In Raleigh, NC, 300 members of State Employees Credit Union had money skimmed from their accounts. The skimmer may have been placed at a gas station, say police. SECU is second largest credit union in the U.S., with $18.4 billion in assets. "This type of thing happens all the time, unfortunately," says Leanne Phelps, senior vice president of SECU's card and record services department."
Security upgrade on way at pump - www.bankinfosecurity.com - 1/10/10 - "A looming requirement to upgrade encryption security at the gasoline pump could put many convenience store operators in a tough spot financially, said Chris Newton, president of the Texas Petroleum Marketers and Convenience Store Association. By July, payment network Visa wants debit card payments requiring a PIN code to be made at terminals equipped with the Triple Data Encryption Standard, a tighter security method than what’s in use at some gasoline retailers."
Heartland in $60 mln settlement agreement with Visa - www.reuters.com - 1/7/10 - "Heartland Payment Systems Inc (HPY.N) said it reached a $60 million settlement agreement with Visa Inc (V.N), under which it will pay issuers of Visa-branded credit and debit cards for data security breach claims. Heartland, the fifth-largest payments processor in the United States, said the settlement was with respect to losses issuers may have incurred from a criminal breach of its payment systems in 2008."
Cyber Attack Exercise Planned - www.bankinfosecurity.com - 1/7/10 - "How prepared is the financial services industry in the event of a cyber attack? The Financial Services Information Sharing and Analysis Center (FS-ISAC), a national industry forum, will conduct Cyber Attack Against Payment Processes (CAPP), an exercise to measure the ability of financial institutions, payment processors, businesses and retailers to respond and recover from major cyber incidents."
Calls made to catch credit card skimmers - www.gympietimes.com - 1/7/10 - "THE Commonwealth Bank has confirmed that a skimming device was placed on the Commonwealth Bank Automatic Teller Machine (ATM) at Centro Gympie Shopping Centre. Commonwealth Bank media manager Steve Patten told The Gympie Times that the device was discovered and removed on December 9, but no customers’ details had been compromised."
Heartland Breach Shows Why Compliance Is Not Enough - www.pcworld.com - 1/6/10 - "Nearly a year after Heartland Payment Systems disclosed what turned out to be the biggest breach involving payment card data, the company remains a potent example of how compliance with industry standards is no guarantee of security. Princeton, N.J.-based Heartland last Jan. 20 disclosed that intruders had broken into its systems and stolen data on what was later revealed to be a staggering 130 million credit and debit cards."
A Look at PCI in 2010 - www.storefrontbacktalk.com - 1/6/10 - "What are the PCI stories we are likely to see in the coming year? We know there is a new/revised version of PCI due to become effective in October, but what are the likely changes? And let’s not forget the card brands themselves or the technology vendors who constantly promise to make merchants’ lives easier (if maybe a little more expensive). With a new year in front of us (and caution behind), here are some forecasts and speculation for the coming year in PCI."
Calls made to catch credit card skimmers - www.which4u.com - 1/6/10 - "People are being urged to get in touch with police if they have any information about a number of credit fraudsters currently in operation. Detectives from the Wollongong Local Area Command reveal that since October they have received more than 100 complaints from consumers that money has been stolen from their bank accounts."
Javelin Complimentary Webinar: 10 Trends for 2010 - www.javelinstrategy.com - 1/5/10 - "Facing limited budgets, increased regulation and higher fraud incidence, banks must prioritize scarce investment funds to seize key opportunities in the mobile channel, social media, P2P, reworked offerings for consumers and merchants, data breaches and PCI compliance, and even new solutions for ATMs, PIN and real-time systems. Capturing consumer trust is more important than ever as consumers say their trust in financial institutions has worsened over the past twelve months by a ratio of nine-to-one, according to a nationally-representative November, 2009 online survey of 3,294 individuals. "
PHOTOS: Man accused of using skimming device on North Naples bank ATM - www.naplesnews.com - 1/5/10 - "Collier County deputies believe the same man, who was suspected of placing a skimming device on an ATM at a North Naples bank, has struck again. This time a skimmer was placed at the SunTrust Bank located at 801 Laurel Oak Drive, North Naples, on Nov. 27 and again on Dec. 12. In the first incident, deputies say a skimmer was placed on an ATM at the SunTrust Bank, 2420 Vanderbilt Beach Road, on Nov. 14. Several customers subsequently reported the fraudulent use of their debit card numbers on the east coast of Florida."
Skimming Scams – Identity Theft Gets Sophisticated - www.13wham.com - 1/4/10 - "Identity thieves have been using more sophisticated devices, but now, a new state law targets thieves who use skimming devices, which are small and hard to spot. In an example caught on camera, one woman gets her already-skimmed card back, suspecting nothing. But a decoder, connected to a computer, has already sent her account information to thieves in another state. "Once they use it they'll discard it,” said security officer Jason Ingalls."
Data breaches affect million state residents - www.boston.com - 1/3/10 - "One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years, according to records provided to the Globe by state officials.Many thousands of the leaks were first reported between June and November - including confidential data on customers of Blue Cross Blue Shield of Massachusetts, Eastern Bank, JPMorgan Chase Bank, and other major institutions, documents released by state regulators revealed."
Target Admits It Was Breached - www.storefrontbacktalk.com - 1/2/10 - "Years after it was breached by a member of Albert Gonzalez’s cyberthief gang, some 17 months after it’s name was quietly kept out of an indictment where it was referenced and five months after StorefrontBacktalk published its involvement, Target has confirmed that it was the victim of a data breach. “Target was one of the companies affected by an intrusion that occurred two years ago. However, the exposure—both in time and number of accounts—was extremely limited,” said Target spokesperson Amy Reilly."
Five security themes to watch in 2010 - www.techtarget.com - 1/1/10 - "The first decade of this millennium closed out with a lot of economic uncertainties. Tightening IT budgets at many enterprises forced some security firms to struggle; others closed their doors. The year was also marred with the largest data breach in history and embarrassing attacks on social networks. Rather than releasing major security innovations, experts used 2009 to talk about cloud computing insecurities and the need to focus on security basics. In 2010, there could be less hyperbole and more action."
Skimming Ring Suspects Sought for I.D. Theft - www.mountainenterprise.com - 1/1/10 - "Several residents of the Mountain Communities reported identity theft incidents early in 2009 after purchasing gasoline in Lebec. Photographs of those who have been seen allegedly placing credit card “skimming” devices in self service gas station card readers from Los Angeles through Bakersfield were released by Bakersfield Police Department (BPD) Tuesday, Dec. 29. Investigators for BPD have identified two of the suspects using stolen credit card information through recently reported skimming device operation at local gas stations."
Skimming Ring Suspects Sought for I.D. Theft - www.risnews.com - 1/10 - "Senior retailer managers who have relegated PCI compliance responsibilities to lower levels of the organization may be missing a critical opportunity to protect and even grow the business."
TNS, Semtek and VeriFone Partnership Provides Managed End-to-End Encryption for Merchants and Acquirers - www.tnsi.com - Winter 2010 - "TNS has joined forces with Semtek and VeriFone to provide managed decryption and communication services as part of a comprehensive end-to-end card processing encryption solution for the payments industry."

December 2009

New ATM skimming alert - www.whereilive.com - 12/31/09 - "OFFICERS from the State Crime Operations Command, Fraud and Corporate Crimes Group are investigating the location of a skimming device on an Automatic Teller Machine (ATM) at Clayfield on December 27. Police were notified of the device found on Sandgate Road around 5pm when a customer noticed a round watch type battery and printer circuit board with wiring below the clear plastic card entry slot."
ATM checks urged as skimmer found in Clayfield - www.news.com.au - 12/31/09 - "CARD-skimming crimes have exploded in Queensland and are set to become even more rampant because of "redundant technology" used by banks. Police have issued the warning following the discovery of another card-skimming device at Clayfield in Brisbane's north on Sunday."
Security breach reported by Internet trading site collective2.com - www.investmentnews.com - 12/30/09 - "Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company's computer database had been breached by a hacker and that all users should log in to change their passwords immediately. That e-mail, from Collective2 LLC founder Matthew Klein, stated that the information accessed by the hacker included names, e-mail addresses, passwords and credit card information."
Informant tells of role in FBI probes - www.ocregister.com - 12/30/09 - "Since he was a teen, Craig Monteilh has pretended to be someone he wasn't – Russian, Muslim, a white supremacist. It was a skill he learned early, says Monteilh, a 47-year-old Irvine man who, according to court records, provided information to the FBI. He learned to gain people's trust – even while pretending to be someone else. It's a skill that FBI agents and police officers helped him hone, he says. It's a skill that he sharpened in his role as an informant in several investigations."
Raleigh Bank Thinks Thieves Skimming Customers at Fuel Pumps - www.mync.com - 12/30/09 - "Police are investigating widespread credit and debit card fraud after hundreds of customers reported fraudulent transactions. State Employees Credit Union said around 300 of its customers had been impacted, and it was unclear Tuesday if other banks had also been impacted."
Card-skimming device found in ATM - www.smh.com.au - 12/30/09 - "Queensland police have warned people to check all ATMs before using them after a card-skimming device was found on a machine fitted with an anti-skimming mechanism in Brisbane. Officers were notified of the device on Sandgate Road, Clayfield, on December 27, which consisted of a round, watch-type battery and printer circuit board with wiring below the clear plastic card entry slot."
Source of stolen credit information was a restaurant - www.adn.com - 12/30/09 - "The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday. Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago."
Source of stolen credit card information was a restaurant - www.adn.com - 12/29/09 - "The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday. Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago."
Albert Gonzalez Pleads Guilty in Heartland, 7-11 Breaches — Updated - www.wired.com - 12/29/09 - "Florida computer hacker Albert Gonzalez pleaded guilty to conspiracy charges Tuesday for intrusions into Heartland Payment Systems, Hannaford Brothers supermarket chain, 7-Eleven and two unidentified companies — marking his third and final guilty plea in what prosecutors have called the largest identity theft scheme in U.S. history. Appearing in federal court in Boston, Gonzalez, a former Secret Service informant, pleaded guilty to two counts of conspiracy to gain unauthorized access to computers, and to commit wire fraud."
Citi Expands Denial of Summer Breach - www.paymentssource.com - 12/29/09 - "Citigroup Inc. elaborated on its denial that its systems had been breached last summer, suggesting that, if a breach occurred, it would have happened at a third party. "As with virtually all financial institutions, there are instances of fraud or breaches of third-party systems that result in our taking actions to protect our customers and Citi … , [but] there has been no breach of Citi's systems," the New York company said in a press release last week."
Source of stolen credit information was a restaurant - www.turnto23.com - 12/29/09 - "Bakersfield Police Investigators have identified two of the men who they said are responsible for using stolen credit card information through the recently reported skimming device operation at local gas stations. During the month of December, detectives from the Bakersfield Police Department said they discovered credit card information was likely being compromised at local convenience store gas station pumps."
ATM skimmers charged - www.sunshinecoastdaily.com.au - 12/27/09 - "TWO Romanian men have been charged over a series of “skimming” offences on ATMs across south-east Queensland. The pair appeared in Caboolture Court yesterday after being arrested during Operation Hotel Sweeper. They were refused bail and will reappear in court on January 13."
RPD arrested four for “ATM skimming” in 2009 - www.raleighpublicrecord.com - 12/25/09 - "A form of bank fraud that can victimize hundreds within hours is growing in sophistication and increasingly targeting the Raleigh area. The Raleigh Police Department arrested four suspects in 2009 as a result of multiple investigations into cases of “skimming,” where thieves use electronic devices to steal financial information. Although the arrests stem from only three cases in 2008 and 2009, the crimes can impact a large number of people."
Credit card theft device embedded in local gas pumps, Bakersfield police say - www.bakersfield.com - 12/24/09 - "During the month of December 2009, Bakersfield Police Department detectives discovered credit card information was likely being compromised at local convenience store gas station pumps. The information obtained was later used, by the offenders, to conduct purchases at Target and Wal-Mart stores located in other California cities."
Local Alaska retailer hacked, credit card info stolen - www.adn.com - 12/24/09 - "At least 150 Anchorage residents, possibly hundreds more, had their debit and credit card information stolen when a local retailer's computer records were apparently targeted by hackers, according to Anchorage police. Police estimate the number of local victims could range as high as 1,000 or more in what looks to be an organized nationwide scheme to steal account information and use it to buy goods to be sold for cash."
Cybersecurity czar's first task: reboot policy - www.minnpost.com - 12/23/09 - "Newly named cybersecurity "czar” Howard Schmidt, a former executive at eBay and Microsoft, faces the task of reengineering US policy to combat a growing, yet often neglected, threat to the country’s economy and digital infrastructure."
Rocklin Police Investigate ATM Scam - www.kcra.com - 12/23/09 - "Rocklin police are investigating an identity theft scheme that left at least two dozen people out thousands of dollars. Police said thieves installed credit card skimming devices on two pumps at the AMPM on Sunset Boulevard in Rocklin. The devices allowed the thieves to copy and use handfuls of people's credit cards. "It was a computer ribbon type device with a transmitter that was no bigger than a cigarette box," said Lt. Lon Milka."
Six Months Later, MasterCard Softens a Controversial PCI Rule - www.digitaltransactions.net - 12/23/09 - "MasterCard Inc. is changing a controversial policy, and pushing back a deadline, that it announced only six months ago regarding enforcement of the Payment Card Industry data-security standard. With the changes, which involve assessing computer systems for PCI compliance, MasterCard could be viewed as responding to valid complaints after first disclosing the planned changes, or it could be viewed has having done a flip-flop. Or both at the same time."
NYPD Daily Blotter - www.nypost.com - 12/23/09 - "Cops are looking for two high-tech thieves who hacked into at least four people's bank accounts after installing a "skimmer" at an East Village ATM. The bandits on Dec. 9 placed the device -- which grabs electronic info off bank cards -- over the card-reader slot at a Bank of America cash machine on Lafayette Street, police said. The thieves used the info to clone bank cards and withdraw customers' cash."
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift - www.infolawgroup.com - 12/23/09 - "While the proverbial jury is still out concerning retailers’ sales success this 2009 holiday season, Massachusetts’s highest court (the Supreme Judicial Court or “Supreme Court” as referenced herein) delivered retailers a significant holiday gift in the form of an opinion slamming the door on some financial institutions seeking to recover reissuance costs arising out a retailer’s payment card data breach."
Skimmer at Commonwealth Bank ATM in Perth mall sparks fraud fears - www.perthnow.com.au - 12/23/09 - "A SOPHISTICATED skimming device has been attached to a Commonwealth Bank ATM in the Perth CBD. It was incorporated into a facia fitted to the machine in the Murray Street mall. The skimmer was found yesterday afternoon - as the city swelled with Christmas shoppers - after a report from a member of the public."
Cash machine 'skimmer' alert - www.sunderlandecho.com - 12/23/09 - "An eagle-eyed shopper spotted the device, which copies customers' bank card details, and alerted security guards at the store. A spy-camera, which snaps people as they enter their secret pin code, was also found as police investigated the cash machine. Police say scammers attached the bank card skimmer and camera shortly after 9am on Friday, December 11. But it was quickly spotted and reported to police the same morning."
McDonald's card skim 'netted $5 million' - www.sbs.com.au - 12/23/09 - "Two men are being sent from Sydney to Perth to face charges in connection to stealing up to $5 million from about 4,000 customers at fast food outlets in what police say is Australia's biggest-ever single card skimming operation."
FBI Probes Hack at Citibank - www.wsj.com - 12/22/09 - "The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials. The attack took aim at Citigroup's Citibank subsidiary, which includes its North American retail bank and other businesses. It couldn't be learned whether the thieves gained access to Citibank's systems directly or through third parties."
Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack - www.wired.com - 12/22/09 - "The two great friends talked every day and shared information about all of their exploits — sexual, narcotic and hacking — according to prosecutors. Now another thing they’ll have to share information about is their experience in federal prison."
Settlements Still Leave Many Post-Breach Legal Woes for Heartland - www.digitaltransactions.net - 12/22/09 - "With two settlements announced in less than a week, merchant acquirer Heartland Payment Systems Inc. is putting some of the legal repercussions of its huge data breach behind it as 2009 draws to a close. But most of the legal troubles Heartland faces in the wake of the breach it announced last January still await resolution."
Fuel Dispenser Skimming in Alaska - www.bankinfosecurity.com - 12/22/09 - "Howard Schmidt, the information security expert who President Obama tapped Tuesday as his cybersecurity coordinator and who served as a senior cybersecurity adviser in the Bush administration, is characterized as a no-nonsense leader who will take no guff from senior White House advisers in advancing the administration's cybersecurity initiatives."
7-Eleven Hack From Russia Led to ATM Looting in New York - www.wired.com - 12/21/09 - "Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days. After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards."
UPDATE 1-Heartland to settle class actions over cyber breach - www.reuters.com - 12/21/09 - "Credit card processor Heartland Payment Systems Inc (HPY.N) said it would settle consumer cardholder class actions tied to claims arising from breach of its system by cyber thieves, and pay up to $2.4 million to class members submitting valid claims."
Major PCI Change: A Call To VAR Action - www.vertmarkets.com - 12/21/09 - "About one month prior to this issue, a group of restaurants filed a lawsuit against a POS software manufacturer for what the restaurants are saying is a lack of compliance with the Payment Card Industry Data Security Standard (PCI DSS). They say the lack of compliance allowed Romanian hackers to breach their POS systems. It remains to be seen whether the suit has merit, but it really doesn’t matter."
UK retail Wi-Fi security still patchy - www.theregister.co.uk - 12/21/09 - "Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist. The cybercrooks, who lifted more than 21 million credit card records, leapfrogged onto the retailer's credit card database after first breaking into the wireless network of a regional store, a subsequent investigation ahead of upcoming US trials revealed."
Fuel Dispenser Skimming in Alaska - www.alaskadispatch.com - 12/18/09 - "In news that hit a little closer to home, one Dispatch staffer had her debit card number stolen this week. Her theory? It was lifted by some kind of skimming device at the Carrs Huffman gas station. When she called to report the crime, police told her it's happened to over 100 people in the last week. Called for comment, an APD spokeswoman would only say many Huffman area residents have had their cards compromised, and it's under investigation."
Attack Of the RAM Scrapers - www.darkreading.com - 12/18/09 - "The inclusion of RAM scrapers in a recent Verizon Business list of the top data breach attack vectors prompted a bit of buzz about what exactly RAM scraping is and how much of a threat it poses. A RAM scraper as identified in the Verizon Business Data Breach Investigation report is a piece of customized malware created to grab credit card, PIN, and other confidential information out of a system's volatile memory."
Radiant Systems Calls for Industry to Unite Against Data Thieves - www.yahoo.com - 12/18/09 - "Radiant Systems, Inc. (Nasdaq: RADS - News) today issued a new challenge to the industry to come together to dramatically improve data security in the transaction-processing industry. “Our vision is to encourage all involved in transaction processing to move from a mindset of independent compliance to one of collaborative security that will greatly reduce the risk of data theft,” said John Heyman, chief executive officer at Radiant Systems."
Credit card skimmer found on Vancouver gas pump - www.tri-cityherald.com - 12/18/09 - "Police have recovered an illegal credit card skimming device from a convenience store gas pump in Vancouver. They are warning customers to be aware their credit or debit card information may have been stolen by identity thieves. The device was found Monday by an employee servicing the pump."
Smart Card Alliance Webinar: Top 10 Reasons U.S. Should Consider EMV - www.smartcardalliance.org - 12/18/09 - "EMV/chip technology will be the topic of a January 2010 webinar from the Smart Card Alliance, featuring speakers from Aite Group, Bank of Nova Scotia, KeyPoint Consulting and Visa on the reasons behind the global migration to this technology, and the possibilities for U.S. adoption."
People report credit card information stolen after using Paso Robles gas station - www.sanluisobispo.com - 12/18/09 - "The Paso Robles Police Department has taken 16 reports from people saying their credit or debit card information was stolen after they pumped gas. Police believe a "skimmer" - an illegal credit card reading device - was installed at the ARCO station on Ramada Drive for about two weeks from late November to early December, Officer Ty Lewis said. However, it was removed before police became aware of it, he added. Since the crimes usually aren't reported until a victim receives their bank statement, Lewis said, the criminals have time to remove the devices before they are discovered."
Heartland Pays Amex $3.6 Million Over 2008 Data Breach - www.pcworld.com - 12/17/09 - "Heartland Payment Systems will pay American Express US$3.6 million to settle charges relating to the 2008 hacking of its payment system network. This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year."
Study: Best-in-class merchants spend less for payment processing compliance but are more secure - www.pivotalpayments.com - 12/17/09 - "PCI compliance can be an intimidating thing for businesses with merchant accounts, especially smaller businesses that feel they cannot spend the money required to adequately protect their payment processing infrastructure."
Credit unions adding fee to debit card use because of skimming costs - www2.tbo.com - 12/17/09 - "If you belong to a credit union, some unexpected fees may be coming your way. At least three Bay Area credit unions are charging members for using their PIN number at stores and gas stations. This week, Bay Gulf Credit Union began assessing members 50 cents each time they punch in their PIN for a purchase. In November, GTE Federal Credit Union started charging 25 cents per transaction. The Railroad and Industrial Federal Credit Union also charges $1 every time you use your PIN. The fees are taking some members by surprise."
MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline - www.storefrontbacktalk.com - 12/16/09 - "MasterCard has quietly backed off from a much-complained-about plan to require Level 2 merchants to—for the first time—have an onsite QSA assessment completed by the end of 2010. Having a New Year’s Eve deadline—on the heels of the all-encompassing holiday season—was a recipe for tons of missed deadlines. The first MasterCard change made this month was pushing the Dec. 31, 2010, deadline back six months, to June 30, 2011. But MasterCard has also made two other key PCI changes."
Police find skimmers, but damage already done - www.kingmandailyminer.com - 12/16/09 - "Those who paid at the pump while filling their tank at two gas stations along Beale Street in the last four months are being advised to check their credit card statements. Citigroup and Discover credit services have identified dozens of accounts that were compromised through the use of a skimming device at the pump at the Exxon station at 999 W. Beale Street and the Chevron station across the street. Police believe the skimming devices were installed in July, but the crooks didn't actually begin accessing the accounts until September."
Fraudsters target festive shoppers - www.finda.com.au - 12/16/09 - "AFTER a recent increase in card skimmers located on automatic teller machines (ATM), police are encouraging the public to remain vigilant this festive season. Detectives from the State Crime Operations Command Fraud and Corporate Crime Group are working with regional police regarding a group of offenders who are targeting well-frequented ATMs across the south-east. Skimmers have been located fitted to ATMs in Tugan, Capalaba, Brisbane and on the Sunshine Coast during the past month."
When It Comes To PCI Compliance, Franchisors Are Screwed - www.storefrontbacktalk.com - 12/16/09 - "When it comes to franchise-based retailers, PCI Compliance is broken, plain and simple. It simply does not address the complexities of the franchisee/franchisor business model and, in the end, leaves the franchisor holding the bag. Because each franchisee is a separate merchant, most large franchise organizations are only required to meet PCI Level 4 requirements. Chains are forced to make tough decisions about how much risk they are willing to accept and what they are willing (or not willing) to do to protect their brand integrity."
ID thieves allegedly used fake credit cards at casinos - www.buffalonews.com - 12/15/09 - "Seven members of an alleged identity theft gang were arraigned Monday afternoon in federal court. Federal prosecutors accuse them of obtaining information from victims’ credit and bank cards, and using that information to make fake credit cards. They then used the bogus credit cards to withdraw $198,700 from Seneca Nation casinos in Niagara Falls and Salamanca, Assistant U. S. Attorney Aaron J. Mango said. Secret Service agents and state police are continuing to investigate."
Three Montreal men charged in Lower Mainland card skimming operation - www.news1130.com - 12/15/09 - "Three Montreal men have been arrested and charged after RCMP broke up a credit card and debit card skimming operation across the Lower Mainland. Searches of a rental car and two hotel rooms uncovered pin pads, counterfeit credit cards, modified gift cards, two “Personal Digital Assistant” (PDA) devices, two laptops, electronic tools, printed circuit boards, credit card readers, supplies for modifying pin pads and cash. RCMP say the three men were the "techie guys" in the operation, and their high-tech equipment is capable of storing the information of up to 5,000 cards."
BJ's, Bank Not Liable for Credit Card Fraud - www.courthousenews.com - 12/15/09 - "Credit unions and their insurer can't collect damages after thieves racked up millions of dollars in fraudulent purchases using credit-card information stolen from BJ's Wholesale Club, the Massachusetts Supreme Court ruled. Thieves gained access to the credit-card accounts of 9.2 million BJ's customers and used the information to make unauthorized purchases. Cumis Insurance Society and the credit unions who issued the cards sued BJ's Wholesale Club for breach of a third-party contract, based on BJ's agreement with Fifth Third Bank not to store customers' magnetic-stripe data."
Document Reveals TJX Hacker’s Assistance to Prosecutors - www.wired.com - 12/15/09 - "Admitted TJX hacker Albert Gonzalez has identified two Russian accomplices who helped him hack into numerous companies and steal more than 130 million credit and debit card numbers. Gonzalez told prosecutors that the hackers breached at least four card processing companies, as well as a series of foreign banks, a brokerage house and several retail store chains, according to a sentencing memo filed by his lawyer on Tuesday that was incorrectly redacted."
Gartner in two-factor authentication warning - www.securecomputing.net.au - 12/15/09 - "Organisations must employ a multi-layered approach to fraud prevention if they are to thwart increasingly persistent hacking attacks that can now circumvent two-factor authentication devices, according to analyst firm Gartner. In a new report released today, Where Strong Authentication Fails, Gartner recommends that organisations firstly monitor user access behaviour, by analysing all of a user's web traffic and spotting any automated programs."
PIN entry devices: Plan now for July 2010 - www.greensheet.com - 12/14/09 - "If you are an acquirer, ISO or merchant level salesperson, you are not alone if you do not fully understand the PIN entry device (PED) security initiative, now managed under the PCI Security Standards Council's (PCI SSC) PIN Transaction Security program. Typically, it's not that merchants and those serving them don't want to comply; it's that they don't know where to start. PED requirements are made all the more intimidating by the multitude of terms and acronyms used. "
10 Faces of Fraud for 2010 - www.bankinfosecurity.com - 12/14/09 - "'The more things change, the more things stay the same.' This old saying holds true when it comes to the different types of fraud hitting financial institutions. In 2009, institutions were hit from every angle with fraud schemes -- some were old, and some were new variations. Here is a roundup of the 10 predominant types of fraud that institutions and their customers can expect to see in 2010, according to industry experts."
Businesses still plagued by data breaches - www.masshightech.com - 12/11/09 - "As businesses face a March deadline under an oft-delayed state law to protect customer and employee personal information, data breaches affecting Massachusetts residents remain strikingly frequent. More than 1 million Massachusetts residents were hit by 807 data breach instances from Nov. 1, 2007, to Oct. 31 of this year, according to a report by the Massachusetts Office of Consumer Affairs and Business Regulation, which monitors and enforces state data breach regulations. In the six weeks since, 59 additional breaches have been reported to the state."
Fraudsters hack credit card holders - www.14wfie.com - 12/11/09 - "The Evansville Police Department say they have been taking complaints about credit card numbers being stolen and used in different states. Police say victims have been coming all week long. The one common factor in all these cases is that the victims belong to Integra Bank. Victims say they were notified by Integra; however, one woman says she doesn't believe that's where the breach occurred."
Amazon.com Had Malicious Botnet Hiding in (EC2) Cloud - www.saasdir.com - 12/11/09 - "The security breach that all anti cloud campaigners had been waiting for has finally happened. A unnamed website which is hosted on Amazon’s (AMZN) Elastic Compute Cloud Servers (EC2) suffered an attack from one of the most notorious botnet’s, Zeus. The Zeus Trojan is America’s most malicious botnet as it has the ability to steal data by key logging exactly what the user is typing. This means that details such as login credentials, account numbers and credit card information can be obtained and then used by the hackers."
National data breach notification bill passed in U.S. House - www.scmagazineus.com - 12/10/09 - "A national data breach notification bill was passed in the U.S. House of Representatives on Tuesday. The Data Accountability and Trust Act would require any organization that experiences a breach of electronic data containing personal information to notify all U.S. individuals whose information is breached. The law requires that the Federal Trade Commission to also be notified. In addition, organizations would be required to designate an information security officer and establish a data security policy."
Scammers scrape RAM for bank card data - www.securityfocus.com - 12/10/09 - "Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say. "Typically, these are specialized malware used in more targeted attack. Often times, they are customized to to work with specific vendors' point-of-sale systems, so they understand how the data is formatted and stored"."
Report finds most data breaches are 'utterly preventable' - www.securecomputing.net.au - 12/10/09 - "Most security breaches are caused by malware, an SQL injection attack or the exposure of remote access credentials such as a VPN password, according to a report by Verizon Business. Verizon's 2009 Supplemental Data Breach Investigations Report, released today, said that malware such as keyloggers and spyware were responsible for the majority of data breaches. Mark Goudie, managing principal at Verizon Business, told iTnews that the biggest surprise was that SQL injection attacks - which he described as "utterly preventable" - were still responsible for causing so much damage."
Heartland Lawsuit Dismissed, “Insufficient Evidence” Of Weak Security - www.storefrontbacktalk.com - 12/10/09 - "A federal judge dismissed a data breach-related lawsuit against Heartland Payment Systems on Monday (Dec. 7), saying that the plaintiffs hadn’t proved any of their allegations that Heartland knew it had inadequate security and lied about it to shareholders. The judge’s detailed ruling sheds light on the environment data breach retail victims are likely to face in court and could provide some guidance on how they should act when discussing those breaches."
Latest Statistics on Payments Fraud in Australia - www.paymentsnews.com - 12/09/09 - "The Australian Payments Clearing Association (APCA), the payments industry self- regulatory body, has released the latest fraud statistics for cheques, debit cards and credit and charge cards for the 12 months ending 30 June 2009. During the period Australia’s total rate of fraud (cheque and payment cards) has risen by 2 cents for every $1,000 of payments from 7 cents to 9 cents in every $1,000. While the total card fraud rate (debit card, credit card and charge card) increased by 1 cent in every $1,000 to 33 cents (up from 32 cents), it remains low by global standards."
Protecting Encryption Keys Takes Spotlight in Enterprise Data Security - www.your-story.org - 12/09/09 - "Mastering encryption key management is one of the next big obstacles in data protection for chief information security officers to overcome, according to Gary Palgon, nuBridges’ vice president of Product Management and an industry expert on data security. After a spate of embarrassing and costly data breaches, and a plethora of industry data security mandates, breach notification laws and government privacy laws, organizations have responded and are doing a much better job of protecting payment card data and personally identifiable information from cyber criminals and accidental loss using encryption."
Credit Card Skimmer Found On Gas Pump - www.clipsyndicate.com - 12/09/09 - "A device used by thieves to intercept credit card information was found Monday on a gas station pump."
Verizon: Data Breaches Getting More Sophisticated - www.wired.com - 12/09/09 - "Methods of stealing data are becoming increasingly sophisticated, but attackers are still gaining initial access to networks through known, preventable vulnerabilities, according to a report released by Verizon Business on Wednesday. “The attackers still usually get in the network through some relatively mundane attacks,” said Wade Baker, research and intelligence principal for Verizon Business’s RISK Team, in an interview."
Verizon Business Issues 2009 Supplemental Data Breach Report Profiling 15 Most Common Attacks - www.verizonbusiness.com - 12/09/09 - "The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold. In the “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” Verizon Business security experts tap the company’s detailed investigative records to identify, rank and profile the most common attacks."
The Point-Of-Sale Problem - www.storefrontbacktalk.com - 12/09/09 - "Albert Gonzalez—who has already pleaded guilty to masterminding a cyberthief ring that stole data from TJX, BJ’s Wholesale Club, Boston Market and Sports Authority, among other major chains—signed papers this month agreeing to plead guilty to the remaining federal charges against him. But one of the retail chain victims, which federal officials have yet to officially identify, asked the court to protect its “dignity” by preventing the government from releasing the chain’s name."
The Point-Of-Sale Problem - www.kptv.com - 12/08/09 - "A device used by thieves to intercept credit card information was found Monday on a gas station pump in Vancouver, police said. Vancouver police said the skimming device had been plugged into the wiring behind the panel of a gas pump at the 7-Eleven at 5600 E. Fourth Plain Blvd. It didn't impact customers' ability to purchase gas and it was well hidden from view, according to officers. An employee servicing the gas pump Monday afternoon discovered the device."
The Point-Of-Sale Problem - www.informationweek.com - 12/07/09 - "Point-of-sale systems, where customer credit or debit cards are swiped for payment, are one of the most frequently used computing systems in the developed world. They're also targeted by criminals. For instance, in 2005 attackers compromised POS systems at a Marshalls retail store and stole cardholder data. That same year, attackers stole the source code for Wal-Mart's custom-built POS systems."
Data Breaches in 2009 – a year in review - www.assassin711.com - 12/05/09 - "Welcome to my blog site! This blog is dedicated to technology, IT security, life, and humor. Please feel free to share your comments on this blog or contact me for any reason. Sincerely, Aamir Lakhani"
Webinar: Secure Commerce Payment Data - Dec 8, 2009 - www.cybersource.com - 12/04/09 - "Manage payment security without adding more proverbial locks and bolts to your infrastructure. Secure your payment process – including PCI compliance – with less cost, complexity and time. Discover how your peers are adopting a safer, more secure approach by eliminating all contact with payment data - a strategy we call Enterprise Payment Security 2.0."
The Merchants Strike Back? - www.abc.net.au - 12/04/09 - "The Commonwealth Bank says it plans to further boost its retail security systems, including anti-skimming devices on ATMs in the Illawarra. The upgrade comes after hundreds of people lost tens of thousands of dollars in northern Wollongong when their credit card details were skimmed at a service station at Austinmer. Police say the illegal activity has stopped but an investigation into the illegal transactions is still ongoing. The bank's head of financial crime management, Richard Moore, says the anti-skimming devices are part of a program to significantly help in preventing fraudulent activity."
Police warn about holiday scams - www.wtoctv.com - 12/04/09 - "Police are warning people about the increase of scams during the holiday season. Police recently found a couple of skimmer devices placed on bank ATM machines. The device steals your debit card information and pin. There has also been more reports of internet fraud such as false sweepstakes that ask you to cash a counterfeit check, and phising web sites which pose as a bank and ask for your personal information."
Long Island, NY - Police Warn of ATM Skimmers - www.vosizneias.com - 12/03/09 - "Nassau County Police are on the lookout for two bad guys trying to put skimmers on ATM's. "A skimmer is a device used to obtain information from your ATM card," said Nassau County Police Detective Mike Bitsko. When you are using an ATM, if something does not look right, move on to a different machine. When entering your PIN, make sure that you cover the keyboard or the ATM machine. Also, when entering the bank, make sure that no one follows you in without using their ATM card," said Bitsko."
The Merchants Strike Back? - www.infolawgroup.com - 12/03/09 - "With the recent news of several restaurants teaming up to sue point-of-sale system provider Radiant Systems (a copy of the complaint can be found here) for failing to comply with the PCI Standard, it appears that some merchants may be in a mood to strike back in the aftermath of a payment card security breach. This lawsuit comes in the wake of a couple lawsuits against payment card security assessor Savvis for allegedly failing to properly validate a processors' Visa CISP compliance (admittedly in this case it is the merchant bank suing the assessor, but a similar cause of action could exist for a merchant if its assessor makes a mistake in verifying PCI compliance)."
Merchant e-Solutions Offers Free Tokenization Services - www.paymentsnews.com - 12/03/09 - "Merchant e-Solutions has announced that it is providing merchants with a tokenization solution at no extra cost to protect sensitive credit card data and reduce the burden of PCI compliance. In focusing on the requirements of multi-channel merchants in retail, mail order/telephone order (MOTO) and ecommerce (card-not-present) businesses, merchants using this secure technology through the MeS proprietary platform, payment gateway or virtual terminal, will find it easier to comply with PCI requirements."
Howard Schmidt: mobile devices next attack vector - www.securecomputing.net.au - 12/03/09 - "As servers and desktops become too tough to crack, malicious hackers will turn their attentions to smart phones such as the iPhone, former Microsoft security officer Howard Schmidt told a gathering of security professionals in Sydney today. Speaking to the Australian Information Security Association annual seminar day, Schmidt (pictured) said the recent exploit from 21-year-old Wollongong hacker Ashley Towns was the "tip of the iceberg"."
Abbotsford Police issue photos of 'clueless' suspects - www.bclocalnews.com - 12/03/09 - "Police are circulating photos of three "clueless" fraud suspects after they hit business establishments in both Abbotsford and Coquitlam last week. Abbotsford fraud investigators want the public to identify three people who attempted to skim debit and credit card information with a stolen PIN pad, said Const. Ian MacDonald. RCMP investigated after the suspects allegedly stole a PIN pad device from a Coquitlam furniture store on Nov. 26."
Bank didn't notice ATM skimmer for a week - www.smh.com.au - 12/03/09 - "The Commonwealth Bank has admitted an ATM skimming device was fitted to a South-East Queensland cash machine for nearly a week before anyone noticed. The skimmer, which is used by criminals to capture bank card details later used to steal money and in identity fraud, was discovered at a Commonwealth Bank machine at Stockland Caloundra, on the Sunshine Coast, on November 25."
Ajax fraudsters guilty of criminal organization charge - www.newsdurhamregion.com - 12/03/09 - "Two Ajax men have been found guilty of participating in a criminal organization for their roles in a debit card-skimming operation that targeted at least one Durham bank. Ian Laffan, 34, and Corrie Wheartly, 37, pleaded guilty to numerous charges including conspiracy to commit an indictable offence and fraud in mid-November. They also pleaded guilty to participating in a criminal organization, a relatively new section of the Criminal Code that addresses organized crime."
Visa, MasterCard, AMEX Grilled Over Web Scams - www.forbes.com - 12/03/09 - "Sen. John D. Rockefeller, D. W.Va., wants to turn the spotlight on an often overlooked participant in some of the Web's shadiest schemes: credit card companies. In an open letter sent Thursday to Visa ( V - news - people ), MasterCard ( MA - news - people ) and American Express ( AXP - news - people ), Rockefeller demanded that the companies provide information on the safeguards they have in place to prevent and respond to the hidden fees charged by a small group of grey market companies that make misleading offers to consumers on hundreds of seemingly reputable e-commerce sites."
Police hunt pair who tried to put card-skimmer in ATM - www.newsday.com - 12/02/09 - "Police are searching for a man and woman who broke a light on a bank ATM in an attempt to insert a card-skimming device. Nassau County police said the incident took place at the Wachovia Bank on Plandome Road in Manhasset Sept. 10 between 7:54 p.m. and 11:44 p.m. The pair's images were captured by the automated teller machine camera. Police said the incident left the ATM inoperable."
Police hunt pair who tried to put card-skimmer in ATM - www.am-ny.com - 12/02/09 - "Police are searching for a man and woman who broke a light on a bank ATM in an attempt to insert a card-skimming device. Nassau County police said the incident took place at the Wachovia Bank on Plandome Road in Manhasset Sept. 10 between 7:54 p.m. and 11:44 p.m. The pair's images were captured by the automated teller machine camera. Police said the incident left the ATM inoperable."
Recognizing the payment industry achievements of 2009 and looking ahead - www.scmagazineus.com - 12/02/09 - "When I took over as chair of the PCI Security Standards Council in January, I knew it was going to be a busy year. I've witnessed the payment community come together in unprecedented ways by putting aside individual opinions and staying focused on how we can continue to evolve and develop the PCI Data Security Standard (PCI DSS) to best protect cardholder data on a global level."
Debit card skimming heats up - www.bclocalnews.com - 12/02/09 - "Police are grappling with a major spike in debit card skimming activity in the Lower Mainland. Fraudsters have stepped up their efforts to illegally harvest card data and passwords, forge fake cards and then suck money out of victims' bank accounts, according to Sgt. Tony Farahbakhchian, the RCMP's Pacific region counterfeit coordinator. "The increase is significant," he said, but added he doesn't have precise numbers of banking customers affected."
Eldersburg Bank of America patrons fall prey to ATM skimming scheme - www.eldersburg.net - 12/01/09 - "Thieves recently stole thousands of dollars from users of Eldersburg’s Bank of America ATM located at 6400 Ridge Road, state police said. Trooper Corey Green of the Maryland State Police said there were several methods that a thief could use to steal bank card information, including using cell phone cameras to capture critical information. The method in this case was a card skimmer, which is equipment installed on an ATM machine and disguised so as to not look out of the ordinary."
Police looking for nasty combo - www.bclocalnews.com - 12/01/09 - "It’s 9:45 p.m. on a Saturday night when two young men walk into a Wendy’s restaurant, looking for something to eat. Just minutes before closing, the pair heads up to the till and places an order. They pay with cash and, after a few moments, an employee places some food on a tray and briefly walks away. It takes the two men mere seconds to pull off one of the costliest scams plaguing the retail world these days."
Hancock Fabrics: 4th State Linked to Possible Breach - www.bankinfosecurity.com - 12/01/09 - "A fourth state has been linked to the recent fraud associated with national retailer Hancock Fabrics. An Oklahoma-based bank reported it had to replace 1,000 cards last week because of fraud linked to Hancock stores, according to Elaine Dodd, vice president of the Oklahoma Bankers Association Fraud Division. The United States Secret Service is investigating the incidents, Dodd says. In November, bank customers in California, Wisconsin and Missouri reported fraudulent ATM withdrawals that police say are tied to credit and debit card transactions conducted with Hancock Fabrics stores."
Decoding the Encryption Enigma - Transaction Trends Magazine - 12/09 - "As the industry tries to stay ahead of clever thieves with tactical fixes and a safer infrastructure, some companies are turning to end-to-end encryption to safeguard data."

November 2009

Restaurants file lawsuit against payment terminal vendor after identity theft - www.securecomputing.net.au - 11/30/09 - "Lack of PCI DSS compliance proves troublesome. A group of US restaurants have filed a class action lawsuit against a point of sale vendor after customers had their identities stolen by using uncompliant terminals. According to a report on Finextra, seven restaurants in Louisiana and Mississippi are seeking millions of dollars in damages from vendor Radiant and its distributor Computer World after hundreds of their customers had their identities stolen as a result of payments terminals that were not PCI DSS compliant."
Restaurants Sue Vendor for Unsecured Card Processor - www.wired.com - 11/30/09 - "Seven restaurants have sued the maker of a bank card-processing system for failing to secure the product from a Romanian hacker who breached their systems. The restaurants, located in Louisiana and Mississippi, filed a class-action suit against Georgia-based Radiant Systems for producing a point-of-sale (POS) system that they say was not compliant with payment card industry security standards and resulted in an undetermined number of customers having their debit and credit card numbers stolen."
PCI Human Train Wreck Coming Next Year For Level 2s - www.storefrontbacktalk.com - 11/30/09 - "Many Level 2 merchants are just now realizing that their PCI world has changed. Under rules announced this summer, Level 2 MasterCard merchants—like their Level 1 brethren—will require an onsite assessment by a QSA starting in 2010. What’s the difference between self-assessing and an onsite review? Actually, there are 525 differences. But what I worry about most is a fourth quarter 2010 PCI train wreck as the new rules collide with human frailty and the calendar."
Are Your Employees Writing Down Credit Card Numbers? - www.qsrmagazine.com - 11/30/09 - "An independent audit of 100 of the top restaurant chains in the U.S. revealed that 80 percent of those chains have at least one unit putting customers' identities at risk of theft. GoMobo.com, an online and mobile transactions firm, recently released its PCI Risk Rating Study, which found that a number of restaurants are in violation of PCI regulations. The violations involve employees who write down credit card numbers given to them from customers ordering over the phone."
ATM cards compromised in South Carroll - www.carrollcountytimes.com - 11/26/09 - "Maryland State Police are encouraging those who used a South Carroll automated teller machine to inspect their bank accounts after they discovered a skimming device at the Bank of America branch at 6400 Ridge Road in Sykesville, according to a press release."
Carpark scam keeps banks busy - www.nzherald.co.nz - 11/26/09 - "More than 100,000 credit cards may be replaced as a result of thieves hacking into payment machines at the Downtown carpark in central Auckland. Auckland IT consultant Steven Ellis yesterday said service desk staff at ASB Bank told him that his new credit card was one of more than 100,000 Mastercard and Visa cards banks were replacing because of the scam."
Banks Working Closely Together To Combat Credit Card Fraud - www.voxy.co.nz - 11/25/09 - "The New Zealand Bankers' Association says credit and debit card holders should be reassured by the work done by banks and card schemes to protect them from fraud on their card accounts. Banks are currently re-issuing credit and scheme debit cards used at the Downtown Carpark in Auckland, after it was identified as a common point of use for attempts at fraud on some card accounts. The merchant has also removed the automated credit card facilities at the carpark as a precaution and pending the outcome of an investigation."
The End of the World - www.americanbanker.com - 11/25/09 - "Heartland Payment System's CEO Bob Carr has become the payment industry's most vocal security evangelist, on the speakers' circuit predicting that 2010 will be the year that the payments chain becomes significantly more secure. "I believe the world is going to be changed in the next year with deployed technology," Carr says. "We're going to see the security of the payments industry become markedly better in the next few years.""
Credit Card Information Stolen From Downtown Restaurant - www2.nbc4i.com - 11/25/09 - "Columbus police are alerting patrons of a downtown restaurant that their credit card numbers may have been compromised. According to police, the computer system at Tip Top Kitchen on Gay Street was hacked and many credit card numbers were used fraudulently. The managing partner, Tim Lessner, said he was notified about a month ago that the credit and debit card system was hacked into and account numbers were stolen from people who had used their credit cards at the restaurant between July and August."
Banks Working Closely Together To Combat Credit Card Fraud - www.voxy.co.nz - 11/25/09 - "The New Zealand Bankers' Association says credit and debit card holders should be reassured by the work done by banks and card schemes to protect them from fraud on their card accounts. Banks are currently re-issuing credit and scheme debit cards used at the Downtown Carpark in Auckland, after it was identified as a common point of use for attempts at fraud on some card accounts. The merchant has also removed the automated credit card facilities at the carpark as a precaution and pending the outcome of an investigation."
Cyber breaches are a closely kept secret - www.reuters.com - 11/24/09 - "Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI's top Internet crimes investigator on Tuesday. For every break-in like the highly publicized attacks against TJX Co (TJX.N) and Heartland Payment (HPY.N), where hacker rings stole millions of credit card numbers, there are many more that never make the news."
Card skimming scam takes on new twist - www.wthr.com - 11/24/09 - "A new twist on an old scheme is making the rounds. Criminals are using credit card skimming machines to steal your credit card information. The skimmers are typically attached to the slot where you put your debit or credit card. The machine reads and stores the information, giving the criminal full access to your money. The devices blend in, making it hard to tell there is anything different about the card reader."
Card skimming laws strengthened - www.smh.com.au - 11/24/09 - "New laws targeting criminals who skim credit and debit cards will be introduced in Queensland to target the growing problem of identity theft. Attorney-General Cameron Dick said it was already an offence to obtain card details by skimming an ATM or EFTPOS machine with a device but new measures would strengthen those laws. Under the amendments, possessing card-skimming devices - such as laptops, mobile phones, cameras or Bluetooth and other technology - for the purpose of obtaining or dealing with identification information would attract a maximum three-year jail term."
Access control strategies for PCI and other security operations - www.networkworld.com - 11/23/09 - "It's late November, and the holiday shopping season is well underway. That means it's also the season for increased hacking and data thefts. So many shoppers making electronic payments with their credit and debit cards is too tempting of a situation for digital thieves to ignore. Attacks have become systematized, and are so aggressive that every organization that handles cardholder information must take extraordinary care to protect that data from theft."
Restaurant patron catches credit card skimmer in the act - www.creditcardoffers.com - 11/23/09 - "A sharp-eyed customer in an unidentified Rockingham restaurant noticed something odd in the waiter’s hand after handing over his credit card. When police arrived, they seized a miniature skimming device, purchased over the Internet for $500. Due to the customer’s quickness, the waiter had been unsuccessful in actually skimming the credit card."
Scammer uses skimmer to steal credit card info - www.wishtv.com - 11/23/09 - "Police are searching for at least one suspect who they said bought thousands of dollars worth of electronics with stolen credit card information. Lisa Flowers, of Carmel, had her information stolen. Flowers thought she was swiping her card to get gas, just like any other time. Little did she know, someone was stealing her information. "I had heard of it before, but I never thought it would happen to me," said Flowers. "Very violated, a little frightened. I thought if it could happen to me, it could happen to anyone," said Flowers."
Hancock Fabrics Linked to Fraud in 3 States - www.bankinfosecurity.com - 11/23/09 - "Bank customers in California, Wisconsin and Missouri are reporting fraudulent ATM withdrawals that police say are tied to transactions conducted with the Hancock Fabrics retail chain. In California, Napa Police Department spokesman Brian McGovern says 60 residents reported their cards being used by thieves. In one case, a Napa resident reported $840 in cash withdrawals. The Hancock Fabrics store on Imola Avenue in Napa was the "common thread" among the numerous people who reported credit and debit card fraud. McGovern says the store had recently replaced its point-of-sale machines."
Police: Skimmers Take Unsuspecting Customers' Cash - www.theindychannel.com - 11/23/09 - "Several suspected ATM skimming incidents have been reported in recent weeks in communities north of Indianapolis, prompting police to release a surveillance picture of one man believed to be involved. Carmel police Detective Brad Hedrick said the man pictured recently used a victim's credit card to buy electronics at Fry's Electronics on 96th Street in Fishers and a Best Buy store on Michigan Road in Carmel. Hedrick said he thinks the victim's credit card may have been swiped and reproduced through a skimmer at an area gas station and that similar crimes have occurred recently in Fishers, Westfield, Noblesville, Lawrence and Indianapolis."
Bank Card Skimming Victim Depleted At Pump - www.thepittsburghchannel.com - 11/22/09 - "As the busiest shopping week of the season is set to begin, a Westmoreland County mother who fell victim to theft has a warning for others who may fall victim without even knowing it. Tammy Tressler stopped at a gas station in a hurry on Thursday. She had her baby in the car and had to get home. She swiped her debit card in the gas tank machine and went about her way."
New state rules seek to prevent theft of customer information - www.patriotledger.com - 11/21/09 - "Five years ago, identity thieves intercepted wireless transmissions from two Marshalls stores in Miami, opening the floodgates for the biggest data breach in U.S. history. Now Massachusetts businesses are gearing up to comply with new state regulations designed to prevent a repeat of the breach at TJX Cos., the parent company of the Marshalls and T.J. Maxx chains. The regulations, which take effect March 1, will make customers’ and employees’ personal information harder for hackers to access."
So Much Data, So Little Encryption - www.informationweek.com - 11/21/09 - "If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure--86% of the the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real story. Only 14% of respondents say encryption is pervasive in their organizations. Database table-level encryption is in use by just 26%, while just 38% encrypt data on mobile devices."
Windsor police nab Quebec pair for debit card scam - www.windsorstar.com - 11/20/09 - "Two Quebec residents have been arrested by Windsor police in connection with a high-tech point-of-sale PIN pad fraud scheme that financial crime detectives have been investigating since the spring. Police say the suspects — a man and a woman — were first captured on a surveillance camera on Tuesday evening. The pair were allegedly attempting to swap a PIN pad at a Burger King on Dougall Avenue with a decoy. An alert employee noticed them and the pair fled before police arrived."
Thousands victimized by debit card scam - www.ctvbc.ctv.ca - 11/20/09 - "Thousands of people across Metro Vancouver have had their bank accounts drained by a debit card scam in recent weeks. Criminals placed phoney readers in place of legitimate devices, skimming tens of thousands of dollars. RCMP officials said Friday they don't know if they're dealing with one organized crime group or multiple groups. "It's throughout the Lower Mainland," said RCMP spokesman Sgt. Peter Thiessen."
Massive B.C. fraud hits debit-card users - www.cbc.ca - 11/19/09 - "There has been a massive debit-card fraud in B.C.'s Lower Mainland involving thousands of cards and possibly millions of dollars, CBC News has learned. The fraud was committed through compromised debit machines at stores in the communities of Ladner, Delta, Langley, Surrey and possibly Vancouver. It appears debit-card pads were replaced with pads equipped with devices that transmitted PIN numbers and transaction information to a criminal organization."
Banks warn of increase in card 'skimming' (New Zealand) - www.legalbrief.co.za - 11/19/09 - "SA's banks have warned consumers of a surge in credit and debit card 'skimming' this festive season after a cashier at a retail chain in Durban was arrested on suspicion of doing so."
Skimming device attached to North Naples ATM - www.nbc-2.com - 11/19/09 - "Deputies are trying to identify a man they say may be involved in the placement of a skimming device on a North Naples ATM. Investigators say the man, pictured below, installed the skimmer at the SunTrust at 2420 Vanderbilt Beach Road on November 14th. Several ATM customers report their information was then used by a thief on the east coast of Florida."
Store cashier caught 'skimming' in South Africa - www.thepost.co.za - 11/18/09 - "South Africa's banks have warned consumers of a surge in credit and debit card "skimming" in the festive season after the arrest of a Durban retail chain cashier suspected of doing so. The South African Banking Risk Information Centre (Sabric) said shoppers should be aware of who was swiping their debit or credit cards, and be as alert with their cards as they were with cash. This caution to consumers was prompted by the recent arrest of a cashier at Game at the Gateway Theatre of Shopping after a store manager swooped on him when a customer reported his suspicion."
Credit card security breach fear in Europe - news.bbc.co.uk - 11/18/09 - "Reports are being investigated of a major credit card scam in Spain. Anyone who used a Visa or Mastercard credit card when in Spain may have had their card data compromised. In Germany, as many as 100,000 cards are reportedly being recalled. UK customers will be contacted directly if they are thought to be at risk."
Massive credit card fraud in Europe exposed - www.dw-world.de - 11/18/09 - "Concerns about data privacy have led a number of banks to replace thousands of credit cards. MasterCard and Visa uncovered the security breach after data from a Spanish partner company was stolen by thieves. Thousands of credit card holders have been told to hand back their cards after fraudsters in Spain illegally obtained information about their accounts."
U.K. Prepares Heavier Hammer For Data Breaches - www.storefrontbacktalk.com - 11/18/09 - "Alarmed about an “unacceptable” level of data loss and theft during the past year, the British Government is proposing fines of as much as 500,000 pounds (about US$841,000) for retailers that commit “serious breaches” of the nation’s data protection regulations. “This reflects the importance that government places on safeguarding personal data effectively and processing it responsibly and lawfully,” said the U.K. Ministry of Justice."
Merchants warned to protect their pin pads - www.bclocalnews.com - 11/17/09 - "Police are grappling with a major spike in debit card skimming activity in the Lower Mainland. Fraudsters have stepped up their efforts to illegally harvest card data and passwords, forge fake cards and then suck money out of victims' bank accounts, according to Sgt. Tony Farahbakhchian, the RCMP's Pacific region counterfeit coordinator. "The increase is significant," he said, but added he doesn't have precise numbers of banking customers affected."
'Skimmer' used to steal from bank ATM - www.northjersey.com - 11/18/09 - "A device installed in an automated teller machine in the lobby of a Clifton Avenue bank was used to steal "a significant amount of money" from bank customers, police said. Police are seeking two men they suspect planted the data-reading devices, or "skimmers," inside the teller machines. A skimmer device inserted into an ATM in the lobby of Bank of America at 1045 Clifton Ave. enabled someone to steal money from 65 customer accounts between Oct. 28 and Nov. 1."
VeriFone Announces VeriShield Protect for EMV Smart Cards - pindebit.blogspot.com - 11/17/09 - "VeriFone Holdings, Inc. (NYSE: PAY), today announced that its VeriShield Protect end-to-end encryption solution for card payment security will be available for use with the EMV smart card standard and will also support contactless payments. First introduced in the U.S. to help merchants and acquirers secure cardholder information and comply with PCI data security requirements, VeriShield Protect is now being expanded for use worldwide in support of all card payment types."
Ottawa firm convicted of credit and debit card fraud - www.ottawacitizen.com - 11/16/09 - "The owners and an employee of a Bank Street company that masqueraded as a legitimate business but really specialized in credit and debit card fraud were part of a criminal organization, an Ottawa judge found in a precedent-setting decision Monday. Ontario Superior Court Justice Robert Smith found Robert Cattral, 39, Catherine Margaret Brunet, 39, and Henry Charles Beauchamp, 41, all guilty of participating or contributing to the activities of Canadian Barcode and Plastic Card Supply Inc., a criminal organization the judge found bought and sold devices used to forge credit and debit cards between January 2002 and July 2004."
Debit card skimming heats up - www.bclocalnews.com - 11/13/09 - "Police are grappling with a major spike in debit card skimming activity in the Lower Mainland. Fraudsters have stepped up their efforts to illegally harvest card data and passwords, forge fake cards and then suck money out of victims' bank accounts, according to Sgt. Tony Farahbakhchian, the RCMP's Pacific region counterfeit coordinator. "The increase is significant," he said, but added he doesn't have precise numbers of banking customers affected."
Revealed - the machines behind the EFTPOS scam - www.watoday.com - 11/12/09 - "Targeted.. the Ingenico PX328, the EFTPOS machine at the centre of the WA EFTPOS skimming scam. The skimming scam that has stripped almost $5 million from WA bank accounts was due to old EFTPOS machines easily hacked, a senior industry insider says. The impact of the scam has spread nationally, with two of the nation's best-known brands taking steps to upgrade their EFTPOS machines in its wake."
RBS WorldPay: 8 Hackers Indicted in $9 Million ATM Theft - www.bankinfosecurity.com - 11/12/09 - "Eight members a hacker ring that made off with more than $9 million in a massive ATM fraud scheme last November were indicted in an Atlanta, GA courtroom this week. The eight men, all from eastern European counties, are accused of hacking into a computer system at RBS WorldPay, the U.S. payment-processing division of Royal Bank of Scotland Group. They then allegedly cloned prepaid ATM cards, which they used to draw out cash from 2,100 ATMs in 280 cities around the world within a couple of hours."
Court Ruling Jeopardizes Credit Card Privacy Law - www.californiaprogressreport.com - 11/12/09 - "The California Legislature long ago recognized the dangers associated with collecting and maintaining consumers’ personal identification information, finding that the practice put the physical safety of consumers at risk and jeopardized consumers’ financial security due to identify theft and credit card fraud. In response, the Legislature enacted an amendment to the Song Beverly Credit Card Act in 1990 to protect privacy rights guaranteed to consumers by Article 1, Section 1 of the California Constitution."
Virus and Malware Prevention Is an Ongoing Battle - www.govtech.com - 11/11/09 - "You don't have to look hard to find examples of public and private organizations that have been hacked by viruses and harmful worms - a quick Internet search will turn up plenty. The Charlotte Observer in North Carolina reported on Sept. 25, 2009, that 236,000 records at the University of North Carolina at Chapel Hill were compromised by virus activity. The data was from the Carolina Mammography Registry and was being used for a university research project. The intrusion was detected in July, but may have occurred in 2007 and gone undetected for years."
Hackers Indicted in Widespread ATM Heist - online.wsj.com - 11/11/09 - "The U.S. Justice Department indicted eight Russian and Eastern European computer hackers, alleging they were part of a crime ring that allegedly broke into ATMs in hundreds of cities world-wide and stole $9 million in a matter of hours."
New police powers against card skimmers (Australia) - www.allvoices.com - 11/11/09 - "NSW Police say new laws will allow them to crack down on bank card skimming. Legislation announced on Wednesday will create three new offences in an attempt to stop the selling of personal information. Trafficking in identity information will attract a maximum 10-year jail term. Possessing such information with intent to commit a crime will carry a maximum seven years, while possession of card skimmers and other devices will have a maximum three year term."
PCI: Is Your Institution Compliant? - www.bankinfosecurity.com - 11/11/09 - "Since the Heartland data breach was announced in January, there's been no shortage of discussion about the Payment Card Industry Data Security Standard (PCI DSS) and its requirements of merchants and payments processors. But what about financial institutions? Banks and credit unions store large amounts of cardholder data, but often show little awareness of PCI requirements, say security experts, including the Qualified Security Assessors (QSA) who test for PCI compliance."
Falmouth card cloning warning - www.falmouthpacket.co.uk - 11/11/09 - " A Falmouth man has warned others to keep an eye out for card cloning devices on cash machines after falling victim twice in one month. The man, who does not want to be named after fears criminals still have his financial information, says he thinks the cloners struck in Falmouth or Penryn. "
U.S. Takes Down $9 Million RBS WorldPay Hacking Ring - www.threatpost.com - 11/10/09 - "U.S. and international prosecutors have taken down a criminal ring that they allege was responsible for an ATM scam last year that stole about $9 million from RBS WorldPay. The criminals were able to evade the company's encryption system used on payroll debit cards and withdraw money from ATMs in 280 cities around the world."
UPDATE: Debit scam hits Langley - www.bclocalnews.com - 11/10/09 - "Joan Pearce received a call on Monday morning from her bank informing her that her debit card may have been compromised. Her bank asked her to come in to get a new card. When she arrived at the Scotiabank on 56 Avenue, she wasn’t the only one they had called. “There was quite a lineup of us getting new cards,” she said."
U.S. Alleges $9 Million Debit-Card Hacking Ring - online.wsj.com - 11/10/09 - "Federal prosecutors alleged that members of an elaborate hacking ring broke into debit-card systems and stole $9 million from automated teller machines in hundreds of cities world-wide. Prosecutors in Atlanta Tuesday announced indictments against eight members of the alleged ring, from eastern European countries, in what is believed to be among the most brazen and damaging electronic bank heists to date."
International Effort Defeats Major Hacking Ring - atlanta.fbi.gov - 11/10/09 - "VIKTOR PLESHCHUK, 28, of St. Petersburg, Russia; SERGEI TŠURIKOV, 25, of Tallinn, Estonia; and OLEG COVELIN, 28, of Chisinau, Moldova, along with an unidentified individual, have been indicted by a federal grand jury on charges of conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, and aggravated identity theft. IGOR GRUDIJEV, 31, RONALD TSOI, 31, EVELIN TSOI, 20, and MIHHAIL JEVGENOV, 33, each of Tallinn, Estonia, have been indicted by a federal grand jury on charges of access device fraud."
Crook admits to credit card expertise - www.thesudburystar.com - 11/07/09 - "All of the equipment necessary to manufacture and forge credit cards -- from embossing machines to foil printers and even blank cards -- were found in a Sudbury motel room by city police June 22. They also found Douglas Birney, 29, and Joey Alonso, 30, in the room. Friday, in Sudbury court, Ontario court Justice William Fitzgerald found both men guilty of several charges related to forging credit cards."
600 Potentially Scammed By ATM Skimmers - www.wsmv.com - 11/07/09 - "Carol Stephenson is among more than 600 potential victims in the Nashville area who used an ATM machine and unknowingly handed over all her information to thieves. "It's unfair," she said. "You feel like you are invaded a little bit with your privacy." Police said 60 people like Stephenson had between $100 and $5,000 taken from their accounts."
Domestic disturbance call turns into fraud bust in PoCo for Coquitlam RCMP - www.bclocalnews.com - 11/06/09 - "A Port Coquitlam woman faces a number of charges and a man is wanted by police after a domestic violence call turned into a fraud factory bust last week. According to Coquitlam RCMP, police responded to a possible domestic dispute call just after 10 p.m. on Oct. 26 in an apartment in the 2300-block of Shaughnessy Street in PoCo. While Mounties were inside talking to a woman, the officers noticed fraud-related items."
Video: Raid on Romanian Bank Card Skimming Ring - www.wired.com - 11/06/09 - "Police in Romania this week swooped in on 19 members of an alleged international credit and debit card skimming ring that’s been active in Switzerland, Italy, France, and the U.S., according to local reports. Romania’s national Directorate for Countering Organized Crime staged 23 coordinated raids Tuesday, most of them in the city of Craiova, according to the Gazeta de Sud. The police found fake ATM components, card readers, five luxury cars, lots of cash, 100 cloned cards, documents showing wire transfers, and at least one handgun."
Federal data-protection law inches forward - www.computerworld.com - 11/05/09 - "A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee. The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration. If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data."
PATTAYA POLICE ARREST 2 ROMANIAN CREDIT CARD FRAUDSTERS - www.pattayadailynews.com - 11/05/09 - "Two Romanian citizens have been arrested at a popular hotel in Pattaya in relation to a credit card skimming and duplication scam recently. Pattaya, 5th of November 2009 (PDN): Allegedly two Romanian born Tourists have been arrested in Pattaya at the "DC Hill Hotel" whilst in possession of two stolen ATM cards and some high tech skimming equipment, believed to have been used to read credit and bank account numbers from ATM’s across Pattaya for use in a card duplication scam."
Card skimming a growing problem (Australia) - www.abc.net.au - 11/05/09 - "Card skimming is being reported around the country with disturbing frequency. The victims find that someone else has used their credit cards or debit cards, sometimes in another city or even another country. The latest example of card skimming has stung residents in Wollongong's northern suburbs. Police say about 100 people have lost money and one victim says he has lost about $8,000."
Credit Card Security Rules Evolving Faster Than Businesses Can Keep Up - www.boston.com - 11/05/09 - "A flurry of new regulations, guidelines and clarifications designed to improve credit card security at the point of purchase has retailers and other organizations that accept credit card payments - especially their internal audit, information technology and information security staff - scrambling. With three new pieces of guidance on the docket for Payment Card Industry (PCI) compliance, as well as larger fines for non-compliance, these companies face not only external pressures to beat deadlines but also internal pressures to meet requirements in a strategic and cost-effective manner."
Federal data-protection law inches forward - www.computerworld.com - 11/05/09 - "A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee. The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration. If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data."
Northfield police say theft device found on ATM - www.chicagotribune.com - 11/04/09 - "Northfield police are warning people who used the drive-up ATM at Chase Bank, 400 Central Road, Oct. 9 to 11 to check their bank statements, because a device that can collect debit card information was placed on the machine. In an e-mail alert to the community this week, police said a "skimmer" was placed on the ATM. It covers the normal card reader and looks authentic."
Card skimmers steal thousands from accounts - www.illawarramercury.com.au - 11/03/09 - "Thousands of dollars have been skimmed from the bank accounts of northern suburbs residents over the past two days. Customers of the Commonwealth Bank, St George Bank and CUA are among those hit by the fraudsters. Card skimming involves information being illegally copied from the magnetic strip of a credit or debit card. Once the card has been skimmed, a fake card with the victim's details is created to carry out fraudulent transactions."
Police ask for help identifying suspects in Abbotsford ATM fraud - www.theprovince.com - 11/03/09 - "Abbotsford police are asking for help identifying two men suspected in multiple ATM and bank-card frauds. On Oct. 14, say police, two men were recorded on surveillance video placing a pinhole-camera canopy and a magnetic-strip skimmer on an ATM at an Abbotsford business. Two days later, a man reported to police that the debit card he'd used there had been compromised and $3,000 had been taken from his account."
Card skimmers targeting fast food restaurants steal $4 million in Australia - www.securityinfowatch.com - 11/03/09 - "Police in Perth say a card skimming scam that began in McDonalds fast food restaurants has netted thieves more than $4-million. Police are urging people who have purchased food from a McDonalds store in the past couple of months to have the PIN on their bank card changed. Detective Senior Sergeant Don Heise says several people had tens of thousands of dollars stolen from their bank accounts at the weekend."
Visa Australia kills signatures by 2013 - www.zdnet.com.au - 11/02/09 - "The move, instigated to reduce card fraud, involves working with financial institutions and retailers to upgrade over 14 million visa cards, half a million point of sale terminals, and thousands of ATMs. From January 2010 all new Visa cards will feature smart chips, while debit and reloadable prepaid cards will be updated from January 2011. Currently around 37 per cent of Australian Visa cards are chip-enabled."
Javelin Research does not expect US to adopt Chip & PIN - Transaction Trends Magazine - 11/09 - "While most business markets are migrating to some type of EMV chip-based card system, analysts at Javelin Strategy & Research do not expect the US to follow suit, citing an already robust magnetic stripe infrastructure and escalated implementation costs as primary barriers to adoption of this global trend."
The Last Refuge of Scoundrels - Digital Transactions Magazine - 11/09 - "The good news is that the once shadowy world of criminal sites that buy and sell stolen card and bank-account data isn't so shadowy any more. The bad news is that these bad-guy bazaars are devilishly hard to shut down."

October 2009

Verizon's New Security Offer Covers Your Apps - www.lightreading.com - 10/30/09 - "Verizon Business today is launching a new service aimed at helping enterprises continuously monitor and protect their Web-based applications from security threats and data breaches. The software-as-a-service (SaaS) offering, using WhiteHat Security's application vulnerability management SaaS platform, lets subscribers check their applications for vulnerability whenever changes are made or even on a periodic basis for safety's sake."
Nearly 500 People Fall Victim To ATM Skimming Scam - www.newschannel5.com - 10/30/09 - "A warning to the mid-state, using ATM machines could be as dangerous as giving a thief a personal debit card. Police are calling it a nationwide scam. Skimming victim Lindsey Payne has gone to the bank hundreds of times before, and she said last week was no different. Something happened during her five minute trip that has her steering clear of ATM machines."
Card skimmers targeting fast food restaurants steal $4 million in Australia - www.securityinfowatch.com - 10/30/09 - "Police in Perth say a card skimming scam that began in McDonalds fast food restaurants has netted thieves more than $4-million. Police are urging people who have purchased food from a McDonalds store in the past couple of months to have the PIN on their bank card changed. Detective Senior Sergeant Don Heise says several people had tens of thousands of dollars stolen from their bank accounts at the weekend."
European Commission mulls data breach notification law - www.theregister.co.uk - 10/28/09 - "The European Commission will consider passing new laws forcing organisations that lose personal data to go public with that loss. The Commission has until now been opposed to the creation of wide-ranging data breach notification requirements. The Commission and European Council insisted that a data breach notification in a recent Telecoms Package of reforms only applies to telecoms companies."
Card skimming device found inside gas pump - www.pattersonirrigator.com - 10/28/09 - "A credit card skimming device was found inside a card reader in a gas pump at the Union 76 gas station on Rogers Road on Wednesday, Oct. 28, after thieves wreaked havoc on Patterson residents’ bank accounts by stealing credit and debit card information, police said. The Stanislaus County Sheriff’s Department said the device — which was installed after forcing entry into the pump — was not visible from the outside, and no other information was immediately available."
Police Warn of ATM Scam - www.wztv.com - 10/28/09 - "Metro Police want you to be on alert about an ATM scam that's hit Middle Tennessee. Police say over the past several days 39 people across Nashville have reported their ATM cards were compromised. The suspects are believed to be travelers who stay in cities for 2-3 days."
Information-age arrests - www.bclocalnews.com - 10/28/09 - "“An overwhelmingly large amount of personal data” is how Mounties are describing evidence seized from an Ashcroft home as part of a major fraud bust last week. Police confirmed some of the stolen information belongs to Kamloops residents. On Wednesday, Kamloops RCMP released more information on the investigation, including putting on display a table-full of items seized from the home used in the credit-card operation."
300 Victimized By ATM Skimming, Say Police - www.wsmv.com - 10/28/09 - " Metro police said there's been a rash of ATM skimming, and they believe there are more than 300 victims. Skimming is when thieves place a piece of equipment over the ATM card slot. The device copies all of a user's information so thieves can then clone the card. There have been 39 reports just in the last week. Police said ATMs across Nashville have been hit, including machines in Brentwood and Belle Meade."
Federal, industry reps call for national standards to report data breaches - www.nextgov.com - 10/28/09 - "The Homeland Security Department should establish a national standard to encourage companies and individuals to report data breaches to federal authorities, helping them gauge the intensity of cyberattacks and investigate cybercrime, security professionals said on Wednesday. Federal agencies are required to report data breaches to the U.S. Computer Emergency Readiness Team, which is part of DHS. Reporting requirements for companies, however, vary by state."
Credit cards re-issued in Finland after data breach in Spain - www.hs.fi - 10/28/09 - "A credit card security breach has been uncovered in Spain that may involve up to tens of thousands of Finnish bank and credit cards. So far it is not known exactly how many Visa or Master Card accounts have been compromised because of the information breach. Where in Spain the hacking took place is also unclear. In Finland, the news was first reported on Tuesday by the Finnish Broadcasting Company's (YLE) main evening news bulletin."
Bank machine at Tradex compromised - www.bclocalnews.com - 10/27/09 - "A sophisticated pinhole camera designed to capture personal identification numbers was located on an ATM machine at Tradex during the West Coast Women's Show this weekend. Abbotsford Police are investigating after a woman at the exhibition centre familiar with that automatic teller machine noticed it had a newly installed metal hood over the keypad around 12:30 p.m., said Const. Ian MacDonald."
Another Credit card scam busted - www.rupeetimes.com - 10/27/09 - "The Chennai Police on Friday claimed that it had arrested a Srilankan Tamil, mastermind behind a major credit card scam. The racket was involved in cloning credit cards using a skimmer, an embossing machine and other equipment. The Police arrested HariKumar on October 15 when he tried to buy things using a fake credit card in Perambur."
'Smart' debit cards will stop skimming - www.winnipegfreepress.com - 10/27/09 - "DEBIT-card skimming will soon be a crime of the past if Canada's financial institutions have their way.That's because banks and credit unions are in process of approving and, in some cases, rolling out debit "smart" cards embedded with small computer chips. The chips are replacing the 30-year-old magnetic-stripe technology, which is outdated and all-too-susceptible to card skimmers, who can copy the stripe's data and make duplicate cards, often right under their victims' noses. This kind of fraud cost Canadian financial institutions more than $100 million last year."
Chase Paymentech, VeriFone and Semtek Join Forces to Offer End-to-End Encryption Solution - www.businesswire.com - 10/27/09 - "Chase Paymentech, a leading merchant acquirer and payment processor, announces a joint initiative with VeriFone Holdings, Inc. (NYSE:PAY), and Semtek Corporation to provide end-to-end encryption technologies for merchants to combat threats to security. The companies will work together to market and distribute VeriFone’s VeriShield Protect solution to the Chase Paymentech base of retail merchants."
Encryption & Key Management Benchmark Survey - www.thalesgroup.com - 10/27/09 - "Need to know how to best incorporate encryption into your compliance planning? Attend this webinar for a summary of what more than 650 IT managers worldwide had to say in the 2009 Encryption and Key Management Benchmark Report. Making the right decisions with your data protection budget has never been more important."
Judge says TD Ameritrade's proposed security fixes not enough - www.thestandard.com - 10/27/09 - "A federal judge's rejection of a proposed settlement by TD Ameritrade Inc. in a data breach lawsuit marks the second time in recent months that a court has weighed in on what it considers to be basic security standards for protecting data. U.S. District Court Judge Vaughn Walker in San Francisco yesterday denied final approval of a settlement that had been proposed by TD Ameritrade in May to settle claims stemming from a 2007 breach that exposed more than 6 million customer records."
NSA to build secretive data center in Utah - www.securityinfowatch.com - 10/27/09 - "An intelligence official says the National Security Agency will build a secretive electronic data center at a National Guard camp in Utah. The deputy director for the Office of National Intelligence for Collection, Glenn Gaffney, says the data center will be dedicated to protecting the nation from cyber-attacks."
Police investigate stolen debit card info - www.securityinfowatch.com - 10/20/09 - "Department of Homeland Security Secretary Janet Napolitano delivered an online address Tuesday regarding the agency’s efforts to secure the nation’s networks. Napolitano said that President Obama views cyber security as being paramount to national security and has charged the agency with playing a key role in helping to coordinate efforts between law enforcement and other government agencies to ensure that the proper safeguards are in place to prevent hackers and other cyber criminals from gaining access to secure data."
Heartland CIO is critical of First Data's credit card tokenization plan - www.techtarget.com - 10/26/09 - "The CIO of Heartland Payment Systems Inc. sees possible weaknesses in a new proposal brought forth by credit card processing giant First Data Corp., which uses credit card tokenization software developed by RSA, the security division of EMC. Heartland CIO Steven Elefant, who is overseeing Heartland's E3 end-to-end encryption solution, said the First Data process may pose a greater security risk, since the credit card data is being replaced with tokens early on in the process."
Visa prefers data-field encryption - www.greensheet.com - 10/26/09 - "When Visa Inc. speaks, the payments industry listens. The world's largest card brand issued a global best practices paper that advises all merchants that accept electronic payments to consider data-field encryption technology be installed on their private networks as a necessary compliment to the Payment Card Industry (PCI) Data Security Standard (DSS). In the paper, available at http://corporate.visa.com/_media/best-practices.pdf, Visa makes five main recommendations:..."
Visa prefers data-field encryption - www.greensheet.com - 10/26/09 - "A large part of what complicates compliance with the Payment Card Industry (PCI) standards for data, PIN entry device and payment application security is the frequent, though necessary, changing of the rules to keep up with evolving security threats. To make things easier, the PCI Security Standards Council (PCI SSC) established specific timelines by which upgrades must be made to payment terminals. Yet, compliance is enforced by the card brands, not the PCI SSC."
VeriFone addresses PCI enforcement confusion - www.greensheet.com - 10/26/09 - "A large part of what complicates compliance with the Payment Card Industry (PCI) standards for data, PIN entry device and payment application security is the frequent, though necessary, changing of the rules to keep up with evolving security threats. To make things easier, the PCI Security Standards Council (PCI SSC) established specific timelines by which upgrades must be made to payment terminals. Yet, compliance is enforced by the card brands, not the PCI SSC."
Swiping your cash is too easy in Australia - www.dailytelegraph.com - 10/24/09 - "WHEN Michael Souri received an answering machine message to call his bank's "security division" one evening this month, he thought he had done something wrong. But the questioning he received when he called the division back left Souri, the owner of Surry Hills Lebanese restaurant institution The Prophet, even more troubled. "Have you been to Canada and Bulgaria in the last few days?", the voice on the phone asked. Souri had been the victim of a global card-skimming fraud that raided $30,000 from his bank account in two days. His PIN and account details had been "skimmed" on a holiday to Bali two months earlier."
Data masking secures sensitive data in non-production environments - www.networkworld.com - 10/23/09 - "Last week's article covered the topic of protecting data in databases from the inside out. That is, watching every action involving data as it happens, and promptly halting improper actions. This week's article takes look at data masking, which another way to protect sensitive data, especially as it is being copied and used in the development and testing of applications."
Person of Sri Lankan origin arrested in fake credit card case - www.indopia.in - 10/23/09 - "Umesh, a Sri Lankan who grew up in Canada, was arrested based on the interrogation of Harikumar, nabbed two months back for trying to make payments to a cold storage dealer by swiping a fake credit card, the CCB said in a press release. A special team was formed to nab Umesh after Harikumar revealed he had supplied him with fake credit cards. Umesh was arrested from Porur here, the release said, adding plain cards believed to have originated from Malaysia and Canada were recovered from him."
California's Proposed Cyber-Crime Legislation Could Resurface in 2010 - www.apparelnews.net - 10/23/09 - "A recently vetoed California bill aimed at protecting consumers’ credit card information online may resurface in 2010, according to the state senator who drafted the measure. Earlier this month, Gov. Arnold Schwarzenegger vetoed SB20, written by State Sen. Joe Simitian (D–Palo Alto). It would have updated a 2002 law that required businesses to give more-detailed information to consumers when they lose consumers’ information such as credit card numbers. More than 40 other states, including Nevada and Massachusetts, have similar laws on their books."
Debit Card Fraud Store Owner Speaks - www.krdo.com - 10/23/09 - "One store that exposed thousands of Pikes Peak area customers to identity theft is speaking up about the criminal case. Cheers Liquor Mart owner Jack Backman says the problem was their internet connection and debit cards. Somehow thieves accessed customer information then bought items all over the country in customers names. Some purchases of up to $300 were made as far away as Georgia."
LCSO: Masterminds behind Circle K debit card fraud under arrest - www.tallahassee.com - 10/22/09 - "The Leon County Sheriff’s Office announced this morning that it has arrested two men who deputies believe are the masterminds behind a “sophisticated and organized criminal operation” that involved debit card skimming at two Circle K convenience stores in Tallahassee. Another man is being sought. Reginald Lions Voltaire, Junior Douger were each charged Wednesday with multiple offenses, including organized scheme to defraud, organized communications fraud and 78 counts of use of scanning device or re-encoder to defraud."
Two Arrests in Restaurant Credit Card Skimming - www.khsltv.com - 10/22/09 - "There's new information the investigation into a credit card skimming operation that started in Redding. At least 13 Redding residents had their credit card numbers stolen at a Redding restaurant. A joint investigation by Redding Police and the Secret Service has led to the arrest of two men near Las Vegas. The alleged scam started back in February. At least 13 victims had their credit card information skimmed by a former worker at the New China Restaurant on Eureka Way in Redding. Authorities say a temporary worker used a hand-held device to steal customer credit card information in February."
Winnipeg police are investing debit-card skimming operation - ca.news.yahoo.com - 10/22/09 - "Winnipeg police are investing a debit-card skimming operation that occurred at a number of businesses across the city. The initial investigation has revealed that PIN pads were compromised by the suspects and information belonging to customers paying for their purchases by debit was collected, police said in a release issued Wednesday."
Millions stolen in credit card fraud surge (Australia) - www.ninemsn.com.au - 10/22/09 - "A surge in credit card fraud at ATMs and EFTPOS facilities has seen Australians fleeced out of tens of millions of dollars in recent months. A leading fraud expert says Australia's outdated and insecure banking technology has made the country the target of Romanian credit card skimmers with increasingly sophisticated equipment. NSW Fraud Squad commander Col Dyson told ninemsn that gangs obtained credit card details with magnetic stripe skimmers and cameras attached to standard ATMs."
TPD, USSS and LCSO Joint Investigation Shuts Down Debit Card Skimming Operation - www.wctv.tv - 10/22/09 - "Each victim reported they were still in possession of their debit cards and the fraudulent transactions were in the form of wire transfers and ATM withdrawals. Early indications were these fraudulent transactions were “PIN” driven transactions, which meant the suspect(s) used the victim’s debit card information and Personal Identification Number to authorize the transactions."
Retail Data Breach Victim Opts To Roll Back The Tech Clock - www.storefrontbacktalk.com - 10/21/09 - "One of the longstanding problems with retail security is that the best advice for retailers comes from the experts in the field. And those people often work for the vendors that sell security products and services. Retail, therefore, has developed a culture of handling security problems by purchasing more security products to layer on top of what they already have in place. But one retail data breach victim this month took the opposite approach. The Colorado liquor store had its payment records stolen via the Internet."
ChoicePoint Fined $275K for 2008 Breach - www.bankinfosecurity.com - 10/21/09 - "October 21, 2009 - Linda McGlasson, Managing EditorData broker ChoicePoint has agreed to a stronger data security program and will pay a $275,000 fine for a breach in 2008, according to the Federal Trade Commission. The FTC says the company failed to implement a comprehensive information security program to protect consumers' personal information, as required by the agency after ChoicePoint's 2004 breach, which affected more than 160,000 U.S. consumers."
Hundreds affected by debit card skimming operation - www.winnipeg.ctv.ca - 10/21/09 - "Winnipeg police say they are investigating after hundreds of people were hit with a debit card skimming operation. Officers say the early investigation shows suspects collected information from debit pin pads used by people paying for their purchases. Suspects then took that information to make a number of fraudulent transactions in Eastern Canada."
Identity theft scheme claims at least 13 Redding victims, police say - www.redding.com - 10/21/09 - "Two Southern California men have been arrested in Nevada after they allegedly defrauded at least 13 Redding residents who had earlier used credit cards at a Eureka Way restaurant, police said today. A third suspect, who is believed to be in Southern California, is being sought, police said. Police said that Edward Liu, 26, of Alhambra and Jin Lin, 35, of Monterey Park were detained on Sept. 23 and later arrested by Henderson (Nev.) police and a financial crimes task force after repeatedly using fraudulent cards at a business."
Hydro customer info used in scam - cnews.canoe.ca - 10/21/09 - "Police are investigating after a woman got a job at Manitoba Hydro using a stolen identity and used her position to access the personal information of more than 900 customers and take out fraudulent credit cards. The employee used customers' names and other information to apply for 45 credit cards without the victims' or Manitoba Hydro's knowledge, said Glenn Schneider, a spokesman for the Crown corporation."
Converging Trends Spur Interest in Card Terminals - www.americanbanker.com - 10/20/09 - "An impending deadline, several security initiatives and the ongoing adoption of contactless cards have payment terminal companies trying to position themselves for an anticipated surge in demand for point of sale systems. Christopher Justice, Ingenico SA's president for North America, said merchants are "at the start of a refresh" cycle. The French terminal maker announced last week the first of several planned management revamps to prepare for the U.S. market's growing appetite for updated payment terminals."
Cops warn of debit card data theft - www.winnipegsun.com - 10/20/09 - "Winnipeg police have received several complaints in recent days of debit card data being stolen and used to make fraudulent purchases or withdrawals, sources say. A source said police have received dozens of complaints from people who lost $400 to $800 or more late last week or over the weekend in the debit-card skimming scam."
California Governor Delivers Surprise Data Breach Law Veto - www.storefrontbacktalk.com - 10/20/09 - "California Governor Arnold Schwarzenegger is a man of surprises, be it as a bodybuilder turned successful movie star or as a staunch Republican winning election as the governor of reliably Democratic California. This month, though, he delivered his latest surprise in the form of a veto of a key data breach bill, a bill that had already had its critics withdraw all of their opposition. Schwarzenegger’s veto (which allegedly prompted the bill to look at the governor and bellow, “I’ll be back”) is not the first time he’s tackled data breach legislation; he has already forced earlier versions to be diluted."
SKIMMING DEVICES LOCATED - www.saultstar.com - 10/20/09 - "City police discovered a skimming device, used to copy the information embedded on a debit or credit card's magnetic stripe, on a local bank machine. Two people are under arrest. Police received information Sunday about a suspicious device on a TD ATM on Capp Avenue. They located the device and shortly after checked a nearby vehicle, where they found devices used in the forfing and falsifying of credit cards and data skimmed by these devices."
Respose to Your Recent Tokenization versus End-to-End Encryption Article - www.verifone.com - 10/20/09 - "I read the recent article you published on Tokenization versus End-to-End Encryption and I think there are several errors or misconceptions that should be corrected. Perhaps some of this comes from the bias of the experts you interviewed. First the entire discussion of tokenization versus end-to-end encryption does not even make sense. This is not an either or solution, nor is it a large versus small company decision. Both tokenization and end-to-end encryption can improve the security of cardholder data and can work well together in many environments."
An Inside Look at the Secret Service’s Battle to Hobble the Hackers - www.digitaltransactions.net - 10/20/09 - "The August indictments of three individuals allegedly responsible for the theft of 130 million credit and debit card numbers in the Heartland Payment Systems Inc. data breach made headlines across the world. Yet little attention is paid to the laborious investigative work needed to track down the criminals behind these types of infiltrations into computer systems and wireless networks. In the case of Heartland, the U.S. Secret Service first came across the alleged ringleader, Albert Gonzalez, in August 2008 while investigating data breaches dating back to 2004, according to Ken Jenkins, deputy special agent in charge, U.S. Secret Service criminal investigation division."
Credit cards also involved in Cheers Liquor security breach - www.gazette.com - 10/19/09 - "A security breach in the credit-card processing system at Cheers Liquor Mart involves both credit and debit cards and likely involves customers of dozens, if not hundreds, of financial institutions nationwide, the Colorado Springs-based retailer said today. Cheers has shut down a wireless broadband system that was used to process credit-card transactions and replaced it with an older dial-up system that is more secure and difficult to hack, said James Wall, a Denver-based spokesman for Cheers."
ATM 'card skimmer' found in Largo - www.abcactionnews.com - 10/19/09 - "LARGO, FL -- Largo Police say that they found a card skimmer on a local bank's ATM. The police say that someone went to use an ATM at the Wachovia Bank at Jasper and Missouri Ave in Largo. When the person went to swipe their card, a piece fell off the machine and the person called the police. Police went to the machine and said that they found a card skimmer. They took the ATM and searched other banks in the area. No other skimming devices were found."
Malaysian link to fake credit card scam in India - www.mmail.com.my - 10/19/09 - "Chennai police in Tamil Nadu are investigating fraud credit card cases that have links with organised crime in Malaysia........"
Payroll Processor Breached Twice in One Month - www.bankinfosecurity.com - 10/19/09 - "For the second time in less than a month, New Jersey-based payroll processor PayChoice has alerted customers to a network breach. PayChoice, based in Moorestown, NJ, had to take its Online Employer site offline last Thursday for a short time after the latest security breach was discovered. While the exact cause of the breach was not revealed, the company says it has taken new precautions."
Crime gangs say Australian ATM fraud 'easy' - www.news.com.au - 10/18/09 - "ROMANIAN crime gangs are targeting Australian ATMs for card-skimming fraud due to the high withdrawal limits set by local banks. Romanian police chief Elvis Tudose said the gangs had singled out Australia because of the vulnerability of local ATMs and light sentences imposed by courts. "In Australia, your countrymen are not very prepared to face the threat from them,'' Chief Inspector Tudose said. "This is the reason they probably choose Australia."
Hancock Fabrics Credit card scams hit home - www.napavalleyregister.com - 10/18/09 - "Recently at least 50 Napa County residents became victims of credit card and debit card fraud of a sort that poses an increasing danger as more of us rely more heavily on the use of plastic in our purchases. The victims all used cards at a specific store, and soon thereafter saw their bank or credit card accounts compromised with debits and withdrawals from stores and locations they did not visit."
Debit card skimming strikes customers in Maple Ridge and Coquitlam - www.news1130.com - 10/16/09 - "MAPLE RIDGE (NEWS1130) - Hundreds of customers in Maple Ridge and Coquitlam are the latest victims of a debit card skimming scam. Ridge Meadows RCMP say even one of their employees was affected. However, police aren't saying exactly which stores were hit. A skimming scam in West Vancouver's Park Royal Shopping Mall turned up last April - compromised PIN pads were discovered at Whole Foods and Athletes World among others. Skimming was responsible for $94 million in fraud across Canada last year. Police are asking people in the Tri-Cities to check their statements for suspicious activity."
Singapore looking to improve online security - www.zdnetasia.com - 10/16/09 - "Ingo Noka, Visa's Asia-Pacific head of data security and enterprise risk management, explained that dynamic authentication uses passwords that are generated every 10 seconds. This helps ensure passwords, even when stolen, will no longer be valid for use in online transactions after a time limit, Noka said in an interview with ZDNet Asia. These passwords can be generated by a token or sent via SMS to the consumer, he added. The payment structure is similar to Internet banking transactions in Singapore, where local banks support dynamic passwords as part of the two-factor authentication process."
Fed Regulation of Private Data Mulled - www.bankinfosecurity.com - 10/16/09 - "Congress should consider enacting legislation allowing the federal government to regulate how the private sector handles and stores data to battle the increasing problem of data breaches, says the chairwoman of a House panel that has jurisdiction over cybersecurity. Rep. Yvette Clarke, the Brooklyn, N.Y., Democrat who chairs the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, says she hopes to hold hearings on what she calls the National Data Breach Law either later this year or in early 2010."
Police investigate stolen debit card info - www.gazette.com - 10/16/09 - "Thousands of customers of at least five financial institutions serving the Colorado Springs area have had their debit card numbers stolen through an unidentified local merchant, Colorado Springs police confirmed Thursday. Ent Federal Credit Union, southern Colorado’s largest financial institution, began notifying between 1,500 and 1,700 cardholders last weekend that their card numbers had been compromised and about 150 had fraudulent transactions posted to their accounts, said Dana Chippindale, an Ent spokeswoman."
Debit card breach is traced to Cheers Liquor Mart - www.gazette.com - 10/16/09 - "A debit card breach affecting thousands of Colorado Springs area cardholders resulted from outside hackers gaining access to Cheers Liquor Mart’s computer system sometime last month, owners of the Springs-based retailer said Friday. Cheers hired Cyopsis LLC, a Denver-based information technology forensics and investigations firm, to determine the source of the breach and prevent further breeches, said Jeff Robinson, one of four owners of one of the city’s largest liquor retailers."
SC World Congress: US Feds call for more collaboration - www.securecomputing.net.au - 10/15/09 - "Top officials from US law enforcement and government agencies speaking at SC World Congress in New York this week said progress has been made in fighting cybercrime recently, but increased collaboration with individuals from the private sector and international law enforcement bodies is needed to keep up the momentum."
Two Eagan men charged in credit card scam - www.thisweeklive.com - 10/15/09 - "Two Eagan men are accused of using a device called a “skimmer” to steal credit and debit card information from others and load it onto gift cards for their own use. The Dakota County Attorney’s Office has charged Abe Walter Smith, 31, with one count of identity theft, and Gabriel Adam Alexander Langford, 23, with two counts of credit card fraud."
Wal-Mart’s VPN Data Breach Raising Server Log Questions - www.storefrontbacktalk.com - 10/15/09 - "Back in June 2005, right around the time that several major retailers (including TJX, BJ’s Wholesale Club, Boston Market and DSW) were being attacked by Albert Gonzalez’s cyber thief gang, Wal-Mart was quietly experiencing its own data breach. In Wal-Mart’s case, though, the breach began in June 2005 and wasn’t discovered by Wal-Mart until some 17 months later."
Inter-state fake credit card racket busted in Kerala (India) - www.ptinews.com - 10/15/09 - "An inter-state fake credit card racket duping jewellers and textile shops of goods worth lakhs of rupees was busted by police today with the arrest of six persons, including five from Maharashtra. The six were arrested here today by a police team led by IG Tomin Thachankary, investigating the case of purchase of Rs 2.5 lakh worth of ornaments from a jewellery shop here using forged cards recently, police said."
Heartland's Breach: Lessons Learned (w/ Video) - www.informationweek.com - 10/15/09 - "Earlier this year, Heartland Payment Systems announced a major security breach that sent a few shockwaves through the financial world, not just because of its impact on Heartland, but also because of what the incident revealed about the sophistication of the Russian hackers who perpetrated this fraud. Heartland's CSO Kris Herrin talked to me about it at our recent Bank Summit in Pasadena, CA."
Live Webcast: Tokenization and End-to-End Encryption - Fact and Fiction - www.voltage.com - 10/14/09 - "As a result of the both the recent PCI DSS Community meeting and the PricewaterhouseCoopers survey on approaches for achieving PCI compliance, attention is now focused on two technology solutions that help merchants reduce PCI audit scope, secure consumer credit card data and reduce the costs associated with PCI compliance."
Millions stolen from McDonald's customers - www.theaustralian.news.com.au - 10/14/09 - "Major fraud squad detective senior sergeant Don Heise said inquiries by police had confirmed EFTPOS devices had been compromised. Card information and PIN details from debit and visa cards had been obtained in the fraud, Det Heise said."
McDonalds EFTPOS scam could claim more victims: Police - www.abc.net.au - 10/14/09 - "People are being urged to change their bank card or PIN if they have used it to make a purchase at a Perth McDonalds restaurant in the past three weeks. Thousands of West Australians have had a total of more than $450,000 dollars stolen from their debit and credit card accounts over the past three weeks in an EFTPOS skimming scam."
Card firm hacking hits thousands of Swedes - www.thelocal.se - 10/14/09 - "Debit card information for tens of thousands of Swedish banking customers may have fallen into the wrong hands following a security breach at card manufacturers MasterCard and Visa. Computer systems at both card makers were breached recently, allowing hackers to get away with data on thousands of banking cards, the Aftonbladet newspaper reports."
Bank of Bermuda moves to protect customers after security breach - www.royalgazette.com - 10/13/09 - "Several hundred Bank of Bermuda accounts were closed yesterday and cards cancelled as an overseas retailer reported a breach in customer security. Bank spokeswoman Susan Jackson said: 'Bank of Bermuda received notification from Visa and MasterCard that an overseas vendor has been compromised and that a number of Visa and MasterCard accounts may have been affected, including a number of cards issued by the Bank of Bermuda.'"
Wal-Mart victim of serious security breaches in 2005 & 2006 - www.internet-security.ca - 10/13/09 - "It's now confirmed that Wal-Mart was the victim of a serious Internet security breach back in 2005 and 2006. Hackers targeted the Wal-Mart development team in charge of the chain’s PoS (point-of-sale) system and successfully managed to transfer source code and other very sensitive data to a computer in Eastern Europe. Wal-Mart acknowledged the hack attack, which it calls an “internal issue,” since no sensitive customer data was stolen. The company then said it had no obligation to disclose the breach publicly, but did so because of mounting speculation and many reporters' phone calls to the company's head offices in the last week."
Visa Clarifies Policy on PIN Pad Mandates - www.nacsonline.com - 10/13/09 - "Visa hosted a webinar to clarify and reiterate its PIN pad data encryption policy on September 9. Ross Snailer and Stoddard Lambertson of Visa’s Payment Risk team led the presentation (PDF) that shed some light on what has been a much talked about topic for petroleum retailers. During the call, Visa stated that all attended POS and kiosks must be Triple DES (TDES) compliant by July 1, 2010, but that fines to acquirers (and presumably merchants) would not occur until August 1, 2012."
MagTek's MagneSafe™ technology – exceeds Visa's best practices for data field encryption while combining all 5 emerging technologies highlighted at the recent PCI conference - www.magtek.com - 10/13/09 - "MagTek®, Inc., a global leader in secure electronic payment technology, today announced that its MagneSafe technology, the industry’s standard for Secure Card Reader Authenticators (SCRAs), meets and exceeds Visa’s recently published best practices for data field encryption, also referred to as "end-to-end encryption" and is the only technology to combine all five of the "emerging technologies" identified by PricewaterhouseCoopers (PWC) in its report to PCI entitled: Emerging Technology Research."
Big-Box Breach: The Inside Story of Wal-Mart’s Hacker Attack - www.wired.com - 10/13/09 - "Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned."
Credit card-stealing device makes its Minnesota debut at Wendys - blogs.citypages.com - 10/12/09 - "A device called a "skimmer" that steals credit card information just by swiping the card has been implicated in incidents in Eagan and Maplewood. The item looks extremely similar to a normal payment-swipe device, so it's easy for criminals to hide their intentions when stealing card info."
Credit card-stealing device makes its Minnesota debut at Wendys - www.hometownannapolis.com - 10/12/09 - "STEVENSVILLE, Md. (AP) — The Queen Anne's County Sheriff's office says a card-skimming device was attached to an ATM machine in Stevensville. The sheriff's office says 88 people reported unauthorized transactions. The device has not been found, but investigators believe it was on the ATM at the Bank of America branch at 1114 Shopping Center Road between Sept. 26 and Oct. 9."
FBI cybercrime operation reveals massive online banking fraud scheme - www.thepaypers.com - 10/12/09 - "The FBI arrested and charged 53 US individuals accused of carrying out fraudulent internet-based activities, more exactly of operating a vast phishing operation and stealing at least USD 2 million from 2007 onwards. 47 more individuals, charged as co-conspirators, are set to be arrested by Egyptian authorities."
CRIME: Card skimmer attached to Eastern Shore ATM machine - www.delmarvanow.com - 10/11/09 - "The Queen Anne's County Sheriff's office says a card-skimming device was attached to an ATM machine in Stevensville. The sheriff's office says 88 people reported unauthorized transactions. The device has not been found, but investigators believe it was on the ATM at the Bank of America branch at 1114 Shopping Center Road between Sept. 26 and Oct. 9."
Fraudster accesses local bank accounts - www.thepeterboroughexaminer.com - 10/10/09 - "City police are advising people to check their bank accounts after several local banks were compromised by a fraudster. Sgt. Sean Quinlan said the breach most likely affected a number of local banks, resulting in numerous frozen accounts. “We know of at least four affected banks,” he said. “But there could be more.” The scam likely happened sometime between August and now, he said. Quinlan didn’t know how many customers have been affected. The banks haven’t called police yet, he said."
Major Perth eftpos fraud suspected? - abclocal.go.com - 10/09/09 - "If you use you ATM card a lot, listen up: Thieves have come up with a new scam to get your money. Grand Central Area detectives have had a number of complaints about ATM skimming on the North and Northwest side. The detectives say people have had money stolen from their bank accounts by offenders who place chips and small hidden cameras at the ATMs to obtain pin numbers."
Don't Relax On The Breach - www.forbes.com - 10/09/09 - "Data breaches that don't involve financial information sound relatively benign. But Paul Royal recently discovered that these kinds of breaches are often part of a multi-step attack aimed at stealing personal financial data. Royal, a security researcher at Atlanta-based Purewire, encountered these so-called "chained exploits" when he received an e-mail purporting to be from his former employer's online payroll provider."
Cyberthieves find workplace networks are easy pickings - www.usatoday.com - 10/09/09 - "It took only a modicum of skill for a cybergang to steal 94 million credit and debit card payment records from the TJX retail chain — and follow that up by hauling in 130 million records from credit card processor Heartland Payment Systems. Court records reveal that those record-setting break-ins were almost too easy. Even more surprising: The thieves were able to take their sweet time extracting the data, in each case going undetected for more than a year."
McDonald's reveals EFTPOS skimming in Perth card fraud - www.news.com.au - 10/09/09 - " FAST food chain McDonald's has revealed customers' account details have been skimmed from EFTPOS terminals at Perth outlets - and says the fraud may continue. McDonald's Australia says it cannot guarantee that more West Australians will not be fleeced in the EFTPOS fraud scam that has siphoned hundreds of thousands of dollars from unsuspecting customers this week."
Man Arrested for ATM "Skimming" in Manhattan Beach - www.ktla.com - 10/09/09 - "A Romanian national is under arrest after police say he tried to install a "skimming" device on a bank ATM in Manhattan Beach. George Puflene, 26, is believed to be part of an organized crime ring that "skimmed" $70,000 from customers' accounts, police said."
ATM `skimming' case may be part of a ring - www.dailybreeze.com - 10/08/09 - "A Romanian national arrested as he installed a fake keyboard atop a Citibank ATM in Manhattan Beach is believed to be part of an organized crime ring that "skimmed" $70,000 from customers' accounts, police said Thursday. So far, Manhattan Beach police have received 50 reports of illegal withdrawals from bank accounts ranging from $100 to $10,000. "
Heartland Breach: Inside Look at the Plaintiffs' Case - www.bankinfosecurity.com - 10/08/09 - "Prior to the Heartland Payment Systems (HPY) data breach, company executives misrepresented their "state of the art" security measures, says a new document filed in the class action suit against the payments processor. Heartland publicly touted its "multiple layers of security," and said it placed "significant emphasis on maintaining a high level of security in order to protect the information of our merchants and their customers," according to the master complaint filed last month in U.S. Southern District Court in Houston."
Retail Data Breach Liability Shield May Get Gutted - www.storefrontbacktalk.com - 10/08/09 - "In a move that has the potential to make it much more difficult for retailers to defend themselves against civil data breach lawsuits, the judge overseeing the Hannaford data breach case has reversed himself. The Maine Supreme Court is now involved. For years, retailers involved in major data breaches had little to worry about from U.S. courts, thanks to credit card zero liability programs."
Visa’s Retail Token Advice Of Token Value - www.storefrontbacktalk.com - 10/08/09 - "Visa on Monday (Oct. 5) issued a document to ostensibly help retailers figure out how best to navigate the new encryption and tokenization landscape, but as a practical matter, the document did little beyond rehash conventional wisdom and long-standing Visa and PCI best practices. It felt more like a quintessential psychologist advice session: “Dr. Visa, what should we do about tokenization?” “That’s an excellent question, Mr. CIO. What do you think you should do?”"
The Survey Says: 28 Percent Of Retailers Using Payment Data For Non-Payment Functions - www.storefrontbacktalk.com - 10/08/09 - "Officially, Visa and other card brands “discourage” retailers from using card data for non-transaction functions, such as CRM or other customer identification programs. But many retailers continue to do the forbidden practice and to do so openly. And even Visa won’t say that it will punish a retailer caught blatantly doing it. “We’d work with the acquirer and work with the merchant to try and rectify the situation,” said Jennifer Fischer, a Visa senior business leader who focuses on payment risk issues."
Lawsuit: A Heartland Manager Resigned Because Of PCI Compliance Issues - www.storefrontbacktalk.com - 10/08/09 - "As the lawsuits involving Heartland’s massive data breach move through the court system, an unusual claim was inserted into a court filing. The Sept. 23 filing in the U.S. District Court for the Southern District of Texas was trying to raise questions about Heartland’s post-breach conduct. It then shared the following anecdote without further explanation."
Verizon Business teams with McAfee to offer security in the cloud - www.itwire.com - 10/08/09 - "Verizon Business and McAfee have formed a global strategic alliance to provide integrated security solutions to businesses and government agencies worldwide under which the companies will jointly develop a suite of next-generation, cloud-based managed security services. Together, McAfee and Verizon Business will offer a comprehensive portfolio of managed security services (MSS) to enterprises, leveraging the strength of Verizon Business' MSS offerings and McAfee's technology."
Best Practices for Data Field Encryption to Protect Cardholder Information in Transit and Storage - usa.visa.com - 10/07/09 - "Best Practices for Data Field Encryption to Protect Cardholder Information in Transit and Storage Cardholder data security continues to be an important issue for all stakeholders in the payment system. While payment system participant compliance with the Payment Card Industry Data Security Standard (PCI DSS) has undoubtedly prevented many breaches of cardholder information, some entities’ lack of ongoing compliance has resulted in compromises, particularly of cardholder data in transit."
Credit Card Skimmer at Local Gas Station? - www.cvsd.com - 10/07/09 - "I received this information from a resident about a device that steals credit card information attached to a local gas pump. I assume the device is gone now, and I don’t have any first-hand knowledge (but I have contacted the police.) Please don’t avoid this particular station because of this warning — similar devices could be at any station, ATM or retail store. Just watch out for unusual or mis-matching card readers, and check your statements regularly for suspicious activity."
Australian police investigate skimming fraud - www.xinhuanet.com - 10/07/09 - "West Australian police revealed on Wednesday an EFTPOS (Electronic Funds Transfer at Point of Sale) scam has seen more than 150,000 Australian dollars (133,893 U.S. dollars) stolen from 2,500 bank accounts using details gleaned at Perth retail outlets. EFTPOS is an Australian and New Zealand financial network for processing credit cards, debit cards and charge card payments at "Point of Sale" and transacting at ATMs."
Visa probes tokens, encryption for PCI card data protection - searchsecurity.techtarget.com - 10/07/09 - "Visa Inc. is weighing in on the process of protecting credit card data with end-to-end encryption and the use of tokens. The card brand issued a document this week outlining best practices for encryption that includes the use of tokens. Visa said the document aims to help encryption vendors develop a common standard and help early adopters choose the right approach to deploy data protection."
Encryption, Tokenization Loom Large As PCI Council Mulls Changes - www.digitaltransactions.net - 10/07/09 - "Will the 2010 iteration of the Payment Card Industry data-security standard represent a major break from the current version or just have some minor changes? That’s the question before the card networks, merchants, merchant acquirers, and payment processors now that one meeting with PCI stakeholders is down and another is coming up in a two-year process to update the critical rules governing card security."
Waitresses Charged With Card Skimming At Ruby Tuesday's Restaurant - www.paymentssource.com - 10/07/09 - "Three men were charged with providing waiters and waitresses at Ruby Tuesday's restaurants with credit card skimmers that were used to steal card information and make tens of thousands of dollars of unauthorized purchases in credit union and bank accounts. The skimmers drained funds from accounts at Philadelphia FCU, Freedom FCU, Diamond CU, Navy FCU and about a dozen banks, according to an indictment handed down by a federal grand jury last week."
Thieves use gift cards to scam credit card holders - www.kfor.com - 10/06/09 - "Even though you still have your actual credit card, people steal your card info and use it to open a new account in their name. And even when it's canceled, they still have buying power through gift cards. Thieves are cloning credit cards and spending to the limit and buying gift cards before the victims can catch them. Detective Scott Stephens said, "By the time you find out your account has been compromised, they've already bought these gift cards, flat screen TVs or whatever.""
Major Perth eftpos fraud suspected? - www.watoday.com.au - 10/06/09 - "An investigation is under way into a suspected major eftpos and atm fraud scam in Perth. Police say they have received "substantial information" regarding machines being used to "skim" credit and debit cards of details - including PIN numbers - throughout the metropolitan area."
VeriFone Aligned with Visa Best Practices for End-to-End Encryption - www.businesswire.com - 10/06/09 - "VeriFone Holdings, Inc. (NYSE: PAY), today announced that its VeriShield Protect card payment data protection solution is in compliance with Visa’s best practices for data field encryption, also known as end-to-end encryption, that were published on October 5th. Visa’s announcement reflects growing momentum for implementation of end-to-end encryption as a key payments security layer that can render any intercepted data useless."
Lawsuit: Heartland Knew Data Security Standard was 'Insufficient' - www.bankinfosecurity.com - 10/05/09 - "Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure. This is the contention of a new master complaint filed in the class action suit against Heartland, which in January announced a data breach that is now estimated to be the largest known hack, involving 130 million credit and debt card accounts."
Lawsuits over Heartland data breach folded into one - www.computerworld.com - 10/05/09 - "A lawsuit consolidating 16 separate class-action complaints brought by financial institutions against Heartland Payment Systems Inc. has been filed in U.S. District Court for the Southern District of Texas. The claims stem from the massive data breach disclosed by Princeton, N.J.-based Heartland in January. The complaints allege that the payment processor was negligent in its duty to protect card holder data."
Police search computers of two alleged 'skimmers' - www.wral.com - 10/05/09 - "Raleigh police searched the computers of two men alleged to be involved in "skimming" credit card data from points of purchase and stealing credit card numbers. Mohamad Mustafa Derbas, 23, of 10233 Carter St. in Wake Forest, and Ahmad Hasan Odeh, 23, of 4113 Old Brick Court in Raleigh, are charged with conspiracy to obtain property by false pretense, conspiracy to commit felony larceny and possession of transaction card forgery devices."
Visa Releases Global Data Encryption Best Practices - www.earthtimes.org - 10/05/09 - "Visa Inc. (NYSE: V) today announced global industry best practices for data field encryption, also known as end-to-end encryption. The best practices are designed to further the payment industry's efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption protects card information from the swipe to the acquirer processor with no need for the merchant to process or transmit card data in the "clear.""
Can the phone be a second factor in authenication? - www.scmagazineus.com - 10/05/09 - "There is a high degree of ambiguity among retail organizations regarding how to comply with certain requirements of the Payment Card Industry Data Security Standard (PCI DSS). There are, however, some PCI DSS sections that provide merchants with crystal-clear direction on how to achieve compliance."
PCI Compliance - Why spas, hotels and resorts can no longer ignore it! - www.hotelnewsresource.com - 10/05/09 - "Years ago, a merchant's crime threats were limited to an armed delinquent or a shoplifter. Today you can add the cyber thief to that list. This thief is looking for a more profitable payoff, your customer's/guest's payment card information. He or she is much more savvy and capable of doing more harm to your business than just emptying your hotel's front desk float or spa's cash register."
Poor handling of ATM fraud cases worries customers (Nigeria) - www.234next.com - 10/05/09 - "With the increase in the number of bank customers who have become victims to Automated Teller Machines (ATM) fraud, a legal practitioner has expressed concern over the poor attitude of Nigerian banks in helping the victims to recover their losses. Tochukwu Onyiuke of Punuka Attorneys & Solicitors, told NEXT on Sunday that of the over 700 ATM scam cases he is handling, none of the banks involved has shown genuine interest in rendering assistance to the victims."
Credit Card Skimmer Discovered at Gas Station - www.234next.com - 10/02/09 - "Nevada ranks third in the nation when it comes to people being victimized by identity theft, according to Federal Trade Commission. The problem is so widespread that Las Vegas Police have dedicated an entire unit to investigating the crime. One common way criminals strike is by using technology attached to gas pumps or ATM machines. No one is immune to this type of crime as some patrons of a gas station in Pahrump found out."
Account 'Skimmer' Found On Bel Air ATM - www.wbaltv.com - 10/02/09 - "Police in Bel Air said a device that steals personal information from ATM cards was discovered on a machine at a Bank of America branch on Main Street. Authorities said they believe that type of crime is rare in Bel Air but are concerned because the scheme was so sophisticated that people didn't realize they were victims until it was too late."
Credit Card Skimming Survey: What’s Your Magstripe Worth? - www.wired.com - 10/02/09 - "Ever wonder how much the data on the back of your credit card is worth to a corrupt food service worker? The answer, it turns out, depends on which restaurants you frequent in Florida. For some reason, the Sunshine State is a hotbed of federal prosecutions for “skimming”, in which a retail or service worker with a criminal bent swipes your credit card through a pocket-sized magstripe reader when you’re not looking — capturing your name, card number, expiration date and other information."
3 accused of stealing diners' credit card IDs - www.philly.com - 10/02/09 - "Three Philadelphia men were indicted yesterday on charges of illegally using the credit and debit cards of customers of two city restaurants by recruiting servers and other workers to steal their account information and then using it to create false - but functioning - cards. According to the federal grand jury indictment, the fraud and identity-theft ring targeted other restaurants and businesses in addition to the two named: T.G.I. Friday's, 4000 City Ave., and Ruby Tuesday, 16th and Chestnut Streets."
Voltage, RSA spar over tokenization, data protection - searchsecurity.techtarget.com - 10/02/09 - "Voltage Security Inc. and RSA, the security division of EMC, are exchanging blows over the best way to protect credit card data during the payment process. Both vendors have partnered with different payment processors to develop slightly different methods to protect credit card data from the point a credit card is swiped at the point-of-sale (POS) system until a transaction is complete."
Opinion: Take no chances with card security (Australia) - www.securecomputing.net.au - 10/01/09 - "Time has run out for businesses that handle credit card information. In the past week, merchants were hit with a double-whammy reminder of the risks of slack credit card transaction security. From yesterday, Visa required its merchants not to store sensitive credit card data after an authorised transaction expired."
One in five Australians cloned by ID hackers - www.dailytelegraph.com.au - 10/01/09 - "ONE in five Australians is a victim of credit card fraud or computer hackers. The identity crimes report, which was commissioned by credit company Veda Advantage and conducted by Galaxy Research, found more than 1.5 million people's credit cards had been skimmed and 1.2 million people's bank accounts were illegally accessed. Many more people's mail containing PINs and other information that can be used to create a false identity was stolen."
Bank card skimming device found - www.brantfordexpositor.ca - 10/01/09 - "Police are advising anyone who used a TD Canada Trust ABM terminal on Wednesday to change their PIN number. A debit card skimming device was found inside an ABM machine at a local TD Canada Trust branch. It appears the device had just been installed when found because bank employees regularly check ABM terminals, police said. However, it is not known how many card numbers may have been compromised, police said."
Warning after card skimmer found - news.bbc.co.uk - 10/01/09 - "Police have urged the public to be vigilant when using cash machines after the discovery of a card skimming device in an Aberdeenshire town. The device was found on an Alliance and Leicester ATM in High Street, Turriff."

September 2009

State of the Hack – Latest Financial Attacks - www.fsisac.com - 09/30/09 - "This "straight from the battlefield" presentation will provide case studies that describe in detail the most recent computer security incidents that Mandiant has responded to on behalf of the organizations. Here is a link to the recording of this webinar."
Express Scripts: 700,000 notified after extortion - news.idg.no - 09/30/09 - "Nearly one year after being hacked by computer extortionists, pharmacy benefits management company Express Scripts now says hundreds of thousands of members may have had their information breached because of the incident. Last November, the company reported that someone had threatened to expose millions of customer prescription records, but it has come under criticism for being vague about how many of its customers' records were accessed."
IBM's Encryption Breakthrough for the Web - www.businessweek.com - 09/30/09 - "In the dog days of summer 2008, an intern at IBM Research was sitting in a Manhattan café turning a problem over in his head. Craig Gentry was thinking about cryptography, the science of codes and data protection, tussling with a question that had confounded the world's greatest mathematicians for three decades. Is it possible to run calculations on encrypted data without actually decrypting it?"
Cashless society spawns new breed of thieves - www.bclocalnews.com - 09/30/09 - "An increasingly cashless society has bred a new type of criminal. Storming into an establishment and strong arming people to give up cash has given way to a highly organized network of near invisible criminals who wield impressive technological skills to separate people and institutions from their money. "
The Two Scenarios Coming From The PWC PCI Report - www.storefrontbacktalk.com - 09/30/09 - "At the PCI SSC Community Meeting last week, the biggest highlight was the presentation of a report the group sought from PricewaterhouseCoopers (PWC). The first presentation of the PWC report of PCI Emerging Technologies made it clear that by expanding the technological scope of PCI DSS, companies will be able to reduce the scope of their PCI compliance efforts."
Defending PCI: 'Don't Blame the QSA's' - www.bankinfosecurity.com - 09/30/09 - "Since the announcement of the Heartland data breach in January, the merits of the Payment Card Industry Data Security Standard (PCI DSS) have been questioned, and Bob Russo has led the defense. Russo is general manager of the PCI Security Standards Council, the group responsible for the development, management, education and awareness of the PCI Security Standards."
Inmate hacker locks down jail computers - www.theregister.co.uk - 09/29/09 - "A UK prison computer system was left in lockdown after jail bosses gave a convicted cybercriminal the task of reprogramming it, the Sunday Mirror reports. Douglas Havard, 27, an inmate at Ranby Prison, Nottinghamshire, was asked to take over a project to create an internal TV station using the jail's computer network."
Police Warn About Possible Gas Pump Credit Card Fraud - wake.mync.com - 09/29/09 - "The Raleigh Police Department are warning residents across the Triangle to keep an eye on their credit card bank statements after two men were arrested for allegedly using a scanning device to steal credit card information at area gas stations. Loc Huu Bui and Nghi Huu Bui were arrested and charged with eight to ten counts each of financial card fraud and card theft with a scanning device."
Data Breach Trends: How to Avoid a Hack - www.bankinfosecurity.com - 09/29/09 - "Heartland Payment Systems, Radisson Hotels and Network Solutions have made the big headlines so far this year. But other data threats are out there and continue to evolve, according to Chris Novak, managing principal at Verizon Business Investigative Response Team, which produced this year's 2009 Verizon Business Breach Report."
A New Payments Security Group Plans a Mass Hack Simulation - www.digitaltransactions.net - 09/29/09 - "A payments-industry security group formed earlier this year is going through the rather dry procedures of establishing a charter and electing leaders. But one of its first projects could get pulses beating a little faster: a simulated mass attack on databases containing payment card and demand-deposit account information."
California Data breach notification law SB 20 strikes right balance: Simitian - searchcompliance.techtarget.com - 09/28/09 - "California State Sen. Joe Simitian could be called the father of state data breach notification laws. He received the award for Excellence in the Field of Public Policy at the RSA Conference 2007 in recognition of that -- though he's willing to share the credit. California Senate Bill 1386 is known as the first state data breach notification law, and the one on which most other state laws are based."
PCI DSS Update Could Include Virtualization Security - www.darkreading.com - 09/28/09 - "The PCI Data Security Standard (PCI DSS) is due for an update next year, and the upcoming version of the standard could define securing cardholder data in virtualization environments. The PCI Virtualization Special Interest Group (SIG), made up of auditors, vendors, merchants, banks, and quality security-assessment firms, this week met to hash out a proposal for how to include virtualization technology in PCI."
Effectively Protecting Your Customers' Data - www.businessweek.com - 09/28/09 - "Contact center staff are on the data security front lines. Properly trained they can thwart intrusion. Unfortunately contact centers too frequently have environments that foster data loss and theft. Employees are typically low-paid and have minimal or no benefits, are often poorly supervised, rushed to meet metrics, and face enormous stress. Today's organizations depend and thrive on data for marketing, customer service and staff management, and like anything that is valuable, criminals have been seeking it to commit ID theft, blackmail or other crimes."
Virtualization Next for PCI Standard? - www.bankinfosecurity.com - 09/27/09 - "Linda McGlasson, Managing EditorThe next version of the Payment Card Industry Data Security Standard (PCI DSS), due out some time in 2010, may include guidelines for the use of virtualization technology to protect card data. This was the prediction of some industry leaders meeting at the Payment Card Industry's Security Standards Council community meeting in Las Vegas last week."
Second blow for Bolton as company is banned - www.theage.com.au - 09/26/09 - "NICHOLAS BOLTON faces losing his multi-million dollar internet empire after the Supreme Court of Victoria upheld a decision by the industry regulator, auDA, to ban one of his companies from selling or administering domain names."
Former Congressman Does Not See Federal PCI Legislation Likely - retailpayments.blogspot.com - 09/25/09 - "Tom Davis, former US Congressman currently at Deloitte gave the keynote speech at the PCI SSC community meeting this week in Las Vegas. After some very interesting insights about how presidential job approval impacts congressional elections which is what drives much of Congress, he talked about the current climate on the hill for cyber security initiates, including legislation covering PCI."
Calls for PCI DSS compliance logo - www.securecomputing.net.au - 09/25/09 - "Calls have been made for a compliance logo to be created for Payment Card Industry Data Security Standard (PCI DSS) accredited companies to display. As part of its recommendations to the PCI DSS Council, Imperva called for a compliance logo for consumers, as companies cannot articulate their security efforts to consumers, and consumers are not aware of the compliance status of the retailers they do business with. "
Two held in fake credit cards case - www.timesofindia.com - 09/25/09 - "HYDERABAD: Task Force sleuths on Sunday apprehended two persons in fake credit card case. Mohammed Sarfaraaz, 29, of Somajiguda and Cheemalarri Vinay Krishna, 30, of Ameerpet were apprehended near Kamath Hotel in Secunderabad, while they were waiting for a customer to deliver the cloned credit cards."
'Skimming' puts local debit cards in jeopardy - www.owensoundsuntimes.com - 09/24/09 - "Hundreds of Scotiabank clients in Owen Sound have had their debit cards temporarily restricted by the bank as it investigates a possible security breach involving a "skimming" incident in the area. Skimming, or debit card fraud, is a type of identity theft that occurs when thieves steal the information from the magnetic strips on bank cards and/or user's personal identification numbers (PINs). "
ATM Scamming Thefts On The Rise In The High Desert - www.cbs2.com - 09/24/09 - "Thieves are placing card-scanning devices on the outside of ATMs to skim magnetic strip information from the back of debit cards, which are then used to make fake cards. Officials suspect the scammers are using binoculars or video cameras to capture PIN numbers from unsuspecting bank customers. "
A World Without Payment Cards (and PCI Compliance) - blogs.bankinfosecurity.com - 09/24/09 - "Credit and debit cards are everywhere. I use mine daily, and I suspect many functioning adults in the U.S. and beyond do as well. For me, convenience is a major factor in their use -- instead of carrying around wads of cash, I can carry a single piece of plastic and use it to accomplish the same goal -- buy things. If I lose my wallet or worse, get robbed, I'm out a small piece of plastic instead of actual cash."
Debit-card skimming shocks Fort Erie residents - www.niagarafallsreview.ca - 09/24/09 - "Imagine you are about to go spend some of your hard earned money at the grocery store or at another local retail outlet... but when you get there you realize your entire bank account has been cleaned out. This unfortunate situation was a reality for several local residents this past weekend as about 15 cases were reported to the Niagara Regional Police, saying a transaction was made from their account that they are not responsible for."
First Data and RSA Team Up to Provide Layered Security That Protects Merchant Card Data and Brand Equity - www.businesswire.com - 09/23/09 - "First Data, a global leader in electronic commerce and payment processing services, and RSA, The Security Division of EMC (NYSE:EMC), have teamed up to provide a new service called First Data® Secure Transaction ManagementSM, which is engineered to enable merchants to secure payment card data and remove it from their environment while allowing access when needed."
Voltage Security First to Combine Encryption, Tokenization and Data Masking in Single Platform to Reduce PCI Audit Scope - www.marketwire.com - 09/23/09 - "PCI SSC 2009 Community Meeting -- Voltage Security, Inc. (www.voltage.com), the global leader in end-to-end data protection, today announced it has extended Voltage SecureData™ by adding tokenization and data masking capabilities to the existing encryption functionality, enabling the end-to-end protection of data, such as credit card numbers, in applications and databases."
Ponemon Institute and Imperva Survey Shows Companies Still Struggle to Protect Consumer Credit Card Data - www.imperva.com - 09/23/09 - "Imperva and the Ponemon Institute today announced the findings of a survey (http://www.imperva.com/ld/ponemon.asp) across more than 500 U.S. and multinational IT security practitioners showing that, despite the Payment Card Industry's (PCI) Data Security Standard (DSS), companies still struggle with data security, putting consumers at continued risk for identity theft."
Man given time served for massive ID theft - www.delawareonline.com - 09/23/09 - " One of two men involved in a massive theft of ATM card information -- along with money from those compromised accounts -- was sentenced to time served, or just over two years in prison, on Tuesday in federal court. Artur Grigoryan, 27, a citizen of Armenia who overstayed a student visa, also is expected to be deported back to his native country."
First Data And RSA “Legitimize” Tokenization–Then What? - www.storefrontbacktalk.com - 09/23/09 - "The conventional wisdom is that when large vendors enter a niche market, those vendors “legitimize” that market. But the announcement that First Data and RSA Security are getting into the credit card tokenization business raises many issues beyond them simply “making” the tokenization market. Here is my first take on the implications of this announcement:"
The Yin-Yang Of Tokenization, Vendors Now Splitting Into Two Camps - www.storefrontbacktalk.com - 09/23/09 - "In recent months, an encrypted laundry list of vendors has announced products in the so-called end-to-end encryption space and/or the tokenization arena. But this week added two key announcements into the mix, from Voltage Security and a combo rollout from First Data and RSA Security. The reason they’re key is that, for the first time, two of the largest players are offering true differences, ones that speak more to retail security philosophy than anything else."
Underground hacker forum taken offline - www.securecomputing.net.au - 09/22/09 - "An alleged underground forum used by hackers to sell logins and financial data has been hacked and taken offline. Mikko Hypponen, chief research officer at F-Secure, claimed that the web forum named ‘PakBugs' was an ‘underground' forum where people discussed hacking techniques and sold malware code, bank logins and stolen credit card numbers."
Restaurant card skimmer sentenced - www.washingtonexaminer.com - 09/22/09 - "The leader of a card-skimming conspiracy that stole more than $700,000 from customers of Washington restaurants was sentenced to nearly seven years in prison. Erick V. Burton, 38, of District Heights, was the last member of the conspiracy to be sentenced. Burton conspired to recruit and pay servers at Clyde's, M&S Grill, and 701 Restaurant to "skim" the credit card numbers of paying customers. The servers were paid $20 per card number."
US court rules that bank failed to protect customer against fraud - www.securecomputing.net.au - 09/22/09 - "The banking sector could face a major shake-up after a court in the US ruled that a bank failed to protect a user's account against fraudulent access. In a recent case, a US judge allowed Marsha and Michael Shames-Yeakel to bring a case against Citizens Financial Bank, who alleged that the bank failed to implement state-of-the-art security technology, as they were the victims of fraud perpetrated through their online bank account to the tune of $US26,500."
Heartland CEO: More Card Encryption Needed - www.computerworld.com - 09/21/09 - "The top executive at Heartland Payment Systems Inc. last week called on credit card vendors, payment processors and retailers to embrace an encryption standard that would protect credit and debit card numbers. Robert Carr, Heartland's chairman and CEO, told the U.S. Senate Homeland Security and Governmental Affairs Committee that industry guidelines today don't require encryption of credit card numbers during transit between retailers, payment processors and card issuers."
The Next PCI - www.digitaltransactions.net - 09/21/09 - "With compliant merchants and processors sustaining breaches, the card-data security standard is about to undergo its next revision with a long list of technologies to sort out. Meanwhile, merchants are feeling left out. When the major card brands introduced the Payment Card Industry data-security standard (PCI DSS) in January 2005, they hoped it would prove an effective weapon against database breaches."
Come together, right now, over...security - news.zdnet.com - 09/21/09 - "Data breaches make major headlines. There’s no two ways about it. The more mundane business of keeping those headlines to a minimum, with the day-to-day efforts of the industry to keep customer’s payment data safe, is not the stuff of front page news. For those efforts to be successful, a cross section of industries must collaborate and share their latest ideas and experience of what’s going on in the front lines of payment card data protection."
PD Arrest Alleged Credit Card 'Skimmer' - www.myfoxphoenix.com - 09/18/09 - "A 20-year-old man has been arrested for skimming credit card data off of debit cards, then using that to rob innocent victims. Police say that Vadym Ganzha, 20, was going to ATMs in the valley and stealing money from people's accounts, using a "skimming" device."
Real-Time Hackers Foil Two-Factor Security - www.technologyreview.com - 09/18/09 - "In mid-July, an account manager at Ferma, a construction firm in Mountain View, CA, logged in to the company's bank account to pay bills, using a one-time password to make the transactions more secure. Yet the manager's computer had a hitchhiker. A forensic analysis performed later would reveal that an earlier visit to another website had allowed a malicious program to invade his computer."
The Great Trust Offensive - www.businessweek.com - 09/17/09 - "'The spark began where it always begins, at a restaurant downtown, in a shop on Main Street,' intones a narrator as the camera lingers in a restaurant, bakery, and bike factory. 'Entrepreneurs like these are the most powerful force in the economy. As we look to the future, they'll be there ahead of us.'"
PD Arrest Alleged Credit Card 'Skimmer' - www.myfoxphoenix.com - 09/16/09 - " A 20-year-old man has been arrested for skimming credit card data off of debit cards, then using that to rob innocent victims. Police say that Vadym Ganzha, 20, was going to ATMs in the valley and stealing money from people's accounts, using a "skimming" device. It copies the information from the magnetic strip on the back of your bank card."
PCI, Remote Capture Get a Wary Eye Among Some Health-Care Officials - www.digitaltransactions.net - 09/16/09 - "Retailers have complained the loudest about the cost of complying with the Payment Card Industry data-security standard, or PCI, but comments Tuesday at a health-care payments conference indicate that medical providers also incur considerable expense to secure their card-accepting payment systems."
When Hit With A Major Data Breach, Retailers Should Use The Buddy System - www.storefrontbacktalk.com - 09/16/09 - "There’s a very old joke that when swimmers are about to go into shark-infested waters, they should always swim with a buddy. If a shark attacks, feed him your buddy. Retailers today, swimming in cyberthief-invested wireless zones, are discovering a similar guideline plays out when there is an attack against a large number of retailers, such as what happened with TJX, Hannaford, 7-Eleven and others in the Gonzalez cases."
Contact centre fraudsters could be responsible for credit card crime wave - www.callcentrehelper.com - 09/16/09 - "Customer fraud is being fuelled by organisations that pride themselves on their online security but are leaving their contact centres wide open to potential fraudsters, according to one industry expert."
Heartland spends $32 million during first half on breach-related activities - www.internetretailer.com - 09/16/09 - "Heartland Payment Systems Inc. spent about $32 million in the first six months of this year on forensics, legal work and other activities related to the December 2007 database breach that resulted in the theft of millions of credit and debit card numbers, CEO Robert Carr told the U.S. Senate Committee on Homeland Security and Government affairs this week."
New Report: Cyber Attacks Exploit 2 Vulnerabilities - www.bankinfosecurity.com - 09/15/09 - "More than half of current cyber attacks against businesses and government agencies are focused on two common vulnerabilities. This is the main finding of "The Top Cyber Security Risks," a new report based on data from actual attacks against organizations. The report, compiled by security vendors TippingPoint and Qualys, as well as the Internet Storm Center and SANS Institute, finds that client-side software and Internet-facing websites are organizations' greatest - and most overlooked - cyber risks."
VeriFone Announces Global Security Solutions Business - www.reuters.com - 09/15/09 - "VeriFone Holdings, Inc. (NYSE: PAY) today announced today the formation of its Global Security Solutions Business Unit, focused on delivering innovative security solutions, including VeriShield Protect end-to-end encryption, to protect cardholder data throughout merchant and processor systems."
Senate plots cybercrime counterattack - www.federalnewsradio.com - 09/15/09 - "By all accounts, say the experts, cyber crime costs the world's economy more than a trillion dollars in losses - $8 billion of that right here in the United States alone. And, that, says Senator Joseph Liberman (ID-Conn.), chairman of the Senate Homeland Security and Governmental Affairs Committee, makes it vital that steps be taken to combat cyber crime."
2 Arrested In Credit Card 'Skimming' Scheme - www.wftv.com - 09/15/09 - "Two men were arrested Tuesday for allegedly stealing credit card numbers from customers at restaurants and fast food chains. Florida Law Enforcement investigators say Matthew Adoo and Lee Rivera skimmed credit cards to buy fancy clothes and shoes. The accused mastermind, Brandan Tristan, however, is still on the run. Hugh and Nancy Stott know all about how skimming credit cards works."
Lieberman to draft cyber bill - www.thehill.com - 09/14/09 - "Sen. Joe Lieberman (I-Conn.) plans to push legislation this year that would bolster the government against cyber attacks and may require private companies to meet new security standards."
California Leads the Nation in Breach Disclosures - blogs.channelinsider.com - 09/14/09 - "Sitting on Gov. Arnold Schwarzenegger's desk is a bill that will make California's data breach disclosure requirements the most stringent in the nation. The bill, approved by the state assembly last week, will require any company operating in California or holding data on California residents to provide guidance to affected individuals on how to guard their identities and remediate identity theft in the wake of a breach of unencrypted data."
After Gonzalez Plea, Feds Say BJ’s, OfficeMax Had More Critical Role - www.storefrontbacktalk.com - 09/14/09 - "When Albert Gonzalez officially pleaded guilty to many of the federal cyberthief charges against him on Friday (Sept. 11), the government shed a little more light on the case, such as that it was BJ’s Wholesale Club that was first attacked and that the Secret Service has collected “more than forty million distinct credit and debit card numbers from two computer servers” controlled by Gonzalez and his associates and has counted the consumer, retail and bank victims as “an enormous number of people, certainly millions upon millions, perhaps tens of millions.” "
New Report: Cyber Attacks Exploit 2 Vulnerabilities - www.bankinfosecurity.com - 09/14/09 - "More than half of current cyber attacks against businesses and government agencies are focused on two common vulnerabilities. This is the main finding of "The Top Cyber Security Risks," a new report based on data from actual attacks against organizations."
Heartland CEO: Credit Card Encryption Needed - www.pcworld.com - 09/14/09 - "Credit card transactions in the U.S. are often not encrypted, and credit card vendors, payment processors and retailers need to embrace an encryption standard to protect credit card numbers, the CEO of a breached payment processor said Monday."
Don’t Hire a QSA by Seeking the Lowest Bid, Warns Heartland’s Carr - www.digitaltransactions.net - 09/13/09 - "Among lessons learned by Heartland Payment Systems Inc. after the massive data breach at the merchant acquirer last year: Don’t necessarily hire the qualified security assessor (QSA) offering the lowest bid, says Robert O. Carr, chairman and CEO. Processors and merchants need to hire QSAs in the same way they hire financial auditors, Carr said during a webinar on Thursday sponsored by Debix."
London-based East European gang used Barclays bank cards in £300,000 French cash point scam - www.dailymail.co.uk - 09/13/09 - "Dozens of London-based Slovakians have been arrested in northern France after using Barclays bank cards to fraudulently withdraw more than £300,000 in cash. The astonishing scam saw up to 50 of the eastern Europeans arrive in Calais early last Friday morning before emptying cash points across the region. Armed police made 34 arrests, but not before many had fled with bags of money which remain unaccounted for."
Hackers breach Warrick Co. bank accounts - www.14wfie.com - 09/12/09 - "Cyber thieves have recently hacked their way into dozens of online bank accounts in Warrick County. Investigators said that it happened to customers of People's Saving and Trust Bank in Boonville. The breach is not being done inside the bank itself, but rather to the company that services their customer's debit cards. It's been happening since the first of the month. The bank has narrowed it down to 38 accounts, and victims have been coming forward all week."
NAIT student get two years for forgery - www.edmontonsun.com - 09/11/09 - "An Edmonton man had his dreams of continuing his NAIT business studies dashed today as he was sentenced to two years in prison for credit card forgery. Inderjeet Singh Sagoo, 24, had been hoping to get a conditional sentence to be served in the community so he could return to school, but the judge rejected the defence pitch."
End-to-End Encryption: The PCI Security Holy Grail - www.computerworld.com - 09/10/09 - "One of the fascinating things to do when in New York City is to visit the Federal Reserve gold vault. The vault lies 86 feet below sea level, resting on Manhattan bedrock, and holds approximately 5,000 metric tons of gold bullion. The Federal Reserve Bank does not own the gold but serves as guardian of the precious metal, which it protects at no charge as a gesture of goodwill to other nations. Obviously, the security measures to protect hundreds of billions of dollars of gold are intense."
Rising Costs And a PCI Upgrade Drive Gas Sellers to Reconsider PIN Debit - www.digitaltransactions.net - 09/10/09 - "Rising processing costs and Visa Inc.’s mandate that point-of-sale terminals be upgraded to do Triple-DES encryption for PIN-based debit transactions are prompting gas sellers to rethink PIN debit acceptance. Fuel sellers are talking about dropping PIN debit because of the hike in cost for authorization, says Branden Williams, director of PCI compliance for Verisign. “There’s no cost advantage any more or the cost advantage is smaller,” he says."
PCI Report Poses a Quandary: Where Did 1 Million Merchants Go? - www.digitaltransactions.net - 09/10/09 - "The biggest merchants are moving toward 100% compliance with the Payment Card Industry data-security standard, or PCI, but compliance among small card acceptors remains much lower, according to second-quarter statistics from Visa Inc. None of that is a surprise given PCI compliance trends in recent years. But just how far small merchants lag large ones in meeting their PCI obligations is a matter of debate, as is the actual number of low volume, card-accepting merchants."
Is PCI DSS a Safe Investment? - www.banktech.com - 09/10/09 - "Should merchants continue to invest in Payment Card Industry Data Security Standards (PCI DSS) in a down economy? Yes. The losses—not just in fines and litigation, but also reputational damage—associated with the consequences of a data breach are astronomical when compared with the annual burden of maintaining compliance. PCI is an excellent baseline for cardholder security, but should PCI be made law?"
Updated VISA TDES Program Frequently Asked Questions - usa.visa.com - 09/10/09 - "Visa USA has released an updated version of their Frequently Asked Questions PDF document for their Triple DES PIN Security Program."
Identity theft warning: possible credit card skimmer at Atascadero gas station - www.ksby.com - 09/10/09 - "The Atascadero Police Department says a "skimmer," or illegal credit card reading device, may have been installed in a gas station pump in the city. Police responded to a report of vandalism at the Tesoro Gas Station in the 6300 block of Morro Road on August 31. A pump had automatically shut down the previous day, and a repair technician discovered that internal wiring had been unplugged, causing the pump to fail."
Card Skimmer Suspected In Gas Station Vandalism - www.myfox11.com - 09/10/09 - "A local gas station believes a card skimmer may have been used on one of their gas pumps. On August 30st, the Tesoro Gas Station at 6305 Morro Road in Atascadero noticed that one of their pumps was not working. They called out a technician who found that internal wiring had been unplugged from the pump causing it to fail. Upon further inspection, the technician believes that a card skimmer may have been removed causing the pump to fail."
Man Sentenced in Card Skimming - www.wsbradio.com - 09/10/09 - "A federal judge has sentenced a 29-year-old Bulgarian to more than four years in prison for conspiring to steal bank debit card numbers and passwords with a skimming device. U.S. District Judge Willis B. Hunt Jr. sentenced Yordan Kavaklov on Thursday. Acting U.S. Attorney Sally Quillian Yates said that at the time of their arrest, Kavaklov and his co-defendant had 80 gift cards that had been altered to include customer account information and were using them to drain the customers' accounts."
Visa Data Security Alert: SQL Injection Attacks - usa.visa.com - 09/08/09 - "Recent data security breaches continue to show the prevalence of Structured Query Language (SQL) injection attacks on e-commerce Web sites, corporate Web sites and Web-based applications that manage card accounts (e.g., PIN updates, monetary additions, account holder updates). These attacks also showed how the lack of segmentation between the corporate websites and the payment systems pose serious additional risks to card data stored or transmitted within systems (e.g., Microsoft and UNIX-based) and networks connected to the affected environment."
TJX Settlement. More Proof That Security Investment Is Really Hard To Justify - www.storefrontbacktalk.com - 09/07/09 - "Not that it was needed, but more proof materialized this month that substantial security investments are really hard to justify. TJX announced Sept. 2 what will likely be the last of the settlements of class action lawsuits against it from the data breach of its systems that began in 2005 and which impacted more than 100 million payment cards."
Heartbreak over Heartland: Why Prosecution for Data Breaches Isn't Enough - writ.news.findlaw.com - 09/04/09 - "Debit card users often feel safe because their cards are PIN-protected. But recent events show that, like credit cards, debit cards can be compromised, when the databases of large retail merchants or card processors are hacked. In late August, the U.S. Department of Justice issued indictments in what is, to date, the largest data breach in the United States – with over 130 million credit and debit card numbers compromised."
HarborOne Recoups at Least Some of its Losses From TJX - www.cutimes.com - 09/03/09 - "The $1.8 billion HarborOne Credit Union has received at least a partial settlement from the TJX Company over the damages it suffered during that firm's 2007 card security breach. At the time, January 2007, the TJX breach was the biggest card data breach ever seen, compromising roughly 45 million credit and debit card numbers. Since then it has been surpassed by a similar breach at Heartland Payment Systems that the government alleged involved the same hacker."
One Swipe Could Cost You $$$$$ - www.krdo.com - 09/03/09 - "You probably will use your credit or debit card today at a business you trust, but what about the employee swiping it? Colorado Springs Police detectives say credit card skimming is on the rise in southern Colorado and you could be the next victim and not know it until you get your bill."
3 convicted in ID theft ring targeting Taco Bell, gym patrons - www.gazette.com - 09/03/09 - "Three people from Colorado Springs have been convicted in a string of 49 financial crimes along the Front Range. In a credit card and identity theft scam going back several months, the group used an electronic device known as a credit card skimmer to steal credit card numbers from patrons of a local Taco Bell and members of gyms in Woodland Park, Broomfield, Lakewood, Canon City and Pueblo."
New PCI data security rules coming in 2010 and threats of fines loom over web retailers - www.internetretailer.com - 09/02/09 - "Mark Wilson thinks it`s important to guard his customers` credit card numbers. But without an information technology specialist at his small online retail business, Night-Gear Inc., he had about given up on achieving compliance with the PCI security standards designed to protect cardholder data. After months of notices from a security service that his site did not meet the requirements of the Payment Card Industry Data Security Standard—notices he struggled to comprehend—Wilson was prepared to go on paying the small monthly fines his processor assesses non-compliant merchants."
Local detective earns high praise for police work - www.oshawaexpress.com - 09/02/09 - "He was a leading member in the team responsible for shutting down an organized crime syndicate’s multi-million dollar card skimming operation. And now the hard work is paying off. Durham Region Detective Jeff Caplan was one of two Canadian officers who were recently recognized with a Canadian Banks’ Law Enforcement Award (CBLEA) in Charlottetown, Prince Edward Island at the annual Canadian Association of Chiefs of Police Conference."
University announces credit card breach - www.consumerloanwire.com - 09/02/09 - "Unversity of Vermont recently discovered that the security of up to 242 university-funded credit cards has been compromised. Ann Naylor of UVM Procurement services said in a statement that UVM is unaware of how the breach occured. UVM discovered the issue when they were notified by their bank."
Park Ridge ATMs add to $700 million in annual losses to fraud - www.chicagotribune.com - 09/02/09 - "The FBI and the banking industry are advising people to be vigilant when using ATMs after a recent "card skimming" scam at a Park Ridge bank in which thieves attached an electronic device to an ATM in order to loot accounts. The card skimming has been a problem for years, but thieves appear to be getting bolder, said Chicago FBI special agent Ross Rice. "It's not specific to any bank or ATM machines," he said."
Five More Accused in Credit Card Fraud Investigation - www.ecommerce-guide.com - 09/02/09 - "The five men operated thousands of miles from Manhattan, under aliases like “the Viver,” “Inexwor” and “DoZ.” And with their true identities obscured on the Web, Manhattan prosecutors said, these men were able to play intimate roles in a cybertheft that resulted in more than 95,000 stolen credit card numbers and $4 million worth of fraudulent transactions."
PCI Security: Small E-tailers Face Large Fines if Hacked - www.nytimes.com - 09/01/09 - "Many small online merchants don’t understand much about the powerful technology behind their e-commerce store or how vulnerable this technology is to being hacked. We rarely read about a small merchant's computer system being broken into, because the large ones are so much more spectacular. But some security experts now say it's not a question of if you will be hacked, it's when."
Debit-card reader stolen from Polo Park store - www.winnipegfreepress.com - 09/01/09 - "Police are on the hunt for a pair of men suspected of stealing a debit-card reader from a Polo Park Shopping Centre retailer. While in the store last Friday morning, one of the men distracted an employee in conversation while the second disconnected and stole the store’s debit PIN pad, replacing it with an inoperable PIN pad, police said."
Extra Steps to Keep Customers' Credit-Card Data Safe and Secure - www.rimag.com - 09/01/09 - "Bertucci’s, the Northborough, Mass.-based Italian casual-dining chain, has never had a credit-card security breach. If Kevin Quinlan has his way, it never will. Quinlan has equipped Bertucci’s corporate and store-level computers with file-locking software that prevents employees from downloading iTunes, burning CDs and surfing the Internet on company computers."
Heartland Payment Systems End to End Encryption - www.americanbanker.com - 09/09 - "Heartland Payment System's E3, an end-to-(almost) end encryption process, has the greatest potential of any new product to impact the security of America's financial system in the coming year. And by bringing it to market just about seven months after the company announced the discovery of its massive data breach, Heartland wins kudos for reacting expeditiously to both save the company and set a standard for the rest of the industry to follow."
Q&A: PCI Compliance: There’s No Getting Around It - www.bsminfo.com - 09/09 - "What is the most important trend in card processing that VARs should be aware of? Jeff Wakefield, VP of marketing, VeriFone: While VARs and dealers generally understand PCI programs and requirements, their customers most often do not."