VeriFone Secure Retail Payments

Payment Security Web Portal Brought to You by VeriFone

News

These are the most recent news articles we have collected. For our archived news collection, please click here.

March 2010

Visa Europe releases industry’s first guidelines on data field encryption specification – www.visapromotions.net – 3/8/10 – “Visa Europe, Europe’s leading payment system, today launched the industry’s first guidance for data field encryption solutions by providing the minimum security practices needed to help support Payment Card Industry Data Security Standard (DSS) compliance.”
Top 10 hot topics at RSA 2010– www.securecomputing.net.au – 3/8/10 – “All in all it's been a fascinating show. The quality of keynote speakers was very high, with only a few boring rants, and people have been both knowledgeable and willing to share.”
Cops have image of Goshen ATM suspect – www.recordonline.com – 3/6/10 – “A bank surveillance camera captured the image of a suspected thief attaching an electronic "skimming" device to a Bank of America automatic teller machine at 54 West Main St., village police said Friday.”
PCI Compliance Deadline Fast Approaching for Merchants – www.americanbanker.com – 3/6/10 – “Merchants need to better protect consumer card data - and fast. But with a summer deadline looming to comply with card industry security standards, the work to get them up to speed is going to be taxing on smaller banks and merchant acquirers.”
Hancock acknowledges security breach– www.tradingmarkets.com – 3/6/10 – “Craft and fabric retailer Hancock Fabrics on Friday said PIN pads in some of its stores were stolen last fall and replaced with fraudulent pads, which could have led to identity theft for some of its customers.”
WEBINAR: Card Fraud in the United States: The Case for Encryption – www.aitegroup.com – 3/6/10 – “Join Aite Group senior analyst Nick Holland as he provides directional guidance on the most effective forms of card fraud management in the United States today. Based on recent Aite Group research, this webinar will examine the current U.S. card fraud landscape and present available fraud prevention solutions.”
Banks step up card security – www.straitstimes.com – 3/5/10 – “Singapore banks are rolling out a slew of measures to make card payment transactions more secure.”
Alleged card skimmer faces court – www.securecomputing.net.au – 3/5/10 – “A 36-year-old Romanian national has been extradited from Queensland to Sydney on ATM-skimming charges - the second such extradition from the state in as many months.”
Massachusetts High Court Rejects CUs’ Appeal In BJ Wholesale Card Breach – www.paymentssource.com
– 3/5/10 – “The state Supreme Court upheld a lower court ruling dismissing a suit by CUMIS Insurance Society and 130 credit unions claiming they were owed recompense in the 2004 credit card breach at BJ Wholesale Club.”
ISOs Said To Gain Knowledge From Large Merchants’ PCI Compliance Tribulations – www.paymentssource.com – 3/5/10 – “A recent study that focuses on Payment Card Industry Data Security Standard compliance among large merchants also is helpful for educating independent sales organizations and the smaller merchants with which they typically work, observers note.”
Area Dining Establishments Informed of Possible Data Security Breach – www.prnewswire.com – 3/5/10 – “Officials of The Westin Bonaventure Hotel & Suites which is independently owned by Today's IV, Inc. and operated by Interstate Hotels & Resorts, Inc. under a license issued by Westin Hotel Management, L.P. announced that the hotel's four restaurants—Lake View Bistro, Lobby Court Bar, Bonavista Lounge, L.A. Prime—and its valet parking operations may have suffered a data security breach between April 2009 and December 2009.”
Argos buries unencrypted credit card data in email receipts – www.theregister.co.uk – 3/5/10 – “Catalogue firm Argos has been criticised for an email security breach that exposed customers’ credit card details and CCV security numbers.”
Three men steal bank card information from customers – www.croatiantimes.com – 3/5/10 – “Police have arrested a director, a waiter and their accessory at a Zagreb city centre restaurant for stealing data from guests’ credit cards and using them.”
Florin Necula, Accused ATM Scammer, Swallows Flash Drive To Destroy Evidence – www.huffingtonpost.com – 3/4/10 – “While in custody of the Secret Service, Florin Necula, accused of scamming ATM machines, reportedly swallowed a flash drive in what seems to have been a desperate bid to hide incriminating evidence.”
At RSA Conference, experts dismiss end-to-end encryption claims – searchsecurity.techtarget.com
– 3/4/10 – “Fresh off of announcing a massive data breach at his company in 2009, Bob Carr, CEO of Heartland Payment Systems Inc., said the payment processing giant would convince the industry to make fundamental changes in the way it protects credit card data.”
Heartland Aftershocks: Still at Risk? – www.bankinfosecurity.com – 3/4/10 – “Earlier this week, First National Bank of Durango, CO came forward to reveal that as many as 5,000 of its customers were at risk because of new fraudulent transactions tied to the Heartland Payment Systems data breach.”
Survey says 89 per cent of firms not compliant with PCI-DSS – www.computing.co.uk – 3/4/10 – “A UK-specific survey of 100 retail, financial and hospitality firms has found that only 11 per cent are certified as compliant with new credit card standards to be brought in during June.”
Global computer hacking ring busted – www.straitstimes.com – 3/4/10 – “mm Spanish police have arrested three men and smashed a massive computer network that infected 13 million PCs with a virus that stole credit card numbers and other data.
Security Breach Notification Laws Reinforce Need for Cyber Insurance – www.insurancejournal.com – 3/4/10 – “With more than 40 states now enforcing privacy and security breach notification laws, underwriters are working hard to scoop up the business this niche creates, while also tweaking their policy forms to provide the broadest and most comprehensive coverage.”
NY man faces federal fraud charges after incident at Columbia airport – www.wistv.com – 3/3/10 – “A New York man faces federal fraud charges after trying to fly out of Columbia Metropolitan Airport using a stolen credit card, according to officials.”
INTERAC(R) Reminds Canadians to Practice Debit Card Safety During Fraud Prevention Month – www.newswire.ca – 3/3/10 – “March is Fraud Prevention Month and Interac Association, Canada's leading payment network, is reminding Canadians to continue to practice debit card safety routinely, even if they have a chip debit card.”
All N.B. banks hit by latest scam: official – telegraphjournal.canadaeast.com – 3/3/10 – “It's unclear how many people have fallen victim to a debit card scam, but banks have spent much of the week contacting card holders across the province.”
Security is weak in the cloud: RSA President – www.securecomputing.net.au – 3/3/10 – “Service providers need to demonstrate their ability to effectively enforce policy, prove compliance and manage multi-tenancy environments, so enterprises can outsource infrastructure to the cloud, Art Coviello, president of RSA, said during his keynote address at the RSA Conference in San Francisco overnight.”
Two charged in regional gas station credit-card scheme – www.contracostatimes.com – 3/3/10 – “Two men have been charged with rigging gas pumps to steal motorists' credit-card information in a scheme that police believe extends throughout Northern California.”
Skimming Concerns? Here’s What You Need to Know – www.nacsonline.com – 3/3/10 – “A number of news reports over the past month have focused on the topic of credit card skimming. NACS payments consultant Gray Taylor separates fact from fiction, and provide tips for what retailers and consumers can do to minimize the likelihood they are a target.”
Over 50% of apps vulnerable to security breaches – www.securecomputing.net.au – 3/3/10 – “More than half of internally developed, open source, outsourced and commercial applications are vulnerable to security breaches.”
Protecting Cardholder Data - End-to-End Encryption and Tokenization – register.webcastgroup.com – 3/3/10 – “Event Date: Thursday, March 18, 2010 @ 1:00 PM ET / 10:00 AM PT. Join us for what promises to be a highly informative and in-depth discussion of tokenization and end-to-end encryption. ”
Should Retailers Use PCI Training To Enhance—Or Replace—Their QSA? – www.storefrontbacktalk.com – 3/2/10 – “Details of the PCI Council’s new “Merchant QSA” training program will be finalized in a few months, but it’s unclear how retailers will use it.”
FTC To ControlScan: Your Web Site Security Seals Are Lies – storefrontbacktalk.com – 3/2/10 – “The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest firms issuing “Verified Secure Breach Protection” seals doesn’t really verify much at all.”
Contactless payment card limit raised to £15 – news.bbc.co.uk – 3/2/10 – “UK credit or debit cardholders can now spend up to £15 without offering a Pin number or a signature after the payment limit was raised for contactless cards.”
Woodside’s ATM Skimmers – sunnysidepost.com – 3/2/10 – “Three individuals with ties to Eastern Europe have been charged with putting “skimmer” devices on a Woodside bank’s ATMs last week in order to steal the account numbers and other personal information from customers’ credit/debit cards used at the machines.”
Data Breaches Revealed At Local Hospitals – www.thebostonchannel.com – 3/2/10 – “The U.S. Department of Health and Human Services has begun posting details about data breaches at doctor's offices, hospitals, health plans and other organizations subject to medical privacy laws.”
Debit cards | People urged to take steps to protect their PINs in wake of case where locals have reported illegal transactions – dailygleaner.canadaeast.com – 3/2/10 – “The Oromocto RCMP is investigating a string of debit card frauds that have affected customers in the Fredericton region.”
Trio Charged With Enabling ATM Skimmers – www.northcountrygazette.org – 3/2/10 – “Three individuals with ties to Eastern Europe have been charged with putting “skimmer” devices on a Woodside bank’s ATMs last week in order to steal the account numbers and other personal information from customers’ credit/debit cards used at the machines.”
What's Ahead For PCI? – www.americanbanker.com – 3/2/10 – “In the last several years, awareness of issues around payment card security and PCI standards has grown exponentially.”
Protegrity Creates a New Ground Breaking Scalable Tokenization Solution – www.marketwire.com – 3/2/10 – “Protegrity USA, Inc., an innovative leader in providing Data Security Management Solutions, today announced a ground-breaking tokenization enhancement to the upcoming release of the Protegrity Data Protection System (DPS) 5.2, the newest version of the Protegrity award-winning comprehensive data protection platform.”
Average Annual Cost of PCI Compliance Audit? $225,000 – www.nacsonline.com – 3/2/10 – “A new study reveals that merchants who undergo network audits to ensure PCI DSS compliance pay an average of $225,000 each year, with two percent of those failing the audits, Network World reports.”
Cybercriminals still consider hotels easy targets for credit card info – content.usatoday.com – 3/2/10 – “Are you more vulnerable to credit card theft if you stay in a hotel? No need to get paranoid, but it is a valid question, since online security firm Trustwave Spiderlabs consider hotels hackers' No. 1 target.”
Could a Cyberattack Hit Stocks You Own? – www.smartmoney.com – 3/2/10 – “Last week, Intel revealed in an SEC filing that its networks had been the cyber victim of “sophisticated attacks,” turning the chip maker into the latest casualty of computer hacking.”
How VARs (and ISVs) Can Navigate the World of Payment Processing – www.verticalsystemsreseller.com – 3/2/10 – “n recent years, savvy, forward-thinking VARs have begun to venture out of their comfort zone by tapping a variety of vertical niches.”
BPD eyes suspects in skimmer case – beniciaherald.wordpress.com – 3/2/10 – “Benicia Police Department investigators are working with the Martinez Police Department to see if Benicia residents are among the thousands bilked in a multi-state identity theft scheme that may have been solved with the arrest Friday of two Los Angeles County men, Lt. Mike Daley said Monday.”
Accused denies knowing accomplice – www.dailynews.co.za – 3/1/10 – “One of two men facing 34 counts of fraud involving cloned and stolen credit cards denied knowing his accomplice during their trial in the Bellville Specialised Commercial Crime Court on Tuesday."
According to RILA Survey: Protecting Customer Data is a Top Priority for Retailers – www.rila.org – 3/1/10 – “ccording to a report released today by the Retail Industry Leaders Association (RILA) in partnership with Retail Systems Research (RSR), more than ever before retailers are viewing the issues of privacy and security as strategic imperatives within their organizations.”
Thales and Ponemon Institute PCI DSS survey reveals that encryption is the most effective means for end-to-end protection – www.realwire.com – 3/1/10 – “Thales, leader in information systems and communications security, announces the industry’s first ever look into Qualified Security Assessors’ (QSAs) preferences, recommendations and costs.”
First Data Extends Payment Card Security Trial to Hundreds of Merchants – www.businesswire.com – 3/1/10 – “First Data Corporation, a global leader in electronic commerce and payment processing, today announced the expansion of a merchant pilot of the First Data® TransArmorSM solution.”
WHAS11 Investigation: ATM scam steals $1B per year with skimmers – www.whas11.com – 3/1/10 – “We use them all the time and most of us consider ATMs to be safe. But everyday hundreds of thousands of dollars are stolen from people and their personal information taken seconds after they swipe their cards.”
Wyndham computers hacked into again for credit card names, numbers – content.usatoday.com – 3/1/10 – “mm Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing customer's credit card information, according to an IDG New Service article on CIO.com.”
Why trust a hotel chain that’s had three data breaches in a year? – www www.networkworld.com 3/1/10 – “Never mind three strikes and you're out. How about three strikes and I'm not even thinking about checking in to your hotel?”
Digital Thieves Dominate Data Breaches – www.pcworld.com – 3/1/10 – “For the first time, hackers have become the biggest cause behind publicly reported data breaches, according to a recent report.”
Verizon shares framework to gather, analyze security incident data – www.computerworld.com – 3/1/10 – “The idea behind the Verizon Business incident-sharing metrics framework, which underpins the company's highly regarded data breach investigation reports, is that those who do not learn from security incidents are doomed to repeat them.”

February 2010

Man finds card skimmer at ATM – www.abc.net.au – 2/27/10 – “The Major Fraud Squad is investigating the discovery of an ATM card skimming device in the Perth northern suburb of Innaloo.”
Alleged thief was arrested in 2008 in Nevada -- claycord.blogspot.com – 2/27/10 – “One of the two men Martinez Police arrested yesterday for gas pump skimming and identity theft has been arrested before in Las Vegas for credit card fraud and identity crimes.”
Curious cops bust Durham-wide fraud scheme – www.newsdurhamregion.com – 2/26/10 – “Police seize thousands of dollars worth of goods from trio of suspects.”
Mass. Privacy Law: Are You Compliant? – www.bankinfosecurity.com – 2/26/10 – “Monday, March 1, was the deadline for entities doing business in Massachusetts to comply with a tough new state law designed to safeguard residents' personal information.”
Skimming device seized at shopping centre – www.securecomputing.net.au – 2/26/10 – “Police seized an ATM card skimming device in Sydney's inner west yesterday following a tip-off from a security guard.”
Card skimmer found at bank ATM – www.watoday.com.au – 2/26/10 – “A card skimming device was seized from a Commonwealth Bank ATM in Scarborough last night.”
Suspicious activity leads to arrest on credit card fraud charges – www.strausnews.com – 2/26/10 – “This police story started on Tuesday, Feb. 16, at the Radio Shack store in Monroe and ended with a 21-year-old Queens man in Orange County Jail in Goshen.”
Wyndham Hotels Hacked Again – www.pcworld.com – 2/26/10 – “Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data.”
Ottawa Regional warns patients of security breach – mywebtimes.com – 2/26/10 – “Ottawa Regional Hospital patients who have paid their bill online were notified this week their credit card and checking account information may have been put at risk.”
Martinez police arrest two in credit card skimming operation – www.contracostatimes.com – 2/26/10 – “Police arrested two men from Armenia on Friday suspected of running a sophisticated credit card skimming operation that may have cost Bay Area motorists hundreds of thousands of dollars.”
Why intrusion prevention systems fail to protect web applications – www.scmagazineus.com – 2/26/10 – “here is overwhelming evidence in reports such as the SANS Top Cyber Security Risks and the Verizon Data Breach Investigation Report that web applications are the Achilles' heel of most networks and criminals know it.”
Five Security Missteps Made in the Name of Compliance – www.csoonline.com – 2/26/10 – “In the hurry to meet a regulatory compliance deadline, companies risk making some costly security mistakes. Here are five examples.”
Large-scale credit card data robbery in Helsinki - www.helsinkitimes.fi - 2/25/10 - "The data from as many as 100,000 credit cards were endangered by a security breach, the financial paper Kauppalehti reports."
The Cost Of A Breach, Heartland Style: At Least $129 Million; Might Be $229 Million - www.storefrontbacktalk.com - 2/24/10 - "In its latest financial report, Heartland Payment Systems reported that it dropped $129 million on data breach costs last year (an incident that briefly placed Heartland on Visa' Bad Boy Breach List)."
Missed A Vulnerability Scan? The PCI Council Just Threw You A Lifeline - www.storefrontbacktalk.com - 2/24/10 - "The PCI Council may have thrown a compliance lifeline to retailers that are missing a required quarterly external vulnerability scan."
U.S. v. HARRIS - www.leagle.com - 2/24/10 - "Defendant-Appellant Andrea Renee Harris (Harris) pleaded guilty to one count of bank fraud, in violation of 18 U.S.C. § 1344, on March 18, 2008, and was sentenced in November 2008. On July 15, 2008, in an unrelated case, Defendant-Appellant DeMarquis LaDelle Williams (Williams) pleaded guilty to one count of conspiracy to traffic in or use unauthorized access devices, in violation 18 U.S.C. §§ 371 and 1029(a)(2), and was sentenced on December 3, 2008."
Secret Service Investigating Debit-Only Breach Of An Alabama Dairy Queen - www.storefrontbacktalk.com - 2/24/10 - "For the mysterious data breach crime folder, the U.S. Secret Service is investigating a series of payment card thefts—originating at an Alabama Dairy Queen—that has only been impacting debit cards."
Federal Trade Commission links wide data breach to file sharing – www.washingtonpost.com – 2/23/10 – “The Federal Trade Commission said Monday that it has uncovered widespread data breaches at companies, schools and local governments whose employees are swapping music, software and movie files over the Internet.”
1 arrested, 3 sought in ATM 'skimmer' scheme - suncoastpinellas.tbo.com - 2/22/10 - "Four Bulgarian men put "skimmers" on ATM machines at SunTrust banks in Hillsborough and Pinellas counties last summer and obtained identifying information on hundreds of bank accounts, according to a federal complaint."
89 percent of ANZ organisations face cyber attack - computerworld.co.nz - 2/22/10 - "Symantec study finds 43 percent of ANZ IT executives rate security their number one issue."
PCI compliance requirements affect IT risk assessments - searchsecurity.techtarget.com - 2/22/10 - "The chapter from the book PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, explains the relationship between PCI compliance requirements and risk management."
More people report debit info stolen at Rocklin gas pumps - www.sacbee.com - 2/22/10 - "Rocklin police said Thursday that a growing number of people are reporting that their debit card information was stolen by a sophisticated device hidden in two Rocklin gas pumps."
Jail door slams on skimming scam - www.southwestreviewnews.com - 2/21/10 - "A woman turned herself in to the West St. Paul Police Department Feb. 16 for her role in a credit card skimming scam that has affected at least 15 victims and pilfered over $30,000 in goods."
San Mateo out to stop ‘skimming’ – www.sfexaminer.com – 2/20/10 – “Chris Feasel has been a victim of identity theft twice. But that doesn’t stop the San Mateo deputy district attorney from going to the ATM or filling up at a gas station.”
Data-Centric Security: Mix Technology, Process - www.informationweek.com - 2/20/10 - "Aligning protection with data involves navigating corporate politics and business requirements and seeking out knowledge owners. A few key technologies can help, too."
Customer Vs. Bank: Who is Liable for Fraud Losses? - www.bankinfosecurity.com - 2/22/10 - "At first this court case was a curiosity: Experi-Metal Inc. (EMI), a Michigan-based metal supply company, sued Comerica Bank, claiming that the bank exposed its customers to phishing attacks."
Verizon Incident Metrics Framework Released – securityblog.verizonbusiness.com – 2/19/10 – “Many of you who read our blog regularly are familiar with our ‘Data Breach Investigations Report’. We hope that you’ve found past reports informative, useful, and above all, actionable. The production of the DBIR has been driven by our desire to help solve what we see as two of the most significant problems facing our industry.”
Broad New Hacking Attack Detected - online.wsj.com - 2/18/10 - "Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach."
Police Not Giving Up In Hunt For ATM 'Skimmer' – www.journal-topics.com – 2/18/10 – “Elk Grove Village and Addison police remain on the hunt for a man who used a "skimmer" to steal information from cards at automatic teller machines (ATMs) to create fake cards that he would then use to plunder bank accounts.”
Broad New Hacking Attack Detected – online.wsj.com – 2/18/10 – “Global Offensive Snagged Corporate, Personal Data at nearly 2,500 Companies; Operation Is Still Running”
Business Counter-Sues Bank in Fraud Dispute – www.bankinfosecurity.com – 2/18/10 – “The Texas machinery company that was sued by its bank after a data breach has filed a countersuit against the institution, saying it "won't be bullied."
Cottage Grove woman arrested in identity theft scam - www.twincities.com - 2/17/10 - "A Cottage Grove woman suspected of going on a spending spree with a Coon Rapids man after he skimmed customers' credit card information from a T.G.I. Friday's where he worked as a waiter has turned herself in to West St. Paul police."
Debit-card skimmers hit Windsor, Ont. - www.cbc.ca - 2/17/10 - "Hundreds of people in the Windsor, Ont., area say their debit cards were skimmed and their bank accounts raided by what police believe is a sophisticated crime ring based in Quebec."
"Iceman" hacker gets 13 years - www.securecomputing.net.au - 2/17/10 - "A San Francisco man charged with hacking into financial institutions and then hawking the stolen data in an online forum has been sentenced to 13 years in a US federal prison."
Are Chip and PIN Credit Cards Coming? - www.foxbusiness.com- 2/17/10 - "The U.K. is all abuzz about "chip and PIN," but it's not a popular pub snack or a nickname for the newest celebrity power couple. It's the credit card security system rolled out in recent years to stem a wave of credit card crime."
Police warn of credit card 'skimming' at gas stations - www.abc4.com- 2/17/10 - "Utah police investigators said crooks have installed electronic "skimming" devices at 180 gas stations from Salt Lake to Provo in an attempt to steal bank card and pin numbers."
Top 25 Programming Errors: Should Software Developers be Liable? - www.bankinfosecurity.com- 2/16/10 - "Should software developers be held liable for their programming errors? A consortium of international cybersecurity experts says yes - and will present its plan for such a program on Tuesday. But at least one dissenting voice calls the effort "counterproductive and silly."
Sneak Preview of Upcoming Privacy and Security Report - www.retailsystemsresearch.com - 2/16/10 - "Next week, we will be releasing our first privacy and security benchmark since the beginning of 2008, and what has taken place in that time span is quite intriguing."
Windsor cops bombarded with calls from victims of debit card scam - www.windsorstar.com - 2/16/10 - "A debit card scam uncovered by Windsor police over the weekend has now claimed hundreds of victims and morphed into the largest investigation the financial crimes unit has handled in recent years. "
'Skimming' device found on Sandy gas pump - www.sltrib.com - 2/16/10 - "Thieves racked up more than $11,000 in fraudulent charges on Utah credit and debit cards after stealing the numbers with a "skimming" device placed inside a Sandy gas station pump, police said."
Criminals 'skimming' account information at gas pumps - www.ksl.com - 2/16/10 - "Police in Sandy say criminals have been using an electronic device attached to gas pumps that allows them access to credit and debit accounts."
SQL Injections Resulted In Rise In Data Breaches During 2009 - www.spamfighter.com - 2/16/10 - "Research emphasizes that in 40% of the total incidences of computer attacks, SQL injection was used to compromise data."
Accused EFTPOS skimmer granted bail - www.watoday.com.au - 2/16/10 - "A British man allegedly involved in a multi-million fraud targeting McDonald’s customers around Perth has been granted bail despite prosecution claims he will flee the country "‘business class".
Police extradite alleged card skimmer - www.securecomputing.net.au - 2/16/10 - "Victorian Police have extradited a 31-year-old Malaysian man from Brisbane who is believed to be linked to a card skimming syndicate."
Chip and Pin fraud claims dismissed - tech.uk.msn.com - 2/16/10 - "Credit and debit card providers have dismissed claims that fraudsters were able to exploit flaws in the Chip and Pin payment system to use stolen cards."
Shell hit by massive data breach – www.theregister.co.uk – 2/15/10 – “Shell has been hit by a massive data breach - the contact database for 176,000 staff and contractors at the firm has been copied and forwarded to lobbyists and activists opposed to the company.”
2010 Identity Fraud Study: Threats and Trends - www.bankinfosecurity.com - 2/15/10 - "Identity fraud crimes expanded at a 12% rate in 2009. What can we expect to see in 2010?"
Cambridge researchers show that the Chip and PIN system is vulnerable to fraud - www.cl.cam.ac.uk - 2/11/10 - "Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond, researchers at the Computer Laboratory, University of Cambridge, have shown that flaws in the Chip and PIN system allow criminals to use stolen credit and debit cards, without knowing the correct PIN."
Detectives Search for "Skimming" Suspect in Sparks - www.ktvn.com. - 2/15/10 - "Dozens of people have reported unauthorized charges on their debit and credit card accounts during the last couple of months."
Woman Wanted in Skimmed Credit Card Shopping Spree - www.myfoxtwincities.com - 2/13/10 - "Police in West St. Paul, Minnesota are looking a woman who went on a shopping spree using credit card information "skimmed" by a former TGI Friday's server."
‘Card skimmers’ at gas pumps stealing information, police say - www.columbian.com - 2/13/10 - "Someone has been placing skimmers on gas pumps to illegally harvest customers’ debit or credit card and PIN numbers and use them to make fraudulent purchases, police say."
MasterCard is pleased to announce the 8th Annual Global Risk Management Conference - The Americas - www.mastercard.com/arm - 2/12/10 - "Join MasterCard, industry thought leaders, and your colleagues in collaborative and thought provoking sessions focused on arming you with the latest knowledge and strategies for mitigating fraud."
W. St. Paul Police investigate "skimming" credit card fraud - www.kstp.com. - 2/12/10 - "W. St. Paul Police Dept. in cooperation with four other departments are searching for a second suspect connected with an identity fraud and credit card fraud scheme."
ID theft still on the rise, though victims respond faster - www.securecomputing.net.au - 2/12/10 - "Incidents of identity theft and the total cost of fraud once again climbed last year, but consumers are becoming better equipped to respond to the occurrences of theft, according to a report released from Javelin Strategy & Research."
Thief uses skimmer to steal ATM info - abclocal.go.com - 2/12/10 - "Suburban police are warning the public about a series of incidents in which a crook attaches card readers and small cameras to ATMs in order to steal card information."
Security Versus Scope: Choose One - www.storefrontbacktalk.com - 2/11/10 - "Tokenization and end-to-end encryption are designed to secure information both in transit and at rest."
PCI Standards Training Program - www.pcisecuritystandards.org - 2/12/10 - "A comprehensive PCI Standards Training program offered directly by PCI SSC. The Payment Card Industry Security Standards Council (PCI SSC) is pleased to announce the first six months of dates and locations for the 2010 PCI SSC Standards Training."
Breach Prevention is Critical as HIPAA Compliance Worlds Collide - www.healthleadersmedia.com - 2/12/10 - "Privacy and security officers have to comply with more rules than ever."
Chip and pin should be overhauled to protect millions of bank customers - www.telegraph.co.uk - 2/12/10 - "Experts at Cambridge University believe the system is "broken" after they tricked it into accepting transactions without using a valid personal identification number."
Lengthy jail term would waste fraudster's intellect: lawyer - www.ottawacitizen.com - 2/12/10 - "Forging bank cards wrong, but 'mischievous' man hopes to contribute to society, judge told."
Researchers find huge weakness in European payment cards - www.computerworld.com - 2/12/10 - "Hundreds of millions of payment cards throughout Europe have a flaw that could allow criminals with a stolen card to enter any random PIN to complete a transaction, according to researchers from the University of Cambridge."
PCI DSS regulations should not be written off as being unsuitable, as an understanding of the terms and options are often ignored - www.scmagazineuk.com - 2/11/10 - "Credit card companies should be encouraged to work with smaller vendors when it comes to compliance, but it is too soon to write off PCI regulations."
Voltage Security Completes Independent Security Review - finance.yahoo.com - 2/11/10 - "Conforms to Visa Best Practices for Data Field Encryption; Format-Preserving Encryption Meets Recommendations for End-to-End Encryption."
New flaws in chip and pin system revealed - www.bbc.co.uk - 2/11/10 - "Most of us do not think twice about paying for something in a high street shop by keying in our pin. It is easy, fast and in most cases it works."
PCI DSS regulations not suitable for small businesses, says web hoster - www.securecomputing.net.au - 2/11/10 - "A claim has been made by a small business owner that if the Payment Card Industry Data Security Standard (PCI DSS) regulations were enforced, it would "cripple" such enterprises."
Credit card data security: Who's responsible? - www.networkworld.com - 2/11/10 - "About a year ago security at Heartland Payment Systems Inc. was breached and information affecting more than 100 million credit cards stolen. Was it Heartland's fault, or should the credit card companies shoulder more of the responsibility?"
Lawrence Welk Resort Furious with Visa - www.courthousenews.com - 2/11/10 - "The Lawrence Welk Resort says a tech company disabled its computer security system, making 1,427 customers' credit cards vulnerable to ID theft."
How the Cambridge chip and PIN attack works - resources.zdnet.co.uk - 2/11/10 - "Cambridge University researchers have uncovered a major security flaw in chip and PIN, the UK's standard payment card system."
Could Visa’s New No-Signature Rule Hurt Contactless Payments? - www.digitaltransactions.net - 2/11/10 - "Visa Inc.’s announcement this week that starting this summer it will no longer require signatures for transactions of $25 or less at most U.S. merchants heralds a policy that will result in faster and smoother transactions but could also undermine the payments industry’s move toward contactless technology."
Identify theft continues to keep Metro’s Electronic Crimes Unit busy - www.lasvegasweekly.com - 2/10/10 - "The fraud took 48 hours from start to finish — a credit card that was swiped at a high-end fashion retailer in Las Vegas on Monday was counterfeited and being used by Wednesday, often in Greece, Turkey, Morocco, Germany or Spain."

Police arrest credit card skimmer supplier - www.thejakartapost.com - 2/10/10 - "Police have arrested a man who allegedly supplied devices to illegally duplicate credit cards in Indonesia."
Card-skimming gang hits Melbourne ATMs - moorabbin-glen-eira-leader.whereilive.com.au - 2/9/10 - "Three fraudsters have been using fake cards at ATMs to steal from people’s bank accounts."
Sydney fraudsters use Melbourne ATMs to drain accounts - www.smh.com.au - 2/9/10 - "Sydney fraudsters using fake cards are draining cash from ATMs across Melbourne."
Credit card information used to buy gift cards - www.owensoundsuntimes.com. - 2/9/10 - "A man who used "skimmed" credit card information to buy nearly $6,000 worth of gift cards at a local variety store pleaded guilty to six counts of fraud."
Card skimming syndicate hits Melbourne - www.securecomputing.net.au - 2/9/10 - "Victorian detectives are investigating links between three ATM fraudsters in Melbourne and a major card skimming syndicate in NSW."
Visa to Expand 'No Signature Required' Program - www.csnews.com - 2/9/10 - "Visa Inc. said it plans to offer its No Signature Required program to the majority of merchant categories in the United States beginning July 2010."
XAC To Use Voltage Security’s SecureData Program - www.paymentssource.com - 2/9/10 - "Point-of-sale terminal maker XAC Automation Corp. will use advanced payment-data encryption technology from Voltage Security Inc. in its new devices, Voltage announced this week."
Police Officer Victim of Debit Card Skimming - www.atv.ca - 2/6/10 - "The very person who alerts the public about crime and scams in Saanich is a victim herself. Last weekend, Saanich Police Sgt. Julie Fast attempted to buy a muffin for $2, when her debit card was declined. "
Pinpad scam resurfaces - www.bclocalnews.com - 2/5/10 - "A number of Kamloops businesses should be expecting a visit from the RCMP in the near future."
Hackers Feast on SQL Injection Exploits - www.esecurityplanet.com - 2/5/10 - "Hackers used SQL injection tactics to access corporate networks in 60 percent of significant data breach incidents reviewed by 7Safe, a leading computer security and forensics consulting firm in London."
Cybersecurity Enhancement Act passed by US House - www.securecomputing.net.au - 2/5/10 - "One week after having nearly 50 of its websites defaced by hackers, the US House of Representatives has passed a bill that would seek to improve cybersecurity within the federal government and the public sector."
Hospitality Industry Hit Hardest By Hacks - www.darkreading.com - 2/5/10 - "Trustwave report on data breach investigations shows hotels were breached more than financial institutions last year, and nearly all attacks were after payment-card data "
Criminals exploiting flood of leaked personal data - www.securecomputing.net.au - 2/5/10 - "Incidences of personal data being stolen and sold online have soared by 230 per cent since 2007, according to new figures from fraud database firm Lucid Intelligence."
Rash of debit card fraud hits Flagler - www.news-journalonline.com - 2/5/10 - "While Steve Woodsmall traversed northeast Florida, stopping off at the doctor, refereeing a basketball game, thieves were on a spending spree -- on his dime."
The 2009 PCI DSS and Protecting Cardholder Data Report - www.aberdeen.com - 2/4/10 - "This benchmark report, Aberdeen's third annual study on PCI DSS and Protecting Cardholder Data, provides year-over-year insights into the progress that affected organizations have made in achieving and sustaining compliance with the Payment Card Industry Data Security Standard, as well as the specific areas of greatest challenge."
PCI DSS Releases FAQ about End to End Encryption - retailpayments.blogspot.com - 2/4/10 - "While major updates to the PCI Data Security Standard get issues with new versions, such as the one to be published later this year, the PCI Security Standards Council often releases FAQ’s that provide clarification or guidance to merchants and QSA’s. In December, the PCI SSC published an FAQ dealing with the impact of end to end encryption on PCI Scope."
Credit union's Visa debit cards breached - www.recordonline.com - 2/4/10 - "A debit card problem has affected some cards issued by Hudson Heritage Federal Credit Union. About 85 accounts were potentially exposed, and the bank has issued new cards to the affected accounts and is monitoring for possible fraudulent activity, said bank President and CEO Michael Ciriello. Bank officials think the breach occurred either at a specific merchant or a third-party transaction processor that was not abiding by Visa's rules."
Hackers Target Hotels for Card Data As Malware Gets More Insidious - www.digitaltransactions.net - 2/4/10 - "A growing emphasis by computer hackers on stealing payment card data from hotels and resorts and their increasingly sophisticated malicious software and attack methods are two highlights in a new report from security consulting and technology firm Trustwave Holdings Inc."
Hacker attacks Ceridian; data from 27,000 at risk - www. startribune.com - 2/4/10 - "A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially revealed the names, Social Security numbers, and, in some cases, the birth dates and bank accounts of 27,000 employees working at 1,900 companies nationwide."
107.5 Kiss FM - Debit Card Fraud Prompts Warning - www.1075Kiss.com - 2/4/10 - "Police say there could be more than 60 victims of a debit card skimming scam in the North Okanagan. One person is said to have been victimized of $1,000, twice, while another had $800 taken from an account."
Encryption, PIN Security, EMV Top Busy Agenda for PCI Council in 2010 - www.digitaltransactions.net - 2/4/10 - "A busy year is on tap for the PCI Security Standards Council, with revisions due not only for the main Payment Card Industry data-security standard but also standards governing PIN-entry devices and payment-processing software applications."
Laval police seize 5,000 fake credit, debit cards - www.montrealgazette.com - 2/3/10 - "Laval police acting on a tip from customs agents arrested a man they suspect was able produce massive quantities of counterfeit credit and debit cards from the comfort of his own basement."
Las Cruces Credit theft sours winery experience - www.lcsun-news.com - 2/3/10 - "It certainly wasn't the wine or the bowtie pasta at St. Clair Winery & Bistro that left a bad taste in Bianca Villani's mouth. It was the call from Visa, informing her that someone in Maryland was trying to put hundreds of dollars of purchases on her card and the cards of two of her other friends - who had also gone to the Dec. 11 dinner."
Report Details Hacks Targeting Google, Others - www.wired.com - 2/3/10 - "It’s been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies."
Making The Best Of Today's Payment Processing Security Options - www.bsminfo.com - 2/2/10 - "There's been a lot of press in the past couple years concerning payment processing. While huge breaches may not have shaken consumer confidence (the use of cards continues to far outpace the use of cash), the financial burden placed on everyone from the card issuers down to the merchant have many clamoring for reform. Currently, there are a number of trends concerning reform, associated security, and card processing in general that could affect point of sale (POS) VARs."
More Arrests Made In ATM Skimming Scheme - www.youtube.com - 2/5/10 - "A third suspect has been arrested on charges of stealing ATM card numbers from unsuspecting customers."
Cybersecurity Enhancement Act passed by US House - www.www.securecomputing.net.au - 2/2/10 - "One week after having nearly 50 of its websites defaced by hackers, the US House of Representatives has passed a bill that would seek to improve cybersecurity within the federal government and the public sector."
Pin pad thefts in Caledon not isolated - www.allistonherald.com - 2/2/10 - "In November 2009 and again in January 2010, a Caledon fast food restaurant contacted the Caledon OPP to report one of its debit machines had been replaced or tampered with."
Five months to detect a breach - www.net-security.org/ - 2/2/10 - "When it comes to cyber attacks and breaches, the hospitality industry has been the most heavily targeted industry in 2009."
ATM Skimming Ring Targeted in MA - www.bankinfosecurity.com - 2/2/10 - "The U.S. Secret Service has broken up an alleged ring of ATM skimmers in Massachusetts, announcing the arrests of three suspects -- including one man who was in possession of nearly $100,000 when he was arrested."
Possible skimmer scheme in Vernon - www.castanet.net - 2/2/10 - "A new wave of debit fraud may be hitting the North Okanagan."
Are chip and PIN credit cards coming to the US? www.bankrate.com - 2/2/10 - " The U.K. is all abuzz about "chip and PIN," but it's not a popular pub snack or a nickname for the newest celebrity power couple. It's the credit card security system rolled out in recent years to stem a wave of credit card crime."
CyberSource Online Fraud Report-11th Annual Online Payment Fraud Trends, Merchant Practices and Benchmarks - www.cybersource.com - 2/2/10 - "Download your copy of CyberSource's Online Fraud Report- New 2010 Edition! Compare your results. Most companies reported improved metrics in 2009, but see the challenge increasing due to “cleaner” fraud. 60% say enhancing automated detection will be their primary focus in 2010. See which tools they plan to use. Read about this and over 25 other fraud management benchmarks, trends, and practices."
VeriFone’s PAYware Mobile Now Available on App Store as Credit Card Encryption Sleeve Begins Shipping - www.businesswire.com - 2/1/10 - "VeriFone Holdings, Inc. (NYSE: PAY) today announced it is shipping its PAYware Mobile secure credit card encryption sleeve for iPhone and that the complementary PAYware Mobile App is now available on the App Store. PAYware Mobile provides small businesses with simple and secure card processing capabilities using the revolutionary iPhone. The app and patent-pending card encryption technology are provided free in conjunction with a low cost PAYware gateway services agreement."
Cybercrime Checks Into The Hotel Industry - www.forbes.com - 2/1/10 - "Over the past year America's hotels have had some uninvited guests: a wave of increasingly sophisticated invasions by organized cybercriminals. That's one finding of a report that cybersecurity researcher Nicholas Percoco plans to present Tuesday at the Black Hat security conference in Arlington, Va. His data shows a spike in hacking incidents that successfully targeted hotels and resorts, what Percoco describes as relatively unprotected sources of thousands or even millions of credit card account details."
Rethinking the Fortifications: Q&A With Heartland CIO Steven Elefant - www.technewsworld.com - 2/1/10 - "It's been a year since a hacker wheedled into Heartland Payment Systems' network and carried out one of the largest criminal credit card data breaches ever. The fallout from that break-in is still clearing, but Heartland's CIO Steven Elefant says the company has instituted changes to way it handles sensitive data, starting with an encryption system that's truly end-to-end, not just point-to-point."

January 2010

Cocoa Beach police find illegal ATM skimmer - www.floridatoday.com - 1/31/10 - "Someone attached a “skimming device” to an ATM at Bank of America on North Atlantic Avenue in Cocoa Beach, and police believe an unknown number of victims may be susceptible to identity theft. A skimmer is an electronic device that criminals attach to the card-reading slot of an ATM. These devices are disguised to look like they are part of the ATM — but unsuspecting victims swipe their cards through them while accessing their accounts."
Two more arrested in alleged ATM scheme - www.boston.com - 1/30/10 - "Two more suspects, including one who was in possession of nearly $100,000 when he was arrested, are facing charges in an alleged scheme to steal ATM card data from unwitting customers in Eastern Massachusetts, authorities said yesterday."
Two more arrested in alleged ATM scheme - www.boston.com - 1/30/10 - "Two more suspects, including one who was in possession of nearly $100,000 when he was arrested, are facing charges in an alleged scheme to steal ATM card data from unwitting customers in Eastern Massachusetts, authorities said yesterday. One of the two, Anton Venkov, 40, of Toronto, was arrested Thursday by the US Secret Service in Boston and charged with using counterfeit bank account access codes and aiding and abetting the plot."
4 Arrested in Skimmer Scam Gwinnet County Skimming Scheme - www.wsbradio.com - 1/29/10 - "Gwinnett County Police have arrested four people, including a juvenile, in a fraud involving debit cards. Police say Cortes Luciano worked at a fast-food restaurant on Pleasant Hill Road and used a skimmer to get customers' credit card information when they paid for their food. One of the at least 26 victims, says they charged 400 bucks with her card. "The only time it's ever out of my hands is when I have to hand it over to pay for something, instead of swiping it myself," says Missy Vogel."
U.S. Secret Service estimates an annual loss of $1 billion specifically from ATM skimming - www.rgj.com - 1/29/10 - "Their debit or credit cards were safely tucked away in wallets, never out of sight. No one else knew their confidential PIN numbers. But somehow, transactions for hundreds of dollars were made using their bank accounts, some at stores they had never visited in cities as far away as Florida and Ohio. Now, Reno residents John Scott and Misty Hinton want to know how this happened. Both had their debit cards cloned and then used at their bank's ATM machines to withdraw $280 multiple times."
Old National also hit by ATM scam - www.wlfi.com - 1/28/10 - "One Old National Bank location was compromised by an automated teller machine (ATM) "skimming device" earlier this month, a spokeswoman confirmed Thursday. A handful of local residents were affected, she said, but the bank has been able to secure the information of any debit cards that may have been compromised."
Restaurant debit machine compromised in BC Canada - www.bclocalnews.com - 1/28/10 - "A restaurant debit machine compromised last fall recorded about $25,000 in fraudulent activity before the breach was noticed. Const. Janelle Shoihet said the tampering was reported to police Jan. 13, after a bank brought the breach to the White Rock business’ attention. Shoihet would not disclose which restaurant was targeted, stating customers at risk are typically contacted through banks and credit card companies."
Researchers slam 3-D Secure as insecure - www.securecomputing.net.au - 1/28/10 - "Verified by Visa and SecureCode 'fatally flawed'. University of Cambridge researchers have launched a withering attack on the 3-D Secure protocol used by Visa and MasterCard to authenticate online customers, branding it "a textbook example of how not to design an authentication protocol"."
New PCI Phone Rules: A Number Spoken Is Just As Risky As One Typed - www.storefrontbacktalk.com - 1/28/10 - "Last week, PCI changed its policy on audio recordings. It now instructs retailers to treat a digital audio capture exactly the same as if it was written. This means that all of those call centers asking for credit card details over the phone must dispose of those recordings, or at least the parts that store the prohibited data, immediately. The PCI community has been debating the audio rules for years, with our first story on it back in August 2007. (No, we won’t say that this is the first sound decision from PCI in years. Plays on words and data security stories rarely mix well.)"
Data Breach Cost Numbers Games - www.storefrontbacktalk.com - 1/28/10 - "Over the last few weeks, one of the most common questions we’re hearing discussed is “Is PCI really worth it?” These are multi-billion-dollar retail chains asking this question. But there’s a lot more behind the question than it might initially seem. In a marked contrast to the same kinds of questions two years ago, the intent is not to ignore security. Indeed, many of the chains considering some a heresy question are already putting in place security procedures that go well beyond current PCI requirements."
Nation's toughest personal info law about to take effect - www.gcn.com - 1/27/10 - "Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law, passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls."
Bob Russo: No major PCI DSS revision expected in 2010 - searchsecurity.techtarget.com - 1/27/10 - "PCI Security Standards Council general manager Bob Russo said the next revision of the Payment Card Industry Data Security Standard (PCI DSS), due in October, will contain clarifications but no major changes to the standard. "There won't be any surprises," Russo said. "We're more likely to see guidance documents." Encryption, virtualization and the use of more secure payment terminals are expected to gain more attention."
Study: Of All Breaches, Those Caused by Hacking Are the Costliest - www.digitaltransactions.net - 1/27/10 - "The cost of data breaches rose slightly last year, but breaches resulting from computer hacking incurred by far the highest losses, according to a new report from privacy and data-security research firm Ponemon Institute LLC. The average cost per compromised customer record rose to $204 in 2009 from $202 in 2008 and $138 as recently as 2005, according to Traverse City, Mich.-based Ponemon’s '2009 Annual Study: Cost of a Data Breach.'"
PNC Bank ATMs Hacked Into, Customers Discover Money Missing - www.thepittsburghchannel.com - 1/27/10 - "A Pittsburgh couple discovered $1,400 missing after their PNC Bank account was hacked into. The woman, who did not want to be identified, told Channel 4 Action News that her husband noticed the money missing from a checking account after a trip to the PNC location in Forest Hills. "I reconcile my bank statements religiously, so I noticed it right away," the woman told Channel 4 Action News' Tara Edwards."
US oil industry hit by cyberattacks: Was China involved? - www.axcessnews.com - 1/26/10 - "At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable "bid data" detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show."
Crime Spree Targets Arizona Drivers - www.kpho.com - 1/26/10 - "It's an old crime with a new target. According to the Arizona Department of Weights and Measures, someone is stealing credit card information from drivers filling up at the pump at various gas stations. Police in Kingman, Bullhead City and Lake Havasu City have reported a rash of skimming scams at various gas stations and they said the crooks could be headed to Phoenix. Investigators said the scam artists are installing small devices, like a flash drive, into the credit card portion of the gas pump that will then record the personal data of drivers when they swipe their cards."
Encryption on the Front Lines of Defense - www.americanbanker.com - 1/26/10 - "An increasing number of companies are concerned that current standards to protect payment card data may be subpar, and have seized on encryption. Some of the biggest names in payments have endorsed encryption, with several vendors offering or testing systems that encode card data as soon as it hits the processing chain. And though there is no standardized approach for delivering encryption capabilities, there is a growing consensus that it is becoming a crucial element of a security strategy."
ATM fraud up in recent weeks - www.rgj.com - 1/26/10 - "Their debit or credit cards were safely tucked away in wallets, never out of sight. No one else knew their confidential PIN numbers. But somehow, transactions for hundreds of dollars were made using their bank accounts, some at stores they had never visited in cities as far away as Florida and Ohio. Now, Reno residents John Scott and Misty Hinton want to know how this happened."
PCI QSAs, certifications to get new scrutiny - searchsecurity.techtarget.com - 1/26/10 - "The Payment Card Industry Security Standards Council (PCI SSC), under pressure from merchants to improve the training of its certified Qualified Security Assessors (QSA), has detailed plans to beef up its PCI QSA certification review process, adding much needed staff and funding to improve oversight of the individuals who conduct PCI Data Security Standard (DSS) compliance assessments."
Different technologies vie to protect payments - www.digitalidnews.com - 1/25/10 - "End-to-end encryption, dynamic cryptograms and EMV are all options being considered to protect payment transaction data in the U.S. The goal is to prevent data breaches, such as the one with Heartland Payment Systems in 2008, and make it easier for merchants and processors to secure the information. It’s estimated that tens of million of payment card numbers were compromised when hackers planted malicious software in Heartland’s system. Processors and merchants are supposed to comply with the Payment Card Industry Data Security Standard, a specification that many say is confusing, onerous and doesn’t do enough to protect payment card information."
Simulated onslaught to bolster security - www.greensheet.com - 1/25/10 - "On Feb. 9 to 11, 2010, payments industry organizations will take part in a cyber attack simulation exercise designed to test the security of payment networks, educate organizations on system vulnerabilities and recommend improvements to better secure those networks. The exercise, dubbed the Cyber Attack against Payment Processes (CAPP), is being organized by the Financial Services Information Sharing and Analysis Center."
Data Breach Report: Malicious Attacks Doubled in 2009 - www.bankinfosecurity.com - 1/25/10 - "Malicious criminal attacks have doubled, and the average cost of a data breach has increased to $204 per compromised record. These are the headlines from the 5th annual "Cost of a Data Breach" study by the Ponemon Institute. The study shows that the total cost of a data breach rose to $204 from $202 per compromised record. Dr. Larry Ponemon, President and CEO of the Ponemon Institute, says the increase is a "big deal" because it shows that data breaches continue to be a costly event for all organizations."
BRUCE RUTHERFORD NAMED NEW PCI SECURITY STANDARDS COUNCIL CHAIRPERSON - www.pcisecuritystandards.org - 1/25/10 - "Today, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council."
Four indicted in courthouse credit card scam - www.seattlepi.com - 1/24/10 - "A federal grand jury has indicted four people accused of paying insiders at a courthouse and a local fast-food joint to steal dozens of victims' debit or credit card numbers, then fraudulently using the information to purchase hundreds of thousand dollars' worth of gift cards. Diamond Alexander, Jr., Crystal Lee, Cassie St. Cyr and Timur Harris all pleaded not guilty to six counts of bank fraud."
Waiter pleads guilty to identity theft, fraud - www.sfgate.com - 1/23/10 - "A former Kansas City man has admitted stealing credit card information from customers while he was a waiter at a Country Club Plaza restaurant. John David Woody of Los Angeles pleaded guilty to identity theft and credit card fraud on Friday in federal court in Kansas City. The 35-year-old admitted that he stole information from 20 customers at the Brio Tuscan Grille in July and August 2008. Prosecutors say Woody used an electronic device to skim the magnetic strip on the back of credit cards to obtain the information. He then used the credit card numbers to purchase goods online, including thousands of dollars worth of DVDs."
STRATEGIC SECURITY TESTING WEBCAST - www.coresecurity.com - 1/22/10 - "In this webcast, noted security and penetration testing expert Dr. Eric Cole will share his insight into how organizations can rapidly improve their resiliency to today’s most advanced malware and hacking techniques via more frequent and proactive assessment. Attackers continue to take advantage of widespread security vulnerabilities located throughout the enterprise IT stack to infiltrate sensitive assets and access protected data, perhaps best evidenced by the recent IE zero day attacks that compromised massive companies including Google."
Joint force operation leads to arrests for debit card fraud in Toronto - www.newswire.uk - 1/22/10 - "The continuing joint force partnership to combat credit debit and credit card frauds between the Ontario Provincial Police (OPP) Organized Crime Enforcement Bureau (OCEB) - Identity Crimes Unit and Durham Regional Police Major Crime - Fraud Unit (DRPS) has resulted in the arrest of seven males and two females for point-of-sale terminal "pin pad" tampering."
Westpac blocks 10,000 skimmed cards in NSW - www.news.com.au - 1/22/10 - "MORE than 10,000 cards have been blocked in just over a week by one of the biggest banks. The move comes as the full impact of EFTPOS skimming emerged earlier this week. Police revealed on Wednesday that $50 million had been stolen from NSW bank accounts by the biggest skimming operation in the state's history. The Daily Telegraph has learned Westpac/St George Bank has blocked between 10,000 and 11,000 debit and credit cards in the past 10 days."
BCA Also Breached from Australia - en.vivanews.com - 1/22/10 - "Indonesia-based Bank Central Asia installs ATMs all over the provinces in Indonesia. The international banking criminals saw this as a chance to crack the system and steal the money. BCA is not only breached from Toronto, Canada, but also Australia."
10 Faces of Fraud in 2010 - www.bankinfosecurity.com - 1/22/10 - "Ghosts of Crimes Past and Present Will Haunt the Future of Banking Institutions and Customers "The more things change, the more things stay the same." This old saying holds true when it comes to the different types of fraud hitting financial institutions. In 2009, institutions were hit from every angle with fraud schemes -- some were old, and some were new variations."
Thousands of shoppers' credit cards may have been 'skimmed' at ASDA - www.thenorthernecho.co.uk - 1/22/10 - "POLICE have warned shoppers to check their bank accounts after a sophisticated credit card skimming device was discovered. The machine was found by an alert shopper at the Asda supermarket in Whinbush Way, Darlington. Police said last night that the skimmer may have been operating for at least two days and they had no idea how many people may have unwittingly given up their credit card details."
Independent QSA Technical Assessment of VeriShield Protect - retailpayments.blogspot.com - 1/21/10 - "VeriFone has contracted with Coalfire Systems, Inc. a leading IT security consulting firm and PCI QSA to conduct an independent technical assessment of VeriShield Protect. The goal of this assessment is to determine if VeriShield Protect meets and follows industry standards, how a proper implementation of VeriShield Protect can improve the security of a retailer’s cardholder environment and the impact VeriShield Protect can have on reducing PCI scope and compliance costs."
Gartner urges users to get off IE6 - www.securecomputing.net.au - 1/21/10 - "Gartner's Neil MacDonald has claimed that in the longer term, there are three key things to learn from Operation Aurora: run more users as standard user, get off IE6 as soon as possible, and use defence-in-depth at the endpoint."
The Secure POS Vendor Alliance Broadens its International Reach with Five New Payment Company Members - www.businesswire.com - 1/21/10 - "The inaugural year of the Secure POS Vendor Alliance (SPVA) wrapped up with the same enthusiasm with which it began – capped off by the membership of five more leading payment and enterprise security companies. Joining the SPVA are Elavon, ID TECH, Independent Purchasing Cooperative, Inc. (IPC), Voltage Security, Inc., and the first Asia-based company, GHL Systems Berhad."
Heartland Breach: State of Payments Security 1 Year Later - www.bankinfosecurity.com - 1/21/10 - "It has now been one year since the Heartland Payments System breach was made public. What lessons have been learned and what more needs to be done to improve the security of the payment industry? We asked four information security experts for their take on Heartland: One year later."
BBB Initiative Arms Small Business Owners With the Tools to Protect Business and Customer Data - www.prnewswire.com - 1/21/10 - "Better Business Bureau and partners Symantec Corporation, Visa Inc., Kroll's Fraud Solutions and NACHA – The Electronic Payments Association today launched a new national education initiative to help small business owners overcome any previous reluctance to taking the necessary steps to protect their sensitive customer and business data, so they won't become the next victim of a data breach."
Javelin Study: End-to-End Encryption, Tokenization, and EMV in the US - www.paymentsnews.com - 1/21/10 - "Javelin has announced a new report titled "End-to-End Encryption, Tokenization, and EMV in the US: Vendor Analysis of Emerging Technologies and Best Hybrid Solutions" that "assesses the capabilities of end-to-end encryption, tokenization, virtual terminals, magnetic-stripe security and the EMV standard as solutions to combat payment-related data breaches.""
Some Banks Try Again For Class-Action Heartland Lawsuit - www.storefrontbacktalk.com - 1/21/10 - "Shortly after Heartland tried to sweep away most of the lawsuits against with a series of recent negotiated settlements, a group of banks is trying to persuade other banks to reject the settlement offer and support a class-action lawsuit against Heartland."
Gangs skim $50m from EFTPOS machines - www.news.com.au - 1/21/10 - "POLICE admit that Australia is in the midst of its biggest ever EFTPOS skimming crime wave. An unprecedented attack by an international criminal gang on retailers' EFTPOS machines has seen $50 million fleeced from hard working Australians. The wave of attacks on EFTPOS machines in NSW was yesterday described by NSW fraud squad head Detective Superintendent Colin Dyson as "the biggest I've seen"."
Addressing Data Breaches: How to Decrease Fraud Losses while Creating Customer Loyalty - www.javelinstrategy.com - 1/20/10 - "Join Javelin Strategy & Research for a complimentary webinar presentation addressing data breaches. With about 11% of consumers receiving breach notifications in the past three years, concern over personal data security and identity fraud is also on the rise."
Heartland Moves to Encrypted Payment System - www.pcworld.com - 1/20/10 - "Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr."
2 arrested in ATM tampering scheme - www.cbc.ca - 1/20/10 - "Winnipeg police have arrested two men in connection to a tampering scheme that targeted automated teller machines in the city. A 29-year-old and a 39-year-old are facing more than 100 counts relating to offences including wearing disguises with intent to commit crimes, forgery, and unlawful use of credit card data."
Central Bank Tells Account Holders Their Funds Are Safe Amid ATM Scam - www.thejakartaglobe.com - 1/20/10 - "Bank Indonesia on Wednesday sought to assure bank customers that their money was safe and that those who have reported an unexplained dwindling of their accounts would have the missing sums reimbursed. More than a dozen customers of three banks in Bali have reported that their accounts had decreased significantly with money withdrawn without their consent, police said. The central bank later announced that six lenders nationwide had reported customers losing funds."
Proposed VISA/Heartland Data Breach Settlement May Pay Banks and Credit Unions Pennies on the Dollar - www.prnewswire.com - 1/20/10 - "Banks and credit unions that issued VISA payment cards compromised by the Heartland Payment Systems data breach, the largest data breach in history, should carefully review the proposed settlement between Heartland and VISA. The proposed settlement has many weaknesses: (1) it may offer little compensation to payment card issuers, (2) it gives banks and credit unions little time to decide whether to participate, (3) it releases Heartland and other parties that may be liable, and (4) it is being touted for reasons that are not entirely accurate."
Thales and Voltage Security Forge Technology Integration and Partnership to Deliver End-to-End Encryption and Key Management to Secure Payments - www.pymnts.com - 1/20/10 - "Thales, leader in information systems and communications security, and Voltage Security, Inc., the global leader in end-to-end data protection, announce a technology integration and partnership centered around delivering End-to-End Encryption and key management solutions for the payments industry and broader enterprise security applications. Through the partnership, the two companies have worked together to integrate Voltage SecureData technology with Thales hardware security modules (HSMs) for customers, Heartland Payment Systems being an example."
Are Tokenization And End-To-End Encryption Substitutes? - www.storefrontbacktalk.com - 1/20/10 - "If your goal is to limit your PCI scope, should you pursue tokenization or end-to-end encryption? Or should you do both? I find it interesting that many large (L1 and L2) merchants are actively pursuing both options, and I’m wondering if that really makes sense from either a PCI or an economic perspective. Maybe tokenization and end-to-end encryption are just two closely related approaches that can, when properly implemented, accomplish the same thing: minimize your total PCI scope."
Two Charged In Debit Card Fraud - www.cjob.com - 1/20/10 - "Police have arrested two Winnipeg men in an ATM fraud case that detectives believe could have resulted in more than a million dollars in theft. Police allege the pair who are brothers-in-law were living lavish lifestyles from money they were skimming off of stolen debit card information. Police say their investigation started last fall. Detectives say there were at least 38 incidents where the suspects would put a devise over a legitimate ATM to steal credit card data and swipe PIN numbers using tiny cameras."
Heartland's Acquiring Banks Sued - www.bankinfosecurity.com - 1/20/10 - "Five financial institutions have filed a class action suit alleging that two acquiring banks, Heartland Bank and Key Bank, should be included as defendants and share responsibility for damages caused by the Heartland Payment Systems data breach. Lone Star National Bank, PBC Credit Union, O Bee Credit Union, Seaboard Federal Credit Union and Pennsylvania State Employees Credit Union filed the class action complaint in the U.S. Southern District Court in Houston, TX on Tuesday."
Getting PCI Compliant—Now What? - CSP Magazine - 1/20/10 - "For the past several years, major data breaches of payment information have made headlines, sending shock waves through many businesses and industries, including the retail petroleum and convenience sectors. No one, from big corporations to the local taco stand, wants to be caught exposing its customers’ data—and encountering the legal and financial burden that a breach could place on a company."
Five Quebecers arrested for $1 million debit and credit card skimming fraud - www.pivotalpayments.com - 1/20/10 - "At least 11 Winnipeg businesses - and potentially more in other provinces - were victims of a debit card fraud scam, for which one man and four youth were just arrested by Winnipeg police. The man, Thomas Wayne Hope, and the four 17-year-olds - all from Quebec - had been stealing debit card PIN pads, inserting skimming devices, and then returning the devices."
Heartland Moves to Encrypted Payment System - www.pcworld.com - 1/20/10 - "Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr. "End-to-end encryption is a good way to mitigate the risk of having the kind of compromise that we and hundreds of other companies have had," Carr said in an interview."
The 2009 PCI DSS and Protecting Cardholder Data Report - www.pcworld.com - 1/20/10 - "Best-in-Class companies spent 45% less than all others to achieve initial PCI compliance. Best-in-Class companies spend 55% less annually than all others to sustain PCI compliance. Best-in-Class companies reduced audit deficiencies related to PCI by 7.5% on a year-over-year basis, compared to Laggards."
Skimmer in Sydney Rd ATMs - moreland-leader.whereilive.com.au - 1/20/10 - "TWO more card skimming devices have been found on ATMs in Sydney Rd. Detective Sen-Constable Mark Perna of Moreland CIU said a man using a Commonwealth Bank ATM in Brunswick felt the card entry slot was a little loose and was able to pull it off. “The skimmer covered the card entrance and had a microchip that reads the magnetic strip as the card enters,” Detective Sen-Constable Perna said."
Couple Wanted In ATM Skimming Scheme - www.fox5vegas.com - 1/19/10 - "A man and woman caught on camera placing a device on an ATM machine were attempting to steal debit card information, police said Tuesday. Photos released to FOX5 show the couple using the ATM twice in the same day. In one photo the man appears to be doing something to the machine while the woman is keeping an eye out for other customers."
Card reader found attached to ATM in Freehold Township - www.app.com - 1/19/10 - "Police are warning residents about a device that was attached to a West Main Street bank's ATM to record account information. An off-duty juvenile corrections officer found the device when he went to the Bank of America at 510 West Main St. around 3 p.m. Saturday, police said. As he tried to use the machine, he began having problems with his card, said Detective Sgt. Jerry Kiwit."
E-Commerce Data Security 2010: Learning From 2009's Debacles - www.technewsworld.com - 1/19/10 - "Tough economic times brought a surge in online shopping. As more people turn to the Web, merchant readiness for handling confidential data is more critical than ever for a successful online presence. Etailers must have their data protection systems in place before flipping the switch, rather than having a major disaster to clean up after a breach occurs. 2009 was the first year since 2005 that the number of data breach incidents recorded actually dropped. If that makes you feel a little more secure -- there is a counter side."
Taiwan man arrested for credit card fraud - enews.mcot.net - 1/18/10 - "A Taiwanese was arrested after attempting to use a stolen credit card to buy a pricey laptop at a Bangkok department store. Li Wen Ming, suspected of being part of a large Malaysian credit card fraud syndicate, attracted the attention of the shop owner, who verified that the legal card holder is Canadian. Police investigators seized other 17 false credit cards, a skimmer used for the theft of credit card information and other fraud tools in Mr Li’s possession."
NSW police target skimming scams - www.bigpondnews.com - 1/18/10 - "Credit card and debit card holders are being targeted in a new 'skimming' fraud scam. Police in New South Wales have formed a Strike Force to investigate the use of skimming devices. The Commonwealth Bank has confirmed financial institutions had been advised of a security issue on Friday."
DarkMarket mastermind pleads guilty - www.securecomputing.net.au - 1/18/10 - "A Sri Lankan man living in London admitted last week to being the mastermind behind the online hacker forum DarkMarket, which has been called one of the most nefarious criminal websites in the world. Renukanth Subramaniam, 33, pleaded guilty in London to conspiracy to defraud, according to a court spokeswoman. Subramaniam, who used the alias "JiLsi", admitted that he set up DarkMarket, a site that fostered cybercriminal collaboration and resulted in tens of millions of dollars of losses, according to a news release issued by the Serious Organised Crime Agency (SOCA) in London."
Information Security Clauses and Certifications - Part 1 - enews.mcot.net - 1/17/10 - "Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches."
Smaller Merchants May Offer Less Credit Card Security - www.creditcardguide.com - 1/16/10 - "According to a recent survey, credit card security may not be as alive and well as most consumers assume. The study surveyed 560 U.S. and multinational organizations for the degree to which they complied with the Payment Card Industry’s Data Security Standard (PCI DSS). The survey was conducted by the Ponemon Institute, a company specializing in research into privacy and information security policy."
Secure Remote Payment Council Announces Formation - www.paymentsnews.com - 1/15/10 - "The Secure Remote Payment Council, (SRPc) held its formation meeting and inaugural Board of Directors meeting in Dallas in December to install its Board, elect officers and set its 2010 agenda. The SRPc says it is "dedicated to the growth, development and market adoption of secure eCommerce and mobile payment methods"."
Debit-card 'skimming' scams - www.consumerreports.org - 1/15/10 - "Whether by choice or necessity, American consumers are increasingly relying on debit rather than credit cards. Debit-card spending has risen steadily, growing from 47.7 percent of purchases made with plastic in 2003 to 58.9 percent in 2008."
Winnipeg police bust fraud ring that stole PIN pads - www.vancouverite.com - 1/15/10 - "Police are asking merchants using debit card PIN pads to check units in their stores after cops busted a fraud ring that stole approximately $1 million. The group stole and replaced PIN pads after rigging them electronically so they could steal credit and debit card information of clients. It is not clear how many Winnipeg residents had their pin numbers stolen."
PCI DSS Expert Panel - Common Questions Answered - Trustwave and ETA - 1/14/10 - "The Electronic Transactions Association and Trustwave invite you to attend a complimentary interactive webinar titled, PCI DSS Expert Panel - Common Questions Answered. During this webinar, compliance and security experts from Trustwave will talk about the challenges faced by merchants when becoming PCI DSS compliant. This webinar is appropriate for most businesses but is primarily focused on helping those businesses with questions about validating PCI DSS compliance."
$900 withdrawn as debit card fraudsters hit again - www2.canada.com - 1/13/10 - "Editor: I wanted to make Optimist readers aware that debit card skimming has struck once again in Tsawwassen. I was a victim on Jan. 5 when thieves withdrew $900 (two separate transactions of $500 and $400) from my account using a TD Green Machine ATM. I noticed that morning and immediately contacted TD Easyline."
ATM skimmer discovered at Clayton Bank of America - www.ksdk.com - 1/13/10 - "It's becoming one of the most dangerous tools in America: ATM skimmers. Such a device can wirelessly and illegally transmit financial information from an ATM to a thief. A skimmer was found last month at a Clayton branch of Bank of America. It's believed that the skimmer was removed before any bank accounts were looted. Authorities say it's a very common scam across the country, but this is the first time a 'skimmer' has been reported in the St. Louis-area."
Card Industry Has a Compelling Case for Data Encryption, Report Says - www.digitaltransactions.net - 1/13/10 - "End-to-end encryption of cardholder account data during the transaction process is an imperfect solution to payment card fraud, but it’s the most practical out there now for the U.S., a new report about fraud management from Aite Group LLC concludes. The report estimates that fraud cost the U.S. card industry $8.6 billion in 2008. The fraud rate, however, 0.4% of $2.1 trillion in charge volume in 2008, has been stable for several years, according to report author Nick Holland."
Annual Security Trends Web Seminar - www.sonicwall.com - 1/12/10 - "2009 was a year of major shifts in network and computer security. Demands such as Social Networking, Virtualization, Consolidation, Downsizing and Outsourcing drove the agenda for nearly every organization. So what's in store for 2010?"
Alert Debit Card Fraud related to Arco 1950 S. Delaware - hancsm.wordpress.com - 1/11/10 - "SMPD received 80 reported cases of ATM/Debit card skimmer fraud during the month of December. SMPD Detectives were able to determine that the Suspects surreptitiously broke into a gas pump paying machine, and attached “a skimmer device” to the back of the key pad at the ARCO Gas Station located at 1950 South Delaware Street. The skimmer was connected to a wireless recording device which captures the ATM card number and the PIN number."
Prosecutor: drug ring shipped marijuana by FedEx - www.seattlepi.com - 1/11/10 - "A 31-year-old Seattle man described by federal prosecutors as the leader of a crime ring involved in both drug trafficking and bank fraud has been sentenced to 8 1/2 years in prison. Mario Earl was sentenced Monday for conspiracy to distribute marijuana and bank fraud. The U.S. attorney's office says the ring was distributing large amounts of marijuana in the Chicago area."
ATM Skimming Incidents Increase - www.bankinfosecurity.com - 1/11/10 - "In Raleigh, NC, 300 members of State Employees Credit Union had money skimmed from their accounts. The skimmer may have been placed at a gas station, say police. SECU is second largest credit union in the U.S., with $18.4 billion in assets. "This type of thing happens all the time, unfortunately," says Leanne Phelps, senior vice president of SECU's card and record services department."
Security upgrade on way at pump - www.bankinfosecurity.com - 1/10/10 - "A looming requirement to upgrade encryption security at the gasoline pump could put many convenience store operators in a tough spot financially, said Chris Newton, president of the Texas Petroleum Marketers and Convenience Store Association. By July, payment network Visa wants debit card payments requiring a PIN code to be made at terminals equipped with the Triple Data Encryption Standard, a tighter security method than what’s in use at some gasoline retailers."
Heartland in $60 mln settlement agreement with Visa - www.reuters.com - 1/7/10 - "Heartland Payment Systems Inc (HPY.N) said it reached a $60 million settlement agreement with Visa Inc (V.N), under which it will pay issuers of Visa-branded credit and debit cards for data security breach claims. Heartland, the fifth-largest payments processor in the United States, said the settlement was with respect to losses issuers may have incurred from a criminal breach of its payment systems in 2008."
Cyber Attack Exercise Planned - www.bankinfosecurity.com - 1/7/10 - "How prepared is the financial services industry in the event of a cyber attack? The Financial Services Information Sharing and Analysis Center (FS-ISAC), a national industry forum, will conduct Cyber Attack Against Payment Processes (CAPP), an exercise to measure the ability of financial institutions, payment processors, businesses and retailers to respond and recover from major cyber incidents."
Calls made to catch credit card skimmers - www.gympietimes.com - 1/7/10 - "THE Commonwealth Bank has confirmed that a skimming device was placed on the Commonwealth Bank Automatic Teller Machine (ATM) at Centro Gympie Shopping Centre. Commonwealth Bank media manager Steve Patten told The Gympie Times that the device was discovered and removed on December 9, but no customers’ details had been compromised."
Heartland Breach Shows Why Compliance Is Not Enough - www.pcworld.com - 1/6/10 - "Nearly a year after Heartland Payment Systems disclosed what turned out to be the biggest breach involving payment card data, the company remains a potent example of how compliance with industry standards is no guarantee of security. Princeton, N.J.-based Heartland last Jan. 20 disclosed that intruders had broken into its systems and stolen data on what was later revealed to be a staggering 130 million credit and debit cards."
A Look at PCI in 2010 - www.storefrontbacktalk.com - 1/6/10 - "What are the PCI stories we are likely to see in the coming year? We know there is a new/revised version of PCI due to become effective in October, but what are the likely changes? And let’s not forget the card brands themselves or the technology vendors who constantly promise to make merchants’ lives easier (if maybe a little more expensive). With a new year in front of us (and caution behind), here are some forecasts and speculation for the coming year in PCI."
Calls made to catch credit card skimmers - www.which4u.com - 1/6/10 - "People are being urged to get in touch with police if they have any information about a number of credit fraudsters currently in operation. Detectives from the Wollongong Local Area Command reveal that since October they have received more than 100 complaints from consumers that money has been stolen from their bank accounts."
Javelin Complimentary Webinar: 10 Trends for 2010 - www.javelinstrategy.com - 1/5/10 - "Facing limited budgets, increased regulation and higher fraud incidence, banks must prioritize scarce investment funds to seize key opportunities in the mobile channel, social media, P2P, reworked offerings for consumers and merchants, data breaches and PCI compliance, and even new solutions for ATMs, PIN and real-time systems. Capturing consumer trust is more important than ever as consumers say their trust in financial institutions has worsened over the past twelve months by a ratio of nine-to-one, according to a nationally-representative November, 2009 online survey of 3,294 individuals. "
PHOTOS: Man accused of using skimming device on North Naples bank ATM - www.naplesnews.com - 1/5/10 - "Collier County deputies believe the same man, who was suspected of placing a skimming device on an ATM at a North Naples bank, has struck again. This time a skimmer was placed at the SunTrust Bank located at 801 Laurel Oak Drive, North Naples, on Nov. 27 and again on Dec. 12. In the first incident, deputies say a skimmer was placed on an ATM at the SunTrust Bank, 2420 Vanderbilt Beach Road, on Nov. 14. Several customers subsequently reported the fraudulent use of their debit card numbers on the east coast of Florida."
Skimming Scams – Identity Theft Gets Sophisticated - www.13wham.com - 1/4/10 - "Identity thieves have been using more sophisticated devices, but now, a new state law targets thieves who use skimming devices, which are small and hard to spot. In an example caught on camera, one woman gets her already-skimmed card back, suspecting nothing. But a decoder, connected to a computer, has already sent her account information to thieves in another state. "Once they use it they'll discard it,” said security officer Jason Ingalls."
Data breaches affect million state residents - www.boston.com - 1/3/10 - "One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years, according to records provided to the Globe by state officials.Many thousands of the leaks were first reported between June and November - including confidential data on customers of Blue Cross Blue Shield of Massachusetts, Eastern Bank, JPMorgan Chase Bank, and other major institutions, documents released by state regulators revealed."
Target Admits It Was Breached - www.storefrontbacktalk.com - 1/2/10 - "Years after it was breached by a member of Albert Gonzalez’s cyberthief gang, some 17 months after it’s name was quietly kept out of an indictment where it was referenced and five months after StorefrontBacktalk published its involvement, Target has confirmed that it was the victim of a data breach. “Target was one of the companies affected by an intrusion that occurred two years ago. However, the exposure—both in time and number of accounts—was extremely limited,” said Target spokesperson Amy Reilly."
Five security themes to watch in 2010 - www.techtarget.com - 1/1/10 - "The first decade of this millennium closed out with a lot of economic uncertainties. Tightening IT budgets at many enterprises forced some security firms to struggle; others closed their doors. The year was also marred with the largest data breach in history and embarrassing attacks on social networks. Rather than releasing major security innovations, experts used 2009 to talk about cloud computing insecurities and the need to focus on security basics. In 2010, there could be less hyperbole and more action."
Skimming Ring Suspects Sought for I.D. Theft - www.mountainenterprise.com - 1/1/10 - "Several residents of the Mountain Communities reported identity theft incidents early in 2009 after purchasing gasoline in Lebec. Photographs of those who have been seen allegedly placing credit card “skimming” devices in self service gas station card readers from Los Angeles through Bakersfield were released by Bakersfield Police Department (BPD) Tuesday, Dec. 29. Investigators for BPD have identified two of the suspects using stolen credit card information through recently reported skimming device operation at local gas stations."
Skimming Ring Suspects Sought for I.D. Theft - www.risnews.com - 1/10 - "Senior retailer managers who have relegated PCI compliance responsibilities to lower levels of the organization may be missing a critical opportunity to protect and even grow the business."
TNS, Semtek and VeriFone Partnership Provides Managed End-to-End Encryption for Merchants and Acquirers - www.tnsi.com - Winter 2010 - "TNS has joined forces with Semtek and VeriFone to provide managed decryption and communication services as part of a comprehensive end-to-end card processing encryption solution for the payments industry."

December 2009

New ATM skimming alert - www.whereilive.com - 12/31/09 - "OFFICERS from the State Crime Operations Command, Fraud and Corporate Crimes Group are investigating the location of a skimming device on an Automatic Teller Machine (ATM) at Clayfield on December 27. Police were notified of the device found on Sandgate Road around 5pm when a customer noticed a round watch type battery and printer circuit board with wiring below the clear plastic card entry slot."
ATM checks urged as skimmer found in Clayfield - www.news.com.au - 12/31/09 - "CARD-skimming crimes have exploded in Queensland and are set to become even more rampant because of "redundant technology" used by banks. Police have issued the warning following the discovery of another card-skimming device at Clayfield in Brisbane's north on Sunday."
Security breach reported by Internet trading site collective2.com - www.investmentnews.com - 12/30/09 - "Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company's computer database had been breached by a hacker and that all users should log in to change their passwords immediately. That e-mail, from Collective2 LLC founder Matthew Klein, stated that the information accessed by the hacker included names, e-mail addresses, passwords and credit card information."
Informant tells of role in FBI probes - www.ocregister.com - 12/30/09 - "Since he was a teen, Craig Monteilh has pretended to be someone he wasn't – Russian, Muslim, a white supremacist. It was a skill he learned early, says Monteilh, a 47-year-old Irvine man who, according to court records, provided information to the FBI. He learned to gain people's trust – even while pretending to be someone else. It's a skill that FBI agents and police officers helped him hone, he says. It's a skill that he sharpened in his role as an informant in several investigations."
Raleigh Bank Thinks Thieves Skimming Customers at Fuel Pumps - www.mync.com - 12/30/09 - "Police are investigating widespread credit and debit card fraud after hundreds of customers reported fraudulent transactions. State Employees Credit Union said around 300 of its customers had been impacted, and it was unclear Tuesday if other banks had also been impacted."
Card-skimming device found in ATM - www.smh.com.au - 12/30/09 - "Queensland police have warned people to check all ATMs before using them after a card-skimming device was found on a machine fitted with an anti-skimming mechanism in Brisbane. Officers were notified of the device on Sandgate Road, Clayfield, on December 27, which consisted of a round, watch-type battery and printer circuit board with wiring below the clear plastic card entry slot."
Source of stolen credit information was a restaurant - www.adn.com - 12/30/09 - "The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday. Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago."
Source of stolen credit card information was a restaurant - www.adn.com - 12/29/09 - "The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday. Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago."
Albert Gonzalez Pleads Guilty in Heartland, 7-11 Breaches — Updated - www.wired.com - 12/29/09 - "Florida computer hacker Albert Gonzalez pleaded guilty to conspiracy charges Tuesday for intrusions into Heartland Payment Systems, Hannaford Brothers supermarket chain, 7-Eleven and two unidentified companies — marking his third and final guilty plea in what prosecutors have called the largest identity theft scheme in U.S. history. Appearing in federal court in Boston, Gonzalez, a former Secret Service informant, pleaded guilty to two counts of conspiracy to gain unauthorized access to computers, and to commit wire fraud."
Citi Expands Denial of Summer Breach - www.paymentssource.com - 12/29/09 - "Citigroup Inc. elaborated on its denial that its systems had been breached last summer, suggesting that, if a breach occurred, it would have happened at a third party. "As with virtually all financial institutions, there are instances of fraud or breaches of third-party systems that result in our taking actions to protect our customers and Citi … , [but] there has been no breach of Citi's systems," the New York company said in a press release last week."
Source of stolen credit information was a restaurant - www.turnto23.com - 12/29/09 - "Bakersfield Police Investigators have identified two of the men who they said are responsible for using stolen credit card information through the recently reported skimming device operation at local gas stations. During the month of December, detectives from the Bakersfield Police Department said they discovered credit card information was likely being compromised at local convenience store gas station pumps."
ATM skimmers charged - www.sunshinecoastdaily.com.au - 12/27/09 - "TWO Romanian men have been charged over a series of “skimming” offences on ATMs across south-east Queensland. The pair appeared in Caboolture Court yesterday after being arrested during Operation Hotel Sweeper. They were refused bail and will reappear in court on January 13."
RPD arrested four for “ATM skimming” in 2009 - www.raleighpublicrecord.com - 12/25/09 - "A form of bank fraud that can victimize hundreds within hours is growing in sophistication and increasingly targeting the Raleigh area. The Raleigh Police Department arrested four suspects in 2009 as a result of multiple investigations into cases of “skimming,” where thieves use electronic devices to steal financial information. Although the arrests stem from only three cases in 2008 and 2009, the crimes can impact a large number of people."
Credit card theft device embedded in local gas pumps, Bakersfield police say - www.bakersfield.com - 12/24/09 - "During the month of December 2009, Bakersfield Police Department detectives discovered credit card information was likely being compromised at local convenience store gas station pumps. The information obtained was later used, by the offenders, to conduct purchases at Target and Wal-Mart stores located in other California cities."
Local Alaska retailer hacked, credit card info stolen - www.adn.com - 12/24/09 - "At least 150 Anchorage residents, possibly hundreds more, had their debit and credit card information stolen when a local retailer's computer records were apparently targeted by hackers, according to Anchorage police. Police estimate the number of local victims could range as high as 1,000 or more in what looks to be an organized nationwide scheme to steal account information and use it to buy goods to be sold for cash."
Cybersecurity czar's first task: reboot policy - www.minnpost.com - 12/23/09 - "Newly named cybersecurity "czar” Howard Schmidt, a former executive at eBay and Microsoft, faces the task of reengineering US policy to combat a growing, yet often neglected, threat to the country’s economy and digital infrastructure."
Rocklin Police Investigate ATM Scam - www.kcra.com - 12/23/09 - "Rocklin police are investigating an identity theft scheme that left at least two dozen people out thousands of dollars. Police said thieves installed credit card skimming devices on two pumps at the AMPM on Sunset Boulevard in Rocklin. The devices allowed the thieves to copy and use handfuls of people's credit cards. "It was a computer ribbon type device with a transmitter that was no bigger than a cigarette box," said Lt. Lon Milka."
Six Months Later, MasterCard Softens a Controversial PCI Rule - www.digitaltransactions.net - 12/23/09 - "MasterCard Inc. is changing a controversial policy, and pushing back a deadline, that it announced only six months ago regarding enforcement of the Payment Card Industry data-security standard. With the changes, which involve assessing computer systems for PCI compliance, MasterCard could be viewed as responding to valid complaints after first disclosing the planned changes, or it could be viewed has having done a flip-flop. Or both at the same time."
NYPD Daily Blotter - www.nypost.com - 12/23/09 - "Cops are looking for two high-tech thieves who hacked into at least four people's bank accounts after installing a "skimmer" at an East Village ATM. The bandits on Dec. 9 placed the device -- which grabs electronic info off bank cards -- over the card-reader slot at a Bank of America cash machine on Lafayette Street, police said. The thieves used the info to clone bank cards and withdraw customers' cash."
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift - www.infolawgroup.com - 12/23/09 - "While the proverbial jury is still out concerning retailers’ sales success this 2009 holiday season, Massachusetts’s highest court (the Supreme Judicial Court or “Supreme Court” as referenced herein) delivered retailers a significant holiday gift in the form of an opinion slamming the door on some financial institutions seeking to recover reissuance costs arising out a retailer’s payment card data breach."
Skimmer at Commonwealth Bank ATM in Perth mall sparks fraud fears - www.perthnow.com.au - 12/23/09 - "A SOPHISTICATED skimming device has been attached to a Commonwealth Bank ATM in the Perth CBD. It was incorporated into a facia fitted to the machine in the Murray Street mall. The skimmer was found yesterday afternoon - as the city swelled with Christmas shoppers - after a report from a member of the public."
Cash machine 'skimmer' alert - www.sunderlandecho.com - 12/23/09 - "An eagle-eyed shopper spotted the device, which copies customers' bank card details, and alerted security guards at the store. A spy-camera, which snaps people as they enter their secret pin code, was also found as police investigated the cash machine. Police say scammers attached the bank card skimmer and camera shortly after 9am on Friday, December 11. But it was quickly spotted and reported to police the same morning."
McDonald's card skim 'netted $5 million' - www.sbs.com.au - 12/23/09 - "Two men are being sent from Sydney to Perth to face charges in connection to stealing up to $5 million from about 4,000 customers at fast food outlets in what police say is Australia's biggest-ever single card skimming operation."
FBI Probes Hack at Citibank - www.wsj.com - 12/22/09 - "The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials. The attack took aim at Citigroup's Citibank subsidiary, which includes its North American retail bank and other businesses. It couldn't be learned whether the thieves gained access to Citibank's systems directly or through third parties."
Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack - www.wired.com - 12/22/09 - "The two great friends talked every day and shared information about all of their exploits — sexual, narcotic and hacking — according to prosecutors. Now another thing they’ll have to share information about is their experience in federal prison."
Settlements Still Leave Many Post-Breach Legal Woes for Heartland - www.digitaltransactions.net - 12/22/09 - "With two settlements announced in less than a week, merchant acquirer Heartland Payment Systems Inc. is putting some of the legal repercussions of its huge data breach behind it as 2009 draws to a close. But most of the legal troubles Heartland faces in the wake of the breach it announced last January still await resolution."
Fuel Dispenser Skimming in Alaska - www.bankinfosecurity.com - 12/22/09 - "Howard Schmidt, the information security expert who President Obama tapped Tuesday as his cybersecurity coordinator and who served as a senior cybersecurity adviser in the Bush administration, is characterized as a no-nonsense leader who will take no guff from senior White House advisers in advancing the administration's cybersecurity initiatives."
7-Eleven Hack From Russia Led to ATM Looting in New York - www.wired.com - 12/21/09 - "Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days. After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards."
UPDATE 1-Heartland to settle class actions over cyber breach - www.reuters.com - 12/21/09 - "Credit card processor Heartland Payment Systems Inc (HPY.N) said it would settle consumer cardholder class actions tied to claims arising from breach of its system by cyber thieves, and pay up to $2.4 million to class members submitting valid claims."
Major PCI Change: A Call To VAR Action - www.vertmarkets.com - 12/21/09 - "About one month prior to this issue, a group of restaurants filed a lawsuit against a POS software manufacturer for what the restaurants are saying is a lack of compliance with the Payment Card Industry Data Security Standard (PCI DSS). They say the lack of compliance allowed Romanian hackers to breach their POS systems. It remains to be seen whether the suit has merit, but it really doesn’t matter."
UK retail Wi-Fi security still patchy - www.theregister.co.uk - 12/21/09 - "Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist. The cybercrooks, who lifted more than 21 million credit card records, leapfrogged onto the retailer's credit card database after first breaking into the wireless network of a regional store, a subsequent investigation ahead of upcoming US trials revealed."
Fuel Dispenser Skimming in Alaska - www.alaskadispatch.com - 12/18/09 - "In news that hit a little closer to home, one Dispatch staffer had her debit card number stolen this week. Her theory? It was lifted by some kind of skimming device at the Carrs Huffman gas station. When she called to report the crime, police told her it's happened to over 100 people in the last week. Called for comment, an APD spokeswoman would only say many Huffman area residents have had their cards compromised, and it's under investigation."
Attack Of the RAM Scrapers - www.darkreading.com - 12/18/09 - "The inclusion of RAM scrapers in a recent Verizon Business list of the top data breach attack vectors prompted a bit of buzz about what exactly RAM scraping is and how much of a threat it poses. A RAM scraper as identified in the Verizon Business Data Breach Investigation report is a piece of customized malware created to grab credit card, PIN, and other confidential information out of a system's volatile memory."
Radiant Systems Calls for Industry to Unite Against Data Thieves - www.yahoo.com - 12/18/09 - "Radiant Systems, Inc. (Nasdaq: RADS - News) today issued a new challenge to the industry to come together to dramatically improve data security in the transaction-processing industry. “Our vision is to encourage all involved in transaction processing to move from a mindset of independent compliance to one of collaborative security that will greatly reduce the risk of data theft,” said John Heyman, chief executive officer at Radiant Systems."
Credit card skimmer found on Vancouver gas pump - www.tri-cityherald.com - 12/18/09 - "Police have recovered an illegal credit card skimming device from a convenience store gas pump in Vancouver. They are warning customers to be aware their credit or debit card information may have been stolen by identity thieves. The device was found Monday by an employee servicing the pump."
Smart Card Alliance Webinar: Top 10 Reasons U.S. Should Consider EMV - www.smartcardalliance.org - 12/18/09 - "EMV/chip technology will be the topic of a January 2010 webinar from the Smart Card Alliance, featuring speakers from Aite Group, Bank of Nova Scotia, KeyPoint Consulting and Visa on the reasons behind the global migration to this technology, and the possibilities for U.S. adoption."
People report credit card information stolen after using Paso Robles gas station - www.sanluisobispo.com - 12/18/09 - "The Paso Robles Police Department has taken 16 reports from people saying their credit or debit card information was stolen after they pumped gas. Police believe a "skimmer" - an illegal credit card reading device - was installed at the ARCO station on Ramada Drive for about two weeks from late November to early December, Officer Ty Lewis said. However, it was removed before police became aware of it, he added. Since the crimes usually aren't reported until a victim receives their bank statement, Lewis said, the criminals have time to remove the devices before they are discovered."
Heartland Pays Amex $3.6 Million Over 2008 Data Breach - www.pcworld.com - 12/17/09 - "Heartland Payment Systems will pay American Express US$3.6 million to settle charges relating to the 2008 hacking of its payment system network. This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year."
Study: Best-in-class merchants spend less for payment processing compliance but are more secure - www.pivotalpayments.com - 12/17/09 - "PCI compliance can be an intimidating thing for businesses with merchant accounts, especially smaller businesses that feel they cannot spend the money required to adequately protect their payment processing infrastructure."
Credit unions adding fee to debit card use because of skimming costs - www2.tbo.com - 12/17/09 - "If you belong to a credit union, some unexpected fees may be coming your way. At least three Bay Area credit unions are charging members for using their PIN number at stores and gas stations. This week, Bay Gulf Credit Union began assessing members 50 cents each time they punch in their PIN for a purchase. In November, GTE Federal Credit Union started charging 25 cents per transaction. The Railroad and Industrial Federal Credit Union also charges $1 every time you use your PIN. The fees are taking some members by surprise."
MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline - www.storefrontbacktalk.com - 12/16/09 - "MasterCard has quietly backed off from a much-complained-about plan to require Level 2 merchants to—for the first time—have an onsite QSA assessment completed by the end of 2010. Having a New Year’s Eve deadline—on the heels of the all-encompassing holiday season—was a recipe for tons of missed deadlines. The first MasterCard change made this month was pushing the Dec. 31, 2010, deadline back six months, to June 30, 2011. But MasterCard has also made two other key PCI changes."
Police find skimmers, but damage already done - www.kingmandailyminer.com - 12/16/09 - "Those who paid at the pump while filling their tank at two gas stations along Beale Street in the last four months are being advised to check their credit card statements. Citigroup and Discover credit services have identified dozens of accounts that were compromised through the use of a skimming device at the pump at the Exxon station at 999 W. Beale Street and the Chevron station across the street. Police believe the skimming devices were installed in July, but the crooks didn't actually begin accessing the accounts until September."
Fraudsters target festive shoppers - www.finda.com.au - 12/16/09 - "AFTER a recent increase in card skimmers located on automatic teller machines (ATM), police are encouraging the public to remain vigilant this festive season. Detectives from the State Crime Operations Command Fraud and Corporate Crime Group are working with regional police regarding a group of offenders who are targeting well-frequented ATMs across the south-east. Skimmers have been located fitted to ATMs in Tugan, Capalaba, Brisbane and on the Sunshine Coast during the past month."
When It Comes To PCI Compliance, Franchisors Are Screwed - www.storefrontbacktalk.com - 12/16/09 - "When it comes to franchise-based retailers, PCI Compliance is broken, plain and simple. It simply does not address the complexities of the franchisee/franchisor business model and, in the end, leaves the franchisor holding the bag. Because each franchisee is a separate merchant, most large franchise organizations are only required to meet PCI Level 4 requirements. Chains are forced to make tough decisions about how much risk they are willing to accept and what they are willing (or not willing) to do to protect their brand integrity."
ID thieves allegedly used fake credit cards at casinos - www.buffalonews.com - 12/15/09 - "Seven members of an alleged identity theft gang were arraigned Monday afternoon in federal court. Federal prosecutors accuse them of obtaining information from victims’ credit and bank cards, and using that information to make fake credit cards. They then used the bogus credit cards to withdraw $198,700 from Seneca Nation casinos in Niagara Falls and Salamanca, Assistant U. S. Attorney Aaron J. Mango said. Secret Service agents and state police are continuing to investigate."
Three Montreal men charged in Lower Mainland card skimming operation - www.news1130.com - 12/15/09 - "Three Montreal men have been arrested and charged after RCMP broke up a credit card and debit card skimming operation across the Lower Mainland. Searches of a rental car and two hotel rooms uncovered pin pads, counterfeit credit cards, modified gift cards, two “Personal Digital Assistant” (PDA) devices, two laptops, electronic tools, printed circuit boards, credit card readers, supplies for modifying pin pads and cash. RCMP say the three men were the "techie guys" in the operation, and their high-tech equipment is capable of storing the information of up to 5,000 cards."
BJ's, Bank Not Liable for Credit Card Fraud - www.courthousenews.com - 12/15/09 - "Credit unions and their insurer can't collect damages after thieves racked up millions of dollars in fraudulent purchases using credit-card information stolen from BJ's Wholesale Club, the Massachusetts Supreme Court ruled. Thieves gained access to the credit-card accounts of 9.2 million BJ's customers and used the information to make unauthorized purchases. Cumis Insurance Society and the credit unions who issued the cards sued BJ's Wholesale Club for breach of a third-party contract, based on BJ's agreement with Fifth Third Bank not to store customers' magnetic-stripe data."
Document Reveals TJX Hacker’s Assistance to Prosecutors - www.wired.com - 12/15/09 - "Admitted TJX hacker Albert Gonzalez has identified two Russian accomplices who helped him hack into numerous companies and steal more than 130 million credit and debit card numbers. Gonzalez told prosecutors that the hackers breached at least four card processing companies, as well as a series of foreign banks, a brokerage house and several retail store chains, according to a sentencing memo filed by his lawyer on Tuesday that was incorrectly redacted."
Gartner in two-factor authentication warning - www.securecomputing.net.au - 12/15/09 - "Organisations must employ a multi-layered approach to fraud prevention if they are to thwart increasingly persistent hacking attacks that can now circumvent two-factor authentication devices, according to analyst firm Gartner. In a new report released today, Where Strong Authentication Fails, Gartner recommends that organisations firstly monitor user access behaviour, by analysing all of a user's web traffic and spotting any automated programs."
PIN entry devices: Plan now for July 2010 - www.greensheet.com - 12/14/09 - "If you are an acquirer, ISO or merchant level salesperson, you are not alone if you do not fully understand the PIN entry device (PED) security initiative, now managed under the PCI Security Standards Council's (PCI SSC) PIN Transaction Security program. Typically, it's not that merchants and those serving them don't want to comply; it's that they don't know where to start. PED requirements are made all the more intimidating by the multitude of terms and acronyms used. "
10 Faces of Fraud for 2010 - www.bankinfosecurity.com - 12/14/09 - "'The more things change, the more things stay the same.' This old saying holds true when it comes to the different types of fraud hitting financial institutions. In 2009, institutions were hit from every angle with fraud schemes -- some were old, and some were new variations. Here is a roundup of the 10 predominant types of fraud that institutions and their customers can expect to see in 2010, according to industry experts."
Businesses still plagued by data breaches - www.masshightech.com - 12/11/09 - "As businesses face a March deadline under an oft-delayed state law to protect customer and employee personal information, data breaches affecting Massachusetts residents remain strikingly frequent. More than 1 million Massachusetts residents were hit by 807 data breach instances from Nov. 1, 2007, to Oct. 31 of this year, according to a report by the Massachusetts Office of Consumer Affairs and Business Regulation, which monitors and enforces state data breach regulations. In the six weeks since, 59 additional breaches have been reported to the state."
Fraudsters hack credit card holders - www.14wfie.com - 12/11/09 - "The Evansville Police Department say they have been taking complaints about credit card numbers being stolen and used in different states. Police say victims have been coming all week long. The one common factor in all these cases is that the victims belong to Integra Bank. Victims say they were notified by Integra; however, one woman says she doesn't believe that's where the breach occurred."
Amazon.com Had Malicious Botnet Hiding in (EC2) Cloud - www.saasdir.com - 12/11/09 - "The security breach that all anti cloud campaigners had been waiting for has finally happened. A unnamed website which is hosted on Amazon’s (AMZN) Elastic Compute Cloud Servers (EC2) suffered an attack from one of the most notorious botnet’s, Zeus. The Zeus Trojan is America’s most malicious botnet as it has the ability to steal data by key logging exactly what the user is typing. This means that details such as login credentials, account numbers and credit card information can be obtained and then used by the hackers."
National data breach notification bill passed in U.S. House - www.scmagazineus.com - 12/10/09 - "A national data breach notification bill was passed in the U.S. House of Representatives on Tuesday. The Data Accountability and Trust Act would require any organization that experiences a breach of electronic data containing personal information to notify all U.S. individuals whose information is breached. The law requires that the Federal Trade Commission to also be notified. In addition, organizations would be required to designate an information security officer and establish a data security policy."
Scammers scrape RAM for bank card data - www.securityfocus.com - 12/10/09 - "Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say. "Typically, these are specialized malware used in more targeted attack. Often times, they are customized to to work with specific vendors' point-of-sale systems, so they understand how the data is formatted and stored"."
Report finds most data breaches are 'utterly preventable' - www.securecomputing.net.au - 12/10/09 - "Most security breaches are caused by malware, an SQL injection attack or the exposure of remote access credentials such as a VPN password, according to a report by Verizon Business. Verizon's 2009 Supplemental Data Breach Investigations Report, released today, said that malware such as keyloggers and spyware were responsible for the majority of data breaches. Mark Goudie, managing principal at Verizon Business, told iTnews that the biggest surprise was that SQL injection attacks - which he described as "utterly preventable" - were still responsible for causing so much damage."
Heartland Lawsuit Dismissed, “Insufficient Evidence” Of Weak Security - www.storefrontbacktalk.com - 12/10/09 - "A federal judge dismissed a data breach-related lawsuit against Heartland Payment Systems on Monday (Dec. 7), saying that the plaintiffs hadn’t proved any of their allegations that Heartland knew it had inadequate security and lied about it to shareholders. The judge’s detailed ruling sheds light on the environment data breach retail victims are likely to face in court and could provide some guidance on how they should act when discussing those breaches."
Latest Statistics on Payments Fraud in Australia - www.paymentsnews.com - 12/09/09 - "The Australian Payments Clearing Association (APCA), the payments industry self- regulatory body, has released the latest fraud statistics for cheques, debit cards and credit and charge cards for the 12 months ending 30 June 2009. During the period Australia’s total rate of fraud (cheque and payment cards) has risen by 2 cents for every $1,000 of payments from 7 cents to 9 cents in every $1,000. While the total card fraud rate (debit card, credit card and charge card) increased by 1 cent in every $1,000 to 33 cents (up from 32 cents), it remains low by global standards."
Protecting Encryption Keys Takes Spotlight in Enterprise Data Security - www.your-story.org - 12/09/09 - "Mastering encryption key management is one of the next big obstacles in data protection for chief information security officers to overcome, according to Gary Palgon, nuBridges’ vice president of Product Management and an industry expert on data security. After a spate of embarrassing and costly data breaches, and a plethora of industry data security mandates, breach notification laws and government privacy laws, organizations have responded and are doing a much better job of protecting payment card data and personally identifiable information from cyber criminals and accidental loss using encryption."
Credit Card Skimmer Found On Gas Pump - www.clipsyndicate.com - 12/09/09 - "A device used by thieves to intercept credit card information was found Monday on a gas station pump."
Verizon: Data Breaches Getting More Sophisticated - www.wired.com - 12/09/09 - "Methods of stealing data are becoming increasingly sophisticated, but attackers are still gaining initial access to networks through known, preventable vulnerabilities, according to a report released by Verizon Business on Wednesday. “The attackers still usually get in the network through some relatively mundane attacks,” said Wade Baker, research and intelligence principal for Verizon Business’s RISK Team, in an interview."
Verizon Business Issues 2009 Supplemental Data Breach Report Profiling 15 Most Common Attacks - www.verizonbusiness.com - 12/09/09 - "The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold. In the “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” Verizon Business security experts tap the company’s detailed investigative records to identify, rank and profile the most common attacks."
The Point-Of-Sale Problem - www.storefrontbacktalk.com - 12/09/09 - "Albert Gonzalez—who has already pleaded guilty to masterminding a cyberthief ring that stole data from TJX, BJ’s Wholesale Club, Boston Market and Sports Authority, among other major chains—signed papers this month agreeing to plead guilty to the remaining federal charges against him. But one of the retail chain victims, which federal officials have yet to officially identify, asked the court to protect its “dignity” by preventing the government from releasing the chain’s name."
The Point-Of-Sale Problem - www.kptv.com - 12/08/09 - "A device used by thieves to intercept credit card information was found Monday on a gas station pump in Vancouver, police said. Vancouver police said the skimming device had been plugged into the wiring behind the panel of a gas pump at the 7-Eleven at 5600 E. Fourth Plain Blvd. It didn't impact customers' ability to purchase gas and it was well hidden from view, according to officers. An employee servicing the gas pump Monday afternoon discovered the device."
The Point-Of-Sale Problem - www.informationweek.com - 12/07/09 - "Point-of-sale systems, where customer credit or debit cards are swiped for payment, are one of the most frequently used computing systems in the developed world. They're also targeted by criminals. For instance, in 2005 attackers compromised POS systems at a Marshalls retail store and stole cardholder data. That same year, attackers stole the source code for Wal-Mart's custom-built POS systems."
Data Breaches in 2009 – a year in review - www.assassin711.com - 12/05/09 - "Welcome to my blog site! This blog is dedicated to technology, IT security, life, and humor. Please feel free to share your comments on this blog or contact me for any reason. Sincerely, Aamir Lakhani"
Webinar: Secure Commerce Payment Data - Dec 8, 2009 - www.cybersource.com - 12/04/09 - "Manage payment security without adding more proverbial locks and bolts to your infrastructure. Secure your payment process – including PCI compliance – with less cost, complexity and time. Discover how your peers are adopting a safer, more secure approach by eliminating all contact with payment data - a strategy we call Enterprise Payment Security 2.0."
The Merchants Strike Back? - www.abc.net.au - 12/04/09 - "The Commonwealth Bank says it plans to further boost its retail security systems, including anti-skimming devices on ATMs in the Illawarra. The upgrade comes after hundreds of people lost tens of thousands of dollars in northern Wollongong when their credit card details were skimmed at a service station at Austinmer. Police say the illegal activity has stopped but an investigation into the illegal transactions is still ongoing. The bank's head of financial crime management, Richard Moore, says the anti-skimming devices are part of a program to significantly help in preventing fraudulent activity."
Police warn about holiday scams - www.wtoctv.com - 12/04/09 - "Police are warning people about the increase of scams during the holiday season. Police recently found a couple of skimmer devices placed on bank ATM machines. The device steals your debit card information and pin. There has also been more reports of internet fraud such as false sweepstakes that ask you to cash a counterfeit check, and phising web sites which pose as a bank and ask for your personal information."
Long Island, NY - Police Warn of ATM Skimmers - www.vosizneias.com - 12/03/09 - "Nassau County Police are on the lookout for two bad guys trying to put skimmers on ATM's. "A skimmer is a device used to obtain information from your ATM card," said Nassau County Police Detective Mike Bitsko. When you are using an ATM, if something does not look right, move on to a different machine. When entering your PIN, make sure that you cover the keyboard or the ATM machine. Also, when entering the bank, make sure that no one follows you in without using their ATM card," said Bitsko."
The Merchants Strike Back? - www.infolawgroup.com - 12/03/09 - "With the recent news of several restaurants teaming up to sue point-of-sale system provider Radiant Systems (a copy of the complaint can be found here) for failing to comply with the PCI Standard, it appears that some merchants may be in a mood to strike back in the aftermath of a payment card security breach. This lawsuit comes in the wake of a couple lawsuits against payment card security assessor Savvis for allegedly failing to properly validate a processors' Visa CISP compliance (admittedly in this case it is the merchant bank suing the assessor, but a similar cause of action could exist for a merchant if its assessor makes a mistake in verifying PCI compliance)."
Merchant e-Solutions Offers Free Tokenization Services - www.paymentsnews.com - 12/03/09 - "Merchant e-Solutions has announced that it is providing merchants with a tokenization solution at no extra cost to protect sensitive credit card data and reduce the burden of PCI compliance. In focusing on the requirements of multi-channel merchants in retail, mail order/telephone order (MOTO) and ecommerce (card-not-present) businesses, merchants using this secure technology through the MeS proprietary platform, payment gateway or virtual terminal, will find it easier to comply with PCI requirements."
Howard Schmidt: mobile devices next attack vector - www.securecomputing.net.au - 12/03/09 - "As servers and desktops become too tough to crack, malicious hackers will turn their attentions to smart phones such as the iPhone, former Microsoft security officer Howard Schmidt told a gathering of security professionals in Sydney today. Speaking to the Australian Information Security Association annual seminar day, Schmidt (pictured) said the recent exploit from 21-year-old Wollongong hacker Ashley Towns was the "tip of the iceberg"."
Abbotsford Police issue photos of 'clueless' suspects - www.bclocalnews.com - 12/03/09 - "Police are circulating photos of three "clueless" fraud suspects after they hit business establishments in both Abbotsford and Coquitlam last week. Abbotsford fraud investigators want the public to identify three people who attempted to skim debit and credit card information with a stolen PIN pad, said Const. Ian MacDonald. RCMP investigated after the suspects allegedly stole a PIN pad device from a Coquitlam furniture store on Nov. 26."
Bank didn't notice ATM skimmer for a week - www.smh.com.au - 12/03/09 - "The Commonwealth Bank has admitted an ATM skimming device was fitted to a South-East Queensland cash machine for nearly a week before anyone noticed. The skimmer, which is used by criminals to capture bank card details later used to steal money and in identity fraud, was discovered at a Commonwealth Bank machine at Stockland Caloundra, on the Sunshine Coast, on November 25."
Ajax fraudsters guilty of criminal organization charge - www.newsdurhamregion.com - 12/03/09 - "Two Ajax men have been found guilty of participating in a criminal organization for their roles in a debit card-skimming operation that targeted at least one Durham bank. Ian Laffan, 34, and Corrie Wheartly, 37, pleaded guilty to numerous charges including conspiracy to commit an indictable offence and fraud in mid-November. They also pleaded guilty to participating in a criminal organization, a relatively new section of the Criminal Code that addresses organized crime."
Visa, MasterCard, AMEX Grilled Over Web Scams - www.forbes.com - 12/03/09 - "Sen. John D. Rockefeller, D. W.Va., wants to turn the spotlight on an often overlooked participant in some of the Web's shadiest schemes: credit card companies. In an open letter sent Thursday to Visa ( V - news - people ), MasterCard ( MA - news - people ) and American Express ( AXP - news - people ), Rockefeller demanded that the companies provide information on the safeguards they have in place to prevent and respond to the hidden fees charged by a small group of grey market companies that make misleading offers to consumers on hundreds of seemingly reputable e-commerce sites."
Police hunt pair who tried to put card-skimmer in ATM - www.newsday.com - 12/02/09 - "Police are searching for a man and woman who broke a light on a bank ATM in an attempt to insert a card-skimming device. Nassau County police said the incident took place at the Wachovia Bank on Plandome Road in Manhasset Sept. 10 between 7:54 p.m. and 11:44 p.m. The pair's images were captured by the automated teller machine camera. Police said the incident left the ATM inoperable."
Police hunt pair who tried to put card-skimmer in ATM - www.am-ny.com - 12/02/09 - "Police are searching for a man and woman who broke a light on a bank ATM in an attempt to insert a card-skimming device. Nassau County police said the incident took place at the Wachovia Bank on Plandome Road in Manhasset Sept. 10 between 7:54 p.m. and 11:44 p.m. The pair's images were captured by the automated teller machine camera. Police said the incident left the ATM inoperable."
Recognizing the payment industry achievements of 2009 and looking ahead - www.scmagazineus.com - 12/02/09 - "When I took over as chair of the PCI Security Standards Council in January, I knew it was going to be a busy year. I've witnessed the payment community come together in unprecedented ways by putting aside individual opinions and staying focused on how we can continue to evolve and develop the PCI Data Security Standard (PCI DSS) to best protect cardholder data on a global level."
Debit card skimming heats up - www.bclocalnews.com - 12/02/09 - "Police are grappling with a major spike in debit card skimming activity in the Lower Mainland. Fraudsters have stepped up their efforts to illegally harvest card data and passwords, forge fake cards and then suck money out of victims' bank accounts, according to Sgt. Tony Farahbakhchian, the RCMP's Pacific region counterfeit coordinator. "The increase is significant," he said, but added he doesn't have precise numbers of banking customers affected."
Eldersburg Bank of America patrons fall prey to ATM skimming scheme - www.eldersburg.net - 12/01/09 - "Thieves recently stole thousands of dollars from users of Eldersburg’s Bank of America ATM located at 6400 Ridge Road, state police said. Trooper Corey Green of the Maryland State Police said there were several methods that a thief could use to steal bank card information, including using cell phone cameras to capture critical information. The method in this case was a card skimmer, which is equipment installed on an ATM machine and disguised so as to not look out of the ordinary."
Police looking for nasty combo - www.bclocalnews.com - 12/01/09 - "It’s 9:45 p.m. on a Saturday night when two young men walk into a Wendy’s restaurant, looking for something to eat. Just minutes before closing, the pair heads up to the till and places an order. They pay with cash and, after a few moments, an employee places some food on a tray and briefly walks away. It takes the two men mere seconds to pull off one of the costliest scams plaguing the retail world these days."
Hancock Fabrics: 4th State Linked to Possible Breach - www.bankinfosecurity.com - 12/01/09 - "A fourth state has been linked to the recent fraud associated with national retailer Hancock Fabrics. An Oklahoma-based bank reported it had to replace 1,000 cards last week because of fraud linked to Hancock stores, according to Elaine Dodd, vice president of the Oklahoma Bankers Association Fraud Division. The United States Secret Service is investigating the incidents, Dodd says. In November, bank customers in California, Wisconsin and Missouri reported fraudulent ATM withdrawals that police say are tied to credit and debit card transactions conducted with Hancock Fabrics stores."
Decoding the Encryption Enigma - Transaction Trends Magazine - 12/09 - "As the industry tries to stay ahead of clever thieves with tactical fixes and a safer infrastructure, some companies are turning to end-to-end encryption to safeguard data."