VeriFone Secure Retail Payments

Payment Security Web Portal Brought to You by VeriFone

News

These are the most recent news articles we have collected. For our archived news collection, please click here

October 2011

U.S. EMV implementation – www.greensheet.com – 10/10/11 – “Visa Inc.'s recent initiative to increase pressure on U.S. issuers, acquirers, processors and merchants to adopt the Europay/MasterCard/Visa (EMV) smart card system (dubbed chip and PIN in the United Kingdom and elsewhere) makes it a good time to look at what EMV is, what it does and what the coming changes mean to all involved.”
Warning After Card Skimmer Found On Cumbrian Cash Machine– www.newsandstar.co.uk – 10/9/11 – “They have urged people to be vigilant when using ATMs and take care to conceal their PIN. They should also report anything suspicious immediately.”
VA reports records breach– www2.tbo.com – 10/8/11 – “The Department of Veterans Affairs is investigating the "inappropriate removal" from the James A. Haley Veterans' Hospital of records that contain personal information about hundreds of veterans who had received treatment there.”
ATM Crooks Hit Rye Bank – www.theloopny.com – 10/9/11 – “Just slightly more than a week after urging residents to be on guard, Rye police have discovered an ATM card skimmer at a local bank. The skimmer found at the HSBC Bank on Purchase Street is the fifth device of its kind discovered recently in Westchester. Similar illegal set-ups, which also include hidden cameras, have been found at bank machines in Bronxville, Pelham, Yonkers and Poughkeepsie.”
Major credit card scam uncovered – US – english.ruvr.ru. – 10/8/11 – “In the United States 85 people have been arrested and 25 are being looked for in a major credit card fraud uncovered by New York police. The suspects, many of them from the former Soviet Union and all members of five local criminal gangs, had their people working at restaurants, hotels and supermarkets using special gadgets to download the clients’ credit card data which was then placed on blanks imported from Russia, Libya, Lebanon, and China. The fraudsters used the fake cards to buy 13 million dollars worth of pricey items across the US”
Credit card scam in US: 13 Indians charged– www.indianexpress.com – 10/8/11 – “In the biggest identity theft scam in the US history, 111 people, including at least 13 of Indian origin, have been charged by federal authorities for stealing credit card data of thousands of customers to buy high-end products worth over USD 13 million, including Apple gadgets and fancy bags from Gucci.”
Fraudsters with links to Tiger terrorists– www.dailynews.lk – 10/8/11 – “Organized crime gangs with links to Britain and Sri Lanka are fuelling a fresh wave of identity fraud in Victoria, with Melbourne’s inner city firming as the latest frontier in card skimming. Police accuse banks of putting their own reputations before their customers’ welfare, Herald Sun investigations found: It said: “A secret national taskforce has broken a $100 million global Eftpos skimming syndicate with 56 arrests, including two individuals from Britain and two from Canada.”
Subway to introduce PayPass contactless payments– www.contactlessnews.com – 10/7/11 – “Subway, the world’s largest sandwich chain, has announced it will begin accepting MasterCard PayPass contactless payments at more than 7,000 U.S. locations by the end of the first quarter of 2012.”
Kansans Affected By Security Breach At Oklahoma Casino– www.kake.com – 10/7/11 – “Systems used for processing credit card transactions may have had a breach in security at First Council Casino in Newkirk, Oklahoma. "We hate to see any kind of breach by any of our customers or retailers in the area," said Bruce Schwyhart, president of CornerBank in Winfield.”
Swindlers prey on Russians’ credit cards– www.rt.com – 10/7/11 – “Up to $79 million may disappear from bank cards in Russia by the end of the year, as the amount of credit and debit card fraud in the country has doubled over the recent six months.”
Local bank cards affected by security breach– www.newscow.net – 10/7/11 – “Some Cowley County residents are amongst the scores of people who have had their debit, or credit-card information compromised after using the cards at Otoe-Missouria Tribe properties along U.S. 77 Highway in Oklahoma.”
NYC identity theft and credit card fraud victimized thousands, more than 100 arrested, says D.A.– www.cbsnews.com – 10/7/11 – “Bank tellers, restaurant workers and other service employees in New York City lifted credit card data from residents and foreign tourists as part of an identity theft ring that stretched out to China, Europe and the Middle East and victimized thousands, authorities said Friday.”
Pullman hit by debit, credit card fraud spree– www.seattlepi.com – 10/7/11 – “Police are investigating more than 200 credit card and debit card fraud cases in Pullman, Whitman County and at Washington State University.”
Skimmer scammer heads for slammer– www.thephuketnews.com – 10/7/11 – “The arrest followed information received by Phuket Tourist Police officers from Athiphat Tikanit, Fraud and Corruption Control Officer at the Bangkok headquarters of Siam Commercial Bank (SCB), who reported that someone was using stolen credit card details to withdraw cash and buy items in Phuket.”
Mobile POS Poised for Growth – downloads.vertmarkets.com – 10/6/11 – “As merchants and customers in a wide range of verticals search for ways to improve customer service and speed cash flow, mobile point of sales systems have become a common sight in restaurant and quick service retail applications, as well as in the airline industry and at stadiums and other venues.”
Can 3D Printers Pose A Security Risk?– www.cartridgenews.com – 10/6/11 – “Just when you thought 3D printers could do no wrong, it turns out criminals are using them to steal sensitive consumer information. KrebsonSecurity.com reports that a group of scammers took more than $400,000 over two years from ATM machines in Texas using a device called an ATM skimmer. A skimmer consists of two main parts: a piece that fits over the card reader and steals your info as you slide in your card, and a hidden camera that records your keystrokes as you type them. Another method of recording keystrokes is to place a fake keyboard over the real one.”
Breach Reported 18 Months Later– www.bankinfosecurity.com – 10/6/11 – “The breach of online gambling site Betfair is alarming to banking institutions and security experts because the company waited 18 months to report the incident.”
Consumers Warm To Location-Based Coupons– www.mediapost.com – 10/6/11 – “If you can help someone save money, they may not mind being pushed a contextually relevant coupon on their smartphone. In fact, many seem ready to share their location with a retailer in order to get the savings.”
Tablet Update: Retailer Implementation Continues To Soar– www.retailtouchpoints.com – 10/6/11 – “Following the news that HP halted production of its webOS devices in September 2011, including the TouchPad and webOS phones, the retail industry is speculating on the future of tablet technology. While the Apple iPad has made the most significant impact on the market to date — with more than 86% of Fortune 500 companies already deploying or piloting the device — other brands such as the Motorola Xoom, the Samsung Galaxy Tab, the Blackberry PlayBook, the Cisco Cius and the Kindle Fire are working to make market headway. As retailers deploy tablets to create a more media-rich in-store experience, analysts are contemplating if adoption of the technology will fulfill expectations.”
'Chain of Events' Led to Patient Data Breach at Stanford Hospital– www.californiahealthline.org – 10/6/11 – “Details have been released about how a Stanford Hospital & Clinics data breach affecting 20,000 emergency department patients occurred, the New York Times reports (Sack, New York Times, 10/5).”
Federal Reserve Listens To Security Vendor CEO Rip Into PCI– storefrontbacktalk.com – 10/5/11 – “Before a typically staid Federal Reserve Bank of Chicago symposium last week, the CEO of a security device vendor violated Jim Croce's rule of not tugging on Superman's cape. In a speech, the CEO ripped into the PCI Council, dubbing it a "dangerous false God" and saying that "PCI has rapidly become a self-perpetuating, self-aggrandizing, profit-motivated authority. It has and will continue to stifle innovation by its often nonsensical rule making." And she then stopped pulling her punches.”
Heartland Payment Systems® Releases First Actual Durbin Impact Statistics– www.heartlandpaymentsystems.com – 10/5/11 – “Heartland merchants receive millions of dollars through Durbin pass through program QSRs and small-ticket merchants feel the pain of MasterCard® and Visa® fee changes”
Accepting Credit Cards And Risking Bankruptcy– bsminfo.com. – 10/5/11 – “Every consumer receives multiple credit card offers each week. The card companies have hooked the public on the ease of credit card purchases. The demand for credit/debit card purchases exists, making both consumers and card issuers content. Banks and payment processors have shared in the frenzy and found profitable niches. It's merchants and retail technology providers who are left as the vulnerable parties when a data breach occurs in an imperfect system.”
Yumilicious adopts mobile to drive its loyalty program – www.mobilecommercedaily.com – 10/5/11 – “Frozen yogurt franchise Yumilicious is extending its loyalty program into mobile at several locations as a way to bring another layer of customization to the customer experience.”
Most Stakeholders See Mobile Payment Security Incidents Increasing in the Next 18 Months – mobilenow.yankeegroup.com. – 10/3/11 – “Featured Graphic”
Obama Tells Bank of America That Debit Card Fee is Bad Business – www.nacsonline.com – 10/5/11 – “Bank of America has been taking flack from consumers over its recent announcement that it will start charging debit card users a $5 monthly fee. But on Monday, criticism came from a higher source: the president.”
Police look for credit-card-skimming thief – www.9news.com – 10/5/11 – “Detectives are looking for a man who gained access to a Boulder woman's bank account and withdrew over $11,000 dollars from it.”
Smishing: How Banks Can Fight Back– www.bankinfosecurity.com/ – 10/5/11 – “Police in Pima County, Ariz., have issued a warning about smishing, or text-based phishing attacks, targeting mobile users. The warning comes after a Tucson-area resident filed a complaint about a phishy text message that appeared to be from the recipient's financial institution. The text, which asked the accountholder to call a specified number to resolve a possible compromise of his bank account, included the last four digits of the user's debit card, making the text appear legitimate.”
Police: Man Steals $100K Using Skimmer On Local ATMs – www.thedenverchannel.com – 10/5/11 – “Boulder County Sheriff's deputies have released a picture of a man they said has stolen more than $100,000.”
Apple Forgoes NFC M-Payment Integration With New iOS 5– www.dailyfinance.com – 10/5/11 – “The wait is finally over: Apple (NAS: AAPL) officially unveiled its newest iPhone during a media event Tuesday. Dubbed the iPhone 4S -- not the iPhone 5, as most anticipated -- the smartphone heralds the arrival of the new iOS 5 operating system update, which brings with it more than 200 new features including the iCloud content sync service, Siri voice-activated controls and the location-enabled Find My Friends tracking app. No less notable is what iOS 5 doesn't include: Near Field Communications-enabled mobile payments integration.”
Banks losing ground on card security– www.reuters.com. – 10/4/11 – “U.S. banks are losing ground in the battle to combat credit and debit card fraud, a new report shows, underscoring the growing threat thieves and hackers pose for the financial system.”
ARTS Standards & Next-gen Payments: Chickens and Pigs– www.retailsystemsresearch.com – 10/4/11 – “The ARTS (Association of Retail Technology Standards) has been an influential offshoot of the National Retail Federation for over a decade. In fact, it was an idea hatched before the NRF’s involvement by a retail CIO, Richard Mader, who continues to be its guiding light within the NRF today. When taking on the idea, the U.S. trade association’s leadership of that time understood that standards adoption by technology solutions providers (and particularly store technology solution providers) was important to give retailers some flexibility in their choices, to lower costs, and achieve a faster speed-to-implementation. Technology companies grabbed onto the concept as well and supported it with resources. Thus it was that the NRF was able to successfully promote the adoption of standards for data structures, hardware interfaces, and inter-process messaging that are now accepted by most retail technology providers and used by retailers everywhere. ”
More fraudulent charges reported over weekend – www.mineralwellsindex.com – 10/4/11 – “Less than two months after a significant portion of Mineral Wells was affected by unauthorized credit and debit card use, several more instances of bank card fraud were reported over the weekend.”
As Information Thieves Target Small Businesses, New Insurance Emerges– blogs.courant.com. – 10/4/11 – “The Hartford and a Farmington-based insurance agency are marketing data-breach coverage to small businesses, which are increasingly the target of stolen information, according to an analysis by the U.S. Secret Service and the Verizon RISK Team.”
Mobile Payment to Simplify Customer Transactions – www.nacsonline.com. – 10/4/11 – “Soon, paying for your purchases at stores could be as simple as tapping your smartphone to a processor. That was they key point underscored at the “Mobile Payments: Which Technology Will Come out on Top?” workshop on Monday.”
More US vending machines accept EMV chip cards – www.cardratings.com – 10/4/11 – “A soda machine outside the neighborhood grocery store could encourage more Americans to adopt new credit card technology. According to the Nilson Report, a payment processing trade journal, one company's clients already process more than 25 million self-serve transactions every year.”
App Lets E-tailers Incentivize Customers with Reward Program Miles– risnews.edgl.com. – 10/3/11 – “Online merchants can now offer points, miles and rewards from leading customer loyalty programs as incentives to their own customers with the new Incentify by Points.com application.”
App Lets E-tailers Incentivize Customers with Reward Program Miles– risnews.edgl.com – 10/3/11 – “Online merchants can now offer points, miles and rewards from leading customer loyalty programs as incentives to their own customers with the new Incentify by Points.com application.”
Square readers still unencrypted – www.mobilepaymentstoday.com – 9/30/11 – “The credit card readers sent by mobile POS company Square to its merchants are still unencrypted despite last spring's assurances from the company that the dongles would be encrypted by the summer. The dongles are the small devices that turn a merchant's smartphone into a mobile point of sale terminal.”
Mobile malware, "whaling" top challenges of 2011, says IBM report– www.scmagazineus.com – 9/30/11 – “An unprecedented number of successful attacks on corporate networks in the first half of the year illustrates that "basic network security is not just a technical problem, but rather a complex business challenge," according to the "IBM X-Force 2011 Mid-year Trend and Risk Report," released on Thursday”
Hotel groups work to secure credit-card data – www.hotelnewsnow.com – 9/28/11 – “At least sixteen major hotel groups from around the world plan to work together to develop an industry security framework for handling sensitive credit card data. Intended to dramatically improve the security of credit card processing by and for hotels while significantly reducing costs, the effort has been chartered as a working group of Hotel Technology Next Generation (HTNG). HTNG is a non-profit trade association that has developed solutions and standards in use throughout the hospitality industry, including interface standards for credit card processing and security.”
Tablet Sales for Retail Use to Spike by 2015– vsr.edgl.com – 10/4/11 – “By 2015, more than 2.7 million tablets a year will be sold to retail establishments for use as mobile POS devices and consumer information tools, according to a recent report from IHL consulting. This isn't a shock considering the extreme popularity if Apple's iPad and the buzz around the recent announcement of Amazon's Fire tablet.”
Federal prosecutors announce crackdown on ATM ‘skimming’ – www.snovalleystar.com – 10/5/11 – “How can you tell when a scam is becoming commonplace? When its victims include the top federal law enforcement official in the region. U.S. Attorney Jenny Durkan, the lead federal prosecutor for Western Washington, is one of many victims of skimming — a high-tech trick that thieves use to gather sensitive financial information.”
3 Men Arrested on Card-Skimming Charges – www.myfoxphoenix.com – 10/5/11 – “Authorities say three California men have been arrested in Lake Havasu City for allegedly possessing credit card skimmers and drugs.”
Letter To Bank Of America Ceo Brian Moynihan – durbin.senate.gov – 10/3/11 – “On September 29 it was reported that Bank of America would begin charging its customers a $5 monthly fee for the use of a debit card. In other words, your bank has decided to impose a significant new fee on loyal customers who simply want to access their own deposited money through a card that your bank gave them and encouraged them to rely on. I challenge you to provide specific and credible data that justifies imposing this monthly card fee. If you cannot provide such data, I challenge you to do the right thing for your customers and reconsider your decision. Based on the data I have seen, your decision to charge this new fee cannot be justified by any reasonable measure.”
OfficeMax delivers faster in-store experience with Google Wallet– www.mobilecommercedaily.com – 10/4/11 – “OfficeMax is letting in-store customers pay via Google Wallet to deliver a faster, personalized in-store shopping experience.”
Taking stock of PCI five years on– www.scmagazineus.com –10/3/11 – “Last month marked the five-year anniversary of the PCI Security Standards Council. Looking back now, it is amazing to see how far we have come as a result of the ongoing participation of security professionals like you. An integral part of the PCI community, you have helped steer the process, driving PCI awareness and adoption levels that have led to the overall growth and improvement of payment card security we see today.”
Patent Troll Says Anyone Using WiFi Infringes; Won't Sue Individuals 'At This Stage'– www.techdirt.com – 10/3/11 – “Just as some in the copyright trolling business are lowering their settlement fees, but making it up in volume, it appears there's a similar effort under way on the patent trolling side of the world. The Patent Examiner blog has the incredible story of Innovatio IP, a patent troll that recently acquired a portfolio of patents that its lawyers (what, you think there are any employees?) appear to believe cover pretty much any WiFi implementation. They've been suing coffee shops, grocery stores, restaurants and hotels first -- including Caribou Coffee, Cosi, Panera Bread Co, certain Marriotts, Best Westerns, Comfort Inns and more.”
Credit card 'skimmer' found at Plant City ATM– www.tbo.com – 10/3/11 – “A device that can be used to steal credit card information was found Sunday at an ATM machine at a local bank. Police say customers who have used the ATM at the SunTrust at 308 W. Alexander St. in the last six months should review their accounts for any fraudulent or suspicious activity.”
Cyber-security legislation: a view from Silicon Valley– www.dailycaller.com. – 10/3/11 – “A new bill aimed at protecting citizens’ online personal information by holding companies accountable for protecting that information is making its way through the Senate. The Personal Data Protection and Breach Accountability Act, sponsored by Senator Richard Blumenthal, would enable the Justice Department to fine businesses with more than 10,000 customers $5,000 per violation per day, with a maximum of $20 million per violation.”
Durbin Amendment Explained, And What It Means To You– www.retailsolutionsonline.com – 10/3/11 – “Remember when a debit card was just a reusable plastic check? Easy for consumers to use and cheap for retailers to process, when banks started issuing debit cards their use led to a simple equation. A dollar debited was a dollar spent, a dollar spent was a dollar made by a merchant. Banks and merchants alike saved big on processing costs, but nobody profited, per se.”
Coupon Sites Are a Great Deal, but Not Always to Merchants– www.nytimes.com – 10/1/11 – “Like businesses across the land, the Madison Avenue spa Wellpath tried to drum up customers by running heavily discounted coupons on deal-of-the-day Web sites. But the Internet coupon fad is shrinking faster than fat from a weight-loss laser.”

September 2011

Did Congress Kill the Debit Card?– www.theatlantic.com – 9/30/11 – “Americans are outraged that Bank of America intends to charge its customers a $5 fee for using their debit card. And simply switching banks might not help: others are expected to follow. While frustration over yet another bank fee is understandable, this one should surprise no one. Congress acted to cap the debit fees that banks could charge retailers last year, and banks are reacting by directly charging their customers a portion of these lost fees to make up the difference. The move could mean the end of the debit card.”
Why Merchants Struggle with PCI– www.bankinfosecurity.com – 9/30/11 – “When it comes to ensuring payment card security, are merchants simply ignoring best practices such as layered security, as prescribed by the Payment Card Industry Data Security Standard?”
Eventbrite suffers possible security breach – www.ticketnews.com – 9/30/11 – “Ticketing and event management company Eventbrite is dealing with a possible security breach following the theft of two iPads that contained personal information of some of its customers.”
Durbin Slams Bailed-Out Bank of America Over New Debit Card Fee– www.foxnews.com – 9/30/11 – “A top senator slammed Bank of America after the company, one of the largest recipients of U.S. taxpayer bailouts, announced it would charge customers a new $5 monthly fee for using their debit cards -- even if just to buy a $2 coffee.”
NRF Says Swipe Fee Cut Will Save Merchants and Consumers Billions– www.reuters.com – 9/30/11 – “Merchants and their customers will save billions of dollars when new Federal Reserve regulations cutting debit card swipe fees roughly in half take effect this weekend, the National Retail Federation said today.”
7 Steps to Secure Mobile Devices– www.bankinfosecurity.com. – 9/30/11 – “Elayne Starkey recently gave up her BlackBerry for an iPhone, and uses the Apple mobile device for personal and work doings, securely connecting to the computer system of her employer, the state of Delaware.”
More French nationals arrested on credit-card fraud charges – www.pattayamail.com – 9/30/11 – “Two more French nationals have been arrested for allegedly trying to copy tourists’ ATM cards.Samir Chohra and Joel Mouffok, both 27, were taken into custody Sept. 19 at the corner of Second Road and Soi 5 after being detained by volunteers.”
Medicare Tests Alternative To Fraud-Fighting Smart Card– www.informationweek.com – 9/29/11 – “The Centers for Medicare and Medicaid Services (CMS) is already looking at an alternative to the smart card system that new Congressional bills are proposing that are designed to fight Medicare fraud. Unlike the system envisioned in this legislation, which would require a new data network dedicated to Medicare, the pilot underway in Indianapolis uses magnetic-stripe cards that can be read by conventional credit-card terminals.”
Update: Data breach affects 4.9M active, retired military personnel– www.computerworld.com – 9/29/11 – “Sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised after backup tapes containing the data went missing recently.”
Tempe Police Arrest ATM Skimmer Suspect– www.myfoxphoenix.com – 9/29/11 – “Tips from the public lead Tempe police to a man suspected of using a skimming device on ATMs.The device is used to steal data from the cards' magnetic strips.”
Sony's data loss didn't breach Privacy Act– news.cnet.com – 9/29/11 – “Sony Computer Entertainment (SCE) Australia wasn't on the wrong side of the law when it experienced a massive data breach due to a cyber attack earlier this year, according to Australian Privacy Commissioner Timothy Pilgrim.”
The year of the mobile security breach is here: Attacks skyrocketed in 2011– www.venturebeat.com – 9/29/11 – “The number of mobile security exploits is on track to double year over year between 2010 and 2011. “For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices,” said Tom Cross, a manager at IBM’s X-Force security research arm. “It appears that the wait is over.””
Data Breach Exposes Millions Of TRICARE Patients– www.ksat.com – 9/29/11 – “A massive data breach could affect millions who have received care from military facilities in San Antonio since 1992. TRICARE, a health care program that serves active and retired military, released a statement about the breach on their website.”
Mobile Security: Your #1 Threat– www.bankinfosecurity.com – 9/29/11 – “Security concerns about mobile applications may be overblown, some experts say. Mobile users are more likely to compromise their mobile security via browsing and texting behavior than they are through the download of open-source apps.”
PCI: Merchants Still Fall Short– www.bankinfosecurity.com – 9/28/11 – “Discussing Verizon's new report on the state of PCI compliance, PCI expert Jen Mack says payment card security today is "disappointing," and global merchants are at serious risk of new data breaches.”
Credit card security not improving: Verizon– ww.zdnet.com.au – 9/28/11 – “Businesses that accept credit or debit cards have continued to fail at achieving and maintaining compliance with the Payment Card Industry Data Security Standard (PCI DSS), according to a report (PDF) released by Verizon.”
Hotel groups work to secure credit-card data– www.hotelnewsnow.com – 9/28/11 – “At least sixteen major hotel groups from around the world plan to work together to develop an industry security framework for handling sensitive credit card data. Intended to dramatically improve the security of credit card processing by and for hotels while significantly reducing costs, the effort has been chartered as a working group of Hotel Technology Next Generation (HTNG). HTNG is a non-profit trade association that has developed solutions and standards in use throughout the hospitality industry, including interface standards for credit card processing and security.”
As Federal Data Breach Bill Goes To The Full U.S. Senate, NRF Warns Of “Notice Fatigue.” Not To Worry: This Bill’s Many Loopholes Won’t Require Retail Chains To Do Much Anyway– www.storefrontbacktalk.com – 9/27/11 – “On September 22, the U.S. Senate Judiciary Committee pushed a data security bill—which has been bouncing around that chamber for six years—to the full Senate. The bill would create federal data security rules, including new retail data breach disclosure rules. But the bill (Personal Data Privacy and Security Act of 2011 introduced by Sen. Patrick Leahy, Dem.-VT) still suffers from many of the lengthy exceptions that it has had for years, exceptions that all but guarantee that few retailers will be required to do anything differently.”
Google exec: Mobile payment adoption means bigger retail budgets– www.mobilecommercedaily.com – 9/27/11 – “A Google executive at the OMMA Mobile conference said that consumers are ready for mobile payments. While the recently launched Google Wallet is just the tip of the iceberg, mobile commerce will see a mass adoption in the near future.”
QSAs Share What Drives Improved PCI Practices – www.darkreading.com – 9/26/11 – “After looking under the covers at so many different kinds of organizations, Payment Card Industry (PCI) Qualified Security Assessors (QSAs) get to see the full range of the good, the bad, and the ugly of PCI compliance and security regimes. According to many QSAs, avoiding PCI struggles, poor security, and flagged yearly assessments are often more about the right attitudes from management than about the IT security practices themselves. QSAs say the organizations that come at PCI positively reap the most benefits. In other words, approach PCI in earnest, and best practices will follow.”
Senate Panel OKs National Breach Notification Bill– www.bankinfosecurity.com – 9/22/11 – “Breach notification laws in most states would be preempted if legislation approved by the Senate Judiciary Committee Thursday becomes law. But that's a big if, at least as it now stands.”
Potential Effects of an Increase in Debit Card Fees– www.bostonfed.org – 9/6/11 – “Recently announced changes to debit card interchange fees could lead to an increase in the cost of debit cards to consumers. This brief analyzes the potential effects of an increase in debit card fees or in bank account fees by using the results of the 2008 and 2009 Survey of Consumer Payment Choice (SCPC).”
PCI point-to-point encryption guidelines raise new questions – www.networkworld.com – 9/15/11 – “The PCI Security Standards Council today is expected to issue guidelines on use of point-to-point encryption in protecting sensitive payment card data, but the narrow approach — which is focused on hardware — is raising questions.”
Feds nab 2 more in ATM skimming operation– www.seattlepi.com – 9/15/11 – “Federal authorities have nabbed two more men suspected of "skimming" bank card numbers from ATM machines and using them to make fraudulent purchases, including hundreds of dollars in groceries.”
PCI’s New P2PE Rules Won’t Kick In Until Spring 2012 Or Later– storefrontbacktalk.com – 9/15/11 – “The PCI Council on Thursday (Sept. 15) will detail its initial guidelines for point-to-point encryption (P2PE), but retailers need not—and should not—take any near-term action. Nor should they sign any imminent contracts involving P2PE. Why? The Council will stress that the document—a 96-page detailed description of various P2P approaches and common-sense security processes for each—is only “the first set of validation requirements” and that key parts of the program won’t even be in place for six to eight months and might be delayed even further.”
Is This The QR Killer? Codes Can Infect Mobile Devices, No Questions Asked– storefrontbacktalk.com – 9/14/11 – “As if QR codes weren’t having enough trouble getting traction among young consumers who should be their biggest fans, now it turns out that the codes are not only widely unused, they’re also unsafe. On September 9, mobile security blog Kaotico Neutral pointed out that because many mobile apps, when fed a QR code containing a URL, will immediately send the browser to that Web site—no questions asked—QR codes can easily be used to inject malware from an infected site into any phone or tablet that scans it.”
Credit card skimmer found on Orlando ATM– www.cfnews13.com – 9/14/11 – “Orlando police said they found a credit car skimmer on an ATM at the Bank of America on South Kirkman Road, just south of Conroy Road.”
POS Breach Spans 2 Years– www.bankinfosecurity.com – 9/14/11 – “Little has been reported about POS fraud since the Michaels craft store breach made headlines in May, after point of sale terminals at 90 of Michaels' 964 U.S. stores were reportedly compromised as part of a POS-swap scam waged by an organized crime ring.”
Point-To-Point Encryption Guidance Arrives: Device Testing and Possible Surprises For Early Adopters– storefrontbacktalk.com – 9/14/11 – “The PCI Council on Thursday (Sept. 15) is releasing a guidance document on point-to-point encryption (P2PE). This technology—properly implemented—has the potential to reduce PCI scope greatly, and several retailers have already implemented it. But one issue may have early adopters digging up their vendor agreements: Are they sure their implementations—particularly the encrypting POS devices—will pass the Council’s new Secure Card Reader testing program? Will their vendors replace the POS devices with compliant ones, assuming they can, and what will that cost?”
Issaquah man faces state, federal charges in ATM skimming scheme– www.issaquahpress.com – 9/13/11 – “Prosecutors said a local man arrested in Eastern Washington for collecting card information at a Pasco ATM is connected to a scheme responsible for skimming more than $500,000 at ATMs across the West.”
Damages From Data Breach Dominate 1st Circuit Debate– www.law.com – 9/13/11 – “A debate about the damages available to some to 4.2 million customers of the Hannaford Brothers Co. supermarket company whose financial information was compromised during a data breach dominated an oral argument at the 1st U.S. Circuit Court of Appeals.”
Modern Card-Skimming Tactics Detailed in Washington Arrests– www.americanbanker.com – 9/12/11 – “As part of its investigation leading to recent card-fraud arrests, the U.S. Secret Service Electronic Crimes Task Force revealed some of the latest tactics being used to snag card data to conduct fraudulent transactions.”
What does Visa's U.S. EMV push mean? – www.greensheet.com – 9/12/11 – “We are all students in the payments industry. And Visa Inc. recently upped the ISO and merchant level salesperson (MLS) education ante by pushing the U.S. market to adopt Europay/MasterCard/Visa (EMV) contact and contactless chip technology. Visa stated this will "help prepare the U.S. payment infrastructure for the arrival of NFC-based mobile payments by building the necessary infrastructure to accept and process chip transactions that support either a signature or PIN at the point of sale." An EMV card uses a computer chip rather than a mag stripe for transaction authentication. ISOs now must quickly discern what EMV means, how it works, and when and where the technology should be installed.”
PCI tokenization guidelines draw much comment – www.greensheet.com – 9/12/11 – “Guidelines for tokenization - which allows for hiding payment card primary account numbers (PANs) by replacing them with randomly generated numbers - were recently released by the pci PCI Security Standards Council (PCI SSC). The guidelines immediately drew words of praise, caution and criticism from the data security industry.”
Up to 40,000 credit and debit cards exposed in data breach– www.fdlreporter.com – 9/12/11 – “Credit and debit cards used at Vacationland Vendors arcade games in Wisconsin Dells may be affected by a data breach.”
Wisconsin arcade vendor reports data breach– www.journalstandard.com – 9/12/11 – “Vacationland Vendors, Inc., a supplier of arcade equipment and vending machines to businesses, announced Monday that up to 40,000 credit or debit cards used in its arcades in Wisconsin Dells and Sevierville, Tenn., may have been affected by a breach of the company’s card processing system.”
Visa Hikes Prepaid Interchange But Chops Some Debit Rates– digitaltransactions.net – 9/9/11 – “Visa Inc.’s interchange schedule set to take effect Oct. 1, the day new federal debit card interchange price controls also become effective, cuts a few rates for non-regulated debit issuers but clearly encourages issuers to pump out more prepaid cards. Visa also is eliminating volume-based tiers for supermarkets and retailers on its signature debit cards and Interlink PIN-based debit cards.”
Cloud computing providers and PCI virtualization requirements– searchsecurity.techtarget.com – 9/9/11 – “We’re in the process of making sense of the new guidance from the PCI Virtualization Special Interest Group (SIG). According to the guidance, cloud providers are obligated to “provide sufficient evidence and assurance that all processes and components under their control are PCI DSS compliant.” Our question is, what constitutes sufficient evidence, and is it sufficient according to us, the customer, or sufficient according to their interpretation of PCI DSS? Basically, we’d like to know how to approach the conversation about this guidance with our cloud provider.”
Understanding PCI compliance auditing– www.cio.com.au – 9/9/11 – “Businesses of all sizes must undertake PCI compliance auditing to ensure that their customers' data is protected during credit or debit card transactions and if stored within any internal business databases.”
PCI compliance checklist– www.cso.com.au – 9/9/11 – “If you're business is obliged to undertake a PCI audit, then following a PCI compliance checklist will ensure that you're security processes and payment processing meet the compliance standards. To ensure that you are meeting PCI compliance standards, you'll need to start by looking at what exactly PCI compliant means.”
Chip-card technology helping reduce debit-card fraud - Interac Canada– nbbusinessjournal.canadaeast.com – 9/9/11 – “Interac Canada says the move to chip-card technologies for debit cards is helping to protect New Brunswickers from fraudsters.”
Melbourne domain kingpin hit with cyber death threats– www.scmagazine.com.au – 9/9/11 – “A Melbourne web domain kingpin has received death threats after he blew the lid on emerging fraud campaigns.”
20,000 Patients' Medical Records Breach at Stanford Hospital: A Report on Similar Cases– www.ibtimes.com – 9/9/11 – “A contractor's enquiry on a public homework assistance Web site leaked medical records of 20,000 patients of Stanford University hospital last month.”
Cybercrime hits Aussies for $4.6b a year – more than burglary, assault combined– www.smh.com.au – 9/8/11 – “Cybercrime is soaring, already costs Australians more than burglary, and will only increase as more people conduct their daily lives through relatively insecure and easily lost smartphones and other mobile devices, a specialist on cybercrime says.”
GlobalSign pre-empts hack, shuts down certificates– www.scmagazine.com.au – 9/8/11 – “Certificate authority GlobalSign terminated issuance of certificates after the DigiNotar hacker claimed to have access to its system.”
Data of 800,000 Samsung Card holders may have been leaked– www.koreaherald.com – 9/8/11 – “Samsung Card Co., South Korea's leading card firm, is suspected of having come under an online security breach that could have leaked about 800,000 customers' personal data, sources said Thursday.”
SmartMetric files complaint against Visa, MC– www.greensheet.com – 9/8/11 – “On Sept. 2, 2011, The Green Sheet reported SmartMetric Inc. promised to file a patent infringement suit against Visa Inc. and MasterCard Worldwide. SmartMetric revealed the following week it has made good its promise by filing a complaint in the U.S. Central District of California.”
New ATM Skimming Arrests– www.bankinfosecurity.com – 9/811 – “Three Seattle area men have been arrested for their alleged involvement in separate ATM skimming schemes that drained more than half a million dollars from retail customer accounts in at least six states.”
Visa’s PIN-Entry Bulletin Asks For Bluetooth Signal/Pairing Scans– storefrontbacktalk.com – 9/7/11 – “When Visa issued new security guidelines this month to deal with compromised PIN-entry devices, it asked that retailers “periodically scan for any unidentified Bluetooth signals and pairings at store locations,” a move that goes beyond current PCI requirements. Hints of a possible PCI 2.1 rule?”
MasterCard to ATM Owners: Take Chip Cards or Eat Fraud Losses– www.americanbanker.com – 9/7/11 – “MasterCard Inc. is urging ATM owners to add hardware for accepting chip-card payments. Those that don't may be faced with a higher level of liability.”
3 charged in credit-card-skimming operations– seattletimes.nwsource.com – 9/7/11 – “Three Seattle-area men have been charged by federal prosecutors in connection with a pair of credit-card "skimming" operations that resulted in losses of nearly $500,000 from unsuspecting ATM users in at least six states.”
Mobile, Local, Social ... Modern market trends drive Google to NFC– www.nfcnews.com – 9/6/11 – ““We are committed to NFC at Google.” That is what the company’s Vice President of Payments Osama Bedier, told an audience of bankers and mobile operators in London on a summer afternoon.”
Mobile Wallet Gaining Currency– www.nytimes.com – 9/6/11 – “Nowadays, when Edward McLaughlin is paying for aspirin at the Walgreens drug stores in New York, he just has to tap his Nexus S mobile phone on a terminal device. He not only avoids having to fumble through his wallet and hold up the line, but the tapping also automatically adds loyalty points to his Walgreens’ loyalty card, also stored in his phone, and can help him redeem any coupon he might have downloaded from the Internet.”
Pasco card-skimming case heads to federal court– www.tri-cityherald.com – 9/3/11 – “A Hungarian man caught in Pasco allegedly using a card-skimming device on an ATM to fraudulently access 543 accounts is facing federal charges.”
Calif. Law Beefs Up Breach Notices– www.bankinfosecurity.com – 9/2/11 – “A new California law requires that organizations experiencing a data breach provide more detailed information to the individuals affected.”
Thieves steal from U.S. attorney’s bank account– blog.seattlepi.com – 9/2/11 – “U.S. Attorney Jenny Durkan was targeted by thieves who stole $1,000 from her bank account, Durkan told KING-TV.”
Gov. Signs Simitian Data Theft Bill – pacifica.patch.com – 9/2/11 – “State Sen. Joe Simitian's bill to aid victims of security breaches is finally law. It marks the fourth time the Palo Alto democrat introduced the bill, the fourth time it passed the legislature, and the first time it was not vetoed by a sitting governor.”
Visa PIN Phase-Out Meets Broad Resistance– www.isoandagent.com – 8/31/11 – “Visa Inc.’s announcement that old, static PINs will be “eliminated entirely” in favor of dynamic authentication is facing resistance because many are not convinced that the PIN is past its prime.”
Public Cloud eCommerce Truths: The Basics of New PCI DSS 2.0 Standards– www.securityweek.com – 8/30/11 – “Prior to 2006 there was no global standard that required ecommerce merchants or service providers to meet a minimum level of security when they store, transmit and process credit card and personal data. As we all know too well, this lack of oversight and security by the major credit card companies and merchants resulted in large-scale theft of credit card numbers leaving consumers and companies to wonder if doing business online was worth the risk. In addition, eCommerce businesses and credit card companies were losing millions of dollars annually to fraudulent credit card transactions from stolen credit card numbers.”
A Little Guidance on Secure Tokenization – www.spva.org – 8/26/11 – “If you follow secure payment news, you’ve probably noticed that tokenization is a hot topic these days. In recent years, it’s been increasingly deployed by small and mid-sized businesses to bolster the security of credit card and e-commerce transactions. In response to the technology’s growing popularity, the PCI Council has published a 23-page PCI DSS Tokenization Guidelines Information Supplement to provide greater clarity on how specific technologies relate to the PCI Security Standards and impact compliance.”
ATM Skimming Spree Investigated– www.bankinfosecurity.com – 9/2/11 – “Police investigators in Florida's Tampa Bay region say fraudsters are increasingly focusing their skimming attacks on bank branch ATMs.”
Calif. Law Beefs Up Breach Notices– www.govinfosecurity.com – 9/2/11 – “A new California law requires that organizations experiencing a data breach provide more detailed information to the individuals affected.”
When it comes to battling data breaches, banks would be well served by thinking small.– www.americanbanker.com – 9/1/11 – “That doesn't mean the problem is shrinking - quite the contrary. Recent research from Verizon and the U.S. Secret Service says the number of enterprise data breaches is at its higher point ever - more than 760 breaches were recorded by the Secret Service in the past year.”
Notable Data Breaches of 2011– www.americanbanker.com – 9/1/11 – “Enterprise data systems are proving to be porous, as a number of breaches over the past few months have affected not only large banks, but major organizations outside of financial services as well.”

August 2011

Two men arrested for ATM tampering– www.tracypress.com – 8/31/11 – “Authorities remove the camera device sized and shaped to look like part of the metal frame surrounding the Chase ATM. Police arrested two Armenian men who police suspect are linked to a crime ring targeting Chase bank ATMs across the state, including a bank in Tracy.”
Shadowy Figures: Tracking Illicit Financial Transactions– www.paymentsnews.com – 8/31/11 – “A new report entitled "Shadowy Figures: Tracking Illicit Financial Transactions in the Murky World of Digital Currencies, Peer-to-Peer Networks, and Mobile Device Payments" has just been published by the James A Baker III Institute for Public Policy.”
Skimmer device turned Holiday ATM into cash cow for thieves– www.tampabay.com – 8/31/11 – “On Friday, Bank of America workers noticed that the ATM at their branch was scratched and covered in what appeared to be a gluey residue. Authorities were called to investigate, and they found something unnerving: Over several nights this month, a thief or thieves placed a device — called a skimmer — on the ATM to read and copy card numbers.”
In Latest Breach, Hackers Impersonate Google to Snoop on Users in Iran– www.nytimes.com – 8/30/11 – “Hackers passed themselves off as the Internet giant Google with the apparent goal of snooping on people using Google services in Iran, the company said.”
U.S. Move to Chips: Improved Security– www.govinfosecurity.com – 8/30/11 – “Visa's introduction of chip-based payments incentives for U.S. merchants is enhancing dynamic authentication and expects to accelerate adoption of the EMV standard.”
Will Visa’s push for chip cards and mobile move the needle? – www.ababj.com – 8/30/11 – “Earlier this month, Visa unveiled plans to accelerate the migration to EMV contact and contactless chip technology in the United States. EMV refers to the Europay MasterCard Visa chip-card standard widely used in Europe and elsewhere, but not to any significant degree in the U.S.”
RCMP find debit card skimming lab in Regina home– ckom.com – 8/30/11 – “Police have taken down an entire card scamming lab set up in Regina. It was after a number of businesses in Lumsden and Davidson were targeted. Their debt terminals compromised allowing the alleged thieves to copy banking information and use it in fake cards.”
PCI Security Standards Council Releases Updated Wireless Guidelines – www.paymentsnews.com – 8/29/11 – “The PCI Security Standards Council has announced an update to the PCI DSS Wireless Guidelines Information Supplement, providing organizations with the current PCI DSS considerations for implementing wireless technology securely in payments environments. The supplement adds guidance specific to Bluetooth technologies and rogue wireless access points.”
Mobile payments seen as ''mainstream' practice within 4yrs: KPMG– www.telecomtiger.com – 8/27/11 – “With companies racing to take advantage of new technologies facilitating payment services over mobile phones, most executives worldwide believe the use of cellphones for financial transactions will gain widespread acceptance within four years, according to a KPMG survey.”
How cyber crime gang stole $13 million in a day – www.msnbc.msn.com – 8/26/11 – “A coordinated cyber criminal network pulled off one of the largest and most complex banking heists ever, withdrawing $13 million in one day from ATMs in six countries.”
Few e-retailers are prepared to notify consumers of a loss of card data– www.internetretailer.com – 8/25/11 – “Only 21% of online retailers are prepared to notify consumers in the event of a data breach that exposes cardholder data, according to a new survey sponsored by insurance agency Jacobson, Goldfarb & Scott Inc.”
Visa vs. Google Wallet in mobile payments– news.cnet.com – 8/25/11 – “The digital wallet wars have begun. And credit card giant Visa and search behemoth Google are likely to be among the first to face off in the market as they each try to convince consumers to ditch their real wallets for ones that store credit cards and other information on their cell phones.”
Lowe’s, PacSun, Urban Outfitters Go Mobile POS. Does Apple Have This Locked Up? – storefrontbacktalk.com – 8/24/11 – “Will any retailer ever use a non-Apple device for mobile POS again? Last week (Aug. 15), Lowe’s, PacSun and Urban Outfitters all said they’ll finish rolling out in-store mobile devices to associates by the end of the year: iPhones at Lowe’s, iPod Touches at Urban Outfitters and iPads at Pacific Sunwear.”
Tech Insight: Navigating The Murky Waters Of PCI Implementation– www.darkreading.com – 8/24/11 – “If you're a security pro, you probably have a love-hate relationship with PCI compliance. You love it when you're fighting for budget. You hate it when you're dealing with loose, sometimes illogical, and redundant requirements and unpredictable assessors. Either way, most of us are stuck with it -- so it pays to know the tricks of implementing PCI in a way that works well for the security cause.”
Apple’s iPad Already Replacing Cash Registers by the Bushel– allthingsd.com – 8/23/11 – “Mobile payments may still be in the infant stage, but mobile devices — and especially Apple products — have become fairly mainstream at retail locations around the country.”
Card transactions: how long will it be before legislation is rushed in?– www.info4security.com – 8/24/11 – “Managed data services specialist The Bunker is calling for stronger enforcement of the standard governing online payment transactions, as Brian Sims reports.”
Savannah Fast Food Employee Accused Of Stealing Customer's Credit Card Info– www2.wsav.com – 8/23/11 – “Savannah-Chatham Metro Police have arrested a Burger King employee they say was stealing customer's credit card information. Detectives say he was scanning them at the drive-thru of the MLK location. Police say on August 13th the employee was observed on video holding what appeared to be a lighter in his hands while working at the drive thru. Upon closer inspection it was learned he would swipe the customer’s credit card in the stores terminal first, then the device in his hand.”
Man faces 61 charges after skimming devices found in ATMs– www.insidetoronto.com – 8/22/11 – “Police are reminding the public to be aware and attentive when using ATMs. On Sat., Nov 13, police responded to a call for a fraud near Bathurst Street and St. Clair Avenue West after citizens using an ATM contacted authorities when a piece of the machine detached revealing a skimming device with a micro camera attached.”
Visa outlines post-Durbin strategy – www.greensheet.com – 8/22/11 – “Visa Inc. will lower fixed and variable processing fees and reach out to more merchants in an effort to keep its leadership in the U.S. debit card industry after implementation of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act's Durbin Amendment, according Visa Chairman and Chief Executive Officer Joseph Saunders.”
Global Card Fraud Scheme Grows– www.bankinfosecurity.com - 8/18/11 – “Late Tuesday, NSW Police in Australia issued an update about the international card-skimming scheme the force took down last week.”
Two men charged with trying to skim account data at Peoria ATM– www.csmonitor.com – 8/18/11 – “A federal grand jury in Peoria, Ill., has returned a two-count indictment charging two Bulgarian men with attempting to use an electronic scanning device to illegally obtain account numbers and PIN data from an ATM machine.”
BofA Says Some Debit Cards Compromised– www.bloomberg.com – 8/18/11 – “Bank of America Corp. (BAC), the biggest U.S. lender by assets, sent some customers new debit cards this week after accounts may have been compromised at a merchant.”
Citi, B of A Card Customers Hit by Merchant Data Breach– www.americanbanker.com – 8/18/11 – “Citigroup Inc. and Bank of America Corp. closed some of their card customers' accounts this week, citing data breaches at unidentified retailers.”
Toronto man faces 61 charges for ATM fraud– news.nationalpost.com – 8/18/11 – “A Toronto man faces 61 fraud-related charges for offenses dating back to November of last year. Police say Adrian Hayward, 38, is a scammer. They allege he attended several banks and ATMs between November 2010 and this month, where would install skimming devices to the bank machines which recorded and stored the debit card data of unsuspecting customers. Police describe the devices as generally well-disguised, and warn they can be installed in a matter of seconds.”
IT Administrator’s Hacking Spree Foiled by $5 McDonald’s Purchase– www.wired.com – 8/17/11 – “An information-technology administrator has pleaded guilty to crippling his former employer’s network after FBI agents traced the attack to the Wi-Fi network at a McDonald’s restaurant in Georgia. The administrator was caught after he used his credit card to make a $5 purchase at the restaurant about five minutes before the hacks occurred.”
Weatherford affected by debit card fraud – weatherforddemocrat.com – 8/17/11 – “Parker County residents are being urged to be vigilant about checking their bank statements as a debit card fraud investigation involving a large number of area residents continues.”
Fighting Words: Why PCI’s Token Group Blew Up – storefrontbacktalk.com – 8/17/11 – “The PCI group working on the Council's tokenization policy got so embroiled in infighting that it had to be restructured by the Council, according to one participant, which mostly explains the year-long delay in the Council's tokenization policy. But this is hardly surprising, given that the group is mostly employees of competing security vendors—almost all of whom are trying to skew the Council's policy to benefit that vendor's approach.”
Hackers Get Their Own Scoreboard and Rankings– www.securityweek.com – 8/17/11 – “Sometimes hacking is about money; other times, it’s about competition, and when that happens, it is also about getting a little credit. The site is described as the world’s “first elite hacker ranking system”, and invites people to submit proof of their Website hacks in exchange for points - the higher the points, the higher the place on the leader board.”
Making the Switch to Chip– www.bankinfosecurity.com – 8/16/11 – “Debit fraud and skimming are growing problems, and why California-based Fremont Bank is switching from mag-stripe to chip-based debit cards.”
Telecom Carriers Planning Challenge to Google's Mobile Payments Push– www.americanbanker.com – 8/15/11 – “ISIS, the telecom consortium intent on offering a mobile payment scheme, is building out a wider range of mobile wallet capabilities to keep up with its aggressive rival, Google.”
PCI group outlines technology to conceal sensitive account information – www.networkworld.com – 8/12/11 – “The Payment Card Industry Security Standards Council today published guidelines aimed at helping merchants and others processing payment cards make effective use of what's known as "tokenization" technologies to conceal sensitive account information.”
Google Wallet, NFC Smartphones Spur Contactless POS Terminals– www.eweek.com – 8/11/11 – “Google Wallet and other mobile payment providers, coupled with NFC-enabled smartphones, are stimulating the production of contactless technology in cash registers, said ABI Research.”
PCI Council Exec on Criticisms of Security Standards– www.practicalecommerce.com – 8/10/11 – “The major credit card brands of Visa, MasterCard, American Express and Discover have adopted standards to protect consumers' credit card data. The standards are self-regulation — not government law — by those companies, which have also created an organization to administer it all. That organization is PCI Security Standards Council.”
Special Interest Groups Guide PCI’s Evolution– www.isoandagent.com – 8/10/11 – “When the Payment Card Industry Security Standards Council was formed five years ago to establish industry standards, General Manager Bob Russo figured about 50 to 60 merchants, associations or banks would participate. He was in for a surprise.”
Visa Announces Plans to Accelerate Chip Migration and Adoption of Mobile Payments– usa.visa.com – 8/9/11 – “Visa is announcing plans to accelerate the migration to contact and contactless EMV chip technology in the United States. The adoption of dual interface chip technology will help prepare the U.S. payment infrastructure for the arrival of NFC-based mobile payments by building the necessary infrastructure to accept and process chip transactions.”
PCI Security Standards Council Publishes Tokenization Guidelines– risnews.edgl.com – 8/16/11 – “The PCI Security Standards Council (PCI SSC) recently published the PCI DSS Tokenization Guidelines Information Supplement. As with many evolving technologies, there is currently a lack of industry standards for implementing secure tokenization solutions in a payment environment. As part of an ongoing evaluation of these technologies, this initial guidance provides suggested guidelines for developing, evaluating or implementing a tokenization solution.”
Detectives Investigate Debit Card Fraud – www.nbcdfw.com – 8/16/11 – “Detectives in Mineral Wells are investigating reports from more than 100 victims of debit card fraud. Mineral Wells Police Detective Neal Davis said he believes the breaches occurred somewhere between the point of sale at a local merchant in Mineral Wells and the banks.”
Global Card Fraud Ring Busted– www.bankinfosecurity.com – 8/16/11 – “NSW Police in Australia say the department's fraud squad has arrested and charged five Malaysian and Sri Lankan nationals suspected of being behind an elaborate international card-skimming scheme that spanned the United Kingdom, mainland Europe and North America.”
Skimmer found on ATM on Garland Groh Boulevard– www.herald-mail.com – 8/15/11 – “The illegal act of using a card skimmer to deceptively obtain information from ATM cards has come to Hagerstown now that a Hagerstown Police Department officer found one of the devices at a machine on Garland Groh Boulevard.”
Feds continue to seek hackers; cases up to 203– www.tennessean.com – 8/15/11 – “While it is now safe for Gallatin consumers to use their credit cards following a recent outbreak of fraud, the hackers responsible for the theft have not been located, a Secret Service official said Monday.”
Skimming at the Pump Threatens Retailers – www.nacsonline.com – 8/15/11 – “Last week NACS Daily reported that skimming debit and credit card numbers at gas pumps has become nearly epidemic. In a follow up article, bankinfosecurity.com spoke with NACS payments consultant and PCATS Executive Director Gray Taylor on how retailers can protect their operations from costly skimming schemes.”
Brighton library: Local users' data safe– www.livingstondaily.com – 8/15/11 – “Despite an outside attempt to illegally obtain credit card information, Brighton District Library officials said local users' information remains secure.”
Five held over ATM skimming racket– www.theaustralian.com.au – 8/15/11 – “FIVE "key members" of an international fraud syndicate have been charged following investigations into EFTPOS card skimming, police say.”
Hackers boldly breach aging security– www.tulsaworld.com – 8/14/11 – “An online attack against dozens of rural American law enforcement agencies in which emails, credit card numbers and crime tips were stolen and posted on the Internet has left some officials wondering how they can ward off future hacking attempts, if at all.”
Billion-Pound Credit Card Scam Which Fooled Banks And Shops Is Exposed– www.dailystar.co.uk – 8/14/11 – “FRAUDSTERS are fleecing hard-up Brits in a £27billion-a-year credit card scam using nail varnish remover, a steam iron and a rolling pin.”
Consumers may not hear 'swipe your card' for long– money.msn.com – 8/12/11 – “Swipe your card and sign. It's a reflex that credit card holders may soon have to suppress at the register. Visa announced this week that it will take measures to speed up the transition to cards that use a computer chip, rather than the magnetic strips on most cards right now. The chip technology significantly reduces the potential for fraud and facilitates contactless mobile payment options that let users wave cards near the reader to pay.”
Citi introduces corporate Chip and PIN cards– www.rfpconnect.com – 8/12/11 – “Citi® announced the launch of the Citi® Corporate Chip and PIN card, a compliant smart card designed for U.S. corporate cardholders traveling abroad, a first by any U.S. commercial card issuer.”
Investigators discover origin of credit card fraud outbreak– www.tennessean.com – 8/12/11 – “Investigators have found the source of a credit card fraud outbreak, police said Tuesday. A local business computer was hacked by a “criminal enterprise” and steps have been taken to prevent further financial theft, a Gallatin Police Department release said.”
PCI: New Tokenization Guidance Issued– www.bankinfosecurity.com – 8/12/11 – “Bob Russo says the long-awaited PCI guidance on tokenization should provide merchants with a baseline for standardization and best practices, and serve as a roadmap for how tokenization can complement compliance with the PCI-DSS.”
New PCI Edict: Tokens Can Be Out-Of-Scope– storefrontbacktalk.com – 8/12/11 – “The PCI Council on Friday (Aug. 12) will, for the first time, offer guidance on tokenization—guidance telling retailers most of their systems can, indeed, be considered out of PCI scope if they properly use tokens. But the Council stressed that if the token is ever reversed into card data on the retailer’s systems, everything is fully back in scope.”
Security Breach at Cybercrime Web Site– www.esecurityplanet.com – 8/12/11 – “According to Krebs on Security's Brian Krebs, the fraud shop mn0g0.su has been backing up its cache of stolen credit card information to an unencrypted third party server.”
When will we be paying for stuff with our smartphones?– www.usatoday.com – 8/11/11 – “Instead of fumbling with cash or pulling out a credit card, you whip out a smartphone. Inside the handset are chips that make nice with the store's register, and a digital wallet app holds virtual replicas of your plastic debit, credit and loyalty cards. You tap the screen to choose which one you want to use to pay for your purchases, then confirm the amount. An instant later, the transaction is complete.”
Brian Keith Adams, Jr., arrested in connection with credit card scam– www.wjla.com – 8/11/11 – “Authorities arrested a TGI Friday’s waiter in connection with a credit card scam that victimized two U.S. Secret Service staffers, among others. Accused in the scam is Brian Keith Adams, Jr.”
Witham Laboratories Joins Us As First Lab Partner – www.spva.org – 8/11/11 – “At SPVA, our goals include sharing best practices and improving security throughout the point of sale industry. Over the past couple of years, we’ve issued two white papers recommending stricter guidelines and solutions to better protect cardholder information and defend against security breaches. We also created a Lab Network that would allow participating labs to work with our members and Technical Working Groups on security evaluations and implementation guidelines, ultimately providing members with the resources they need to meet SPVA requirements. ”
Merchant Group ‘Disappointed’ With Visa’s Solo EMV Move– www.isoandagent.com – 8/11/11 – “Visa Inc.’s new U.S. EMV initiative will have far-reaching consequences for merchants and card issuers, but the other card networks may not follow it exactly in drawing their roadmaps for migrating to advanced chip card technologies, some observers say.”
Visa Pushes PIN Requirement With Credit Card Purchases– www.informationweek.com – 8/11/11 – “European consumers are used to this drill, but now Visa is putting its muscle behind increased security measures in the United States.”
Malware may have exposed student, staff data – www.msnbc.msn.com – 8/11/11 – “The Social Security numbers (SSNs) of 75,000 past and present students and staff at the University of Wisconsin-Milwaukee may have been exposed in a massive data breach.”
Visa Using EMV To Rig The Mobile Game– storefrontbacktalk.com – 8/11/11 – “When Visa announced Tuesday (Aug. 9) that it was reversing course and endorsing EMV for the U.S., the card brand billed it as a bridge to mobile payments, which it is. But the move is also some crafty strategy, one designed to lay a foundation for a mobile-payment environment that will be much more hospitable for Visa's mobile-payment flavor than for rivals' options.”
In-Store Mobile Sounds Great, But Who’s Watching Out For Thieves?– storefrontbacktalk.com – 8/11/11 – “A comment from a reader on an E-Commerce Web site caught my eye. Forget about improving POS terminals for mobile, he said. It should work like this: I see something I want to buy. I scan the tag with my phone. I type in my PIN. Bang—it's mine. That sounds like the perfect merger of in-store and M-Commerce—no more lines at the cash wrap for the retailer, instant gratification for the customer. There's just one nagging problem. OK, there are lots of problems, but consider this one: When everyone is walking out the door with their items in hand, how do you tell what's been bought and what's being stolen?”
Time To Encrypt (Again): Researcher Says Data Over Cell Networks Is Easy To Read– storefrontbacktalk.com – 8/11/11 – “Many mobile-commerce transactions running on GSM smartphones are easy to intercept and monitor, according to a presentation on Wednesday (August 10) at the Chaos Computer Camp hacking conference in Germany. Cryptographer Karsten Nohl of Security Research Labs was researching how well cell-phone data was secured when he discovered that most GSM cell operators (in the U.S. that’s AT&T and T-Mobile) use either weak encryption or none at all on the GPRS networks that carry their phones’ data. (Newer 3G networks use better encryption, but wherever there’s not enough 3G, phones fall back to GPRS.)”
Merchant Group ‘Disappointed’ With Visa’s Solo EMV Move– www.isoandagent.com – 8/11/11 – “Visa Inc.’s new U.S. EMV initiative will have far-reaching consequences for merchants and card issuers, but the other card networks may not follow it exactly in drawing their roadmaps for migrating to advanced chip card technologies, some observers say.”
PCI Council Exec on Criticisms of Security Standards– www.practicalecommerce.com – 8/10/11 – “The major credit card brands of Visa, MasterCard, American Express and Discover have adopted standards to protect consumers' credit card data. The standards are self-regulation — not government law — by those companies, which have also created an organization to administer it all. That organization is PCI Security Standards Council.”
Visa Pushing New Card Technology – online.wsj.com – 8/10/11 – “Visa Inc. is urging merchants to take the first step in resolving a long-running tussle over how to make U.S. credit and debit cards more secure and compatible with those used around the world.”
Cracking Down on Phishing– ffiec.bankinfosecurity.com – 8/10/11 – “Just weeks after a Romanian hacker was given a 12-year prison sentence for his role in a phishing scheme that targeted more than 38,000 consumers, three hackers in the U.K. have received 13.5-year sentences for the parts they played in a cyberattack on U.K. and international financial institutions. [See Phisher Sentenced to 12 Years.]”
Gas Pump Scam– www.wltz.com – 8/10/11 – “Credit card thieves have a new way to steal from you at the gas pump. The scheme is a twist on skimming instead of inserting a gadget on top of the card reader to copy your information.”
Visa chip card push could spur mobile payments but raise web fraud risks – www.internetretailer.com – 8/10/11 – “Visa Inc. this week announced a plan to replace the familiar magnetic stripe payment card with cards carrying chips, a move that experts say could hasten the day when consumers pay in physical stores with a wave of a mobile phone but also raise new fraud threats for online merchants.”
Paying by Phone Is Riskier Than You Think– moneyland.time.com – 8/10/11 – “Technological advances and the proliferation of smartphones have given consumers an increasing number of ways to pay for goods and services using their mobile phone. Many of these options are similar to online bill paying, in which the user enters their credit or debit card information to conduct a transaction, or goes to their bank’s mobile site or app to pay a bill. Some tools, though, let you charge things directly to your cell phone bill. This is a huge risk, according to nonprofit group Consumers Union, which studied the details of one such proposed plan and liability law.”
Second Thoughts about Visa’s EMV program– blogs.gartner.com – 8/9/11 – “Visa’s announcement of a move to the EMV standard in the U.S. is both welcome and long overdue and should eventually lead to a substantial reduction in counterfeit plastic card fraud. With the U.S. – the last major market EMV holdout – finally onboard, it will also enable the eventual death of the Achilles Heel of card security – the magnetic stripe on the back of the card that stores cardholder authentication data. This will lead to a substantial reduction in global, domestic and cross-border fraud.”
Mobile Apps for Android and iOS Flunk Security Test– www.newsfactor.com – 8/9/11 – “A new study provides specifics about how insecure mobile Relevant Products/Services applications can be. The findings by Chicago-based security Relevant Products/Services company ViaForensics include the discovery that three-quarters of the examined applications for Google's Android and Apple's iOS devices store usernames without encryption.”
Researchers: Square Knew 6 Months Ago Its Credit Card Readers Could Be Compromised– www.credit.com – 8/9/11 – “Earlier this year we wrote about Square, an application that allows smartphones to function as credit card readers using a small device that plugs into the headphone jack. The advantage: anyone with the application can process transactions on the fly by simply swiping a physical card through the reader.”
Online security must be a priority for retailers, says ICO– www.ico.gov.uk – 8/9/11 – “Cosmetics retailer Lush breached the Data Protection Act after the security of its website was compromised for a four month period, the Information Commissioner’s Office (ICO) said today. The breach, which occurred between October 2010 and January 2011, meant that hackers were able to access the payment details of 5,000 customers who had previously shopped on the company’s website. ”
Visa Announces Plans to Accelerate Chip Migration and Adoption of Mobile Payments– www.smartcardalliance.org – 8/9/11 – “Visa Inc. (NYSE: V) today announced plans to accelerate the migration to EMV contact and contactless chip technology in the United States. The adoption of dual-interface chip technology will help prepare the U.S. payment infrastructure for the arrival of NFC-based mobile payments by building the necessary infrastructure to accept and process chip transactions that support either a signature or PIN at the point of sale.”
Florida Detectives: Credit Card Skimming Is “Crime of the Future” – www.nacsonline.com – 8/9/11 – “Skimming debit and credit card numbers at gas pumps has become nearly epidemic, reports ABC Action News, with thieves making off with hundreds of numbers throughout central Florida. “It is unsettling that we have that many victims,” says Highlands County Sheriff Susan Benton, who said it’s the worst case of credit card fraud ever reported in the area.”
Shopper Receipts Join Paperless Age– www.nytimes.com – 8/7/11 – “At an Old Navy store in Manhattan the other day, Fabienne Michel made a routine purchase of khaki shorts. But she left the store without something equally routine: her receipt.”
How Visa Plans To Dominate Mobile Payments, Create The Digital Wallet And More– techcrunch.com – 8/7/11 – “It’s no secret that credit card companies are shelling out big bucks and aggressively forming partnerships and deals to start cashing in on the mobile and digital payments innovations currently taking place. American Express, which recently debuted its own digital payments product Serve, has been particularly aggressive on the partnerships front, striking recent deals with both Foursquare and Facebook.”
Assessor Validates VeriFone’s PAYware Mobile Enterprise Compliant with Payment Security Requirements – www.nfcdata.com – 8/1/11 – “VeriFone Systems,Inc. (NYSE:PAY),today announced that an independent evaluation by Coalfire Systems,Inc,a leading IT audit and compliance firm,has validated the security compliance of VeriFone‘s PAYware Mobile Enterprise solution for enabling smartphones,PDA’s and tablets to securely accept payments.”

Black Hat 2011: Security researchers hack iPad dongle to become card skimmer– www.infosecurity-magazine.com – 8/8/11 – “At the Black Hat 2011 event, which has just finished in Las Vegas, security researchers have shown how it is possible to hack a dongle for the iPad – which was originally designed to allow iPads to accept debit and credit card payments – to become a card skimming device.”
Hacker group posts data stolen from 70 police websites in US– articles.boston.com – 8/7/11 – “The group known as Anonymous said yesterday that it has hacked into 70 mostly rural law enforcement websites in the United States, a data breach that one local police chief said had leaked information about an ongoing investigation.”
How Visa Plans To Dominate Mobile Payments, Create The Digital Wallet And More– www.washingtonpost.com – 8/7/11 – “It’s no secret that credit card companies are shelling out big bucks and aggressively forming partnerships and deals to start cashing in on the mobile and digital payments innovations currently taking place. American Express, which recently debuted its own digital payments product Serve, has been particularly aggressive on the partnerships front, striking recent deals with both Foursquare and Facebook. Mastercard has bet on NFC with a partnership with Google for Google Wallet and bought online payments gateway DataCash for $520 million last fall. And Visa has made a number of major movies in the mobile and digital payments space of late; including making an investment (and taking on an advisory role) in disruptive startup Square, buying virtual goods payments platform PlaySpan for $190 million, and acquiring mobile payments company Fundamo for $110 million. We sat down with Visa’s Global Head of Mobile Product Bill Gadja and the company’s Head of Global Product Strategy, Innovation and eCommerce Jennifer Schulz to discuss how the financial company is planning to compete in both mobile and digital payments.”
ATM skimming device found at Portland Saturday Market– www.kptv.com – 8/6/11 – “The Portland Police Bureau is warning citizens of potential identity theft after an alert visitor at the Portland Saturday Market found a suspicious device attached to an ATM.”
Credit card skimming at gas pumps called 'crime of the future'– www.abcactionnews.com – 8/5/11 – “Drivers who pay at the pump have more to worry about than the cost of gas. High-tech thieves are skimming debit and credit card numbers by the hundreds at fuel stops throughout central Florida.”
Yikes: Square hack lowers the bar for credit card fraud– venturebeat.com – 8/5/11 – “A demonstration by researchers at the Black Hat security conference Thursday revealed that Square‘s mobile payment system, which turns smartphones and tablets into physical point-of-sale credit card processing terminals, can be used for credit card fraud, reports CNET.”
Brigham and Women’s discloses patient data breach– bostonherald.com.nyud.net – 8/5/11 – “A doctor at Brigham and Women’s/Faulkner Hospitals has lost an external hard drive holding the medical records of 638 patients, the hospital announced today.”
How safe is Square? Researchers find a number of holes– www.digitaltrends.com – 8/5/11 – “Mobile credit card payment system Square has been on a quick rise. Twitter co-founder Jack Dorsey’s baby has been on the move since this May, since it announced improvements for the product at TechCrunch Disrupt. The ability for consumers to make mobile payments, find Square-accepting retailers, and receive digital receipts solidified Square as viable point of sale software that could be an influential piece in e-commerce evolution.”
Citigroup Discloses Security Breach– www.esecurityplanet.com – 8/5/11 – “The Japanese credit card unit of Citigroup recently stated that customers' personal data had been accessed. "Eight weeks after a hacker cracked its credit card database, the company's credit card unit in Japan, Citi Card, reported in a message to its user base Aug. 5 that 'certain personal information of about 92,400 customers has allegedly been obtained and sold to a third party illegally," writes eWeek's Chris Preimesberger.”
iPad Credit Card Reader Hacked As Skimmer– www.informationweek.com – 8/5/11 – “Security researchers have used the Square dongle to transform an iPad into a credit card skimmer. For the uninitiated, Square turns iPads, iPhones, or iPod Touches into mobile payment hubs via a small, plastic dongle which enables credit cards to be swiped, and which plugs into the device's headphone jack. In conjunction with a free iOS Square application, the dongle enables people to accept in-person credit card payments. Square takes a 2.75% commission.”
Citigroup Reports Security Breach– www.thestreet.com – 8/5/11 – “Citigroup(C_) has once again become a victim of a security breach. This time, it is the credit card unit in Japan. Citi Cards Japan said in a statement on its Web site that "certain personal information of 92,408 customers has allegedly been obtained and sold to a third party illegally."”
Norfolk McDonald's cashier admits stealing card data– www.hamptonroads.com – 8/5/11 – “When Sophia Jacobs worked the drive-thru at the Norfolk Naval Station McDonald's, she swiped hundreds of customers' credit or debit cards twice - once through the register and again through a skimmer.”
Microsoft prepping 13 patches for 22 flaws– www.scmagazine.com.au – 8/5/11 – “Microsoft on Tuesday is planning to release 13 patches to fix 22 vulnerabilities, the software giant announced Thursday. In its advance notification, Microsoft said the monthly update will address flaws in Windows, Internet Explorer (IE), Office, .NET and Visual Studio.”
Hack turns Square into criminal tool– www.google.com – 8/5/11 – “Hackers have shown how to turn mobile payment service Square into a convenient tool for criminals to pump cash from stolen credit card numbers. Adam Laurie and Zac Franken of computer security firm Aperture Labs used a homemade software program and an easily bought iPad audio wire to trick Square in a way that could be a bonanza for crooks.”
Waitress rips off customers with credit card skimmer– www.wtsp.com – 8/5/11 – “At least nine customers at the Port Richey Mugs N Jugs fell victim to a credit card skimming waitress, according to Pasco County Sheriff's Detectives.”
Malaysian Citizen Arrested for Skimming ATMs in Bali– www.tempointeractive.com – 8/4/11 – “A Malaysian citizen, identified only Y.S., 23, was arrested by the police after he was found skimming a Bank Mandiri ATM in Legian, Bali.”
Inside a Fraud Investigation– www.bankinfosecurity.com – 8/3/11 – “No two fraud incidents may be exactly alike, but a fraud investigator's approach can still be very consistent and precise, says Jean-Francois Legault, a fraud investigations specialist with Deloitte and Touche.”
Card Fraud: The Case for Chips– www.bankinfosecurity.com – 8/3/11 – “It's just more than a year since United Nations Federal Credit Union announced plans to introduce chip cards to its U.S. membership.”
Report: Dangerous links will affect 3 of 10 smartphone users– technolog.msnbc.msn.com – 8/3/11 – “More than ever, Android and iPhone smartphone users need to be vigilant over their digital appendages, with as much as three out of 10 people likely to encounter an unsafe link this year, according to a recently released report.”
World hacked in global cyber espionage attacks– www.scmagazine.com.au – 8/3/11 – “The world was a dangerous place these past five years but no one seemed to notice. Asian government agencies and high-profile businesses were hacked in massive espionage attacks that point to China, a McAfee investigation has found.”
More Bad News For EMV Security– www.storefrontbacktalk.com – 8/3/11 – “For years, EMV has been touted as a more secure payment card approach. But a presentation being made at this week's Black Hat conference is the latest to say that the technology has fatal security flaws and, indeed, that its sophistication is its Achilles' heel.”
Level 3 Merchants Hit PCI Compliance At 60 Percent, Visa Confirms Numbers For The First Time– www.storefrontbacktalk.com – 8/3/11 – “Visa’s latest PCI compliance stats report Level 3 compliance for the first time, and it opened at a discomforting 60 percent. The 3,024 retailers in Level 3—which reflects those processing 20,000 to 1 million Visa E-Commerce transactions annually—had before only had their compliance level marked as “moderate.” The 377 Level 1 merchants (processing more than 6 million Visa transactions annually) saw their compliance inch up from 96 percent six months earlier to 97 percent as of June 30.”
Authorization Costs Dropped by More Than 10% Since 2009; Transaction Processing Costs Dropped Over 20% Since 2007– paymentspulse.com – 8/3/11 – “Merchant acquirers are paying more than 10% less for authorization costs than they did in 2009, and back-end transaction processing services cost 20% less than they did in 2007, according to a new study by The Strawhecker Group (TSG). Not surprisingly, big acquirers get the best pricing and new clients of service providers are getting better deals from providers than are acquirers who are older customers of the same providers.”
Battling Debit Fraud and Skimming– www.bankinfosecurity.com – 8/2/11 – “Chris Olson of Fremont Bank says card skimming and the acceleration of ID theft prompted the bank to initiate a move from the mag-stripe to the chip.”
Fed’s One-Cent Debit Card Fraud Allowance Likely Falls Short Of Cost, Analysts Suggest– www.isoandagent.com – 8/2/11 – “Debit card issuers scrambling to ensure they have appropriate fraud-protection strategies in place before new debit-interchange rates kick in Oct. 1 appear likely to confront some dilemmas, some analysts suggest.”

July 2011

104,003,513 Personal Online Identity Records Breached in Six Months, According To The IdentityHawk 2011 Semiannual Identity Breach Report– eon.businesswire.com. – 7/29/11 – “The IdentityHawkSM 2011 Semiannual Identity Breach Report summarized 104,003,513 personal online identity records breached in the last six months, showing 84,527,737 more personal records breached in the first half of 2011 than in all of 2010. The large increase of personal records breached to date in 2011 versus 2010 is due to the current cyber-attacks of large institutions. In 2010, IdentityHawk reported 250 enterprise breaches; through the first six months of 2011 it reported 158 enterprise breaches.”
Anomaly Detection: 'It Really Works'– ffiec.bankinfosecurity.com – 7/29/11 – “Anomaly detection and behavioral monitoring in place are fundamental tools for controlling online fraud. And according to the new guidelines issued by the Federal Financial Institutions Examination Council, they should be every banking institutions' minimum requirements, says Terry Austin of Guardian Analytics.”
News in brief: Arrests over Bet24 security breach; Demetriou asks questions of Alderney over FTP payments– www.egrmagazine.com – 7/28/11 – “Bet24 has revealed that arrests have been made over a security breach which it says resulted in customer information being “stolen”. The breach relates to accounts registered before 31 October 2009, and data stolen includes player names, addresses, dates of birth and account usernames, and credit card details, although those who registered accounts between 28 April 2007 and 31 October 2009 are said to be affected to a lesser degree than those who registered earlier.”
Data Thefts Surge Despite Increased Budgets– www.infosecisland.com – 7/28/11 – “NetIQ Corporation announced the results of an IT security survey commissioned through Harris Interactive, revealing the current effectiveness of data protection efforts.”
Credit card ‘skimmer’ sought– www.gwinnettdailypost.com. – 7/28/11 – “Police are looking for a tech-savvy credit card fraudster who may have stolen financial information from shoppers near The Forum outdoor mall in Norcross.”
Restaurant Breach Leads to Fraud – www.govinfosecurity.com – 7/27/11 – “A payment card breach at a Texas eatery raises new questions about merchant card security and restaurants' vulnerability to fraud.”
Man Accused Of Installing ATM Skimming Devices, ID Theft– www.10news.com – 7/27/11 – “A San Diego man accused of placing a debit card skimming device on a bank security door and ATMs so he could steal the PINs of thousands of customers pleaded not guilty Wednesday to 45 charges, including identity theft and burglary.”
Restaurant data breach highlights vulnerabilities– www.pizzamarketplace.com – 7/27/11 – “The payment-card data breach at a Margarita's restaurant in Huntsville, Texas, is shedding further light on the vulnerability restaurants face from debit- and credit-card hackers.”
Alleged ID thief stole $200,000 in debit-card scam– www.signonsandiego.com – 7/27/11 – “An alleged identity thief was charged Wednesday with looting more than $200,000 from customer accounts at a Rancho Peñasquitos bank by using an electronic device to steal debit card information.”
How Fast Is Fast Enough to Tell Customers About Data Breaches?– ww.law.com – 7/25/11 – “In financial data breaches, timing is almost everything. On June 13 a federal court held Comerica Bank liable for data breach losses even though it notified the customer and stopped all account activity within six hours. Two days later Citigroup Inc. was explaining why it took nearly a month to start notifying 360,000 customers of a breach. While Comerica didn't act fast enough for the court, experts say Citi's delay may have been justified.”
Safari patches cover 57 vulnerabilities– www.scmagazine.com.au – 7/25/11 – “Apple issued an update for Safari yesterday to cover 57 security fixes. The patches affect versions 5.0.6 and 5.1, of which: 46 could lead to remote code execution; four to information disclosure; three to the spoofing of addresses or content; three to cross-site scripting; and one to the mismanagement of SSL certificates.”
Cops find ATM card skimmer at Citrus Heights bank– www.news10.net – 7/25/11 – “Citrus Heights police caught two men they suspect of planting an ATM card skimmer device at a local bank, the second time the pair has been arrested in an ATM theft case.”
Police capture woman wanted in major ATM 'skimming' operation– www.komonews.com – 7/26/11 – “Police may have cracked part of a major identity theft ring after a woman was caught placing a card "skimmer" on a bank ATM in Lynnwood over the weekend.”
Obama Vows to Battle International Cybercrime– www.bankinfosecurity.com – 7/25/11 – “President Obama Monday declared a national emergency to battle what he characterizes as the extraordinary threat transnational criminal organizations pose to the nation's security, foreign policy and economy.”
Our View: Whose job was it to warn us? – www.itemonline.com – 7/25/11 – “The hundreds of Huntsville residents whose debit and card numbers were stolen at a local restaurant and sold on the black market all over the world have not only been asking that question but answering it.”
Chinese immigrant sent to jail for credit card skimming– www.greeleytribune.com – 7/25/11 – “A 23-year-old Chinese immigrant who was found with a credit card skimmer last summer at a west Greeley Asian restaurant earned a three-month jail sentence for her two-week stint in town.”
Is the final Durbin Amendment rule an impetus for EMV in the United States?– portalsandrails.frbatlanta.org – 7/25/11 – “On June 29, the Federal Reserve Board released its much-anticipated final rule, Regulation II, to the Durbin Amendment. The Board's final rule significantly differs from its interim rule on this amendment, resulting in ample commentary from the payments industry, financial institutions, and the merchant community.”
Two arrested for planting ATM skimmer at Citrus Heights bank - blogs.sacbee.com – 7/24/11 – “Citrus Heights police recovered an ATM card reader and burglary tools at a Citrus Heights bank early today after arresting two suspects.”
Customers Key to Beating Card Fraud – www.bankinfosecurity.com – 7/22/11 – “From the recent exposure of thousands of Citi cardholders to the Michaels debit breach, card fraud is clearly a threat that continues to impact card issuers. Involving the consumer in prevention is a step financial institutions need to take, says Javelin's Phil Blank.”
Hypercom Pulls Plug on SmartPayments Software Amid Security Flaws– www.digitaltransactions.net – 7/21/11 – “Security weaknesses have caused Hypercom Corp. to pull the plug on a software system that enables gateways and merchants using personal computers as virtual terminals to connect to payment-processing services.”
Ron Ross on NIST's New Privacy Controls – www.bankinfosecurity.com – 7/21/11 – “NIST's Ron Ross points out that its seminal security control guidance, Special Publication 800-53, contains only one privacy control, requiring agencies to conduct a privacy impact assessment. That will change by year's end.”
Anonymous claims breach of NATO security– www.tgdaily.com – 7/21/11 – “Anonymous is at it again. The hacker collective says that they have broken through NATO security and accessed a significant amount of restricted material.”
House Panel Rejects Health Data Amendments in Breach Measure – www.ihealthbeat.org – 7/21/11 – “A House subcommittee has rejected legislative amendments that would have expanded proposed consumer data protections to cover breaches of certain health-related data, National Journal reports (Gruenwald, National Journal, 7/20).”
SAFE Data Act Passes Out of Commerce Subcommittee – www.broadcastingcable.com – 7/20/11 – “The SAFE Data Act passed out of the House commerce, Manufacturing & Trade Subcommittee Wednesday after procedural wrangling and partisan divisiveness over an issue everyone agrees on: there need to be more uniform laws on data privacy protection and breach notification.”
House Panel Approves Data Breach Notification Bill – www.pcworld.com – 7/20/11 – “A U.S. House of Representatives subcommittee has voted to approve a bill that would require companies to notify affected customers about data breaches and would require businesses holding personal information to establish data security programs.”
Gallatin Police Investigate Largest 'Skimming' Ring Ever – www.newschannel5.com – 7/20/11 – “Alycia Ehlert may have a freshly reissued debit card in her wallet, but for now she's not using it.”
Court approves credit card steering settlement– www.forbes.com – 7/20/11 – “A federal judge on Wednesday approved a settlement between the Justice Department and MasterCard and Visa that requires the card processing networks to allow retailers to offer discounts or rebates to customers for using a particular kind of card.”
Gift Card Patent Troll Surrenders, Retailers Off The Hook – www.storefrontbacktalk.com – 7/14/11 – “The case against the dozens of major retailers who have been sued for supposedly violating a payment patent continued to collapse Friday (July 8) when the patent holder—Card Activation Technologies (CAT)—surrendered the validity of any of its claims. This is good news for those chains, as it means the litigation against them is suspended and is very likely to be dismissed. This immediately followed a federal judge's ruling that invalidated all but three of CAT's claims.”
Pay-at-the-pump fraud on the rise – www.spva.org – 7/14/2011 – “According to recent news reports, at least 60 people in suburban Tucson have reported fraudulent transactions after swiping their cards to pay for gas – the latest in a rash of card skimming incidents at gasoline pumps nationwide. Only a few weeks ago, police in West Covina, Calif., launched a public awareness campaign after skimming devices were discovered at multiple gas stations. And last year, one Florida police department even recommended that motorists avoid using pay-at-the-pump terminals altogether, instead opting instead to pay inside with cash.”
Eye on EMV: UNFCU Study, Aite Survey, Jack Henry Service– www.digitaltransactions.net – 7/14/11 – “News released this week shows further positive signs for chip cards based on the Europay-MasterCard-Visa (EMV) standard in the United States. While barely a factor in electronic payments domestically as recently as two years ago, EMV has come to the fore as issuers seek ways to control fraud losses and as other advanced economies roll out the technology, leading many observers to predict more fraud tied to magnetic-stripe cards. EMV technology replaces mag stripes with chips that secure payment credentials.”
California Arrests Appear Linked to Ankeny Debit Card Fraud – ankeny.patch.com – 7/14/11 – “Two men have been arrested in California in apparent connection to the theft of thousands of dollars from the bank accounts of dozens of Ankeny residents in a scheme involving debit cards.”
Dozens in Cedar Rapids report fraudulent bank transactions– thegazette.com – 7/14/11 – “Local financial institutions are asking customers to closely monitor their accounts after a card skimmer was apparently installed in the Cedar Rapids area.”
Personal Banking Info Stolen from PHX TSA Employees– www.myfoxphoenix.com – 7/13/11 – “Police are looking into the theft of personal financial information at Sky Harbor, and all it took for the information to be stolen was a swipe of their credit or debit cards.”
Credit card numbers stolen in Kiplinger breach– www.net-security.org – 7/13/11 – “Kiplinger Washington Editors - the publisher of well-known business and economic publications such as the The Kiplinger Letter and the Kiplinger's Personal Finance magazine - has suffered a breach that resulted in the compromise of customer information of their online subscribers.”
Police issue Windermere card skimming warning– www.bbc.co.uk – 7/13/11 – “A member of the public alerted police to the suspicious addition to the cash machine on Lake Road in Bowness at 1430 BST on Tuesday.”
Dozens arrested over credit card fraud: Europol– www.expatica.com – 7/12/11 – “European and US intelligence agencies have cracked an international ring of credit card fraudsters and arrested 61 people, Europol said Tuesday.”
Waitress indicted on charges she stole customers' credit card info– www.freep.com – 7/12/11 – “A Detroit-area waitress got a tip from a federal grand jury today: stealing is wrong. Nyema King, a waitress at a Novi Melting Pot, was indicted in U.S. District Court today on identity theft charges after getting caught at the Canadian border with 57 phony credit cards stuffed in her pants. She also had a list of expensive items to buy, records show.”
Europol helps dismantle debit card fraud ring– www.taiwannews.com.tw – 7/12/11 – “The European Union's police organization says it has helped dismantle a major debit card fraud ring believed to have stolen (EURO)50 million ($70 million) from bank accounts around the world.”
Former student pleads guilty to fraud charges– www.onlineathens.com – 7/12/11 – “A former University of Georgia doctoral student has admitted he enlisted restaurant servers across the Southeast to steal about $150,000 that he used to go on shopping sprees.”
Folsom police suspect debit card skimmer led to $50,000 in fraudulent purchases– blogs.sacbee.com – 7/12/11 – “A man is suspected of taking $50,000 from victims, possibly by placing a debit card reading device somewhere in the Sacramento region.”
Russian TV Report: Drug Gangs Kidnap Cyber Pros to Hack Into Banks– motherboard.tv – 7/11/11 – “It’s not the subplot to a Jerry Bruckheimer movie: drug dealers in Mexico really are kidnapping computer whizzes and forcing them to hack into bank systems and program credit card fraud scams in order to acquire additional funds on top of what they haul in from selling drugs.”
POLICE: La Sirena employee fattens up on diner's credit cards– www.cbs12.com – 7/11/11 – “West Palm Beach police say they know of at least 16 people who dined at La Sirena restaurant and had their credit card information stolen.”
C.O. Credit Card Scam Numbers Soaring– www.ktvz.com – 7/11/11 – “The number of Central Oregonians reporting their credit cars being compromised by scammers in recent days has topped 85, Bend police said Tuesday afternoon. That's nearly triple the 31 cases reported by Monday.”
St. Louis man sentenced for stealing credit card numbers– www.stltoday.com – 7/11/11 – “Trevaris Johnson, 31, was sentenced to 57 months in prison Friday for convincing a restaurant waitress to steal customers' credit card information, the U.S. Attorney's office said Monday.”
Disguising Data– supermarketnews.com – 7/11/11 – “Ever since Hannaford Bros. experienced a massive data security breach in 2007, losing control of 4.2 million credit and debit cards, food retailers have been seeking to learn from the Scarborough, Maine-based chain's experience.”
Sheriff's office: Skimmers active in 3 counties– www2.highlandstoday.com – 7/9/11 – “Reports of credit and debit card skimmer fraud have climbed dramatically in Highlands County, sheriff's spokeswoman Nell Hays said Friday.”
Boise Police Look For ATM "Skimming" Suspect – www.fox12idaho.com – 7/8/11 – “A warning for ATM users. Boise police say someone put what's called a "skimming" device on a local ATM machine and may have stolen your money.”
Ga. student pleads guilty to identity theft – www.knoxnews.com – 7/8/11 – “A Georgia college student, identified by authorities as the mastermind of a multistate identity theft operation, on Thursday admitted guilt to a federal judge.”
ATM Skimming– www.abc.net.au – 7/7/11 – “Next time you go to an ATM to withdraw cash, you might want to pay extra attention to what you're doing.”
Skimmers Target Bank Branches– www.bankinfosecurity.com – 7/7/11 – “The U.S. Attorney's Office in Houston has brought charges against four men for stealing more than $400,000 as part of an ATM skimming scam targeting local banks.”
Hackers expose flaw in Apple iPad, iPhone software– www.reuters.com – 7/7/11 – “The security flaw in Apple's iOS operating system came to light on Wednesday as the website www.jailbreakme.com released code that Apple customers can use to modify the iOS operating system through a process known as "jail breaking."”
Emerging Tech and Risk Assessment– blogs.bankinfosecurity.com. – 7/7/11 – “"Emerging" technology - and I'll use my adjectives carefully - gets a lot of attention these days. Cloud computing, mobile banking, chip and near-field payments, tokenization ... each is talked about in security circles, though none is hardly new or emerging.”
Insider Threats: Great and Growing– www.bankinfosecurity.com – 7/7/11 – “Insider fraud expert Shirley Inscoe says Citi is not the only financial institution that's doing a poor job of keeping up with employee misconduct. Few banking institutions grasp how damaging inside jobs actually are.”
Visa, Banks Make Sense of Swipe Fee Cap Fallout– www.csnews.com – 7/7/11 – “Now that the swipe fee rate has been set, at least one major debit card issuer is preparing for the fallout. Just one week after the Federal Reserve Board issued a final 21-cent cap on debit card transaction fees, Visa Inc. updated its financial outlook for fiscal year 2011 in a conference call late Wednesday. The information, coupled with select metrics for fiscal year 2012, were included in a Form 8-K filed with the Securities Exchange Commission after market close.”
Washington Post Hack Compromises 1.27 Million Job Seeker Accounts– www.crn.com – 7/7/11 – “The Washington Post on Thursday alerted users that a data breach compromised an estimated 1.27 million accounts on its job seeker site.”
Police want help finding the 'skimmer man'– www.ktvb.com – 7/7/11 – “Boise Police detectives are asking for the public's help in finding a man who used a "skimming" device at an east Boise bank last month.”
Seattle ATM 'skimmer' bilked more than 100, faces prison – www.seattlepi.com – 7/7/11 – “On Friday, a Renton man and admitted ATM “skimmer” will learn how many years he’ll spend in federal prison for a crime spree that impacted at least 100 people.”
The Real Mobile-Payment Risk– www.americanbanker.com – 7/7/11 – “Who can blame consumers for not equating "mobile payments" with "security?" News reports of malicious apps on Android smartphones accessing people's personal information are enough to make any reasonable person question the wisdom of loading their credit card information into their mobile devices. And though not specific to mobile devices, the recent online credit-card breach at Citigroup, the hacking of Alliance Data Systems' email marketing subsidiary Epsilon and similar incidents certainly don't help to instill confidence in technology's ability to safeguard our information.”
Police Make 2 Arrests in Connection With ATM Skimming – www.nbcconnecticut.com – 7/6/11 – “Police arrested a New London man with an extensive criminal history in connection with ATM skimming and a New York man believed to be behind dozens of skimming incidents.”
Washington Post says job seeker data was breached – news.cnet.com – 7/6/11 – “About 1.27 million user IDs and e-mail addresses belonging to people looking for employment on The Washington Post Jobs Web site were affected by a data breach last week, the newspaper says.”
Card Fraud: Prevention Lags– www.bankinfosecurity.com/ – 7/6/11 – “Major U.S. card issuers continue to get poor marks when it comes to steps they take to prevent card fraud. In fact, according to research released by Javelin Strategy & Research, prevention measures for the last three consecutive years have continually declined, despite exponential increases in fraud.”
Fraud Prevention: Consumers are Key– www.bankinfosecurity.com – 7/6/11 – “Most of the top payment card issuers are doing a poor job of preventing fraud. In fact, Phil Blank of Javelin Strategy & Research says a majority of the top U.S. issuers of Visa and MasterCard have for the last three years received poor marks for consumer education and fraud prevention - revealing a gap in steps institutions should take to curb card-fraud losses.”
Reputed crime boss accepts plea agreement– www.lvrj.com – 7/5/11 – “The reputed leader of a Bulgarian organized crime ring in Las Vegas has pleaded guilty to stealing hundreds of thousands of dollars from bank ATMs around the valley.”
How cyber liability insurance protects companies from Information Age exposures– www.sbnonline.com – 7/5/11 – “The U.S. economy has traditionally been product based, with companies increasing revenue by selling more products. However, as technology has expanded, the emphasis has shifted, says Kevin P. Kalinich, Co-National Managing Director of Aon Risk Solutions’ financial services group.”
ESL Credit Union Customers Learning of Security Breach– www.13wham.com – 7/5/11 – “Customers at ESL Federal Credit Union will receive new debit and credit cards because of a security breach.”
Hackers’ Apple breach draws attention to security issues again – www.theglobeandmail.com – 7/4/11 – “High-profile hacking incidents have embarrassed two of the biggest names in digital media, once again casting the spotlight on the growing influence and ubiquity of freelance “anti-security” hacking groups.”
Card skimmer found in EFTPOS machine - Coff's Coast Advocate– www.atmsecurity.com – 7/4/11 – “A CARD skimming device found in a local EFTPOS machine has resulted in many Coffs Coast residents receiving a call from their bank telling them their cue cards and Visa debit/credit cards were potentially compromised and should be cancelled.”
Move Over, Sony. Now Hackers Are Attacking Apple. iCloud Beware? – moconews.net – 7/4/11 – “Computer hackers may have found their latest target, and it’s a tech world biggie: on Sunday the group AnonymousIRC posted data online that indicated that it was able to breach security at Apple (NSDQ: AAPL). The break-in comes after several months of data hacks that have hit companies like Sony (NYSE: SNE), government organizations and high-profile web sites. It is also a worrying development that comes just as Apple is gearing up for a major push into cloud-based services, with large amounts of user data stored remotely, with its iCloud products.”
Card skimmer found in EFTPOS machine– www.coffscoastadvocate.com.au – 7/4/11 – “A CARD skimming device found in a local EFTPOS machine has resulted in many Coffs Coast residents receiving a call from their bank telling them their cue cards and Visa debit/credit cards were potentially compromised and should be cancelled.”
The Fed's Impact on Fraud Funding– www.bankinfosecurity.com – 7/1/11 – “Banks made a few gains this week in the debit interchange debate, after the Federal Reserve announced June 29 it would offer a 1-cent per transaction incentive for fraud prevention investments tied to debit-card transactions.”

June 2011

Data Breach Spring– www.infosecurity-magazine.com – 6/30/11 – “Infosecurity’s Drew Amorosi examines three data breach incidents from the past few months that, by their nature, keep security vendors in business, regulators busy, and CISOs up at night. Find out why industry observers think this rash of massive breaches could lead to a ‘PCI for consumer privacy’”
"Skimming" scam affects Conway area residents– thecabin.net – 6/29/11 – “Officials with the Conway Police Department are investigating a banking scam that has affected the Conway area.”
NACS Calls Fed’s Final Rule ‘An Irresponsible Abdication of Its Legal Duty’ – www.nacsonline.com – 6/30/11 – “The U.S. Federal Reserve’s final rules on debit card swipe fees “is an irresponsible abdication of its legal duty to implement the law as written,” said National Association of Convenience Stores (NACS) Senior Vice President of Government Relations Lyle Beckwith.”
The Fed's Final Debit Rules: Did Anyone Win?– www.pymnts.com – 6/30/11 – “Whew, at least it’s over! Two months after they were due under the Dodd-Frank Act and about three weeks before they were supposed to go into effect, the Federal Reserve announced the final rules for regulating the debit card industry late yesterday afternoon. Hopefully, the Fed staff will now get to take a well-deserved vacation having spent late nights and weekends presumably pouring over the 11,000 or so comments they got and figuring out what to do. Everyone else probably has a lot of work to do.”
Government in the Sunshine Meeting Notice– www.federalreserve.gov – 6/29/11 – “On the day of the meeting, you will be able to view the meeting via webcast from a link available on the Board’s public website. You do not need to register to view the webcast of the meeting. A link to the meeting documentation will also be available approximately 20 minutes before the start of the meeting. Both links may be accessed from the Board’s public website at www.federalreserve.gov.”
Why Aren't Phones Waving Like Crazy to Pay in Europe? EPC Leader Shares Insight – www.pymnts.com – 6/29/11 – “The Father of SEPA, the European Payments Council recently issued its proposed plan for achieving interoperability of mobile contactless in Europe. Dag-Inge Flatraaker, EPC’s M-Channel Working Group Chair, spoke with Market Platform Dynamics founder David Evans in this exclusive NEXTcast interview about the reaction thus far to the new contactless SEPA payment guidelines and how close Europe truly is to full-scale mobile payments adoption. ”
Reducing PCI DSS Scope with the TransArmor Solution– www.firstdata.com – 6/29/11 – “Organizations who handle payment card data are obligated to comply with the Payment Card Industry Data Security Standard (PCI DSS.) The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.”
Federal Reserve Issues Final Rule on Durbin Amendment– www.paymentsnews.com – 6/29/11 – “The Board of Governors of the U.S. Federal Reserve have issued the final rule governing debit card interchange fees, the fraud prevention adjustment, and routing and exclusivity restrictions.”
Pay-at-the-Pump Fraud Grows– www.bankinfosecurity.com – 6/28/11 – “Police in the Oro Valley suburb of Tucson, Ariz., issued a warning last week about a rash of pay-at-the-pump skimming attacks targeting debit accounts. So far, Oro Valley police say at least 60 victims have reported fraudulent transactions after swiping their cards for gas payments at stations on the community's North Side.”
$72M Bank Fraud Scheme Busted– www.bankinfosecurity.com – 6/27/11 – “International cooperation is to thank for the takedown of one cybercrime ring accused of stealing more than $72 million from bank accounts spanning more than 10 countries.”
UK hotel chain Travelodge customer data hacked– security.cbronline.com/ – 6/27/11 – “ravelodge claims that customers' credit details were not compromised during the breach. UK based hotel chain Travelodge has admitted that a hacker group had managed to obtain names and email addresses from its customer database.”
They're Back! Data Breach Notification Bills Resurface– www.cio.com – 6/27/11 – “CSO — After several large breaches -- including the Epsilon, Sony, and Citigroup incidents that left customer financial data exposed -- federal lawmakers are dusting the covers off of an old idea: national data breach notification laws.”
Customers' details stolen after T&T website breach– www.theprovince.com – 6/26/11 – “Personal information of about 58,000 people has been stolen after the website of Richmondbased T&T Supermarket Inc. was hit by hackers. On Friday, the Asian grocery store chain announced that security breaches of its site, tnt-supermarket.com, had occurred on June 6, 7, 11 and 14-17.”
ID thieves seize on vulnerable market– www.thenational.ae – 6/25/11 – “Hisham Wynne did not notice the Dh8,000 charge to his credit card until he received his statement, but he knew he definitely could not have booked that trip to Zurich, Switzerland. The plane ticket was purchased from somewhere in Europe. The card, however, was with the 25-year-old writer and radio commentator in Dubai, where he lives.”
Michaels Breach: 4 Suspects Sought– www.bankinfosecurity.com – 6/25/11 – “In a new twist to the Michaels point-of-sale breach, a police department in Oregon is asking the public to help nab suspects believed to be involved in the card skimming scheme.”
PCI Council Releases ‘First Step’ Guidelines on Mobile-Acceptance Apps– www.digitaltransactions.net – 6/24/11 – “The PCI Security Standards Council on Friday released its first guidelines on mobile-acceptance applications since announcing in November that it had stopped reviewing such products. The Wakefield, Mass.-based Council, which manages the Payment Card Industry data-security standard (PCI), also said it hopes to start forming a broad group of mobile-payments experts next month to help formulate further rules for acceptance apps.”
Nashville Zoo warns of website breach– www.tennessean.com – 6/24/11 – “The Nashville Zoo sent an e-mail alert out to patrons warning of a possible breach in security on the Zoo’s website that could result in the theft of customers’ credit card information.”
Travelodge adds its name to growing data breach list– www.microscope.co.uk – 6/24/11 – “Budget hotel chain Travelodge has become the latest well known firm to have to hold its hands up to a data breach after it revealed some customers had become victims of a spam attack.”
Citigroup Cites $2.7 Million in Customer Losses From Hack – online.wsj.com – 6/24/11 – “Citigroup Inc. has told government officials that about 3,400 of the customers whose credit-card information was hacked have suffered about $2.7 million in losses, according to people familiar with the matter.”
T and T grocery chain admits to website security breach– www.insidetoronto.com – 6/24/11 – “Richmond, BC-based T&T Supermarket Inc, which has three locations in Toronto (two in Scarborough and one in the port lands), advised the public of "unauthorized and illegal intrusions" on its website - www.tnt-supermarket.com - in a June 24 press release.”
Oregon Police Have Suspects in Michaels Skimming – www.cutimes.com – 6/24/11 – “Police in the Portland, Ore. suburb of Beaverton said they have photos and the identifications of suspects in some 50 fraud cases linked to the recent card data breach at the retail craft chain Michaels, the Beaverton Police Department.”
Visa Inc. to Provide Business Update on July 6, 2011– finance.yahoo.com – 6/24/11 – “Visa Inc. today announced that it will update its financial outlook for fiscal year 2011 and select metrics for fiscal year 2012 in a Form 8-K to be filed on July 6, 2011 after market close. Today's announcement follows the commitment management made in its last earnings call to update aspects of its financial expectations once the timing of final rules from the Federal Reserve was made known. Those rules are expected to be formally proposed on June 29, 2011.”
Lawsuit: Sony knew its PSN security was at risk– news.cnet.com – 6/24/11 – “Three men are suing Sony over April's massive data breach of the company's PlayStation Network and Sony Online systems, saying the company knew its security system was inadequate before the cyberattack.”
Dropbox Breach: Fewer Than 100 Accounts Affected, But One Person Actively Exploited Security Hole– techcrunch.com – 6/24/11 – “It’s been an incredibly rough week for Dropbox. On Monday, news broke that a bug in the service’s authentication software effectively made passwords optional for around four hours over the weekend — meaning that you could log into anyone’s account simply by entering their user name.”
New EU Rule To Likely Force U.S. Retailers To Disclose U.S. Data Breaches Immediately– www.storefrontbacktalk.com – 6/23/11 – “The European Union will soon require all companies doing business in Europe to notify customers "as soon as they become aware" of a data breach. For U.S. retailers that move will likely force global notification if a retailer has any European customers, because there won't be time to determine who was hit or what was taken. Given the lack of time to positively rule out a Euro impact, retailers will have to just disclose.”
New Indian Privacy Rules Could Force The Hand Of Many U.S. Retailers – www.storefrontbacktalk.com – 6/23/11 – “New data security regulations in India may make retailers think twice about outsourcing functions that involve consumer information to the subcontinent. The new government rules, which took effect in April, could impact virtually all retailer IT operations if anything is located in India.”
Mobile Payment Vendor Claims PCI Compliance, Then Admits That It Was Fiction – www.storefrontbacktalk.com – 6/23/11 – “It’s not common to see a PCI security vendor issue a sales pitch E-mail blast and to then follow it up with an extensive correction to its retail IT prospects. But that happened on Wednesday (June 22), and for good reason: Not only did the company claim to be PCI compliant on mobile payment (when in fact no one can be), but it even created and posted on its site—and included in the E-mail—its own PCI Council seal of approval icon (when in fact none exists).”
Cyberwar: Worse Before Better– blogs.bankinfosecurity.com – 6/23/11 – “Security professionals won't find themselves at a loss for work anytime soon. Feedback from industry leaders at this week's Gartner Security and Risk Management Summit in D.C., points to threats in the cyberworld getting worse before they get better.”
ATM 'skimming' ring dismantled– www.mississauga.com – 6/23/11 – “Earlier this month, the Halton Regional Police Fraud Bureau began an investigation in relation to a group of people responsible for "skimming" automated teller machines. The group operated within the Greater Toronto Area, predominantly in Oakville, police say, and was responsible for $245,000 in losses to debit card customers and financial institutions.”
Law Enforcement Learn About Identity Theft– www.ktvn.com – 6/23/11 – “Local law enforcement is getting some new weapons for its arsenal in its battle against identity theft. "We've noticed that the suspects, as technology increases, have become more sophisticated. So the advanced course is really to teach investigators how to keep up with criminals who are using advanced technologies," says Justin Feffer.”
Hackers steal credit card numbers from computers at Conor O'Neill's in Ann Arbor– www.annarbor.com – 6/22/11 – “Hackers broke into the computer system at Conor O’Neill's Traditional Irish Pub in Ann Arbor and stole customers’ credit and debit card information and then used it to make purchases in Texas, police said.”
Ponemon Institute Survey Finds 90 Percent of Businesses Fell Victim to Cyber Security Breach at Least Once in the Past 12 Months – www.marketwire.com – 6/22/11 – “A survey of US IT and IT Security professionals, conducted independently by Ponemon Institute and sponsored by Juniper Networks (NYSE: JNPR), found the threat from cyber attacks today is nearing statistical certainty and businesses of every type and size are vulnerable to attacks.”
Ohio Debit Breach: Damage Control– www.bankinfosecurity.com – 6/22/11 – “In the wake of the recent debit card breaches in Ohio, some banking institutions have begun outreach to customers. Fraudsters, using stolen debit details, hit accounts with signature-based transactions used for online and over-the-phone purchases. Fraudulent purchases, some of which neared $4,000, at Walmart, AutoZone and CVS were reported. Other transactions were initiated overseas, including some in Germany and the Philippines.”
Austin Will Be Among The First "Wave And Pay" Cities – www.fastcompany.com – 6/22/11 – “Tech-savvy Texans will be some of the first in the U.S. to experience comprehensive NFC-driven mobile commerce, thanks to ISIS. Pretty soon, you'll be able to leave your wallet at home.”
DI debit/credit card breach thwarted– www.thedanielislandnews.com – 6/22/11 – “The Daniel Island business that served as the "point of compromise" in a rash of debit/credit card fraud cases has taken steps to shut down the breach, according to an investigator with the Charleston office of the U.S. Secret Service.”
Skimmers hit Highlands County– www.newssun.com – 6/22/11 – “According to Nell Hays, Public Information Officer of the Highlands County Sheriff's Office, several individuals throughout the county has had their debit card information stolen by gas station "skimmers."”
Eight charged in Pr. George’s counterfeiting ring– www.washingtonpost.com – 6/21/11 – “Police in Prince George’s County have charged eight people they say were part of a counterfeiting ring that passed fake money through a Bladensburg Walmart in exchange for real pre-paid Visa cards, authorities said.”
Hackers Steal 63,000 Dollars from Kansas Car Dealership– artilib.org – 6/21/11 – “An online bank robbery in which computer crooks stole $63,000 from a Kansas car dealership illustrates the deftness with which cyber thieves are flouting the meager security measures protecting commercial accounts at many banks.”
Visa Offered 35% Interchange Cut for Small Merchants on Eve of Tester-Corker Vote– www.digitaltransactions.net – 6/21/11 – “It was Visa’s Hail Mary pass: If the U.S. Senate would delay the Federal Reserve’s draconian debit card interchange regulations called for by the Durbin Amendment, the world’s largest card network would cut debit interchange by 35% for small merchants.”
Thieves siphon off credit card info at Hollywood Park pump – www.kens5.com – 6/21/11 – “Local criminals are targeting San Antonio drivers at the gas pump, trying to steal their personal information. Investigators discovered a credit card skimmer at a gas station in Hollywood Park. They were tipped off after customers complained they were having trouble paying at the pump.”
Debit Breach Hits Ohio Accounts– www.bankinfosecurity.com – 6/21/11 – “The recent breaches that affected dozens of Northeast Ohio banks and credit unions were most likely caused by the interception of CVV2 card security codes, says Mike Urban, senior director of fraud product management at FICO.”
Web certificate authority closes after hack– www.scmagazine.com.au – 6/21/11 – “Web authentication authority StartSSL was forced to shut down after a security breach of its Israel-based parent company StartCom last week. StartCom did not detail how the breach occurred and said only that it had suspended the issuance of new digital certificates.”
Elavon Introduces SAFE-T Suite Point-to-Point Encryption and Tokenization Solution – www.businesswire.com – 6/20/11 – “Elavon, a wholly owned subsidiary of U.S. Bancorp (NYSE: USB) and a leading global payments provider, today releases SAFE-T Suite, its Secure and Flexible Encryption and Tokenization portfolio of products and services that helps companies protect data at every point in the transaction lifecycle: in use, in transit and at rest. The solution also eases the burden of PCI compliance audits and helps reduce the total cost of card acceptance.”
Elavon Introduces SAFE-T Suite Point-to-Point Encryption and Tokenization Solution– www.pymnts.com – 6/20/11 – “Elavon, a wholly owned subsidiary of U.S. Bancorp (NYSE: USB) and a leading global payments provider, today releases SAFE-T Suite, its Secure and Flexible Encryption and Tokenization portfolio of products and services that helps companies protect data at every point in the transaction lifecycle: in use, in transit and at rest. The solution also eases the burden of PCI compliance audits and helps reduce the total cost of card acceptance.”
Is a national data breach notification law on the horizon?– portalsandrails.frbatlanta.org – 6/20/11 – “Extensive privacy regulations exist that provide a framework for promoting identity theft prevention, data security, use of data limitations, requirements for data destruction, notice, user content, and accountability. Some of these laws are the Fair Credit Reporting Act, the Right to Financial Privacy Act, and the Gramm-Leach Bliley Act, among others. Each of these financial privacy laws has been amended several times since their enactment, but none have standardized data breach notification rules.”
Lawmakers Add 48-Hour Rule to Data Breach Notification Bills– www.eweek.com – 6/16/11 – “U.S. Sens. Jay Rockefeller and Mark Pryor joined U.S. Rep. Mary Bono Mack in filing legislation that requires companies to notify customers about data breaches within 48 hours of when an incident assessment is completed.”
An Amendment To Delay the Durbin Amendment Comes Up Short– www.digitaltransactions.net/ – 6/8/11 – “Defenders of the debit card interchange status quo saw their last, best hope to delay draconian Federal Reserve regulations from taking effect go down to defeat Wednesday afternoon. An amendment in the U.S. Senate that would have delayed the Fed’s rules died on a 54-45 vote, six shy of the 60 it needed. Barring any last-minute legislative surprises, nothing now stands in the way of the Fed issuing its final rules to implement the so-called Durbin Amendment by July 21 as required by last year’s Dodd-Frank financial-reform law.”
BitCoin exchange hacked: 61,000 accounts published– www.scmagazine.com.au – 6/20/11 – “More than 61,000 usernames, email addresses and hashed passwords used by traders on the BitCoin virtual currency exchange Mt.Gox have been stolen and uploaded to the internet.”
Hackers nab data of over 1 million online game customers– www.cnn.com – 6/20/11 – “Hackers have stolen personal information from over 1.2 million customers of the Japanese gaming company SEGA, according to a company statement.”
Sega Announces 1.3 Million Users' Info Stolen In Database Breach– www.consumerist.com – 6/20/11 – “Sony PlayStation and Nintendo have more company in the hacker gaming attack club, as Sega announced on Sunday that 1.3 million customers have had their info stolen from its database.”
Men charged– timestranscript.canadaeast.com – 6/18/11 – “Two Toronto men are under arrest in connection with alleged credit and debit card frauds in Metro Moncton. Manothkumar Selvarasa and Vaneesan Thangavelautham, both 34, appeared yesterday before Moncton provincial court for bail hearings on charges of fraud laid following their arrests Tuesday by Codiac RCMP.”
Pics show suspects in Michael's store ATM card reader scam– www.nwcn.com – 6/18/11 – “Detectives in Beaverton have been working with Federal investigators to try and capture the suspects who skimmed customers’ debit and credit cards in Michael’s stores.”
Sega Pass customer details hacked– www.bbc.co.uk – 6/17/11 – “Sega has told gamers that some of their personal information may have been stolen following an attack on its systems.”
Fall River Municipal Credit Union's ATM found with suspicious camera– www.heraldnews.com – 6/17/11 – “An unusual device attached to the ATM of a Fall River Municipal Credit Union branch caught the attention of a customer. And now city police have taken interest in the mysterious accessory.”
Starters Waitress Accused of Swiping Customers' Credit Card Numbers– www.myfoxdetroit.com – 6/17/11 – “Let's start by saying that Ali Saad is one standup guy. He's the owner of Starters Bar and Grill in downtown Detroit. Here's why we're singing his praises, and you probably will, too. "I treat all my employees as if we're family. You can ask any employee I have working here, and they're tell you as if I'm a big brother, father figure to them," he said.”
Starter's Bar and Grill waitress accused of stealing credit card information– www.freep.com – 6/17/11 – “A waitress at the Starter’s Bar and Grill in Detroit stole credit card information from 13 customers with a technological gizmo known as a skimming device, according to records filed today in U.S. District Court.”
Fraud Verdict: Opinions Vary– www.bankinfosecurity.com – 6/17/11 – “A District Court's opinion this week in an ACH and wire fraud case between a bank and its former commercial customer has fueled discussion about liability, reasonable security and the contractual obligation banks have to protect their customers' commercial accounts.”
Citigroup Reveals Breach Affected Over 360,000 Cards– www.pcworld.com – 6/16/11 – “Over 360,083 credit card accounts in North America of Citigroup were affected as a result of a compromise of its card account management website in May, the bank said in an update on Wednesday.”
Citi details accounts hit by hacking attack– www.ft.com – 6/16/11 – “Citibank has released data showing the wide extent of the accounts targeted by a breach of its credit card database in the US, with customers in California, Texas, Illinois, New York and Florida the most affected by the hacking.”
UK Health Breach Affects 8.6 Million– www.healthcareinfosecurity.com – 6/15/11 – “An unencrypted laptop computer that's missing from the United Kingdom's National Health Service North Central London health authority contained information on 8.63 million people, according to a report on The Sun newspaper's website.”
Eastern European ring at center of ATM skimming case in U.S.– www.sacbee.com – 6/15/11 – “On the last Sunday in May, federal agents watched as two men dropped off a third near a Citibank branch across the street from Our Lady of the Resurrection Medical Center in the Portage Park neighborhood of Chicago.”
Secure POS Vendor Alliance Releases New Security Requirements – www.paymentsnews.com – 6/15/11 – “SPVA logo 140pxThe Secure POS Vendor Alliance (Hypercom, Ingenico, and VeriFone) has announced the release of standards for the post manufacturing stage of a secure payment device. "The new guidelines require that a payment device be properly handled from the moment it is produced to the moment it is loaded with customer keys."”
PCI Security Standards Council Publishes PCI DSS Virtualization Guidelines – www.paymentsnews.com – 6/15/11 – “PCI Council logo 140pxThe PCI Security Standards Council (PCI SSC) has announced (PDF) the findings of the Council's Virtualization Special Interest Group. "The PCI DSS Virtualization Guidelines Information Supplement provides guidance to those in the payment chain on the use of virtualization technology in cardholder data environments in accordance with PCI DSS."”
Debit card fraud outbreak widens in Cleveland area– www.bizjournals.com – 6/15/11 – “A Cleveland Plain Dealer analysis of police records shows a recent debit card fraud breach hit customers at more banks than originally thought.”
Smartphones and Tablets Create Huge Corporate Security Challenge– www.cio.com – 6/15/11 – “Adapting security and management for the new generation of mobile devices -- everything from the Apple iPhone and iPad to Google (GOOG) Android devices to name a few -- is turning out to be a huge corporate challenge.”
PCI: New Guidance Addresses Risks– www.bankinfosecurity.com – 6/14/11 – “New guidance from the PCI Security Standards Council about the risks associated with virtualized systems aims to help merchants proactively evaluate security before they leap into new deployments.”
Durham cops bust wide-ranging card skimming operation– www. newsdurhamregion.com – 6/14/11 – “Thousands of victims had their bank accounts and credit cards breached by a band of fraudsters rigging debit card terminals to skim data, Durham police allege.”
Park Ridge police stake out bank after ATM skimming device found – parkridge.suntimes.com – 6/14/11 – “Park Ridge police detectives recently conducted surveillance on an Uptown bank in an attempt to apprehend the person who placed a skimming device on an ATM.”
PCI Council Issues Virtualization Guidelines, Still Crafting Mobile Rules– www.digitaltransactions.net – 6/14/11 – “The PCI Security Standards Council on Tuesday released guidelines on how merchants, processors, card issuers, and tech companies should securely handle payment card data in light of the increasing “virtualization” of systems that transmit and process such data. Meanwhile, the Council is still grinding away on guidelines for mobile-payment security that it had hoped to have out by this month.”
PCI Compliance: Offense Is the Best Defense– www.technewsworld.com – 6/14/11 – “Whether you're a new retailer just opening your doors or an established business with tens of thousands of customers, it's essential to remember that PCI compliance is not a one-time task. Assessment and testing cover only a single point in time; you can be compliant now and not later -- which is why you need to continually monitor every aspect of you cardholder data security investment.”
Breach Avoidance: 4 Tips– www.bankinfosecurity.com – 6/15/11 – “The breaches of computer systems at the U.S. Senate and the International Monetary Fund have solidified industry concerns about corporate complacency and cybersecurity gaps.”
PCI Mobile Payment Guidelines To Not Appear Before April, And Probably Much Later– storefrontbacktalk.com – 6/14/11 – “The PCI Security Standards Council’s much-anticipated rules on mobile-payment issues won’t happen before April of next year and will probably happen much later, according to a key member of the Council’s board of advisors. Given the pace of mobile-payment deployments and trials, this timetable forces retailers to move into this crucial area without standardized guidance—and virtually guarantees a lot of expensive changes in a year, when the rules finally materialize.”
Jackson Health reports inappropriate access of patient records– www.modernhealthcare.com – 6/14/11 – “Miami's Jackson Health System is reporting that an employee "inappropriately accessed confidential patient information" and is cooperating with law-enforcement officials in the apparent privacy breach.”
Portland-area debit card fraud could be related to Michaels PIN skimming– www.oregonlive.com – 6/14/11 – “A number of Portland-area residents reported their debit cards either were compromised or canceled suddenly over the weekend, and Beaverton police said at least one case was related to a data breach earlier this year at Michaels Stores Inc.”
Thieves Found Citigroup Site an Easy Entry– www.nytimes.com – 6/13/11 – “Think of it as a mansion with a high-tech security system — but the front door wasn’t locked tight. Using the Citigroup customer Web site as a gateway to bypass traditional safeguards and impersonate actual credit card holders, a team of sophisticated thieves cracked into the bank’s vast reservoir of personal financial data, until they were detected in a routine check in early May.”
Acer Says Names, Emails Hacked in Europe – www.pcworld.com – 6/13/11 – “Taiwanese PC maker Acer is investigating the hacker attack that stole customer data from its Packard Bell unit in Europe, according to a statement from the company.”
Computer expert at centre of credit card scam is jailed– menmedia.co.uk – 6/13/11 – “A crooked IT expert at the centre of a major credit card scam kitted out a shop with his ill-gotten gains.”
Merchant under fire in bank data breach affair speaks out– www. technologyspectator.com.au – 6/10/11 – “After weeks of speculation surrounding the identity of ‘the merchant’ at the centre of May’s bank data breach which resulted in thousands of credit card cancellations, the head of online retailer Crazy Sales has moved to fend off rumours.”
ATM skimming gang busted– www.dailytimes.com.pk –6/11/11 – “A local varsity student prepared a skimmer to illegally elicit data from ATM cards and deprive cardholders of millions of rupees bringing the credit card fraud into the country. The Federal Investigation Agency busted the gang and Friday produced it before Civil Judge and Judicial Magistrate Rai Liyaqat who adjourned the hearing till June 15.”
Citi Breach: A Warning to Banks– www.bankinfosecurity.com – 6/10/11 – “Industry experts agree it's too early to say how hackers managed to infiltrate Citi's online banking platform. [See Citi Breach Exposes Card Data.] But they all say the breach, which could have exposed personally identifiable information about 200,000 Citi customers, should serve as a wake-up - not just for Citi, but all banking institutions.”
ATM skimmers found in Virginia Beach– www.wtkr.com – 6/10/11 – “The City of Virginia Beach is known for the sand and sun. But last thing residents would think of is ATM skimming. Robert Fey of Virginia Beach had no idea the same ATM in Landstown Commons he used today was compromised by ATM Skimming.”
FDIC calls for stricter security efforts after Citigroup hacking– www.usatoday.com – 6/10/11 – “The Federal Deposit Insurance Corp., which regulates the nation's banks, is pushing for stronger account security measures at those institutions. The agency is specifically developing "additional guidance to enhance authentication procedures when customers access their online accounts," FDIC Chair Sheila Bair said in a statement.”
100 victims suspected in credit fraud – www.eastbayri.com – 6/10/11 – “Westport police have received information that about 100 people are victims of thieves who used identification information from Lafrance Hospitality Corporation to create fraudulent copies of patrons’ credit and debit cards.”
After Senate Loss, Banks Look Elsewhere to Continue Swipe Fee Fight– www.bankinvestmentconsultant.com – 6/9/11 – “Although banks failed in their attempt to convince Congress to delay an interchange fee cap for debit cards, the financial services industry is not giving up, just changing venues.”
Citigroup Confirms Customer Data Breach– www.cnbc.com – 6/9/11 – “Citigroup confirmed a computer breach at Citi Account Online, giving hackers access to the data of hundreds of thousands of bank card customers.”
New Questions as Sony Is Hacked Again– bits.blogs.nytimes.com –6/9/11 – “Senator Richard Blumenthal, Democrat of Connecticut, sent a letter to Sony Wednesday asking how hackers managed to breach a Sony Web site again.”
Paintball firm's suit vs. U.S. Bank goes splat– www.startribune.com – 6/9/11 – “A federal judge in Minneapolis shot down a lawsuit Thursday in which a small Arizona paintball supplies company alleged that U.S. Bank failed to protect countless online merchants from crooks who breached the bank's credit card database.”
CCB smashed counterfeit bank card syndicate – www.7thspace.com – 6/9/11 – “Police Commercial Crime Bureau (CCB) conducted an operation yesterday (June 8) and neutralised a syndicate engaged in the production and use of counterfeit bank cards. A 28-year-old male two-way permit holder from the Mainland was arrested.”
Credit card fraud in Suffolk becomes a national problem– www.wvec.com – 6/8/11 – “More than 100 people in Virginia and North Carolina have come forward, saying they’ve discovered unusual charges on their debit and credit cards after filling up at a Suffolk gas station.”
ATM Card 'Skimmer' Hits Banks Across NW– www.ktvz.com – 6/8/11 – “Police are hoping you can help catch a bank card thief who's been ripping off card numbers in Bend, as well as throughout Oregon and Washington.”
Banks Defeated in Senate Vote on Debit Card Fees– www.nytimes.com – 6/8/11 – “The Senate refused Wednesday to delay new rules that would sharply cut the fees that banks can charge retailers to process debit card transactions.”
Why Does Sony Keep Getting Hacked? – www.huffingtonpost.com –6/8/11 – “Since the April PlayStation Network breach that exposed over 100 million user accounts, Sony has been hacked more than 10 times. Sony Pictures, Sony Europe, Sony BMG Greece, Sony Thailand, Sony Music Japan, Sony Ericcson Canada, and others, have all been the target of attacks.”
Sony Pictures Notifies 37,500 Users About Data Hack– www.pcmag.com – 6/8/11 – “Sony Pictures said Wednesday that it has notified approximately 37,500 people whose information might have been compromised in a recent hack of its Web site.”
Second Suit Filed Against Michaels– www.bankinfosecurity.com – 6/8/11 – “A second federal suit has been filed against Texas-based crafts chain Michaels for a point-of-sale skimming attack that affected countless customer accounts. ”
Concealing a Data Breach Would Be a Crime Under Leahy Bill– www.bloomberg.com – 6/7/11 – “Companies would be required to disclose cyber attacks that jeopardize consumers’ personal information and concealing a data breach would be made a crime under Senate legislation aimed at enhancing privacy protections.”
Data Encryption On The Rise– www.baselinemag.com – 6/6/11 – “As data breaches continue to rise, U.S.-based companies are increasingly adopting encryption to secure their IT infrastructures, and their main reason is to comply with privacy and data protection regulations, a new study has found.”
Acer customer database breached, hackers say– www.out-law.com – 6/6/11 – “The names, addresses, phone numbers, email addresses and other information about Acer's customers were accessed by the Pakistan Cyber Army (PCA) from a server used by Acer Europe, The Hacker News website said.”
How Effective Are Mobile Security Policies?– blogs.bankinfosecurity.com – 6/6/11 – “A new report shows a major disconnect between mobile security policies and employee behavior at organizations.”
The Burden of Breach Notification– www.bankinfosecurity.com – 6/3/11 – “This week's revelations that Google's Gmail and Sony Pictures were both targeted by hackers highlights growing concerns about cybersecurity and the sophistication - and frequency - of attacks, as well as how to keep the public informed about such incidents.”
VeriFone Partners with Google and Leading Retailers to Power NFC-based Mobile Payments– www.verifone.com – 5/26/11 – “VeriFone Systems, Inc. (NYSE: PAY), the leading global payment solutions provider, announced today it is partnering with Google (NASDAQ: GOOG) and top retailers to deploy Google Wallet, an Android app that allows consumers to use virtual versions of their existing plastic cards stored on their phones. Consumers will simply tap their phones to VeriFone’s NFC-enabled payment systems at the point of sale (POS) to pay, take advantage of promotions and redeem coupons.”
Third Lawsuit Filed over Michaels Debit Card PIN Thefts, Fraud– www.myfoxchicago.com – 6/3/11 – “Chicago - Michaels Stores, Inc., was named in a third federal, class-action lawsuit Thursday after a security breach at craft stores in 20 states gave thieves access to thousands of customers' bank information.”
External attack responsible for fraudulent debit card postings – www.connectamarillo.com – 6/2/11 – “An external attack by organized criminals is being blamed for the fraudulent debit card postings at The People's Federal Credit Union this past weekend. According to a release, The People's Federal Credit union says authorities determined the postings were a result of computer-generated external attacks.”
Ph.D. student jailed in card scam – www.knoxnews.com – 6/2/11 – “Carlton A. Lewis was hardly the usual suspect: the son of a professor at a prestigious women's college and himself an honors student and aspiring doctoral candidate at the University of Georgia.”
UGA student charged in massive credit card scam (w/documents)– www.redandblack.com – 6/2/11 – “A University doctoral student has been accused of conspiring to steal debit and credit card information from restaurant diners across the Southeastern U.S. and use that information to net himself at least $145,000, according to court documents.”
Michael’s Fraudsters use new under-the-radar tactics– blogs.gartner.com – 6/1/11 – “The PIN Debit card skimming at Michaels Stores is causing havoc and lots of fraud at many U.S. banks. Already, class action suits against Michaels are being filed, although I don’t see much damage to U.S. consumers since they are likely to get their stolen funds back. The damage in this case accrues to the card issuing banks whose fraud detection systems weren’t tuned finely enough to stop the fraudulent transactions.”
Webinar: The True Story of One Restaurant Chain's Breach– www.omegasecure.com – 6/1/11 – “Attend this insightful webinar to learn how one Burger King franchise was breached at multiple locations. Hear her story of how the breach occurred, the financial penalties incurred, and the process she took to ensure she would never be breached again. Learn what you need to know in order to avoid this from happening at your business.”
Credit union members lose thousands– www.amarillo.com – 6/1/11 – “Dozens of members at The People's Federal Credit Union lost thousands of dollars in unauthorized transactions sparked by a network breach over Memorial Day weekend, police said Tuesday.”
Data breach notification laws: Timing right for breach notification bill, experts say– searchsecurity.techtarget.com – 6/1/11 – “New legislation proposed by the White House is attempting to blanket the United States with a standard set of data breach notification rules and experts say the time has never been better for the proposed data breach notification law (PDF).”
Webinar: Payment Security Practices – event.on24.com – 6/1/11 – “The negative impact of a security breach can degrade your company's image and revenues. While criminals become more and more savvy, trends continue to emerge with best practices being adopted to combat threats.”
$7,900 in Losses Linked to ATM Skimming Device – winnetka.patch.com – 6/1/11 – “Several unauthorized withdrawals were reported to Winnetka police in connection to a "skimming device" discovered on an automated teller machine (ATM) at a Harris Bank in Hubbard Woods, according to police reports.”

May 2011

Stemming the rising tide of card breach incidents: PCI compliance or chip-and-pin?– portalsandrails.frbatlanta.org – 5/31/11 – “Incidents of card data breaches continue to rise despite industry efforts to safeguard customer payment information in transactions with merchants. Arts and crafts retailer Michaels was the most recent target of a large data breach. The company announced on May 4 that several of its stores, including three in Atlanta, had been victimized by card-terminal tampering and that customer credit and debit card information might have been compromised. The tampering activity enabled card data skimming, a scheme used to clone cards to create new counterfeit cards or to make payments online illegally using the customer's stolen identity.”
West Covina police warn of card skimming devices at gas stations– www.sgvtribune.com – 5/31/11 – “Police are warning residents of a sophisticated new breed of virtually undetectable devices that can steal customers' bank account information from gas pumps. West Covina police Cpl. Rudy Lopez issued the alert following the discovery last month that card skimmers had been installed on three pumps at two different gas stations in the city.”
Countering cyber terrorism– www.scmagazineuk.com – 5/31/11 – “The cyber war is intensifying each year and cyber attacks and those behind them are in no mood to cease their efforts. Rather than burying your head in the sand and assuming this is a US problem because of disclosure laws, Rob Warmack, Tripwire's senior marketing director in EMEA argues that this is a global issue and looks at mitigation solutions.”
More Sony websites hacked– www.heraldsun.com.au – 5/24/11 – “SONY today said its websites in three countries had been hacked, including in Greece where 8500 user accounts had been compromised, adding it did not think credit card data had been stolen.”
Former BofA employee sentenced for using malware to steal cash from the bank's ATMs– www.atmmarketplace.com – 5/24/11 – “A U.S. District Court judge in North Carolina has sentenced a former Bank of America Corp. IT employee to 27 months in a federal prison after he pled guilty to installing malware on the bank's ATM network and stealing $284,750 from the machines in eight months.”
ATM ‘skimming device’ discovered again in Winnetka– www.triblocal.com – 5/23/11 – “For the second time in six months, a Winnetka bank branch ATM was outfitted with a device to steal customers’ personal information. Technicians working on the ATM at Harris Bank, 1070 Gage St., discovered a “skimming device” at 10:56 a.m. May 19, according to a Winnetka police report.”
EMVCo Publishes ‘A Guide to EMV’ as Adoption Continues to Increase – www.paymentsnews.com – 5/23/11 – “EMVco logo 140pxEMVCo has published a paper entitled ‘A Guide to EMV’ that provides "an overview of the EMV Specifications, processes and the role of the technology within the context of the wider payments industry. The publication, which can be downloaded from www.emvco.com, coincides with the release of EMVCo’s latest deployment figures which state that 40% of total payment cards and 71% of terminals in circulation globally are based on the EMV standard."”
The dilemma of measuring fraud in the U.S. payments system– portalsandrails.frbatlanta.org – 5/23/11 – “Growing up, I was fascinated with books about animals, particularly those focusing on totally unique and strange Australian animals. Kangaroos, wallabies, duck-billed platypuses, and spiny echidnas caught my fancy because they were unique, existing nowhere else on the planet. Perhaps one reason I am so fascinated with the U.S. payments system is that it is totally unique and replicated nowhere else in the world.”
Sony: PSN security breach cleanup to cost $171 million– www.techspot.com – 5/23/11 – “It's been a dire year for Sony with the combined disruption from the Japanese earthquake and the damage caused by the PSN hack. The company is due to release a financial report on Thursday, but on a preliminary financial update for its fiscal year 2010, which ended on March 31, Sony noted it now expects to post a $3.1 billion loss instead of the $857 million in profits forecasted back in February.”
Security is just as much a concern for alternative online payments– www.internetretailer.com – 5/19/11 – “E-retailers considering one of the newer alternate payment methods, such as online check and PIN-debit acceptance, need to consider what security measures they need to take to protect those transactions, observers say.”
Audit reports hit HHS on digital security– www.modernhealthcare.com – 5/17/11 – “Two new audit reports question HHS' commitment to digital security in health information technology. The reports, issued today by HHS' inspector general's office, target both the Office of the National Coordinator for Health Information Technology and the Office for Civil Rights for failing to adequately protect patients' electronic information.”
Man Gets 87 Months For Stealing Credit Card Numbers– www.northescambia.com – 5/14/11– “A New York man was sentenced to 87 months in federal prison for his role in a conspiracy to steal and use the credit and debit card information of more than 600 victims, many of them in Escambia County.”
Michaels Breach: Patterns Showed Fraud– www.bankinfosecurity.com – 5/13/11 – “Card issuers were quick to link incidents of debit and credit fraud to the Michaels retail chain, experts say - a sign that strong transaction monitoring and behavioral analytics are the best ways to curb growing card-fraud schemes.”
Calls for more US breach reporting– www.scmagazine.com.au – 5/13/11 – “Federal lawmakers want the Securities and Exchange Commission (SEC) to clarify guidance around the obligation to publicly disclose data breaches to shareholders.”
Average data breach costs Australian companies $128 for each record lost: Report – www.smartcompany.com.au/ – 5/13/11 – “New research from Symantec and the Ponemon Institute has found the average cost of each record of data lost in a security breach is about $128, up by 4% since 2009, with experts warning the result should prompt small businesses to start taking initiatives on digital security.”
Criminals intensify ATM skimming attacks – www.dw-world.de – 5/12/11 – “German banks lost 60 million euros ($86 million) to "skimming" attacks on automatic teller machines (ATMs) last year, according to a report published by the German Federal Criminal Police Office (BKA).”
Michaels Breach Bigger than Reported– www.bankinfosecurity.com – 5/12/11 – “The Michaels debit breach is much bigger than the company initially thought. Michael Stores initially reported that a scheme, in which point-of-sale pads customers use to key in their personal identification numbers, was isolated to Chicago, but on Tuesday the arts and crafts supplies retailer issued a statement that said nearly 90 stores in 20 states, stretching from Rhode Island to Washington, were affected.”
Durbin Regs Will Take Effect, Though Possibly a Little Late And with Caps ‘Modified’– www.digitaltransactions.net – 5/12/11 – “Like them or not, the Federal Reserve Board’s controversial debit card regulations to implement the so-called Durbin Amendment will take effect, though possibly a little late, according to Capitol Hill observers speaking at the Electronic Transactions Association’s annual conference Wednesday. In the meantime, a proposed 12-cent cap on debit interchange could be “modified” upward, a former Senator who lent his name to a massive financial-reform bill told the audience.”
Gas-station skimming draws charges– www.staradvertiser.com –5/12/11 – “A man accused of stealing $150,000 from 156 people in a credit-card skimming scheme will be arraigned today.”
Trial date set for man accused in credit card-skimming case– www.staradvertiser.com – 5/12/11 – “One of three men in an identity theft case involving credit card information "skimmed" from gas pumps is scheduled for trial the week of July 11.”
Visa's Mobile Payment Plan 'Most Comprehensive to Date'– www.cio.com – 5/12/11 – “Visa's plan to launch a digital wallet system in the U.S. and Canada this fall is by far the largest and most ambitious of any similar initiative announced by credit card processors, banks or wireless carriers.”
Obama Offers Breach Notification Bill– www.bankinfosecurity.com – 5/12/11 – “The Obama administration has proposed adoption of a federal data breach notification policy that would supersede the divergent laws now in effect in most states. The policy is a component of a comprehensive cybersecurity legislative agenda that the White House unveiled Wednesday.”
Michaels says debit card fraud more widespread than thought– www.chicagotribune.com – 5/11/11 – “Michaels Stores says the debit-card fraud stemming from tampered checkout line terminals at its stores is not isolated to the Chicago region, but is spread across 20 states.”
Sheriff: 'Tidal wave' of Tuolumne Co. ID thefts – www.news10.net – 5/11/11 – “The Tuolumne County Sheriff's Department is dealing with hundreds of cases of identity theft after bank card information was recently stolen.”
Debit fraud at Michaels now includes 20 states– www.chicagotribune.com – 5/11/11 – “Michaels Stores says the debit card fraud stemming from tampered checkout terminals is far more pervasive than initially thought, encompassing not just Illinois but 19 other states.”
Skimmers found, Police Say Check Machines Before Using – www2.wsav.com – 5/10/11 – “Sgt. Keith Edwards shows me some pictures of a skimmer device found Monday at a bank on the Islands. "This is the device that was placed right over the card reader," he tells me. He says that crooks are becoming more sophisticated and using devices that are basically molded to right right over the entire portion of the machine that reads the debit card. He shows me that a strip on the top of the skimmer held a mini-camera, apparently able to capture images of the debit card number and pin number.”
Battling 'Breach Fatigue'– www.bankinfosecurity.com – 5/10/11 – “How much is too much? At what point do people simply tune out news and warnings of data breaches? Over the past several weeks, we've seen a slew of online attacks and successful hacks against: RSA's SecurID multifactor authentication products; e-mail marketer Epsilon; Gaming giant Sony; Online password protector LastPass; And numerous U.S. commercial bank accounts hit by the wave of wire fraud incidents originating in China.”
Alternatives at the Point of Sale, via VeriFone– www.americanbanker.com - 5/10/11 – “A new point of sale terminal being introduced by VeriFone could make it as easy for merchants to accept alternative payments as it is to take Visa or MasterCard.”
Credit Card Phishing Site Found on Sony Servers– www.tomsguide.com – 5/21/11 – “Poor Sony hasn’t had an easy time as of late. Between PSN going down, discovering the information of 77 million users had been stolen, facing questions from Congress, and a new password exploit that could see customer’s accounts compromised, the company has certainly been busy fending off a storm of bad PR. Today the company was dealt another blow as it emerged that a credit card phishing scam is apparently running on one of the its servers.”
PCI Council Announces New Board Of Advisors– www.pcisecuritystandards.org – 5/20/11 – “The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), today announced the results of elections for the PCI SSC Board of Advisors, a cross-industry group chartered by the Council to ensure global stakeholder representation in the ongoing development of PCI Security Standards.”
Huge fraud in T passes alleged – articles.boston.com – 5/20/11 – “Authorities said yesterday that they had uncovered a massive scheme to print and sell thousands of unauthorized MBTA passes, the largest fare-evasion case in T history and one that has cost taxpayers millions of dollars over the past four years.”
Helena police warn against debit/credit-card "skimming" scam– www.kxlh.com – 5/19/11 – “Since April 1st, the Helena Police Department has investigated at least 30 cases of credit card charges that were not made by the cardholders.”
Helena police warn against debit/credit-card "skimming" scam– www.kxlh.com/ – 5/19/11 – “Since April 1st, the Helena Police Department has investigated at least 30 cases of credit card charges that were not made by the cardholders.”
Woman files federal lawsuit blaming Michaels for PIN thefts– www.wlsam.com/ – 5/19/11 – “A West Chicago woman filed a federal lawsuit on Wednesday alleging Michaels — the arts and crafts supply chain — should have protected customers from an ATM "skimming" scheme that affected 20 states.”
Hackers Steal Local Credit Card Info– www.ketv.com/ – 5/19/11 – “Sarpy County Sheriff’s deputies are investigating an identity theft case involving hackers who went after personal information using customers credit and debit cards.”
Debit Fraud and Interchange– www.bankinfosecurity.com – 5/19/11 – “A new proposal tied to a small business bill [S. 493] is raising some ruckus in Washington. Retailers are outraged; bankers are pleased.”
A Spike in Debit Card Fraud Is Putting the Country’s Largest Lender on the Defensive– russiaprofile.org/ – 5/19/11 – “Even as Russia’s commercial banks struggle to retain fickle customers, a recent increase in the incidence of debit card fraud is adding new dimensions to their onerous undertaking. Fraudsters attacked some Moscow branches of Russia's biggest lender Sberbank on Wednesday in a new wave of debit card scams, proving that most domestic banks are still very susceptible to fraud. Several debit-card carrying clients of the bank, most claiming to have been robbed of their life savings, formed lines at the Southwest branches of the bank on Wednesday in a desperate attempt to protect whatever is left of their deposits.”
Man sentenced for role in skimming credit card numbers at Portland service stations– www.tmcnet.com – 5/18/11 – “The scam was the perfect marriage between old-fashioned greed and newfangled technology. The crooks didn't need a gun, just a skimmer, a small device that scanned numbers off credit cards customers used when they bought gas at some Portland-area service stations.”
Credit card vulnerability still alive and well - AusCERT 2011– www.computerworld.com.au – 5/18/11 – “Global banks are yet to solve a vulnerability in the Europay, Mastercard and Visa (EMV) integrated circuit standard first rolled out in 2003, allowing hackers to place Trojan devices on point of sale hardware to harvest user and credit card information.”
Debit card fraudsters strike again– www.globalsaskatoon.com – 5/18/11 – “The latest debit card skimming scheme in Saskatoon this month is part of a wave of cases driven by travelling fraudsters targeting vulnerable businesses, swiping money from hundreds of victims at a time, police say.”
Banks and Merchants Reload for Fee Battle – online.wsj.com – 5/18/11 – “Banks and credit unions are using a recent debit-card scam at Michaels Stores Inc. as fresh ammunition in their fight against a federal proposal to reduce the amount they can charge merchants for processing such payments.”
PCI Compliance: Benefiting the Industry in Multiple Ways– www.csdecisions.com – 5/18/11 – “Just one month ago, Chase, the second-largest U.S. bank, plus a host of other well-known businesses, notified customers that their e-mail addresses had been compromised after a hacker penetrated the database of Epsilon, a vendor of e-mail marketing services.”
Credit Card Skimming Ring Busted In Portland– www.kptv.com – 5/18/11 – “It took just seconds for a Portland gas station attendant to steal the credit card number of a customer standing next to him.”
CyberSource Airline Online Fraud Report - 2011 Edition – www.paymentsnews.com – 5/18/11 – “CyberSource logo 140pxCyberSource has released survey findings that "show that while airlines are gaining in their war against fraud, much work remains to be done. Airlines reported a loss of about $1.4 billion USD to online payment fraud in 2010."”
German Federal Criminal Police Office Reports Surge in Skimming attacks – www.release-news.com – 5/17/11 – “Skimming is one of the techniques used by cybercriminals to defraud legitimate banking customers. Usually, cybercriminals install skimming devices on card slot to extract card information. They record personal identification numbers (PIN) of individuals through hidden pin-hole cameras, and inserting cameras in smoke detectors, or ceilings above an ATM. Cybercriminals may also place fake typing pad on the original keypad of the ATM to log key strokes of customers. Attackers may misuse the extracted information to make counterfeit cards and withdraw funds from customer bank accounts.”
Debit cards skimmed while paying at Murphy pump– www.wylienews.com – 5/17/11 – “Because of recent debit card fraud in the area, police in Murphy and Wylie are warning citizens to exercise caution when paying at the pump for gas. In a report from the Wylie City Manager Mindy Manson’s office, Wylie Police officials said, “There have been some debit card frauds that occurred over the past couple of weeks ... the common link that was discovered was a credit card skimming device located on a gas pump at a gas station in Murphy.””
Debit card fraudsters strike again– www.thestarphoenix.com – 5/17/11 – “The latest debit card skimming scheme in Saskatoon this month is part of a wave of cases driven by travelling fraudsters targeting vulnerable businesses, swiping money from hundreds of victims at a time, police say.”
Breach Notification Proposal Lacks Teeth– www.bankinfosecurity.com – 5/17/11 – “The Obama administration's plan for a federal data breach notification policy is too vague to be effective, and it lacks teeth to penalize violators, critics say.”
Secure ID Coalition: Smart Cards Can Save the U.S. $370 Billion in Medicare Fraud– election-2008.tmcnet.com – 5/16/11 – “A smart card-based Medicare identity card could save the United States $370 billion over 10 years, according to Kelli Emerick, executive director of the Secure ID Coalition.”
Bank Lobbyist: High Debit Interchange Needed To Pay For Retail Security Breaches– storefrontbacktalk.com – 5/16/11 – “What’s the real price of a security breach? Customers aren’t usually driven away when a retailer loses payment card data, and the financial costs are usually painful but not crippling. But if one Beltway lobbyist gets its way, the price of security failure will be higher interchange fees for debit cards—not just for breach victims, but all retailers. The Center for Regulatory Effectiveness asked the Federal Reserve Board last Friday (May 13) to raise interchange rates, which were pushed down by last year’s Dodd-Frank Act. The argument: Retail security breaches cause unreimbursed costs for card-issuing banks, and banks need high interchange rates to pay those costs.”
Hackers Steal Local Women's Credit Info From Online Wedding Dress Shop– www.wpxi.com – 5/16/11 – “A Washington County woman said she was slammed with more than $3,000 in unauthorized charges after shopping at an online wedding dress retailer.”
Hackers may have used Amazon server for Sony PSN breach– www.digitaltrends.com – 5/14/11 – “Hackers responsible for the massive security breach of Sony’s PlayStation Network that left as much as 100 million users at risk of identity theft used an Amazon-run server to launch the attack, according to “a person with knowledge of the matter,” reports Bloomberg.”
White House Seeks National Data-Breach Notification Law– www.informationweek.com – 5/13/11 – “The Obama administration wants to standardize how U.S. businesses notify people in the event of a data breach that inadvertently exposes sensitive personally identifiable information.”
Michaels Breach: Patterns Showed Fraud– www.bankinfosecurity.com – 5/13/11 – “Card issuers were quick to link incidents of debit and credit fraud to the Michaels retail chain, experts say - a sign that strong transaction monitoring and behavioral analytics are the best ways to curb growing card-fraud schemes.”
Economic Analysis of Claims in Support of the “Durbin Amendment” to regulate Debit Card Interchange Fees – www.pymnts.com – 5/12/11 – “Section 1075 of the 2010 Dodd-Frank Act requires the Federal Reserve Board to regulate the debit card industry including the interchange fee banks and credit unions receive from merchants. This paper reviews the arguments in support of this regulation put forward by Senator Durbin, who proposed the amendment that led to Section 1075, large retailers, and merchant trade associations.”
Obama Offers Breach Notification Bill– www.bankinfosecurity.com – 5/12/11 – “The Obama administration has proposed adoption of a federal data breach notification policy that would supersede the divergent laws now in effect in most states. The policy is a component of a comprehensive cybersecurity legislative agenda that the White House unveiled Wednesday.”
VeriFone VeriShield Total Protect Merchant Overview– www.verifone.com – 5/10/11 – “VeriFone has published the attached VeriShield Total Protect Merchant Overview to provide potential customers with more information about VeriFone’s cardholder data protection solution that includes end-to-end encryption and tokenization.”
Webcast: Cybercrime Reborn: Not for the Faint of Heart– www.ras.com – 5/11/11 – “The cybercrime battlefield is changing. Employees, not networks, are now in the front. State-of-the-art trojans, stealthy infection and social engineering plague every Fortune 500 company. What do cybercriminals steal? How do they monetize it? Is it time for a new defense doctrine? In this talk, the RSA Cybercrime Lab will share new research, insights, and nerve-wracking evidence of data already in the wrong hands.”
Is First Data’s TransArmor the Ultimate Weapon in the Fight Against Fraud?– www.pymnts.com – 5/10/11 – “With consumer awareness rising and payments taking on new forms, merchants are searching for a reliable security solution. First Data's TransArmor solution, with over 100,000 merchants on board, has the simplicity, security and satisfaction merchants seek in the ever-changing payments landscape.”
36,000 Credit Card Numbers Stolen In Skimmer Scheme– www.wftv.com – 5/9/11 – “There are 36,000 victims, in a major credit card skimming operation, and Orange County detectives said they arrested 13 people. The suspects were using the cards as well, detectives said.”
3 Tips to Foil POS Attacks– www.bankinfosecurity.com – 5/9/11 – “A select group of Chicago residents reported thefts from their bank accounts after debit cards were allegedly copied during recent transactions at area Michaels craft stores.”
Chelsea State Bank, FBI investigating 'widespread' fraud attack on debit card accounts– www.annarbor.com – 5/9/11 – “Chelsea State Bank is investigating a suspected incident of debit card fraud that caused bank officials to temporarily shut down the accounts of about 5,000 customers over the weekend.”
Man accused of skimming credit cards at gas stations to be held at OCCC– www.hawaiinewsnow.com – 5/9/11 – “A man suspected of skimming credit and debit card numbers at gas stations in the Waikiki area was to be transferred to the custody of the Oahu Community Correctional Center Monday.”
Police: Man Uses Skimming Device To Steal Money– www.turnto23.com – 5/9/11 – “The Bakersfield Police Department is asking for the community’s assistance in identifying a man accused of credit card fraud.”
Report: Virginia Beach investigates ATM "skimming" case– www.dailypress.com – 5/8/11 – “PilotOnline.com is reporting that Virginia Beach police are looking for a suspect in a suspected ATM skimming case. The report says that information from more than 40 debit cards was collected at an ATM in the Landstown Commons shopping center.”
Petrol fuels arrests in credit card scam– www.sundaytimes.lk – 5/8/11 – “Four persons have been arrested in connection with a credit card scam where credit card data was secretly recorded using a mini-skimmer – an electronic reader, and later used to produce counterfeit credit cards.”
Virginia Beach police search for suspect in debit card fraud scheme– www.dailypress.com – 5/6/11 – “Virginia Beach police are searching for a suspect in a debit card fraud scheme. Between April 15 and April 17 a skimming device was placed on a stand- alone ATM machine located at the Landstown Commons retail center in the 3300 block of Princess Anne Road, according to police.”
ATM Skimming Threats Evolve– www.bankinfosecurity.com – 5/5/11 – “A federal court in Newark, N.J., last week convicted a Bulgarian man for his role in a cross-border, $278,144 ATM fraud scheme that led to the compromise of nearly 350 bank accounts.”
Florida passes stolen card law – www.debtmerica.com – 5/5/11 – “In an effort to reduce debt resulting from fraud, one wing of the Florida legislature recently approved a bill that will increase the penalty for using a stolen account.”
Sony Hit With $1B Suit Over Data Breach – www.ibtimes.com – 5/5/11 – “Sony has been hit with a class action suit in Canada, seeking 1 billion Canadian dollars ($1.04 billion) in damages, in the wake of the security breaches of the PlayStation Network and Sony Online Entertainment.”
Craft stores may be tied to ID thefts– abclocal.go.com – 5/5/11 – “Authorities in three area counties are warning shoppers about identity theft. Victims reported problems after using a debit or credit card at some Michael's craft stores.”
Victims' accounts 'plundered' in Michaels data breach in Chicago– www.chicagotribune.com – 5/5/11 – “Arts-and-crafts retailer Michaels Stores Inc. said Thursday that some customer debit and credit card information has been compromised by PIN pad tampering in its Chicago-area stores.”
Privacy czar seeks ‘significant’ fines for data thefts– www.thestar.com – 5/4/11 – “Two weeks after a massive cyber attack on Sony Corp.’s PlayStation Network, Canada’s Privacy Commissioner has called for hefty fines against corporations that fail to protect consumers’ personal data from “preventable breaches.””
Data Breaches: 3 Lessons for Leaders– www.bankinfosecurity.com – 5/4/11 – “In March, RSA, a trusted name in the security industry, suffered a major security breach of its SecurID product, proving that no organization is immune to such incidents.”
Hillsborough deputies seek man accused of stealing credit card information– www.tampabay.com – 5/4/11 – “Hillsborough sheriff's deputies are looking for a man accused of stealing credit card information from ATMs, a crime that has been reported daily in the area.”
Probe looks into dozens of reports of ID theft– abclocal.go.com – 5/4/11 – “Authorities in Cook, DuPage and Lake counties are investigating dozens of reports of identity theft. Victims from several suburbs, including Bloomingdale, West Chicago, Naperville, Bolingbrook and Park Ridge, reported problems after using a debit or credit card at Michaels, an arts and crafts chain store.”
Securing Payments on Healthcare Kiosks– vsr.edgl.com – 5/3/11 – “Changes in healthcare funding mean it’s more important than ever for doctors and hospitals to capture payment at the time of service. Patient kiosks are becoming an important tool to streamline healthcare processes including collecting payment. Partnering with a payment systems expert is a best practice for safely and securely integrating payment into patient kiosks.”
White House Cyber-Security Strategy Could Guard Health Care Payments– www.eweek.com – 5/3/11 – “Recent guidelines issued by the White House on cyber-security could provide an impetus for secure online bill paying in health care, according to health care industry experts.”
Senator Durbin Studies Canada’s Credit Card System – www.nacsonline.com – 5/3/11 – “As U.S. lawmakers continue their battle over interchange fees, Senator Richard Durbin has begun arguing that the United States should copy the Canadian system, where interchange fees on debit card transactions are zero, the Financial Post reports.”
PCI And EMV Cards: The Urban Myth That Won’t Die– www.storefrontbacktalk.com – 5/3/11 – “The recent comments by leading retailers that want U.S. card issuers to move to the EMV standard for card authentication are missing the point. EMV cannot, does not and will not make PCI go away, regardless of recent moves by Visa Europe, pens PCI Columnist Walt Conway.”
Police arrest one, seek another in ATM card-skimming scheme– www.boston.com – 5/3/11 – “Police arrested one man and are looking for another who allegedly installed a card-skimming device on an automatic teller machine at a Cambridge bank Saturday in an effort to illegally capture personal information from debit and credit cards.”
'Skimmer' Device Found On ATM – www.thebostonchannel.com – 5/3/11 – “One man has been arrested and another is being sought in connection with an ATM skimmer scheme in Cambridge, police said.”
After Data Breach, Sony Considering Reimbursing Card-Reissuing Costs– www.americanbanker.com – 5/3/11 – “Sony said it would consider reimbursing FIs for the costs associated with reissuing credit cards that might have been compromised in last month's breach of its PlayStation Network.”
POS Skimming Scam Stopped– www.bankinfosecurity.com – 5/2/11 – “Waterloo, Canada, Regional Police have arrested two Toronto men for the role they played in a card-skimming scam that bypasses the Europay, MasterCard, Visa chip-based security standard.”
A Contrite Sony Vows Tighter Security – online.wsj.com – 5/1/11 – “Sony Corp. apologized Sunday for a security breach at its online videogame service, and said it couldn't rule out the possibility that credit-card information from 10 million customers might have been compromised.”
Fighting Fraud: Stop Social Engineers in Their Tracks– www.bankinfosecurity.com – 5/1/11 – “Social engineering is the ultimate con - the bag of tricks employed by fraudsters who will lie, cheat and steal their way past your organization's security controls. Their goals: theft, fraud or espionage. Your best line of defense: Your people."

April 2011

PSN: Credit card details up for sale– www.train2game.com – 4/29/11 – “The ongoing PSN saga has taken a dramatic turn for the worse with evidence that hackers responsible for the PSN breach last week are attempting to sell users’ credit card details online.”
Tax Fraud Hits Florida– www.bankinfosecurity.com – 4/28/11 – “How did fraudsters hijack the identities of scores of South Florida residents for the filing of fraudulent tax returns? No one knows the answer to this troubling question, but so far more than 70 South Florida victims have been affected. Among the known cases are two public works employees in Fort Lauderdale and six employees of the Miami Association of Realtors.”
Visa: Payment card industry needs to work smarter, not harder, to increase security– www.infosecurity-us.com – 4/27/11 – “The Fourth Visa Global Security Summit kicked off today at the Renaissance Hotel in Washington DC with an opening keynote from Ellen Richey, chief enterprise risk officer with Visa. Richey commended the industry’s efforts to reduce electronic payment fraud, but warned that those in the industry must adopt more agile, “smarter” technologies and risk assessments to keep pace with evolving cybercriminals.”
Who's to Secure Cloud: Vendor or User?– www.bankinfosecurity.com – 4/28/11 – “Security is a primary reason many organizations pause when considering a move to cloud computing. Yet, if a new survey conducted by Ponemon Institute for enterprise software vendor CA reflects reality, most cloud computing providers don't see securing customer data as their primary responsibility. Most cloud providers see reducing costs and faster development as their main benefits to customers.”
Debit card breach– www.beartoothnbc.com –4/28/11 – “An information breach through a national processing center has several banks and credit unions around Helena cancelling debit cards to protect their customers.”
FBI fingers China over online bank fraud– www.scmagazine.com.au – 4/28/11 – “The alleged attacks saw funds transferred from the accounts of small businesses to unknown recipients in China. The criminals tried to send $US20 million ($A18.32 million) - of which the FBI knows - to accounts near the Chinese-Russian border, with some $11 million of the funds making it through the stop-checks in the international banking system.”
Namibia: FNB Slashes Card Limits Due to Fraud– allafrica.com – 4/28/11 – “Increasing card fraud has forced FNB Namibia to slash the daily international purchase limit on clients' debit cards.”
Visa Challenges Industries To Use More Intelligent Solutions To Combat Fraud, Stay Ahead Of Criminals– www.dailymarkets.com – 4/27/11 – “Visa Inc. opened its fourth Global Security Summit today with a keynote address by chief enterprise risk officer Ellen Richey, in which she applauded the collective progress in making electronic payments more secure from criminals.”
Visa Releases Mobile Acceptance Best Practices– www.paymentsnews.com – 4/27/11 – “Visa logo 140pxVisa has announced the release a set of mobile acceptance best practices for merchants, software developers and device manufacturers who are using consumer mobile devices, such as smartphones and tablet computing platforms to facilitate the acceptance of card payments.”
Target, Wal-Mart On EMV: The Metric System Of Payment– storefrontbacktalk.com – 4/27/11 – “EMV may become the metric system of payment, a process that almost everyone in the world adopts, with the U.S. stubbornly refusing. In a panel discussion on Wednesday (April 27), Target and Wal-Mart agreed that EMV Chip-and-PIN is an extremely desirable way to go. But hardly anyone has a concrete plan for making it happen in the U.S.—in a meaningful way—anytime soon. Still, both chains were certain of one thing: If magstripes could magically be made to go away tomorrow, the retail world would be a happier place.”
Square Reverses Course, Now Embraces Encryption – storefrontbacktalk.com – 4/27/11 – “Square, the well-funded startup that found itself on the winning end of a pissing context with VeriFone last month, because it refused to encrypt mobile payment transactions, has now reversed course and embraced such encryption. It switched course on Wednesday (April 27), which by remarkable coincidence is the same day it announced that encryption aficionado Visa had made an unspecified investment in Square.”
Mobile Payments Lack Security: Fact or Fiction?– www.pymnts.com – 4/25/11 – “Have you heard the latest rumors about mobile payments running rampant amongst consumers? In a recent blog post on the Federal Reserve Bank of Atlanta site, Cindy Merritt asserted that there are three common misconceptions about mobile payments.”
Latest interchange increases - waving a red flag? – www.greensheet.com – 4/25/11 – “MasterCard Worldwide recently released its spring 2011 changes to interchange rates and assessments. Included among them is an increase in the interchange rate for a widely used rewards card called the World Merit III, which for some retail merchants constitutes a large portion of their credit card volume, according to Phil Hinke, Founder of MLS Advocate LLC.”
40 debit, credit card abuse cases confirmed by sheriff– www.ledger-dispatch.com – 4/21/11 – “A press release issued by the Amador County Sheriff's Office last week confirmed a rash of complaints regarding the fraudulent use of at least two debit/credit cards in Martell.”
Data Breaches: Inside the 2011 Verizon Report – www.bankinfosecurity.com – 4/19/11 – “The latest Verizon Data Breach Investigations Report is out, and the good news is: The number of compromised records is down. The troubling news is: The number of breaches is up. Bryan Sartin, one of the report authors, explains why. In an exclusive interview offering color commentary on Verizon's 2011 report, Sartin discusses: Why fraudsters are targeting smaller targets; Breach trends globally; How organizations can protect themselves and their customers.”
Three foreign nationals arrested for bank card skimming– www.thenewage.co.za – 4/20/11 – “Port Elizabeth police have expressed concern at the increase of the number cases of card-skimming in the city and surrounding areas. The suspects were using “extremely sophisticated” hi-tech equipment to clone bank cards at ATMs, police said.”
Cyber Crime Now An Industry– blogs.wsj.com – 4/19/11 – “Another day, another conference on cyber-security, another report. The latest two were: the Symantec Cyber Security Cabinet, held yesterday rather melodramatically in the Churchill War Rooms underneath the heart of London’s government center; and published today Verizon’s 2011 Data Breach Investigations Report.”
Data thieves target smaller prey– www.securecomputing.net.au – 4/19/11 – “Recent high-profile arrests of cybercrime “kingpins” may have prompted data thieves to aim for smaller hauls of tens of thousands – instead of millions – of records at a time.”
New Study Finds PCI DSS Compliant Companies Suffer Fewer Data Breaches– www.prnewswire.com – 4/19/11 – “Imperva, the leader in data security, and the Ponemon Institute announced today the results of their second study on the impact of the Payment Card Industry's (PCI) Data Security Standards (DSS). The 2011 PCI DSS Compliance Trends Study surveyed 670 US and multinational IT security practitioners on how efforts to comply with PCI-DSS affect an organization's data protection and security. This year's report shows that while the majority of PCI compliant organizations suffer fewer or no breaches, most practitioners still do not perceive PCI-DSS to have a positive impact on data security.”
The Verdict: White House National ID Security Strategy– www.pymnts.com – 4/18/11 – “On April 15, the White House announced the National Strategy for Trusted Identities in Cyberspace (NSTIC) – a long-awaited framework for enhancing online security, while in theory, maintaining privacy, efficiency and consumer choice. The NSTIC paper outlines a public/private sector cooperative effort to develop and implement an Identity Ecosystem. The proposed strategy promises to address the often competing challenges of maintaining a secure environment – balancing security, privacy, consumer convenience and accessibility and cost.”
Man gets bail again on 52 fraud charges – thechronicleherald.ca – 4/16/11 – “A young man from Montreal allegedly involved in a debit card-skimming ring that hit the Dartmouth area three years ago has been granted bail a second time. Khudretullah Habib, 21, was arrested in Montreal recently on a Canada-wide warrant and brought back to Nova Scotia to face 52 fraud-related charges.”
Credit card skim scams net $170 million– www.dailytelegraph.com.au – 4/15/11 – “CREDIT and debit card fraud has tripled in just three years, with Australian consumers ripped off more than 657,000 times last year at a cost of $170 million. The multi-million-dollar profits have attracted organised crime, with Australia recently targeted by crime groups from Romania, Southeast Asia and Sri Lanka. These gangs are involved in large-scale card skimming, the Australian Crime Commission revealed in a report released today.”
Former CIO urges enterprises towards PCI compliance– www.cio.com.au – 4/14/11 – “Australian banks may have been working through their own Payment Card Industry Data Security Standard (PCI DSS) compliance issues, but that won’t stop them from fining business merchants from failing to meet the terms of the security initiative, according to an industry specialist.”
Mobile payments: Who will regulate?– www.politico.com – 4/14/11 – “As more Americans learn how to shop with their cellphones, Washington is trying to figure out who should answer the call to regulate this new form of commerce. A variety of competing business sectors — from telecoms to financial institutions to Internet companies — are launching pilots of new technology they hope will replace consumer reliance on credit cards with the wave or tap of a mobile phone.”
3 arrested for 'cloned credit cards' at Meijer – plainfield.wzzm13.com – 4/13/11 – “Kent County authorities have arrested 3 people for using cloned credit cards at area stores. Investigators say on April 11th three suspects used the credit cards at the Plainfield Avenue Meijer store. Loss prevention quickly realized what happened and called authorities with a vehicle description. Kent County Sheriff's Deputy Deanna Lude located the car at Big Lots parking lot on Plainfield Avenue and caught the three suspects. ”
Aussie data breaches doubled in 2011– www.zdnet.com.au – 4/13/11 – “Some of the worst breaches have cost businesses many hundreds of thousands of dollars, and involved significant loss of credit card information and customer information.”
M-payments much more secure than bank cards - Atlanta Fed blog explodes security myth– www.finextra.com – 4/12/11 – “The post - penned by Cindy Merritt, assistant director of the Fed's Retail Payments Risk Forum - notes that security functionalities resident in the mobile handset provide authentication capabilities that don't exist in the current payments environment.”
French "hacker" arrested after flaunting it on TV– www.tgdaily.com – 4/13/11 – “A French "hacker" and alleged Anonymous member has been arrested after flaunting his purported skills on national television. "Carl" - who appeared on "Complément D'Enquête" - supposedly demonstrated his ability to breach networks operated by both the French Army and Thales Group.”
Bill Aims to Safeguard Personal Information– www.bankinfosecurity.com – 4/12/11 – “Two veteran senators - John Kerry, D-Mass., and John McCain, R-Ariz. - introduced Tuesday legislation that would balance individual privacy rights while allowing businesses to collect consumer information that could be used to market products and services. The sponsors contend the legislation would protect people from unscrupulous actors by creating a set of basic rights to which all Americans are entitled.”
Epsilon breach used four-month-old attack– www.securecomputing.net.au – 4/7/11 – “A data breach exposing the customer details of the likes of Citigroup, Hilton Hotels and Dell Australia was part of a series of socially-engineered attacks first reported by an Epsilon technology partner some four months ago, iTnews can reveal.”
Comment: Public cloud is only a matter of trust– www.securecomputing.net.au/ – 4/7/11 – “Enterprises are being asked to rent highly commodised, public cloud services on the basis of trust, according to a report by Truman Hoyle released yesterday.”
Gas Station Worker Accused of Skimming Credit Cards– www.myfoxny.com – 4/6/11 – “Suffolk County police have arrested a gas station attendant who is accused of skimming customer credit cards. Dany Diaz, 20, worked a night shift at a gas station on Route 112 in Medford. Police say he used a skimming device to collect debit and credit card numbers from people who were buying gas. Police say he also used a laptop computer that was connected to a camera to capture images of customers swiping their cards and entering their PIN into the machine.”
Ex-Gucci techie fingered for VPN raids– www.securecomputing.net.au – 4/6/11 – “A former Gucci network engineer has been accused of executing devastating attacks on the fashion retailer’s IT infrastructure after being fired. ”
Security breach: Some who did business with Litchfield at risk – www.nashuatelegraph.com – 4/6/11 – “Nearly 10 people who conducted business with Town Hall had their financial information breached. The third-party vendor that handles credit card processing had a security breach and has since notified customers who were affected, according to town administrator Jason Hoch. The vendor reversed any inaccurate charges, he said.”
Epsilon Breach May Finally Force Data Handling Rule Changes—And It’s Only About Five Years Late – storefrontbacktalk.com/ – 4/6/11 – “The massive Epsilon E-mail data breach—which has sent to cyberthieves E-mail addresses from the files of Target, Best Buy, Kroger, Walgreens, Home Depot Credit Card, HSN, Marks and Spencer, New York & Co., Brookstone, Eddie Bauer, Ethan Allen, Fry’s Electronics and countless other retailers—may be what finally pushes chains to insist that PCI-like rules be applied to all corporate information and not merely payment data.”
Restaurant Data Breach Probe Filing: Card Data In Plain Text, Default Passwords And Wide Open Wireless Access– storefrontbacktalk.com – 4/6/11 – “A Massachusetts restaurant chain, which was just fined $110,000 by that state’s attorney general as a result of a substantial data breach, is a textbook example of how not to handle payment security. Court filings from the case paint a classic picture: unchanged default passwords, wide open wireless access, full card data stored in plain text and an impressive lack of concern about the breach, with restaurants continuing to accept payment cards after the chain knew of the breach and malware that had not yet been deactivated.”
Heartland Breach Still Generating New Compromised Accounts– storefrontbacktalk.com – 4/6/11 – “Old breaches never die, they just—well, they never die. A small bank in Illinois on April 1 announced that some customers’ payment card information had been compromised at card processor Heartland Payment Systems. Yes, that Heartland. And yes, that breach—the one in 2008. “MasterCard and Visa, along with the FBI and Secret Service, have been investigating the incident for several years, and although the security breach is reported to have occurred between May 2008 and November 2008, the compromised information is only now being used to conduct fraudulent transactions,” Freestar Bank President Scott Bauknecht told a local newspaper.”
Gucci Admin Gets Fired, Then Gets Even. Really Even– storefrontbacktalk.com – 4/6/11 – “Hell hath no fury like a coder scorned. A Gucci network engineer, who was fired for what prosecutors said was “abusing his employee discount,” was indicted Monday (April 4) and accused of striking back at Gucci. He allegedly deleted several virtual servers, shut down a storage area network (SAN) and deleted corporate mailboxes. But the methods 34-year-old Sam Chihlung Yin used to eke out his revenge are even more interesting: He created a non-existent employee (prior to his being fired) and then issued the vapor worker a VPN token. The government says he then “tricked” IT staff into activating it.”
Epsilon Breach: How to Respond– www.bankinfosecurity.com – 4/5/11 – “Experts say banks and retailers are doing all they can to control consumer concerns in the aftermath of the Epsilon e-mail breach. [See, Epsilon Breach: Risks and Lessons.] Communicating with customers about the incident and warning them not to click links in phishing e-mails are all these impacted institutions and companies really can do, says Jeremiah Grossman, chief technology officer of WhiteHat Security.”
Judge Rejects Injunction in SD Debit Fee Lawsuit– abcnews.go.com – 4/5/11 – “A federal judge in South Dakota declined Monday to issue a preliminary injunction against the Federal Reserve and agreed to consider the agency's request to dismiss a lawsuit that challenges the constitutionality of regulations limiting the fees a bank can charge retailers for debit card transactions.”
Credit unions hit back on fraud – www.azstarnet.com – 4/12/11 – “Tucson financial institutions are fighting fraudsters by blocking card transactions that originate in California. The measure, in which several local credit unions confirmed they're participating or have participated, is in response to reports of skimming devices at gas pumps, which record information from cards, including personal identification numbers.”
Comptroller Acknowledges Huge Security Breach – www.publicbroadcasting.net – 4/11/11 – “In the largest security breach in state history, the Texas Comptroller's office says it mistakenly left some 3.5 million personal files on a publicly accessible computer file. KERA's Bill Zeeble reports current and retired state employees are most at risk.”
PCI SSC dials up call center compliance – www.greensheet.com – 4/11/11 – “To mitigate the increasing levels of fraud directed at MO/TO operations, the governing authority of the Payment Card Industry (PCI) Data Security Standard (DSS) issued an educational resource that details tactics and best practices for securely processing payment card transactions over the telephone. The new supplement outlines what card data call centers need to protect and how to do it.”
Government-owned credit cards compromised in contractor breach– www.net-security.org – 4/11/11 – “Numbers and expiry dates of over 600 credit cards belonging to government and law enforcement employees have been stolen and exposed after an attack aimed at an Australian telecommunications company.”
Haldimand man facing 138 credit card fraud charges – www.thespec.com – 4/11/11 – “22-year-old man is facing nearly 140 charges after a credit card fraud at a New Credit First Nation gas station in Hagersville. Police say between Dec. 16 and Dec. 28, a credit card fraud was discovered at the New Credit Variety and Gas Bar.”
Fraudsters Take No Prisoners But Retail Decisions Can Strengthen Your Strategy for Prevention– www.pymnts.com – 4/11/11 – “Fraudsters take no prisoners when it comes to breaching security and fraud prevention should be a top priority for every business. Carl Clump, CEO of Retail Decisions, sits down with PYMNTS.com to share his wealth of knowledge and experience in strengthening fraud prevention strategies.”
Contactless Payments Security Questions & Answers– www.smartcardalliance.org – 4/11/11 – “Recent media reports have raised questions about the security of contactless payment transactions and the risk of fraud to consumers. This document was developed by the Smart Card Alliance to address questions about contactless payment security. The questions and answers below apply only to contactless payment using contactless smart card technology, as implemented by American Express, Discover, MasterCard, STAR and Visa.”
Analysis: Alliance Data may face high Epsilon breach costs– www.baltimoresun.com – 4/11/11 – “Alliance Data Systems Corp could face costs and lost sales of $100 million or more as it tries to recover after hackers stole reams of names and email addresses from its Epsilon marketing unit.”
Chip and PIN is Broken According to New Research– www.pymnts.com – 4/11/11 – “Is chip and PIN definitely broken? That's the question posed in a recent report from researchers at Inverse Path and Aperturelabs. One of the report's authors, Andrea Barisani, spoke with PYMNTS.com about the vulnerabilities of EMV and his ideas for a stronger security standard for the payments sector.”
Fallsview Casino Targeted By Debit Card Skimming Team– www.newswire.ca – 4/8/11 – “On Thursday April 7, 2011, during the early afternoon hours, the Fallsview Casino was targeted by a group of credit and debit card fraudsters. In a two hour period, 7 males visited numerous ATM machines within the casino and obtained significant quantities of cash from hundreds of compromised bank accounts.”
TJX hacker appeals his sentence, claims US government sanctioned his crimes– www.net-security.org – 4/8/11 – “Albert Gonzales has become a well-known name in information security circles when he was charged of having organized a gang of cyber thieves that managed to steal over 130 million debit and credit card numbers form TJX, Heartland Payment Systems, 7-Eleven and various other retailers.”
The Hartford Data Breach Letters Surface– www.insurancenetworking.com – 4/7/11 – “In letters to employees and New Hampshire Office of the Attorney General, insurer says the virus that infected its Windows server environment targets personal information related to transactions conducted online.”
Heartland Breach: Legal Update– www.bankinfosecurity.com – 4/6/11 – “A U.S. District Court in Texas has granted motions made by Heartland Bank and KeyBank to dismiss civil actions brought against them for their involvement in the 2009 Heartland Payments Systems breach.”
Gas Station Worker Accused of Skimming Credit Cards– www.myfoxny.com – 4/6/11 – “Suffolk County police have arrested a gas station attendant who is accused of skimming customer credit cards.”
Security breach: Some who did business with Litchfield at risk – www.nashuatelegraph.com – 4/6/11 – “Nearly 10 people who conducted business with Town Hall had their financial information breached. The third-party vendor that handles credit card processing had a security breach and has since notified customers who were affected, according to town administrator Jason Hoch. The vendor reversed any inaccurate charges, he said.”
2010 Federal Reserve Payments Study – www.paymentsnews.com – 4/5/11 – “The Federal Reserve has publicly released the 2010 Federal Reserve Payments Study that reveals "in greater detail increasing adoption of electronic alternatives for payments in the United States by consumers, businesses and governments. The study examined payments made between 2006 and 2009."”
Thought Your Financial Info Was Safe In Restaurants? Think Again – www.walletpop.com – 4/5/11 – “Customers who hand over credit cards to bartenders and wait staff deserve better protection than they got from a large restaurant chain, say state attorneys who recently won a six-figure settlement for a restaurant group's data-security failures.”
Identity theft plagues Kanawha Valley – www.dailymail.com – 4/5/11 – “Federal officials are investigating an identity theft scheme that has been draining the bank accounts of Kanawha Valley residents in recent weeks.”
U.S. Secret Service: Skimming operations cost little – www.opisnet.com – 4/4/11 – “The Secret Service has been staging informational sessions for various refiner brands to try to educate marketers on the prevalence of skimming at U.S. stations, Shell being one of them. According to one presentation obtained by Oil Express, the tools needed to organize a skimming operation can be purchased for what is a relatively small investment, given the potential return.”
Shell issues emergency pump fraud alert for Texas – www.opisnet.com – 4/4/11 – “Shell flashed an emergency fraud alert to jobbers in key Texas markets mid-week after a warning from the U.S. Secret Service that “Armenian gangs” are placing skimming devices in pumps at Shell and other, competing-brand stations, Oil Express learns.”
US data breach exposes Citigroup, Walgreen customers – www.economictimes.indiatimes.com – 4/4/11 – “The e-mails and names of customers of Citigroup Inc, Walgreen and other large US companies were exposed in a massive and growing data breach, after a computer hacker penetrated online marketer Epsilon.”
New cyber attack compromises hundreds of thousands of websites – www.securecomputing.net.au – 4/4/11 – “Hundreds of thousands of websites have been compromised by a massive cyber attack dubbed LizaMoon. The criminals behind the scheme inserted an external link onto various legitimate websites using an SQL injection attack.”
The First Data TransArmor Solution: Tokenization Unlocks New Revenue – www.pymnts.com – 4/4/11 – “Tokenization is more than a security measure and more than a cost savings technique. It can be used to build your business. In this white paper we'll discuss the ways tokens can be used in back-end business operations to develop powerful marketing programs.”
Bank Of America Breach? – www.cbsatlanta.com – 4/4/11 – “CBS Atlanta News has learned that account information from certain Bank of America debit cards may have been compromised at an undisclosed third party location.”
Company that services L.L. Bean Visa reports privacy breach – www.pressherald.com – 4/3/11 – “L.L. Bean credit card holders were notified this weekend that an outside party had accessed a marketing vendor’s files, obtaining customers’ names and email addresses.”
New York & Company Warns Customers Of E-Mail List Breach – www.consumerist.com – 4/3/11 – “Several readers have forwarded us an email from New York & Company warning customers that their email system had been compromised. The company assures subscribers that "only" names and email addresses were accessed, adding that customers might receive spam email as result.”
Hackers hit HSN, other companies – www.tbo.com – 4/3/11 – “Home shopping giant HSN is notifying customers across the country that hackers have stolen some of their private data, and a string of other major companies may have to start sending out similar alerts.”
Disney Affected by Huge E-Mail Data Breach – www.stitchkingdom.com – 4/3/11 – “An e-mail from Disney Destinations (i.e., what’s effectively otherwise known as The Walt Disney Travel Company) confirms that the company was one of the many compromised by a recent data breach at Epsilon, an e-mail service provider for many companies.”
Credit-card data from parks users are at risk – www.dispatch.com – 4/2/11 – “People who used a credit card to reserve a campsite or rent a cabin last year through the Ohio State Parks website might have to check their statements.”
Banking problem – www.pontiacdailyleader.com – 4/2/11 – “Freestar Bank of Pontiac sent a letter to some of its customers this week notifying them that some debit card information may have been compromised as a result of a security breach at a third-party card transaction processor — Heartland Payment Systems.”
Oklahoma Health System Loses PC Holding Personal Data of 84,000 Patients – www.eweek.com – 4/1/11 – “Saint Francis Health System in Tulsa, Okla., has become the latest health care provider to report a major data breach, this one resulting from the theft of a PC containing personal information for 84,000 patients.”
Kroger warns of data breach, customer email addresses exposed – www.ajc.com – 4/1/11 – “Kroger Co. sent emails to its customers Friday warning that a company database with limited information about customers was breached.”
Hacker: Avionics vulnerable to next-gen attacks – www.securecomputing.net.au – 4/1/11 – “Stuxnet concepts could give terrorists remote control. A panel of aviation security professionals has named cyberattacks as the second largest threat to airlines, after natural disasters.”
Kennebec Savings uncovers data breach – www.mainebiz.biz – 3/31/11 – “Kennebec Savings Bank is investigating a data breach of its online banking system to uncover what information could have been compromised. On March 21, the Augusta-based bank detected suspicious activity related to unauthorized access of its online banking system and shut it down, according to a press release from the company.”
2 Men Nabbed in Fake Debit Card Scheme – www.longislandpress.com – 3/31/11 – “Nassau County police said they caught two men Wednesday using “cloned,” or re-encoded debit cards to steal cash from victims’ bank accounts—a high-tech scheme the suspects allegedly repeated across Long Island.”
Citizen Patrol: Detect Card Skimming – www.nacsonline.com – 3/31/11 – “Police in Camarillo, Calif., are taking a different approach to preventing card skimming at the pump: enlisting the help of civilians. BankInfoSecurity.com reports that the Citizen Patrol Unit, some 30 volunteers who have been tasked with monitoring fuel dispensers throughout Camarillo, are looking for signs of tampering and illegal skimming device”
Hackers breach bank's online system – www.kjonline.com – 3/31/11 – “Kennebec Savings Bank's online banking system was infiltrated by an outside party and bank officials are working with a team of computer forensics experts to find out which customers may have been affected and what information may have been accessed.”
Health care's security breach – www.thirdfactor.com – 3/30/11 – “Identity theft is common in the banking world and online, but now it is also lurking where Americans are told to feel the most protected–hospitals. The frightening reality is that there is little to no identity management, much less protection, in our health care system today.”
Sophisticated Attack Yields Data On IEEE Members – www.threatpost.com – 3/30/11 – “IEEE, the world's leading society for technical professionals, has warned some 800 members that their credit card and personal information may have been stolen. The FBI has been notified of the breach.”
Retail Groups Applaud Fed Chair’s Commitment to Move Swipe Fee Reform Forward – www.nacsonline.com – 3/30/11 – “In March 29 letters to House Committee on Financial Services Chairman Spencer Bachus (R-AL) and Ranking Member Barney Frank (D-MA), and to Senate Committee on Banking, Housing and Urban Affairs Chairman Tim Johnson (D-SD) and Ranking Member Richard Shelby (R-AL), Bernanke reiterated that that the Fed will complete final swipe fee reform regulations in time for retailers to begin offering customers discounts and other benefits this summer as scheduled, but will likely not hit the originally proposed April 21 deadline.”
Pay-at-the-Pump Scams Targeted – www.bankinfosecurity.com – 3/29/11 – “As pay-at-the-pump skimming scams grow in the U.S. and Europe, police in Camarillo, Calif., have taken the unique step of enlisting help from civilians to fight skimming crimes."
ANSI, Shared Assessments investigate PHI breaches – www.healthcareitnews.com – 3/24/11 – “A new project led by the American National Standards Institute (ANSI) and the Shared Assessments Program has been launched to explore the financial impact of unauthorized access to personal health information (PHI).
Advanced Encryption Efforts Rev Up – www.paymentssource.com – 3/21/11 – “The expanding array of services offering merchants advanced encryption of sensitive payment card data is causing competition to heat up among purveyors already jockeying for dominance by touting each product's specific advantages.”

March 2011

Bank security experts play up social risks – www.securecomputing.net.au – 3/29/11 – “Organizations have overlooked the risk of social engineering in favor of technical security solutions, experts warned this week. Speakers at the Cards and Payments Australasia conference yesterday said consumers and bank employees were increasingly vulnerable to targeted phishing attacks as they posted personal information online.”
Restaurant Chain is First Fined Under Massachusetts Data Breach Law – www.threatpost.com – 3/29/11 – “A Massachusetts restaurant chain was the first company fined under the state's toughest in the nation data breach law and will have to pay $110,000 in penalties, according to a statement by the Massachusetts Attorney General.”
Mobile Payments in the United States: Mapping Out the Road Ahead – www.paymentsnews.com – 3/28/11 – “In January 2010, the Federal Reserve Banks of Atlanta and Boston, through their Retail Payments Risk Forum and Payments Research groups, convened a selected set of key players in this country's emerging mobile payments ecosystem. The goal of the meeting was to facilitate a discussion among all involved parties as to how a successful mobile payments (as opposed to mobile banking) regimen could evolve in the U.S. The resulting paper is available here.”
Boston bar chain settles data breach allegations – www.boston.com – 3/28/11 – “A company that runs several popular Boston bars and restaurants has agreed to pay a $110,000 penalty to settle a lawsuit by the state attorney general alleging it failed to protect customer credit and debit card information.”
Google Sets Role in Mobile Payment – www.online.wsj.com – 3/28/11 – “Google Inc. is teaming up with MasterCard Inc. and Citigroup Inc. to embed technology in Android mobile devices that would allow consumers to make purchases by waving their smartphones in front of a small reader at the checkout counter, according to people familiar with the matter.”
Major Massachusett’s Restaurant Group to pay Big Settlement – www.wpri.com – 3/28/11 – “The Massachusett’s Attorney Generals office reached a settlement with The Briar Group, which owns and operates several popular bars and restaurants in the Boston area, including The Lenox, MJ O’Connor’s, Ned Devine’s, The Green Briar and The Harp.”
Corporate data is new target of cybercrime – www.scmagazineus.com – 3/28/11 – “Cybercriminals have shifted their efforts from targeting individuals' personal information to the intellectual capital of global corporations, according to a report released Monday by McAfee and defense contractor Science Applications International Corp. (SAIC).”
Bank of America Denies Breach – www.bankinfosecurity.com – 3/28/11 – “Bank of America branches in Greater Detroit were reportedly flooded this past weekend, after several BofA debit cardholders noticed fraudulent transactions on their accounts.”
Skimming' devices steal data off credit, ATM cards – www.staradvertiser.com – 3/28/11 – “A Honolulu company has taken steps to prevent a repeat of a scam that skimmed credit and debit card information from pay-as-you-go pumps at four of its gasoline stations.”
US state park visitors warned after server hack – www.news.techworld.com – 3/28/11 – “Visitors to US state parks buying online passes have been warned to be on the lookout for fraudulent card transactions after it emerged that a number of servers at a third-party payments handler were compromised by malware.”
Intellectual property theft fuels underground cyber economy – www.venturebeat.com – 3/27/11 – “It used to be that cyber criminals hacked into accounts to steal credit card numbers or social security numbers. Now they’re moving upscale, building a huge underground economy around stealing more valuable intellectual property.”
Bank Of America Accounts Hacked – www.clickondetroit.com – 3/26/11 – “Thousands of Bank of America customers' account information could be in jeopardy after a major security breach. Christy Clark went to a Royal Oak drug store Friday, but when her debit card was declined, she knew something was wrong. “I was very embarrassed,” Clark said.”
RSA Breach: What Did We Expect? – www.blogs.bankinfosecurity.com – 3/25/11 – “This kind of problem happens to everybody." Those are the words of Marcus Ranum CSO of Tenable Network Security and an RSA customer, in response to the widely publicized breach at security solutions vendor RSA.”
Credit card numbers stolen from PCPA website – www.kgw.com– 3/25/11 – “The Portland Center for the Performing Arts announced Friday that customer information on its website, including credit card numbers, was accessed by an unauthorized outside user. Customers who purchased PCPA gift cards were affected, but those who purchased tickets were not, a PCPA statement read.”
Chain Reaction finds and plugs security hole that led to fraud – www.theregister.co.uk – 3/25/11 – “Popular UK-based biking site ChainReactionCycles.com has confirmed that a security breach on its systems led to fraud against its customers. Some of the cyclists who shopped with the site earlier this month noticed fraud against their credit cards days later, normally fraudulent purchases of mobile phone top-ups costing around £30.”
Hackers step up attacks on security firms – www.infoworld.com – 3/25/11 – “The Internet's security infrastructure is under attack. Two major incidents against Comodo and RSA have raised the question of not just whether the enterprise can withstand hacker attacks but if the security firms we all count on to guard the infrastructure can protect themselves.”
Medical identity theft a rising and significant threat – www.networkworld.com – 3/25/11 – “When most people think of identity theft, it's credit card transaction fraud or perhaps a criminal taking out a car loan or a mortgage in someone else's name. What doesn't always come to mind is someone stealing identity and medical credentials and then using those to obtain needed medical care, or selling those credentials on the underground market.”
Teen skimmer gets probation – www.theprovince.com – 3/24/11 – “A solemn-looking 16-year-old youth was sentenced to 18 months' probation in a Richmond courtroom Wednesday for skimming credit cards and passing the information to his adult accomplice.”
Hackers fake SSL certificates for web services – www.securecomputing.net.au – 3/24/11 – “Sophisticated attack thought to be state-sponsored. Hackers have broken into the systems of a web authentication firm in Europe, issuing false certificates that forced Google, Microsoft and Mozilla to issue emergency browser patches.”
100m tokens at risk from RSA breach – www.securecomputing.net.au – 3/24/11 – “The RSA SecureID token breach could affect up to 100 million people. Following the breach last week that led to SecurID two-factor authentication token information being stolen, IronKey CEO David Jevans said there were 25 million hard tokens deployed, but that figure is closer to 40 million when soft tokens are taken into consideration, so it is possible that more than 100 million users could have been impacted.”
Data breach may have exposed park passholders – www.wcsh6.com – 3/24/11 – “Some people who bought passes to Maine State Parks online last year may have had their credit card information exposed. The company that handles online state park pass purchases had a malware attack that may have exposed cards used in transactions from March 21st to December 22nd of last year.”
Smart Card Alliance reports 2011 agenda focus, makes committee appointments – www.greensheet.com – 3/24/11 – “Educating on the benefits of open bank card payments, as well as convergence of smart card-based ID and transit applications and NFC in transit is the focus for the upcoming year, the Smart Card Alliance Transportation Council said today, also announcing the 2011/2012 officers and steering committee.”
TripAdvisor: E-mail addresses stolen in data breach – www.news.cnet.com – 3/24/11 – “If you use TripAdvisor you may soon be getting more spam. The travel site told customers in an e-mail today that someone had breached its network and stolen e-mail addresses for an undisclosed number of its members.”
ATM Security: 3 Global Threats – www.bankinfosecurity.com – 3/24/11 – “Skimming remains the top ATM fraud threat worldwide, but certain regions are also seeing a rise in logical security breaches - malware - according to Chuck Somers, VP of ATM Security and Systems with Diebold, the global ATM supplier.”
Federal Cyber Incidents Rose 39% in 2010 – www.bankinfosecurity.com – 3/24/11 – “Cyber incidents affecting government information systems rose by 39 percent to 41,776 in fiscal year 2010, which ended Sept. 30, according to a new report from the Office of Management and Budget.”
ATM skimmer found in City Market – www.thecoastalsource.com – 3/24/11 – “Next time you go to an ATM, pay attention to the machine before you insert your bank card. A skimmer, which records account numbers, was found on a downtown Savannah ATM.”
Mobile payments prompt response from PCI DSS Council – www.searchsecurity.techtarget.com – 3/21/11 – “The growing use of smartphones and technologies that turn them into payment devices has prompted the Payment Card Industry Security Standards Council (PCI SSC) to start a mobile task force to study the issue.”
Lack Of Standards Could Bring Risk To Mobile Payments – www.paymentssource.com – 3/17/11 – “ISOs and agents are continuing to offer processing services for mobile acceptance devices despite the risk some say might arise from a lack of technical standards. The ongoing fight between Square Inc. and rival VeriFone Systems Inc. highlights those fears, some observers say.”
Payment cards: two jailed for bribery in credit card skimmer scam – www.bankinginsurancesecurities.com – 3/23/11 – “A former assistant restaurant manager of a hotel and an unemployed man, charged by the Hong Kong's Independent Commission Against Corruption, were today (Wednesday) sent to jail at Kowloon City Magistracy for bribery in relation to a counterfeit credit card scam.”
RSA Clients Manage Risks – www.bankinfosecurity.com – 3/23/11 – “Users of RSA's SecurID two-factor authentication products, acting on advice from the company, are devising strategies to monitor for threats and take preventive steps in the aftermath of a hacker attack against the products.”
The impact of the RSA token data breach is still undetermined – www.scmagazineuk.com – 3/23/11 – “Following the breach last week that led to SecurID two-factor authentication token information being stolen, IronKey CEO David Jevans told SC Magazine that there has been 25 million hard tokens deployed, but that figure is closer to 40 million when soft tokens are taken into consideration, so it is possible that more than 100 million users could have been impacted.”
Point-of-Sale Terminal Tampering Is a Crime . . .and You Can Stop It – www.usa.visa.com – 3/23/11 – “Increasingly, criminals with sophisticated tools are actively targeting vulnerable merchant point-of-sale (POS) terminals to steal payment card data and PINs for counterfeit fraud purposes. That’s the bad news! The good news is that all acquirers, merchants, and processors can take appropriate steps to eliminate POS terminal weaknesses and the possibility of POS tampering.”
Skimmer Found On Johnson Square ATM – www.wsav.com – 3/22/11 – “Metro Police are asking customers who may have used the ATM at the SunTrust Bank on Johnson Square to check their accounts for inappropriate charges after a "skimmer" was found attached to the maching last week. It was a customer who noticed the device and alerted police. A "skimmer" is a device that thieves attach to an ATM to record bank card and PIN numbers. It was discovered attached to the Suntrust ATM last Thursday afternoon.”
Card data skimmed at local gas stations – www.khon2.com – 3/22/11 – “Having your identity stolen while filling up on gas may seem farfetched to some, but that's exactly what happened to nearly two hundred people on Oahu last September.”
Play.com issues warning over personal data breach – www.computerweekly.com – 3/22/11 – “Online retailer Play.com has e-mailed customers warning of a security breach that could compromise personal details. The e-mail says: "We are e-mailing all our customers to let you know that a company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and e-mail addresses may have been compromised."
Debit card fraud falls but still higher than 2008 levels – www.torontosun.com – 3/21/11 – “Debit card fraud fell in Canada last year but it’s still higher than normal as scam artists rush to skim the system of as much cash as possible ahead of a country-wide chip technology rollout, the Interac Association said Monday.”
Managing the Risks and Security Threats of Mobile Payments – www.pymnts.com – 3/21/11 – “Over the past decade, mobile phones have emerged as one of the most ubiquitous technologies in human history. Today, billions of people in virtually every corner of the world have mobile phones. These devices shape their interaction with their communities, countries and economies.”
Card Skimming at Pumps Worldwide Concern – www.nacsonline.com – 3/21/11 – “From the East Coast to the West Coast and every place in between, pay-at-the-pump credit and debit card skimming is skyrocketing in the United States. But the problem is growing bigger as evidence of card skimming scams are turning up in Europe and other countries as well, BankInfoSecurity.com reports.”
Interac® security tips to help Canadians fight debit card fraud – www.newswire.ca – 3/21/11 – “With Fraud Prevention Month coming to a close at the end of March, Interac Association urges Canadians to remain vigilant about debit card security year-round. Fighting fraud is a collective effort and with a few handy tips in mind, consumers can take steps to stay secure when using Interac services.”
The Payback of Compliance – www.bankinfosecurity.com – 3/21/11 – “A review of security practices and investments at 46 global organizations across the financial, retail, healthcare and government spaces finds that compliance with industry security standards actually saves money over the long-term. Conducted by the Ponemon Institute between November and January, the study reviewed security investments made over a 12-month period.”
White Paper: PIN Pad Best Practices And PED Physical Security – www.bsminfo.com – 3/20/11 – “Retailers are facing a new and growing threat. Locked out of the payments chain by EMV and encryption, today's criminals are now turning to the Payment Entry Device (PED) itself. Fraudsters can steal and re-engineer PEDs before re-installing them into retail outlets, such as supermarkets and petrol stations, often in collusion with a staff member. They can then capture and transmit card details and PINs to create fake cards for use at home or abroad.”
Cumbria police warning after skimming device found on bank cash machine – www.newsandstar.co.uk – 3/19/11 – “Police are urging people to be vigilant after a skimming device was found at a Cumbrian cash machine. Thieves placed the device at the cash machine outside of the HSBC bank on Pow Street in Workington.”
Credit Card Skimmers Target Victims Along I-70 – www.denver.cbslocal.com – 3/18/11 – “Investigators are trying to figure out who is stealing credit card information from victims along Interstate 70. At least 140 people in Adams and Arapahoe Counties have been ripped off in recent weeks. Thieves use skimmers that fit into the palm of their hands. When the victim is out of sight, the thieves scan the credit card and get the information.”
New PCI Guidance Issued – www.bankinfosecurity.com – 3/18/11 – “New guidance issued by the PCI Security Standards Council is aimed at securing stored payment card data collected via call centers and over-the-phone payments. And, experts say, this directive could not come at a better time.”
RSA Breach: 'Not a Game-Changer' – www.bankinfosecurity.com – 3/18/11 – “It's serious news that RSA's SecurID solution has been the target of an advanced persistent threat. But "It's not a game-changer," says Stephen Northcutt, CEO of SANS Institute. "Anybody who says it is [a game-changer] is an alarmist.”
Special Report: The RSA Breach and its Impact – www.bankinfosecurity.com – 3/18/11 – “The announcement by RSA that it had been a victim of an advanced persistent threat shook the global information security industry. Stephen Northcutt of SANS Institute and David Navetta of the Information Law Group offer insight on what happened, what it means and how to respond.”
9 Ways to Help Safeguard RSA's SecurID – www.bankinfosecurity.com – 3/18/11 – “Security vendor RSA is providing remediation steps for customers to strengthen their RSA SecurID implementations in light of an advanced persistent threat attack against the company, which it says was directed at its SecurID two-factor authentication product (see Hackers Target RSA's SecurID Products).”
Legal View of RSA Breach – www. bankinfosecurity.com – 3/18/11 – “Persistent is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.”
DHS Responds to RSA SecurID Breach – www.bankinfosecurity.com – 3/18/11 – “The Department of Homeland Security is working with RSA in investigating what the IT security vendor characterized as an extremely sophisticated attacked aimed at its SecurID two-factor authentication products.”
Police issue warning over skimming devices on automated train/tube ticket machines – www. infosecurity-magazine.com – 3/18/11 – “The bank-sponsored specialist joint police unit – which consists of Metropolitan police officers, City of London police officers and card payment industry investigators – says it has noticed a rise in the number of card skimming devices being placed on payment keypads at ticket machines in train stations.”
PCI Security Standards Council Releases Supplement GUdance For Protecting Telephone-Based Payment Card Data – www.pcisecuritystandards.org – 3/18/11 – “The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), today released an educational resource on PCI DSS requirements for securing cardholder data in audio recordings.”
Read more: Police: man used camera and skimmer to steal Wellesley ATM information – www.wickedlocal.com – 3/17/11 – “Wellesley police are searching for a man who used advanced technology to steal debit card information from a Linden Street ATM.Deputy Police Chief Bill Brooks said back in February, at least one unidentified man used a pinhole camera and a skimmer — a device placed over the ATM card-reader that steals card information — to replicate the cards and make at least $2,900 in purchases in Rhode Island.”
4 busted in ATM-card $kim scam – www.nypost.com – 3/17/11 – “Four scam artists have been busted on charges of skimming debit-card info at a pair of Queens banks -- and putting the data on Starbucks and Century 21 gift cards they programmed to work at ATMs, The Post has learned.”
PIN skimming possible with chip cards – www.h-online.com – 3/17/11 – “At the CanSecWest security conference held in Vancouver last week, four security researchers demonstrated the practicability of chip card skimming attacks – both with an insecure class of chip (SDA) and with a class that has been considered secure (DDA). EC and credit cards chipped according to EMV specifications are designed to hamper "skimming", an attack method which involves intercepting a user's card and PIN data.”
UK cyclists hit by fraud after online purchase at website – www.theregister.co.uk – 3/17/11 – “A suspected security breach at popular UK-based biking site chainreactioncycles.com has been linked by victims to multiple instances of fraud.Various bike enthusiast forums are alive with complaints (here and here) from customers of the site, several of whom are reporting unauthorised charges on their credit or debit cards. The victims are tied together by having shopped at the bike site over the last fortnight or so.”
Identity Thieves Target Nation's Giant Hamburgers – www.dixon.patch.com – 3/17/11 – “Anyone from Dixon who used their credit card to dine at Nation's Giant Hamburgers in Vacaville might want to check their credit report. Nearly 200 people who used their credit cards at a Nation's Giant Hamburgers restaurant in Vacaville have had their identities stolen, police said Wednesday.”
Google Takes on NFC, Will They Crack the Code? – www.pymnts.com – 3/17/11 – “Google has signaled that it will do two things no one else in the payments ecosystem has done or even talked about: make a business case for merchants and consumers around NFC and maybe even put some real money behind it.”
Fraud bust turns up stash of stolen ID, bank information – www.edmontonjournal.com – 3/17/11 – “Const. Marc Dehid was on a routine call when he walked into an apartment in north Edmonton last month and uncovered what is alleged to be a sophisticated fraud operation involving piles of stolen identification, personal documents and banking information.”
PCI Delist Move Threatens Mobile Payment Security – www.storefrontbacktalk.com – 3/16/11 – “The PCI Council this week confirmed that it has quietly delisted “multiple” mobile payment applications, although the council didn’t specify a number. This comes as the PCI folk are trying to formulate a mobile strategy, which is likely to take quite a few more months to resolve. Given that retailers can’t put their mobile plans on hold, this puts merchants in a very awkward—and potentially very insecure—place.”
Web Hacking Incident Database Report Reveals Increase in DDoS Attacks – www.trustwave.com – 3/14/11 – “Trustwave, a leading provider of information security and compliance solutions, has released its Web Hacking Incident Database (WHID) semiannual report, which finds an increase in distributed denial of service (DDoS) attacks and determined that there was a lack of properly implemented anti-automation defenses to ensure application availability during such attacks.”
Despite PCI, a Scanning Tool Finds Widespread Storage of Unencrypted Data – www.digitaltransactions.net – 3/14/11 – “One of the key tenets of the 6-year-old Payment Card Industry data security standard (PCI) is that merchants should never store unencrypted card data in their systems. But data generated from a recent beta test of a new system-scanning tool shows many merchants, knowingly or unknowingly, are violating this basic rule.”
POS Terminals An Issue In Advanced Encryption Efforts – www.paymentssource.com – 3/10/11 – “The expanding array of services offering merchants advanced encryption of sensitive payment card data is causing competition to heat up among purveyors already jockeying for dominance by touting each product’s specific advantages.
Feds: Ring bought stolen credit card numbers, spent thousands in Central Florida – www. orlandosentinel.com – 3/9/11 – “Secret Service agents say seven members of a Central Florida crime ring spent hundreds of thousands of dollars with stolen credit card numbers, which were purchased over the Internet from people who hacked into business computers and obtained the data.”
Teen Arrested In ATM Skimmer Case – www.kptv.com – 3/16/11 – “Vancouver police have arrested a man accused of trying to rip people off at a local ATM.They arrested 18-year old Nicholas Duncan, of Vancouver, on one count of fraud and booked him into the Clark County Jail.”

Hotel Associations Issue Joint Statement on Credit Card Security – www.hospitalitynet.org – 3/16/11 – “Three major hotel industry associations, including the American Hotel & Lodging Association (AH&LA), Hotel Technology Next Generation (HTNG), and Hospitality Financial and Technology Professionals (HFTP) today issued the following joint statement to hotels regarding organized cyber crime attacks on credit card data. It identifies actions that hotels -- and not their system vendors -- need to take immediately in order to minimize their vulnerabilities and to avoid the potential for hundreds of thousands of dollars in costs and fines that typically result when just a single hotel system is breached.”

Top Internet Crime Cop Talks Payments – www.pymnts.com – 3/16/11 – “The 2010 Internet Crime Report is produced by the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). In 2010, IC3 received 303,809 complaints of Internet crime, the second-highest total in IC3's 10-year history. IC3 Manager Greg Donewar explains what the payments industry can learn from the report findings in this exclusive NEXTcast interview.”

Los Altos, MV gas stations victims of credit-card scam – www.losaltosonline.com – 3/15/11 – “Rising oil prices aren’t the only way people pay at the pump these days. Two Glendale men each face more than seven years in prison after investigators discovered credit-card skimming devices that the suspects installed in Los Altos and Mountain View gas station pumps in December.”

Card Fraud and Pay-at-the-Pump – www.blogs.bankinfosecurity.com – 3/15/11 – “Pay-at-the-pump skimming is on the rise, and not just in the U.S. We can expect these skimming incidents to grow because gas pumps are easy targets. Pay-at-the-pump skimming is a growing, global problem. And despite increasing publicity about identity theft and card fraud, little is being done to fix the pay-at-the-pump problem.”

200 ID Theft Cases Traced to Burger Joint– www.fox40.com – 3/15/11 – “Vacaville investigators are asking diners of a burger restaurant to check their bank statements following a string of identity thefts. Almost 200 people have been identified as victims in this identity theft case. Cops were first alerted to it in early march, and traced the credit card number thefts back to Nation's Giant Hamburgers along Browns Valley Parkway.”

Vancouver man arrested in ATM scanner case – www.columbian.com – 3/15/11 – “Police have arrested an 18-year-old Vancouver man for allegedly placing a skimmer and pinhole camera on an automatic teller machine earlier this month at an east Vancouver credit union, the Vancouver Police Department reported Tuesday.”

Brothers Involved in Debit Card Skimming Operation Get One Year Sentence – www.country95.fm – 3/15/11 – “Two brothers from Montreal charged with using cloned debit cards in Lethbridge, entered guilty pleas to unlawful use of credit cards Tuesday morning in court. Between June and July of last summer, they set up a skimming operation at a North side fast food restaurant, where they captured the card information and pin numbers of the debit cards used there.”

9 Senators Seek to Delay Debit Card Fee Changes– www.nytimes.com – 3/15/11 – “A bipartisan group of senators introduced a bill on Tuesday that would delay a new federal regulation to lower the swipe fees that banks could charge merchants for processing debit card transactions."

Breach Notification: What Does “As Soon As Possible” Mean? And Why It May Not Be Wise To Complywww.storefrontbacktalk.com – 3/15/11 – “When a retail chain suffers a data breach, as in many aspects of life, no good deed goes unpunished. Conventional wisdom—reinforced by a host of legal requirements throughout the country—is that you should notify all potentially affected customers about the breach as soon as possible. But that’s often not the best approach.”

Man pleads guilty to running 'credit-card factory' – www.calgaryherald.com – 3/14/11 – “A man from the Calgary area pleaded guilty to several charges Friday after Mounties accused him of running a "credit-card factory" from a residence. Corey Klippel, of Wheatland County near Strathmore, was in court on Friday and admitted to five offences, including being in possession of equipment used to manufacture fake credit cards along with scanned images of people and their identification information.”

Phuket Swindle: Romanians charged in Bt100mn ATM scam – www.phuketgazette.net – 3/14/11 – “Four Romanians were arrested by Phuket police yesterday and charged with running an ATM card scam that is claimed to have stolen 100 million baht. The four were named by police as Gavrila Florin Eugen, 33; Ene Bogdan Constantin, 23; Vilvoi Claudiu Constantin, 36; and Gavrila Alexandra, 26. All four suspects were arrested at their rented room at the Azzurro Village Hotel on Rat-U-Thit 200 Pee Road in Patong.”

Credit unions issue warnings on debit cards – www.telegram.com – 3/12/11 – “Customers of two local credit unions are being warned to keep a close eye on accounts linked to their debit cards after some apparently fraudulent activity was noticed.”

Chip-and-PIN definitely broken, say Italian researchers – www.scmagazineus.com – 3/11/11 – “A team of Italian researchers has presented a crack for the chip-and-PIN card verification system that they say makes it possible to skim a PIN number that can later be used with a stolen card. The team, from security research company Inverse Path, built a prototype skimmer that can be inserted invisibly into an electronic point-of-sale terminal and intercept the interface between the terminal and a card's chip.”

Breach costs rise to $7.2m: study– www.securecomputing.net.au – 3/11/11 – “Data breaches cost organisations $US7.2 million last year, a rise of 7 percent, a Symantec-Ponemon study found.”

The Evolution of Payment System Risk Management: And the Changing Dynamics of Credit Card Fraud Prevention– tourgartnersymposiumitxpo.com – 3/10/11 – “Risk managers in the payment card industry are ready to adopt new approaches to fraud prevention as means evolve in which cards and card users are authenticated at the moment the transaction begins. More sophisticated modes of authentication have arisen as new technology has enabled them.”

Police seek man who tried to steal ATM data– www.columbian.com – 3/10/11 – “Vancouver police are looking for a man who allegedly installed a credit card skimmer on an ATM at the Lacamas Community Credit Union at 19200 S.E. 31st St., in far-east Vancouver just west of Camas.”

The Answer to Card Fraud?– www.bankinfosecurity.com – 3/10/11 – “Eduardo Perez, head of Global Payment System Security at Visa, says the EMV chip is an ideal dynamic data technology, but mobile and others offer similar security benefits.”

Banking fraud losses continue to drop– www.freshbusinessthinking.com – 3/10/11 – “Figures released on Wednesday have revealed that fraud losses on UK cards, cheques and online banking all fell in 2010, and are at a record low for over ten years.”

Police find card skimmer attached to Vancouver ATM– www.oregonlive.com – 3/10/11 – “Police are advising the public to check for suspicious devices near credit card slots after a "card skimmer" was found attached to a Vancouver ATM.”

'Skimming' victim scared as suspects still on the loose – www.nwcn.com – 3/10/11 – “Two swindlers are on the loose after skimming ATMs in the Portland Metro area and ripping off innocent people. A skimmer is a device that goes inside the ATM card holder and steals data from your card's magnetic strip. The skimmers then pick up credit card numbers for, say, online purchases.”

Vancouver Police Find Skimmer, Camera On ATM– www.kptv.com – 3/10/11 – “Vancouver police say they found a skimming device and a small camera on a credit union’s ATM over the weekend.”

Pay-at-the-Pump Card Fraud Revs Up– www.govinfosecurity.com – 3/9/11 – “Warm weather and easy targets have made self-service gas pumps in Arizona attractive targets for card-skimmers. Card fraud linked to pay-at-the-pump gas terminals in Arizona tourist spots such as Tucson is on the rise, as travel season gears up for spring. Last week, Tucson, Ariz., Police Sgt. Michael Garcia told a local TV station that pay-at-the-pump skimming has been on the rise since January, when Tucson police confiscated the city's first gas pump card skimmer.”

Fraud loss on credit and debit cards falls to 10-year low– www.belfasttelegraph.co.uk – 3/9/11 – “Fraud losses on UK cards fell to their lowest level for a decade during 2010 as a raft of industry initiatives paid off. Losses on credit and debit cards dropped by 17% during the year to £365.4m, the lowest level since 2000, according to industry body the UK Cards Association.”

BP Introduces Network-Wide Offer to Help Prevent Card Fraud – www.nacsonline.com/ – 3/9/11 – “Yesterday, BP Products North America Inc. launched FraudGuard, its newly enhanced payment card fraud prevention program that features proven technology options for eligible sites and business incentives for participating retailers. Starting today, eligible BP branded marketers may opt-in to take advantage of different opportunities to increase payment card security at purchase points both indoors and outdoors.”

Cord Blood Registry loses unsecured data on 300,000 clients– www.infosecurity-us.com – 3/9/11 – “The Cord Blood Registry (CBR), the nation's largest stem cell bank, admitted that it lost unsecured personal data on 300,000 cord bank clients, a breach that could cost it millions to address.”

Men Charged With Theft of 3,600 Credit-Card Numbers From Los Altos and Mountain View Gas Pumps– losaltos.patch.com – 3/9/11 – “Two men from Southern California face felony charges after they placed credit-card skimmers inside several gas pumps in Los Altos and Mountain View in December, according to the Santa Clara District Attorney's Office.”

Possible stem cell bank data breach – abclocal.go.com – 3/9/11 – “A Triangle woman is concerned about her donation after learning of a possible security breach of the Cord Blood Registry. CBR mailed warning letters to 300,000 people after a laptop computer and other items were stolen from an employee's car. It happened in December, but many warning letters are just arriving in local mailboxes.”

Pay-at-the-Pump Card Fraud Revs Up – www.govinfosecurity.com – 3/9/11 – “Warm weather and easy targets have made self-service gas pumps in Arizona attractive targets for card-skimmers.”

Fraud loss on credit and debit cards falls to 10-year low– www.belfasttelegraph.co.uk – 3/9/11 – “Fraud losses on UK cards fell to their lowest level for a decade during 2010 as a raft of industry initiatives paid off. Losses on credit and debit cards dropped by 17% during the year to £365.4m, the lowest level since 2000, according to industry body the UK Cards Association.”

Say goodbye to your magnetic stripe credit card – www.seattlepi.com – 3/8/11 – “The magnetic-stripe credit card you pull out and swipe when shopping is going the way of the floppy disk. Or the CD. Or the Walkman.”

Customers feel scammed by credit card skimmer in Bennett– www.kdvr.com – 3/8/11 – “A disturbing crime spree has hit Bennett, Colo., and the surrounding communities. At least 50 victims have come forward in recent weeks saying someone is using their credit card numbers and stealing from them.”

Documents Reveal Credit Card Company Knew of ‘Electronic Pickpocketing’ Risk, According to Identity Stronghold – www.businesswire.com – 3/8/11 – “Documents recently uncovered at the U.S. Patent and Trademark Office show that at least one credit card company knew in advance that the contactless cards containing RFID chips they issued to millions of Americans are easily susceptible to electronic pickpocketing, despite the industry's repeated public claims to the contrary.”

Security-Breach Costs Climb 7% to $7.2 Million per Incident– www.bloomberg.com – 3/8/11 – “The cost to businesses of exposing data such as Social Security and credit-card numbers climbed 7 percent last year to an average of $7.2 million per incident, according to a study of companies that experienced breaches.”

Police: Theft Ring Targeting ATM Users– www.kptv.com/ – 3/8/11 – “Detectives say they need help identifying two men who are accused of stealing thousands of dollars from people across the metro area.”

Data Breaches Still Alive and Kicking; Fraud Management Still Lacking – www.retailsystemsresearch.com – 3/8/11 – “Mainstream media outlets seem to have moved beyond the subject of corporate data breaches to more arcane means of data theft like reading the smart chip embedded in individual credit cards. Most retailers have spent the time and money to become PCI compliant, so all should be well, right? Well, not exactly. Data breaches are alive and well, and while US consumers are not bearing the direct costs right now, sooner or later the impact of these thefts is going to show up buried in some price increase or another.”

HSBC issuing passcode device for online payments – www.information-age.com – 3/7/11 – “UK bank HSBC is to issue customers with a device that helps secure online payments by generating a one-time passcode for each transaction.`”

Data Breach Risk Calculator– www. databreachcalculator.com – 3/6/11 – “Since 2005, The Ponemon Institute has examined the cost incurred by organizations, across industry sectors, after experiencing a data breach. The results were not hypothetical responses. They represent cost estimates for activities resulting from actual data loss incidents.”

Implementing Tokenization Is Simpler Than You Think – www.firstdata.com – 3/6/11 – “A surprisingly simple service-based approach makes implementing end-to-end encryption and tokenization in your payment environment simpler than you might think.”

Spike in credit and debit theft leaves accounts drained – www.9news.com – 3/5/11 – “Marty Woods felt sick when she looked at her bank statement Wednesday. "I just panicked," she said. "Our account went from $1,500 to $23 in just one day."”

Lethbridge police crack counterfeit ring – www.calgaryherald.com – 3/5/11 – “Police in Lethbridge have cracked a counterfeiting ring accused of spreading phoney $100 bills and fake credit cards.”

300,000 clients of umbilical cord blood bank at risk of ID theft – www.networkworld.com – 3/4/11 – “The world's largest stem cell bank, Cord Blood Registry, has mailed data-breach warning letters to some 300,000 people after storage tapes and a laptop were stolen from an employee's car.”

Scam artists steal card data – www.langleyadvance.com – 3/4/11 – “A pay parking lot was the latest target of a debit card skimming scam, Langley RCMP say. On Feb. 25, a local driver called the Mounties to report that he had tried to swipe his card, but found that the reader was a fake.”

Cyber crime teens jailed in GhostMarket bust – www.securecomputing.net.au – 3/4/11 – “Nicholas Webber, 19, and Ryan Thomas, 18, both pleaded guilty for their roles in running GhostMarket.net, which had over 8,000 members.”

Cybercriminals Targeting Point-of-Sale Devices – www.cio.com – 3/3/11 – “Point-of-sale payment processing devices for credit and debit cards are proving to be rich targets for cybercriminals due to lax security controls, particularly among small businesses, according to a report from Trustwave.”

Harford County nail salon worker charged with skimming customers' credit cards – www.abc2news.com – 3/3/11 – “Pretty in pink, Lisa Kirk shows off her manicure as she steps outside Classy Nails in the Rock Spring Shopping Center in Forest Hill.”

Skimmers Help Theives Collect Credit Card Information – haystackhelp.com/ – 3/3/11 – “Suspects have already stolen credit card numbers from hundreds of people in Longmont and others in at least eight states. Now the Secret Service is trying to catch them. Credit card fraud is a multi-billion dollar business.”

Bank cards compromised at the Scotia Bank, Hanover Police investigating – www.thepost.on.ca – 3/3/11 – “Numerous bank cards were skimmed over the Family Day long weekend, as a result of the installation of an electrical device on the bank machine at Scotia Bank 10th Street. A skimmer" was used to read the electronic strip on the back of cards. HPS are working with securty at Scotia Bank in an investigation. If you have any information, please contact HPS or Crime Stoppers.”

Two men charged with fraud after credit card scam – www.yorkpress.co.uk – 3/3/11 – “TWO men arrested at a York store on suspicion of using cloned credit cards have been charged with fraud.”

Swinging the gavel in the 21st century – www.securecomputing.net.au – 3/2/11 – “Consumers, businesses and governments are embracing e-commerce, social networking and the other powerful tools made available by online technologies.”

The App That Bites: Google Pulls 21 Dodgy Apps From Android Market – moconews.net – 3/2/11 – “Given that collectively we are approaching 1 billion mobile apps on the market, it’s a surprise that you don’t hear about problems like this more often: Google has pulled 21 “counterfeit” apps from the Android Market that were given the name and appearance of popular Android apps, but actually contained malware that collected user information and potentially more. The news follows reports yesterday about Apple App Store users getting their accounts hacked, potentially through the use of iffy gift cards.”

Cumbersome Paperwork Rule Will Go Away in April for Visa Fraud Chargebacks – digitaltransactions.net – 3/2/11 – “Continuing a chargeback-streamlining process that began back in 2004, Visa Inc. in April will no longer require card issuers to obtain signed paper documentation in disputes involving transactions the cardholder claims are fraudulent. Instead, issuers may submit the required documentation electronically.”

Network Security Podcast, Episode 232– www.mckeay.net – 3/2/11 – “Rich and Zach are on the road this week, so Martin was left alone for this week’s podcast. Luckily there was already an interview with Larry Ponemon, from the Ponemon Institute about the report “The True Cost of Compliance”, which was sponsored by Tripwire. Unluckily, I (that is Martin) over-engineered the interview in order to pull out some annoying sounds, which leaves the interview sounding a little muddy. The content is still good, which is what really matters in any case. I tried to ask a number of questions that were supplied by folks on Twitter, which I mostly succeeded at.”

Gas stations at risk after 6 find devices to skim credit cards – azstarnet.com – 3/2/11 – “At least six gas stations in Tucson had skimming devices used to steal credit and debit card information from customers this year, investigators have found.”

Is P2P Encryption Secure? That Depends... – www.technewsworld.com – 3/1/11 – “The most secure P2PE option is to replace existing payment terminals with newer hardware devices offering built-in encryption capabilities. With encryption at the read head, all mag stripe data is encrypted on the hardware terminal itself as soon as the consumer swipes his or her card. No readable data ever leaves the unit, eliminating the risk of theft as it traverses the merchant network. This strategy completely defuses the threat of online attacks.”

Police Seize Skimming Attachment from Payment Machine – bc.rcmp.ca/ – 3/1/11 – “Police have seized the skimmer (pictured) and would like the public to be cognizant of the existence of devices such as this. When paying by debit or credit, consumers should be mindful of these types of attachments. Try to use familiar ATM’s and payment machines, preferably ones equipped with security cameras.”

Gas stations at risk after 6 find devices to skim credit cards – azstarnet.com – 3/2/11 – “At least six gas stations in Tucson had skimming devices used to steal credit and debit card information from customers this year, investigators have found.”

New train and tube ticket scam– www.thelondondailynews.com – 3/1/11 – “Officers from the Dedicated Cheque and Plastic Crime Unit (DCPCU) are today, Tuesday 1 March, alerting commuters and other train users to be vigilant when buying train tickets at unmanned ticket machines on the rail and tube network.”

Rallying 'Round the Red Flags – www.cfo.com – 3/1/11 – “For individuals, identity theft typically involves a modest financial loss and a large headache in denying that they purchased high-end home-theater systems and custom Jaguars.”

February 2011

Jack in the Box Drive-thru Linked to String of Texas Credit/Debit Card Thefts – hospitalitytechnology.edgl.com – 2/28/11 – “Pattie Shieh of MyFox Houston reports that police have arrested 21-year-old Dayvon Clement in connection to numerous thefts of credit and debit card numbers in Pearland, Texas. He allegedly used a portable, battery-powered skimmer to get the numbers. Lt. Onesimo Lopez with Pearland PD described how they tracked him down.”

Breaches Affecting 500 or More Individuals– www.hhs.gov – 2/28/11 – “As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The following breaches have been reported to the Secretary.”

North Texas police issue warning about illegal ‘skimming’ of credit, debit cards– www.dallasnews.com – 2/27/11 – “An ordinary trip to the grocery store last month turned out to be anything but ordinary for Ricardo Gonzalez and his wife.”

Criminals Skim Cash Out Of Accounts – www.wibw.com – 2/27/11 – “It's one of the most common types of identity thefts and falling victim is only a card swipe away. Bank officials say ATM skimming seems to be a growing trend right here in northeast Kansas.”

Indo-Canadian Criminal On Police’s Top 10 Most Wanted List – thelinkpaper.ca/? – 2/26/11 – “An Indo-Canadian criminal is on B.C.’s 10 most wanted and he is one of two criminals from Surrey. Apollo Alex Verde, aka Jaspal Singh Virdi, from Surrey is on the RCMP’s 10 most wanted list, which was released this week. Along with Virdil, the other Surrey criminal is Dean Jeffrey Anderson, who is wanted by the Surrey RCMP for assault with a weapon, assault causing bodily harm and breach of probation.”

Identity theft: Reports soar in Collier, Lee as new technology aids thieves POLLS – www.naplesnews.com – 2/26/11 – “Technology continues to make life easier — for thieves. Take the newer generation credit cards or keyless entry IDs given to employees. They may be equipped with radio frequency chips that make transactions and entry into buildings faster.”

A Novel Data Security Law Proposed in Colorado – www.infolawgroup.com/ – 2/24/11 – “There has been a lot of buzz around various privacy and security bills presented on the Federal level, including the reintroduction of the BEST PRACTICES ACT and a new privacy bill put out by Congresswoman Speier that brings "do-not-track" into the fray (not to mention the previously introduced Boucher Bill, which is now missing its named sponsor).”

Two more Southern California men arrested in ATM skimming operation – www.sanluisobispo.com – 2/24/11 – “San Luis Obispo police arrested two Southern California men earlier this month as part of an investigation that began after a skimming device found at Chase Bank on Madonna Road resulted in more than $121,000 being stolen from 112 customers.”

INSIDE EDITION Investigates Electronic Pickpocketing – www.insideedition.com – 2/23/11 – “It's old fashioned pick pocketing with a high tech twist. A way for would be thieves to steal your personal information without ever laying a hand on you or your wallet.”

Full Text of HB3025– www.ilga.gov – 2/23/11 – “Amends the Personal Information Protection Act. Provides that "breach of the security of the system data" includes the unauthorized use (instead of only the unauthorized acquisition) of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector. Provides that a data collector that owns or licenses personal information shall notify the Attorney General of a breach. Provides that a data collector that maintains or stores (instead of only maintains) computerized or other data (instead of only computerized data) that includes personal information must cooperate with the owner or licensee of the information in relation to a breach.”

Incident Response: How to React to Payment Card Fraud – www.bankinfosecurity.com – 2/21/11 – “As TJX, Hannaford and Heartland have taught us, incident response isn't just about reacting to your own institution's security breaches - it's about what happens when your card processors, merchants and vendors are compromised.”

Bob Russo, General Manager, PCI Security Standards Council – www.bankinfosecurity.com – 2/18/11 – “Video from the RSA Conference 2011.”

A day makes a difference – Durbin the day after – www.pymnts.com – 2/22/11 – “Thursday marked the latest turn in the extended debate over what role, if any, the government should play in regulating the price that merchants pay for the privilege of receiving retail payments. In the 1860s, this debate focused on state issued bank notes and the discounts that the recipients of a note issued by one bank paid by when they deposited that note in another bank. In the 1910s, this debate focused on the discount fees that paid by recipients of checks issued by one bank when they deposited at another bank. Today, this debate goes by the short-form “Durbin.””

Criminal Hackers Responsible For Most Data Breaches– www.finextra.com – 2/22/11 – “According to the Identity Theft Resource Center, there were at least 662 data breaches in 2010, which exposed more than 16 million records. Nearly two-thirds of breaches exposed Social Security numbers, and 26% involved credit or debit card data.”

Cyber Threats 2011: From Malware to Mobile– www.fsisac.com – 2/22/11 – “Cybercrime continues to show no signs of slowing down. In fact, 2010 marked a year of new threats and increased sophistication in attacks witnessed around the globe. Join the FS-ISAC and RSA, The Security Division of EMC, for a complimentary webcast. WHEN: Wednesday, March 2, 2011 TIME: 1:00pm ET / 10:00am PT”

Trustwave’s Global Security Report – www.trustwave.com – 2/22/11 – “Featuring analysis of more than 220 data breach investigations and more than 2,300 penetration tests conducted by Trustwave's SpiderLabs, the Global Security Report 2011 identifies the top vulnerabilities business encountered in 2010 as well as a list of strategic initiatives to help your business improve its overall security.”

Credit/Debit Card Theft at the Drive-Thru– www.myfoxhouston.com – 2/22/11 – “Police have arrested 21-year-old Dayvon Clement in connection to numerous thefts of credit and debit card numbers in Pearland.”

MasterCard Global Risk Management Conference - The Americas: April 25-29, 2011 in San Diego, CA– www.eiseverywhere.com/ – 2/22/11 – “The MasterCard Global Risk Management Conference Series offers a thought-provoking and informative forum to learn about the latest tools and techniques for minimizing fraud risk and maximizing profitability. Join industry experts and peers in San Diego for the opportunity to share knowledge and best practices on key payment security issues, vulnerabilities and innovative techniques to mitigate fraud.”

Credit Card Skimming – www.keyt.com – 2/22/11 – “Not only are gas prices soaring, but a trip to the gas station may be having another impact on your bank account.”

Financial industry 'target of choice' for cybercrims– www.securecomputing.net.au – 2/21/11 – “Although the $81 billion a year financial and insurance industry was a "target of choice" for cybercriminals, little was known about the scale of crimes perpetrated against it, a report from the Australian Institute of Criminology released today showed.”

Customers Lose Money In Snow Creek Breach– www.kmbc.com – 2/21/11 – “More customers at the Snow Creek Ski Resort said their credit card companies have notified them of problems linked to a system breach at the Weston resort.”

Police on Alert for Credit Card Skimmers– www.myfoxdfw.com – 2/18/11 – “Police in Lewisville are investigating nearly 30 recent cases credit card fraud involving skimmers attached to ATMs.”

Seacoast Bank customers' cards replaced after Fort Pierce ‘skimming' incident – www.tcpalm.com – 2/18/11 – “A few thousand Seacoast National Bank customers have received new credit or debit cards in recent weeks because a handful of them were victims of a "skimming" incident at a Racetrac gas station.”

Feds Arrest 99 For Identity Theft, Card Fraud – www.informationweek.com – 2/18/11 – “Authorities on Wednesday announced the arrest of 99 people as part of an investigation into the Armenian Power organized crime ring, which allegedly scammed, stole, and extorted more than $20 million from its victims.”

30 cases of credit card PIN thefts via 'skimmers' reported in Lewisville– www.star-telegram.com – 2/17/11 – “Lewisville police are investigating about 30 cases in which credit cards were used fraudulently to collect an estimated $13,000 in cash and goods after suspects obtained the information by using "skimmers."”

Credit Card Skimming Network Dismantled in Europe– news.softpedia.com – 2/17/11 – “Romanian authorities have arrested three members of a fraud ring that specialized in credit card counterfeiting and illegal cash withdrawals.”

San Jose: Former airline employee accused of skimming $480,000– www.mercurynews.com – 2/16/11 – “As an American Airlines ticket agent, Micheline Johnson had easy access to other people's credit cards -- so easy, police say, she went on a half-million-dollar shopping spree while working at Mineta San Jose International Airport.”

Visa hopes U.S. will delay debit fee caps– www.reuters.com – 2/16/11 – “Some U.S. lawmakers are close to trying to delay a law slashing debit card processing fees, Visa Inc General Counsel Joshua Floum told Reuters in an interview on Wednesday.”

Debit card skimming reported– www.whistlerquestion.com – 2/16/11 – “Whistler RCMP received a report of debit card skimming last week, with a man reporting that money was stolen from his bank account after he used two ATMs in the Village.”

Armenian gang fraud cost victims at least $20 million, authorities say– latimesblogs.latimes.com – 2/16/11 – “At least 74 reputed members of the Armenian Power organized crime gang were charged Wednesday in a fraud scheme that cost Southern California victims at least $20 million, law enforcement officials said.”

Senate Forms Privacy Subcommittee– www.bankinfosecurity.com – 2/15/11 – “Sen. Al Franken, D-Minn., will head a new subcommittee on privacy, technology and the law, said Sen. Patrick Leahy, D-Vt., who chairs the Senate Judiciary Committee.”

Marketing Through Tokenization Market Insight– www.firstdata.com – 2/15/11 – “Learn how merchants can use non-sensitive tokenized data in their back-end business operations to develop innovative marketing campaigns, create customer loyalty programs, conduct business data analysis, and even assist with loss prevention.”

Multi Million ATM Fraud 2 Frenchmen Arrested– www.ethailand.com – 2/16/11 – “Foreign ATM fraudsters were arrested By Pattaya Police. The victims were found to have lost up to a million Baht each.”

Day's Jewelers statement regarding Maine data breach– www.wcsh6.com – 2/15/11 – “Day's Jewelers recently became aware of possible unauthorized and illegal access to credit and debit card information by third parties. Day's Jewelers cannot release details about the suspected breach because there is an ongoing investigation, according to the Maine State Police Computer Crimes Unit.”

Calling Out Visa’s Hypocrisy – www.nacsonline.com – 2/15/11 – “An op-ed in the February 1 American Banker penned by Visa Chairman and CEO Joe Saunders says that the Federal Reserve’s “proposed rules for implementing the debit provisions” of the financial services reform law “go too far,” and that the rules would create “significant unintended consequences that will harm consumers and the economy.””

Bank of America Says Web Breach Was Tiny– www.onwallstreet.com – 2/15/11 – “Some Bank of America Corp. customers saw other people's transaction details through online banking, a report said, but the company insisted that no fraudulent activity resulted.”

PCI: End-to-end encryption takes store systems out of scope – www. vertmarkets.com – 2/15/11 – “A PA-DSS compliance deadline nearly forced BevMo! into $1M plus in store system upgrades. End-to-end encryption from VeriFone ensured payment security and took the expensive system upgrades off the table.”

Lush customers warned of hacker threat to credit cards– www.heraldsun.com.au – 2/15/11 – “THOUSANDS of Australian online shoppers have been told they may have to cancel their credit cards after a privacy breach of the popular handmade cosmetics store Lush's website.”

Lush pickings for credit thief as site hacked– www.zdnet.com.au – 2/15/11 – “NSW Police is investigating the theft of an unknown number of credit card details from cosmetics retailer Lush after its Australian and New Zealand websites were cracked overnight.”

POS Steering in the Age of Durbin– www.paymentsviews.com – 2/14/11 – “Point of sale (POS) steering isn’t really part of the payments industry dialogue right now as various stakeholders praise, argue, and criticize the proposed Federal Reserve rules on debit card interchange and network routing. But, I think it could be a big part of how things could unfold in the near future.”

RSAC 2011: Data Security Wunderkind: Tokenization – www.thetechherald.com – 2/14/11 – “Tokenization may still be the new kid on the block in the data security technology world, but it’s definitely here to stay. In fact, it just might be the Wunderkind of the data security industry for its ability to lower an organization’s risk posture. It does this by removing sensitive data from applications and databases, which has the added benefit of reducing scope for Payment Card Industry Data Security Standards (PCI DSS) compliance audits.”

VeriFone’s VeriShield Total Protect Integrated with ISD’s Card Data Security Suite– www.verifone.com – 2/10/11 – “VeriFone Systems, Inc. (NYSE: PAY), today announced that ISD Corporation will support VeriShield Total Protect in its existing card data security suite to provide merchants with the advantage of end-to-end encryption and tokenization of card data.”

Investigators: Source of U.B.E. breach outside the country– www2.wnct.com – 2/14/11 – “There's new information about a security breach at a college bookstore in Greenville.”

RBS Hacker's Sentence Too Mild– www.bankinfosecurity.com/ – 2/14/11 – “A Russian court has passed down a suspended sentence with no jail time for one of the hackers involved in the 2009 RBS WorldPay systems heist.”

Cyber security concerns – www.greensheet.com – 2/14/11 – “POS system integrators - companies that install and maintain POS systems - may be creating vulnerabilities that can be exploited by cyber criminals, according to Trustwave's 2011 Global Security Report. The report is based on 200 case investigations, penetration testing and other security research conducted by Trustwave's advanced security team, SpiderLabs, during 2010.”

PCI seeks ISO nominations for advisory board – www.greensheet.com – 2/14/11 – “The PCI Security Standards Council (PCI SSC) is now accepting nominations for election to its board of advisors, and ISOs are encouraged to participate. Bob Russo, General Manager of the PCI SSC, said it is critical that the board of advisors, which helps shape and direct the overarching Payment Card Industry (PCI) Data Security Standard (DSS) and its two complementary standards, reflect the diversity of the global payments system.”

Securing a place for EMV in the USA – www.greensheet.com – 2/14/11 – “Americans take great pride in being leaders. But there is at least one area in which Americans shouldn't be eager to claim leadership: vulnerability to payment card fraud. So, why is the United States so slow to implement chip and PIN technologies to protect against card fraud? It depends on who's asking and who's answering the question.”

PCI Security Standards Council addendum to statement on PA-DSS and mobile payment applications– www.pcisecuritystandards.org – 2/14/11 – “Due to the evolving nature of the payment application landscape, new categories of applications emerge that necessitate regular review of PCI SSC criteria and processes for examining the security of these applications.”

Security breach cases at 100-plus– www.reflector.com – 2/13/11 – “Greenville Police are handling at least 100 complaints so far from East Carolina University students who say they lost money after their accounts were compromised in a recent security breach at the University Book Exchange.”

Fast-food worker arrested in credit card-skimming scam – blogs.chron.com – 2/11/11 – “A worker in a Pearland Jack in the Box has been arrested and accused of stealing customers' credit card information. The employee at the restaurant at FM 518 and Dixie Farm Road used a "skimmer" to read customers' cards.”

Pearland fast-food worker accused of skimming credit cards– www.chron.com – 2/11/11 – “Pearland police arrested a fast-food restaurant employee accused of skimming customers' credit cards that were then used to open new fraudulent accounts.”

Federal Expert Talks About Data Security With The St. Petersburg Times– www.theledger.com – 2/11/11 – “Steven Elefant knows a thing or two about data theft. He was hired in 2009 to pick up the pieces at Heartland Payment Systems after hackers swiped 130 million credit and debit card numbers from the company's computer database. It was the largest data breach in history.”

California stores cannot ask for customer zip codes, court rules– westlawnews.thomson.com – 2/11/11 – “Retail stores may not ask a customer to provide a zip code in the course of a credit card transaction, the California Supreme Court ruled on Thursday.”

Aussie banks expose credit card details – www.zdnet.com.au – 2/11/11 – “Australia's biggest banks are posting credit card numbers in clear view on mailed customer statements in a direct violation of credit card security regulations.”

Broward man charged in Palm Beach Gardens ATM skimming case– www.sun-sentinel.com – 2/10/11 – “Authorities around the world have been pursuing eastern Europeans, in several unrelated groups, who allegedly skim ATMs. Detectives say criminals place a device over the card slot that reads the data stripe and install a hidden camera that records customers entering PINs.”

Some eHarmony user information stolen– news.cnet.com – 2/10/11 – “Online dating site eHarmony is advising some of its customers to change their passwords due to a security breach.”

Tucson Gas Stations Hit by Credit Card 'Skimmers'– www.myfoxphoenix.com – 2/10/11 – “Tucson police are warning drivers about a gang of thieves that has been putting credit card "skimming" devices on gas pumps throughout the city.”

Schwartz On Security: Big Bang Botnets Sometimes Self-Defeating – www.informationweek.com – 2/10/11 – “By most measures, malware and crimeware attacks are getting bigger and bolder. But could their scale also be their undoing?”

Riverside: Scam victimizes pub customers– www.pe.com – 2/10/11 – “At least one computer hacker has stolen credit-card numbers from more than 100 customers of an Irish pub in Riverside and used the information to make purchases in the United States and overseas, police said.”

Case File: Operation Get Rich or Die Tryin'– www.cnbc.com – 2/10/11 – “The Hacker - Miami is a playground for the world’s wealthiest... and for a young hacker aspiring to have it all. Albert Gonzalez once worked for the Secret Service busting other cyber criminals. But, a hacker is always a hacker. Gonzalez forms his own gang with a plan to make millions.”

PCI Mobile Madness: Council Clarifications Not Helping– storefrontbacktalk.com – 2/10/11 – “The intersection of PCI and mobile—an admittedly murky place—is getting more complicated. The PCI Council has pledged that it won’t validate any more mobile applications for quite some time, at least not until it can determine what the best criteria are. Questions have now cropped up about the handful of mobile applications that had already been PCI validated.”

The Global Security Challenge– www.bankinfosecurity.com – 2/9/11 – “Mobile banking, social media, cloud computing. These all are part of the global banking landscape today, and with these innovations come expectations, says Allesandro Moretti of (ISC)2 and UBS Investment Bank.”

Beware of credit card skimmers in NW Tucson– www.kold.com – 2/9/11 – “Oro Valley police have a warning for people who use gas stations in the northwest side town. Several credit card skimming devices have been found in the area.”

Visa Program Encourages Merchant Adoption of EMV Chip as Path Toward Dynamic Authentication – corporate.visa.com – 2/9/11 – “Visa announced today a new Payment Card Industry Data Security Standard (PCI DSS) compliance program that will fuel dynamic data authentication through the continued merchant deployment of EMV-compatible chip terminals capable of processing either contact or both contact and contactless payments.”

Credit card skimmers found at local gas stations– azstarnet.com – 2/9/11 – “Detectives from two police departments, along with federal authorities, are investigating cases of credit card skimming at local gas stations.”

Authorities warn public about credit card skimming devices – www.kgun9.com – 2/9/11 – “The Oro Valley Police Department would like to alert the public of several credit card skimming devices found at some Oro Valley gas stations.”

Viruses on smartphones: security's new frontier– www.telegraph.co.uk – 2/8/11 – “Mobile phones are the new frontier for cyber criminals, according to the latest research from McAfee. That may sound like a scary headline, but as phones have become more sophisticated, so this new development became inevitable.”

Security Risk: Top Hacker Attacks of 2010– vsr.edgl.com – 2/8/11 – “It’s the conversation that no business owner wants to have with one of its customers: “my credit card has some mysterious charges on it, and I believe that they stem from your business.” That’s exactly what happened to Blanca Aldaco, owner of Aldaco’s Mexican Cuisine at Stone Oak in San Antonio, Texas.”

Smart Card Alliance Outlines EMV Roadmap Options for U.S. Payments Industry – www.paymentsnews.com – 2/8/11 – “SmartCardAlliance logo 140pxEMV chip technology and the future of payments in the U.S. are the subjects of a new white paper recently released by the Smart Card Alliance Payments Council. The paper describes the current state of the payments infrastructure in the United States and identifies actions that stakeholders would need to take to move the whole country to EMV.”

Security Risk: Top Hacker Attacks of 2010– vsr.edgl.com – 2/8/11 – “It’s the conversation that no business owner wants to have with one of its customers: “my credit card has some mysterious charges on it, and I believe that they stem from your business.” That’s exactly what happened to Blanca Aldaco, owner of Aldaco’s Mexican Cuisine at Stone Oak in San Antonio, Texas.”

Sensory malware: Android app listens then steals credit card data– blogs.computerworld.com – 2/8/11 – “You are most likely being watched right now without knowing it, but it's the apps on your smartphone that may be tracking your every move. What if an app was listening too, waiting for financial data like your credit card numbers?”

Smart Card Alliance Outlines EMV Roadmap Options for U.S. Payments Industry– www.smartcardalliance.org – 2/7/11 – “EMV chip technology and the future of payments in the United States are the subjects of a new white paper released today from the Smart Card Alliance Payments Council. The paper, ”Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?” describes the current state of the payments infrastructure in the United States and identifies actions that stakeholders would need to take to issue EMV cards, and to accept and process EMV transactions.”

Man charged with skimming hundreds of customer cards at valley smoke shops– www.ktnv.com – 2/7/11 – “A business owner is under arrest after investigators say he skimmed hundreds of his customers credit cards. And they say there could be more victims out there.”

Skimmer Scams Continue in California – www.nacsonline.com – 2/7/11 – “Debit-card skimming has become prevalent in many areas of California, Noozhawk.com reports. Increasingly, unauthorized card readers have been placed inside gasoline pumps by thieves”

ECU students find fraudulent charges on credit cards after security breach at off-campus bookstore– www.dailytarheel.com – 2/7/11 – “A security breach at an off-campus bookstore near East Carolina University has left fraudulent charges on students’ credit cards.”

Caught On Tape: Thieves Swipe Gas Station Credit Card Reader– www.fox2now.com – 2/6/11 – “Two alleged thieves pull off a scam at a St. Louis gas station. It happened Saturday morning at a gas station at Hampton and Berthold. A man came into the convenience store, bought coffee, and paid$20.00 for gas. He went to the gas pump then came back, claiming to have trouble with the pump. When the manager went out to check it, another man who had been standing on the side of the store, apparently swapped out the station's credit card machine with another one. The store caught it all on camera.”

Nasdaq Acknowledges Security Breach – online.wsj.com – 2/6/11 – “Nasdaq acknowledged Saturday it has been the victim of hackers and said it has notified customers about the problem.”

FDLE: Prisoners Stealing Cash From Behind Bars– www.wftv.com – 2/4/11 – “An Orlando man locked up in prison still managed to steal dozens of credit card numbers on the outside, and state agents told WFTV he used his grandmother and other family to cover up the cash. But credit cards are still at risk, because there's a key suspect who's on the run.”

PCI-Council General Manager on Non-Compliance 'Russian Roulette'– www.practicalecommerce.com/– 2/4/11 – “Most merchants prefer the idea of the credit card industry policing itself, versus lawmakers getting involved. PCI Security Standards Council is the industry's attempt to do just that. But how ecommerce merchants become compliant and meet PCI standards is confusing to many, and the penalty for not being compliant is hard to understand, too. We spoke with Bob Russo, general manager of the PCI Security Standards Council, to help sort out these and other questions.”

Multiple arrests made in credit card fraud ring– wwwww.slidellsentry.com. – 2/4/11 – “Louisiana State Police believe a 19-year-old McDonald’s employee from Lacombe was recruited by a criminal network to “skim” credit card numbers from drive-thru customers at the Mandeville restaurant.”

Breach Disclosure: New Laws, Higher Standard– www.bankinfosecurity.com – 2/3/11 – “"I'm seeing some states relying more heavily on encryption and even mandating action," says Philip Alexander, a Wells Fargo Bank Information Security Officer who wrote the 2007 book Data Breach Disclosure Laws - a State by State Perspective, now in its second edition. "In the old days (2003 or 2004) many of the laws focused on 'If you had a breach, were you encrypted?' Some of the new laws now mandate encryption."”

Ring busted for buying Apple goods with fake cards– www.securecomputing.net.au – 2/3/11 – “Twenty seven were indicted for using stolen credit cards to buy from Apple stores. Police busted an identity theft ring that was reselling products bought from the Apple Store with stolen credit cards.”

Visa Providers' PCI Compliance Rises to 82%– www.americanbanker.com – 2/3/11 – “Companies providing payment gateways, loyalty programs and authorization and related services for Visa-branded transactions have improved their compliance.”

Toronto police nab 5 in ATM fraud case– www.cbc.ca/ – 2/3/11 – “Toronto police arrested five men and laid 158 criminal charges in connection with an ATM fraud that may have earned the suspects as much as $280,000 since 2009.”

Ethoca reveals fraudster attack frequency across industries – www.thepaypers.com – 2/2/11 – “US-based fraud management services developer Ethoca has released a study titled Fraud Attacks across Industries. The study determines the frequency and duration of fraudsters attack in the case of one online merchant using the same stolen credit card. According to the study, the preventable proportion of fraud is connected to the frequency at which fraudsters attack more than one merchant.”

State Police arrest six for stealing credit card info from Mandeville McDonald's customers– www.nola.com – 2/2/11 – “A credit card fraud ring allegedly operating out of a McDonald's restaurant in Mandeville used information from dozens of victims to buy more than $50,000 in goods, authorities said Wednesday.”

New Study: Compliance Saves Money– www.bankinfosecurity.com – 2/1/11 – “How expensive is compliance? A new survey finds that security compliance actually reduces long-term expenses.”

Trial Date Set in Debit Card Skimming Case– www.country95.fm – 2/1/11 – “LETHBRIDGE: Houdaifa Benzabe-Meloua has entered pleas of not guilty to charges of credit card fraud, unlawful possession of credit card data and possession of proceeds of crime.”

Two arrested for stealing credit cards in Wildomar– www.instantriverside.com – 2/1/11 – “On Wednesday October 26, 2010 a patrol officer conducted an investigation related to theft of access cards and commercial burglary, in Wildomar. The victim noticed several fraudulent purchases against their account.”

January 2011

Now a password for every credit card transaction over phone– profit.ndtv.com – 1/31/11 – “Credit card usage over phone will need an additional security layer from February 1, as the Reserve Bank of India has made it mandatory for customers to get a single-use password from their banks for every such transaction. Banks are required to comply with the new guidelines with effect from February 1, after which the customers would be declined any telephonic transaction for their credit cards without an additional One-Time Password (OTP).”

CardNET Brings VeriFone’s VeriShield Total Protect to Dominican Republic– www.verifone.com – 1/31/11 – “VeriFone Systems, Inc. today announced that Consorcio de Tarjetas Dominicanas, S.A. (CardNET), the largest card transaction processor in the Dominican Republic, is the first customer in the Latin America and Caribbean region for VeriShield Total Protect secured by RSA. CardNET processes an estimated 80 percent of the total value of card transactions in the country and will utilize VeriShield Total Protect to implement end-to-end encryption of card data. RSA, The Security Division of EMC, and VeriFone in 2010 announced a strategic partnership to market their end-to-end encryption and tokenization solutions as an integrated payment security offering.”

Hackers steal Co-op patrons' personal information– www.dailycampus.com – 1/30/11 – “Falling victim to digital maliciousness, HuskyDirect.com was hacked early last week, leaving credit card numbers and other customer information up for the hacker's grabs. HuskyDirect.com is an official vendor of UConn sports goods that works in cooperation with the UConn Co-op. The site has been taken down, citing on its homepage that it is "undergoing crucial maintenance." The page is not expected to be operational until Co-op officials have confidence the vendor has fixed any problems that left the site vulnerable in the first place. According to the HuskyDirect homepage, it will be at least "a few days" before confidence is restored and the site is resurrected.”

Hamilton Beach Reports Hack; Credit Card Data At Risk– www.darkreading.com – 1/28/11 – “Hamilton Beach Brands disclosed this week that hackers might have stolen information from some customers of its e-commerce sites earlier this month. In a breach disclosure (PDF) sent to the state of New Hampshire, Hamilton Beach said the personal information of 24 of the state's residents could be at risk because of the compromise. The letter does not say how many customers worldwide were affected.”

EBT card account security breached – www.fresnobee.com – 1/28/11 – “Thieves may have accessed the welfare debit-card accounts of hundreds of Californians, including about 140 in Fresno County, welfare officials said Friday. Officials said thieves gained access to card numbers and pass codes statewide to withdraw money earlier this month. Fresno County has replaced about $25,000 in benefits so far, and the total could reach $70,000 or more once all the reported thefts have been validated.”

Police Looking For SunTrust Skimmers– www.wftv.com – 1/28/11 – “Orlando police released surveillance photos Friday of people they believe may be responsible for placing an ATM card skimming device at a SunTrust bank. Orlando police said a man caught on surveillance video is responsible for putting a skimming device on the ATM at the SunTrust Bank on South Kirkman Road (see map). "It upsets me. Of course, even money in the bank, you can take money out of your own bank and you end up losing it. People steal it out of your account," said customer Patrick Maritato. SunTrust managers discovered the skimmer in early January. Police said the suspect got away with 59 card numbers and has fraudulently spent $10,000..”

Skimming device at Terra Linda Chase Bank results in thefts– www.marinij.com – 1/28/11 – “Chase Bank has confirmed that a skimming device attached to an ATM at its Terra Linda branch siphoned money from customers' accounts. Marin Supervisor Susan Adams said she was among those affected. Customers said the perpetrators withdrew money from their accounts just after the Martin Luther King Jr. Day weekend, but the bank declined to provide details about the thefts, citing an active investigation.”

OPD: Card skimmer found at local bank– wdbo.com – 1/28/11 – “A skimming device, which read over 59 card numbers, was discovered at an ATM at a local bank Friday, according to Orlando police. It was found at the SunTrust Bank on South Kirkman Road. Several photos (see them here) of people that may be responsible for the crime were provided to police by a SunTrust official.”

ATM Skimming Device Discovered at Severna Park Bank– edgewater.patch.com – 1/28/11 – “Last Saturday (Jan. 22), police were called to the Bank of America Branch located in the 600 block of Baltimore-Annapolis Blvd. in Severna Park for a recovered ATM skimmer affixed to the ATM machine. Detectives are asking for the public's help in the investigation. According to a police press report, at 5:26 p.m. officers were called to the scene and spoke with a 48-year-old female, who said that she was using the ATM and noticed what appeared to be a fraudulent device attached to the machine.”

The Benefits of Tokenization– paymentspulse.com – 1/28/11 – “While there are many add-on solutions ISOs and acquirers can offer, few are mutually beneficial. Data security solutions create additional revenue streams while reducing liability risks from a data breach. Any businesses not offering some type of data security solution should consider the following from a Ponemon Institute study: average total costs of a data breach reached $6.75 million in 2009 ($204 per customer record) with total costs of a breach ranging from $31 million to $750,000 in 2009.”

Tougher compliance rules will force data security improvements– www.computerweekly.com – 1/28/11 – “Businesses need to raise their game on the security of their web sites, as regulators and industry bodies begin to take a tougher line on compliance, a leading analyst has warned. Graham Titterington, principal analyst at Ovum, said that businesses face a greater likelihood of enforcement action this year, if they lose data, or breach industry security standards. "Proving your security is a non-trivial exercise and involves putting in a whole raft of measures. It's got the attention of the board and caused them to open their wallets," he said in an interview with Computer Weekly.”

Thousands of Five County Credit Union Customers Issued New Cards Following Security Breach– www.myfoxmaine.com – 1/28/11 – “Several thousand customers of Five County Credit Union are getting new debit and credit cards after security breaches involving an unnamed retailer and processing center. Five County says about 3,000 credit and debit card customers are getting new cards because of the breach, which happened with a third party, not the credit union. Several debit cards did have suspicious transactions out of Florida, leading the credit union to shut down and reissue about 2,500 debit cards. There's been no suspicious activity involving credit cards, but the credit union is issuing about 500 new Visa credit cards for similar concerns, as a precaution.”

House Panel to Review Debit Swipe Fee Law – www.nacsonline.com – 1/27/11 – “The battle over debit card swipe fees is not over. Despite President Obama signing into law the financial services bill that directed the Federal Reserve to issue standards for debit card swipe fees, which it did, intense lobbying by the banking industry has opened the door for hearings to review debit card swipe fees, reports The Wall Street Journal. The banking industry’s ultimate goal is to repeal the prevision in the financial services bill, known as the Durbin amendment, that addresses debit card swipe fees.”

Police Investigate Bank Card Breach At Greenville Store – www.witn.com – 1/26/11 – “A number of customers who used their credit and debit card information at one store in the east may want to check their statements after an apparent breach in the system sent credit card information to an unknown location. One of those alleged victims--Kate Ford--says she used her debit card to buy books at the University Book Exchange or U.B.E store in Greenville about two weeks ago. This past weekend she discovered several fraudulent charges on her account..”

PA-DSS ‘Guidance’ for Mobile Apps Likely to Come This Year, PCI Council Says– www.digitaltransactions.net – 1/26/11 – “A freeze on approvals of mobile applications for card acceptance by merchants, announced in November by the PCI Security Standards Council (PCI SSC), will likely be lifted some time before the end of the year. Top officials with the Wakefield, Mass.-based organization tell Digital Transactions News the Council is working on what it calls a “technology evaluation” to craft new validation procedures that more clearly suit the software used by mobile merchants.”

East Metro ATM Skimming Investigation Underway – www.kstp.com – 1/25/11 – “People who use ATM machines may want to take a closer look at their accounts. Both the Oakdale and Woodbury police departments are investigating an ATM skimming case. So far, 25 victims have filed police reports. Police released surveillance photos of the suspects, taken at the US Bank in Oakdale, though the same branch in Woodbury was another target.”

PRC reports data breaches increase in 2010 – www.greensheet.com – 1/24/11 – “Statistics from the Privacy Rights Clearinghouse, a nonprofit consumer organization, reveal a total of 181 data breaches were made public in 2010 by financial services, insurance and retail businesses, with approximately 6.4 million records compromised as a result. The number of reported breaches within these sectors grew from 37 in 2009 to 181 in 2010, although the number of records affected was much higher in 2009 (135.1 million) than in 2010, largely due to the massive data breach reported by Heartland Payment Systems Inc. in 2009.”

Police Investigate Skimming Device– www.theenterprisebulletin.com – 1/23/11 – “Huronia West OPP officers are investigating after a bank customer at a local TD Canada Trust branch reported finding a 'skimming device' at the branch's ATM last week. Police say the customer discovered the device duct-taped to the ATM, and reported it to branch staff. Police say the device was gone when officers showed up to investigate.”

Nearly 500 Victims in Sierra Madre Credit Card Scam as Losses Total More Than $172,000– arcadia.patch.com – 1/23/11 – “Though the number of area residents reporting fraudulent credit card charges from the shuttered EVG Quality Gas station on Baldwin Avenue is beginning to taper off, Sierra Madre Police say they are still receiving reports at a rate of about three to five per day. As of Thursday, Jan. 20, the total number of victims to file claims with the department had risen to 497, Sierra Madre Police Chief Marilyn Diaz told Sierra Madre Patch. The scam is now believed to be the largest ever to hit Sierra Madre.”

Online Durbin Resources– www.paymentsnews.com – 1/21/11 – “If you're trying to think through the implications of proposed Debit Card Interchange and Routing rules, you might want to take a look at the following resources: * Durbin Video. C-SPAN is providing an online video of the Federal Reserve Board of Governors meeting where the draft Durbin rules were first released. After the key provisions are introduced, the Governors' spent most of the meeting probing the staff on the rationale behind the proposed rules. Very interesting. * Durbin Comments. Another great resource to keep your eye on is the industry feedback to the proposed regulations. Final comments are due back to the Federal Reserve by February 22, 2011. In the meantime, it is all posted online as it is received.”

Panda warns of cyber black market– www.securecomputing.net.au – 1/21/11 – “The cyber black market is growing and anyone can get online to take part in illicit activities, a report has found. There are more than 50 dedicated online stores where web users can buy data, ranging from credit card details to logins and passwords, Panda Security has discovered.”

Detectives say Castaic ‘skim’ scheme may have taken from hundreds– www.the-signal.com – 1/21/11 – “More than 100 people who purchased gasoline at a Pilot Travel Center in Castaic may have had their credit- or debit-card information stolen, authorities said Thursday. Detectives believe “skimming” machines, which are used to collect card data from magnetic strips on the backs of the cards, were installed at gas pumps at the popular truck stop on Castaic Road. With these skimming machines, thieves can make clones of a card and use it to withdraw cash from a person’s bank account.”

Tiny camcorder steals information from ATM cards in San Luis Obispo– www.ksby.com – 1/21/11 – “A.T.M.s are full of cash, ready to be easily withdrawn. The problem comes when it's not actually you getting your money. Three out-of-towners were arrested this week in the theft of information from about a hundred A.T.M. cards in San Luis Obispo; it was through skimming devices at Chase Bank on Madonna Road. The suspects withdrew about $58,000 in cash from those cards; they also targeted another A.T.M. machine in Atascadero.”

Lush Cosmetics Data Breach– www.zdnet.com – 1/21/11 – “Lush Cosmetics, a handmade cosmetics company headquartered in Poole, Dorset in the United Kingdom with some 600 locations around the world, has ostensibly been the “victim of hackers” according to a post on their UK version web site http://www.lush.co.uk/ yesterday. Details are in somewhat short supply, but according to the notice posted, there was a successful initial intrusion and repeated subsequent attempts at re-entry.”

First Data’s Security Panel Offers Tips for Protecting Your Business– www.pymnts.com – 1/9/11 – “Seventy percent of all security attacks on retailers are aimed at swiping credit card data, according to RSA Solutions Development Director Robert McMillon. Even more disturbing, McMillon said many of today's solutions for merchants don't work. "You guys kinda suck at data security. I'm happy to be invited here to tell you that," added his co-panelist, Securosis CTO Adrian Lane. "There's a big difference between being compliant and secure."”

VeriFone's VeriShield Protect Powers Chase Paymentech's Safetech Encryption Solution– www.retailsolutionsonline.com – 1/21/11 – “VeriFone Systems, Inc. recently announced that Chase Paymentech has incorporated VeriFone's VeriShield Protect end-to-end encryption service as a component of its newly launched Chase Paymentech Safetech Fraud and Security Solutions. VeriFone's VeriShield Protect is designed and has been proven to help merchants reduce the costs of complying with Payment Card Industry (PCI) requirements and associated security risk by protecting card information and taking key elements of a merchant's payment infrastructure out of scope. VeriFone is working with major processors to support merchant efforts to minimize risk of accepting card payments.”

Skimmers captured ATM info in Oakdale, Woodbury, police say– www.twincities.com – 1/21/11 – “Bank customers in Oakdale and Woodbury might want to check their accounts. Police say skimmers were placed on ATMs in those cities in October, November and December, capturing credit and debit card numbers, which were later used in Colorado. But police don't have much to go on and reports of the card transactions are slow in coming. "Right now we really only have a couple reported to us, which is kind of surprising," said Woodbury Sgt. Sue McMahon.”

Hacker accesses UConn customer database – www.scmagazineus.com – 1/20/11 – “The University of Connecticut (UConn) is warning thousands of customers who bought merchandise at HuskyDirect.com that their credit card numbers and other sensitive information may have been stolen. How many victims? 18,000. What type of personal information? Names, addresses, emails, telephone numbers and credit card information, including expiration dates and security codes. What happened? A hacker gained access to a database containing billing information for HuskyDirect.com. “

Three people arrested in connection with credit card skimming operation at local ATMs– www.ksby.com – 1/20/11 – “Three out-of-towners are behind bars, accused of stealing credit card information from ATM users in San Luis Obispo County. On January 13, officers in San Luis Obispo received word about a credit card skimming operation at the Chase Bank on Madonna Road. The information of at least 100 credit cards was stolen and the suspects withdrew $58,000 in cash. A few days later another ATM machine was compromised in Atascadero .”

Toolkits now used in the majority of cyberattacks – www.securecomputing.net.au – 1/20/11 – “Cybercrime attack "toolkits" have over the past few years become more accessible and are now used in the majority of internet attacks, according to a new report from Symantec. Also called “crimeware", attack toolkits are bundles of malware used to facilitate the launch of attacks against networked computers, according to the report. These kits generally include malicious code for exploiting vulnerabilities in multiple applications and technologies, as well as tools to customise, deploy and launch widespread attacks. Between July 2009 and June 2010, 61 percent of the web-based threat activity detected by Symantec was attributable to such kits, the report states.”

Gamers leave radiology center's data exposed– www.fiercecio.com – 1/19/11 – “A radiology center in New Hampshire suffered a data breach in November, exposing the social security numbers and other personal data of 230,000 people. The culprits, according to Seacoast Radiology, were not cybercrooks in search of credit card numbers or other monetary gain, but gamers in Scandinavia looking for server access to play "Call of Duty: Black Ops," reports Paul McNamara at NetworkWorld.”

Police: Credit card info stolen from over 30 restaurant patrons– www.heraldonline.com – 1/19/11 – “Police hoping to solve more than 30 fraud cases need help identifying two people who used credit card information stolen from a Rock Hill restaurant. Nearly a dozen foreign exchange students at Winthrop University who ate at Michael’s Rock Hill Grille reported unexplained charges on their credit cards in December, said Rock Hill Police Detective Keith Dugan. Since then, more than 30 victims have reported to police that they used credit and debit cards to eat at Michael’s between mid-September and November and their card information was misused without their consent, Dugan said.”

Card-skimming devices found fitted to East Lancashire ATMs– www.lancashiretelegraph.co.uk – 1/19/11 – “Sophisticated card-skimming devices have been discovered at two cash machines in East Lancashire. Police seized the devices from town centre machines, but fear they could have been there for several days before they were spotted. One of the scams was at Lloyds TSB in Church Street, Clitheroe and another at Barclays Bank, in Church Street, Colne.”

Hackers Charged In iPad Security Breach– www.ibtimes.com – 1/19/11 – “Two hackers have been arrested in connection with hacking into AT&T's database of email addresses connected with the Apple iPads. Andrew Auernheimer and Daniel Spitler were charged with conspiracy to access a computer without authorization and fraud in connection with personal information. Both are federal crimes and could mean prison for either or both defendants. Auernheimer was arrested previously on June 15 in Arkansas on drug charges, though they have nothing to do with this complaint.”

the world in the coming year.”

Attorney General Investigating UConn Bookstore Security Breach– mansfield.patch.com – 1/18/11 – “Connecticut Attorney General George Jepsen is investigating a recent security data breach affecting University of Connecticut Co-op consumers. Jepsen wants specific information by Thursday on the number of customers affected, what information was taken or lost, and what the Co-op is going to identify the hacker, according to a news release from Jepsen’s office.”

Skimmers attached, removed from area ATMs within hours by accused schemers (video)– pottsmerc.com – 1/18/11 – “Bank surveillance video showed the automated teller machine skimmer suspects arrested recently in Lower Providence typically planted devices on ATMs for less than three hours before returning to retrieve them, according to court papers. Five Bulgarian men — Dimitar Tanchev, 28, Dragomir Lipov, 26, Ismail Misankov, 31, Dimcho Vasilev, 30, and Krasimir Uzunov, 47 — were taken into custody Dec. 23 at Homewood Suites in Audubon. During a search of their hotel rooms, skimming devices and other items allegedly related to the fraud scheme were discovered.”

Chase Paymentech Launches Safetech Fraud and Security Solutions – www.businesswire.com – 1/18/11 – “Chase Paymentech, a leading merchant acquirer and payment processor, announces the launch of Safetech™ Fraud and Security Solutions. This suite of services deployed separately or as a group, will ultimately protect merchants and their customers from the increasing risks associated with global online fraud and data breaches at the point of sale. The Safetech suite today includes Safetech Fraud Tools and Safetech Encryption. In the coming months, additional solutions will be introduced in response to the needs of Chase Paymentech’s broad and growing client base.

Telecom NZ data breached by rival: report– www.zdnet.com.au – 1/18/11 – “New Zealand's Herald on Sunday reported that a Telecom NZ dealer had leaked log-in information to telco rival Slingshot. The rival's telemarketer, Power Marketing Limited, allegedly then gained access to Telecom NZ's Wireline customer database using the details.”

Cigarette sales lead police to stolen credit card– www.brandonsun.com – 1/17/11 – “A man selling under-the-table cigarettes at at Dauphin bar led police to a second suspect after they caught him allegedly dumping ID and credit cards during the investigation. Police were initially called to a bar in a Dauphin hotel on Friday because a man was allegedly selling cigarettes to other patrons.”

Hacker breaches security at Pentagon Federal Credit Union– www.washingtonpost.com – 1/17/11 – “Members of a credit union that serves active-duty military personnel and others connected to the Pentagon are at risk for identity theft after a laptop was hacked, exposing the personal and financial records of an undisclosed number of troops and their families. The Pentagon Federal Credit Union, or PenFed, the Alexandria-based institution that serves the military and other government agencies, mailed a letter to customers in early January alerting them to the security breach, which was discovered Dec. 12. PenFed would not comment on how many customers were notified.”

Belgian debit card users blocked from making non-EU transactions– www.infosecurity-magazine.com – 1/17/11 – “According to weekend news reports, the limitations, which started today, are the direct result of the high levels of fraud relating to transactions made outside of the European Union. Vincent van Quickenborne, the Belgian Minister of Finance, is quoted as saying the lockdown is not fixed, and that Maestro cardholders wishing to make transactions outside of Europe can request that their bank lift the block.”

Five arrested in ATM fraud case, with victims in Springfield Township– www.montgomerynews.com – 1/17/11 – “Five men originally from Bulgaria have been arrested and charged with using “skimmer” devices on ATM machines at several Citizens Bank and Wells Fargo Ban branches in Springfield, Lower Providence and Lower Merion townships in Montgomery County as well as West Whiteland Township in Chester County, according to the Montgomery County District Attorney’s Office. The five are accused of stealing bank customers’ information to make withdrawals from the victims’ accounts between Oct. 1 and Dec. 23, 2010, the DA’s office said.”

Skimming Fight: New Tech a Must– www.bankinfosecurity.com/ – 1/17/11 – “Card fraud will increase in 2011, says Avivah Litan, Gartner Research vice president and distinguished analyst. Skimming attacks will be more sophisticated and globally coordinated. "Flash attacks," which rely on coordinated, often international, efforts to simultaneously withdraw funds from multiple ATMs, are just the beginning.”

5 charged with ATM 'skimming' – www.phillyburbs.com – 1/16/11 – “Montgomery County authorities have charged five Bulgarian nationals with stealing $134,500 from 143 people who had used ATM machines where the thieves had installed "skimmers" and cameras to capture the victims' card information and PINs. "These guys were running a business of stealing money from other people," said District Attorney Risa Vetri Ferman, noting that the thefts occurred during a three-month period from October to December.”

PCI Security Standards Council Names Eduardo Perez As Chairperson– www.pcisecuritystandards.org – 1/12/11 – “The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS) today announced that Eduardo Perez, head of global payment system security, Visa Inc., has been appointed as chairperson of the PCI Security Standards Council for the 2011 term."

Vodafone sacks staff over alleged security breach– www.securecomputing.net.au – 1/14/11 – “Vodafone Hutchison Australia said it has sacked an undisclosed number of staff after weekend reports that unauthorised parties had obtained log-in details to the telco's customer database. In a statement, the chief executive Nigel Dews said that the incident had also been referred to the NSW Police, although an internal investigation and IT security review was still ongoing.”

Will the GOP attempt to repeal Dodd-Frank? – www.pymnts.com – 1/14/11 – “When Republicans swept into power in the House of Representatives in last fall's election, many wondered if the power change might impact the recently signed Dodd-Frank financial overhaul legislation. It now appears we may have an answer. The new Republican head of the House Financial Services Committee told CNBC Thursday that "we'll go piece by piece-provision by provision" through the Dodd-Frank.”

Pentagon's credit union hacked – www.msnbc.msn.com – 1/13/11 – “A security breach at the Pentagon's official credit union has exposed the personal and financial records of members of the U.S. military and their families, putting hundreds of thousands of people at risk for identity theft.”

Person sought in connection to ATM card skimmer– www.mysuncoast.com – 1/13/11 – “Police are looking for help locating a person believed to have installed a card skimming device on a Sarasota ATM. The ATM in question is at the Bank of America branch on the corner of Fruitville Road and Lockwood Ridge Road.”

Caught on Camera! New Pictures of Bank Skimmer Suspect– www.keprtv.com – 1/13/11 – “KEPR Action News is following up on a story we broke months ago. We now have pictures of the man suspected of skimming bank cards, and stealing $6,205 from a Chase Bank in South Richland back in October. In the pictures, the man's wearing sweatpants, a white shirt, glasses and a black cap that read "No Pain, No Gain." Richland Police said the guy's in his mid-40s, 5'8" and 150 pounds. There's only one problem: "I don't know who the individual is," Richland Police Captain Mike Cobb said.”

First Data, NRF Release Small Business Data Security Study – www.nacsonline.com – 1/13/11 – “Earlier this week, the National Retail Federation and First Data Corporation released results from a joint study of data security and fraud prevention strategies practiced at small to mid-sized retailers, those whose annual sales are typically less than $100,000.”

McKeever's Price Chopper is First to Market With WorldPay's End-to-End Encryption Solution– www.prnewswire.com – 1/12/11 – “WorldPay, a global leader in card payments, today announced that McKeever's Price Chopper, a leading Midwestern grocery store chain, is the first merchant to implement the WorldPay End-to-End Encryption (E2EE) Solution. McKeever's Price Chopper has begun piloting WorldPay E2EE and, upon completion of the pilot, will roll out the solution to all of its stores. ”

Chinese auction site pulls plug on hacked iTunes accounts– www.securecomputing.net.au – 1/12/11 – “Chinese auction site Taobao say it has removed the 50,000 hacked iTunes accounts that were available for as little as 1 yuan (15 cents). As reported earlier this week, China's internet users were able to buy hacked accounts on Taobao, with the illegal passwords providing access to accounts that could be used to download music, video or apps.”

Hacker targets UConn store– financial.tmcnet.com – 1/12/11 – “(The Day - McClatchy-Tribune Information Services via COMTEX) -- A computer hacker accessed the customer database of HuskyDirect.com, a website that sells sports paraphernalia from the UConn Co-op, prompting the store to order the vendor that manages the site to take it down.”

Infected PC Compromises Pentagon Credit Union– threatpost.com – 1/12/11 – “The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers.”

Malware on Laptop Caused Security Breach at PenFed– www.depositaccounts.com – 1/11/11 – “PenFed had a laptop infected with malware that permitted unauthorized access to a database containing personal data of certain members. The security breach appeared to only affect PenFed members with credit cards. Fatwallet members with Amex and Visa credit cards reported being issued new credit cards with new numbers. Letters to affected members were supposedly sent on January 4th.”

Is VHA a security penny-pincher?– www.zdnet.com.au – 1/11/11 – “The telco is facing the grim prospect that either an internal staff member or a dealer may have sold access details to its customer database. The details include names, addresses, driver licence numbers and phone records and were used in blackmail, according to Fairfax newspapers.”

UConn Customer Database Hacked – www.nbcconnecticut.com – 1/11/11 – “UConn is warning thousands of customers who bought items on it's HuskyDirect.com website that their personal information may have been exposed in a data security breach. A hacker obtained access to the HuskyDirect.com database containing billing information for 18,000 customers. The website is used by people to buy sports gear from the UConn Co-op.”

EMV in the USA: Waiting on Debit, a Mandate, or Just the Opportune Moment– www.mercatoradvisorygroup.com – 1/11/11 – “Payment card security shortcomings still make headlines because card data breaches continue to plague the industry. EMV (a.k.a. Europay, MasterCard and VISA) is the smartcard-based technology the payment card networks have chosen as the best defense at the payment perimeter, the POS terminal. EMV has been deployed in most markets except the world's largest card market: the USA. This new report from Mercator examines the questions "why not" and "when" for EMV.”

Two men sentenced in Northern California gas skimming scam– www.mercurynews.com – 1/11/11 – “Two men who stole $90,000 and the identity of nearly 200 people throughout Northern California using sophisticated devices that were placed inside gas pump payment machines were sentenced to prison Tuesday morning, the California Attorney General's Office said. David Karapetyan, 32, pleaded guilty to 37 felony counts of conspiracy and identity theft and received a seven-year prison sentence. Zhirayr Zamanyan, 31, pleaded guilty to five felony counts of the same crimes and was sentenced to five years in prison.”

BevMo! Retail Chain Reduces PCI Scope With VeriFone's VeriShield Protect– www.retailsolutionsonline.com – 1/11/11 – “VeriFone Systems, Inc. (NRF 2011 - Booth 659), recently announced that Beverages and more! (BevMo!), the leading alcoholic beverage-lifestyle specialty retailer in the western United States, had successfully reduced the scope of its PCI compliance requirements through the implementation of the VeriShield Protect end-to-end encryption solution.”

Half Hitch Tackle customers hit by security breach– www.newsherald.com – 1/10/11 – “More than 120 cases of credit card fraud associated with a security breach at Half Hitch Tackle have been reported to Bay County Sheriff’s Office, and the reports are still coming in. All of the cases have one thing in common: The victims were customers of Half Hitch Tackle.”

Privacy Commissioner investigates alleged Vodafone breach– www.securecomputing.net.au – 1/10/11 – “The Australian Privacy Commissioner has announced an investigation into allegations that Vodafone put customers' personal details, billing and call records at risk. Commissioner Timothy Pilgrim initiated the investigation today, following reports that unauthorised parties had obtained log-in details to Vodafone's customer database.”

iTunes account details on sale for 15 cents in China– www.securecomputing.net.au – 1/10/11 – “Hacked iTunes accounts are available for sale for as little as 15 cents on China's leading online shopping site, according to reports, with credit card numbers visible to anyone buying the dodgy details. The state-run Global Times said that 50,000 illegal accounts were up for grabs on the Taobao website, with buyers promised the ability to buy music, video or apps.”

Australia probes potential data breach involving four million Vodafone customers– www.infosecurity-us.com – 1/10/11 – “Access to personal information on four million Vodafone Australia customers – including names, addresses, driver’s licenses, and credit card numbers – on a website for dealers was provided to unathorized individuals, according to a report by the Sydney Morning Herald. The website is only supposed to be accessible by dealers using IDs and passwords. Apparently, this information has been made available to non-authorized parties, according to the report.”

Vodafone mobile records leaked – www.smh.com.au – 1/9/11 – “THE personal details of millions of Vodafone customers, including names, home addresses, driver's licence numbers and credit card details, have been available on the web in what is described as an ''unbelievable'' lapse in security by the mobile phone giant. The Sunday Age is aware of criminal groups paying for the private details of some Vodafone customers to blackmail them.”

Vodafone mobile records leaked onto the internet– www.heraldsun.com.au – 1/9/11 – “ANGRY Vodafone users have been left languishing on hold for more than an hour today as the telco struggles to deal with its latest PR disaster. Thousands of users have flooded the carrier with inquiries after it was revealed personal details of millions of customers had been made available on the web. The details include names, home addresses, driver's licence numbers and credit card details. After a one-hour and 10 minute wait, an operator told the Herald Sun, they had been inundated. "We have had a lot of calls in queue this morning,'' the operator said. "Customers are calling regarding network and troubleshooting issues.''”

Visa Commits to a Two-Tier Debit Card Interchange Structure– www.digitaltransactions.net – 1/7/11 – “In an apparent effort to calm its smaller debit card issuers, Visa Inc. says it will develop a two-tier interchange schedule, one with regulated rates arising from the Dodd-Frank financial-reform law and the other with unregulated rates applicable to banks and credit unions with fewer than $10 billion in assets."We have said that we will support a two-tiered debit interchange structure," a Visa spokesperson said late Friday in a statement.”

ITRC Calls for Universal Data Breach Reporting– www.esecurityplanet.com – 1/7/11 – “A total of 662 significant data breaches were reported in the U.S. in 2010, up 33 percent from 2009, but that's probably only the tip of the iceberg, according to a new report from theIdentity Theft Resource Center (ITRC). While this sharp increase is both disturbing and costly, ITRC officials said the bigger concern is the fact that there's currently no centralized, publicly available data breach reporting site or repository available to consumers or businesses that want to ascertain exactly how much and what type of data has been compromised in these ever-increasing breaches.”

India Extends Mobile Security Deadline– www.americanbanker.com – 1/6/11 – “The Reserve Bank of India has changed to Feb. 1 the deadline it had set for banks in the country to add a second layer of security to credit card transactions conducted over mobile phones. The central bank had announced on Dec. 24 that all credit-card holders in India must enter a passcode whenever they make a transaction by phone, including those using automated interactive voice-response systems, starting Jan. 1. It initiated the policy as a safeguard against credit card fraud.”

Hacked iTunes accounts auctioned on China's eBay– www.infosecurity-us.com – 1/6/11 – “Cybercriminals have illegally obtained iTunes user accounts and are auctioning them on taobao.com, China’s largest online store. The criminals are offering interested parties the opportunity to buy $200 worth of digital products from iTunes for prices ranging up to $30, according to a report by the Global Times newspaper. The only restriction: buyers have to make their purchases within 24 hours of the taobao.com transaction.”

Credit card skimmer sentenced – gregorydevans.com – 1/5/11 – “Several diners at the Sharonville Ruby Tuesday restaurant who were waited on by Julian Montgomery in the fall of 2009 gave him – unknown to them – more than a tip. Montgomery, 31, was a waiter at the restaurant and would steal credit card information from some diners and sell it to others who ran up tens of thousands of dollars in illegal charges. Josh Jacobs, 33, and a co-worker were visiting a professor at the College of Mount St. Joseph on Nov. 21, 2009. On their trip home to Urbana, where both men work, they stopped to eat at the Ruby Tuesday and were waited on by Montgomery. Jacobs used his credit card to pay for their meals.”

RaceTrac says it checks often for card-skimmers– www.floridatoday.com – 1/7/11 – “After hundreds of customers had their credit and debit card numbers stolen at a Melbourne gas station last month, representatives from RaceTrac said it's customary for workers to conduct regular checks of the gas pumps for foreign devices like credit card skimmers.”

iTunes warning as thousands of fraudulent accounts are auctioned online– www.computerweekly.com – 1/7/11 – “Thousands of fraudulent iTunes accounts are being sold on a Chinese online auction site, according to China's Global Times. It is not clear whether the accounts have been hacked and stolen or set up using stolen or fake credentials linked to stolen credit cards.”

Scot linked to bank card fraud after Thai arrests– news.scotsman.com – 1/7/11 – “A SCOTS crime boss has been linked to an international fraud gang uncovered in Thailand. Two Romanians have been charged after police discovered hundreds of counterfeit ATM cards in their Bangkok hotel room - some believed to have been cloned in Scotland - which had been used to steal cash.”

Visa targets cross-border card fraud– www.securecomputing.net.au – 1/7/11– “Visa has upgraded the operating system powering its global transaction authorisation platform in a bid to identify potentially fraudulent payments faster.”

The Durbin Amendment Deconstructed A two-part webinar series– www.electran.org – 1/6/11 – “Learn How You Can Influence the Final Regulations. Part 1-Federal Reserve Board Proposed Regulations Date: Friday, January 14, 2011 Time: 1:00 PM -2:30 PM EDT”

Security Breach at Pentagon Federal Credit Union– www.esecurityplanet.com – 1/6/11 – “Personal and credit information was recently stolen from the Pentagon Federal Credit Union (PenFed) after a laptop was infected with malware.”

Secret Service Search for Sierra Madre 'Skimming' Suspect– laist.com – 1/6/11 – “More than 280 people have come forward as victims of credit or debit card fraud, and the cases are linked to a likely "skimming" case stemming from one now-shuttered Sierra Madre gas station. Authorities have released a photo of someone they say is a "person of interest" in the case, after he withdrew money from an ATM in Montebello using a card created with information obtained from the gas station, according to the Daily News.”

600 Fall Victim To Single Credit Card Skimmer– www.wesh.com – 1/6/11 – “State authorities say crooks swiped hundreds of credit card numbers at a Melbourne gas station through a sophisticated skimming operation.”

Credit-card skimmer found in Melbourne gas pump – www.floridatoday.com – 1/6/11 – “Hundreds of credit card numbers were compromised at a Melbourne gas station after a credit card skimmer was hidden inside a rigged pump last month. Police found the skimmer -- attached with Velcro -- at the RaceTrac at 4641 W. Eau Gallie Blvd. after getting complaints of fraudulent credit and debit card charges.”

Secrets of a former credit card thief – www.foxbusiness.com – 1/6/11 – “We've all heard the standard tips aboutpreventing identity theft and credit card fraud. But what would a real identitythief tell you if he had the chance? Dan DeFelippi, who was convicted of creditcard fraud and ID theft in 2004, says simply this: You can't be too careful.”

Chinese auction site sells thousands of stolen iTunes accounts – nakedsecurity.sophos.com – 1/6/11 – “50,000 stolen iTunes accounts linked to stolen credit cards are being sold on a Chinese auction site, according to a report from the BBC.”

Inter-state gang of cyber fraudsters busted in J&K – www.dnaindia.com – 1/5/11 – “With the arrest of four persons — two Kashmiris and Mumbaikars each — in Srinagar, Jammu and Kashmir (J&K) Police claimed on Tuesday to have busted an inter-state, or possibly international, gang of cyber fraudsters. Fraud kingpin Sumear Sheikh of Mumbai and a Nigerian accused are, however, absconding. A J&K Police team is on its way to the metropolis to arrest them.”

Credit card 'skimmer' sentenced – m.cincinnati.com. – 1/5/11 – “Several diners at the Sharonville Ruby Tuesday restaurant who were waited on by Julian Montgomery in the fall of 2009 gave him - unknown to them - more than a tip. Montgomery, 31, was a waiter at the restaurant and would steal credit card information from some diners and sell it to others who ran up tens of thousands of dollars in illegal charges.”

Sierra Madre gas station skimmer nets $62K – abclocal.go.com/ – 1/4/11 – “More than 200 customers who used credit cards at a Sierra Madre gas station claim they're victims of identity theft. They charged gas at the EVG station at Baldwin Ave. and Suffolk Ave. Police say they've been hit with about $62,000 in fake charges.”

Cops Warn Against Gas Station Card Skimmers – www.wftv.com – 1/4/11 – “Clermont police said they are investigating a sneaky credit card skimmer. Police said the crooks are putting devices inside gas pumps all over the city. The investigation started when victims noticed irregularities on their credit card statements. Police said there have been nearly a dozen victims, and all of them said they used their debit cards at a gas station.”

Hackers, Insiders Behind Most Identity Theft – www.informationweek.com – 1/4/11 – Data breaches continue to plague businesses. According to the Identity Theft Resource Center (ITRC), in 2010, there were at least 662 data breaches, exposing more than 16 million records. Nearly two-thirds of breaches exposed people's social security numbers, and 26% of breaches involved credit or debit card data.”

Upgrading Your POS is Not Enough! – www.nacsonline.com – 1/4/11 – “Reducing your company’s exposure and risk to data breach is a complex and ongoing task. Criminals are increasingly using sophisticated approaches to exploit even certified POS systems. In fact, a certified POS without protections in the surrounding data environment are just as vulnerable as non-compliant systems!”

Credit Card Fraud Cases Linked to Half Hitch Tackle– www.panhandleparade.com – 1/3/11 – “Bay County Sheriff Frank McKeithen issued an update today in the investigation regarding the fraudulent use of debit and credit cards from multiple area credit unions and banks.”