IPayments Forum


Security, Risk & Compliance

Anthem Breach May Have Started in April 2014; KrebsonSecurity

Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion.   (Read More)


Lessons from an erroneous fraud alert; CreditCards.com

As I swiped my credit card to pay for $750 in groceries on a four-day church beach retreat two states away, I envisioned all the rewards points going onto my new Bank of America Visa card -- it pays 2 percent cash back on purchases made at grocery stores. My church would reimburse me for the groceries and I could treat myself to a meal out with the $15 cash back. It would be a small, but appreciated, compensation for several days of cooking and sleep deprivation with teenagers.   (Read More) 

Capital One's Well-Designed "Suspicious Activity" Email Alert; netbanker

I've used Capital One's credit card fairly actively for the past 4 or 5 years. And they've rarely, if ever, declined a charge (and there has never been any fraud on the card). The last fraud message I can find in my email was in December 2011 (see last screenshot). But apparently our travel combined with extra holiday spending finally caused the banks' fraud system to flag our account, rejecting a $100+ Target purchase a few days after Christmas.     (Read More)

PayGate Introduces Enhanced Online Fraud Protection in Global Partnership; Payments Afrika

E-commerce payment services provider PayGate says its new partnership with global fraud prevention company ReD, an ACI Worldwide company, will give added protection to South African online merchants.     (Read More) 

Mobile Payments Security Depends on a Complicated Chain; PaymentsSource

Following the disclosure by a name brand retailer that their point-of-sale (POS) system had been breached, shoppers outside one of the retailer’s brick and mortar locations unanimously told a television reporter that cash was the safest way to pay in-person.   (Read More)

Mobile payment processor hacked; The Hill

A breach revealed Tuesday has exposed the vulnerabilities of yet another link in the electronic payment process.   (Read More) 

Bebe Stores Confirms Credit Card Breach; KrebsonSecurity

In a statement released this morning, women’s clothier chain bebe stores inc. confirmed news first reported on this blog Thursday: That hackers had stolen customer card data from stores across the country in a breach that persisted for several weeks last month.  (Read More)

Banks’ Lawsuits Against Target for Losses Related to Hacking Can Continue; Bits

A federal judge on Tuesday handed an early victory to banks in their effort to recoup losses from a major breach last year at Target. More than 40 million credit cards were compromised in the incident.  (Read More)

New wave of credit card fraudsters opt for in-store pickup option; ars technica

Walmart and other retailers who allow in-store pickup of Web purchases are being targeted by cybercriminals using credit card breach data, according to security researchers. Credit card breaches are the gift that keeps on givingundefinedto Eastern European cybercriminals, at least. Taking advantage of the loosened security that comes with the holiday gift-buying rush, recent traffic on underground card fraud websites indicates that payment card fraud rings are using data from major retail system breaches in a campaign of fraudulent online purchases.  (Read More) 

FinCEN Releases Statement Encouraging Banks to Offer Services to Money Service Businesses (MSBs); Perkinscoie

In what may be good news for emerging virtual currency companies and emerging payments companies, the Financial Crimes Enforcement Network (“FinCEN”) released a public statement yesterday regarding the willingness of banks to offer accounts to Money Service Businesses (“MSBs”).     (Read More)

CFPB Proposes Strong Federal Protections for Prepaid Products; CFPB

Today the Consumer Financial Protection Bureau (CFPB) is proposing strong, new federal consumer protections for the prepaid market. The proposal would require prepaid companies to limit consumers’ losses when funds are stolen or cards are lost, investigate and resolve errors, provide easy and free access to account information, and adhere to credit card protections if a credit product is offered in connection with a prepaid account. The Bureau is also proposing new “Know Before You Owe” prepaid disclosures that would provide consumers with clear information about the costs and risks of prepaid products upfront.   (Read More)

Prepaid products: New disclosures to help you compare options; CFPB

Last March, we asked you to comment on possible prepaid card disclosures. Thanks to your feedback and additional consumer testing, today we’re proposing new disclosure requirements that consumers would receive before deciding to open a prepaid account.   (Read More)     

FACT SHEET: Safeguarding Consumers’ Financial Security; Press Release

The President is signing a new Executive Order directing the government to lead by example in securing transactions and sensitive data.  The new BuySecure Initiative will provide consumers with more tools to secure their financial future by assisting victims of identity theft, improving the Government’s payment security as a customer and a provider, and accelerating the transition to stronger security technologies and the development of next-generation payment security tools.   (Read More

NRF Applauds Executive Action on Data Security; Press Release

The National Retail Federation issued the following statement today from President and CEO Matthew Shay, who was present for a White House announcement regarding data and payment security:      (Read More) 

Home Depot Confirms Breach, Says PIN Numbers Safe; FOX Business

Home Depot (HD) confirmed that its payment data systems were breached, although the number of credit cards exposed by the hack remains uncertain.  (Read More)

Banks: How to Stop POS Breaches; Bank Info Security

While U.S. banks and credit unions scramble to connect the dots in the suspected payment card breach at building-supply retailer Home Depot, experts say more financial institutions are taking proactive steps to help merchants mitigate their risk of cyber-attacks.  (Read More)

Millions of Gmail Users Victims of Latest Password Heist; Tech News World   

The epidemic of username and password thefts could be curtailed if service providers were willing to impose the inconvenience of tighter security requirements on their customers.  (Read More)    

Touch ID in iOS 8: Explained; iMore

Touch ID is the name of Apple's personal fingerprint identity sensor. It's what currently lets you authenticate yourself to unlock your iPhone 5s and authorize iTunes and App Store purchases on your account. With iOS 8, Apple is making an application programming interface (API) available to developers as well so everything from your password manager to banking service to private photo vault can be both secure and convenient. But how's it going to work?  (Read More)

U.S. Finds ‘Backoff’ Hacker Tool Is Widespread; Bits

More than 1,000 American businesses have been affected by the cyberattack that hit the in-store cash register systems at Target, Supervalu and most recently UPS Stores, the Department of Homeland Security said in an advisory released on Friday.  (Read More)     

Countering Operation Choke Point, Acquirers Canceled 10,000 Fraudulent Merchants; Digital Transactions

Seeking to contrast the merchant-acquiring industry’s actual practices with the impression created by the government’s Operation Choke Point that acquirers turn a blind eye to shady merchants, the industry’s leading trade group on Monday said its members last year discharged more than 10,000 merchants for fraud.  (Read More)

Globally 3 in 10 Consumers Don't Trust Retailers With Securing Their Data; Press Release

A global fraud study of more than 6,100 consumers across 20 countries revealed distrust among global consumers in retailers to protect their data.  (Read More)

Card Breach at Goodwill Industries; KrebsonSecurity

Heads up, bargain shoppers: Financial institutions across the country report that they are tracking what appears to be a series of credit card breaches involving Goodwill locations nationwide. For its part, Goodwill Industries International Inc. says it is working with the U.S. Secret Service on an investigation into these reports.  (Read More) 

Mobile Money Fraud Rampant in Kenya; payments afrika

Cybercrime is on the rise in Kenya and one of the most affected areas is mobile money, according to a report launched by Serianu and the Telecommunication Service Providers Association of Kenya.   (Read More)

US restaurant chain PF Chang's investigates possible data breach; Finextra

US restaurant chain PF Chang's China Bistro has confirmed that is investigating a data breach that may have seen customer card details stolen.   (Read More)

Consumers Vote with their Wallets: Hold Breached Organizations Accountable; payments afrika

Years of complacency among businesses and indifference among consumers regarding data breaches were effectively shattered in 2013. In the same year as one of the largest data breaches in history, the misuse of breached consumer data hit a record high, raising the issue of data breaches into the public consciousness.   (Read More) 

Risk-Scoring Mandate Pushes Banks to Rethink Vendor Choices. American Banker

One of the hardest-to-execute yet least-discussed elements of regulators' heightened scrutiny of banks' vendor relationships is the expectation that banks must now risk-score their vendors.  (Read More)

eBay suffers a cyberattack; Internet Retailer

EBay is asking users to change passwords to increase security, and a new study shows most e-retailers are not strict enough with password requirements and could be putting consumer data at risk.  (Read More)

China to vet incoming tech products and services over security fears; GIGAOM

U.S. vendors are not explicitly called out, but there’s little doubt that China’s newly-announced vetting program is part of a trend that will hurt U.S. companies trying to sell into the country.  (Read More)

How Target’s Huge Hacking Could Finally Make Credit Cards Secure; Wired

Checkout counters in the U.S. are an embarrassing technological backwater compared to those in most other developed countries, but this may finally be coming to an end. All it took was somebody hacking 40 million credit and debit cards.  (Read More)

The Risks of Mobile Deposit; Credit Union Times

As smartphones and other mobile devices become the norm to hold conference calls, send highly sensitive emails, shop online and more, mobile banking via these devices has also dramatically increased in popularity. With many banks offering mobile apps, it has become fairly easy and common for consumers to scan checks with their mobile devices, and simultaneously deposit that check into their bank account without ever visiting an ATM or bank branch. This unprecedented convenience has led to a series of risks, ranging from outright fraud to unintended errors.  (Read More)     

CUNA: New data breach shows need for improved merchant security standards; CUNA

A data breach at Michaels Stores and associated business Aaron Brothers may have impacted 2.6 million cardholders, the arts and crafts retailer confirmed late last week.   (Read More) 

Heartbleed's Never-Ending Drip, Drip, Drip; E-commerce Times

It's going to take a while to clean up Heartbleed's bloody mess. "If history is any lesson, when Internet-scale vulnerabilities are announced that require firmware updates, we can count on a persistently vulnerable population of devices," said Easy Solutions CTO Daniel Ingevaldson. "This population may stay vulnerable for years, or until these devices become obsolete and are replaced."   (Read More) 

Hackers Lurking in Vents and Soda Machines; The New York Times

Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.  (Read More)

Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping; ars technica

Researchers have discovered an extremely critical defect in the cryptographic software library an estimated two-thirds of Web servers use to identify themselves to end users and prevent the eavesdropping of passwords, banking credentials, and other sensitive data.  (Read More)

Kaspersky Lab Study: About One Third of All Phishing Attacks Aimed at Online Financial Institutions; The Wall Street Journal

Kaspersky Lab today released results from the study, Financial Cyber Threats in 2013 , which found that about one third (31.45 percent) of phishing attacks targeted online financial institutions including, banks, online stores and e-payment systems.  (Read More) 

ZIP Codes Show Extent of Sally Beauty Breach; KrebsonSecurity

Earlier this month, beauty products chain Sally Beauty acknowledged that a hacker break-in compromised fewer than 25,000 customer credit and debit cards. My previous reporting indicated that the true size of the breach was at least ten times larger. The analysis published in this post suggests that the Sally Beauty breach may have impacted virtually all 2,600+ Sally Beauty locations nationwide.   (Read More)

The biggest barrier to entry to banking is the regulator; Finanial Services Club Blog

I’m just preparing a presentation in Canada and realised that, like most countries, the competitive landscape of Canadian banking has not changed much in the last century.   (Read More) 

Mothballs for XP raises security concerns for ATM ISOs; The Green Sheet

ISOs that service and support ATMs face a dilemma come April 2014, when Microsoft Corp. discontinues support for the Windows XP operating system. Without support for the operating system on which most of the 420,000 ATMs in the United States run, ISOs that fail to migrate ATMs to the newer Windows 7 may face increasing fraud risks on those ATMs.  (Read More)

The Brighter Side Of Breaches? ISO&AGENT

No one ever wishes for a data breach. But payments companies see a silver lining in the widespread publicity devoted to the holiday breaches at Target and Nieman Marcus.  (Read More)

Leading the charge on card data security; The Green Sheet

It's time for the industry to get fully behind a card security regimen that benefits everyone in the payment stream: merchants, customers, issuers, acquirers and the card brands, too. And the first step in that process should be an honest and open dialogue about the vulnerabilities that exist and how they can best be contained.  (Read More) 

NIST Releases Cybersecurity Framework; BankInfo Security

The National Institute of Standards and Technology has unveiled its long-awaited cybersecurity framework, which provides best practices for voluntary use in all critical infrastructure sectors, including, for example, government, healthcare, financial services and transportation.  (Read More)

Report: Most businesses are not PCI compliant; Fierce Retail IT

A new Verizon (NYSE: VZ) report has found that many businesses, following their annual assessment for meeting the Payment Card Industry Data Security Standard, fail to maintain ongoing compliance -- putting the businesses at an increased risk for data breaches and the subsequent financial repercussions and damages to reputations.  (Read More)

Threat of the Week: The ATM XP Timebomb; Credit Union Times

The clock is ticking down to April 8th when Microsoft will cease to issue security updates for Microsoft XP.  (Read More)

Target was warned of data security problems; NAFCU

Target Corporation was warned of problems in its payment card system’s security before the massive data breach that affected as many as 110 million consumers, according to reports from The Wall Street Journal and American Banker.  (Read More)    

3 ways U.S. payment tech is behind the times. Could microchips and biometrics prevent future data breaches? The Wall Street Journal

As the fallout from the Target TGT breach continues to spreadundefinedlast Monday, police said they arrested two Mexican citizens who had fraudulent credit cards linked to the stolen dataundefinedmany Americans are asking themselves how they can keep their payment information more secure. The answer, it seems, may come from Europe, Canada, India and South Africa, countries that are ahead of the curve compared with the U.S.   (Read More)

Experts Differ on Whether EMV Chip Cards Provide Data-Breach Immunity; Digital Transactions

The huge data breach at Target Corp. and now one at upscale department store Neiman Marcus Group and possibly other retailers has introduced many Americans to the term “EMV” and the possibility that more secure Europay-MasterCard-Visa chip cards will replace vulnerable magnetic-stripe credit and debit cards in the United States. But some security and merchant-acquiring executives caution that EMV cards and compatible point-of-sale terminals alone would not have prevented a Target-style breach and that point-to-point data encryption is the answer.   (Read More) 

Insider steals and sells credit card data of 20m South Koreans; Finextra

South Korean prosecutors have indicted an engineer accused of stealing the credit card details of more than 20 million people and selling them to marketing firms.  (Read More)

Why The Target Data Breach Is Great News For The Payments Industry; Business Insider

The Target data breach that may have affected up to 110 million people has the potential to turn into a massive windfall for payments companies, in particular two large hardware providers, Verifone and Ingenico.   (Read More)   

Threat of the Week: Experts Predict ATM Fraud Explosion; Credit Union Times

Call it a nasty byproduct of the coming rollout of EMV (aka chip-and-PIN) debit cards but the frightening news is that many ATM experts now predict a 2014 explosion in old-fashioned magnetic stripe card fraud at ATMs as criminals enjoy a last robbing frenzy  (Read More)

Too Late for EMV in the U.S.? Analyst Says Payment Advances will Leap EMV; Bank Info Security

While U.S. payments networks and card issuers are planning to transition to EMV cards, Gartner analyst Anton Chuvakin says they could be wasting their time. It may be too late for this chip technology in the U.S.   (Read More)

Financial Institutions Want Retailers to Cover Data Breach Costs; Payments Journal

The National Association of Federal Credit Unions is using Target’s recent data breach to urge Congress members to pass legislation as early as next year to make retailers cover financial institutions’ costs associated with such acts.  (Read More)

Target breach spurs senators’ call for hearing; NAFCU

Senate Banking Committee members Sens. Robert Menendez, D-N.J., and Mark Warner, D-Va., have called on the committee’s leadership to hold hearings on the safety of consumers’ financial data in light of the Target Corporation breach.  (Read More)

Why EMV Isn’t Enough: 3D Secure Necessary To Curb Online Fraud; PYMNTS.com

For U.S. consumers, issuers and merchants transacting in the online channel, the perceived reality has long been this: Europe's successful EMV migration is pushing fraud abroad, and unless the U.S. upgrades to EMV as well, this fraud will take root domestically, causing millions of dollars in theft and loss.  (Read More)    

Canadian Banks Shutting Down Bitcoin Exchange Accounts; Payments Journal

As the value of a single bitcoin surged past $1,100 over the weekend (it’s now in the $950 range), word from Canada is that financial institutions there are making it difficult for exchanges to convert the digital currency into cash on behalf of their customers.  (Read More)

JPMorgan Chase says 465,000 pre-paid cards compromised by hackers; Finextra

JPMorgan Chase says hackers have compromised its network, putting the personal information of around 465,000 pre-paid cardholders at risk.  (Read More)

Bitcoin Law: Compliance and Avoidance Strategies; CoinDesk

My name is Marco Santori. I’m a business attorney for technology companies. In particular, I represent digital currency businesses. I am also the Chairman of the Bitcoin Foundation’s Regulatory Affairs Committee. In this multi-part series, I will give a basic primer on the state of US law as it applies to digital currency entrepreneurs. I aim to help bitcoin businesses assess their risks and develop an informed business model.  (Read More)

The FIDO Alliance Announces Microsoft Joins Board of Directors, Demonstrating Solidarity With the Global Community; Yahoo Finance

The FIDO (Fast IDentity Online) Alliance, an industry consortium revolutionizing online authentication with the first standards-based specifications, today announced that Microsoft has joined the Alliance as a member of the Board of Directors.   (Read More)

iOS Point-of-Sale Apps Have Hidden Security Risks; Tom's Guide

Have you ever bought something from a store that used a device plugged into an iPad or iPhone to accept your credit-card payment? If so, your personal information may be at risk, according to a new study.  (Read More)

Patent Reform, CFPB Bills See Committee Action; CUNA

Two topics of interest to credit unions were tackled in Wednesday U.S. House markup sessions: Legislation that would crack down on "patent trolls," and another that would alter the leadership structure of the Consumer Financial Protection Bureau.   (Read More)

New York's No-Surcharge Law Shelved, for Now; The Green Sheet

A federal judge in a New York district court ruled in favor of five retailers seeking the right to surcharge customers who use credit cards at checkout. The Oct. 3, 2013, preliminary injunction suspends the N.Y. statute that bans surcharging. In the Manhattan court, U.S. District Judge Jed Rakoff said the law violated retailers' constitutional right to inform customers of the cost of electronic payment acceptance.  (Read More)

Study Examines Prepaid Card Fraud and Risk Controls in the US; ATMmarketplace

New research from Mercator Advisory Group examines fraud risk and best practice for fraud prevention in prepaid card programs. The report, "Prepaid Card Fraud and Risk Controls in the United States.  (Read More)

Sales Up, Fraud Down -- Online Holiday Shopping Season a Merry One for Merchants With the Right Consumer Authentication; Press Release

CardinalCommerce, the leader in consumer authentication, reports today that its customers' online same-store sales for the holiday shopping season are up more than 25 percent year-over-year. This compares to a nearly 20 percent increase reported by online merchants overall.  (Read More)

Smartphone cameras can give away PIN codes, researchers warn; GIGAOM

Researchers at the University of Cambridge have demonstrated an attack that can reveal the PIN codes for sensitive apps, such as those for banking, by tapping into the device’s microphone and camera.  (Read More)

The Lifecycle of a Card Fraud; atmmarketplace

Card fraud is a massive problem around the world, costing banks and consumers time and money. Even when we seem to be making headway the criminals find another way in, which is why we see stats such as those from the U.K. earlier this year, which showed that fraud losses on U.K. issued cards climbed 14 percent last year to hit £388 million ($626.5 million), the first rise since 2008. (Read More)

The Debit Card Two-Step: Fees and Fraud; Transaction World Magazine

As the year winds down, debit card swipe fees and a sustained incidence of card fraud are two concerns that legislators can’t ignore. (Read More)

Biometrics Efforts Seek Staying Power; PYMNTS.com

Using online and mobile apps is becoming an increasingly onerous task, but solutions are emerging. Interest in biometrics as an alternative is growing, while some app developers have come up with password-management tools to ease the burden. Only one question remains: Can biometrics overcome its troubled past?   (Read More)

Fed Says It Followed Interchange Law; Credit Union Times

The Federal Reserve Board has filed its appeal of U.S. District Judge Richard Leon's strongly worded July 31 decision gutting its debit interchange regulation.  (Read More)

Making regulations easier to use; CFPB

We write rules to protect consumers, but what actually protects consumers is people: advocates knowing what rights people have, government agencies’ supervision and enforcement staff having a clear view of what potential violations to look out for; and responsible industry employees following the rules.  (Read More)

EBay Probed by Regulator Over Loans Pioneered by Payday Lenders; Bloomberg

EBay Inc. (EBAY) is facing a probe by the Consumer Financial Protection Bureau over a loan program that mimics a structure used by high-interest lenders to evade state rules before the practice was stamped out by regulators.  (Read More)

What Can Retailers Do to Prevent Credit Card Fraud? StorefrontBacktalk

While credit card processors and retailers have made strides to combat credit card fraud, it is still rampant across the U.S. In fact, credit card fraud jumped 17 percent between January, 2011, and September, 2012, according to the most recent data from the FICO® Falcon® Fraud Manager Consortium.  (Read More)   

The first quantum key distribution network in the United States promises un-hackable data security. CNNMoney

As revelations about the depth and breadth of the NSA's digital eavesdropping program continue to come to light, Ohio-based Battelle Memorial Institute is rolling out a new kind of network encryption designed to be virtually un-hackable -- not only now, but in the future.  (Read More)

New tech embeds mass customised hidden data in credit cards and plastics during manufacture: Warwick News

Bank card and other plastic product manufacturers will have access to a powerful new technology that will help the fight against counterfeiting of their products and which can provide an additional security feature for credit cards, thanks to new technology devised by researchers at WMG at the University of Warwick. (Read More)

Visa, MasterCard, Amex mobile payments power play faces significant challenges; Mobile Commerce Daily

By teaming up to create a new standard that would streamline mobile payments, leading card networks Visa, MasterCard and American Express hope to ensure a prominent role in smartphone and tablet transactions while also driving overall adoption by consumers and retailers.  (Read More)

From PayPal to Facebook: Securing the Mobile Payments World; Huffington Post

It is clear for many in the industry and beyond that we are slowly heading towards a cashless society. The sums being transferred online are already massive and, as Juniper Research predicts, within two years mobile transactions will hit $1.3 trillion worldwide by 2015.  (Read More)

Can Big Data Stop Cyber Crooks? ISO & Agent

The payments industry can thwart hackers only by creating a system that can adapt quickly to unanticipated threats. (Read More)     


Identity and Authentication Leader Participates in Keynote, Plenary and Track Sessions

TORONTO, Canada, October 11, 2013 – Executives from SecureKey Technologies, the leading provider of trusted identity networks, will be in the spotlight on multiple occasions at this year’s Smart Card Alliance Government Conference, the industry’s leading annual event for ID security.  Andre Boysen, Hugh Cumming, Christian Ali and Scott Lowry are featured speakers for keynote presentations and executive roundtable discussions during the conference and exhibition taking place October 14 - 16 in the Walter E. Washington Convention Center, Washington, D. C. (Read More) 

How eBay Could Rescue Bitcoin From the Feds: WIRED

Bitcoin, the world’s most popular digital currency, has a big problem. Just ask David Spitzer. On August 20, Spitzer sold a Bitcoin on Mt. Gox, the world’s best-known Bitcoin exchange, and immediately tried to move the money to his U.S. bank account. Twenty-one days later, he’s still waiting for the cash to appear. “It’s taking an extraordinary amount of time,” he says. (Read More)

E.U. Lawmakers Give E.C.B. Power to Supervise Banks; The New York Times

Europe took a significant step forward in its ambitions to create a single banking framework for the euro zone on Thursday after EU lawmakers granted new powers to the European Central Bank to oversee the currency bloc's banks.  (Read More)

Did Apple just kill the John Hancock? Market Watch

The thumb-print sensor on Apple’s new iPhone 5S will spare users having to enter a password to unlock their devices. It also paves the way for the eventual death of all passwords, handwritten signatures, and traditional methods of payment and identification.  (Read More)

Inside The Apple iPhone 5s Fingerprint Sensor; Medium.com

Apple has a track record of adding features to iPhones that are not new, but are better designed, developed and implemented than others. This is true of the iPhone 5s which was just announced: the system (called Touch ID) includes a fingerprint reader that can read your thumbprint and log you in, or authorize iTunes or App store purchases. And the details of how this works are contained in a patent that reveals some of the secrets behind this new approach to fingerprint authorization. (Read More)

Google security exec: 'Passwords are dead' CNET 

Speaking at TechCrunch Disrupt, Google's Heather Adkins says startups should look beyond passwords to secure users and their data. (Read More)     

Global Credit, Debit, and Prepaid Card Fraud Losses Reach $11.27 Billion in 2012 - Up 14.6% Over 2011 According to The Nilson Report; Press Release

Issuers, merchants, and acquirers of credit, debit, and prepaid general purpose and private label payment cards worldwide experienced gross fraud losses of $11.27 billion in 2012, up 14.6% over the prior year, according to The Nilson Report, a leading payment industry newsletter. Of that $11.27 billion, card issuers lost 63% and merchants and acquirers lost the other 37%. (Read More)

Congress starts looking into Bitcoin; Politico

A Senate committee is pressing federal regulators and law enforcement officials to explain how they plan to oversee Bitcoin and other virtual currencies as the issue gains increasing attention from government officials concerned about the role these new markets will play in the future. (Read More)

Biometric Authentication, Cracked In Seconds? OK, Maybe We’re Being A Little Optimistic Here; StorefrontBacktalk

With all the current retail-related efforts at biometric securityundefinedeverything from PayPal’s (NASDAQ:EBAY) authentication-by-photo to the iPhone’s supposed new fingerprint featureundefinedit’s useful to be reminded that not every biometric system actually, well, works. (Read More)

British Credit Card Customers to Be Reimbursed; The New York Times

Some of the largest banks and credit card companies in Britain will have to pay a total of up to £1.3 billion, or $2 billion, to customers who were sold inappropriate financial products, a British regulator said on Thursday.  (Read More)

Millions stolen from US banks after 'wire payment switch' targeted; SC Magazine

Gartner vice president Avivah Litan said at least three banks were struck in the past few months using "low-powered" distributed denial-of-service (DDoS) attacks meant to divert the attention and resources of banks away from fraudulent wire transfers simultaneously occurring.  (Read More) 

HMRC: UK bitcoin exchanges don’t have to register under money laundering regulations; CoinDesk

Bitcoin exchanges operating in the UK do not have to register with HM Revenue & Customs (HMRC) under money laundering regulations, the government department has revealed. (Read More)

Payroll Cards Are Under Scrutiny by New York’s Attorney General; The New York Times

New York’s top prosecutor is investigating some of the state’s largest employers over their use of A.T.M.-style cards to pay their hourly employees.  (Read More)

This banking decision on remittances will hurt ethnic minorities; The Guardian

Barclays decision spells disaster for British minorities who send money to their relatives abroad. (Read More)

A Call to Arms for Banks; The Wall Street Journal

U.S. regulators are stepping up calls for banks to better-arm themselves against the growing online threat hackers and criminal organizations pose to individual institutions and the financial system as a whole. (Read More)

Using Social Media to Stop Online Payment Fraud; Bloomberg Businessweek

Users of Facebook (FB), Pinterest, and Twitter share personal details every day. Now credit bureaus and payment companies Equifax (EFX), EBay’s (EBAY) PayPal, WePay, and Intuit (INTU) have begun trials to see whether social posts can help prove identities or detect whether customers are lying about their finances. (Read More)

Regulators Turn Up Heat Over Bank Fees; The Wall Street Journal

U.S. regulators are stepping up scrutiny of overdraft fees charged by banks, a big revenue stream that is helping the industry lessen the hit caused by low interest rates and the sluggish economy. (Read More)

The Bitcoin believers; FT Magazine

A growing band of young evangelists believe the virtual currency Bitcoin is the economic future. But how long before regulation catches up with them?  (Read More)

Spotlight on scams that target older adults; CFPB

Older Americans lose an estimated $2.9 billion annually to financial exploitation, and it’s estimated that for each case that is reported, 43 others go unrecognized. With 50 million older people in this country, and 10,000 more reaching retirement age every day, we cannot afford financial predators or practices that victimize our elder citizens. (Read More) 

Consumer Complaints on Checking Accounts Show Need for Action; The PEW Charitable Trust

When consumers have a complaint about their mortgage, credit card, checking account or other financial product, they can submit it to the Consumer Financial Protection Bureau (CFPB). See how checking accounts compare, and learn what account aspects drive the most complaints in this Pew infographic using CFPB data. (Read More)

The cash-free challenge... are contactless cards a safe way to pay? London Evening Standard

Just waving your wallet over a card reader rather than tapping in your PIN is the new way to pay undefined but is it safe? Jasmine Gardner does her best to fool the latest payment technology. (Read More)

Consumers ready for biometric payment methods; Cards International

Natural Security, a French biometric technology company, has completed its pilot of a new payment method with 94% of participants claiming they are ready to use this payment option for their in-store purchases. (Read More)

CFPB exodus: Brain drain or growing pains? Politico

Nearly two years after the Consumer Financial Protection Bureau opened its doors, the agency is grappling with an exodus of key staffers who helped the agency get off the ground.Dozens of CFPB policymakers, rule writers and attorneys have left in recent months, lured by opportunities in the private sector, burnt out by the bureau’s breakneck pace or disgruntled with what they say is a lack of clear leadership. (Read More)

Do Digital Currencies Need Bank Secrecy Act Regulations? Portals and Rails

Nearly two years ago, a Portals and Rails post looked at digital currencies and posed the question, "Will the use of alternative currencies gain popularity in the criminal world?" It appears that the answer to the question is "yes." According to the recent indictment of a digital currency provider, the currency under question "was designed to give criminals a way to move money earned from credit card fraud, online Ponzi schemes, child pornography and other crimes without being detected by law enforcement," ultimately building up a $6 billion money laundering operation. (Read More)

Data Breaches Back in Spotlight After $45M ATM Heist; American Banker

After months of being distracted by distributed denial of service attacks, the $45 million fraud perpetrated last week against Rakbank in the United Arab Emirates and the Bank of Muscat in Oman is refocusing attention in the financial industry on data breaches and the security procedures and technology that can prevent them. (Read More)

BitInstant’s Charlie Shrem sees Bitcoin battles ahead #Bitcoin2013; CoinDesk

Largely untapped markets such as global remittances represent a huge opportunity for Bitcoin, but the digital currency has not yet arrived at its most difficult stage of development, BitInstant founder Charlie Shrem said at this past weekend’s Bitcoin 2013 conference in San Jose. (Read More)

ATM Cash-Outs: A Major Escalation; Portals and Rails

The banking news this week has been dominated by the story about the two ATM cash-out schemes that netted the criminals a total of $45 million. The news articles and opinion pieces have focused on what I consider secondary aspects of this attackundefinedcounterfeit card production and prepaid cards. Some observers have pointed to this attack as further justification for a faster move to EMV reader capability in the United States. (Read More)

The Feds Are Cracking Down On Mt. Gox (Not On Bitcoin); Forbes

Mt. Gox, the Japanese exchange that’s responsible for the lion’s share of Bitcoin buying and trading, is having a rough month in the U.S. (Read More)

China UnionPay and Intel join forces for secure mobile payment; engaget

At IDF's second-day keynote in Beijing today, Intel announced its collaboration with bank card giant China UnionPay for secure mobile payment, with the latter utilizing Intel's Identity Protection Technology and also its distribution of the Hadoop software framework for datacenters. (Read More)

Consultation on a new payments regulator for the UK; Consult Hyperion

In March, the Chancellor of the Exchequer (for foreign readers: this is our Finance Minister) gave a major speech on banking reform which included some remarks about the UK's payments infrastructure (which, as Banking Technology magazine put it, were "at odds with reality") and went on to say that "there are no incentives on the big banks to deliver new and better services for users" and gave the example of "saving the cheque" as one of these new and better services. He also announced a further consultation process on a "competition-focused regulatory regime". (Read More)

As mobile payments field grows, so do security concerns; statesman.com

Mobile payments technology, over time, could have a profound impact on the way products are sold, bills are paid and money is transferred around the world. (Read More)

Congressional Efforts to Address Cybersecurity Heat Up; American Banker

Rep. Marsha Blackburn, R-Tenn., introduced legislation Wednesday to strengthen the nation's safeguards against cyberattacks while a House of Representatives panel passed a measure to promote sharing of information about cyber threats. (Read More)

Lessons for U.S. Banks from Cyberattacks in South Korea; American Banker

As investigators work to assess who is behind a cyberattack that shuttered banks in South Korea on Wednesday, details are emerging that can help U.S. banks learn from what happened overseas. (Read More)

Fingerprints Instead Of Credit Cards? YC-Backed PayTango Aims To Make Payments Work Through Biometrics; TechCrunch

As a mechanism for payment, the credit card remains just as hardy as ever. It has so far defied the threat of mobile phones, and less plausibly, QR codes, among many other forms of payment.One YC-backed startup is betting that fingerprints and other forms of biometric identification may be the payment method of the future though. Called PayTango, they’re partnering with local universities to offer a quick and easy way for students to use their fingerprints to pay instead of credit cards. (Read More)

SignaPay Partners with ControlScan for Stronger SMB Payment Security and Compliance; Press Release

While most independent sales organizations (ISOs) and acquirers have had Payment Card Industry (PCI) compliance programs in place for several years, many of these organizations still find it difficult to reach Level 4 merchants with the focus and frequency necessary to effectively secure their businesses' payment transactions. To ensure that their Level 4 merchants benefitted from security, service and support at the highest level, Dallas-based ISO SignaPay joined forces with ControlScan. (Read More)   

iovation Launches TrustScore to Help Online Companies Identify Good Customers; Press Release

iovation, the leading provider of device reputation protecting businesses against online fraud, today announced the launch of its TrustScore service. TrustScore identifies website visitors that are most likely to be trustworthyundefinedeven if they’ve never visited the site before. It accomplishes this by analyzing a consumer’s online activity from their collective devices and assigning a rating to those devices based on historical behavior. (Read More)

Interac® debit card fraud skimming losses plummet to lowest level on record; Press Release

Interac Association reported today that Interac debit card fraud losses, as a result of skimming, are the lowest on record since 2003 – decreasing to $38.5 million in 2012 from a high of $142 million in 2009. This represents 0.012 per cent of domestic Interac debit card volume and the lowest volume of fraud losses since data were recorded in 2003. (Read More)

SecureNet’s PayOS Advances Payment Solutions for Merchants and Integration for Developers; Yahoo Finance

SecureNet’s PayOSSM is the most innovative payment technology operating system directly connected to the major card networks available in the market. The solution’s flexible architecture simplifies integration and empowers merchants and developers to design and control their own payment roadmap. SecureNet’s PayOS gives developers access to a flexible, adaptive and scalable payment operating system with the ability to design their ideal user experience, merchant management, boarding and payment environment. (Read More) 

Who Am I? Authentication Challenges; Portals and Rails

It's tax time again. I dread this time of year. It's not just because I don't like paying taxesundefinedwho does? It's because I am always a little nervous as a result of an experience my husband once had. Some years ago, my husband was the victim of identity theft and, every so often, we are forced to confront another attempted assault on our finances. We became aware of another assault two years ago when we attempted to file our federal tax return electronically and it was rejected. The IRS already had a record of a processed return under my husband's Social Security number (SSN). For now, we file our returns the old-fashioned way, printing and mailing them. (Read More)   

As U.S. Lags on EMV, Fraud Losses Increase; PaymentsSource

Fraud losses on U.S. credit and debit cards, after years of decline, now appear to be on the rise again. And one key culprit, according to experts, is this country's slow adoption of technology that will improve security. (Read More)

PayPal admits its fraud filters suck, promises to suck less; MSN

PayPal customers, breathe a sigh of relief. Soon, you will no longer have to undergo an agonizing process to thaw your frozen funds from their overly suspicious coffers. (Read More)

Do GPR Prepaid Cards Pose Significant Money Laundering Threats? Portals and Rails

When it comes to laundering proceeds from illicit activities, criminals have historically had a number of financial instruments and methodologies at their disposal. These choices have ranged from payment products tied to demand deposit accounts such as checks, wires, and debit/ATM card transactions to money transfers via money transmitters. The birth of general purpose reloadable (GPR) prepaid cards in the early 1990s created yet another payment instrument that could potentially be used to clean dirty money. (Read More)

ACI Worldwide Alleviates Dodd-Frank Compliance Burden for Financial Institutions; Press Release

ACI Worldwide (NASDAQ: ACIW), a leading international provider of payment systems, announced today its Money Transfer System ™ is helping financial institutions achieve Dodd-Frank compliance, well in advance of the original deadline of February 7, 2013. This regulation, a requirement of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, is one of the major issues facing financial institutions in 2013. (Read More)

Mobile Security: The Downside Of The mPayments Revolution

Mobile payments are becoming increasingly popular as consumers have come to expect and demand multi-channel banking experiences, flexibility and accessibility from their smartphones and tablets. Mobile wallets provide unique experiences for merchants to build loyalty and consumers to pay with ease, and mPayments acceptance provides opportunities for acquirers and issuers as well. (Read More)

Report: fraud threat to mobile payments to grow in 2013; Mobile Payments Today

Security is ever the worry with new technologies and this is especially true for mobile payments, where new technology meets financial access. Usually, as a technology matures, threats are gradually neutralized. But ThreatMetrix, a provider of cybercrime security solutions, has some sobering news for mobile payments relating to security: The worst is still to come and 2013 will be a banner year for fraudsters. (Read More)

Javelin identifies top mobile, payment trends for 2013; Mobile Payments Today

"FIs and other organizations with a vested interest in the security of the mobile channel will be best served through a partnership with security vendors with the goal of increased adoption of mobile security software," said Al Pascual, Industry Analyst of Security, Risk and Fraud at Javelin. (Read More) 

The Fraud Triangle; Portals and Rails

The "Rule of 3" is a principle that suggests when things come in threes, they are inherently funnier, more satisfying, or more effective. (I talked about the Rule of 3 in a recent post in which I described my search for the right payment product.) There's even a Latin phrase that generally describes this concept: omne trium perfectum, which means "everything that comes in threes is perfect," or "every set of three is complete." (Read More)

PAY.ON partners with ReD to offer integrated payment and fraud prevention services to PSPs and merchants; Press Release

ReD, a leading global provider of fraud prevention services, has announced that it is teaming up with PAY.ON AG, a global processor and payments platform operator, to offer card-not-present payment fraud prevention services to PAY.ON’s global network of payment service providers (PSPs). (Read More)

FinCEN, Federal Reserve Seek Comments on Bank Secrecy Act Definitions; JDSUPRA

On November 29, the Financial Crimes Enforcement Network (FinCEN), a bureau of the US Department of the Treasury, and the Federal Reserve Board (Board) issued a notice of proposed rulemaking seeking comments on a proposal to amend the definitions of “funds transfer” and “transmittal of funds” under the regulations implementing the Bank Secrecy Act (BSA). The proposed amendments “are necessary to maintain the current scope of funds transfers and transmittals subject to the BSA in light of amendments to the Electronic Funds Transfer Act (EFTA) made by the Dodd-Frank Wall Street Reform and Consumer Protection Act.” (Read More 

2012 Payments Fraud Survey; FED

The Federal Reserve Bank of Minneapolis’ Payments Information and Outreach Office recently released the results of its 2012 Payments Fraud Survey. (Read More)

Discover Financial Services Announces Next Steps for EMV Deployment across the Globe; Press Release

Discover announced the next milestone in its global EMV deployment: a comprehensive strategy and roadmap that includes Discover Network, Diners Club International, PULSE and Discover Card. (Read More)

FPC completes integration of fingerprint authentication for Secure Element targeting secure and convenient NFC transactions in mobiles and tablets; Press Release

Fingerprint Cards (FPC) has completed integration of FPC’s algorithm and swipe sensor into the embedded Secure Element from Infineon Technologies. The primary solution will be plug & play for mobile NFC solution providers to enable secure access and transactions in mobile phones and tablets. The potential and targeted market for these applications will be several hundred million units in the next three years. (Read More)

While Stalemate Continues, Another Retailer Data Breach Announced; Portals and Rails

We haven't heard about significant data breaches at any retailer's brick-and-mortar lately. In fact, the prevalence of cybercrimes and malware-related incidences has momentarily redirected our attention to payments made through online and wireless channels along with related payment crimes such as social engineering and malware-enabled account takeovers and card data theft. However, according to Verizon's 2012 Data Breach Investigations Report, while most attacks are not related to physical tampering, "there was no shortage of payment card skimming in 2011, and there were notable arrests." (Read More)

The Plot Thickens in the Bizarre Bitcoin Blackmail Caper; American Banker

There have been some new twists in the strange case of an alleged attempt to blackmail Mitt Romney for $1 million in bitcoins, raising additional legal questions about the digital currency. (Read More)

Inside PCI's Mobile Payments Guidance; Bank Info Security

The PCI Security Standards Council's PCI Mobile Payment Acceptance Security Guidelines target software developers and mobile device manufacturers with guidance on how to design appropriate security controls that can thwart growing threats such as malware and rootkits. (Read More)

TD Bank loses customer data; finextra

TD Bank has lost data tapes containing the names, account information and social security numbers of 260,000 US customers. (Read More)

Victim of chip-and-pin fraud? It's all YOUR fault, insist the banks as they refuse payouts; This is MONEY

Thousands of innocent victims of card fraud are routinely being deprived of payouts worth thousands of pounds by their banks who wrongly brand them crooks instead. (Read More)     

New Mobile Payments Standards Issued by PCI; Credit Union Times

Two facts about mobile payments: Just about nobody has actually made a mobile payment just yet, but a massive, multi-billion industry is betting big that mobile payments via smartphones will in fact take off soon. (Read More)

Canadian government addressing mobile payment regulation; Mobile Payments Today

Canadian regulators are taking small steps towards addressing issues related to mobile payments. Yesterday, Canada's Minister of State (Finance) Ted Menzies announced that the country's Code of Conduct for the Credit and Debit Card Industry will be expanded to include mobile payments. As a part of the announcement, Menzies also released the proposed Addendum to the Code for public consultation. (Read More)

New Study Documents the Outsize Fraud Exposure from Mobile Payments; Digital Transactions

Even though merchants accepting mobile payments are in the minority and mobile-payment volume is low, losses from fraud incidents for those merchants are higher than for non-mobile-accepting merchants, according to the fourth annual “LexisNexis True Cost of Fraud” study sponsored by content provider LexisNexis Risk Solutions and conducted by Javelin Strategy & Research. (Read More) 

Mobile payments may be the future, but they're still unsafe; Los Angeles Times

It's clear that many of us soon will be paying for stuff at the store with our smartphones. Wal-Mart, Target and a bunch of other retailers are the latest to jump aboard the mobile-payments express train. (Read More)

LevelUp: Pay-By-Phone Innovator claims to have just 1% of normal credit card fraud; ieee spectrum

LevelUp claims that it can avoid charging per-transaction fees because of the system’s low processing costs, which it attributes in part to the security of the token-based approach. LevelUp’s stated fraud rate is 1 percent of that for conventional credit card use. (Read More)

Earthport to Enhance Cross-Border Payments Service in Alignment with Dodd-Frank Section 1073; realwire

Earthport, a leading provider of cross-border payments services, announced today the Company’s plans to enhance its cross-border payments service to address the transparency and predictability outlined by Dodd-Frank Section 1073 (‘DFS1073’). Earthport’s highly transparent cross-border payments service will be enhanced to address the specific requirements outlined in the regulation. (Read More)

100 Million E-Receipts Sent from Wells Fargo ATMs; Press Release

Wells Fargo & Company announced that just two years after introducing an e-receipt option at its ATMs, customers have used the service more than 100 million times. Wells Fargo Online Banking customers have the choice to either have an ATM receipt sent to an Online Banking inbox or to a designated personal e-mail account. Twelve percent of all receipt eligible transactions result in an e-receipt today. Wells Fargo was the first bank to offer this service to its customers. (Read More)

Cross-Industry EMV Coalition Created to Support Move to Chip-based Payments in the U.S. Press Release

To join the payments ecosystem together as the United States moves to a new way to pay with EMV chip cards, the Smart Card Alliance today announced the formation of an independent, cross-industry organization, the EMV Migration Forum. The Forum will support the alignment of the EMV implementation steps required for global payment networks, regional payment networks, issuers, processors, merchants, and consumers to successfully move from magnetic stripe technology to secure EMV contact and contactless technology in the United States. (Read More)

Verifone card readers hacked with a credit card; geek.com

Keeping your credit cards and bank account secure means ensuring your PC is viruse free for online banking, not using an ATM that looks modified, and keeping your cards safe while carrying them around in your wallet. But there’s a new way of gaining access to your card details and we as individuals can do nothing to stop it. (Read More)

Some PayPal Users Criticize Antifraud Measures; The new York Times

Jorge Espinoza, the founder of PreRace, a Web site where bicyclists and runners can register for races, was on a roll in March. In three days his site took in over $1 million in registrations for a major bike race, much more than usual. Then PayPal, the online payment service that his site was using to process credit card transactions, froze the company’s account. (Read More)   

Can clouds and contactless chips coexist? Portals and Rails

Mobile wallets have started to make their way into the market this year. Inevitably, industry stakeholders are joining opposing camps on the technology that these wallets use to keep payment information and other personal data safe and secure: contactless chips or cloud-based technology. The chips are embedded in a mobile handset that communicates with a terminal via near field communication (NFC), while the cloud-based technology involves an application downloaded to the mobile handset. (Read More)

Google Wallet facing criticism regarding security features; Mobile Commerce Press

Google has been working to establish itself as a major force in the burgeoning mobile commerce industry. The company has been among the first of its kind to produce a mobile payment application, called Google Wallet. The Wallet was released last year and was highly anticipated amongst the company’s fans. The application quickly made headlines for its lackluster security features, however, which straddled Google with a great deal of criticism because it had touted the applications security features before release. (Read More)

Dark side of the online shopping boom: credit card fraud soars; The Sydney Morning Herald

One in 15 adults was the victim of credit card fraud over the past year with losses blowing out to a record $278 million as the online shopping boom leads to more Australians being swindled. The losses, up more than 50 per cent compared with the previous year, have led to banks and card issuers, such as MasterCard and Visa, scrambling to keep ahead of fraud, particularly as more payments move online and offshore. (Read More)

This Innovation-Killing California Law Could Get A Host Of Startups In Money Trouble; Business Insider

One of the amazing things about the latest generation of startups is how they're creating entirely new markets, not just disrupting existing ones. That entrepreneurial impulse could be stifled by a surprisingly broad statute governing money transmission in California, Business Insider has found. (Read More)

"Making Life Simple" CyberSource Online Security Destined for Thailand's eMerchants; Press Release

CyberSource, a Visa company (NYSE Code: V), has announced that Bank of Ayudhya, Thailand's fifth largest bank, will deploy its payment and fraud-management solutions to provide secure online and mobile transactions for the bank's merchant customers. (Read More)

Elavon Selects Protegrity Tokenization Technology as Part of Its Comprehensive Data Security Solution; Press Release

Protegrity, a leading provider of end-to-end data security solutions, and Elavon, a leading provider of end-to-end payment processing services and a wholly-owned subsidiary of U.S. Bancorp, have signed a definitive agreement to include Protegrity’s next-generation tokenization technology as part of Elavon’s SAFE-T Suite solution [www.safetsuite.com]. SAFE-T Suite helps companies protect cardholder data by utilizing a combination of EMV, point-to-point encryption and tokenization. In addition to realizing the benefits of advanced data protection and reduced PCI scope with advanced tokenization, merchants achieve seamless business process continuity by using tokens in place of actual card data, allowing it to be used for subsequent business purposes. (Read More)

Shift4 Announces the Ultimate Solution for Hospitality Payment Security; Press Release

Shift4 Corporation, the world's largest independent payment gateway, today announces the ultimate card data security technology combination for the Hospitality industry. (Read More)    

Global Payments breach extends to merchant accounts; finextra

Global Payments, which disclosed in March a serious breach of its payment processing system affecting 1.5 million card details, says that the intruders may also have escaped with the personal banking details of merchants who had applied for accounts with the processor. (Read More)

Prevention is key to containing chargeback damage, says SignatureLink CEO Greg Wooten; Press Release

Fraudulent chargebacks persist as a thorn in the side of online businesses. The Credit Research Foundation reports that up to 15% of all invoices are subject to chargebacks, and a 2011 report by Javelin Strategy & Research for LexisNexis reveals online companies pay $2.40 to recover each dollar of chargeback fraud. (Read More)

Owners May Not Be Covered When Hackers Wipe Out A Business Bank Account; The New York Times

In May 2010, Golden State Bridge, an engineering and construction company based in Martinez, Calif., was robbed of more than $125,000 when cybercriminals hacked into its bank account. (Read More) 

FBI Issues Warning to Travelers; CU Info Security

The U.S. Federal Bureau of Investigation warns of fraudsters who are targeting travelers through hotel Internet connections. The scheme involves pop-up windows through which fraudsters trick travelers into installing bogus software updates on their computer. The "updates" are really malware installations. (Read More)     

Risk Office from Fiserv Growing; Helping Clients Reduce Dollar Fraud Losses by an Average of 40 Percent; Press Release

Fiserv, Inc. (NASDAQ: FISV), a leading global provider of financial services technology solutions, announced today that its Risk Office credit, debit and prepaid card investigative and consultative service experienced a 56 percent increase in new clients in 2011. (Read More)

Are social security numbers still secure enough for payments? Portals and Rails

Identity authentication is becoming increasingly important today as consumers conduct more and more social interactions, commerce, and financial transactions online. Many emerging payment methods are conducted electronically today and will no longer involve the face-to-face interactions that have provided an additional layer of security for our traditional retail payments environment. Unfortunately, our primary means of personal identification is the social security number, and it is becoming more vulnerable to compromise. How do we mitigate the risks in innovative payments going forward with traditional identification methods? (Read More)  

Global Payments Breach Fueled Prepaid Card Fraud; KrebsonSecurity

Debit card accounts stolen in a recent hacker break-in at card processor Global Payments have been showing up in fraud incidents at retailers in Las Vegas and elsewhere, according to officials from one bank impacted by the fraud. (Read More) 

Key Phish Phry Player Sentenced: CU INFO SECURITY

A U.S. District Court in Los Angeles has sentenced Nichole Michelle Merzi, a key figure in an international cybercrime ring that between 2008 and 2009 drained thousands of dollars from U.S. bank accounts. (Read More)

Analysis of Reloadable Prepaid Cards in an Environment of Rising Consumer Banking Fees; Consumer Financial Protection Bureau

Fees that have subsidized the so-called “free checking” accounts that banks have offered over the last decade are quickly being eroded through regulatory changes. These changes are reflected in new fee structures banks are either implementing or exploring to replace both overdraft and interchange revenues. (Read More)

Mobile payments the new frontier for crime cops as cardbusters celebrate tenth anniversary; finextra

The specialist police unit that tackles UK card and cheque crime claims to have saved the industry over £400 million in fraud losses since its launch ten years ago. (Read More) 

iovation Finds 60% Increase in European Fraud Online; Press Release 

Risk Mitigation Company Opens Amsterdam Data Center to Meet Growing Device Reputation Demand (Read More) 

ICC Solutions Receives Two Queen’s Awards for Enterprise

in both International Trade and Innovation

April 21st, 2012, Warrington, UK: ICC Solutions Limited, the independent UK-based company regarded as a global leader in the provision of highly efficient EMV (also known as Chip & PIN) test and certification tools, has achieved the high accolade of receiving two Queen’s Awards for Enterprise in both the International Trade and Innovation categories. These highly prestigious awards are the most coveted corporate prize in the UK, honouring outstanding companies achieving the highest levels of excellence who have made an outstanding contribution to the British economy and are awarded annually by Her Majesty The Queen on the advice of the Prime Minister, who is assisted by an advisory committee that includes representatives of government, industry and commerce. (Read more)

Online and mobile banking create many front doors, Portals and Rails

"The vulnerability is the front door of the bank." I've heard that quote many times over the years. With online banking continuing to grow, and mobile being the latest channel to access bank accounts and services, the bank suddenly has many more "doors" to worry about. (Read More)

NewNet Launches TraxcomSecure® AccessGuard 1000 Enhanced Mobile Broadband Payments Gateway; Press Release

NewNet Communication Technologies, a recognized leader in secure transaction processing and wireless network infrastructure, today announced a powerful new addition to its field proven and widely deployed AccessGuard mobile and broadband payment processing product portfolio. The state-of –the-art AccessGuard 1000 (AG1000) platform provides customers enhanced security, performance and scalability to deliver advanced payment and financial processing services and address the explosive growth of mobile and broadband financial transactions globally. (Read More)

UICCU Employs Updated Zip Code Strategy to Fight Fraud; The Memebers Group

Among the strategies Credit Card Manager Chris Carlson’s team has cited as helpful to achieving decreased fraud losses at University of Iowa Community Credit Union (UICCU), is a zip code strategy designed to draw logical conclusions about the legitimacy of a transaction. (Read More) 

Is the Internet the world's largest crime scene? Portals and Rails

"If the Internet is a place, it's probably the world's largest crime scene," said Peter Liske, vice president of product management at Threatmetrix. (Read More)

iovation and TeleSign Pair Device Reputation Management With Intelligent Authentication to Fight Online Fraud; Press Release

iovation’s ReputationManager 360 Solution, and TeleSign’s Phone-Based Authentication and PhoneID Provide Automated Mechanism for Validating Online Transactions (Read More

ThreatMetrix Picks Up $18 Million To Expand Its Fight Against Cybercrime; TechCrunch

The world of data breaches and other malicious online acts are on the rise undefined with some $2 trillion lost to IT thefts and other cybercrimes annually, according to research from Goldman Sachs undefined so we will continue to see a focus on companies that try to combat these threats. One case in point: today, ThreatMetrix, a provider of cybercrime prevention solutions, says that it has raised $18 million to continue to expand its business. (Read More)

Chip technology helping in the fight against Interac® debit card fraud; CNW

Interac Association announced that Interac debit card fraud losses to financial institutions resulting from skimming declined to $70 million in 2011 from $119 million in 2010 and a high of $142 million in 2009.  The number of cardholders reimbursed fell to 154,170 from 205,200 in 2010 and 238,000 in 2009.  This represents 0.0229 per cent of domestic debit card volume and the lowest volume of fraud losses since data were recorded in 2003. (Read More)

Why Debit-Card Overdraft Fees Are Under Scrutiny Again; Bloomberg Businessweek

Today the new Consumer Financial Protection Bureau said it is going to take a look at debit-card overdraft fees. If it feels like deja vu, it kinda is. It’s been a year and a half since new rules changed how banks can charge for overdrafts, but the fees definitely haven’t gone away. Let us explain. (Read More)


Memento Inc., a leader in Enterprise Fraud Management solutions, today announced an agreement with Orbograph Ltd. to deliver enhanced check fraud detection solutions to the financial services industry. Orbograph Sereno™ software will provide a broad set of image analysis capabilities to the Memento Check Fraud Solution. (Read More)     

Google Wallet suspends prepaid credit cards in wake of security hack; appolicious advisor

Google has addressed a newly aired security hack for its Google Wallet mobile software that disables the use of prepaid credit cards while the company deals with patching the security hole. (Read More 

Google takes step to make Wallet more secure; REUTERS

Google disabled prepaid Google Wallet cards Friday after a Colorado-based security firm discovered flaws in the mobile-payment system's security. Google said it was "working to resolve the issue." Researchers reportedly found a couple of ways that hackers could crash the service's PIN code. The problems come as Google struggles to get carriers interested in the service. (Read More) 

Zappos.com hit with breach, lawsuit; The Green Sheet 

The latest big data breach occurred at Zappos.com, the online apparel retailer and Amazon.com subsidiary. Over 24 million customer accounts were compromised – allegedly the handiwork of one lone fraudster. A class-action lawsuit filed in Kentucky seeks financial damages. Now Zappos.com laments the damage done to its reputation. (Read More) 

Visa Exec Slams PayPal In-Store Payment Service; The Wall Street Journal

A Visa Inc.executive criticized PayPal's mobile-payment system Wednesday, suggesting a service the online payment provider is testing at some Home Depot Inc. stores could open customers up to fraud. (Read More) 

INSIDE Secure chosen by leading Smartphone manufacturer; Press Release

INSIDE Secure, a leader in semiconductor solutions for secure transactions and digital identity, today revealed that it is integrating its near field communications (NFC) solutions into a next-generation smartphone from a leading mobile phone manufacturer scheduled to be introduced by mid-year. The new smartphone will run on one of the most widely used mobile operating systems under license, and will utilize the INSIDE MicroRead® NFC controller chip and INSIDE Open NFC™ protocol stack software to deliver a rich set of NFC capabilities to support a broad range of NFC applications. (Read More) 

FTC to review mobile payments; NFCNews

The Federal Trade Commission (FTC) has announced that it will hold a workshop on April 26 to examine the use of mobile payments and how this emerging technology impacts consumers. (Read More)

iovation Stopped 50 Million Online Fraud Attempts in 2011, Biggest International Offender: Ghana; Press Release

Record Year For Company Tracks 800 Million Devices Attempting Fraud 150,000 Times Each Day Across Online Financial Services, Retail, Gaming, Social Communities and More (Read More) 

Is the United States payments industry following in the footsteps of the Netherlands? Portals & Rails

The Forum recently took a dive into card fraud data from the many countries (not the United States, of course) that have tossed out their old magnetic-stripe cards and adopted the EMV standard. You can read the paperundefinedit's available on our websiteundefinedbut here's a quick recap. (Read More) 

2012 Threats: Are You Ready? Huff Post Tech

History is said to be a good indicator of what might come in the future. If you follow trends in how things are done and what tends to gain momentum then you can get a pretty good idea of what's ahead. (Read More) 

Security must evolve with m-commerce, says expert; Experian QAS

As retailers open up to the world of mobile commerce, they need to be aware that their security processes must also evolve. (Read More

Google Wallet stores unencrypted data; finextra

Google's mobile wallet application fails to securely store some personal information on the users' phone, according to research from viaForensics. (Read More

Study Shows Merchants Still Store Massive Amounts of Unprotected Card Data; Digtal Transactions

A core principle of data protection, and the Payment Card Industry data-security standard (PCI), is that merchants should never store unencrypted card information anywhere in their computer systems. But a recent study of data generated by a system-scanning tool shows that many merchants are violating this rule, knowingly or unknowingly. (Read More) 

Mobile Fraud: The Next Frontier; Press Release

Mobile fraud will increase alongside mobile banking adoption, and financial institutions should have tools in place before issues arise. (Read More

PreCash Announces PreCash Secure Payment Services; Press Release

Company Extends Agency Services to Help Prepaid Stored Value and Other Companies Navigate Regulatory, Compliance and Risk Environment (Read More

Remote deposit capture: If you expand it, will fraud come? Portals and Rails

It has been nearly two years since Portals and Rails focused on remote deposit capture (RDC). In just this short period, the RDC market has grown significantly and changed rapidly. This growth and change has led to approximately 13 percent of checks being deposited as images at the bank of first deposit, according to the 2010 Federal Reserve Payments Study. (Read More) 

28 Indicted in Theft of Steakhouse Patrons’ Credit Card Data; The Wall Street Journal

The customers went for the dry-aged sirloin and tender cuts of filet mignon, like many at New York City’s better steakhouses. And, like many, they handed their credit cards to the waiters after their meals, expecting to tip, sign and be on their way. (Read More) 

Evidence for PCI’s effectiveness in the fight against fraud; Portals & Rails

Despite the PCI Council's best efforts and laudable goals, the effectiveness of its data security standard, PCI DSS, is frequently questioned. This standard is sometimes disparaged as expensive and ineffective. One critic has even decried the standard as a "false god." Such criticisms have stuck in part because it is difficult to know how many breaches would have occurred if it weren't for the PCI standard, and supporters have essentially been left to argue a counterfactual. The PCI Council has long maintained that no organization that has been breached has been found to have been compliant at the time of the breach, but the claim has never been fully validated. (Read More)

Card Fraud Expert Pushes Case for Chip Cards; Credit Union Times

Even though many financial institutions in the country have not yet begun to implement smart chip technology in their card issuing, an expert in card fraud has urged they start to do so. (Read More)

International Fraud Awareness Week is here; Portals & Rails

According to the Association of Certified Fraud Examiners (ACFE), organizations worldwide lose roughly 5 percent of annual revenues to fraud. That's huge. A theme that we return to again and again in Portals and Rails is the fact that technology is making our livesundefinedincluding the ways we transact consumer paymentsundefinedmore efficient and secure. But these new technologies also offer fraudsters new and sometimes better ways to perpetrate crime. (Read More)

Bank Fraud Still Costing Plenty; eSecurity Planet

Since U.S. laws put the onus on banks to assume liability, consumers and some businesses tend to think their exposure amounts to little more than a temporary inconvenience while they await new debit cards. But that isn’t really the case. (Read More)

Federal Agencies Turn a Watchful Eye on Third-Party Payments Providers; Digital Transactions

Already the subject of new debit card regulations, the payments industry is coming in for more scrutiny from the federal government. A Federal Trade Commission official told attendees at a merchant-acquiring conference on Thursday that the government has formed a task force to monitor third-party payment-services providers. The feds’ goal is to prevent fraudulent merchants from getting merchant accounts and to shut down such merchants as quickly as possible if they defraud consumers. (Read More)

Experts Debate the Security of EMV; Bank Systems & Technology

While many in the financial industry acknowledge that the EMV standard is not 100-percent secure, some say it may be the best option available for securing POS payments. (Read More)

Security concerns continue to hamper UK m-payments take-up; finextra


Only 17% of Brits want to use their mobile phones as wallets, with security concerns the chief reason for reticence, according to a survey from Intersperience. (Read More)

Fiserv Survey Shows Anti-money Laundering Technology Remains Investment Priority for Financial Institutions; Press Release

Research indicates that the market is moving more actively toward a single platform approach to satisfy both AML and anti-fraud needs. According to the survey, firms anticipate increased technology budgets for both AML and fraud detection. (Read More)

High-impact events in a warming world: Business continuity planning for retail payments; Portals & Rail

Which will be the first to reopen after a major disaster: your financial institution or the local Waffle House? In some cases, you may be able to order your hash browns smothered, covered, peppered, and chunked before electricity is restored to your usual ATM. (Read More)

PCI update addresses holes in wireless security; The green Sheet

Commenting on the release of an update to the PCI DSS Wireless Guidelines Information Supplement, security experts agreed that securing wireless payment networks is possible but more difficult than securing hardwired networks. (Read More)

AsiaPay partners with Smart for safer online payments; openPR

Filipinos will soon have a convenient, efficient and more secure option to purchase goods and services from their favorite online merchants. (Read More)

Visa Europe extends CodeSure family with Matrix Display card; Press Release

Visa Europe, Europe’s leading payment system, today launched the CodeSure Matrix Display card, the latest addition to its CodeSure card range. (Read More)

Board of Governors of the Federal Reserve System Frequently Asked Questions- Regulation II

Frequently Asked Questions About General-Use Prepaid Cards and Circumvention and Evasion (
Read More)


Skrill announces acquisition of payolution; Press Release

Acquisition adds new invoice payment options and risk security capabilities to further differentiate Skrill’s product offering to online merchants. (Read More)

PriceTravel Selects Accertify to Protect Its Online Travel Platform Against Fraud; Press Release

Signing Highlights Accertify's Rapid Growth in Latin America and Continued Commitment to this Region. (Read More)

Using data mining to catch suspected financial wrongdoers; FED Portals and Rails

The seemingly inconsequential disclosure of a phone number or ZIP code to a store clerk can ultimately end up far away from where it was first shared, especially if it is used for data mining purposes. Data mining is the use of computer-based analytic tools that sift through large collections of data searching for patterns based on statistical techniques. Often times, data records containing personal identifiers are compiled from many sources and transferred to third parties for data analysis. (Read More)

First Data Selects Trusteer to Help Financial Institutions Comply with New FFIEC Guidance for Online Banking Security; Press Release

Trusteer Fraud Prevention Architecture to be Available with First Data Internet Banking Platform. (Read More)


Merchants to benefit from guidance on how tokenization solutions may ease PCI DSS compliance efforts. (Read More)

ROAM Data takes number one market position for secure mobile phone card reader solutions; Press Release

Has shipped 300,000 encrypted readers that prevent card fraud demonstrated at the Blackhat security conference last week. (Read More)

Visa Announces Plans to Accelerate Chip Migration and Adoption of Mobile Payments; Press Release

Visa dynamic authentication roadmap will reduce fraud and enhance international acceptance. (Read More)

Securing mobile commerce; TODAY on Sunday

Business boundaries are no longer defined in terms of physical space. The increasingly "extended" enterprise has introduced new security concerns. Retailers are opening their networks and data to partners, suppliers and mobile workers, rather than containing information and securing the perimeter with the objective of business flexibility and agility - and eventually, competitive advantage. (Read More)


2011 FINANCIAL CRIMES Workshop September 29th

Neural Technologies implements solution for mobile payments fraud in Africa; Press Release

Neural Technologies has implemented its Minotaur solution to manage mobile payments fraud at a leading African mobile telecoms operator. (Read More)

BillGuard Warns You About Questionable Credit Card Charges; lifehacker

BillGuard is a free service designed to solve the problem of possibly overlooking hidden fees, billing errors or fraudulent transactions on your credit cards. It scans and analyzes your card transactions and alerts you if they match charges others have flagged as questionable. (Read More)

Memento Helps Financial Institutions Meet New FFIEC Guidance; Press Release

Memento Inc., a leader in Enterprise Fraud Management solutions, today announced that their award winning Enterprise Platform helps financial institutions meet the layered security guidelines as issued in the June 2011 supplement to the FFIEC’s 2005 Authentication in an Internet Banking Environment. (Read More)

ACH ALERT Granted Patent for Fraud Protection System; Press Release

ACH Alert announced today it has been granted a patent for its fraud mitigation system. (Read More)

BillGuard's 'Anti-Virus' For Bills And Credit Cards Is Now Completely Free For Users; TechCrunch

When BillGuard presented their innovative service at TechCrunch Disrupt earlier this year, the startup received fairly positive feedback from the panel of judges, which included well-known investor Fred Wilson. (Read More)

Guardian Analytics Launches Managed Fraud Monitoring Service; Security Week

Guardian Analytics, a provider of behavioral analytics-based fraud prevention solutions, today announced a fraud monitoring solution delivered as a managed service, designed to allow institutions to enjoy the benefits of fraud prevention software without the need for increased staff or training. (Read More)

AFS signs multi-year fraud detection deal; Trade Arabia

Bahrain-based Arab Financial Services (AFS), a leading provider of electronic payment services, has signed a multi-year renewal agreement for RiskNet Issuer with The ai Corporation, a leader in fraud detection solutions. (Read More)

A New Report from Aite Group; From Mag Stripe to Malware: Card Security Risks in 2011; Press Release

After years of uncertainty, the payments industry is confident that EMV will be adopted in the United States. (Read More)

OpenWay and Thales: Proactive Approach to Security; Press Release


OpenWay, the international vendor of WAY4 card management, channel banking and transaction switching software, has partnered with Thales to integrate its WAY4 platform with the Thales payShield 9000 host security module. In addition OpenWay has joined Thales eSecurity’s Alliance for Solution and Application Providers (ASAP) program for the ongoing sharing of knowledge and solution support. Such advanced partnership results in proactive protection against security threats. It benefits all banks and processors who use Thales host security modules in their WAY4-powered processing of e-commerce transactions. E-commerce volumes will grow significantly by 2014 both in US and Western Europe, as Forrester predicts. (Read More)

Symantec: Android and iOS differ widely on security; Rethink Wireless

Both are built from the start for secure access, unlike PCs, but both have vulnerabilities for enterprise users. (Read More)


Fact sheet and statement to help merchants and developers identify and design applications to process payment transactions within the scope of the PCI standards (Read More)

Password Security Remains Weakest Link Even After Data Breaches; eWEEK.com

Despite repeated reminders to select strong passwords and not to reuse them across Websites and services, online users continue to be frighteningly lax in their password security, according to a recent analysis of leaked passwords. (Read More

Court Favors EMI in Fraud Suit; Bank Info Security

Eighteen months after Michigan-based Experi-Metal Inc. sued its former commercial bank accountholder, Comerica Bank, a U.S. District Court in Michigan has favored the commercial customer. Now Comerica Bank must reimburse EMI more than $560,000 for the funds it lost after the bank approved fraudulent wire transfers that totaled more than $1.9 million. (Read More) 

Secure POS Vendor Alliance Releases Requirements for the Post Manufacturing Stage of a Payment Device; Press Release

The Secure POS Vendor Alliance (SPVA), a non-profit business organization founded by Hypercom (NYSE: HYC), Ingenico S.A. (EURONEXT: ING) and VeriFone (NYSE: PAY) announces the release of standards for the post manufacturing stage of a secure payment device. The new guidelines require that a payment device be properly handled from the moment it is produced to the moment it is loaded with customer keys. (Read More) 

The Tuesday Podcast: Inside The Credit Card Black Market; NPR Planet Money

If you know the right people undefined and if you can get other criminals to vouch for you undefined you can go online and buy huge bundles of stolen credit cards. (Read More)

EMVCo Publishes ‘A Guide to EMV’ as Adoption of the Payment Standard Continues to Increase; Press Release

EMVCo, the EMV® standards body collectively owned by American Express, JCB, MasterCard and Visa, has launched a paper entitled ‘A Guide to EMV’ to provide an overview of the EMV Specifications, processes and the role of the technology within the context of the wider payments industry. The publication, which can be downloaded from www.emvco.com, coincides with the release of EMVCo’s latest deployment figures which state that 40 percent of total payment cards and 71 percent of terminals in circulation globally are based on the EMV standard. (Read More)

25% of Mobile Network Operator survey respondents not PCI DSS compliant; realwire

A survey conducted by Vesta Corporation, a global pioneer and leader in electronic payments, has revealed over a quarter of Mobile Network Operators (MNOs) are not compliant with the Payment Card Industry Data Security Standards (PCI DSS). A further 35% of respondents did not know that financial penalties could be levied for non-compliance by the card associations. (Read More)

ROAM Data Adopts New Visa Mobile Payment Security Best Practices; Press Release

Mobile Payment Pioneer Is First To Announce It Follows All Best Practices Unveiled By Visa On April 27th. (Read More)

The dilemma of measuring fraud in the U.S. payments system; FED Portals and Rails

Growing up, I was fascinated with books about animals, particularly those focusing on totally unique and strange Australian animals. Kangaroos, wallabies, duck-billed platypuses, and spiny echidnas caught my fancy because they were unique, existing nowhere else on the planet. Perhaps one reason I am so fascinated with the U.S. payments system is that it is totally unique and replicated nowhere else in the world. (Read More)


Solution Entirely Eliminates Cardholder Data from Entering SAP Landscape, Drastically Reducing Scope of PCI DSS (Read More) 

Thieves Swipe Debit Card Data; The Wall Street Journal

Brandi Ramundo of West Chicago, Ill., rushed out to a Michaels arts-and-crafts store April 16 to cobble together corsages for her seven-year-old twins, who were going to a father-daughter dance. (Read More) 

Banking on .bank for Security; BANK INFO SECURITY

Seeking to better secure online banking, the American Bankers Association and BITS, the technology policy division of The Financial Services Roundtable, have announced plans to get more involved in the generic Top Level Domain effort. (Read More) 



Accurate Analytics, Innovative Data Management, and Efficiency Cited as Key Factors in the Selection Process (Read More)


Visa Security Summit Focuses on Success in Reducing Fraud and Need for Ongoing Investment to Maintain Momentum; Press Release


Visa Inc. (NYSE: V) opened its fourth Global Security Summit today with a keynote address by chief enterprise risk officer Ellen Richey, in which she applauded the collective progress in making electronic payments more secure from criminals. While acknowledging this important success - achieved through closer industry cooperation, coordination with law enforcement and technological advancements - Richey also warned of future challenges that will require all stakeholders to more rapidly adopt "smarter" technologies and better application of risk-management intelligence. (Read More)


NetSpend Selects Actiance’s Socialite SaaS Platform to Ensure Compliance and Security of Social Media Channels; Press Release

Actiance, enabling the safe and compliant use of unified communications, collaboration and Web 2.0, today announced that NetSpend (NASDAQ: NTSP), one of the country's leading providers of general-purpose reloadable prepaid debit cards, has deployed its Socialite platform. NetSpend selected Socialite for its granular controls of popular social networks, like Facebook and Twitter, and its quick-to-deploy, software-as-a-service (SaaS) configuration. (Read More)

American Express Takes Aim at Identity Thieves With ID Protect Premium; Press Release


As Costs and Time to Recover from Identity Theft Rise, New Service Helps Consumers Fight Fraud (Read More)


TNS Unveils New TNSPay Capabilities; Press Release


One of the World’s Most Widely Used Payment Services Adds Additional Security and Fraud Features (Read More)


PhoneFactor Launches Replacement Program for RSA SecurID Tokens; Press Release


PhoneFactor Offers RSA Customers Impacted By Recent Breach a Program to Expedite Deployment of a Secure Two-Factor Alternative (Read More)


Corporate Account Takeover a New Payments Fraud Threat, AFP Survey Shows; Press Release


For seventh year, survey shows B2B payments fraud high, with checks remaining an easy target (Read More)


Ethoca Partners with NCFTA, Launches FraudStop Service; Press Release

New PCI Certified service that not only helps online merchants reduce fraud losses but also enables them to contribute to research analysis and preventing future frauds. (Read More)

Merchants Still Far From PCI Compliant; ETA

Merchants have made a lot of progress toward PCI Compliance, but if findings from a leading compliance firm are any indication, there still is a long way to go. (Read More)

PCI Delist Move Threatens Mobile Payment Security; StorefrontBacktalk

The PCI Council this week confirmed that it has quietly delisted “multiple” mobile payment applications, although the council didn’t specify a number. This comes as the PCI folk are trying to formulate a mobile strategy, which is likely to take quite a few more months to resolve. Given that retailers can’t put their mobile plans on hold, this puts merchants in a very awkwardundefinedand potentially very insecureundefinedplace. (Read More)

MoneyGram Reveals Strong Results from New Fraud Prevention Tool; Press Release

Software system identifies transactions at high risk for being fraudulent; Since May 2010 MoneyGram has protected customers from losing approximately $22.5 million in fraud. (Read More)

eWise Creates Secure Vault Payments Marketing Advisory Council to Accelerate Growth of New Payment Type; PYMNTS.com

Payments® Marketing Advisory Council with support and participation from NACHA undefined The Electronic Payments Association. Secure Vault Payments is an alternative payment option that offers convenience and security for consumers, allows institutions to receive money faster, and helps keep costly and wasteful paper out of the system. (Read More)

Why U.S. issuers might be reluctant to adopt the EMV standard, FED RPSF Portals and Rails

A hot topic for Portals and Rails and the Retail Payments Risk Forum has been the replacement of magnetic-stripe cards with chip-and-pin cards in the United States. In fact, a recent industry blog labeled my colleague Rich Oliver "the first U.S. banking industry executive to publicly declare that a U.S. migration to the EMV payments standard is inevitable." (Read More)

Credit Card Security: Too Much of a Good Thing? The Wall Street Journal

Used to be, cardholders got hit with a freeze only when they did something really unusual, like buying diamonds in Zimbabwe. But lately, banks seem a little quick on the trigger. While they guard their specific strategies like state secrets, consultants say that these days you might get the freeze if you use the wrong ATM or download an app. (Read More)

ACI Worldwide and Integrated Research Launch Payment Service Management for Fraud Prevention; Press Release

Manage Availability and Performance of ACI Proactive Risk Manager (Read More)

Third-party service provider risk and the Unfair and Deceptive Acts and Practices rule; Portals & Rails

Financial institutions and other financial service providers commonly provide products and services through arrangements with third parties. (Read More)

TNS Launches Enhanced Payment Gateway Service in UK and Ireland; Press Release

An enhanced version of the TNSPay gateway service is being launched in the UK and Ireland by Transaction Network Services (Read More)

Gains made in reducing identity theft, but significant fraud losses still loom; Portals & Rails


Was it a mere coincidence that the day following the release of Javelin Strategy & Research's 2011 Identity Fraud Survey Report, CNBC aired American Greed: Operation Get Rich or Die Tryin'? This show examines Albert Gonzalez's hacking into computer networks of retailers (most notorious, TJX Companies) and a payment processor (Heartland Payment Systems) and the subsequent extensive fraud using compromised credit and debit card information. (Read More)

Can mobile address the rising tide of fraud in card-not-present transactions? FED Retail Payments Risk Forum

Combating fraud in credit and debit card payments is a challenge for all payment system participants, from the banks that issue the cards to the merchants that accept those cards as payments for goods and services. (Read More)

VeriFone’s VeriShield Total Protect Integrated with ISD’s Card Data Security Suite; Press Release

ISD Provides Merchants with Integrated End-to-End Encryption and Tokenization (Read More)

Visa Europe and Foregenix join forces to deliver PCI cardholder data discovery education programme; Press Release

Series of independent webinars will begin in February 2011 (Read More)

ThreatMetrix Partners with ActivIdentity to Add Device Identification Capabilities to Their 4TRESS™ Authentication Appliance; Press Release

ThreatMetrix Fraud Network Enables ActivIdentity Customers to Validate Returning Customers Without the Use of Physical Credentials (Read More)

CardNET Brings VeriFone’s VeriShield Total Protect to Dominican Republic; Press Release

Largest Card Processor in Country Ensures it is the Most Secure with VeriFone’s Card Data Encryption Solution (Read More)

Ensuring security of payment systems a big challenge: RBI; DNA

Reserve Bank of India's deputy governor KC Chakrabarty today said ensuring security of payment systems and protecting customers' funds is the biggest challenge before central banks and payments systems operators. (Read More)

Banks May Soon Require New Online Authentication Steps; CIO

The Federal Financial Institutions Examination Council (FFIEC) could soon release new guidelines for banks to use when authenticating users to online banking transactions. (Read More)

Cisco Issues PCI Compliance Pulse Survey Findings – Results Reveal Changing Views on Data Security Compliance; Press Release

Study Highlights Surprising Attitudes on Compliance, Standards Adoption, and Challenges Meeting PCI DSS Requirements (Read More)

Heartland Payment Systems’ E3 End-to-End Encryption MSR Wedge Facilitates Elimination of PA-DSS Scope for Developers’ Payment Applications and Reduces PCI Scope by up to 69 Percent for Merchants; Press Release

Leading PCI QSA finds a properly deployed E3™ wedge solution is one of the most effective data security controls available today and provides significant scope reduction for merchants and POS developers. (Read More)

ClickandBuy Selects Voltage Security to Address PCI DSS Compliance and PII Data Protection Requirements; Press Release

Leading Global Online Payment Processor Will Use Voltage Tokenization Solutions to Protect Confidential Customer Card and Payment Data (Read More)


Genesco reports payment card criminal intrusion; Chain Store Age


The retailer took immediate steps to secure the affected part of its network (Read More)


PCI QSA Determines Heartland Payment Systems’ E3™ End-to-End Encryption Protocol Can Reduce Payment Card Industry Scope by Up to 79 Percent; Press Release

Assessment Finds a Properly Deployed E3 Solution Can Significantly Mitigate the Risk of Data Compromise and is One of the Most Effective Data Security Controls Available to Merchants Today (Read More)


The next time you call your bank to dispute a fraudulent credit card charge, get ready for some extra hassle. (Read More)

The continuing challenge of workplace fraud in financial services; FED Press Release

Is it true that most economic crimes are committed by insiders? Yes, according to a worldwide study on workplace fraud that the Association of Certified Fraud Examiners' (ACFE) conducted. (Read More)

Shoppers to pay for their goods through the M-PESA service; Prepaid MVNO

In a milestone that is set to re-define the shopping experience, Kenyans can now pay for their goods at supermarkets using the M-PESA service. (Read More)


New Javelin Report on Mobile and Online Identification; Press Release

Online and Mobile Device Identification: Is Your Online Authentication Security Strategy Ready to Go Mobile? (Read More)


PCI Security Council releases Version 2.0 of the PCI Data Security and Payment Application Data Security Standard; Press Release


Feedback from global stakeholders shapes revisions; new standards and website ease implementation for merchants. (Read More)


First Data and VeriFone Collaborate on Data Security Solution; Press Release

Leaders in Payment Card Security Work Together to Offer Complementary TransArmor and VeriShield Technologies to Multi-lane and Petroleum Merchants. (Read More)


DNS – Who's Meeting the Standard: Verizon Releases PCI Compliance Report; The DNS Zone

In its new publication entitled, “Verizon Payment Card Industry Compliance Report,” Verizon focuses on the state of compliance with the Payment Card Industry Data Security Standard (PCI DSS). (Read More)

Over one billion EMV cards now active; finextra

Over a third of the world's payments cards - around one billion - are now EMV with two thirds of terminals - 15.4 million - also on the standard designed to secure transactions at the point-of-sale. (Read More)

ReD predicts major jump in U.S. fraud; The Green Sheet

A new study from payment security firm Retail Decisions Inc. (ReD) indicates card-not-present (CNP) fraud levels are rising in the United States but declining in the United Kingdom - trends that might be correlated. (Read More)

What the eCommerce World Can Expect in 2011; American Chronicle

American Chronicle  As the world climbs out of the global recession, eCommerce is projected to enter a period of strong growth in 2011. The hottest trends will be mobile phone ...(Read More)

In Accepting Mobile Payment, Merchants Face Higher Fraud Risk; MobileBanker

Merchants accepting payments by mobile phones had the highest card-not-present fraud volume in 2009, a Javelin Strategy and Research survey found. (Read More)

Finance apps riddled with security holes - Veracode; finextra

More than half of software applications developed by banks, third party suppliers and cloud service providers contain security weaknesses that would leave them vulnerable to attack by hackers, according to research by software analytics firm Veracode. (Read More)

The PCI Lessons From Google’s Employee Data Breach: Storefront Backtalk

When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager; it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue.  (Read More)

Mexico deploys nationwide voice identification; planet biometrics

Law enforcement agencies across Mexico now have the capability to use an automatic voice identification system as a crime fighting tool. The voice biometrics system - supplied by Russian company, Speech Technology Center - is able to identify speakers by comparing their speech samples to a database of existing voiceprints. (Read More)



Australian payments processor, EFTEX, has significantly boosted its credentials as an industry leader by achieving PCI DSS compliance. This endorsement of EFTEX’s security procedures and policies comes on the back of Third Party Processor accreditation from MasterCard and Visa earlier this year. (Read More)


Western Union Hosts Fifth Annual Anti-Money Laundering & Anti-Fraud Conference; Press Release

ENGLEWOOD, Colo., Sep 14, 2010 (BUSINESS WIRE) -- The Western Union Company (NYSE: WU) is hosting its fifth Annual Anti-Money Laundering & Anti-Fraud Compliance Conference from Sept. 13 to Sept. 16 in Denver. (Read More)

Cybercriminals Creating Nearly 60,000 Fake Websites to Trick and Infect Users Each Week, Reports PandaLabs; The Wall Street Journal

Three-month investigation shows eBay and Western Union together account for nearly half of all malicious sites exploiting brands - Targeted brands strongly correlate with financial transactions and companies storing sensitive consumer data. (Read More)

U.S. has been slow to adopt safer credit card technology; statesman.com

The U.S. is a technology laggard when it comes to credit cards, and experts say international fraud rings are starting to notice. (Read More)

Friend and Foe? Combating E-Commerce 'Friendly Fraud'  E-Commerce Times

“Many merchants feel that friendly fraud is impossible to detect or prevent. The fact is, there are ways to reduce friendly fraud -- and committing to reduce friendly fraud gives you the added benefit of reduced refund rates.” Tricia Philips (Read More)

Best Practices for Data Field Encryption to Protect Cardholder Information in Transit and Storage; VISA Press Release

Cardholder data security continues to be an important issue for all stakeholders in the payment system. (Read More)

ThreatMetrix Opens European Data Center to Support Fast-Growing Global Customer Base; Press Release

Expanded Investment in Europe Translates Into Unprecedented Reliability, Increased Performance, and Faster and More Accurate Fraud Screening (Read More)

Do Pay-By-Smartphone Systems Put Consumers At Risk? The Consumerist

As smartphones like the iPhone or Droid become more popular and more sophisticated, developers are finding new ways for consumers to use these mobile devices to replace existing items like airplane boarding passes, coupons and now credit cards. (Read More)

Bank Combats Fraud by Forcing PIN Debit; NACS Online

In three states Bonneville Bancorp has removed the option of signature debit, thereby admitting that PIN debit is in fact a more secure method of debit card payment. (Read More)

Apple, PayPal Dodge Questions About Ongoing iTunes Scam; MacNewsWorld

PayPal and financial institutions linked to the service apparently are reimbursing consumers for unauthorized charges made to iTunes -- sometimes thousands of dollars -- but neither PayPal nor Apple has much to say about how the scammers are perpetrating the ongoing fraud, or what -- if anything -- can be done to stop them. PayPal directs queries to Apple, while Apple issues its usual stock security response. (Read More)

Up-and-coming mobile technologies raise payment security concerns; Internet Retailer

Retailers should apply same protections to m-commerce as to e-commerce, experts say. (Read More)

Innovation: Mobile malware develops a money bug; New Scientist

“It's a common tale in the computing world: once you achieve popularity you become a target for hackers. And so it was for Android, Google's smartphone operating system.” Gareth Morgan (Read More)

Zeus Trojan Targets Online Banking, Steals $1 Million from British Accounts: Bank Systems & Technology

A sophisticated new Trojan has over the summer caused some $1 million in losses for a British bank by targeting online banking. And it's being billed as the "most dangerous Trojan virus ever created." (Read More)

Security Vendors Turn Focus to Smartphones: eWeek

As recent acquisitions have shown, mobile security is an area of growing interest for enterprises, with remote management and data protection capabilities at the top of the list. (Read More)

Changes to PCI Data Security Standard leave questions unanswered: COMPUTERWORLD

A new version of the PCI Data Security Standard scheduled for release later this year is likely to attract more attention for what it leaves unaddressed rather than what it changes, analysts say. (Read More)

Latest Jailbreak Shows it’s Time to Secure Mobile Commerce: Mobile-Financial.com

Mobile Commerce should get used to security breaches.  They’re a sign of mobile going mainstream. The mobile ecosystem needs to develop security strategies like the computing industry did in response to viruses and phishing. (Read More) 

Mobile Security’s Becoming a Big Deal For CIOs: Retail Banking Insights

Safety’s at the center of mobile device management at bank IT shops, particularly when it comes to access management and worries over hacking, according to a new Forrester report. (Read More)

Security: Top Hacks, Breaches and Compromises of 2010 (So Far): eWeek

This has been a busy year for both hackers and computer forensic specialists. Whether it was the 4 million usernames and e-mail addresses swiped in a hack of The Pirate Bay or AT&T's Website hack that exposed the e-mail addresses of iPad 3G owners, the first six months of 2010 are a reminder of the realities of today's IT security landscape. (Read More)

That Cute Android Wallpaper May Be Sending Your Data to China: E-Commerce Times

What's a nice app like "My Little Pony" doing in Shenzhen? Delivering the personal information of millions of Android users to a mysterious website, that's what. (Read More)

Apple iPhone, iPad Security Goes Into the Toilet and Down the Tubes: CBS BNET

Apple (AAPL) has long had a reputation for creating “secure” computers. But those who used to crow about the safety had better take another look. (Read More) 

Citi Discloses Security Flaw in Its iPhone App By SPENCER E. ANTE, The Wall Street Journal

Citigroup Inc. said its free U.S. mobile-banking application for Apple Inc.'s iPhone contained a security flaw and advised its customers to upgrade to a newer version that corrects the problem. (Read More)

Credit Card Numerology: The Luhn Formula; By Eva Norlyk Smith, Ph.D., CreditCardGuide

Do you ever wonder if it would be possible for someone to create a counterfeit credit card, by making up a credit card number and producing a fake credit card with the number encoded in the magnetic stripe? (Read More)

Fraudsters Like Virtual Goods; By BEN WORTHEN, The Wall Street Journal

Fast-Growing E-Commerce Segment Seems More Vulnerable to Cyber Criminals; (Read More)

vWorker Selects ThreatMetrix Fraud Network to Fight Fraud on Its Online Marketplace; Source: ThreatMetrix

ThreatMetrix Helps Protect the Integrity of the vWorker Brand, Its Ratings System and Ensures That Their Transactions Are Secure (Read More)

Hong Kong's Cashless-Payment Operator Under Fire; BY JEFFREY NG, The Wall Street Journal

The operator of a Hong Kong cashless payment system has come under fire after it reversed itself and admitted to selling the personal data of nearly two million customers to business partners, sparking public demands for better regulation of how personal information is handled. (Read More)

Banks anti-fraud measures a top concern for US customers; Source: DeticaNetReveal

Detica NetReveal® and Ipsos MORI survey illustrates account-fraud as top-of-mind for nearly 50% (Read More)

A Bad Week for Higher Ed Security Breaches; Source: The Security Blog

This past week has been a bad one for security breaches in Higher Ed. A few days ago I read about the University of Hawaii - Manoa data breach affecting about 53,000 people. (Read More)

Kansas City Federal Reserve White Paper

The Changing Nature of U.S. Card Payment Fraud (Read More)

Investor, TJX settle suit over data theft; By Hiawatha Bray, The Boston Globe

TJX Cos., which owns the T.J. Maxx and Marshalls discount retail chains, has settled an investor lawsuit related to the theft of millions of its customers’ credit card numbers. (Read More)

Credit Card Hackers Visit Hotels All Too Often; By JOE SHARKEY, The New York Times

HERE’S something that the struggling hotel sector prefers not to spotlight: it is a favorite target of hackers. (Read More)

Heartland ramps up first end-to-end encryption; By Ellen Messmer, Network World

 Heartland Payment Systems, the victim last year of a massive data breach of sensitive card data, vowed after that devastating event to develop new security gear based on end-to-end encryption between itself and its merchants to prevent such a breach from occurring again. That's now taking shape, but slowly. (Read More)

TNS Helps Industry Strengthen Payment Transaction Security; Source: TNS

Transaction Network Services (NYSE:TNS) is playing an increasing role in helping acquirers and merchants protect sensitive cardholder information as payment transaction security continues to be a major issue for everyone involved in the industry. (Read More)

Do You Know Where Your Employee’s Smartphone Is? New Unisys-Sponsored Research Shows IT Organizations Are Playing Catch-Up With Rapid Growth of Consumer Technologies in the Workplace; Source: UNISYS

New global studies reveal organizations are not adequately prepared to manage, support and secure consumerization of IT in the enterprise (Read More)

New PCI DSS Guide for Merchants; Source: PCI DSS Compliance Blog

The guide is intended to provide simple and quick information security steps for small to mid-size merchants that accept credit and/or debit cards as a form of payment. (Read More)

Chip-and-PIN fraud gang jailed; By Tom Espiner, ZDNet

A gang of four Londoners have been jailed for a Chip-and-PIN fraud operation which netted £725,000. (Read More)

Square Suspends Reader Shipments To Deal With Credit Risk And Fraud Issues; Source: mocoNews.net

When Twitter co-founder Jack Dorsey unveiled his latest start-up, Square, in December critics harped that the company, billed as a mobile payments solution that would disrupt the traditional credit card processing world, didn’t get how complicated the payments space is, or how risky. Now, it appears, Dorsey has admitted as much. (Read More)

iovation Partners with Failsafe Payments to Expand Fraud Protection for Merchants; Source: iovation

PORTLAND, Ore.- June 17, 2010 – iovation, provider of the world’s first device reputation service for preventing online fraud and abuse, today announced a partnership with Failsafe Payments to protect merchants and merchant service providers (MSPs) using Certo Payment Gateway. (Read More) 

Leading Colombian Payment Processor and Aggregator Pagosonline Drives South American Business Expansion Using ThreatMetrix to Control Online Fraud; Source: ThreatMetrix

By Helping to Reduce Customers' Fraud Rates, Pagosonline Improves Its Corporate Brand Image and Ability to Sell More (Read More)

June 14, 2010

10 of the Top Data Breaches of the Decade; How Does iPad Security Breach Compare to Others? By KI MAE HEUSSNER,  ABC News

The Internet cried foul last week when news broke that an AT&T security breach exposed the e-mail addresses of at least 100,000 owners of Apple's iPad 3G. (Read More)

June 14, 2010 Press Release

FIS to Acquire Compliance Coach, Inc. Source: FIS

Deal Positions FIS as Premier Provider of Regulatory Compliance Services  (Read More)

June 10, 2010

One Man's Quest To Foil Hackers; By Maureen Farrell, Forbes.com

Identity fraud costs $54 billion a year. Robert Carr aims to alleviate some of that pain. (Read More)

June 10, 2010

Computing with Secrets, but Keeping them Safe; By Tom Simonite, Technology Review

A cryptographic method could see cloud services work with sensitive data without ever decrypting it. (Read More)

June 9, 2010

Mobile banking: Threshold of concern, threshold of alarm and the zone of comfort; By Jan Chipchase, CGAP

Not all transactions are created equal: the very last dollar in your wallet has a higher value than when there’s a stack of notes; an online transaction completed at home has different security implications than one completed in an internet cafe. Service designers have long recognized the need for extra checks and balances for ‘risker’ transactions - and these are typically reflected by levels of authentification. From a user’s perspective we’ve found it useful to frame transactions in terms of thresholds of concern and thresholds of alarm. (Read More)

June 8, 2010 Press Release

Elavon Expands its Powerful Suite of Security Solutions; Source: Elavon

Elavon, a wholly owned subsidiary of U.S. Bancorp (NYSE: USB) and a leading global payments provider, has chosen to extend its comprehensive security solutions suite by adapting technologies from Semtek and Voltage Security to include end-to-end encryption capabilities for its acquiring and gateway solutions. Additionally, Elavon has developed advanced tokenization schemes that will allow merchants to securely access card data for future transactions. (Read More)

June 7, 2010 Press Release

Gemalto Achieves Additional MasterCard Accreditation With its Consulting Services; Source: Gemalto

Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, announced receiving MasterCard accreditation for its Gemalto Consulting Services. As the first digital security company to join the MasterCard M/Chip Accredited Third Party program, this accreditation officially endorses Gemalto’s consulting capabilities and its vendor-independent services in contact and contactless deployments worldwide. (Read More)

June 1, 2010 Press Release

MagTek Responds to the SPVA's Recently Published E2E Guidelines; Source: PR Leap

MagTek, Inc., a well known leader in payment security, today responded to the Secure POS Vendors Alliance and its published guidelines on the application of encryption technology (E2E) to payment card data used for retail financial transactions. The guidelines establish an auditable set of requirements that can be used to validate cardholder data security across the many entities that participate in the transport of payment card data. (Read More)

June 1, 2010

Is U.S. Ready for Chip & PIN? Source: BankInfo Security

EMV Chip Cards Are Here, But Debate is About Security Vs. Cost (Read More)

May 28, 2010 Press Release


Top Tier Merchants and the Challenge of Card Data Security; Source: Mercator Advisory Group


New insight into the issues posed by PCI and card number security for merchant category leaders provides guidance and cautions. (Read More)


May 25, 2010 Press Release

PhoneFactor and Fiserv Partner for Phone-Based Multi-Factor Authentication; Source: PhoneFactor

New Option for Secure User Authentication will be Available through the Corillian Online Banking Solution from Fiserv. (Read More)

May 25, 2010 Press Release

ID Analytics Secures Identity-Based Fraud Detection Patent; Source: ID Analytics

Company Receives Third Patent from U.S. Patent and Trademark Office for New Detection System and Method Using Historical Identity Records (Read More)

May 25, 2010 Press Release

VeriFone Offers Payment Security Monitoring Service to Foil Criminals; Source: VeriFone

VPAS - VeriFone PED Authentication Service – Detects Presence of Rogue Devices Installed to Hijack Payment Data Information. (Read More)

May 19, 2010 Press Release

Heartland Payment Systems® and MasterCard Agree to $41.4 Million Intrusion Settlement: Source: Heartland Payment Systems

Company has now reached breach-related settlements with three major card brands. (Read More)

May 12, 2010 Press Release

VeriSign and Bank Associates Merchant Services Bring Extended Validation SSL to More Merchants: Source: VeriSign

BAMS to Now Offer VeriSign EV SSL With E-Commerce Processing Solutions (Read More)

May 11, 2010 Press Release

ID Score® Account Takeover Accurately Pinpoints Account Takeover at Any Point in the Customer Lifecycle; Source: ID Analytics

New Solution Incorporates Comprehensive Assessment of Identity Risk to Reduce Fraud-Related Expenses and Minimize Customer Friction (Read More)

May 4, 2010 Press Release

SoundBite Communications Introduces Real-Time, Interactive Fraud Management Solution for Card Issuing Banks; Source: SoundBite

Leading Issuing Bank Implements Solution to Enhance Fraud Resolution Efficiency and Effectiveness (Read More)

May 4, 2010

Former Con Man Helps Feds Thwart Alleged ATM Hacking Spree; By Kevin Poulsen, Threat Level

A North Carolina grocery worker is being held without bail in Houston on attempted computer hacking charges after inadvertently partnering with an undercover FBI agent in an alleged citywide ATM-reprogramming caper. (Read More )

May 3, 2010

P2P Payments: What You Need to Know;  Early-Adopters Discuss Security Considerations Behind New Trend; By Linda McGlasson, Bank Info Security

U.S. banking institutions are quickly adopting the new, simple payment solution called "Person-to-Person" for customers to send money to family and friends via email or text message. At the top of the list for reasons to deploy this new mobile payments solution: Customer convenience. (Read More)

April 30, 2010 Press Release


These details show why ONLY the proposed ID KEY system will reduce all fraud crimes to virtually ZERO simply by making outdated signature and PIN systems reliable. (Read More)

April 29, 2010

RBS chief victim of credit card fraud; Source: WalesOnline

Banking chief Sir Philip Hampton has been a victim of credit card fraud, he revealed. (Read More)

April 28, 2010 Press Release

Entrust Brings Strong Authentication to Mobile Devices - Versatile Authentication Platform Secures Consumer and Enterprise Environments; Source: Entrust

Entrust IdentityGuard Mobile enables strong enterprise authentication while protecting against latest malware threats. (Read More)

April 28, 2010 Press Release

BillMyParents Uses ThreatMetrix to Stop Fraud While Facilitating and Protecting Teen Online Spending; Source: ThreatMetrix (Read More)

Leading Online Teen Payments Solution is Able to Take More Orders with Less Friction While Determining Who Is and Who Isn’t a Fraud Threat

April 28, 2010 Press Release

Media Alert: nuBridges’ Gary Palgon to Instruct IT Pros on Data Security Challenges; Source: Nubridges

nuBridges information security expert Gary Palgon will address three timely data security challenges that IT professionals are facing throughout the extended enterprise at COMMON 2010 at the Hilton Orlando. Palgon will discuss how a new data security standard, tokenization, can be used alone or to augment encryption to protect cardholder and personally identifiable information in an IBM i-centric organization; how today’s secure B2B gateways and Managed File Transfer technology can help companies to create a data exchange infrastructure that will ensure compliancy with current and future data security regulations; and why being compliant with data security mandates and laws doesn’t ensure security. (Read More)

April 26, 2010

India is no. 3 haven for hackers; By Debjoy Sengupta, ET Bureau

KOLKATA: India may be poised to become a software superpower by 2020, but it has already emerged as one of the top three spawning grounds for Web-based attacks. (Read More)

April 23, 2010


Blippy’s Response To Credit Card Data Breach: “It’s A Lot Less Bad Than It Looks”; By Jason Kincaid, TechCrunch

Earlier today, VentureBeat detailed a major Blippy privacy breach that exposed user credit card information to search engines. The breach appears to have occurred on a small scale undefined Blippy believes that only four users had their credit cards compromised undefined but the fact that it happened at all is unsettling. After all, Blippy’s service asks users to entrust it with their credit card information (and in some cases, their credentials for online services) undefined it is of paramount importance that Blippy keep that data secure. (Read More

April 22, 2010 Press Release


2010 Payments Fraud and Control Survey; Source: Association for Financial Professionals

B2B payments fraud is still a threat to US organizations, but many are employing fraud control measures to keep it at bay. A majority of organizations experienced attempted or actual payments fraud in last year. However, most now employ measures to combat these threats, using a combination of account-level solutions and services provided by their banks. The 2010 Payments Fraud and Control Survey is underwritten by J.P. Morgan. (Read More)

April 22, 2010 Press Release

Latest Release of Kount Complete Propels Fraud Control Technology Forward; Source: Kount Inc.

New version of powerful fraud-fighting solution gives merchants additional tools to stay ahead of fraud. (Read More)

April 20, 2010

Lesser-Known Vulnerabilities of Mobile Payments By Penny Crosman, Bank Systems & Technology

I recently read the following sentence in an email and was alarmed: "Hackers can extract cryptographic keys from smart-card enabled credit cards and payment devices by monitoring the card's power consumption while in use." It turns out that this vulnerability was discovered in the mid-1990s. "There are elements of it that have been reasonably well solved by the payments industry and there are elements where the story is not yet finished," says Benjamin Jun, vice president of technology at Cryptography Research, which originally discovered the power-based fraud, which is technically known as DPA, for Differential Power Analysis. Jun spoke to Bank Systems & Technology this afternoon in a phone interview. (Read More)

April 20, 2010 Press Release

Vindicia Changes Market Dynamics of PCI Compliance; Hosted Order Automation Eliminates PCI Burden and Delivers Millions in Savings for Online Merchants; Source: Vindicia

Vindicia today announced the availability of its new Hosted Order Automation (HOA) capabilities as part of the Vindicia CashBox™ solution. By using HOA in CashBox, online merchants are able to completely offload PCI compliance to Vindicia while maintaining complete control over their customers' buying experience. HOA allows merchants to accept credit cards on their own order pages, maintain complete control over their customer data, and create a compelling online experience for their customers without ever touching a credit card and subjecting themselves to PCI regulations.  (
Read More)

April 15, 2010

New PCI Changes: Network Segmentation, One-Way PAN Hashing; By Walter Conway, StoreFrontBackTalk

When the new version of PCI becomes the law of the card-processing land in October, it will include new rules and clarifications on a wide range of key retail payment complaints. Among the top changes, according to PCI officials, are: a requirement that retailers must perform extensive searches for cardholder data across all their networks and systems; clarification on strong one-way hashing of PANs; a move to a three-year PCI lifecycle; clarification on what constitutes acceptable network segmentation; new wording on what constitutes cardholder data; and the applicability of PCI for card issuers. (Read More)

April 15, 2010 Press Release

Top 3 Israeli banks roll out customer facing Voice Biometrics technology by PerSay;  Source: PerSay Voice Biometrics

Voice Biometrics is poised to become mainstream authentication technology for remote services and applications (Read More)

April 13, 2010

Ingenico and Element Form a Strategic Partnership to Secure End-to-End Transaction Processing; Source: The Wall Street Journal

Partnership Benefits Merchants and Software Providers by Reducing the Scope, Risk, and Cost of Implementing and Maintaining PCI DSS Controls (Read More)

April 12, 2010

Man-in-the-Middle Attacks Against SSL; By Matt Blaze, Schneier on Security

A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much. (Read More)

April 9, 2010 Press Release


MICROS Partners with Trustwave to Offer its Clients Additional PCI Compliance Tools; Source: TrustWave

Additional Layer of Security Enhances Existing Tokenization Solution to Help Manage PCI DSS Compliance (Read More)


April 8, 2010

Italy central bank orders stop to new AmEx cards; By FRANCES D'EMILIO, Associated Press

ROME undefined Italy's central bank on Thursday ordered a stop to the issuance of new credit cards by American Express in the country until the company can improve compliance with laws combating money laundering and usury. (Read More)

April 8, 2010

Cloud security best practices foster rapid deployments; By Laura Smith, CIO News

Other companies have shied away from cloud computing because of security concerns, but the Sun National Bank subsidiary of Sun Bancorp Inc. has taken a pragmatic approach to taking advantage of the cloud's potential for rapid deployment. That approach isn't just a matter of connecting routers and VPNs, the bank's CIO said, but a detailed series of cloud security best practices for partner evaluation, risk assessment and contractual negotiation. (Read More)

April 6, 2010 Press Release

ThreatMetrix to Showcase Leading Online Fraud Detection Solutions at April 13 – 15 Electronic Transactions Association Annual Meeting and Expo in Las Vegas; Source: ThreatMatrix

ThreatMetrix™, a fast growing provider of fraud detection solutions that do not require personally identifiable information (PII), today announced that it will be exhibiting in Booth 856 at the 2010 Electronic Transactions Association (ETA) Meeting and Expo, April 13 – 15, at the Mandalay Bay & Casino, Las Vegas, Nevada. (Read More)

April 6, 2010 Press Release

Heartland Payment Systems and OpenBook Bring State-of-the-Art Data Security to Lodging Industry; Source: Heartland Payment Systems

Heartland Payment Systems(R) and OpenBook(R) -- a division of Yellowstone Hotel Systems -- plan on delivering secure payments to the hotel and lodging industry by integrating Heartland's E3(TM) end-to-end encryption solution with OpenBook's property management software. Heartland is one of the nation's largest payments processors and the American Hotel & Lodging Association's official preferred provider of card processing, check management, payroll and tip management services.  (Read More)

April 6, 2010

Visa reports rise in retail terminal key-logger attacks; By Gill Montia, Banking Times

Visa has recently alerted its transaction processing members and their clients to an increase in keylogger attacks involving retailers. (Read More)

April 6, 2010

Oyster card upgrade underway; Source: ContactlessNews

Transport for London, issuer of the popular Oyster Card, is in the process of upgrading to new, more secure cards. (Read More)

April 1, 2010 Research

Data Security Top Concern for Merchants Yet First Data Survey Finds Many Merchants Unaware of Consequences, Solutions; Source: First Data

First Data recently conducted a survey asking merchants about data security. Not surprisingly, it is a universally important issue: More than 80% of small and midsize merchants described themselves “very concerned” about payment card security. But these merchants’ experiences with data violations differ vastly, as does their understanding of the consequences of a breach. (Read More)

March 26, 2010

TJX hacker Gonzalez gets 20 year jail term; Source: finextra

Computer hacker Albert Gonzalez has been sentenced to 20 years in prison for masterminding a string of cyber-attacks on retailers, including TJX, which resulted in the theft of tens of millions of payment card details (Read More)

March 25, 2010

Heartland Preps for Its Big End-to-End Encryption Rollout; Source: Digital Transactions

Merchant acquirer Heartland Payment Systems Inc.’s sales force will begin selling the company’s new end-to-end encryption system in the second quarter following testing that began last June, the company says. Heartland also says several terminal manufacturers are integrating the technological protocols of its system, which was developed by Voltage Security Inc., into their own hardware. (Read More)

March 26, 2010

TJX hacker Gonzalez gets 20 year jail term; Source: finextra

Computer hacker Albert Gonzalez has been sentenced to 20 years in prison for masterminding a string of cyber-attacks on retailers, including TJX, which resulted in the theft of tens of millions of payment card details (Read More)

April 1, 2010 Research

Data Security Top Concern for Merchants Yet First Data Survey Finds Many Merchants Unaware of Consequences, Solutions; Source: First Data

First Data recently conducted a survey asking merchants about data security. Not surprisingly, it is a universally important issue: More than 80% of small and midsize merchants described themselves “very concerned” about payment card security. But these merchants’ experiences with data violations differ vastly, as does their understanding of the consequences of a breach. (Read More)

March 30, 2010

Card Fraud in the United States: The Case for Encryption; Source: Aite Group

The card industry should focus on encryption technologies, cutting off the source of card data for criminal networks. (Read More)

March 29, 2010

U.K. online credit card fraud to be handled by specialist team; Source The Thrifty Scot

Over recent years a rising number of people have started to go online in order to conduct their financial affairs, using the Internet to do everything from their day to day banking to dealing with their credit card accounts. (Read More)

March 26, 2010

Security flaw found in new chip credit cards; Source: 3news.co.nz

A British university has identified security flaws in new chip and Pin credit cards that banks in New Zealand are about to introduce. (Read More)

March 26, 2010

Leader of Hacking Ring Sentenced for Massive Identity Thefts from Payment Processor and U.S. Retail Networks; Source: U.S. Department of Justice

The leader of the largest hacking and identity theft ring ever prosecuted by the U.S. government has been sentenced to 20 years and one day in prison for his role in a series of hacks into a major payment processor and several retail networks, announced Assistant Attorney General for the Criminal Division Lanny A. Breuer; U.S. Attorney for the District of Massachusetts Carmen Milagros Ortiz; U.S. Attorney for the Eastern District of New York Benton J. Campbell; U.S. Attorney for the District of New Jersey Paul J. Fishman; and Director of the U.S. Secret Service Mark Sullivan. (Read More)

March 25, 2010

Heartland Preps for Its Big End-to-End Encryption Rollout; Source: Digital Transactions

Merchant acquirer Heartland Payment Systems Inc.’s sales force will begin selling the company’s new end-to-end encryption system in the second quarter following testing that began last June, the company says. Heartland also says several terminal manufacturers are integrating the technological protocols of its system, which was developed by Voltage Security Inc., into their own hardware. (Read More)

March 25, 2010

Credit card companies play security catchup; By ROELAND VAN DEN BERGH, The Dominion Post

Rising fraud and the Rugby World Cup have pushed credit card companies to ditch magnetic swipe cards in favour of more-secure chip cards from next month. (Read More)

March 25,2010

Dave & Buster's Settles FTC Charges it Failed to Protect Consumers' Information; More than 130,000 Customers' Credit or Debit Cards Compromised; Source: Federal Trade Commission

Entertainment operation Dave & Buster’s, Inc. has agreed to settle Federal Trade Commission charges that the company left consumers’ credit and debit card information vulnerable to hackers, resulting in several hundred thousand dollars in fraudulent charges. Dave & Buster’s operates 53 restaurant and entertainment complexes across the country under the names Dave & Buster’s, Dave & Buster’s Grand Sports Café, and Jillian’s. (Read More)

March 25,2010 Press Release

Heartland Payment Systems® E3TM Data Security Protocol Adopted by Leading Payments Manufacturers; Source: Heartland Payment Systems

Several of the world’s leading electronic payments system manufacturers are working with Heartland Payment Systems® (NYSE: HPY), one of the nation’s largest payments processors, to ensure their point-of-sale (POS) devices and other payments platforms offer the highest level of data security to businesses that accept credit and debit card payments. These manufacturers are integrating Heartland’s E3™ protocol, an industry-leading end-to-end encryption solution that leverages Voltage SecureData™ encryption and key management technology. End-to-end encryption is considered the most effective security method available for protecting cardholder data. (Read More)

March 24, 2010

New fraud alerts available for Wells Fargo cardholders; By PETER EICHENBAUM, Bloomberg News

Wells Fargo & Co. executive Kevin Rhein got a firsthand taste of credit-card fraud while walking on a treadmill at home in Minneapolis: An alert on his Blackberry showed his card was used to buy a $1,500 laptop in Las Vegas. (Read More)

March 24, 2010

The Spy in the Middle; are SSL certificates even more broken than we thought? By Matt Blaze, Exhaustive Search

A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much. (Read More)

March 24, 2010 Press Release

Kansas City Federal Reserve Seeks Input for Payment Card Fraud Survey; Source: NACS

The Kansas City Federal Reserve, with the assistance of NACS, has designed a study on payment card fraud that will look closely at fraud-related charge-backs imposed on merchants from all U.S. market segments. NACS is partnering with the Kansas City Federal Reserve to distribute this survey to convenience and petroleum retailers to assist in efforts to fully disclose industry costs associated with card payment, and to advocate for efficient card payment systems. (Read More)

March 23, 2010

U.S. Aims to Bolster Overseas Fight Against Cybercrime; By SIOBHAN GORMAN, Wall Street Journal

The alleged Chinese cyber attacks on Google have spurred proposals at the State Department and on Capitol Hill to establish an ambassador-level cyber security post and to tie foreign aid to a country's ability to police cybercrime. (Read More)

March 18, 2010

Security concerns may be holding back social-media apps; By: Daniel Taylor, oDesk

Social networks are all the rage among web users and developers alike – but increased social-media uptake may be held back by consumers’ security worries. (Read More)

March 17, 2010

E-Commerce Merchants Take on More Risk in Search of More Sales; Source: Digital Transactions

With the economy still shaky, some established online merchants are branching into new product lines in search of incremental revenue, and that can create problems if the merchants don’t work closely with their acquirers, Bob Nadeau, group executive at Chase Paymentech Solutions LLC, tells Digital Transactions News.  (Read More)

March 17,2010

Managing Online Payment Security, Compliance with Cloud-Based Tool; By Marisa Peacock, CMS WiRE

PCI (Payment Card Industry) compliance standards protect personal information and ensure security when transactions are processed using a payment card. Thanks to ClearPoint Metrics new PCI compliance management solution, organizations can manage PCI compliance risk more effectively, and reduce the cost of auditing and reporting. (Read More)

March 17, 2010

5 Burning Questions: Gemalto's VP & General Manager of Secure Transactions, Jack Jania; Source: PYMNTS.com

In this exclusive NEXTcast interview, Jack Jania of Gemalto sat down in the PYMNTS.com Hot Seat to discuss the 5 burning questions on risk and fraud. (Read More)

March 17,2010

30 Second Fraud Checklist for Ecommerce Merchants; Source: The Merchant Account Blog

Credit card fraud and online ordering fraud has hampered ecommerce merchants since the first credit card payment was taken over the internet. Because fraud is still successful, and because there is virtually no way to go after someone you suspect of fraud, it is still a plague to website owners trying to run a business on the internet. (Read More)

March 15, 2010


FBI: Internet Fraud Cost $559 Million in 2009; Source: eWeek.com

A new report from the Internet Crime Complaint Center, a joint effort by the FBI and the National White Collar Crime Center, found the amount of losses from cyber-crime doubled in 2009, and those between the ages of 30-49 were hardest hit. (Read More)


March 12, 2010

FBI: Internet fraud losses more than doubled in 2009- FBI report says e-mail scams, identity theft, spam causing most pain; By Layer 8 by Michael Cooney; Source: NETWORKWORLD

The Federal Bureau of Investigation's annual wide-ranging look at Internet crime found that online crime is indeed paying off - for the criminals as it cost users $559.7 million, up from $265 million in 2008. Further, the agency's Internet Crime Complaint Center (IC3) Web site received a total of 336,655 complaints about online problems, a 22.3% increase over 2008. (Read More)

March 11, 2010

Online fraud levels increase as positive signs are seen over card fraud; A decline in the amount of card fraud is a positive, but UK cardholders should remain vigilant. By Dan Raywood, SC Magazine

Figures released by the UK Cards Association showed that total fraud losses on UK cards fell by 28 per cent between 2008 and 2009 to £440.3 million – a decrease of £170 million on the previous year's total. (Read More)

March 10, 2010

Online banking fraud 'suffers increase'; Source: BBC News

Fraudsters are continuing their switch from traditional card fraud to raiding online bank accounts, according to new research. (Read More)

March 10, 2010

Why debit card criminals may soon migrate from Canada to the USA; By Jonathan_Chevreau, Financial Post

My column in the FP today and various Canwest dailies -- Thieves hit my bank account -- describes the rising incidence of debit card fraud in Canada. Here's some data that didn't make it into the column but supports my contention that the rise of debit card fraud is near "epidemic" proportions. The data -- from the web site at www.interac.ca -- shows the number of Canadian debit card holders who had to be reimbursed for losses almost quintupled between 2004 and 2009.  (Read More)

March 10, 2010

Biometrics: What, Where and Why; By Mary Brandel, CSO Online

Biometrics are slowly gaining acceptance. Here's a look the most common forms and uses of biometrics and the forces shaping the market. (Read More)

March 9, 2010

Big Merchants Pay $225,000 on Average for PCI Audits, Study Says; Source: Digital Transactions

Getting an annual assessment to determine their compliance with the Payment Card Industry data-security standard costs big merchants an average of $225,000, but some pay $500,000 or more and others much less, according to a new research report by Ponemon Institute LLC. The report also says that only about 2% of card-accepting merchants fail their Payment Card Industry data-security standard (PCI) audits, but more than 40% might fail if they weren’t allowed to use “compensating controls” that often are effectively temporary fixes. (Read More)


March 4, 2010

PCI tokenization push promising but premature, experts say; By Robert Westervelt, SearchSecurity.com

Tokenization technology has the potential to protect credit card data while reducing the scope of a PCI DSS assessment, but a lack of standards and some complexity issues are cause for concern, panelists said Wednesday, at RSA Conference 2010. (Read More)

March 4th, 2010

Cyberthieves Using Bluetooth To Steal Gas Station Credit Card Data; By Evan Schuman, StorefrontBacktalk

When cyberthieves plant skimming devices inside POS PIN pads, they typically have one of two headaches. First, they have to return to the scene of the crime to retrieve the device and its stolen data, which is dangerous. If the thieves use the device to wirelessly phone the data to one of their own, it’s safer initially. But if that data is detected and examined, it could lead law enforcement right to the culpritsundefineda.k.a., problem number two. (Read More)

March 3, 2010

Is Microsoft redeeming itself on security issues? By Robert Mullins, NETWORKWORLD

When Christian Christiansen, an IDC IT security analyst, was briefed by people at Microsoft before the company launched its Trustworthy Computing initiative eight years ago, he was frank: "I told them 'You know it's going to take you 10 years to even start to change widespread customer opinion about how bad you are.'" (Read More)

March 2, 2010 Press Release

NIST Releases Guide for Applying the Risk Management Framework to Federal Information Systems; Source: National Institute of Standards and Technology (NIST)

The final publication of the Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST Special Publication 800-37, Revision 1) is now available on the National Institute of Standards and Technology’s (NIST) Computer Security Resource Center (csrc.nist.gov). (Read More)

March 1, 2010

Bank fraud rises 10% in 2009 New report reveals high risk of identity fraud; Source: Which?

New data has revealed that the level of bank account fraud in the UK rose by almost 10% in 2009. According to CIFAS, the UK’s fraud prevention service, 80,105 cases of bank account fraud were filed in 2009 – compared with 72,988 cases in 2008. This increase contributes to the overall rise in identity fraud recorded by CIFAS, which saw the number of incidents increase by 32% last year. (Read More)

Feb. 26, 2010

Credit Card Crooks Like to Shop at Best Buy, Target, Amazon; By DALIA FAHMY, ABC News

Chainsaws, Rogaine and X-Box consoles: these are a few of thieves' favorite things. So don't be too surprised if you get a phone call from your credit card company asking if you've suddenly gone bald. (Read More)

February 26, 2010 

Wyndham Hotels Hacked Again; By Robert McMillan, IDG News Service; Source PC World

Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data. (Read More)

February 25, 2010

Smaller, safer, easier, smarter – Todos AB unveils new products; Source: todos

Welcome to the next generation of e-banking and e-commerce security. Todos AB unveils online authentication devices that take security, convenience, flexibility and style to new levels (Read More)

February 25, 2010

Paying at the pump could cost extra thanks to skimmers; By Josh Smith, WalletPop

We've all heard of crooks installing skimmers on ATM machines to steal debit card information, including pin numbers, but a new scheme has been uncovered that is much harder to detect and it happens at a place you might equate with highway robbery -- the gas pump. Reports have come in from across the country of debit card skimmers inside gas pumps that record your debit card number, including PIN, and send it wirelessly to a crook who then makes a fake card and helps himself to your money. (Read More)

February 25, 2010

ATM Skimming: How to Recognize Card Fraud; By Joan Goodchild, CSO Security and Risk

Criminals are increasingly turning to card skimming as a profitable way to steal cash. Would you know what to look for at your local ATM? (Read More)

February 24, 2010

Do Companies Need Fed Cybersecurity Intervention? By Richard Adhikari, E-Commerce Times

The former U.S. director of national intelligence was the latest in a long line of intel gurus telling Congress how woefully under-protected America's infrastructure is from cyberattacks. The Senate is currently mulling the U.S. Cybersecurity Amendment Act of 2009 and considering how much new regulation the government may need to introduce in the name of national security. (Read More)

February 24, 2010

The Cost Of A Breach, Heartland Style: At Least $129 Million; Might Be $229 Million; By Evan Schuman, StorefrontBacktalk

In its latest financial report, Heartland Payment Systems reported that it dropped $129 million on data breach costs last year (an incident that briefly placed Heartland on Visa’s Bad Breach Boy list). The company added that it still has a reserve of $100 million for additional expenses. (Read More)

February 23, 2010


ActivIdentity Empowers Innovative Cloud-Based Digital Identity Service; Source: CNNMoney


Company's Credential Management Solution Selected by idOnDemand to Simplify Issuance and Management of Digital Credentials (Read More)


February 17, 2010


Privacy, Security & Convenience on a Collision Course

Consumer protect yourself. That’s the big takeaway from a new report by Javelin Strategies that was supported by the Better Business Bureau found that the number of identity fraud victims in the United States has jumped by 12 percent to 11.1 million adults – the highest increase to-date since the survey started in 2003 – while the total overall fraud amount increased by 12.5 percent to $54 billion.  (Read More)


February 12, 2010 Press Release

Deluxe Unveils Comprehensive Suite of Identity Theft Protection Solutions for Financial Institutions; Deluxe Provent Helps Lower Risk, Strengthen Account Holder Relationships; Source: Deluxe Corporation

With powerful tools to help prevent and respond to identity theft, Deluxe Corporation (NYSE: DLX), a business partner to nearly 6,400 financial institutions in North America, introduces Deluxe Provent(SM) - a flexible, integrated suite of identity theft protection solutions. (Read More)

February 11, 2010 Press Release

ThreatMetrix to Demonstrate Leading Fraud Prevention Solutions for Etailers at Merchant Risk Council Conference; New Report Says 45% of Large Merchants Plan to Add Device Fingerprinting Technology Solutions in Next 12 Months; Source: ThreatMetrix

ThreatMetrix™, the fastest growing provider of device identification solutions for preventing online fraud, today announced it will demonstrate new fraud prevention solutions for etailers at the
Merchant Risk Council e-Commerce Payments and Risk Conference, March 16 – 18, in Las Vegas. On display in Booth 604 will be fraud prevention solutions that extend ThreatMetrix’ leadership position in device identification, a technology that leverages the “fingerprint of a computer” to determine if an online transaction is legitimate or fraudulent. (Read More)

February 11,2010

Oxford scientists develop security protocol for m-payments; Source: finextra.com

Isis Innovation, the University of Oxford's technology transfer company, is looking for commercial partners to help develop a new cryptographic application for securing person-to-person mobile payment transactions. (Read More)

February 11, 2010

Cambridge researchers show that the Chip and PIN system is vulnerable to fraud

Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond, researchers at the Computer Laboratory, University of Cambridge, have shown that flaws in the Chip and PIN system allow criminals to use stolen credit and debit cards, without knowing the correct PIN. (Read More)

February 10. 2010 Press Release

Javelin Study Finds Identity Fraud Reached New High in 2009, but Consumers are Fighting Back; Source: Javelin Strategy & Research

Identity Fraud Affected 11 Million Americans in 2009; Proactive Measures by Financial Institutions, Businesses and Consumers Helped Decrease Costs; Increase in Prosecutions and Convictions (Read More)

February 9, 2010 Press Release

UK Online Fraud Report 2010; Source CyberSource

The most comprehensive guide to UK online fraud is out now and available to download. (Read More)

February 9, 2010 Press Release

Voltage Security Announces Profitable Year with Increased Momentum Across Product Lines; Over 70% Revenue Growth for Fiscal Year

Voltage Security™, the global leader in end-to-end data protection, today announced financial results for the fiscal year ending January 31, 2010. With growing market acceptance of its broad set of encryption solutions, including Voltage SecureData™, its end-to-end encryption product line for enterprise and payment applications, Voltage completed four quarters of year-over-year revenue growth, and three consecutive quarters of profitability and cash generation from operations, resulting in over 70% revenue growth for the fiscal year. The company also was cash flow positive from operations and profitable for the fiscal year. (Read More)

February 8, 2010 Press Release

ID Watchdog Announces Revolutionary New Product that Provides Instant Feedback on ID Theft

idCHECK Makes Identity Theft Analysis Quick, Easy, and Affordable for Every Individual – and is Available for Free for a Limited Time (Read More)

February 8, 2010 Press Release

Bob Carr Appointed to the Secure POS Vendor Alliance Board of Directors; Heartland Payment Systems' Chairman and CEO Joins Payments Security Leadership Group; Source Heartland Payment Systems

Heartland Payment Systems' Chairman and Chief Executive Officer Bob Carr has been elected to the 2010 Secure POS Vendor Alliance (SPVA) Board of Directors. Carr, who has been spearheading the development and implementation of secure payments processing technologies over the past year, will continue to help advance data security through his appointment as Associate Member Director. The SPVA is a nonprofit organization comprised of payments industry leaders who work with multiple stakeholders in the payment value chain to develop an end-to-end security framework and enhance the security of payment solutions. (Read More)

February 5, 2010 Press Release


Financial Services Firms Worry More about Fraud than Customer Convenience According to New Report; Trend Speaks to Growth in Credit Card Fraud and Need for New Fraud Prevention Tools; Source: ThreatMetrix

ThreatMetrix™, the fastest growing provider of device identification solutions for preventing online fraud, today announced the results of at
new research report in online banking, “Trends in Online Banking: Fraud Prevention and Customer Authentication.” (Read More)


February 4, 2010 Press Release

Secure POS Vendor Alliance Launches Lab Network to Improve Security Within the Payment Industry; Third party lab certification process extends SPVA reach, provides more confidence to customers; Source: SPVA

The Secure POS Vendor Alliance (SPVA), a non-profit business organization founded by Hypercom (NYSE: HYC), Ingenico S.A. (EURONEXT: ING) and VeriFone (NYSE: PAY) announces the formation of its new Lab Network, a group of labs that will participate with SPVA members, prospective members and the SPVA's Technical Working Groups on security evaluations of the SPVA implementation guidelines. Members of the Lab Network will work together to share best practices and raise the security level within the point of sale industry. (Read More)

February 3, 2010 Press Release


Sagem Wireless, a leader in the design and delivery of customized connected lifestyle devices and services, announced today that it has formed a partnership with UPEK to bring fingerprint identity capabilities to a range of new devices that Sagem Wireless is expected to launch later this year, including new Android-based mobile devices. Sagem Wireless selected UPEK for its superior fingerprint technology, which offers industry-leading recognition accuracy, ruggedness, power efficiency, and enhanced touch-input capabilities as well as its support of a standards-based, open-platform software solution. (Read More)

February 2, 2010

Anatomy of a Data Breach; Source: SmartMoney


A data breach occurs when records containing sensitive personal information, such as names, addresses or social security numbers, are compromised. That could mean the loss or theft of a laptop; a hack into a retailer or payment processor’s database containing credit-card numbers; or a situation in which an employee with access to sensitive information sells it to a third party. (Read More)


February 2, 2010


Are chip and PIN credit cards coming? By Claes Bell, Bankrate.com


The U.K. is all abuzz about "chip and PIN," but it's not a popular pub snack or a nickname for the newest celebrity power couple. It's the credit card security system rolled out in recent years to stem a wave of credit card crime. (Read More)


February 1, 2010 Press Release


Thales payShield Cardholder Authentication safeguards credit card information for payment processors, helping reduce fraud


Thales, leader in information systems and communications security, announces that Thales’s payShield Cardholder Authentication for nShield is now available for its nShield Connect and nShield PCI Express hardware security modules (HSMs). Thales payShield Cardholder Authentication for nShield authenticates credit card users and protects encryption key transfers, safeguarding credit card information and assisting with regulatory compliance such as PCI. payShield Cardholder Authentication for nShield is already widely deployed in web-based applications for MasterCard’s Chip Authentication Program (CAP) and Visa’s Dynamic Passcode Authentication (DPA) for online banking and 3D-Secure applications such as Verified by Visa and MasterCard SecureCode for online payments. (Read More)


January 28,2010

HID Global's iCLASS® Contactless Smart Card Technology Enables U.S. Bank's Award-Winning PayID Card: Collaboration with U.S. Bank Reinforces HID Global’s Position in the Development of Converged Physical Access and Contactless Payment Solutions; Source: HID Global

HID Global, the trusted source for solutions for the delivery of secure identity, today announced the recognition of its iCLASS® contactless smart card technology as a key component in U.S. Bank’s award-winning PayID card program. The PayID card pilot program, which recently won the 2010 Paybefore Award for Most Innovative Program, included HID Global’s iCLASS application. PayID uses a single, all-purpose card to provide contactless physical access to secure U.S. Bank facilities, along with contactless payments and traditional magnetic stripe purchases. (Read More)

January 28, 2010

Benevolent hackers poke holes in e-banking; Source: NewScientist


ONLINE banking fraud doesn't just affect the naive. Last year, Robert Mueller, a director at the US Federal Bureau of Investigation, admitted he'd come within a mouse-click of being a victim himself. Now the extent of the problem has been brought into sharp relief, with computer scientists warning that banking culture is increasing the likelihood that customers are using vulnerable systems. (Read More)


January 27, 2010

Cambridge scientists blast 3-D Secure system ; Source: finextra.com

The 3-D Secure protocol adopted by banks and card schemes under the Verified by Visa and MasterCard SecureCode banners has been branded by Cambridge University academics as "a textbook example of how not to design an authentication protocol" by ignoring good design principles and presenting "signifi cant vulnerabilities". (Read More)

January 27, 2010 Press Release

Verisys Acquires ID Insight's AddressWatch™:  Combination of AddressWatch™ with Verisys® databases will provide another tool to improve the detection of health care fraud and abuse

Verisys Corporation, the developer of FACIS® (Fraud and Abuse Control Information Systems), has acquired ID Insight’s AddressWatch, a trusted data source of U.S. and Canadian addresses and delivery points that pose a high fraud risk. With fraud and abuse widely considered a major contributor to U.S. health care costs, Verisys will integrate AddressWatch’s suspect address data with its FACIS data records of known fraudulent addresses to create one of the largest high-risk address databases available. (Read More)

January 25, 2010 Press Release

ChosenSecurity Partners with idOnDemand. Source: ChosenSecurity


ChosenSecurity and idOnDemand today announced a partnership under which idOnDemand will use ChosenSecurity’s globally trusted digital certificates as part of its integrated smartcard offerings for physical and network environments. Digital certificates enable a wide range of trust for applications: controlling authorization and access to physical and digital assets, protecting against data leakage and supporting compliance with privacy, e-signature and other identity regulations. They provide applications with strong authentication, secure email, digital signatures and data encryption capabilities. By combining digital certificates with smart cards, enterprises get a total solution to their authentication, encryption and digital signing needs. (Read More)


January 25,2010

Different technologies vie to protect payments. Source: Digital News

End-to-end encryption, dynamic cryptograms and EMV are all options being considered to protect payment transaction data in the U.S. The goal is to prevent data breaches, such as the one with Heartland Payment Systems in 2008, and make it easier for merchants and processors to secure the information. (Read More)

January 22, 2010

NFA reveals true extent of UK’s £30 billion fraud loss

The National Fraud Authority (NFA) has released the UK's first comprehensive fraud estimate which estimates that fraud costs the UK over £30 billion a year (1). The figure is published in the National Fraud Authority Annual Fraud Indicator. (Read More)


January 21, 2010

End-to-End Encryption, Tokenization, and EMV in the US: Vendor Analysis of Emerging Technologies and Best Hybrid Solutions ; Source Javelin Strategy & Research

If the merchant’s cardholder data can be taken out of scope or rendered useless to the criminal through methods such as end-to-end encryption, tokenization or EMV, fraud liability and costs associated with PCI compliance can be substantially reduced. A recent flurry of public data breaches has heightened awareness of both the need for and the cost of PCI compliance. (Read More)

January 21, 2010

Heartland Payment Systems: Lessons Learned from a Data Breach

By Julia S. Cheney, Payment Cards Center, Federal Reserve Bank of Philadelphia

On August 13, 2009, the Payment Cards Center hosted a workshop examining the changing nature of data security in consumer electronic payments. The center invited the chairman and CEO of Heartland Payment Systems (HPS or Heartland), Robert (Bob) Carr, to lead this discussion and to share his experiences stemming from the data breach at his company in late 2008 and, as important, to discuss lessons learned as a result of this event. The former director of the Payment Cards Center, Peter Burns, who is acting as a senior payments advisor to HPS, also joined the discussion to outline Heartland’s post-breach efforts aimed at improving information sharing and data security within the consumer payments industry. In conclusion, Carr introduced several technology solutions that are under discussion in payment security circles as ways to better secure payment card data as they move among the different parties in the card payment systems: end-to-end encryption, tokenization, and chip technology. While HPS has been very supportive of end-to-end encryption, each of these alternatives offers its own set of advantages and disadvantages.  (Read More)


January 21, 2010


The Secure POS Vendor Alliance Broadens its International Reach with Five New Payment Company Members


The inaugural year of the Secure POS Vendor Alliance (SPVA) wrapped up with the same enthusiasm with which it began – capped off by the membership of five more leading payment and enterprise security companies. Joining the SPVA are Elavon, ID TECH, Independent Purchasing Cooperative, Inc. (IPC), Voltage Security, Inc., and the first Asia-based company, GHL Systems Berhad. (Read More)


January 20, 2010


Are Tokenization And End-To-End Encryption Substitutes? By Walter Conway, StorefrontBacktalk


Maybe tokenization and end-to-end encryption are just two closely related approaches that can, when properly implemented, accomplish the same thing: minimize your total PCI scope. One thing is for sure, though: Either way, you will need to bring your checkbook. (Read More)


January 20, 2010 Press Release


RSA Global Survey Reveals Confidence in Social Networking Security Shaken as Online Crime Rises. Source: EMC


RSA, The Security Division of EMC (NYSE: EMC), announced the results of its 2010 Global Online Consumer Security Survey that polled more than 4,500 consumers regarding their awareness of online threats, concerns with the safety of their personal information online and their willingness to share it, and desire for better identity protection. (Read More)


January 19, 2010


Cryptography Research Experiences Rapid Adoption of its Security Technologies in 2009; Sees Continued Growth in 2010. Source: (Read More)


The Company’s Patented DPA Countermeasures and CryptoFirewall Security Core Licensed in More Than 4.5 Billion Security Chips Made in 2009


January 19, 2010


MasterCard Submits Comments On Draft Code of Conduct. Source: Yahoo Finance


MasterCard Canada has submitted its comments on the Minister of Finance's Draft Code of Conduct for the Credit and Debit Industry. (Read More)


January 18, 2010


Visa Canada comments on the draft voluntary Code of Conduct for the Canadian Credit and Debit Card Industry. Source: Yahoo Finance

Visa Canada confirmed it will today submit a response to the draft voluntary Code of Conduct for the Canadian Credit and Debit Card Industry issued by the Department of Finance. (Read More)

January 18, 2010

A primer on identity theft. By Sharda Prashad, The Globe and Mail

Challenges small businesses face with regards to identity theft (Read More)

January 10, 2010


CRE Secure Simplifies PCI Compliance for Magento Shopping Cart Online Merchants by CRE Secure Webmaster


CRE Secure, the first cloud-based payment acceptance security platform that is fully compliant with new credit card security rules, announces the release and general availability of a drop-in module for Magento Ecommerce community edition shopping carts, a leading open source ecommerce solution.  The new Magento Ecommerce module further expands the list of leading online shopping cart integrations that CRE Secure has developed to allow online retailers and web-based applications easy connection to CRE Secure’s online payment acceptance and security services. CRE Secure using its patent pending HTML Clone™ technology isolates sensitive cardholder data from any online store or application, and greatly reduces the complexity and associated costs of achieving compliance with Payment Card Industry Data Security Standards (PCI DSS) requirements. (Read More)


December 21, 2009 Press Release

Now You Can Conduct Your Own Background Check With Acxiom’s New I-Check


If you are applying for jobs, rental property, volunteer organizations or seeking other placements, now you can get your own background check from Acxiom I-Check, a low-cost, confidential and in-depth background screening service offered by Acxiom® Corporation (Nasdaq: ACXM). (Read More)


December 8, 2009


Congress probes Visa, AmEx role in Web scam

By Greg Sandoval: cnet news


For years, baffled consumers looked to Visa, MasterCard, and American Express for answers when mysterious charges from "shadowy companies" began appearing on their credit card statements.


Read More


December 8, 2009 Press Release


Unisys Predicts 2010 Yields a Biometrics Boom While Organizations Go on the Offensive to Protect Data


BLUE BELL, Pa., December 8, 2009 – Slashed budgets and reduced staffing numbers delayed many security initiatives in 2009, but the vulnerabilities didn’t retreat and will only intensify in 2010, Unisys security experts predict.


Read More


November 30, 2009 Press Release

“Beat the Cheats” – Unisys Offers Security Tips on How to Avoid Falling Victim to Holiday-Related Scams

Unisys security experts warn of the top 10 holiday scams -- from online shopping swindles to dumpster diving for personal information. Source: Business Wire (Read More)


November 26, 2009 Press Release

The first conference call for the ATMIA ATM Security Forum is scheduled for 11 am EST Thursday 10 December 2009, which is 8 am in Los Angeles, 4pm in London, 5 pm in Brussels, 6 pm in South Africa, midnight in Hong Kong and 3 a.m (the following morning) in Sydney.

Anyone wishing to participate should contact Mike Lee mike@atmia.com

Agenda for 1st Teleconference

1. Welcome

2. Status and role of ATM Security Forum

3. Update on skimming

4. Is malware the biggest emerging threat?

5. Priorities for 2010

6. Next conference call: TBA with 2010 conference call schedule


September 30, 2009

Fiserv Unveils Latest Fraud Risk Mitigation and Anti-Money Laundering Solutions

Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, today announced the availability of Fraud Risk ManagerTM 4.6, the newest version of its multi-channel fraud detection and management solution. Also available is AML Manager 4.6, the market-leading anti-money laundering solution. Both Fraud Risk Manager and AML Manager from Fiserv are designed to enhance and optimize financial institutions' financial crime risk management operations, by delivering best-in-class fraud and anti-money laundering (AML) transaction monitoring solutions, integrated with a common platform for automated alert intelligence and investigation, case management and regulatory reporting. Source Fiserv; New releases designed to optimize financial crime risk management operations






 About us  Privacy Policy  Contact us  © IPayments Forum 


Powered by Wild Apricot Membership Software