Credit card (in)security issues

Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The fraud begins with either the theft of the physical card or the compromise of data associated with the account (card account number and/or verification codes).

Skimming is the theft of credit card information used in an otherwise legitimate transaction. Instances of skimming have been reported where the perpetrator has put a device over the card slot of an ATM (automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. Technology needed to read the contents of the magnetic strip is pretty simple. Usually a miniature camera or fake keypad over original is used to read the user’s PIN at the same time. Skimming is usually very difficult for the typical cardholder to detect. All About Skimmers article series is about ATM skimmers, gas pump skimmers and other related fraud devices.

Skimming has been on news in Finland lately. Police has revealed some details of the hard to detect skimming devices that have been found installed on tens of ATM devices around Finland. Articles Ovela huijaus Otto-automaateilla – huomaatko eron kuvissa?, Kummassa pankkiautomaatissa on huijauslaite? and Skimmaajat teettivät erikoislaitteita Suomen oloihin show you pictures of ATM with and without skimming device. These device custom made for Finnish ATMs are really hard to detect. According to articles thousands of ATM card have been compromised and used to steal several hundreds thousand euros. Look carefully next time you use ATM.

Muga_Golden_Credit_Card

Throughout Europe the traditional in-store credit card signing process is increasingly being replaced with a system in which the customer is asked to enter their PIN instead of signing. PINs were widely introduced at the same time as EMV chips on the cards. In Finland the PIN codes that comes with the card are predefined by card issuer. In some countries with some banks the customer can freely choose them. Security of Self-Selected PINs Is Lacking article tells that Cambridge University Computer Laboratory team collected statistics on how people choose banking PINs when they are permitted to select their own keys. There is every incentive for the bad guys to try guessing PINs on every card that they steal. “A thief can expect to get lucky every 18th wallet — except for those banks which negligently allow their customers to choose really dumb PINs like 1111 and 1234″. Their report traces an idiosyncratic history of the use of passwords by financial institutions. The researchers wrote that there were two lessons to be drawn from their study. First, customers should never use date of birth as a PIN or password. Second, banks should institute blacklists of common passwords, or prohibit user selection of passwords entirely.

Proximity payments are coming. Pay-by-wave: At least it’s better than being mugged article tell that the public thinks that paying with a tap of the phone is risky, with criminals able to intercept and steal credentials, so it seems a good time to take a closer look at proximity payments. Today’s proximity payment systems are based on the NFC standard, which uses a radio connection at 13.56MHz for short-range peer-to-peer communications. The same frequency is used by RFID tags, in a simplistic way, but NFC is a good deal more complicated, and expensive. Proximity payments are implemented in smartphones and contactless credit cards.

1325432106

Hacker’s Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets article tells that contactless cards are far more common than they might seem: According to the Smart Card Association, about 100 million of the RFID-enabled cards are in circulation. Visa calls its technology payWave, MasterCard dubs it PayPass, Discover brands it Zip, and American Express calls it ExpressPay.

Hacker’s Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets and Shmoocon Demo Shows Easy, Wireless Credit Card Fraud articles tell that some contacless cards have serious security holes. Paget, a well-known security researcher for the consultancy Recursion Ventures, used a simple method for her hack: impersonating a legitimate contactless point-of-sale terminal with her own RFID card reader. Commercially-available RFID reader can read the data from a contactless card as easily as a store’s point-of-sale device does. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer’s credit card onstage and obtained the card’s number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. She flashed the volunteer’s credit card number on a screen in front of an audience of hundreds of hackers and security researchers. “You were planning on cancelling that card, weren’t you?”. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer’s money with the counterfeit card she’d just created. Paget’s firm has been working on a credit-card-shaped protection device known as GuardBunny that sits in a wallet alongside payment cards and blocks any would-be RFID fraudster. So it sound like this hacking demonstration was just a marketing gimmick for their product.

Randy Vanderhoof, executive director of the industry group the Smart Card Alliance, points out that despite previous research on the contactless attack, no real-world instances of the fraud have ever been reported. To fight against fraud contactless cards do offer one security feature traditional cards don’t: Along with the card’s 16-digit number and expiration date, the cards are set to offer up a one-time CVV code with every scan. Those codes can only be used for one transaction, and have to used in the order they’re generated. If a payment processor detects multiple transactions with the same code or even codes being used to make transactions in the wrong order, it will disable the card. So a contactless card scammer can only use each stolen number once.

According to a smart card expert I know Square and card issuer bank is also to blame on that this worked (and would not work with European banks and other payment services). Also the sum was so low that the payment company might not do all the check it does for bigger sums of money. In card where things are built well, there is different card number for normal swipe card use and contactless operation. The contactless number would fail to work if you try to pay with their code on the terminal that swipes the card. So the security holes are not as big and bad as it seems based on those hacking news.

214 Comments

  1. Tomi Engdahl says:

    Google launches credit card in UK
    Business-only Barclaycard-in-disguise will encourage AdWords purchase
    http://www.theregister.co.uk/2012/10/08/google_launches_credit_card_in_uk/

    Reply
  2. Tomi Engdahl says:

    Mysterious Algorithm Was 4% of Trading Activity Last Week
    http://www.cnbc.com/id/49333454

    A single mysterious computer program that placed orders — and then subsequently canceled them — made up 4 percent of all quote traffic in the U.S. stock market last week, according to the top tracker of high-frequency trading activity. The motive of the algorithm is still unclear.

    The program placed orders in 25-millisecond bursts involving about 500 stocks, according to Nanex, a market data firm. The algorithm never executed a single trade, and it abruptly ended at about 10:30 a.m. ET Friday.

    “Just goes to show you how just one person can have such an outsized impact on the market,”

    “My guess is that the algo was testing the market, as high-frequency frequently does,”

    Translation: The ultimate goal of many of these programs is to gum up the system so it slows down the quote feed to others and allows the computer traders (with their co-located servers at the exchanges) to gain a money-making arbitrage opportunity.

    The scariest part of this single program was that its millions of quotes accounted for 10 percent of the bandwidth that is allowed for trading on any given day, according to Nanex. (The size of the bandwidth pipe is determined by a group made up of the exchanges called the Consolidated Quote System.)

    Hunsader warned that regulators better do something fast, speculating that this single program could have led to something very bad if big news broke, or if a sell-off occurred and one entity was hogging this much of the system.

    Reply
  3. Tomi says:

    Configurable RFID tag from 7400 logic chips
    http://hackaday.com/2012/10/12/configurable-rfid-tag-from-7400-logic-chips/

    This soldering nightmare is a configurable RFID tag which has been built from 7400-series logic chips. The beast of a project results in an iPhone-sized module which can be used as your new access card for security systems that uses the 125 kHz tags. The best part is that a series of switches makes the tag hand programmable, albeit in binary.

    Reply
  4. Tomi Engdahl says:

    MasterCard rolls out credit card with display and keypad
    http://news.cnet.com/8301-17938_105-57546761-1/mastercard-rolls-out-credit-card-with-display-and-keypad/

    The next-generation 2-in-1 card features an embedded LCD display and touch-sensitive buttons for generating one-time passwords.

    Next time you get a new card from your bank, don’t be surprised if it has a keypad and an LCD on it.

    Meet MasterCard’s new “Display Card,” which basically combines the usual credit/debit or ATM card with an authentication token. The authentication portion features a touch-sensitive keypad and LCD display — hence the name “Display Card” — for reflecting a one-time password (OTP).

    Yet, according to MasterCard, the Display Card looks and functions almost exactly like a regular credit, debit, or ATM card.

    Besides generating OTPs, the Display Card may in the future be able to show your available credit balance, reward points, or even recent transactions.

    Reply
  5. Tomi Engdahl says:

    Big banks have suffered continuous attacks

    Large American banks are constantly under cyber attacks. This said U.S. Napolitano said that the attackers steal money from banks and data, but he refused to reveal further details.

    Last month the continuing denial of service attacks have disrupted several major banks, including Wells Fargo, Bank of America and JPMorgan Chase. In addition to that criminals try to get online banking user names and passwords using malware.

    In whole world banks use 25 billion dollars security every year. Research firm IDC estimates that banks data security consuming will increase every year 7-9 percent.

    Source: http://www.tietoviikko.fi/kaikki_uutiset/isot+pankit+karsivat+jatkuvista+hyokkayksista/a854448?s=r&wtm=tietoviikko/-09112012&

    Reply
  6. Tomi Engdahl says:

    How to secure your wireless network from the top 3 mobile payment threats
    http://www.eetimes.com/design/embedded-internet-design/4401107/How-to-secure-your-wireless-network-from-the-top-3-mobile-payment-threats?Ecosystem=communications-design

    How consumers pay for products and services evolves just as rapidly as the products and services they’re paying for. Case in point: mobile payments, the combination of payment cards and wireless technology that facilitates monetary transactions. Mobile payments can reduce transaction costs for buyers and sellers, and reduce the costs of circulating a cash supply – hence the growing popularity. However, this new payment technology presents many security challenges that must be addressed by merchants to keep customer data safe.

    It’s not just goodwill driving security initiatives for payment technology, compliance with the Payment Card Industry’s Data Security Standards (PCI DSS) mandates that organization protect consumers. PCI DSS applies to any organization that stores, processes, or transmits cardholder data, and consists of a minimum set of security requirements and testing procedures designed to encourage and enhance cardholder data security.

    Merchants in violation of PCI DSS can face hefty fines from payment brands (e.g., American Express, MasterCard, and VISA) and even lose the ability to process payment cards for goods and services.

    Further, if adequate safeguards are not followed to meet PCI standards, consumers may perceive that payment card information is at risk and choose not to use a merchant’s infrastructure. If people lose faith in the security of a payment system, they will stop using it and the system will eventually become useless.

    Today, there are three main types of threats that attackers use to capture and exploit mobile payment cardholder data. Fortunately, with a strong wireless intrusion prevention system (WIPS), merchants can detect and combat these threats and keep themselves and customers safe. Here are the top 3 most frequent and dangerous attacks and what merchants can do to protect their wireless LAN (WLAN) network:

    1) DoS Attacks on WLANs

    Combatting WLAN DoS attacks: Organizations can deploy wireless intrusion protection systems that monitor and detect critical intrusions

    2) Skimming Cardholder Data

    Detecting if cardholder data is being skimmed: Like many Wi-Fi devices, Bluetooth is a networking protocol that operates in the 2.4 GHz band. Although it is difficult for WIDS/WIPS to identify Bluetooth transmissions in the WLAN, its presence creates RF channel noise. By tracking the noise level for RF channels, WIDS/WIPS can identify channels with sustained, high levels of noise.

    3) Unauthorized Devices on WLANs

    Identifying and protecting WLAN from unauthorized devices: To identify unauthorized and rouge devices, organizations need to be vigilant and monitor the wireless network for unauthorized POSTs, access points, and wireless clients. This is best accomplished with a wireless intrusion prevention system.

    Reply
  7. 13. havi nyugdíj 2013 says:

    You already know therefore significantly on the subject of this subject, made me personally imagine it from a lot of various angles. Its like women and men don’t seem to be interested until it’s one thing to accomplish with Girl gaga! Your individual stuffs excellent. Always care for it up!

    Reply
  8. Tomi Engdahl says:

    Taiwan Easycard: Risks and rewards of your life on one card
    http://www.bbc.co.uk/news/technology-21410362

    Beep, and a smart card gets you on a bus.

    Beep, and the same card opens your office door. Beep, and you buy your coffee at a corner shop. Beep, you pay for parking, open the exit gate. Beep, check out a library book.

    Beep. Beep. Beep. At school or university, the card becomes your ID.

    As Taiwan’s capital, Taipei, wakes and the sunlight strikes its skyscrapers, the members of one family make sure their wallets contain one important thing – Easycard.

    “We really can’t go about without it, all our life depends on it,”

    Taiwan introduced its smart card – equipped with radio frequency identification (RFID) tag – in 2002, following the examples of Hong Kong, Japan and Singapore.

    Taiwan, pupil Students in many Taipei schools have ID cards integrated with Easycard

    “Your daughter is safely at school,” reads a text message sent to Mrs Tsai.

    As soon as Chelsea touches her Easycard to a sensor at the entrance to the school, her mother receives a message.

    So how does it feel – being able to control so many aspects of your life with just one card?

    “It’s convenient – this way we don’t have such a fat wallet,” says Mr Huang.

    The first generation of the card is the most popular – with nine million cards actively used every year – and it stores no personal information, says Mr Chang.

    When the owner registers the card, his or her name is encrypted and stored in a centralised back-end system – not on the card itself.

    But there are also privacy concerns, says Prof Shey-shi Lu, of National Taiwan University.

    In a couple of years, says Mr Chang, you might need just one card to travel around Asia.

    Reply
  9. Tomi Engdahl says:

    Need Bitcoins? This ATM takes dollars and funds your account
    http://news.cnet.com/8301-13578_3-57570925-38/need-bitcoins-this-atm-takes-dollars-and-funds-your-account/

    New Hampshire entrepreneurs have created a dollar-converting anonymous Bitcoin ATM, which they hope to sell to bars, restaurants, and other retail locations nationwide.

    Zach Harvey has an ambitious plan to accelerate adoption of the Internet’s favorite alternative currency: installing in thousands of bars, restaurants, and grocery stores ATMs that will let you buy Bitcoins anonymously.

    It’s the opposite of a traditional automated teller that dispenses currency. Instead, these Bitcoin ATMs will accept dollar bills — using the same validation mechanism as vending machines — and instantly convert the amount to Bitcoins and deposit the result in your account.

    “It’s even easier than just using a regular ATM,”

    “If we made these machines somewhere around $1,000 to $1,500 each, depending on the commission, they could be able to buy this and make it back within a reasonable period of time,” Harvey says.

    Bitcoin has gradually increased in popularity since it appeared in 2009, with WordPress saying last fall that it would accept it as a payment method, and a handful of retail businesses, including Cups and Cakes Bakery in San Francisco, following suit. The exchange rate now hovers around US$30 a coin, and about $300 million is in circulation.

    Unlike modern currency, which can be brought into existence at the whim of politicians or a central bank, leading to each note being devalued, the number of Bitcoins is governed by predictable mathematical algorithms. That’s made Bitcoin popular among libertarians and other activists skeptical of the Federal Reserve

    Reply
  10. Tomi Engdahl says:

    Coinstar coin-counting machines are now also PayPal ATMs
    http://www.theverge.com/2013/2/27/4035820/coinstar-coin-counting-machines-integrate-paypal-send-money

    Coinstar kiosks just got a major upgrade — the machines now allow customers to withdraw money from their PayPal accounts and send money to other PayPal users. Additionally, Coinstar can now add cash and coins directly to PayPal, meaning there’s no need to involve credit cards or bank accounts as you ditch your physical currency.

    Reply
  11. Tomi Engdahl says:

    Retailer Sues Visa Over $13 Million ‘Fine’ for Being Hacked
    http://www.wired.com/threatlevel/2013/03/genesco-sues-visa/

    A sports apparel retailer is fighting back against the arbitrary multi-million-dollar penalties that credit card companies impose on banks and merchants for data breaches by filing a first-of-its-kind $13 million lawsuit against Visa.

    The suit takes on the payment card industry’s powerful money-making system of punishing merchants and their banks for breaches, even without evidence that card data was stolen. It accuses Visa of levying legally unenforceable penalties that masquerade as fines and unsupported damages and also accuses Visa of breaching its own contracts with the banks, failing to follow its own rules and procedures for levying penalties and engaging in unfair business practices under California law, where Visa is based.

    It’s the first known case to challenge card companies over the self-regulated PCI security standards — a system that requires businesses accepting credit and debit card payments to implement a series of technological steps to secure card data. The controversial system, imposed on merchants by credit card companies like Visa and MasterCard, has been called a “near scam” by a spokesman for the National Retail Federation and others who say it’s designed less to secure card data than to profit credit card companies while giving them executive powers of punishment through a mandated compliance system that has no oversight.

    Reply
  12. Tomi Engdahl says:

    Article in Finnish:

    Kauppojen verkot vuotavat – luottokorttitietoja vääriin käsiin
    http://www.3t.fi/artikkeli/uutiset/talous/kauppojen_verkot_vuotavat_luottokorttitietoja_vaariin_kasiin

    Reply
  13. Arrersreotads says:

    BitCoin Prices already dropped from $145 USD to $112.00 USD so far Today,
    for inside on the BitCoin market visit – http://btcinvestment.org

    Reply
  14. Tomi Engdahl says:

    Bitcoin isn’t illegal because it isn’t real money
    http://www.extremetech.com/internet/152349-bitcoin-isnt-illegal-because-it-isnt-real-money

    As it falls in and out of public view, Bitcoin is once again all the rage.

    Bitcoin comes and goes, generally in relation to its value. Currently, one Bitcoin (BTC) is worth quite a bit of actual money, sitting pretty at $92. Once upon a time — just three years ago — it famously took 10,000 BTC to buy $25 worth of pizza. However, while the actual current value is a new height, the rise of the peer-to-peer cryptocurrency is not.

    In what will no doubt anger some fans of the digital currency, financial services lawyer Dan Friedberg says it’s because the government doesn’t view Bitcoin as a real currency. Zing.

    Friedberg explained to Business Insider that Bitcoin is considered a virtual currency rather than actual legal tender, and “lacks all the real attributes of real currency,” so why would the government care about that?

    There are a few factors as to why the government hasn’t made Bitcoin illegal, nor seems to care that much about it at the moment. Basically, Bitcoin is small potatoes. Sure, Bitcoin was recently valued at around one billion dollars, but compared to the estimated $1.18 trillion of US currency in circulation, Bitcoin is barely a blip on the country’s economic radar

    One thing is for certain, though: The government doesn’t view Bitcoin as legal tender, and instead classifies it as a virtual currency.

    Reply
  15. Tomi Engdahl says:

    Mozilla Moves Ahead With Its Plans For A Common Web API For Payments
    http://techcrunch.com/2013/04/04/mozilla-moves-ahead-with-its-plans-for-a-common-web-api-for-payments/

    Mozilla is working with payment vendors and the W3C standards body to create a common API to make online payments, both on desktop and mobile, easier and more secure. To get this process going, Mozilla has implemented a new and experimental JavaScript API into its new Firefox OS for smartphones that will eventually allow web apps to accept payments. Mozilla argues that having a common API for handling payments that can be integrated with multiple payment vendors will open up new business models for developers and publishers.

    This new API, navigator.mozPay(), Mozilla says, was inspired by Google’s Wallet for Digital Goods API and will ship in Firefox OS first and then be added to Firefox for Android and desktop Firefox later.

    Reply
  16. Tomi Engdahl says:

    Bitcoin Utopia? Interest Is Sky High in This Euro Nation
    http://www.cnbc.com/id/100618694

    Interest in bitcoins has reached fever pitch around the world in the last month, helping the price soar to an all-time high earlier this week. But there’s one euro zone country that’s firmly tuned into the zeitgeist more so than even the U.S. or Japan.

    According to Google Trends, Finland is the country with the most number of Google searches for the word “bitcoin” in the past 12 months.

    “Finland has a very strong geek culture and tradition, DIY-culture and can-do attitude. Many digital innovations, like IRC (Internet Relay Chat), Linux and SSH (Communications Security Corporation) are developed in Finland,” Vesa Linja-aho, an engineering and economics lecturer at a Helsinki university told CNBC.com.

    Reply
  17. atm skimmers says:

    Excellent, what a blog it is! This webpage gives helpful information to us, keep it up.

    Reply
  18. a total noob says:

    Unquestionably consider that that you stated. Your favorite reason seemed to be on the web the easiest factor to take into accout of. I say to you, I certainly get irked whilst folks think about issues that they plainly do not understand about. You managed to hit the nail upon the top and also outlined out the entire thing without having side effect , other folks can take a signal. Will likely be back to get more. Thanks

    Reply
  19. Tomi Engdahl says:

    Iterations: How Five Real Economists Think About Bitcoin’s Future
    http://techcrunch.com/2013/04/14/iterations-how-five-real-economists-think-about-bitcoins-future/

    There isn’t just a bubble in the Bitcoin economy, there’s a bubble in the number of posts about Bitcoin.

    Perhaps that’s part of the reason this phenomenon is so fascinating to us all.

    Reply
  20. how to improve credit score in 6 months says:

    I just like the helpful info you supply for your articles. I will bookmark your weblog and take a look at once more right here frequently. I am moderately sure I will be told many new stuff proper right here! Good luck for the following!

    Reply
  21. credit card processing says:

    It is in reality a nice and helpful piece of information.
    I am glad that you shared this useful information with us.
    Please stay us up to date like this. Thanks for sharing.

    Reply
  22. Tomi Engdahl says:

    Smartphones easily used to skim credit card data
    Popular smartphone and free app used to get data from chip-enabled debit or credit cards
    http://www.cbc.ca/news/canada/manitoba/story/2013/04/23/mb-smartphones-skimmer-credit-card-winnipeg.html

    A technology designed to make it easier to pay with your credit card may be putting Canadians at risk of fraud and identity theft, security and privacy experts warn.

    Many new credit and debit cards come with chips that allow customers to tap the card to make a purchase.

    But CBC News has found out those chips can also be read with a device millions of Canadians carry with them every day — a smartphone.

    Using a Samsung Galaxy SIII — one of the most popular smartphones available in Canada — and a free app downloaded from the Google Play store, CBC was able to read information such as a card number, expiry date and cardholder name simply by holding the smartphone over a debit or credit card.

    And it could be done through wallets, pockets and purses.

    ‘Impressive and scary’

    The app used the near field communication (NFC) antenna built into the Galaxy SIII phone, a feature available on many phones running Google’s Android operating system. The antenna is normally used to allow two phones to talk to each other.

    Michael Legary said his company, Seccuris Inc., has investigated cases where phones paired with these apps were used to commit credit card fraud, and said the information read can be used to buy “anything from a $1.50 drink from a machine to a $4,000 to $5,000 laptop.”

    Although the NFC antennas in current smartphones need to be very close to a card in order to work — no farther than 10 centimetres — that could change with the next generation of Android smartphones.

    The technology also has privacy experts concerned.

    Credit card companies react

    Officials with Visa and MasterCard said they were confident in the security their cards provided, but would cover a customer’s losses should someone steal cardholder information.

    “Multiple layers of security and advanced fraud detection technologies that protect every Visa transaction have helped keep Visa’s global fraud rates near historic lows,” Visa Canada said in an emailed statement.

    “In fact, there have been no reports of fraud perpetrated by reading Visa payWave cards as shown by [CBC].”

    Reply
  23. Tomi Engdahl says:

    ATM hackers steal $45m from banks across the world in a matter of hours
    Lack of chip and pin in the US was to blame, says Kaspersky
    http://www.theinquirer.net/inquirer/news/2267430/atm-hackers-steal-usd45m-from-banks-across-the-world-in-a-matter-of-hours

    A GLOBAL MOB of hackers stole $45 million from thousands of ATMs in a matter of hours in the second cyber heist of its kind, authorities in New York have said.

    “These defendants allegedly formed the New York-based cell of an international cybercrime organisation that used sophisticated intrusion techniques to hack into the systems of global financial institutions, steal prepaid debit card data, and eliminate withdrawal limits,” the US Attorney’s office said.

    “The eight indicted defendants and their co-conspirators targeted New York City and withdrew approximately $2.8 million in a matter of hours.”

    Kaspersky Lab’s director of global research and analysis Costin Raiu explained that the cybercriminals were able to commit the “biggest and quickest thefts we have seen” by replicating real cards with blank cards through programming the magnetic stripe.

    Raiu said this is a major problem in the US at the moment because the insecure magnetic stripe is still used when making payments and bank withdrawals with cards, whereas this has been mostly abandoned everywhere in Europe and replaced by the more secure chip and pin security.

    Reply
  24. Tomi Engdahl says:

    Cyber caper: behind the scenes of the $45 million global ATM heist
    http://www.theverge.com/2013/5/13/4326336/cyber-caper-behind-the-scenes-of-the-45-million-atm-heist

    Hackers coordinated with cells on the ground to carry out a precise, sophisticated attack

    The man in the black beanie was part of a sophisticated “Unlimited Operation,” according to prosecutors in New York. Hackers allegedly broke into the computer systems of at least two credit card processing companies, stole prepaid debit card account numbers and programmed them with astronomical balances. Normally, prepaid debit cards are capped according to how much the customer paid for the card; the hackers essentially created infinite cards.
    Heist-300-1

    Map of Reyes’ alleged route withdrawing money from ATMs on February 19th. The numbers indicate the ATM cameras that allegedly captured him, in order. Source: US Attorney, Eastern District of New York

    The account numbers were then emailed or texted to accomplices on the ground, who used a device called a “skimmer” to encode the account numbers onto the magnetic stripes of dummy cards. The groundlings then went on a withdrawal spree, hitting as many ATMs as they could in a matter of hours, while the hackers watched the transactions from behind remote screens, in real time. Between two tightly-coordinated heists, the shadowy criminal ring netted nearly $45 million in cash.

    “The cyberattacks employed by the defendants and their co-conspirators in this case are known in the cyber underworld as ‘Unlimited Operations,’”

    “They became a virtual criminal flash mob, going from machine to machine, drawing as much money as they could, before these accounts were shut down,” US attorney Loretta Lynch said at a press conference.

    The hackers targeted specific financial service providers, according to the indictment, suggesting that they were aware of some security vulnerability.

    This isn’t the first time hackers have ripped off ATMs for millions of dollars. Cyberattacks have resulted in hackers taking $2 million from European ATMs in 46 cities and tens of millions of dollars were stolen from 12 European banks just in the last year, according to research by Symantec.

    The vulnerability that led to the hacks appears to have something to do with the complicated, fragmented system that relies on many providers to get customers cash on demand.

    “There’s an increasing sophistication,”

    Reply
  25. Tomi Engdahl says:

    NFC rollout of smart cards charged incorrectly money from tens of centimeters to get – even the bag or pocket

    Great Britain is, in some cases, remotely read NFC cards have been charged fees, even if the card does not even have to be paid. Marks & Spencer department stores, card readers are in some cases charged by the same amount more than once.

    The customer was amazed about this, until he compared the burn rate please debit card information on the receipt: revealed that the fee was charged for a bag from a second card. He did not even know that the card was the NFC payment feature.

    According to the BBC the other, a London, the customer was charged for the same product twice, and he noticed only one month after receipt examination. In this case, the money was taken from a debit card, and bank card referred to NFC card in the case.

    According to the customer device distance of about 30-40 cm, the card payment is normally required for the card maintenance fee of 4-5 cm above the unit. Marks & Spencer recently installed a remote readers 644 shops around the UK.

    The BBC’s interview with Newcastle University researcher Martin Emmsin of similar cases have occurred elsewhere. The problem is usually that the card readers are able to interpret the intention of the payment, but only react to the vicinity of the card.

    The payment transaction is tens of centimeters to an operational error that should not happen.

    Source: http://www.tietoviikko.fi/kaikki_uutiset/etaluettavilta+nfckorteilta+veloitettu+virheellisesti+rahaa+kymmenien+senttien+paasta++jopa+laukusta+tai+taskusta/a902810?s=r&wtm=tietoviikko/-21052013&

    Reply
  26. Tomi Engdahl says:

    Contactless ‘charging errors’ at Marks and Spencer
    http://www.bbc.co.uk/news/business-22545804

    Some Marks and Spencer customers have told the BBC of cases where the chain’s contactless payment terminals have taken money from cards other than the ones intended for payment.

    Card are supposed to be within about 4cm of the front of the contactless terminal to work.

    But some customers say payments have been taken from cards while in purses and wallets at much greater distances.

    The system uses something called Near Field Communication to identify a card and take payment.

    Martin Emms is a researcher into new payment formats at Newcastle University’s Centre for Cybercrime and Computer Security.

    He also found his contactless card was debited when he placed it a few centimetres to the side of the reader from inside his wallet when he intended to pay with a normal debit card.

    “If you’re placing your card to the side of the reader your intention isn’t to pay,” he said. “The terminal is working within the specification of Near Field Communication but not within the intent.”

    “We are surprised to hear the comments from your listeners, we’ve had almost entirely positive feedback and take-up has been very strong. We have tested our systems extensively both in labs and in stores and are confident they are robust and fit for purpose.

    “A contactless card can be read through material, e.g. a wallet, but the wallet would have to be presented to the terminal. ”

    The technology used by M&S is provided by Visa Europe.

    It said that the customer reports were “extremely unusual”, and it was working with M&S and the acquiring bank to investigate the concerns.

    Reply
  27. Tomi Engdahl says:

    An update to Google Checkout for merchants
    http://googlecommerce.blogspot.fi/2013/05/an-update-to-google-checkout-for.html

    Today, we’re letting web merchants know that in six months, Google Checkout will be retired as we transition to Google Wallet — a platform that enables merchants to meet the demands of a multi-screen world where consumers shop in-stores, at their desks and on their mobile devices.

    All Google Play developers will continue to be supported. Also, shoppers can continue to use Google Wallet to make safer and more secure payments anywhere they see the Google Wallet button.

    What this means for Checkout merchants
    Merchants can continue to accept payments using Google Checkout until November 20, 2013.

    If you don’t have your own payment processing, you will need to transition to a different solution within six months. To make things easier, we’ve partnered with Braintree, Shopify and Freshbooks to offer you discounted migration options.
    If you are a U.S. merchant that does have payment processing, you can apply for Google Wallet Instant Buy, which offers a fast buying experience to Google Wallet shoppers.

    Reply
  28. Tomi Engdahl says:

    London Calling: Amazon ‘Coins’ its own currency
    http://www.eetimes.com/electronics-blogs/other/4414620/London-Calling–Amazon–Coins–its-own-currency

    Amazon.com Inc. (Seattle, Wash.), the world’s largest online retailer, announced on May 13 that it has launched Coin, a virtual form of money that customers can use to purchase software and add-on features for games at its Appstore.

    And to “celebrate” the move Amazon deposited 500 Coins in the Amazon accounts of all its existing Kindle Fire customers in the U.S.

    Amazon did not give a very compelling justification for the creation of Coins saying that is an “easy way” to make purchases. The good old U.S. dollar, or the euro or the pounds sterling and so on, and credit card accounts denominated in those currencies, are also easy ways to make purchases.

    “We will continue to add more ways to earn and spend Coins on a wider range of content and activities — today is Day One for Coins,” said Mike George, vice president of apps and games at Amazon, in a statement.

    Does this sound familiar?

    It reminds me a bit of BitCoin, the notorious online currency that bubbled up in the news a couple of months ago.

    The point must be made that right now Amazon’s Coin is tied to the dollar, with one Coin being equal to one cent. There is no indication that Amazon has any intention to let the Coin float free, thereby encouraging it to become an object of speculation. But as Mike George said, this is Day One for Coins.

    Reply
  29. Www.Lexlan.Fi says:

    What’s up, for all time i used to check website posts here early in the dawn, since i love to gain knowledge of more and more.

    Visit my weblog :: http://Www.Lexlan.Fi

    Reply
  30. dolor cabeza says:

    Este dolor a veces es bastante insoportable aun que ponga que no tiene importancia.

    Reply
  31. Tomi Engdahl says:

    Google adds in-app payments to the latest Chrome build as it prepares to bundle Google Wallet in its browser
    http://thenextweb.com/google/2013/05/28/google-adds-in-app-payments-to-the-latest-chrome-build-as-it-prepares-to-bundle-google-wallet-in-its-browser/

    Google has been recently pushing hard to have its payment service, Google Wallet, integrated across its various others products and services. The latest is an apparent move to support in-app payments for Chrome packaged apps.

    The included Chrome Wallet Service app is now part of Chrome Canary.

    This button won’t actually do anything. It will, however, let you play with the Chrome in-app payment sample app available on GitHub.

    Chrome packaged apps are written in HTML, JavaScript, and CSS, but launch outside the browser, work offline by default, and access certain APIs not available to Web apps.

    Reply
  32. webpage says:

    Second, it is being used in the treatment of various serious medical conditions.
    Several training centers offer extent level of programs
    with talented faculties. How as to what too much exposure to fluoride can perform to your health.

    Reply
  33. locali hard roma says:

    Howdy! This is kind of off topic but I need some guidance from an established blog. Is it very hard to set up your own blog? I’m not very techincal but I can figure things out pretty quick. I’m thinking about creating my own but I’m not sure where to begin. Do you have any tips or suggestions? Appreciate it

    Reply
  34. Tomi Engdahl says:

    Bitcoin Foundation Receives Cease And Desist Order From California
    http://www.forbes.com/sites/jonmatonis/2013/06/23/bitcoin-foundation-receives-cease-and-desist-order-from-california/

    Directly following last month’s Bitcoin 2013 conference event in San Jose,

    California’s Department of Financial Institutions decided to issue a cease and desist warning to conference organizer Bitcoin Foundation for allegedly engaging in the business of money transmission without a license or proper authorization.

    If found to be in violation of California Financial Code, penalties can be severe ranging from $1,000 to $2,500 per violation per day plus criminal prosecution which could result in fines and/or imprisonment. Additionally, it is a felony violation of federal law to engage in the business of money transmission without the appropriate state license or failure to register with the U.S. Treasury Department.

    The Bitcoin Foundation is a nonprofit corporation registered in Washington, D.C. with mailing address in Seattle, WA.

    One activity that the foundation does not engage in is the owning, controlling, or conducting of money transmission business.

    At this stage, it’s difficult to tell whether or not it was a general blanket action and if other bitcoin-related entities received cease and desist letters from California. If Bitcoin Foundation was not the only recipient, then expect other companies to come forward in the days and weeks ahead.

    Recently, the State of Illinois also issued a cease and desist letter to mobile payments processor Square for failing to have the proper licensing in accordance with the state’s Transmitters of Money Act. Prepaid card provider NetSpend and six other payments companies also received Illinois cease and desist orders. If this practice grows among states, it could have a potentially significant “chilling effect” on financial services innovation, especially upon lawful businesses that are designing infrastructure to support and grow the Bitcoin technology.

    Reply
  35. qesltd.com says:

    I delight in, cause I discovered just what I was having a look for. You’ve ended my 4 day lengthy hunt! God Bless you man. Have a nice day. Bye

    Reply
  36. stop foreclosure fresno says:

    high-quality article, really valuable, with thanks a lot!

    Reply
  37. BTC Robot says:

    That you make it look very easy as well as your presentation even so come across this condition to become actually an issue that I find myself I would personally hardly ever fully grasp. The idea almost can feel also intricate and extremely extensive personally. I am taking a look toward ones up coming posting, I’m going to try and find the grasp than me!

    Reply
  38. cancen oil company says:

    I’m interested in the oil field industry, but I don’t know what I would like to do. So can I get a list of jobs in the oil field, and how much each of they pay? Thank you!

    Reply
  39. Tomi Engdahl says:

    “The largest-ever hacker” fraud revealed

    The Internet has revealed an international criminal skein, which the U.S. authorities call the worst known project information from being stolen. Russia and Ukraine, for example, acted as criminals hit store chains and payment intermediaries, and the damage is considerable. Two of the men have been caught.

    Determination of any charge, the men stole the credit card information by attacking a number of different business systems. The list of U.S. retailers such as 7-Eleven, JC Penney and Hannaford, as well as the French retail chain Carrefour.

    Shocks were also made by Visa and Diners credit card payment systems, as well as mediating companies. Technology on the Nasdaq Stock Exchange was one of the target of attacks.

    The systems were 160 million credit card information. Their data were copied to blank cards, and cards was then raised money and made purchases. A stolen credit card information was also used in on-line purchases and credit card information was sold on.

    Crimes resulted in hundreds of millions of dollars of damage.

    The prosecutor disclosed that the attacks were generally used the so-called SQL injection technique.

    Source: http://www.tietokone.fi/artikkeli/uutiset/historian_suurin_hakkeripetos_paljastui

    Reply
  40. how to borrow money says:

    Just want to say your article is as astounding. The clearness for your publish is simply great and that i could assume you’re an expert in this subject. Fine with your permission allow me to grasp your feed to keep updated with imminent post. Thank you 1,000,000 and please carry on the enjoyable work.

    Reply
  41. Tomi Engdahl says:

    You Can Now Send Micro-Transactions With Zero Fees
    http://blog.coinbase.com/post/57483182558/you-can-now-send-micro-transactions-with-zero-fees

    We launched an exciting feature today: off blockchain micro-transactions between Coinbase accounts!

    Here is a bitcoin transaction I just sent myself for 1 satoshi (that is 0.00000001 Bitcoin).

    The transaction:

    arrived instantly
    confirmed instantly
    cost zero in fees

    This was possible because it did not touch the “blockchain” (the public ledger of all bitcoin transactions), and instead was sent directly between two Coinbase accounts.

    Bitcoin is an incredibly efficient protocol for moving money with low fees. However, it does have a “miner fee” ($0.05 – $0.01 at current exchange rates) if you want your transaction to be sent and confirmed quickly.

    I say “new business models which haven’t been invented yet” because micro-transactions have been very difficult historically due to the fee structure of credit cards (they have a base fee of roughly 20 cents in addition to the 2-3% fee).

    Reply
  42. Tomi Engdahl says:

    Future robber magnet? Facebook’s new mobile payment to store credit card information

    Facebook is testing a new mobile payment system, which is intended to speed up and facilitate the mobile payment. PayPal may be challenging novelty store the user’s credit card information, which may be a threat to security.

    The company’s representative Tera Randall of the new payment method, tested in a small group of users.

    Payment method only works with partner companies. Their payment form the necessary credit card information is obtained automatically from Facebook’s system, if the user is so authorized.

    The new payment method is hoped to lower the threshold for credit card payments by speeding up and facilitating the process. It is hoped, will probably also increase Facebook’s trading volume and diversify it.

    Source: http://www.tietoviikko.fi/kaikki_uutiset/tuleva+rosvomagneetti+facebookin+uusi+mobiilimaksutapa+tallentaa+luottokortin+tiedot/a921709

    Reply
  43. Tomi Engdahl says:

    Criminals use 3D-printed skimming devices on Sydney ATMs
    http://www.itnews.com.au/News/353590,criminals-use-3d-printed-skimming-devices-on-sydney-atms.aspx

    A gang of suspected Romanian criminals is using 3D printers and computer-aided design (CAD) to manufacture “sophisticated” ATM skimming devices used to fleece Sydney residents.

    NSW Police recently arrested and charged a Romanian national with fraud after a money transfer officer contacted police over a suspicious transaction.

    “These devices are actually manufactured for specific models of ATMs so they fit better and can’t be detected as easily,” he said.

    “Parts of the devices are internally fitted, either by the offenders moving part of the slot and replacing it with their own, and pushing circuitry into the machines. [Another model] is so small it’s entirely self-contained and entirely pushed in, with some force, into the card slot.”

    The devices are accompanied by a video camera which is attached above the location of the skimmer, and is tailored to the design of the particular ATM.

    “They’re getting smaller and smaller with time,” Dyson said. “They’re trained down at the keypad where the pin is entered.”

    The focus of skimming gangs is to obtain both the credit card and the PIN.

    Those behind the scheme then copy card details onto blank cards which, used with the PINs, allowed them to make purchases and withdraw money.

    Two banks in particular have been affected. Dyson declined to provide names.

    For customers, it is “difficult if not impossible” to tell if an ATM has a skimming device attached, Dyson said.

    Reply
  44. Tomi Engdahl says:

    Germany: Bitcoin Is “Private Money”
    http://news.slashdot.org/story/13/08/19/0134258/germany-bitcoin-is-private-money

    “Germany has declared Bitcoin as a ‘unit of account’, which makes the virtual currency a kind of ‘private money’ and the process of Bitcoin mining has been deemed ‘private money creation.’ The recognition as ‘unit of account’ makes Bitcoin eligible for use in “multilateral clearing circles” and because of this citizens are liable to pay capital gains tax, if they profit from the crypto-currency by sale or purchase within a period of one year – the same as they would have to in case they profit by selling stock, bonds or other form of security.”

    “The German government expects that citizens declare their Bitcoin while filing their annual tax return.”

    Reply
  45. personal money tracker says:

    Is really attention-grabbing, You happen to be a strong excessively specialized writer. I’ve got become a member of your rss and check onward to trying to get excess of this wonderful article. Additionally, I’ve got contributed your web site during my web sites

    Reply
  46. hanna gronkiewicz waltz says:

    I simply wanted to thank you very much all over again. I do not know what I would have gone through in the absence of the entire concepts discussed by you about that concern. Previously it was a real distressing difficulty in my circumstances, but seeing this professional manner you dealt with the issue took me to leap for delight. I’m thankful for the information and in addition expect you are aware of an amazing job your are getting into instructing other individuals via your website. I know that you haven’t encountered any of us.

    Reply
  47. double glazing says:

    Do you have a spam issue on this site; I also am a blogger, and I was wondering your situation; we have created
    some nice methods and we are looking to swap methods with other
    folks, be sure to shoot me an email if interested.

    my weblog: double glazing

    Reply
  48. Nancy Brown says:

    Financial Stress. You might be a mom looking for a way to earn money, and spend more time with your kids? If that is the case, then a work from home is what you need. On the web you can find a lot of opportunities that allow you to create a stable income in the home environment. There are several online sites dedicated to mothers like you, but you do not need to check all of them. If you want some simple and effective guidance so look right here: http://haybyrne.com/moneyformoms.html.

    Reply
  49. Waylon Rikard says:

    Be able to I churn out a suggestion? I feel youve acquired single thing good quality at this juncture. However what if you happen to added a pair links to a web page that backs up what youre saying? Or perhaps you possibly know how to give us somewhat to take a look at, somewhat that would join what youre saying to one thing tangible? Only a suggestion. Anyway, in my language, there will not be a lot excellent supply similar this.

    Reply
  50. Tomi Engdahl says:

    No coupon? No problem: Microsoft linking daily deals directly to credit card
    http://www.geekwire.com/2013/coupon-problem-microsoft-linking-daily-deals-credit-card/

    Microsoft Bing is launching a test program in Seattle this week that aims to overcome one of the challenges of daily deals programs — eliminating the requirement to show a coupon or voucher, and instead connecting the deal directly to a user’s credit card.

    The pilot program, involving the company’s Bing Offers deals site, is part of a broader push to adopt the approach across the industry.

    Microsoft is taking part a new industry group, the CardLinx Association, that will attempt to create standards for connecting daily deals from a variety of services directly to user’s credit cards. They say the goal is to eliminate the “friction” caused by requiring users to show or print off a coupon when redeeming a daily deal.

    Reply

Leave a Reply to how to borrow money Cancel reply

Your email address will not be published. Required fields are marked *

*

*