All articles by EPI editorial
EPI editorial
NCR and academics go hacking
Hacking threats to ATMs are an ever-present reality and have prompted establishment of a unique relationship between US self service hardware manufacturer NCR Corporation and the University of Abertay (UoA) in Dundee, Scotland.According to NCR the relationship with UoA has led to development of the worlds leading corporate-academic alliance devoted to uncovering and addressing criminal hacking threats posed to ATMs.NCR stressed that rather than reacting to threats as they arise, the security intelligence gained and adopted between itself and the UoA through an ethical hacking programme is designed to stop would-be hackers and viruses before crimes occur.The ethical hacking programme is approved and partially-funded through the UKs Knowledge Transfer Partnership (KTP) which has just awarded the second contract to the joint venture between the UoA and NCR.The second contract approved through the KTP will focus on personal authentication measures required to gain access to ATMs.The critical knowledge of illicit access to ATMs is an ongoing and growing threat to many ATM users, noted NCR.NCRs partnership with the UoA has led to the UoAs introduction of an ethical hacking programme offering BSC and MSC degrees in ethical hacking.The support from the Knowledge Transfer Partnership and NCR has enabled the university to develop world-leading research and education that have a significant impact on global security, said Colin McLean, ethical hacking programme tutor at the UoAs school of computing and creative technologies
Stakes get higher in US crackdown on online gambling
Enforcing the controversial US Unlawful Internet Gambling Enforcement Act (UIGEA) the Federal Bureau of Investigation (FBI) has filed an indictment charging Douglas Rennick with bank fraud and other offenses related to his alleged role in processing more than $350 million for internet gambling companies.The FBI alleges that between 2007 and 2009 Rennick, who resides in Canada, and his co-conspirators opened a number of bank accounts in the US under various company names, including KJB Financial Corp, Account Services Corp and Check Payment Financial According to the FBI, Rennick falsely represented that the accounts would be used for such purposes as issuing rebate cheques, refund cheques, sponsorship checks, affiliate checks and payroll processing.In reality, noted the FBI, the accounts were used to receive funds from offshore internet gambling companies and then disbursed via cheques to US residents seeking to cash out their gambling winnings.In total, Rennick and his co-conspirators are alleged by the FBI to have processed more than $350 million transferred from a bank account in Cyprus to various US bank accounts for this purpose.In its indictment the FBI calls for Rennick to receive a maximum term of 30 years in prison and a $1 million fine on the bank fraud charge, 20 years in prison and a $500,000 fine on the money laundering charge and 5 years in prison and a $250,000 fine on the gambling charge
GrIDsure takes on the PIN stronghold
Amid a plethora of solutions making their appearance on the online security scene, one product is attracting a growing number of big-name adopters such as Microsoft and earning for its developer GrIDsure accolades for its simple effectiveness.Intended as a replacement for PIN numbers, UK developer GrIDsures solution struck a particularly strong note with IT research and advisory firm Gartner which last year featured GrIDsure among its Cool Vendors in Application Security and Authentication.Adding to its reputation, GrIDsures solution found itself highlighted by the BBC as being amongst the top-five security innovations showcased at the Infosecurity Europe exhibition held in London in April this year.The solutions appeal lies in its elegant simplicity, Steve Howes a joint founder and CEO of GrIDsure, told EPI.Random numbersThe GrIDsure security solution comprises a box grid, usually in a five-by-five configuration with a total of 25 cells making up the box
MoneyGram takes mobile plunge
Following in the steps of its larger rival Western Union, US-based money transfer specialist MoneyGram has announced its entry into the increasingly crowded mobile phone-based cash remittance market.Partnering with MoneyGram in development of the mobile service is Affinity Global Services (AGS), a mobile payments technology solutions developer based in Dallas, Texas We see a tremendous opportunity to better serve these consumers by delivering MoneyGram remittances in compelling new formats such as mobile technology.The mobile remittance service will run on AGS MADE Platform which, according to MoneyGram, will enable it to connect to virtually any mobile network operator
Expect more Heartlands, warns expert
But despite efforts to resolve weaknesses building a new internet platform may be the only solution, security expert Ori Eisen told EPI.In a sequel to one of the most widely publicised data breaches yet involving theft of credit and debit card numbers and related personal identification information, Albert Gonzalez and two unnamed accomplices have been indicted by a US court in New Jersey.The most serious offence of which they stand accused is breaching the security of Heartland Payment Systems, the US fifth-largest payments processor, in the process obtaining 130 million payment card numbers This made it the biggest data theft in US historyIn addition, the indictment covers theft of 4.2 million payment card numbers from supermarket chain Hannaford Brothers computer network and an unknown number of payment card numbers from convenience store chain 7-Eleven and two unnamed national retailers.Gonzalez, together with 10 other people, was last year charged with theft of an estimated 47 million credit and debit card numbers from nine major retailers including TJX Companies, BJs Wholesale Club and Barnes & Noble.The latest indictment specifies the method used by Gonzalez and his accomplices as being a SQL injection which, according to Microsoft, targets internet applications where vulnerabilities of the underlying database are known or discovered attackers
Subscribe to our Newsletter
Get industry leading news, data and analysis delivered to your inbox
Online billing yields big benefits
Advantages to be gained in terms of higher customer retention and increased profits from the adoption of electronic billing (e-billing) and online bill payments have been yet again confirmed by a study undertaken by financial technology vendor Fiserv.Conducted for Fiserv by research firm Aspen Marketing Services, the study evaluated data from 8 million residential customers of US telecommunications company Quest Communications over an 18-month period, with analysis concluded in April 2009.Based on its findings Aspen found that the analysis found the most significant linkage between billing and business benefits were among early tenure customers those who had been customers for less than 28 months.Specifically, among early-tenure customers: E-bill users are 12.5 percent less likely to leave, are 35 percent more likely to pay their bills on time and purchase 20 percent more products than paper bill users; Automatic, recurring payment users are 14 percent less likely to leave and 86 percent more likely to pay their bills on time; and Users who combine e-bill with recurring payment are more loyal and more profitable than other customer segments.From a cost perspective, the study validated the importance of delivering e-bills not only via an organisations own website, but also via financial institution sites
Technology levelling the playing field
For most smaller banks aiming to benefit, investment in technology to enhance transactional banking capabilities is a key focus.Though many big banks in the US are enduring extremely difficult times in the wake of the global financial crisis, this does not hold true in general for small-to-medium size banks which in terms of numbers make up the vast majority of the banking industry.While many big banks have found themselves faced with under-capitalised balance sheets, forcing them in many instances to reduce credit lines available to corporate customers, many smaller banks have been managed more conservatively.The result is that a large number of smaller banks continue to have extremely strong balance sheets, putting them at an advantage to the big banks explained George Ravich, chief marketing officer of US banking software and service vendor Fundtech, in a recent discussion with EPI.The small and medium-sized banking sector is enjoying substantial growth in new deposits and credit lines and attracting many small- and mid-sized corporates seeking capital or wanting to reduce the risk of being exposed to the whims of one big bank, he added. The result has been that Fundtech has seen a considerable increase in interest displayed by smaller banks in upgrading their key business areas such as payments and cash management systems.To assess banking industry attitudes and the potential for increased demand for technology solutions, Fundtech recently convened a panel of five senior bank executives at its annual client conference to discuss a wide range of issues facing the financial services industry with the focus on transactional banking.Throughout the panel discussion the audience comprising 80 bankers expressed their opinions using a real-time electronic polling system.The five panel members representing banks spanned the range from the mid-size bank in terms of total assets to those in the large-bank sector where total assets exceed $10 billion
Inside Contactless beefs up security
Cryptography Researchs (CR) pioneering work in combating differential power analysis (DPA) and related attacks continues to attract big-name players in the contactless payments arena, among the latest of which is French smart card microprocessor developer Inside Contactless.Discovered by CR researchers, DPA is described by CR as a powerful tool that allows cryptanalysts to use statistical techniques to extract keys from smartcards and other cryptographic devices by analysing their power consumption CR has over 50 patents covering countermeasures to DPA attacksUnder the license agreement with CR, Inside gains access to CRs patents as part of the security strategy for its contactless semiconductor products used in applications such as contactless payment cards, near field communications secure elements for mobile phones, transport smart ticketing and access control.The license agreement also covers third-party software executing on Insides MicroPass chip products, allowing Insides customers to develop their own DPA countermeasures without the need for a separate license from CR
Tough economic times drive UK shoppers online
Winners are those retailers that have effectively harnessed the power of the internet.This message comes through strongly in a study conducted for PayPal UK by market analytics specialist Experian, the PayPal UK Online Retail Report.In assessing consumer attitudes towards shopping Experian concluded that a mood of considered consumption is now well established among UK adults, with shoppers now scrutinising every purchase before committing to spending money.A desire to make the most of their money is also driving consumers online where they believe they will find the best deals, stressed Experian.Based on a consumer survey conducted in April 2009, Experian found that nearly 4 in 10 online shoppers 8.7 million adults now believe that it is easier for them to budget by purchasing items online rather than the high street, while 47 percent (10.8 million) believe their money goes further online.In addition, 62 percent of online shoppers (14.2 million) believe that the best deals are only available online.Estimates extrapolated from the survey are based on the UKs official adult population of 48.77 million of which, according to Experians own research conducted in March 2009, 47 percent (22.9 million) had shopped online during the previous six months
Birth of a new processing giant
In a powerful combination of American payments giants, Bank of America and First Data Corp announced the formation of a new company that will deliver next-generation payments solutions to merchants ranging from small business to commercial and corporate clients worldwide.Banc of America Merchant Services will provide clients with a comprehensive suite of innovative payments solutions including credit, debit and prepaid cards to merchant loyalty, cheque and e-commerce payments, the companies said.Thomas Bell, chief strategy officer and president of First Datas financial services business, was named CEO of Banc of America Merchant Services, and told EPI he was excited to combine the technological expertise of First Data with the deep merchant reach and customer referral network of Bank of America.This is an incredibly competitive business but we believe we have created a real powerhouse, Bell said