Credit and debit-card skimming scams have proliferated in recent years and the PCI Security Standards Council’s (PCI SSC) new guidelines hope to help retailers combat skimmers. But are they enough? The PCI Council’s guidelines focus on risk assessments and self-evaluation forms to help retailers evaluate their overall susceptibility. The guidelines also instruct retailers on how to educate employees that handle the POS devices, as well as how to prevent and identify device compromise.
According to Chris Paget, a security researcher, PCI SSC’s guidelines fail to address key problems that arise with malicious merchants stealing the data and with POS equipment that was tampered at the factory. The latter refers to supply chain attacks, which require a great deal of coordination and were previously thought only be possible with the involvement of a nation state. Security experts believe that terminals should have, at a minimum, intrusion protection technology that disables the hardware if opened; encryption technology; and a way to sound an alarm if an event occurs. Additionally, customers and not merchants should be the ones to swipe their card at the scanner…
Wednesday, September 23, 2009
Card-Not-Present Fraud in China Set to Increase Dramatically
The Chinese online payment market is predicted to increase dramatically and so is the card-not-present (CNP) fraud. According to Retail Decisions and Chinabank Payment, the online payment market will total $78.7 billion, while by 2012, estimates suggest the market will total $244 billion. If the past six months is any indication then China will be in for a rough ride. For example, in the past six months there has already been a 60 percent growth in CNP fraud for China’s airline industry. Chinese airlines and other industries must adopt more rules and sophisticated fraud detection tools if they hope to battle this increasingly prevalent problem.
ACH Internet Bill Payments May Displace Traditional Checks In 2010
According to Digital Transactions, Internet based e-check traffic is approaching the transaction volume of traditional paper-based bill payments. If the current rate continues web-based check payments could surpass paper checks in 2010. Internet bill payments amounted to 94% of the paper based alternative during the second quarter. This compares to 62% in 2005, 64% in 2006, 65% in 2007 and 78% in 2008, according to NACHA’s findings. Additionally, back office conversion, which allows retailers or their processors to convert checks to ACH transactions in their back offices, posted a 288% gain from 2008’s second quarter.
Warning - ACH & Small to Medium Businesses are Being Targeted by CyberCriminals
Brian Krebs of the Washington Post stated the Financial Services Information Sharing and Analysis Center had indicated Eastern European cyber gangs are stealing millions from small to medium businesses through online banking fraud. Unfortunately, many of the victims fail to report the crime out of fear that they won't be able to recover losses from their bank. The victims suffered from malicious software being planted on company owned Microsoft Windows PCs, which allowed fraudsters to obtain sensitive online bank information. The fraudsters then wire money to accomplices in the United States who then wire the money to the fraudsters overseas. The fraudsters’ use of the ACH network has become of critical concern because of the lack of controls it employs. For example, if I conduct a large fraudulent transaction with a credit card then a red flag will pop up, but if I did the same transaction with an ACH payment it would go undetected.
In a dramatic example, Dwelling House Savings and Loan Association failed after cyberthieves siphoned off $3 million in an ACH scam.
In a dramatic example, Dwelling House Savings and Loan Association failed after cyberthieves siphoned off $3 million in an ACH scam.
Friday, June 12, 2009
Tips for Small Businesses to Avoid Cash Reserves
How to prevent healthy business growth from becoming detrimental risk
As if the recession is not enough to deal with, for small and medium businesses that are growing during these hard times you need to be aware that your credit card processor may view your growth as a potential indicator that you are at risk of going under and institute cash reserves. Unfortunately the industry has learned from experience that some merchants, about to go under, commit fraud by processing bogus orders to bolster cash flow; which is seen by the processor as a spike in sales from the merchant. In a time where bankruptcies and business closures are rising it is only natural that processors are nervous.
An unfortunate byproduct of this negative behavior is that legitimate merchants showing too much growth over a short timeframe can also be branded as being at “risk”. For those of you that may not understand the way the relationship between merchants and processors works, the processor is on the hook to pay for any consumer losses, chargebacks, if a merchant goes out of business and cannot, or decides not to, cover those losses.
This being said, it should be understood that a spike in sales is not the only reason a processor may want to implement reserves, there are a number of factors that are looked at. The point is if you are one of the lucky few merchants experiencing growth you can take proactive steps that could help you avoid the reserves scenario.
As if the recession is not enough to deal with, for small and medium businesses that are growing during these hard times you need to be aware that your credit card processor may view your growth as a potential indicator that you are at risk of going under and institute cash reserves. Unfortunately the industry has learned from experience that some merchants, about to go under, commit fraud by processing bogus orders to bolster cash flow; which is seen by the processor as a spike in sales from the merchant. In a time where bankruptcies and business closures are rising it is only natural that processors are nervous.
An unfortunate byproduct of this negative behavior is that legitimate merchants showing too much growth over a short timeframe can also be branded as being at “risk”. For those of you that may not understand the way the relationship between merchants and processors works, the processor is on the hook to pay for any consumer losses, chargebacks, if a merchant goes out of business and cannot, or decides not to, cover those losses.
This being said, it should be understood that a spike in sales is not the only reason a processor may want to implement reserves, there are a number of factors that are looked at. The point is if you are one of the lucky few merchants experiencing growth you can take proactive steps that could help you avoid the reserves scenario.
Is China Serious about Cybercrime
Domestically
As hacking hits home, China has vowed to fight cybercrime by making examples out of a few cyber criminals but is it enough? China’s antiquated cybercrime criminal code has recently made advances to help address the burgeoning problem that has started to affect small to large domestic businesses. In the past few years, Chinese hackers have started to demand money from small Chinese businesses or else… Typically, the hackers will initiate a DDoS attack against a business and then demand ransom to restore the system back to health. As a result, China has shown that they are putting forth some effort to combat this growing cyber crime problem…
Internationally
China has been called by experts, “The world’s malware factory” and for good reason. The country has developed into a major source of online attacks and zero-day attacks, which focus on unknown software vulnerabilities. In another article, “In China, $700 puts a Spammer in Business”, a valuable tool for spammers and a big problem for security professionals around the world is called bullet proof hosting. Usually, a web hosting providers will shut down a web site quickly, if large amounts of bulk emails are sent out and directing people to your site. However, with bulletproof hosting spammers don’t have to be concerned about being shut down because of spam complaints. The Chinese registers simply ignore the take-down requests, which cause a grey area for international cooperation. It should be noted that there are several major bullet proofing servers around the world but the vast majority are located in China. If the Chinese are truly serious about combating cybercrime they must address all aspects of internet security. It is true that actions speak louder than words…
As hacking hits home, China has vowed to fight cybercrime by making examples out of a few cyber criminals but is it enough? China’s antiquated cybercrime criminal code has recently made advances to help address the burgeoning problem that has started to affect small to large domestic businesses. In the past few years, Chinese hackers have started to demand money from small Chinese businesses or else… Typically, the hackers will initiate a DDoS attack against a business and then demand ransom to restore the system back to health. As a result, China has shown that they are putting forth some effort to combat this growing cyber crime problem…
Internationally
China has been called by experts, “The world’s malware factory” and for good reason. The country has developed into a major source of online attacks and zero-day attacks, which focus on unknown software vulnerabilities. In another article, “In China, $700 puts a Spammer in Business”, a valuable tool for spammers and a big problem for security professionals around the world is called bullet proof hosting. Usually, a web hosting providers will shut down a web site quickly, if large amounts of bulk emails are sent out and directing people to your site. However, with bulletproof hosting spammers don’t have to be concerned about being shut down because of spam complaints. The Chinese registers simply ignore the take-down requests, which cause a grey area for international cooperation. It should be noted that there are several major bullet proofing servers around the world but the vast majority are located in China. If the Chinese are truly serious about combating cybercrime they must address all aspects of internet security. It is true that actions speak louder than words…
The Grass May be Greener in Asia
Despite the financial crisis, Asia has continued to boom and companies are experiencing enormous gains in the region. For example, Alibaba and eBay have shown that resilience, localization and determination are key factors for success. Jack Ma’s Alibaba increased 2008 revenue by a substantial 39% with a net profit increase of 25%. Within this time period Alibaba posted a 41% increase in paying members and a 38% increase in registered users.
Alibaba’s Jack Ma also believes that 2009 is a year of investment. Alibaba has set strategic goals of aggressively pursuing growth through localized versions of Alibaba in Japan, South Korea and India while also expanding its presence in the U.S. and Britain. Alibaba is not alone. eBay has also begun to push its localization strategy deeper into Asia through numerous strategic alliances with companies such 99bill.com and Gmarket. South Korea’s market leader, Gmarket, has just begun to offer its services on eBay’s existing South Korean market platform. eBay hopes that the synergy will be able to provide it with a valuable potential platform for further expansion within Asia. As companies around the world push further into Asia investors may want to do the same…
Alibaba’s Jack Ma also believes that 2009 is a year of investment. Alibaba has set strategic goals of aggressively pursuing growth through localized versions of Alibaba in Japan, South Korea and India while also expanding its presence in the U.S. and Britain. Alibaba is not alone. eBay has also begun to push its localization strategy deeper into Asia through numerous strategic alliances with companies such 99bill.com and Gmarket. South Korea’s market leader, Gmarket, has just begun to offer its services on eBay’s existing South Korean market platform. eBay hopes that the synergy will be able to provide it with a valuable potential platform for further expansion within Asia. As companies around the world push further into Asia investors may want to do the same…
Subscribe to:
Posts (Atom)
