Preventing Card Skimming Attacks

Credit and debit-card skimming scams have proliferated in recent years and the PCI Security Standards Council’s (PCI SSC) new guidelines hope to help retailers combat skimmers. But are they enough? The PCI Council’s guidelines focus on risk assessments and self-evaluation forms to help retailers evaluate their overall susceptibility. The guidelines also instruct retailers on how to educate employees that handle the POS devices, as well as how to prevent and identify device compromise.

According to Chris Paget, a security researcher, PCI SSC’s guidelines fail to address key problems that arise with malicious merchants stealing the data and with POS equipment that was tampered at the factory. The latter refers to supply chain attacks, which require a great deal of coordination and were previously thought only be possible with the involvement of a nation state. Security experts believe that terminals should have, at a minimum, intrusion protection technology that disables the hardware if opened; encryption technology; and a way to sound an alarm if an event occurs. Additionally, customers and not merchants should be the ones to swipe their card at the scanner…

Card-Not-Present Fraud in China Set to Increase Dramatically

The Chinese online payment market is predicted to increase dramatically and so is the card-not-present (CNP) fraud. According to Retail Decisions and Chinabank Payment, the online payment market will total $78.7 billion, while by 2012, estimates suggest the market will total $244 billion. If the past six months is any indication then China will be in for a rough ride. For example, in the past six months there has already been a 60 percent growth in CNP fraud for China’s airline industry. Chinese airlines and other industries must adopt more rules and sophisticated fraud detection tools if they hope to battle this increasingly prevalent problem.

ACH Internet Bill Payments May Displace Traditional Checks In 2010

According to Digital Transactions, Internet based e-check traffic is approaching the transaction volume of traditional paper-based bill payments. If the current rate continues web-based check payments could surpass paper checks in 2010. Internet bill payments amounted to 94% of the paper based alternative during the second quarter. This compares to 62% in 2005, 64% in 2006, 65% in 2007 and 78% in 2008, according to NACHA’s findings. Additionally, back office conversion, which allows retailers or their processors to convert checks to ACH transactions in their back offices, posted a 288% gain from 2008’s second quarter.

Warning - ACH & Small to Medium Businesses are Being Targeted by CyberCriminals

Brian Krebs of the Washington Post stated the Financial Services Information Sharing and Analysis Center had indicated Eastern European cyber gangs are stealing millions from small to medium businesses through online banking fraud. Unfortunately, many of the victims fail to report the crime out of fear that they won't be able to recover losses from their bank. The victims suffered from malicious software being planted on company owned Microsoft Windows PCs, which allowed fraudsters to obtain sensitive online bank information. The fraudsters then wire money to accomplices in the United States who then wire the money to the fraudsters overseas. The fraudsters’ use of the ACH network has become of critical concern because of the lack of controls it employs. For example, if I conduct a large fraudulent transaction with a credit card then a red flag will pop up, but if I did the same transaction with an ACH payment it would go undetected.

In a dramatic example, Dwelling House Savings and Loan Association failed after cyberthieves siphoned off $3 million in an ACH scam.