1011Now TV news reports the Lincoln, Nebraska Police Department’s Technical Investigations Unit is currently looking into several credit and debit card fraud cases. Officer Katie Flood says the victims are from Lincoln, but the stolen credit and debit card numbers are being used to make purchases overseas in places like Hong Kong. Flood says this case involves accounts at numerous Lincoln banks and these cases started turning up over the weekend. Russia, Norway, South Africa and Canada are among the 20 countries where local money was spent. At West Gate in Lincoln, President Carl Sjulin says 50 of his customers are affected. Sjulin says he believes the security breach might have occurred at a Pennsylvania company that processes debit card transactions.
The Register reports a California man was sentenced to six years in prison for his role in laundering $2.5m in proceeds from stolen credit card schemes. According to court documents, Cesar Carranza, 38, of Long Beach, California was part of an intricate web of hackers and credit card scammers who associated on websites such as carderplanet.com and shadowcrew.com, both of which are no longer in operation. Using the online handle “uBuyWeRush,” Carranza helped launder funds plundered by money mules who used stolen credit card data to withdraw money from ATMs. From Long Beach, he used a variety of methods to transfer the money abroad, including e-Gold.
The Register reports a man accused of being one of the most prolific sellers of credit-card data has been charged with participating in the brazen hack of RBS WorldPay in 2008, funneling about $9.4m out of the payment processor in just 12 hours. Vladislav Anatolievich Horohorin, 27, was already in the custody of French police following his arrest three weeks ago on charges he sold huge “dumps” of stolen credit-card data. An alleged founder of CarderPlanet — a notorious clearinghouse for payment-card fraudsters — Horohorin has been awaiting extradition to the US.
The law firm of Foley Hoag posts on Security, Privacy and the Law that according to a report in the Boston Globe, TJX has settled a lawsuit brought by the Louisiana Municipal Police Employees’ Retirement System, a TJX stockholder. It had alleged that the TJX board of directors failed to protect customers’ personal data, apparently in connection with the Alberto Gonzalez breach. Bloomberg News has reported the case was settled for $595,000 in legal fees and an agreement regarding enhanced oversight of customer files. There is no reference to this suit in TJX’s most recent Form 10-Q.
Linda McGlasson at Bank Info Security reports Heartland Payment Systems has reached a settlement agreement with Discover Financial Services (DFS) related to its 2008 data breach. The payments processor, which had its network hacked by a group of cyber criminals led by Albert Gonzalez, had 130 million debit and credit cards taken. Under the agreement, Heartland will pay Discover $5 million, resolving all issues related to the 2008 intrusion.
In an interview with Ban Info Security, Richard Oliver, a 37-year executive with the Federal Reserve Bank of Atlanta is the first U.S. banking industry executive to publicly declare that a U.S. migration to the EMV payments standard is inevitable. He won’t say if he’s a minority supporter of a U.S. move toward the EMV chip and PIN standard. But this Federal Reserve vice president does say the debate over a United States migration from the magnetic stripe to the more-secure chip & PIN payments technology is “toxic.”
Jennifer S. Martin blogs on the Commercial Law website about her poor experience in disputing skimming fraud on her credit card. She believes her bank denied the dispute up front without an investigation. She states, “This type of issuer behavior really gets me going! They knew they did not investigate the transaction, but sent a denial right away of the claim I did not authorize the transaction. The ‘game’ here is to send the denials on fraud claims knowing that only some consumers will pick up the phone and complain.”
StorefrontBacktalk blogs with lots of activity in the mobile payment and keyfob space, many have predicted the near-term demise of the rectangular plastic payment card. But at least two vendors are not giving up on wallet payment plastic without a fight. On September 15th a Pittsburgh-based vendor called Dynamics unveiled a battery-powered device in the shape of a credit card that is capable of mimicking multiple cards by reprogramming its own magnetic stripe on the fly when the user hits a button to change accounts. Instead of replacing all of the credit cards in a consumer’s wallet, this device would instead sharply reduce their number.
CyberSource announced a new development that fully links payment security with fraud management, meaning merchants can screen orders and keep payment data out of their systems, simultaneously. Caught between dual threats of online fraudsters and payment data breaches, eCommerce merchants face a dilemma. They want to screen orders for fraud, but to do that means handling payment data—the same data they’d like to eliminate from their networks in case of a breach.
IdentityTheft.com reports one of the conveniences that currently has consumers questioning whether it is safe or not is the relatively new practice of banking from one’s cell phone or Personal Digital Assistant (PDA). Banks are now spending big money to advertise the new system which allows account holders to check balances or initiate transfers anytime and from anywhere. Although, identity theft experts aren’t yet panicked, many of them have admitted that it is only a matter of time before thieves find a way to break into this system. Online identity theft is a huge problem that leads to numerous cases of credit fraud and bank account fraud each and every year. Cell phones should expect to encounter some of the same problems.
