Hackers Conquer Two-Factor Authentication

January 3, 2010 by ADMIN · Leave a Comment

BY Mel Duvall, Chief Content Officer at CIOZone

“Fraudsters have definitely proven that strong two-factor authentication processes can be defeated,” said Avivah Litan of Gartner. “Enterprises need to protect their users and accounts using a three-prong layered fraud prevention approach that uses stronger authentication, fraud detection and out-of-band transaction verification and signing for high-risk transaction.”

He’s Not After Your Heart, Just Your Data

July 19, 2009 by ADMIN · Leave a Comment

By Linda McGlasson, Managing Editor at BankInfoSecurity

Lexis-Nexis Breach Linked to Crime Family: One of the “old school” tactics that the organized crime figures use is going to the local watering holes and seducing young girls and finding out where they work. The mob’s tactic of dating new employees who work at companies that have access to customer data leads to Litan’s warning, “He’s not after your heart; he’s after your data.”

Anti-Phishing with Two Factor Authentication

June 15, 2009 by ADMIN · Leave a Comment

By John B. Frank, Strategist with HomeATM ePayment Solutions

According to research firm, Gartner, banks, online payment organizations and other financial institutions are bearing most of the financial cost of phishing attacks. (A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.) “The findings underline the fact that the war against phishing is far from over,” said Avivah Litan, analyst at Gartner. Yes, the very same Avivah Litan who says “never” enter your PIN on the Internet unless it’s hardware based.

Security Risks Accompany New Technologies

June 10, 2009 by ADMIN · 1 Comment

By John B. Frank, Marketing Strategist with HomeATM ePayment Solutions

RSA and IDG released two new research studies that examine the far-reaching security implications of promising technologies such as cloud computing, virtualization, social networking and mobile communications, and explore the pivotal business risks and rewards they represent to organizations worldwide.

Data Sniffing Trojans Hit European ATMs

June 3, 2009 by ADMIN · Leave a Comment

By Dan Goodin in San Francisco for the Register UK

The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM’s receipt printer, according to analysts from Spider Labs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.

Online Banking’s Innate Security Flaws

June 3, 2009 by ADMIN · 1 Comment

By John B. Frank, Marketing Strategist with HomeATM ePayment Solutions

According to research firm, Gartner, banks, online payment organizations and other financial institutions are bearing most of the financial cost of phishing attacks. (A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.)

‘Both Sides of the Mouth’ Security Analysis

May 27, 2009 by ADMIN · 1 Comment

By John B. Frank, Marketing Strategist with HomeATM ePayment Solutions

Launched in April 2009, P2P Safe-T-PIN offers home-based “card present” credit card and PIN debit transactions online using a PCI-certified device attached to a personal computer through a USB port. Users also could make online purchases by swiping their credit card or debit card and PIN at checkout. The device allows for secure real-time money movement with an option for delayed transactions.

3DES, DUKPT & E2EE Explained

May 14, 2009 by ADMIN · 2 Comments

By John B. Frank, Marketing Strategist with HomeATM ePayment Solutions

“End-to-end encryption would be most effective if data was encrypted from the time a card was swiped at a POS until it reached the card issuer, similar to the way personal identification numbers (PINs) currently are encrypted according to card brand standards.”

Payment Card Industry Swallows Its Own Tail

April 1, 2009 by ADMIN · 10 Comments

By Anthony M. Freed, Information-Security-Resources.com Financial Editor

Anyone who has been following the cascade of security failures plaguing the payment card industry in the last year, and punctuated by the still-shrouded breaches at RBS WorldPay (RBS) and Heartland Payment systems (HPY), has to acknowledge that there are major problems with security that need to be addressed pronto. But the greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers intent on a “big score,” but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve.

ISR News: Avivah Litan - “Visa’s next…?”

February 28, 2009 by ADMIN · Leave a Comment

Excerpts From Pin Payments Blog

Now, with 3 processor/acquirer breaches in 3 months, it appears she’s the Nostradamus of the financial transaction world. So when one of her “quatrains” predict that “Visa’s next…” I, for one, wouldn’t write that off as being overly cautious (or pessimistic). HomeATM CEO, Ken Mages, (who’s also a “see-er) saw the same writing on the wall years ago. Difference is, he’s was in a position to, (and has already done) something about it. Ms. Litan states that Visa needs to start seeing the same thing…or they’re next.