Tuesday, 30 August 2011

International ATM Cyberheist Drains Florida Pre-paid Card Bank of $13 million

News that a Florida-based bank has been left holding the baby in a $13 million ATM fraud highlights the increasingly complex world of cybercrime and the multi-faceted layers of security needed to defend against it, says Lieberman Software.

According to Philip Lieberman, President and CEO of Lieberman Software, the case is an interesting one as it appears to involve the hacking of the affected financial institution's computer system that controlled the bank's pre-paid debit card security parameters.

"The cybercriminals appear to have tampered with the daily cash withdrawal limits on 22 pre-paid cards, effectively allowing the cards and their clones to drain all the cash from a machine, and then some. Conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom used the cloned cards to withdraw cash from dozens of ATMs".

The fraud must have taken place over a few days, possibly a holiday weekend; the scale of the ATM withdrawal project must have been immense. Had the fraudsters staged their cash withdrawal scam over a longer period, then the bank's fraud analysis systems would have kicked in and the card cash withdrawal facility been locked down pending a full-scale investigation".

"According to security researcher Brian Krebs' report on this fascinating saga, the FBI, banks and other agencies are not saying a lot about the fraud, which I think speaks volumes. It also suggests that defending against multi-faceted fraud of this nature, even if you are a bank, is easier said than done," he added.

VeriFone Ships 500,000th System to Swedish Partner Point Transaction Systems

VeriFone announces it has shipped its 500,000th payment systems to Swedish partner Point Transaction Systems with whom it has forged a strong relationship spanning more than 20 years. Point uses VeriFone systems and software in the vast majority of its merchants.

"Congratulations to the Point team on this milestone achievement. Customers of Point Transaction Systems know they are getting all the benefits of a local partner backed by the worldwide product scope and infrastructure expertise of VeriFone," said Douglas G. Bergeron, CEO of VeriFone.

"We're delighted that together we have developed a tremendous working partnership upon which so many Northern European customers are reliant. VeriFone provides critical functionality in the areas of operating systems, EMV chip and PIN, and security for Point's VeriFone end users. VeriFone also delivers the ongoing updates required by Point's merchant base to stay compliant with increasingly demanding European payment and security regulations," Bergeron added.

BPC Banking Technologies Inks Deal with First United Bank

BPC Banking Technologies announce it has been selected to implement a new card management system by First United Bank (Pervobank), Samara region, Russia.

To meet current market demands the Bank was looking for a flexible, scalable, comprehensive solution to manage its card products. In particular Pervobank wished to implement an innovative card strategy including new credit and debit card products. The current outsourcing model lacked the ability to keep pace with the Bank's plans in a timely and cost effective manner.

BPC met all Pervobank's requirements with its SmartIssuer solution, which will interface to the Bank's Diasoft core banking system and the existing outsourced processing centre, and is highly configurable so Pervobank can quickly create unique products designed to appeal to various customer demographics.

SmartIssuer implementation is the first step in migrating the Bank's complete card processing from outsourcing to an in-house model. This will deliver direct control over a strategically important line of business as well as reducing TCO, delivering speed to market and providing a sustainable long term platform to support growth in the Bank's card business.

Pervobank is one of the largest banks in the Samara region and is demonstrating sustained growth - the region itself is ranked 5th in the top-30 rating "Best Regions for Investment-2011" published by Forbes Magazine.

Diebold Unveils Prototype for World's First Virtualized ATM

Diebold, Incorporated is to introduce a prototype for the world's first virtualized ATM. Diebold will unveil the innovation at VMworld 2011, which runs from 29th August to 1st September.

"Virtualization will fundamentally change the way Diebold and its customers deploy solutions to the marketplace. It enables unified management of a wide array of services and paves the way for orchestration of multiple channels," said Frank A. Natoli, Jr., vice president and chief technology officer, Diebold. "This development is an important milestone on Diebold's road map to leveraging cloud computing technology in the retail financial space. This technology is a game changer for our industry."

Diebold developed the virtualized ATM prototype in collaboration with VMware. The companies' vision for the powerful combination of their innovative self-service and virtualization technologies is to enable financial institutions to address their most critical business priorities: enhancing security and mitigating fraud, improving operational efficiency, delivering optimal consumer experience and growing and retaining their customer base. Diebold is working to identify financial institutions to serve as sites for a virtual ATM proof-of-concept study, moving the prototype toward achieving this vision.

Virtualization of the self-service channel removes the onboard computer from the ATM, tying each terminal in a fleet to a centralised computing resource. In this scenario, the physical components of a single server provide resources to many "virtual" ATMs. The result is not only the consolidation and sharing of resources throughout a self-service network, but also across delivery channels, opening the door for more effective channel orchestration.

PCI Security Standards Council Releases Updated PCI DSS Wireless Guidelines

The PCI Security Standards Council (PCI SSC) has published an update to the PCI DSS Wireless Guidelines Information Supplement, providing organisations with the current PCI DSS considerations for implementing wireless technology securely in payments environments.

A product of collaboration with the Council's Wireless Special Interest Group -comprised of more than 40 participants from POS vendors and network security companies to acquiring banks and large merchants - the wireless guidelines were first published in 2009 to help organisations understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless and to provide practical methods and concepts for deployment of secure wireless in payment card transaction environments.

By identifying some of the key PCI DSS requirements related to wireless and providing recommendations for its use in a PCI DSS compliant manner, the information supplement helps organisations evaluate the potential impact of wireless technology on their cardholder data environment (CDE) before implementation. The guidance emphasizes that PCI DSS requirements must be individually evaluated for each environment. "Wireless networks continue to be an easy target for data compromise, especially as new devices are added to these environments" said Bob Russo, general manager of the PCI Security Standards Council. "This resource remains an important tool for understanding how to secure your payment card data when using wireless technologies".

Ingenico Acquires TNET

Ingenico announces the acquisition of 100% of TNET Centro Servizi Monetici Srl (TNET), an Italian company specialised in technical services for payment terminals.

TNET, founded in 1998, has been one of the first independent companies to provide on-site services to the electronic payment market. TNET manages an installed base of 45,000 terminals in Italy, and the number will reach 50,000 terminals within the coming months thanks to new contracts already signed.

Luciano Cavazzana, Managing Director of Ingenico Italia, will head the new entity, which will be integrated in the Operations department of Ingenico Italia. The terms of the transaction were not disclosed. "The acquisition of TNET reflects our strategy aimed at strengthening our technical services activity", commented Pierre-Antoine Vacheron, EVP Sepa-Europe Region Ingenico, "It will further develop our offer with improved technical services for our customers and a corresponding managed based of close to 300,000 terminals in Italy."

Note to Subscribers

If you would prefer to receive your News On Line email in plain text, please send an email with "Plain Text" in the subject line.

If you are a subscriber to our Daily News On Line service or Monthly Newsletter you are entitled to access restricted pages on our website news archive. For the username and password please send an email with "Subscriber Password" in the subject line. lesley.dann, Subscriptions Administrator, Smart Card Group. lesley.dann@smartcard.co.uk

To Unsubscribe Email Us at info@smartcard.co.uk or click Unsubscribe

Important Information

From time to time, this news service may include industry forecasts and forward looking statements made by the companies concerned. Readers should be advised that Smart Card News Ltd cannot be held responsible for decisions and/or actions taken by readers of our news service, based on the information provided. This news is only to be distributed to persons/companies who have a contract with Smart Card News Ltd. Unless your company has gained a licence and/or written permission from Smart Card News, the contents of this news page are not to be forwarded to any other person or server. Any replication by any means without prior permission is illegal and action may be taken. If you receive this online news from a forwarded source please contact the team at Smart Card News Ltd. It is illegal to replicate this online news.

Email: info@smartcard.co.uk
Tel: +44 (0)1903 734 677