Friday, 21 January 2011

Irdeto and ORS Take On Hackers

In a bid to halt pirate satellite tuners receiving illegal reception Irdeto and ORS have joined forces.

Official viewing cards will be sent a new code every week, which should make illegal viewing impossible. This means that over a million older version smart cards will need to be replaced. In conjunction Irdeto and ORS are pursuing the closure of websites and forums that actively instruct viewers on how to hack the signal.

ORS originally denied that the system had been compromised but ORS spokesperson Michael Weber told the online news service "It is true that ORF Digital system was attacked by hackers. They have illegaly counterfeited the key of a customer card."

Heathrow Express Mobile App Now Available

Heathrow Express has launched a fully functional mobile application allowing you to seamlessly purchase your tickets and receive direct to your phone in less than 30 seconds. The app is available for iPhone, BlackBerry, Android and Java-enabled mobile devices.

You can receive your ticket with 2D bar code and reference number direct within your app on your phone, so there is no need to queue to collect your ticket at the station. The validity period extends to 6 months from purchase date with return journey valid 1 month from outward travel date.

To fast-track the payment process you can have a personal account within the app, which provides an option to store your details and preferred payment method. A history of your previous journeys is automatically created for your records.

Heathrow Express is the first train company in the UK to launch a mobile app which allows users to buy tickets and receive direct to their phone.

Kohl's to Partner with First Data on Private Brand Credit Card Processing

First Data Corporation announce it has entered into an agreement with Kohl's Department Stores to provide payment processing services for the company's private brand credit card accounts.

The multi-year agreement calls for First Data to provide Kohl's with credit card processing, customer analytics, risk management services and automated customer service workflow tools. Financial terms of the agreement were not disclosed. Kohl's partnership with First Data will not affect Kohl's current credit card arrangement with Chase or the company's previously announced agreement with Capital One.

"Helping drive our customers' success is the ultimate goal of First Data," said Ed Labry, president, First Data - North America. "Our strategic view of the payments industry, our ability to offer the full spectrum of industry-leading services and the expertise of our dedicated employees all play a role in achieving that success."

A conversion date is still being determined.

HID Global Fuels e-Passport and e-ID Adoption in Europe

HID Global recently deployed its e-government RFID reader technology in France, Germany, Italy, Netherlands and Spain to help create a more robust identity-checking infrastructure in Europe.

HID's e-government inlays, readers and printers are now used by ministries of interior and foreign affairs in more than 27 e-passport programs and 31 ID/e-ID programs worldwide.

The technology will be deployed in two additional countries during the first half of 2011 through leading system integrators.

Offering one of the world's fastest reader modules for biometric passport reading, and reader technology that supports Basic Access Control (BAC) and Extended Access Control (EAC) standards, HID's solutions deliver a combination of flexibility and future-proofing.

The BAC standard is used for government identity verification and for commercial applications such as accelerated hotel check-in/checkout and self-serve airline check-in, while EAC is used to enable biometric matching during e-passport and e-ID document issuance and at automated border-crossing locations.

Mark Scaparro, senior vice president of Identification Solutions (IDS) with HID Global says: "Being able to support BAC and EAC standards in our readers has been one of the top requirements for our OEM partners, as demand continues to grow for secure and reliable e-passport and other e-government solutions, and as more countries migrate from a BAC- to EAC-enabled infrastructure."

The latest EAC standards mandate that passports contain individual private keys to resist counterfeiting, and require inspecting parties to prove that they are entitled to extract sensitive data such as the fingerprint using digital signatures and a Public Key Infrastructure (PKI).

Zeus Latest Evolution in Malware Trends - Targets Online Payment Providers

Confirming our previous observations here at Trusteer, the Zeus malware continues to evolve, diversifying away from its target bank sites and their customers, and over to sites with user credentials that allow assets that have a financial value.

The move mirrors the evolution of card fraud in the 1980s and 1990s, when fraudsters initially targeted banks for cash advance fraud, then, as the banks developed their internal anti-fraud resources, moved over to quasi-cash platforms such as foreign currency purchases and then over to retail and e-tail sales outlets.

The parallels between card fraud evolution and the evolution of Zeus are reflected in the attack vectors against a few websites our researchers have identified as being targeted.

We have found 26 different Zeus configurations targeting Money Bookers. This usually indicates that fraudsters have a solid business around this target. For comparison, this number doesn't fall short of some of the highly targeted banks and brands in the world.

Web Money is targeted by 13 different Zeus configurations, with the last one released January 16th, indicating that this is hot target for fraudsters.

We believe this trend of targeting online payment providers will continue as more retailers allow these alternate payment methods with their Web sites.

So what can be done to counter the problem of Zeus-enabled credential fraud against a diversified range of online payment providers?

We believe that customers of all sites where purchases are involved need to protect their PC or access terminal. Users should also avoid using public access computers, as well as computers you do not own and therefore have direct control over. Retailers and payment providers, meanwhile, need to assess the risk associated with their customers' endpoint devices. They should, we believe, reject transactions from accounts used over insecure endpoints.

For more information see

Note to Subscribers

If you would prefer to receive your News On Line email in plain text, please send an email with "Plain Text" in the subject line.

If you are a subscriber to our Daily News On Line service or Monthly Newsletter you are entitled to access restricted pages on our website news archive. For the username and password please send an email with "Subscriber Password" in the subject line. lesley.dann, Subscriptions Administrator, Smart Card Group.

To Unsubscribe Email Us at or click Unsubscribe

Important Information

From time to time, this news service may include industry forecasts and forward looking statements made by the companies concerned. Readers should be advised that Smart Card News Ltd cannot be held responsible for decisions and/or actions taken by readers of our news service, based on the information provided. This news is only to be distributed to persons/companies who have a contract with Smart Card News Ltd. Unless your company has gained a licence and/or written permission from Smart Card News, the contents of this news page are not to be forwarded to any other person or server. Any replication by any means without prior permission is illegal and action may be taken. If you recieve this online news from a forwarded source please contact the team at Smart Card News Ltd. It is illegal to replicate this online news.

Tel: +44 (0)1903 734 677