Friday, 17 June 2011

UkashOut for Secure Payments

Ukash, the leading eMoney network, has announced the launch of the new UkashOut MasterCard payment option, using which consumers can convert their electronic money back to cash safely and securely. Users can "close the loop" on eMoney payments by loading their cash onto an UkashOut MasterCard using their Ukash vouchers.

Consumers can use the prepaid, re-loadable MasterCard anywhere to get cash out from any ATM that contains the MasterCard logo. The UkashOut MasterCard can only be bought and loaded with Ukash vouchers or cash from over 420,000 points of sale across the 6 continents. It is available in either GBP, US$ or Euros and customers are able to hold one UkashOut MasterCard per currency.

UkashOut also offers additional security by providing a full KYC (Know Your Customer) process to obtain the UkashOut MasterCard by post. David Hunter, CEO of Ukash, said, "The UkashOut MasterCard completes the cycle for using cash online, from uploading, to spending, to converting eMoney back to cash. The benefits are widespread: it's faster, convenient and lets consumers keep track of their spending, budget more wisely and shop from more retailers".

Turkcell to Unveil Its Own Android NFC Phones

Turkey's largest mobile operator, Turkcell, will introduce its own branded NFC mobile phone, which happens to be an Android model designed by the leading Chinese mobile phone manufacturer Huawei.

The fairly priced smartphone named T20 features a MasterCard PayPass application issued by the Turkish bank Yapi Kredi. The phone supports the single-wire protocol standard, enabling Turkcell to store the PayPass application on its SIM card.

Two more Turkish banks could offer applications within weeks of the launch. There are about 40,000 PayPass merchant terminals in Turkey.

The Huawei-made smartphone passed U.S. Federal Communications Commission testing in May 2011. It is said to carry a NFC chip from NXP Semiconductors.

Turkcell launched its first NFC service and mobile wallet in April this year, with Yapi Kredi, using the Samsung S5230 NFC feature phone that supports the single-wire protocol.

WorldPay Launched E-Billing and Online Payment Service

International online payment company WorldPay and Dutch e-billing services provider AcceptEmail have signed a deal to provide an integrated service for electronic billing and online payment to customers.

AcceptEmail existing and new customers will now benefit from the opportunity to pay via WorldPay's multiple payment methods. AcceptEmail enables digital billing by combining structured emails with local and international online payment methods, supported by WorldPay. Via the newly signed agreement, the companies plan to extend the service to other countries.

WorldPay has 75 national and international payment methods and operates in over 40 countries worldwide.

Additional 62,000 Passwords, Emails Exposed

LulzSecurity has posted a collection of 62,000 passwords and emails on file hosting site MediaFire. Some of the net surfers have already used the exposed passwords to log into others' email services and other popular internet services. One user accessed a dating website and switched profile pictures to lewd images, while another web user took screenshots of a Facebook profile they had hacked.

LulzSec however did not make clear as to how where the collection of emails and passwords came from. According to the hacker group, "These are random assortments from a collection, so don't ask which site they're from or how old they are, because we have no idea. We also can't confirm what percentage still work, but be creative or something".

However, chief research officer at F-Secure, Mikko Hypponen, believes the email IDs have been taken from, a website for authors and communities of readers. Mikko Hypponen said: "There are probably other sources for the passwords too, but Writerspace pretty much has to be one of them".

Giants Join to Form Mobile Marketing and Payments Joint Venture

Everything Everywhere, Telefonica UK and Vodafone UK announce plans to create a standalone m-commerce joint venture (JV). The new entity, the first of its kind in the UK, will bring together the expertise and technology of the UK's leading mobile operators, enabling the rapid development and delivery of new mobile marketing and payment services.

The JV will deliver the technology required for the speedy adoption of mobile wallet and payments. This will enable consumers to transfer their entire physical wallet into a new secure, SIM-based wallet regardless of which NFC enabled mobile device, or mobile network they are using.

Companies and organisations that provide anything from credit, debit and loyalty cards to membership cards and transport tickets will be able to create secure mobile versions of their products. Consumers will be able to use their mobiles to pay for goods, services and travel using contactless technology (NFC) with one touch of their phone, or online via mobile or PC.

Guy Laurence, Chief Executive Officer of Vodafone UK, said: "Currently people take their mobile, wallet and keys when they leave home. In the near future, people will now start leaving their wallet at home, and in the mid term their keys may also be integrated into their mobile as NFC allows the mobile to act as a digital access card. The joint venture is the next phase in realising that ambition."

The JV is subject to competition clearance and is aiming to launch before the end of the year.

Multicard Provides Secure Identity Management Platform to The University of Arizona

Multicard has announced it is implementing a new identity management platform for The University of Arizona. The platform leverages contactless smart card technology and utilizes an open, standards-based architecture to manage and administer the institution's "CatCard" identity management program, which includes 51,000 students, faculty and staff on the university's campus in Tucson as well as other campus sites in Arizona. Multicard is providing ongoing consulting, integration and project management services for the program.

The new solution replaces the university's previous identity and access cards based on traditional proprietary technology with highly secure contactless smart cards that will enable multiple applications on one ID credential. The new card will allow holders to enter dormitories and other campus buildings, securely log on to PCs or campus IT networks, check out materials from the library, validate meal plan participation, and pay for on-campus print and copy services, bookstore purchases, vending items and parking, as well as serving as an ID card. Multicard's open architecture approach provides The University of Arizona with the flexibility to add or change applications on the "CatCard" at a far lower cost than its previous proprietary keycard. In addition, optional biometric authentication will be added for high-value research facilities on campus, thus ensuring the enhanced security required for research funding.

Spyeye Trojan Attacks Airline Debit Card Payments Accepting Website

Trusteer has found a new type of Trojan named SpyEye targeting the users of two leading European airline travel Websites - Air Berlin and AirPlus. Air Berlin is the second largest airline in Germany after Lufthansa and AirPlus is the global provider of business travel services for companies.

Amit Klein, CTO of Trusteer believes: "The attack subjects are far from randomly selected, but are, we believe, carefully chosen for their criminal revenue potential. One site accepts debit card payments, while the other caters to business users."

Trusteer said that the fraudsters can access Air Berlin travellers' personal details, including their date of birth and bank account details.

In case of Air Plus, companies use their business payment cards to pay. Since corporate accounts tend to carry much higher balances or credit limits than normal consumer accounts, cyber criminals generally eye business websites more than individual accounts.

In Air Berlin website attack, the criminals have targeted the main login URL of the AirPlus portal. SpyEye Trojan injects code into the users' web browser. The user remains ignorant of such an injection. The Trojan then brings out the user credentials including the card name and number, expiration date, CVV (signature strip) number, the user's date of birth, etc.

Trusteer believes, "the cybercriminal gang(s) behind these attacks is almost certainly using a semi-automated methodology of code development, allowing them to develop customised versions of the malware for specific purposes".

Note to Subscribers

If you would prefer to receive your News On Line email in plain text, please send an email with "Plain Text" in the subject line.

If you are a subscriber to our Daily News On Line service or Monthly Newsletter you are entitled to access restricted pages on our website news archive. For the username and password please send an email with "Subscriber Password" in the subject line. lesley.dann, Subscriptions Administrator, Smart Card Group.

To Unsubscribe Email Us at or click Unsubscribe

Important Information

From time to time, this news service may include industry forecasts and forward looking statements made by the companies concerned. Readers should be advised that Smart Card News Ltd cannot be held responsible for decisions and/or actions taken by readers of our news service, based on the information provided. This news is only to be distributed to persons/companies who have a contract with Smart Card News Ltd. Unless your company has gained a licence and/or written permission from Smart Card News, the contents of this news page are not to be forwarded to any other person or server. Any replication by any means without prior permission is illegal and action may be taken. If you receive this online news from a forwarded source please contact the team at Smart Card News Ltd. It is illegal to replicate this online news.

Tel: +44 (0)1903 734 677