A simple and telling article on the ease with which criminals trade in customers identities.  While the numbers traded may not be large, they are very consequential for the customers whose identities are involved.

Revealed: how credit cards are plundered on the Net – Britain – Times Online

Every day at least 400 credit card numbers, along with other personal information  including three-digit security codes, PINs and dates of birth, are sold by the gangs, The  Times has learnt. Other pieces of information routinely taken include phone numbers,  e-mail and street addresses, and mother’s maiden names.
…..
A credit card number sells for $1 (60p), while a card with a three-digit code fetches $5. Additional security information such as a mother’s maiden name can add $10 to a card’s value and a working PIN can push the price up as high as £100.

Continue reading “Revealed: how credit cards are plundered on the Net”

Privacy is becoming more and more a legal issue and this piece covers it well.  Within the article there is a relevant point for banks and the tradeoffs that exist in use of information. Nowhere to Run, Nowhere to Hide: The Online Privacy Issue – Knowledge@Wharton In some ways, the debate over privacy on the web shows amnesia about longstanding business practices and consumer behavior, said Accenture’s Brodnitz. “People have been trading personal credit information for better rates on loans for years. They will give up information in exchange for higher quality or good service. Capital One broke the back … Continue reading Accepting Privacy Tradeoffs

Halifax Bank of Scotland have installed RSA Cyota technology that reduces fraud for internet transactions, by noting when a fraudster tries to access their customers accounts.

HBOS to extend security system to debit cards after major reduction in online fraud

HBOS worked with RSA Cyota to develop eVision, an online service capable of analysing the risk of each credit card transaction by monitoring data about the customer’s IP address and the “fingerprint” of their computer.

A pilot in August last year showed that eVision was able to detect fraudulent purchases with between 80% and 90% accuracy. At the same time, it was able to reduce the number of genuine transactions blocked by the bank’s anti-fraud system, by a factor of 15.

Continue reading “Computer ‘fingerprint” technology cuts fraud”

With the recent ATM fraud, its natural and required to revisit security measures, and specifically the transmission of customer information between ATM's and bank host systems. That information travels a long way over disparate systems from the ATM, often through a processor, and then on to the bank. This paper issued by Redspin Inc. is based on their experience conducting internal security audits for US banks. Their key point is found here: ATM_Vulnerabilities_04_10_06.pdf Given the current application protocol, confidentiality of user account information is clearly a significant issue. While the PIN is encrypted, the card number, expiration date and current … Continue reading ATM security is more than triple DES

Nice summary of the Citi ATM fraud thing, tagged interestingly by The Consumerist Continue reading The Citi ATM fraud – a chronology

 I only mention this particular phishing incident,because of the sheer volume.  They are all correctly going into my gmail spam folder, but good grief there have been a lot of them over the last two weeks.

Despite my earlier posts about spam getting smarter, this one is unusual because its a pure brute force attack, hoping that volume will attract some success.

Here is the email – all links deleted for your reading safety.

 ____________________________________

Continue reading “Latest phishing scam JP Morgan Chase”

This seems an extraordinary attempt at a solution to phishing, from Germany. Customers must click a symbol in an email to validate that the email is genuine. This makes no sense, because if the email is not genuine, then by the time the click is made, it is too late. Finextra: Deutsche Postbank introduces electronic signatures The digital certificate is issued by TC Trust, the German subsidiary of GeoTrust. By clicking on the symbol in the e-mail, customers can see whether the e-signature is valid. If something is incorrect in the signature, a warning message appears on screen Relevance to … Continue reading Deutsche Postbank introduces electronic signatures