The Anti-Phishing Working Group and Tumbleweed Communications have issued a new threat advisory alert regarding a dangerous new form of phishing attack.   » Continue Reading

A executive email from Bill Gates reports on Microsoft's efforts to improve Windows security.

Keith Reed writes in the Boston Globe about how Boston remains a cash-only taxi fare city.   » Continue Reading

Tony Kontzer profiles MasterCard's Jerry McElhatton in Information Week.

Ruth Simon reports in the Wall St. Journal on an industry trend towards more aggressive credit card fee increases (subscription required) by US card issuers.

Michael Luo reports in the New York Times on a significant fare increase coming for taxi-riding New Yorkers -- along with a plan for all New York City cabs to accept credit and debit cards by November 2005.

Jon Udell examines some issues associated with forging emails with digital signatures. The use of digital signatures on emails from trusted parties has been proposed as an anti-phishing countermeasure.

Ivan Schneider reports in Bank Systems & Technology that Visa USA expects debit card transactions are going to represent 15 percent of all consumer payments in the US by 2007.

Kevin Laws shares his perspective on what's happened to mCommerce in the US.

The US carriers have tried to control mobile services and mobile commerce, and all they have succeeded in doing is killing it. The barriers to providing applications are so high that the content is just uninteresting and expensive.

This morning's Wall St. Journal Heard on the Street column (subscription required) reports on the large piles of cash held by major European banks and speculates that many of them will use the cash to make acquisitions.

Although share buybacks and dividend increases are a possibility, many predict a rush of deal-making over the coming year, as banks seek ways to boost earnings and help them compete against larger rivals. This could involve anything from small "bolt-on" acquisitions to bigger and riskier ones, with some banks even contemplating large, cross-border European deals.

MasterCard has filed its annual proxy statement with the SEC. Included in the statement is information about the directors of MasterCard as well as 2003 compensation details for the top five most highly compensated MasterCard executives.

Jennifer Bayot reports in the New York Times on American Express' plans to issue cards in China.

Unlike previous credit cards issued in China by foreign banks, the American Express and Citibank cards allow payment not only in dollars but also in Chinese currency. That makes the cards viable for ordinary consumers.

More on the story in this press release from American Express.

A new edition of Payments and Settlements News has been posted by the ePayments Systems Observatory at the European Central Bank.

Read Jeremy Wagstaff's post on the perils of autoresponse when you're away from your email -- and you might think twice about whether you want to continue to use it.

Jeremy Wagstaff blogs about Daniel McNamara's Code Fish site and his analysis of a new phishing trojan.

Phishing emails don't need to be sophisticated to lure the unwary. Indeed, there's some evidence those behind the more convincing looking emails masquerading as bank emails are also behind a spate of key-logging trojans, which use basic methods to fool the recipient into making them active.

Kelly Mills reports in The Australian on phishing attacks in Australia.

Ellen Messmer reports in TechNewsWorld on Microsoft's focus on two-factor authentication.

Lisa Haarlander reports in the Buffalo News on a recent theft of credit card receipts from a local retailer.

Forbes carries a Reuters story about the record $38 billion in remittances sent home to families last year by Latin American and Caribbean families working abroad.

The average cost of sending 200 dollars from the United States to Latin America was 7.9 percent, the IADB study showed. Ecuador was the cheapest at 5.4 percent and Cuba the most expensive, at 12.1 percent. Even though the cost is half of what it was five years ago, officials say it must be cut more.

Mark Skertic reports in the Chicago Tribune on recent phishing attacks against Bank One customers.

Tina Tran reports on AzFamily.com on student credit card indebtedness.

Researchers at Stanford University have developed SpoofGuard, a browser-based toolbar to prevent successful phishing attacks.

SpoofGuard is a browser plug in that is compatible with Microsoft Internet Explore. SpoofGuard places a traffic light in your browser toolbar that turns from green to yellow to red as you navigate to a spoof site. If you try to enter sensitive information into a form from a spoof site, SpoofGuard will save your data and warn you. SpoofGuard warnings occur when alarm indicators reach a level that depends on parameters that are set by the user.

A white paper describing SpoofGuard is available for download.

Another Stanford effort is targeted at user tendencies to use a common password across multiple sites. Web Password Hashing provides a client side solution to hashing the user's password with the domain name of the web site to create a unique password specific to that site. A PowerPoint presentation on this technique is available for download.

Quicken.com carries a Dow Jones news story on the rapid growth expected this year in spending on prepaid healthcare cards.

Stephanie AuWerter writes in SmartMoney about credit card debt and current card issuer practices with respect to fees, adjusting interest rates, etc.

Does it seem as if you can trigger those penalties just by breathing these days? You aren't far off: Over the past few years, credit-card companies have become increasingly dependent on the fees they charge users. In 2001, fee income represented 28% of credit-card companies' total income, according to CardWeb.com. Over the past five years, this figure has increased by 172%.

The US National Cyber Alert System (US-CERT) is making its alerts available both by email and RSS subscriptions.

Lisa Valentine reports in CIO Today on the phishing problem.

McDonald's has announced an alliance with MasterCard and another alliance with Visa USA to bring cashless payment options to McDonald's restaurants in the US.

The US Department of the Treasury's Office of Thrift Supervision recently sent out a letter to CEO's (PDF) of supervised institutions highlighting the risks of phishing attacks and e-mail scams.

A rapidly growing form of Internet fraud is a practice known as “phishing.” This fraud can lead to financial loss, identity theft, and loss of customer confidence in your institution. The purpose of this memorandum is to familiarize you with the characteristics of phishing, and to encourage you to implement safeguards that will reduce the likelihood of your institution’s customers becoming victims of this fraud.

Jennifer Bayot reports in the New York Times on abuses by credit counseling agencies. The Senate Permanent Committee on Investigations yesterday released a report (PDF) on the subject.   » Continue Reading

The BBC reports on a surge in phishing attacks in the UK.

Jane Larson writes in the Arizona Republic about PayPal and former PayPal executive Jack Selby.   » Continue Reading

James Maguire writes in Internet.com about micropayments.

The latest edition of Glenbrook's Flash newsletter is now available.

Advice for consumers from Janet Rubenking of ABC News on how to avoid losses from identity theft.

The Financial Times reports that, as part of a refocusing effort, Schlumberger is planning to spin out its smart card subsidiary Axalto.

Jennifer Kingson reports in Wednesday's American Banker on eBay CEO Meg Whitman's Monday keynoteand an interview following at this week's NACHA Payments 2004 conference in Seattle.

Saul Hansell reports in the New York Times on the phishing problem.

Phishing attacks are growing rapidly, impersonating Internet service providers, online merchants and banks. Government officials and private investigators say all signs point to gangs of organized criminals — most likely in Eastern Europe — as being behind many of the latest efforts.

Last week the General Accounting Office issued a report on cybersecurity technologies (PDF) appropriate for use in securing federal information systems.

The US Senate Special Committee on Aging held a hearing earlier today on the subject of Internet fraud affecting seniors. Several government and industry experts testified to the panel and transcripts of their testimony are available online along with an audio recording of the hearing.

InterCept has announced the sale of its InterCept Payment Solutions business for a total of $53.5 million. IPS was sold to two buyers -- iBill being purchased separately with the remainder of IPS acquired by Pay by Touch for $30.5 million.

Glenn Fleishman has an excellent article in the new issue of TidBITS on the "sender permitted from" anti-spam technique currently being developed.

Seth Lubove reports in Forbes on InterCept's sale of iBill. A company press release on the sale is available online.

An interesting story from the Korea Times about the use of digital certificates in Korea. It turns out they're about to start charging users fees for these certificates.

Reuters is reporting that the US Government has arrested a Texas man and charged him with using false emails to "phish" for personal information. More details on the case against accused phisher Zachary Keith Hill are available on the FTC's web site.

In addition, the Criminal Division of the US Department of Justice has just published a Special Report on Phishing (pdf).

nPost.com has posted an interview with Kurt Huang, CEO of micropayment provider BitPass.

NACHA has announced that its board has approved in concept charging a new fee that would be automatically assessed to originating depository financial institutions (ODFI) for every ACH payment that is returned for unauthorized reasons, and for every WEB and TEL payment returned for administrative reasons.

Cyota announced this morning that it has begun seen more sophisticated phishing attacks being launched against financial institutions. These new attacks use multiple spoofed web sites -- making it more difficult for financial institutions to get the rogue sites shut down.

NACHA this morning announced its volumes of ACH transactions processed during 2003. A total of over 10 billion ACH payments were processed during 2003 -- growing 12 percent over the prior year -- including over 1.3 billion e-check transactions.

Checkfree and NetDeposit have announced a teaming arrangement to provide corporate billers and remittance processors with a comprehensive, electronic check processing solution for accounts receivable conversion (ARC) and truncation of all lockbox checks.

Jonathan Krim reports in the Washington Post on AOL's new approach to dealing with spammers by making their web sites inaccessible to AOL members logged onto the AOL network.

AOL members attempting to visit a blocked Web page receive an error message that says a connection to the page could not be made, but are not told that it is a spammer's site that has been placed off limits. No other notification of the policy is provided.

Dan Thanh Dang reports in the Baltimore Sun about a possible security breach involving credit card information at BJ's Wholesale Club. Earlier, BJ's had posted an announcement about the issue on its web site.

Susan Stelling writes in the New York Times Travel section about what to do if you lose your wallet while traveling.

Katie Hafner reports in the New York Times on how some eBay members are taking things into their own hands in an effort to fight fraud. The article reports that eBay has a staff of 800 people fighting fraud on its sites around the world.

In a sidebar article, Hafner provides some tips on how to avoid auction scams. Because much of the fraud is perpetrated on eBay using Western Union as the payment mechanism, bidders are cautioned about listings requiring payment by Western Union.

The Anti-Phishing Working Group reports that email fraud and phishing attacks grew by more than 60% in February as compared to January, with an average of 9.7 new, unique attacks sent out to millions of consumers each day. The APWG's latest monthly report is available for download."

Shaheen Pasha of Dow Jones Newswires reports on a recent phishing attack against customers of Wells Fargo Bank.

This is the second phishing expedition to have hit Wells Fargo in a week. A warning on the company's Web site informed customers that a fraudulent e-mail was sent last week asking customers to verify their ownership of an account by clicking on a provided link and provide personal information.

Seth Lubove reports in Forbes on the activities of Stephane Touboul and his company ChargeMeLater.

The company...

"allows consumers to buy online and pay for it simply by entering the sum of the last four digits of their social security number. Touboul uses a proprietary algorithm that corroborates the identity of users based on a search of multiple databases and their phone numbers, validates their ages and addresses, makes sure they're good for the money, and then sends a bill to the user's house."

Expatica reports on a large scale credit card fraud ring recently uncovered in Belgium.   » Continue Reading

Finextra is reporting that Alexander Lubak, 41, chief marketing officer of Deutsche Bank, has been named president of MasterCard Europe.

CSO Magazine reports uses the personal experience of the director of corporate security programs at Cisco to outline what companies should be doing to help protect their employees from identity theft -- including "phighting phishing".

Nokia, Philips and Sony announced today at CeBIT that they are jointly establishing the Near Field Communication (NFC) Forum to enable the use of touch-based interactions in consumer electronics, mobile devices, PCs, smart objects and for payment purposes. An NFC white paper is available for downloading (PDF) from ECMA.   » Continue Reading

JupiterResearch is forecasting that spending on e-mail marketing in the US will triple over the next five years.

Munir Kotadia reports in ZDNet UK on a security problem in Plaxo's web site that could have left its members' contact lists vulnerable to a phishing attack. Jeremy Wagstaff comments.

What's perhaps more troubling are the comments of security test engineer Jeremy Wood of Lodoga who discovered the Plaxo vulnerability:

"Plaxo is not alone. We have been running workshops this month and every client we deal with has the same problem. Developers haven't really realised how robust they have to be in terms of security coding. This is probably the number one problem, and companies really are jeopardising their trade name and potentially their customers' data," added Wood.

Visa International and SAP have announced plans to integrate data from Visa's commercial payment products into SAP's ERP systems.   » Continue Reading

Jennifer Kingson writes in tomorrow's American Banker on efforts by Internet retailers to encourage consumers to use alternatives to credit and debit cards.

ABC News has a feature by Ari Weinberg on consumers' preference for card payments over cash.

Kristyn Maslog-Levis reports on comments from Westpac that customers have become more aware of phishing attacks through increased awareness efforts by the bank.

The Irish Payments Services Organization has urged card holders to use care when using ATM machines following discovery of new attacks on ATM's by fraudsters.   » Continue Reading

The Smart Card Alliance reports on news from its recent government conference.

AOL has announced a new identity theft alerting service offered in conjunction with its new online bill payment service. The service allows consumers to program various triggers for bank and credit card accounts that generate email alerts to the consumer.

Mark Hume reports in the Globe and Mail on a recently discovered security breach at Equifax Canada that revealed personal information on some 1,400 individuals.

Lucas Mearian reports in Computerworld on Visa USA's Resolve Online system for improving the handling of cardholder disputes.

Fergus Shiel reports in The Age on plans to clamp down on bank card skimming fraud in Australia.

A. Raghunathan reports on a slow down in direct mail solicitations by credit card issuers.

MediaPost's Kate Kaye provides an overview of phishing based upon McAfee's recent white paper on the subject.

Carrie Kirby reports in the San Francisco Chronicle on the warning PayPal provided its customers late last week to be on the lookout for possible "spear phishing" attacks.   » Continue Reading

MBNA yesterday filed its proxy statement and annual 10-K report with the SEC. The company was the subject of a recent article in the New York Times regarding its compensation practices under former CEO Charles Cawley. According to the proxy statement, Cawley remains a special advisor to MBNA.

Mike Musgrove reports in the Washington Post on PayPal's warning to its customers to safeguard personal information.

Bruce Schneier, a computer security expert, characterized the scam as "really bad news." "The more data an attacker gets, the more effective they'll be," he said. "This attack bypasses security and attacks the user directly. It's like me convincing you to give me your ATM card and your PIN."

McAfee Research has announced the availability of an anti-phishing best practices white paper.

Sam Varghese reports in Melbourne's The Age on the expected evolution of phishing attacks.

PayPal yesterday alerted customers in a press release that third parties may have obtained limited transaction information of selected customers through the PayPal site after obtaining the passwords of several PayPal merchants.   » Continue Reading

MSNBC is reporting tonight that BJ's Wholesale Club revealed Friday that it is investigating a possible computer system break-in that may have exposed its customers' credit card account information.

PNC Financial Services Group CIO Timothy Shack discusses PNC's IT infrastructure in an article in Optimize magazine.

Yesterday, the Federal Trade Commission issued a new consumer alert regarding phishing attacks.

Lucy Lazarony reports on Bankrate.com about card issuer practices with respect to credit card late fees, overlimit fees, and interest rate increases based upon a card issuer noticing a cardholder's late payments to other creditors.

The American Banker this morning reports on legislation introduced by Senator Bill Nelson of Florida intending to better protect personal information sent overseas as part of offshore outsourcing activities.   » Continue Reading

Pete Barlas reports on phishing for Investor's Business Daily.

AMR Research analyst David Weisman comments on why smart cards haven't been successful in the US market.

Heidi Brown writes in Forbes about the Bank One/Starbucks Duetto Visa card.

Visa USA has announced "Pick Up Your Pen", its third annual sweepstakes designed to help increase consumer's use of Visa Check Cards.

Andy McCue reports in Silicon.com about early results from a DTI study on security breaches affecting businesses in the UK.

Overstock.com has announced Club O, a new discount club for Overstock shoppers. Membership costs $29.95 a year and members receive an additional 5% savings on all Overstock.com purchases (excluding travel deals), $1 shipping for every order, priority customer service treatment, and a $10 credit for every person a member refers who joins Club O.

Slashdot has picked up the discussion on Netcraft's earlier article about a rogue phishing web site using an SSL certificate to fool users into thinking it was secure.

Meanwhile, more phishing attacks are being reported in Australia.

Kristen Zambo reports in a local story from Naples, Florida about card fraud and identity theft.

Charter One announced this morning that it plans to open 67 in-store banking centers inside Wal-Mart's across Ohio, Illinois, Indiana, Michigan, Pennsylvania, and New York.

Joel Baglole reports in this morning's Wall St. Journal on Citibank's recently announced entry into credit card issuing in China (subscription required).   » Continue Reading

MoneyGram has announced the launch of an Internet-based money transfer service including a new partnership with Yahoo! PayDirect for international money transfers and online access to MoneyGram's ExpressPayment urgent bill payment service.   » Continue Reading

A new study by IHL Consulting Group concludes that 70 percent of total shipments of retail point-of-sale systems in North America last year run on Microsoft-provided operating systems. The report also said that the overall market value for pont-of -sale hardware, software, peripherals and maintenance for North America increased 6 percent in 2003 to $7.1 billion.

Citibank has introduced a new secured Citi MasterCard for consumers lacking credit histories that would support issuance of a standard credit card.   » Continue Reading

The Star Online reports on credit card fraud in Malaysia including the planned use of encryption to better protect transmissions of credit card information.

Ari Weinberg reports in Forbes on the growth in electronic payments and the battle between card issuing banks and merchants over acceptance costs.

The Wall St. Journal is reporting (subscription reqd) that eBay has selected Pitney Bowes to provide technology for eBay's new Internet-postage venture with the US Postal Service. More details on the arrangement are available in a press release issued by Pitney Bowes this morning. The new solution enables customers to select a shipping option, print the shipping label and pay for the postage via their PayPal account.

New York State Attorney General Eliot Spitzer has announced an agreement that will require PayPal to better disclose the rights of account holders when an affiliated merchant fails to deliver merchandise.   » Continue Reading

Netcraft is reporting on a recent phishing attack that included the use of a server SSL certificate by the attacker.

The FTC has been recommending to consumers that they always check for the presence of the SSL "lock" in their browsers as one way to protect against phishing attacks. This particular phishing attack demonstrates that even fraudsters know how to secure their websites with SSL server certificates!

Reuters is reporting that federal and state investigators are looking into whether PayPal may have violated consumer protection laws in its efforts to fight online fraud.   » Continue Reading

APACS has announced the latest statistics on payment card fraud in the UK (PDF) showing the first decline in fraud in eight years. Interestingly, the decline in fraud was attributed solely to lower levels of fraud on UK cards used abroad. ID Fraud attributed to both fraudulent card applications and account takeover activity increased 45% over 2003 although it still represents only slightly more than 7 percent of total fraud losses.

A report from Helsinki on a new SMS-based mobile payments system. The system involves banks participating as funding/loading partners rather than posting the payments made to the user's mobile phone bill. [Tnx: Simon Lelieveldt]

Jennifer Kingson reports in this morning's American Banker on a controversial proposal that NACHA is considering that would compensate receiving banks in the ACH system for their costs anytime an ACH transaction is returned to the sending bank.

As the use of the ACH for telephone and Internet-based payments has grown, a disproportionate share of returned items are falling into those two categories. The fee question is scheduled for further discussion at NACHA's upcoming Payments 2004 conference in Seattle later this month.

Ari Weinberg reports in Forbes on the growth in debit card volume in the US vs. credit card.   » Continue Reading

David Uren reports from Australia on Visa International's offer to reduce debit card interchange fees.   » Continue Reading

Lowell Bergman and Patrick McGeehan report in tomorrow's New York Times about the departure late last year of long-time MBNA Chairman and CEO Charlie Cawley.

Mark Baard reports in Wired News on the Chameleon Card from Chameleon Networks. More discussion of Chameleon is happening on Slashdot.

The Payment Cards Center of the Federal Reserve Bank of Philadelphia has two new papers available online. The first is a bibliography of consumer payments -- to be updated quarterly. The second is a paper titled Prepaid Card Markets & Regulation by Mark Furletti. Both papers are in PDF format.

Judy Sarles reports in the Nashville Business Journal on retailer use of electronic gift cards.

Anuradha Raghunathan reports on changes in card issuer strategies.

In an industry that tends to move in concert, companies have begun to realize that blanketing consumers with mass mailings may no longer be the key to building market share.

MasterCard filed its 10-K for 2003 with the SEC today. It reported an operating loss of just over US$600 MM on revenues of US$2.3 B, a 17.9% growth in revenue over 2002.

Edward Baig reports in USA Today on e-hoaxes.

P.T. Barnum would have had a field day in cyberspace. How else to explain the circus surrounding e-mail scams?

Just came across this page on the American Express web site announcing that Amex's Private Payments offering is being eliminated April 15, 2004.

Daniel Wolfe reports in the American Banker on phishing attacks and the approach being taken by PassMark Security to help institutions stop phishing and spoofing attacks on their customers.

Computerworld reports on yesterday's announcement by Target that it is dropping its use of smart cards on its Target Visa cards.

Visa USA has announced that its Interlink PIN debit network saw a 43 percent rise in dollar volume and a 39 percent increase in the number of POS transactions for the month of January 2004 compared to January 2003.   » Continue Reading

Jason Miller reports in Government Computer News about a new edition of the General Services Administration's Government Smart Card Handbook.   » Continue Reading

Elise Ackerman reports in the San Jose Mercury News on Vivotech and its contactless payment solution.

Raslan Sharif reports from Kuala Lumpur on the Malaysia Microchip project and its multiband RFID chip technology.   » Continue Reading

Andrew Colley reports from Australia on a recent phishing attack targeting customers of Westpac.

MasterCard has announced its 2003 results, reporting sales volume reaching US$1.27 trillion for the year.   » Continue Reading

Visa International has announced the appointment of Christopher J. Rodrigues as President and Chief Executive Officer effective June 1. Rodrigues is currently the Group Chief Executive of Bradford & Bingley, a UK-based financial services organization.   » Continue Reading

Catuity has announced that it has received notice from Target Corporation that Target is phasing out its use of smart card technology over the next twelve months.   » Continue Reading

News.com.au is reporting that Germany's Metro Group has cancelled plans for an RFID-based card for customers -- moving back to bar code technology because of consumer privacy concerns. More on this story in this InfoWorld report

InfoSpace announced this morning the sale of its Authorize.net payment gateway business unit to Lightbridge.   » Continue Reading