Sign up for our Technology Newsletter 
CVS Debuts CVS Pay
August 24, 2016 by admin
Filed under Around The Net
Comments Off on CVS Debuts CVS Pay
CVS has rolled out its CVS Pay program that exists inside its mobile app. It allows customers to pay in store for prescriptions by scanning a barcode at the register.
Payments will be backed by a customer’s credit or debit card, the company said.
CVS Pay is currently available in New York, New Jersey, Pennsylvania and Delaware; a nationwide rollout at all 9,600 stores is expected to kick off later this year.
CVS doesn’t support Apple Pay or other NFC-based payment technologies, and its use of barcodes for payments is reminiscent of the way Starbucks customers pay for coffee. Working with the barcode technology was a faster way for CVS to bring forward technology for more convenient in-store payments, analysts said.
Other retailers have created in-store payments through their own apps. Walmart created Walmart Pay in December to allow payments through mobile device QR codes that can be read at checkout registers.
“There’s nothing really innovative here with CVS Pay,” said Gartner analyst Avivah Litan on Friday. “They are pretty much following the trend. It’s just mobile commerce with a credit card attached. It’s no big deal to put a credit card in a wallet.”
At one point, CVS was working with Walmart and dozens of other major retailers in the Merchant Customer Exchange, which was designed to process mobile payments electronically through bank accounts and not credit cards to cut out the card processing cost that merchants paid to banks. But MCX ended its pilot of its mobile app, CurrentC, in June. Analysts have predicted the concept will not continue.
Source-http://www.thegurureview.net/mobile-category/cvs-debuts-cvs-pay.html
NFC For ATM Transactions Catching On
August 3, 2016 by admin
Filed under Around The Net
Comments Off on NFC For ATM Transactions Catching On
Several of the nation’s biggest banks in the U.S. now support the use of a smartphone to withdraw cash from an ATM — many by way of Near Field Communication (NFC) technology — instead of requiring customers to use a bank card.
One of the early adopters, Bank of America, said this week it currently supports cardless technology at 2,800 of its ATMs. That number will reach 8,000 ATMs by year’s end that rely on NFC and other technology. Bank of America, which has about 15,000 ATMs nationwide, created a video to show how a smartphone loaded with the bank’s mobile app can now withdraw cash from some ATMs.
Wells Fargo said it has a “handful” of ATMs that are NFC-ready and working to deliver cash and other transactions and is planning to reach 5,000 by the end of 2016. A total of 12,000 ATMs will be enabled in 2017.
JPMorgan Chase said it also will have many cardless ATMs available this year, but didn’t specify how many or when. Initially at Chase, customers will show up at an ATM and type in a numerical code they acquired wirelessly through use of the Chase smartphone app to get their cash. That numerical code verification process will be an early step in rolling out cardless technology at the bank’s nearly 15,000 ATMs.
In addition to using NFC or a numerical code to authenticate a transaction, some bank ATMs are expected to rely on scanning a QR code displayed on a phone.
The number of ATMs supporting cardless cash remains a small portion of the estimated 500,000 ATMs in the U.S. Crone Consulting, which monitors the mobile payment industry, recently said it expects about 95,000 ATMs in the U.S. to support cardless cash by year’s end.
Courtesy-http://www.thegurureview.net/mobile-category/nfc-for-atm-transactions-catching-on.html
Amazon Finally Goes Two-Factor
Amazon is making it a little, or a lot, harder for miscreants to make off with user accounts by adding two-factor authentication.
It has taken Amazon some time to fall into line on this. Two-factor authentication has become increasingly popular and common in the past couple of years, and it is perhaps overdue for a firm that deals so heavily in trade.
Amazon is treating it like it’s new, and is offering to hold punters’ hands as they embrace the security provision.
“Amazon Two-Step Verification adds an additional layer of security to your account. Instead of simply entering your password, Two-Step Verification requires you to enter a unique security code in addition to your password during sign in,” the firm said.
The way that the code is served depends on the user, who can choose to get the extra prompt in one of three ways. They may not appeal to those who do not like to over-share, but they will require a personal phone number.
As is frequently the case, Amazon will offer to send supplementary log-in information to a phone via text message or voice call, and even through a special authenticating app.
It’s an option, and you do not have to enable it. Amazon said that users could select trusted sign-on computers that spare them from the mobile phone contact.
“Afterward, that computer or device will only ask for your password when you sign in,” explained the Amazon introduction, helpfully.
There are a number of other outfits that offer the two-factor system and you might be advised to take their trade and do your business through them. Apple, Microsoft, Google, Twitter, Dropbox, Facebook and many others offer the feature.
A website called TwoFactorAuth will let you check your standing and the position of your providers.
Source- http://www.thegurureview.net/technology-2/amazon-finally-goes-two-factor.html
Confusion Continues To Reign With U.S. Chip & PIN
November 11, 2015 by admin
Filed under Around The Net
Comments Off on Confusion Continues To Reign With U.S. Chip & PIN
Several large U.S. retailers are ramping up efforts to use personal identification numbers, or PINs, with new credit cards embedded with computer chips in a bid to prevent counterfeit card fraud.
But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.
A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.
But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.
Broadly, U.S. banks
are unprepared or resisting the change.
The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.
But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.
“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.
Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.
“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”
But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.
EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.
Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.
“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.
Courtesy-http://www.thegurureview.net/aroundnet-category/confusion-continues-to-reign-with-u-s-chip-pin.html
Is Mastercard Going With Selfies?
July 17, 2015 by admin
Filed under Around The Net
Comments Off on Is Mastercard Going With Selfies?
Mastercard has announced plans to roll out a verification technology that requires a selfie to process payments. The industry’s latest move in the shameless act of narcissism is a biometric face scanning technology that will let customers replace their PINs with their face, according to MasterCard chief product security officer, Ajay Bhalla. Bhalla told CNN Money that the multinational financial services corporation has teamed up with all the major phone manufacturers to deliver the technology. “The new generation, which is into selfies, I think they’ll find it cool. They’ll embrace it. This [app] seamlessly integrates biometrics into the overall payment experience,” he said. “You can choose to use your fingerprint or your face. You tap it, the transaction is OK’ed and you’re done.” The selfie payment feature will roll out on a trial basis first in the US, with a full scale deployment to follow at an unspecified date. The system requires users to blink when prompted once they have held their device at eye-level for the checkout process to complete. This ensures that potential cyber crooks cannot use a still image of the user to hack into their personal account. MasterCard announced last month that all retail outlets across Europe will accept contactless payments by 2020, paving the way for wider adoption of mobile payment solutions. Mike Cowan, head of emerging payments products at MasterCard, revealed at the company’s Future of Payments event in London that Europeans will soon be able to tap to pay anywhere. “From the beginning of 2016 any new payment terminal that gets deployed must accept contactless, and every single terminal must accept it by 2020,” he said. This means that new point of sale terminals must adhere to the new standard on deployment from 1 January 2016, while existing terminals that don’t yet support contactless payments must be replaced by 1 January 2020 at the latest. Source
Cisco Warns Of Bug In Virtual App
Cisco has warned of a default Secure Shell vulnerability in three of its virtual applications.
The flaw could allow attackers to decrypt traffic exchanged in the services, and has been detailed in a Cisco security advisory.
It affects Cisco’s Web Security Virtual Appliance (SMAv), Email Security Virtual Appliance and Security Management Virtual Appliance, which are already commercially available.
Cisco said that it “is not aware of any public announcements or malicious use of the vulnerabilities”, but warned that attackers who got hold of the private keys could decrypt communications with a man-in-the-middle attack.
The default private encryption keys were preinstalled on all three of the products, a move which is considered bad security practice.
“Successfully exploiting this vulnerability on Cisco SMAv allows an attacker to decrypt communication toward SMAv, impersonate SMAv, and send altered data to a configured content appliance,” the advisory said.
“An attacker can exploit this vulnerability on a communication link toward any content security appliance that was ever managed by any SMAv.”
Cisco has released a patch which deletes the preinstalled SSH keys and explains how customers can correct the problem.
The Cisco-sa-20150625-ironport SSH Keys Vulnerability Fix comes as part of several product upgrades, and must be manually installed from a command line interface.
Cisco’s advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after 25 June.
Cisco revealed details of a new point of sale attack earlier this year that could part firms from money and customers from personal data.
The threat, called PoSeidon by the Cisco team, came at a time when eyes were on security breaches at firms like Target.
Cisco said in a blog post that PoSeidon is a threat that has the ability to breach machines and scrape them for credit card information.
Yet Another Retailer System Hacked
Women’s clothing retailer Bebe Stores has become the latest in a growing list of national retailers to be hit by an attack on its credit card payment system.
The company said Friday that the cardholder name, account number, expiration date, and verification code could have been stolen by hackers who apparently had access to the company’s payment processing system between Nov. 8 and 26.
The incident came to light in late November when Bebe said it noticed suspicious activity on computers that operate the payment processing system. Stores affected were the roughly 200 it operates in the U.S., Puerto Rico and the U.S. Virgin Islands.
“If you used a payment card at a U.S., Puerto Rico or U.S. Virgin Islands store during this time frame, you should review your account statements for any unauthorized activity,” it said in a message to customers.
The last couple of years have been bad ones for the safety of credit card data at major U.S. retailers. Millions of credit and debit card numbers have been compromised in breaches at retailers, including Target, Home Depot, PF Chang’s restaurants, Super Valu grocery stores, Neiman Marcus, UPS Store and others.
In many cases, the attacks were targeted at payment processing terminals and used sophisticated malware that stole card details as consumers swiped their cards. Many of the thefts were only discovered after the card numbers appeared for sale on Internet hacking forums.
Such was the case with Bebe Stores. First news of the hack came earlier this week through the closely followed Krebs on Security blog.
Self-Healing Software On The Way
Researchers at the University of Utah have developed self-healing software that detects, expunges and protects against malware in virtual machines.
Called Advanced Adaptive Applications (A3), the software suite was created in collaboration with US defence contractor Raytheon BBN over a period of four years.
It was funded by DARPA through its Clean-Slate Design of Resilient, Adaptive, Secure Hosts programme, and was completed in September, Science Daily reported on Thursday.
A3 features “stackable debuggers”, a number of debugging applications that cooperate to monitor virtual machines for indications of unusual behaviour.
Instead of checking computer object code against a catalogue of known viruses and other malware, the A3 software suite can detect the operation of malicious code heuristically, based on the types of function it attempts.
Once the A3 software detects malicious code, it can apparently suspend the offending process or thread – stopping it in its tracks – repair the damage and remove it from the virtual machine environment, and learn to recognise that piece of malware to prevent it entering the system again.
The self-healing software was developed for military applications to support cyber security for mission-critical systems, but it could also be useful in commercial web hosting and cloud computing operations.
If malware gets into such systems, A3 software could detect and repair the attack within minutes.
The university and Raytheon demonstrated the A3 software suite to DARPA in September by testing it against the notorious Shellshock exploit known as the Bash Bug.
A3 detected and repaired the Shellshock attack on a web server within four minutes. The project team also tested A3 successfully on another six examples of malware.
Eric Eide, the research associate professor of computer science who led the A3 project team along with computer science associate professor John Regehr, said: “It’s pretty cool when you can pick the Bug of the Week and it works.”
The A3 self-healing software suite is open source, so it’s free for anyone to use, and the university researchers would like to extend its applicability to cloud computing environments and, perhaps eventually, end-user computing.
Professor Eide said: “A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet.”
MasterCard Testing New Fingerprint Reader
October 29, 2014 by admin
Filed under Consumer Electronics
Comments Off on MasterCard Testing New Fingerprint Reader
MasterCard is trying out a contactless payment card with a built-in fingerprint reader that can authorize high-value payments without requiring the user to enter a PIN.
The credit-card company showed a prototype of the card in London on Friday along with Zwipe, the Norwegian company that developed the fingerprint recognition technology.
The contactless payment card has an integrated fingerprint sensor and a secure data store for the cardholder’s biometric data, which is held only on the card and not in an external database, the companies said.
The card also has an EMV chip, used in European payment cards instead of a magnetic stripe to increase payment security, and a MasterCard application to allow contactless payments.
The prototype shown Friday is thicker than regular payment cards to accommodate a battery. Zwipe said it plans to eliminate the battery by harvesting energy from contactless payment terminals and is working on a new model for release in 2015 that will be as thin as standard cards.
Thanks to its fingerprint authentication, the Zwipe card has no limit on contactless payments, said a company spokesman. Other contactless cards can only be used for payments of around €20 or €25, and some must be placed in a reader and a PIN entered once the transaction reaches a certain threshold.
Norwegian bank Sparebanken DIN has already tested the Zwipe card, and plans to offer biometric authentication and contactless communication for all its cards, the bank has said.
MasterCard wants cardholders to be able to identify themselves without having to use passwords or PINs. Biometric authentication can help with that, but achieving simplicity of use in a secure way is a challenge, it said.
Hackers Infiltrate Jimmy Johns
October 7, 2014 by admin
Filed under Around The Net
Comments Off on Hackers Infiltrate Jimmy Johns
Sandwich restaurant chain Jimmy John’s said there was a potential data breach involving customers’ credit and debit card information at 216 of its stores and franchised locations on July 30.
An intruder stole log-in credentials from the company’s vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16 and Sept. 5, the company said.
The chain is the latest victim in a series of security breaches among retailers such as Target Corp, Michaels Stores Inc and Neiman Marcus.
Home Depot Inc said last week some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than the breach at Target Corp.
More than 12 of the affected Jimmy John’s stores are in Chicago area, according to a list disclosed by the company.
The breach has been contained and customers can use their cards at its stores, the privately held company said.
Jimmy John’s said it has hired forensic experts to assist with its investigation.
“Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online,” Jimmy John’s said.
The Champaign, Illinois-based company said stolen information may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date.