Payments will be backed by a customer’s credit or debit card, the company said.

CVS Pay is currently available in New York, New Jersey, Pennsylvania and Delaware; a nationwide rollout at all 9,600 stores is expected to kick off later this year.

CVS doesn’t support Apple Pay or other NFC-based payment technologies, and its use of barcodes for payments is reminiscent of the way Starbucks customers pay for coffee. Working with the barcode technology was a faster way for CVS to bring forward technology for more convenient in-store payments, analysts said.

Other retailers have created in-store payments through their own apps. Walmart created Walmart Pay in December to allow payments through mobile device QR codes that can be read at checkout registers.

“There’s nothing really innovative here with CVS Pay,” said Gartner analyst Avivah Litan on Friday. “They are pretty much following the trend. It’s just mobile commerce with a credit card attached. It’s no big deal to put a credit card in a wallet.”

At one point, CVS was working with Walmart and dozens of other major retailers in the Merchant Customer Exchange, which was designed to process mobile payments electronically through bank accounts and not credit cards to cut out the card processing cost that merchants paid to banks. But MCX ended its pilot of its mobile app, CurrentC, in June. Analysts have predicted the concept will not continue.

Source-http://www.thegurureview.net/mobile-category/cvs-debuts-cvs-pay.html

The hacking of the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings.

Omni — in Dallas, Texas — said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. “The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” Omni said. There isn’t evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.

The chain did not disclose how many of its 60 properties were affected and the likely number of cardholders that could have been affected. As there is no indication that reservation or select guest membership systems were affected, users were unlikely to be affected unless they physically presented their payment card at a POS system at one of the affected locations. The malware may have been in operation between Dec. 23 last year and June 14 this year, although most of the systems were affected during a shorter timeframe, according to the hotel.

The hotel chain, which operates hotels and resorts in the U.S., Canada and Mexico, could not be immediately reached for comment over the weekend for further details.

Omni said after discovering the malware attack, it had immediately hired IT investigation and security firms and has now contained the intrusion. It did not specify why it had delayed to inform customers.

Courtesy-http://www.thegurureview.net/aroundnet-category/omni-hotels-reports-hacking.html

The service is available in six countries and among a limited range of banks, though in recent weeks Apple has added four banks to its sole Singapore partner American Express; Australia and New Zealand Banking Group in Australia; and Canada’s five big banks.

Apple Pay usage totaled $10.9 billion last year, the vast majority of that in the United States. That is less than the annual volume of transactions in Kenya, a mobile payments pioneer, according to research firm Timetric.

And its global turnover is a drop in the bucket in China, where Internet giants Alibaba and Tencent dominate the world’s biggest mobile payments market – with an estimated $1 trillion worth of mobile transactions last year, according to iResearch data.

Anecdotal evidence from Britain, China and Australia suggests Apple Pay is popular with core Apple followers, but the quality of service, and interest in it, varies significantly.

To use Apple Pay, consumers tap their iPhone over payment terminals to buy coffee, train tickets and other services. It can be also used at vending machines that accept contactless payments.

Apple Pay transactions were a fraction of the $84.5 billion in iPhone sales for the six months to March, which accounted for two-thirds of Apple’s total revenue.

Apple has leveraged its huge U.S. user base to push Pay, but has met resistance in Australia, Britain and Canada where banks are building their own products.

“Payments in general is such a complicated system with so many incumbent providers that revolutionary change like this was not going to happen very quickly,” said Joshua Gilbert, an analyst at First Annapolis Consulting.

The upshot: Apple has rolled out Pay in a dribble, adding countries and partners where it can – Hong Kong is expected to be added next – resulting in an uneven banking landscape with users and retail staff not always sure what will work and how.

Source- http://www.thegurureview.net/mobile-category/apple-pay-struggling-to-gain-traction-outside-u-s.html

This is the second bout of attacks from the group of technology tearaways, according to Motherboard, which reports on the Clapper problem and its connection to a group known as Crackas With Attitude.

A member of the group, a young chap called Cracka, told Motherboard that access to a range of Clapper accounts had been seized, and that Clapper and the CIA haven’t a clue what’s going on.

“I’m pretty sure they don’t even know they’ve been hacked. You asked why I did it. I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine,” he said.

The claims were supported by the Office of the Director of National Intelligence, which confirmed that something has happened and that the authorities are looking into it.

“We’re aware of the matter and we reported it to the appropriate authorities,” said spokesman Brian Hale, before going mute.

Cracka, representing himself on Twitter as @dickreject, is less quiet. He has tweeted a number of confirmatory and celebratory messages that are not particularly flattering about the CIA and its abilities.

This is the group’s second bite at the CIA cherry. The teenagers walked into the personal email account of CIA director John Brennan last year and had a good look around. Some of the impact of this was washed away when it was discovered that Brennan used an AOL account for his communications.

“A hacker, who describes himself as an American high school student, has breached the CIA boss’s AOL email account and found a host of sensitive government files that one assumes a government official shouldn’t be sending to his personal email address,” said security comment kingpin Graham Cluley at the time.

“I’m not sure what’s more embarrassing. Being hacked or having an AOL email account.”

Courtesy-TheInq

It has taken Amazon some time to fall into line on this. Two-factor authentication has become increasingly popular and common in the past couple of years, and it is perhaps overdue for a firm that deals so heavily in trade.

Amazon is treating it like it’s new, and is offering to hold punters’ hands as they embrace the security provision.

“Amazon Two-Step Verification adds an additional layer of security to your account. Instead of simply entering your password, Two-Step Verification requires you to enter a unique security code in addition to your password during sign in,” the firm said.

The way that the code is served depends on the user, who can choose to get the extra prompt in one of three ways. They may not appeal to those who do not like to over-share, but they will require a personal phone number.

As is frequently the case, Amazon will offer to send supplementary log-in information to a phone via text message or voice call, and even through a special authenticating app.

It’s an option, and you do not have to enable it. Amazon said that users could select trusted sign-on computers that spare them from the mobile phone contact.

“Afterward, that computer or device will only ask for your password when you sign in,” explained the Amazon introduction, helpfully.

There are a number of other outfits that offer the two-factor system and you might be advised to take their trade and do your business through them. Apple, Microsoft, Google, Twitter, Dropbox, Facebook and many others offer the feature.

A website called TwoFactorAuth will let you check your standing and the position of your providers.

Source- http://www.thegurureview.net/technology-2/amazon-finally-goes-two-factor.html

But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.

A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.

But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.

Broadly, U.S. banks are unprepared or resisting the change.

The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.

But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.

“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.

Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.

“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”

But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.

EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.

Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.

“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.

Courtesy-http://www.thegurureview.net/aroundnet-category/confusion-continues-to-reign-with-u-s-chip-pin.html

We say reportedly as we have not been able to contact Hilton ourselves and can rely only on reports. They are pretty solid reports, however, and they concern a problem at the company that happened between 21 April and 27 July.

Brian Krebs, of KrebsOnSecurity, started this off with a report about a payment card breach. Krebs said that he had heard about the breach from various sources, and that Visa – the card provider – has mailed potentially affected parties with a warning, and the news that it is the fault of a bricks and mortar company.

Visa did not name the company, but affected parties, or banks to be more precise, have uttered it to Krebs. Its name is Hilton.

“Sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: they were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts,” he wrote.

“It remains unclear how many Hilton properties may be affected by this apparent breach. Several sources in the financial industry told KrebsOnSecurity that the incident may date back to November 2014, and may still be ongoing.”

Krebs has a statement from the Hilton organisation in which the firm defended its security practices, and revealed that it is aware of the potential problem and is looking into it. This is a common theme among the breached, and should soon become part of mission statements.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” said the company in the statement to Krebs.

“We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”

We have asked Visa and Hilton for their comments.

Source-http://www.thegurureview.net/computing-category/was-the-hilton-hotel-chain-hacked-in-april.html

According to a website set up by the company to share information about the incident, Web.com discovered the security breach on Aug. 13 as part of its ongoing security monitoring.

Attackers compromised credit card information for around 93,000 accounts, as well as the names and addresses associated with them. No other customer information like social security numbers was affected, the company said.

According to the company, the verification codes for the exposed credit cards were not leaked. However, there are websites on the Internet that don’t require such codes for purchases.

Web.com has notified affected customers via email and will also follow up with letters sent through the U.S. Postal Service. Those users can sign up for a one-year free credit monitoring service.

The company did not specify how the intruders gained access to its systems, but has hired a “nationally recognized” IT security firm to conduct an investigation.

Web.com provides a variety of online services, including website and Facebook page design, e-commerce and marketing solutions, domain registration and Web hosting. The company claims to have over 3.3 million customers and owns two other well known Web services companies: Register.com and Network Solutions.

Register.com and Network Solutions customers were not impacted by this breach unless they also purchased services directly from Web.com.

Source-http://www.thegurureview.net/aroundnet-category/web-com-latest-victim-of-credit-card-hacking.html