Will MasterCard Sell Big Data?

MasterCard Inc, the world’s second-largest credit card association, sees business booming from selling data to retailers, banks and governments on spending patterns found in the payments it processes, a top executive told Reuters.

MasterCard, which handles payments for 2 billion cardholders and tens of millions of merchants, uses that information to generate real-time data on consumer trends, available more quickly that regular government statistics.

“It is an incredibly fast growing area for us,” Ann Cairns, who heads MasterCard’s business outside North America, said in an interview, stressing that the company respects cardholder privacy, using anonymous data rather than personal information.

MasterCard does not give figures for its information services products but “other revenues”, which include the sale of data, grew 22 percent in the first quarter of 2014 to $341 million, outpacing the growth of total revenue dominated by payments processing, which rose 14 percent to $2.177 billion.

Cairns said clients for the data include retailers, banks and governments, with MasterCard tailoring it to their needs.

“Retailers are fantastic at using the data they have available about how people shop in their store, how their inventory turns over, but what they don’t know is what happens outside their store,” she said. “The data we’ve got is ubiquitous across the whole market. We can help retailers see what they need to do to capture more sales.”

Cairns, 57, a statistician by training who joined MasterCard in 2011 after helping manage the disposal of Lehman Brothers assets in Europe, revels in the insights real-time card data can provide, such as London’s popularity as the world’s top travel destination and a rise in spending on experiences such as eating out or going on holiday rather than shopping in stores.

MasterCard has recorded a spike in spending in Brazil on groceries and a drop in spending on luxury goods as the price of food has risen ahead of the World Cup, she said, the kind of insight valued by companies such as Nike and Adidas that are hoping to sell $300 soccer boots during the competition.

While MasterCard expands in “big data”, Cairns sees no slowdown in its traditional business of processing payments, with plenty of potential for growth as 85 percent of consumer transactions are still made by cash or check.

“Moving money and doing it safely and securely is so deeply cared about by so many people around the world that it will be a business that has fantastic value now and for years to come,” said Cairns, who previously worked at Citigroup and ABN Amro.

Source

Some ATMs Still On XP

Cyber-criminals have been cutting holes into European cash machines in order to infect them with malware.

The holes were cut so that the hackers could plug in USB drives that installed their code onto the ATMs. Details of the attacks on an unnamed European bank’s cash dispensers were presented at the hacker-themed Chaos Computing Congress in Hamburg, Germany.

The thefts came to light in July after the lender involved noticed several its ATMs were being emptied. The bank discovered the criminals were vandalising the machines to use the infected USB sticks. Once the malware had been transferred, they patched the holes up. This allowed the same machines to be targeted several times without the hack being discovered.

The attackers could take the highest value banknotes in order to minimise the amount of time they were exposed. Interestingly the software required the thief to enter a second code in response to numbers shown on the ATM’s screen before they could release the money and the thief could only obtain the right code by phoning another gang member and telling them the numbers displayed. This stopped the criminals going alone.

Source

ATM Malware Found In Mexico

A malicious software program identified in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.

Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified.

In contrast to most malware, Ploutus is installed the old-fashioned way — by inserting a CD boot disk into the innards of an ATM machine running Microsoft Windows. The installation method suggests that cybercriminals are targeting standalone ATMs where access is easier.

The first version of Ploutus displays a graphical user interface after the thief enters a numerical sequence on an ATM’s keypad, although the malware can be controlled by a keyboard, wrote Daniel Regalado, a Symantec malware analyst, on Oct. 11.

Ploutus is programmed for a specific ATM model since it assumes there is a maximum of four cassettes per dispenser in the ATM. It then calculates the amount of money that should be dispensed based on the number of bills. If any of the cassettes have less than the maximum number of 40 bills, it releases whatever is left, repeating that process until the ATM is empty.

Kevin Haley, director of Symantec Security Response, said in an interview earlier this month that the attackers have deep knowledge of the software and hardware of the particular ATM model.

“They clearly know how this machine worked,” he said.

The source code of Ploutus “contains Spanish function names and poor English grammar that suggests the malware may have been coded by Spanish-speaking developers,” Regalado wrote.

In a new blog post, Regalado wrote that the attackers made Ploutus more robust and translated it into English, indicating the same ATM software can be exploited in countries other than Mexico.

The “B” variant of Ploutus has some differences. It only accepts commands through the keypad but will display a window showing the money available in the machine along with a transaction log as it dispenses cash. An attacker cannot enter a specific number of bills, so Ploutus withdraws money from the cassette with the most available bills, Regalado wrote.

Symantec advised those with ATMs to change the BIOS boot order to only boot from the hard disk and not CDs, DVDs or USB sticks. The BIOS should also be password protected so the boot options can’t be changed, Regalado wrote.

Source

Banks Join Instant Chat

Goldman Sachs Group Inc, JPMorgan Chase & Co and six other financial institutions have agreed to join a new instant messaging network from Markit and Thomson Reuters Corp to connect disparate messaging systems.

The network, called Markit Collaboration Services, launched on Monday and allows members to chat with one another regardless of the proprietary messaging technology that each firm uses.

This open platform differs Bloomberg LP’s messaging system, which is a closed network only for users of Bloomberg terminals.

Bloomberg messaging is the most popular form of chat on Wall Street, and often cited as one of the reasons banks are willing to pay around $20,000 a year for a subscription to a Bloomberg terminal.

Markit and Thomson Reuters said they hoped their open messaging network will attract banks that want to chat with their clients or other financial institutions but cannot currently do so because they are on different messaging systems.

The other banks that have joined the new network are Deutsche Bank, Bank of America Merrill Lynch, Barclays, Citigroup, Credit Suisse and Morgan Stanley, according to a statement from Markit.

The banks collectively employ more than 1 million people worldwide, though it was not immediately clear how many individuals will use the new Markit service.

David Craig, president of Thomson Reuters’ Financial & Risk division, said one of the challenges facing banks is that their messaging systems do not always talk to one another. “That creates costs and complexity,” he said.

Markit and Thomson Reuters said the messages on the new network are encrypted, and the system does not store them.

Representatives from Bank of America, Deutsche Bank, Goldman Sachs and Morgan Stanley were not immediately available to comment on the new messaging system. Representatives from Barclays, Citi, Credit Suisse and JPMorgan also declined to comment.

Source

King.com Has IPO In The Works

King.com Ltd, the British mobile gaming firm best known for its popular puzzle game ‘Candy Crush Saga’, has filed confidentially for an initial public offering (IPO) in the United States, a person familiar with the matter said on Sunday.

Online technology companies are rushing to the stock market on the backs of Twitter Inc’s announcement earlier this month that it plans to go public in the most eagerly anticipated IPO since last year’s flotation ofFacebook Inc.

Emerging growth companies such as King can use a secretive IPO registration process in the U.S. thanks to the Jumpstart Our BusinessStartups (JOBS) Act, which loosened a number of federal securities regulations in hopes of boosting capital raising and thereby increasing job growth.

King has hired Bank of America Merrill Lynch Corp, Credit Suisse Group AG and JPMorgan Chase & Co to lead the offering, said the person, confirming an earlier report by the Daily Telegraph and asking not to be identified because the information is confidential.

Representatives for King and the banks either declined to comment or did not respond to requests for comment.

King offers 150 games in 14 languages through mobile phones, Facebook and its website. It boasts more than 1 billion gameplays per day from its users.

The company’s games appeal to a growing trend for players to play puzzles with their friends in short bursts, especially as games are increasingly played on the move on phones or tablets to kill spare minutes.

Rival Zynga Inc went public two years ago in a high-profile IPO that raised $1 billion. Since then, Zynga has suffered from sagging morale during several quarters of worsening performance and repeated waves of layoffs.

Founded in 2003, King has been profitable since 2005 and has not had a funding round since September of that year, when it raised 34 million euros ($46.04 million) from investment firms Apax Partners and Index Ventures.

Source

Will The FBI Ditch Blackberry?

Samsung Electronics Co Ltd is close to signing a deal to sell its popular line of Galaxy devices to the U.S. Federal Bureau of Investigation, sources familiar with the situation said late last  Friday.

The deal would be a boost for Samsung, which is increasingly seeking to cater to the needs of government agencies, a niche long dominated by Canadian smartphone maker BlackBerry Ltd.

The FBI, with more than 35,000 employees, at present uses mainly BlackBerry devices. It is unclear whether the agency plans to replace all BlackBerry equipment with Galaxy models or whether it will use hardware from both companies.

A spokeswoman for the FBI declined to comment on the matter, saying that the selection of its new smartphones is part of an active acquisition process and any current discussions are proprietary to the government.

The imminent deal was initially reported by the Wall Street Journal late on Thursday. The WSJ also said Samsung is close to signing a smaller order for its devices with the U.S. Navy, citing people familiar with the matter.

Representatives of BlackBerry and Samsung declined to comment. BlackBerry emphasized, however, that it regards its operating system as the best in the market in terms of security features.

“The security of mobile devices is more important now than it has ever been before,” BlackBerry’s chief legal officer, Steve Zipperstein, said in an interview. “It is fair to ask why in this context anyone would consider moving from the gold standard in security, which is the BlackBerry platform.”

In May, the U.S. Pentagon cleared Samsung’s Android mobile devices and a new line of BlackBerry devices powered by the BB10 operating system for use on Defense Department networks.

Samsung has been pushing hard to convince government agencies and corporate clients that its Galaxy devices, powered by Google Inc’s Android operating system, can meet their stringent security needs.

The South Korean company hopes that the Pentagon clearance and the imminent deal with the FBI will help boost sales to security-conscious clients including banks and law firms.

Some analysts remain skeptical about whether Android can meet all security requirements of such clients, and note that the FBI itself has highlighted some vulnerabilities of the platform.

“The Android operating system hasn’t been secured properly,” said Rob Enderle, principal analyst with Enderle Group, noting that Samsung has layered technology on top of the operating system in an attempt to make its Galaxy devices safer.

Source

Phishing Attacks Increasing

Security researchers at Kaspersky Lab have reported significant growth in phishing attacks over the last year.

In a study entitled “The Evolution of Phishing Attacks”, Kaspersky said it found 37.3 million out of its 50 million customers running its security products that were at risk of being phished from 2012 to the present, an 87 percent increase over the same period between 2011 and 2012.

“The nature of phishing attacks is such that the simplest types can be launched without any major infrastructure investments or in-depth technological research,” Kaspersky said in the report.

“This situation has led to its own form of ‘commercialization’ of these types of attacks, and phishing is now being almost industrialized, both by cybercriminals with professional technological skills and IT dilettantes.”

The security firm explained that overall, the effectiveness of phishing, combined with its profitability for criminals and how simple the process is to undertake has led to a steadily rising number of these types of incidents.

Kaspersky noted that most of the victims in 2012-2013 were located in just ten countries, that is, Russia, the US, India, Germany, Vietnam, the UK, France, Italy, China and Ukraine. These 10 countries were home to 64 percent of all phishing attack victims during this time.

In addition to a rise in the number of users attacked, the number of servers involved in phishing attacks also increased, Kaspersky said, without giving any exact numbers. Though the firm did reveal that internet giants like Yahoo, Google, Facebook and Amazon are the top targets of malicious users.

“Online game services, online payment systems, and the websites of banks and other credit and financial organizations are also common targets,” the firm added, warning users to stay vigilant when entering personal data.

Source

SecureID CRACKED?

An analyst has come up with a technique that clones the secret software token that RSA’s SecurID uses to generate one-time passwords.

Sensepost senior security analyst Behrang Fouladi said that the discovery has important implications for the safekeeping of the tokens. Fouladi demonstrated another way determined attackers could circumvent protections built into SecurID. By reverse engineering software used to manage the cryptographic software tokens on computers running Windows, he found that the secret “seed” was easy for people with control over the machines to locate and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that mimic verbatim the output of a targeted SecurID token.

Source…

Fed Contractor Arrested For Software Theft

Bo Zhang worked at the bank and took advantage of his position to commit the crime, according to prosecutors, and was arrested yesterday by the FBI and the Treasury Department.

“As today’s case demonstrates, our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property,” said Manhattan US Attorney Preet Bharara.

“Fighting cyber crime is one of the top priorities of this office and we will aggressively pursue anyone who puts our computer security at risk.”

A complaint against Zhang has been unsealed and according to that he pilfered the Government-Wide Accounting and Reporting Program code by copying it to a hard drive owned by the Federal Reserve Bank of New York.

Source…

PayPal Unveils New Payment System

PayPal has unveiled a mobile payment product for customers that doesn’t require near-field communication (NFC) technology inside smartphones.

The system relies instead on using smartphones and other mobile devices to scan product bar codes and to authorize payments through PayPal mobile accounts. Shoppers will also be able to use credit-card scanning terminals commonly seen in grocery stores: The user inputs a phone number and PIN on the terminal’s keypad instead of swiping a credit or debit card.

PayPal President Scott Thompson laid out the basics of the plan in a blog posted Wednesday. In the blog, he also took a swipe at competitors, including Google, MasterCard, Visa and others, who are working with NFC in smartphones for a mobile wallet.

“Let’s be clear about something — we’re not just shoving a credit card on a phone,” Thompson said in his blog.

PayPal is already a major global force in online payments, with 100 million customers. While PayPal’s new payment technologies don’t rely on NFC, they do propose making in-store payments possible from any device and support GPS-based offers, according to Thompson’s blog. PayPal will even allow for customers to set up payments on credit after they’ve checked out.

Dozens of merchants got a sneak peak of the technology Wednesday at an event PayPal sponsored. The event was covered by All Things D, which was not allowed to take photographs, but posted a story. In addition to the payment methods shown in the PayPal video, that story said PayPal will allow customers to continue using plastic cards, issued by PayPal, for payment.

In an interview posted on AllThingsD, Thompson said the PayPal approach doesn’t require merchants to install new terminals, nor does it require customers to buy a new smartphone.

Read more here….

« Previous Page — Next Page »