Sign up for our Technology Newsletter 
SpyEye Poses Risk To Banking Defenses
Financial institutions are facing more trouble from SpyEye, a piece of malicious software that steals money from customers online bank accounts, according to new research from security vendor Trusteer.
SpyEye is a dastardly piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.
In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.
Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.
SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying to mimic — albeit in an automated way — how a real person would navigate a website.
Citigroup Hackers Pocketed $2.7 million
June 29, 2011 by admin
Filed under Around The Net
Comments Off on Citigroup Hackers Pocketed $2.7 million
Citigroup suffered about $2.7 million in losses after cybercriminals uncovered a way to lift credit card numbers from its website and make fraudulent transactions.
Citi acknowledged the breach earlier this month, saying hackers had gained accessed to more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn’t breach Citi’s main credit card processing system, but were reportedly able to obtain the numbers, along with the customers’ names and contact information, by logging into the Citi Account Online website and guessing account numbers.
Until now, it wasn’t revealed if any fraud had occurred as a result of the theft. But Citi confirmed Friday that there were losses of $2.7 million from about 3,400 accounts.
The bank has said its customers will not be liable for the fraudalent transactions and losses as a result of them.
RSA To Replace SecureID Tokens
June 10, 2011 by admin
Filed under Around The Net
Comments Off on RSA To Replace SecureID Tokens
In an acknowledgement of the severity of its recent systems breach, RSA Security said Monday that it will replace SecureID tokens for any customer that asks.
Customers have been left to ponder whether or not to trust RSA’s security tokens since March, when the company confirmed that it had been hacked and issued a vague warning to its customers. Then, two weeks ago, government contractor Lockheed Martin was reportedly forced to pull access to its virtual private network after hackers compromised the SecureID technology.
In a letter sent to customers Monday, RSA confirmed that the Lockheed Martin incident was related to SecureID. Information “taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin,” RSA Executive Chairman Art Coviello stated in the letter.
Coviello said the company remains “highly confident in the RSA SecureID product,” but acknowledged that the recent Lockheed Martin attack and general concerns over hacking, “may reduce some customers’ overall risk tolerance.”
Visa Offers New Payment Service
March 20, 2011 by admin
Filed under Around The Net
Comments Off on Visa Offers New Payment Service
Visa announced Wednesday it is developing a new service that will allow U.S. customers to send money directly to one another, presenting new competition to PayPal.
Visa already lets people send money to Visa accounts in many other countries, but this will be the first time it will offer the service in the U.S.
People who use banks that participate in the new program will be able to send money directly to someone’s Visa account by entering the recipient’s Visa account number, e-mail address or mobile-phone number in an online payment form.
Visa said it has made deals with two payment companies, Fiserv and CashEdge, so that those companies can allow their customers to send money to Visa accounts. Banks offer Fiserv’s ZashPay and CashEdge’s Popmoney services to their customers for sending money to other people. The first banks are expected to make the Visa service available through CashEdge and Fiserv in the second half of the year, Visa said. It’s not clear whether Visa will offer the service on its own. Read More…