Apple Pay Headed To Canada

Apple Inc is gearing up to launch its electronic payments service in Canada in November, the first international expansion of Apple Pay, the Wall Street Journal reported, citing people familiar with the matter.

The iPhone maker is in talks with Canada’s six biggest banks, Royal Bank of Canada, Toronto-Dominion Bank , Bank of Nova Scotia, Bank of Montreal, Canadian Imperial Bank of Commerce and National Bank of Canada, the people told the Journal.

The banks are open to an agreement, but are not happy with Apple’s fee proposals and are worried about security vulnerabilities like the ones that U.S. banks experienced, the Journal said, citing the people.

It was still unclear if all six Canadian banks would launch Apple Pay at the same time, the Journal said.

Apple launched the service, a mobile payment app that allows consumers to buy things by holding their iPhone6 and 6 Plus devices up to a reader, in the United States in October.

Source

Target Settles Security Breach

Target is reportedly close to paying out $10m to settle a class-action case that was filed after it was hacked and stripped of tens of millions of peoples’ details.

Target was smacked by hackers in 2013 in a massive cyber-thwack on its stores and servers that put some 70 million people’s personal information in harm’s way.

The hack has had massive repercussions. People are losing faith in industry and its ability to store their personal data, and the Target incident is a very good example of why people are right to worry.

As well as tarnishing Target’s reputation, the attack also led to a $162m gap in its financial spreadsheets.

The firm apologized to its punters when it revealed the hack, and chairman, CEO and president Gregg Steinhafel said he was sorry that they have had to “endure” such a thing

Now, according to reports, Target is willing to fork out another $10m to put things right, offering the money as a proposed settlement in one of several class-action lawsuits the company is facing. If accepted, the settlement could see affected parties awarded some $10,000 for their troubles.

We have asked Target to either confirm or comment on this, and are waiting for a response. For now we have an official statement at Reuters to turn to. There we see Target spokeswoman Molly Snyder confirming that something is happening but not mentioning the 10 and six zeroes.

“We are pleased to see the process moving forward and look forward to its resolution,” she said.

Not available to comment, not that we asked, will be the firm’s CIO at the time of the hack. Thirty-year Target veteran Beth Jacob left her role in the aftermath of the attack, and a replacement was immediately sought.

“To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target,” said Steinhafel then.

“As a first step in this effort, Target will be conducting an external search for an interim CIO who can help guide Target through this transformation.”

“Transformational change” pro Bob DeRodes took on the role in May last year and immediately began saying the right things.

“I look forward to helping shape information technology and data security at Target in the days and months ahead,” he said.

“It is clear to me that Target is an organization that is committed to doing whatever it takes to do right by their guests.”

We would ask Steinhafel for his verdict on DeRodes so far and the $10m settlement, but would you believe it, he’s not at Target anymore either having left in the summer last year with a reported $61m golden parachute.

Source

Samsung Buys LoopPay

Samsung Electronics Co Ltd has acquired U.S. mobile wallet startup LoopPay, signaling its intention to launch a smartphone payments service to compete with rival Apple Inc.

Mobile payments have been slow to catch on in the United States and elsewhere, despite strong backing. Apple, Google, and eBay Inc’s PayPal have all launched services to allow users to pay in stores via smartphones.

The weak uptake is partly because many retailers have been reluctant to adopt the hardware and software infrastructure required for these new mobile payment options to work. These services also fail to offer much more convenience than simply swiping a credit card, Samsung executives said on Wednesday.

LoopPay’s technology differs because it works off existing magnetic-stripe card readers at checkout, changing them into contactless receivers, they said. About 90 percent of checkout counters already support magnetic swiping.

“If you can’t solve the problem of merchant acceptance…, of being able to use the vast majority of your cards, then it can’t really be your wallet,” said David Eun, head of Samsung’s Global Innovation Center.

Injong Rhee, who is leading Samsung’s as-yet-unannounced payments project, said the Asian giant will soon reveal more details of its envisioned service. He would not be drawn on speculation the company may do so during the Mobile World Congress in Barcelona.

He said new phones such as the upcoming, latest Galaxy would support the service.

Apple Pay, launched in September, allows iPhone users to pay at the tap of a button. Executives have lauded its rapid rollout so far, including the fact that more than 2,000 banks now support it and the U.S. government will accept Apple Pay later this year.

But Apple Pay requires retailers to install near-field communication and some have been reluctant. In addition, many retailers such as Wal-Mart Stores Inc and CVS Health Corp, back their own system, CurrentC.

Samsung had invested in LoopPay, along with Visa Inc and Synchrony Financial, before its acquisition. Terms of the deal, which Samsung negotiated over several months, were not disclosed.

It’s unclear how else Samsung could differentiate its service versus Apple’s or other rivals.

Source

Yet Another Retailer System Hacked

Women’s clothing retailer Bebe Stores has become the latest in a growing list of national retailers to be hit by an attack on its credit card payment system.

The company said Friday that the cardholder name, account number, expiration date, and verification code could have been stolen by hackers who apparently had access to the company’s payment processing system between Nov. 8 and 26.

The incident came to light in late November when Bebe said it noticed suspicious activity on computers that operate the payment processing system. Stores affected were the roughly 200 it operates in the U.S., Puerto Rico and the U.S. Virgin Islands.

“If you used a payment card at a U.S., Puerto Rico or U.S. Virgin Islands store during this time frame, you should review your account statements for any unauthorized activity,” it said in a message to customers.

The last couple of years have been bad ones for the safety of credit card data at major U.S. retailers. Millions of credit and debit card numbers have been compromised in breaches at retailers, including Target, Home Depot, PF Chang’s restaurants, Super Valu grocery stores, Neiman Marcus, UPS Store and others.

In many cases, the attacks were targeted at payment processing terminals and used sophisticated malware that stole card details as consumers swiped their cards. Many of the thefts were only discovered after the card numbers appeared for sale on Internet hacking forums.

Such was the case with Bebe Stores. First news of the hack came earlier this week through the closely followed Krebs on Security blog.

Source

Will The Drupal Flaw Be Catastrophic?

The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.

The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.

Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.

Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.

That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.

“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”

More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.

“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.

“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.

“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”

Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.

“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.

“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.

“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”

Source

Hackers Infiltrate Jimmy Johns

Sandwich restaurant chain Jimmy John’s said there was a potential data breach involving customers’ credit and debit card information at 216 of its stores and franchised locations on July 30.

An intruder stole log-in credentials from the company’s vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16 and Sept. 5, the company said.

The chain is the latest victim in a series of security breaches among retailers such as Target Corp, Michaels Stores Inc and Neiman Marcus.

Home Depot Inc  said last week some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than the breach at Target Corp.

More than 12 of the affected Jimmy John’s stores are in Chicago area, according to a list disclosed by the company.

The breach has been contained and customers can use their cards at its stores, the privately held company said.

Jimmy John’s said it has hired forensic experts to assist with its investigation.

“Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online,” Jimmy John’s said.

The Champaign, Illinois-based company said stolen information may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date.

Source

Is RadioShack Going Bankrupt?

Troubled electronics retailer RadioShack Corp says filing for bankruptcy protection is an option if its cash situation worsens, after reporting its tenth straight quarterly loss.

The company said it was also exploring other options, including a sale or an investment, and liquidation as the last resort.

RadioShack, whose sales have been in free-fall since 2010 as it struggles to compete with internet retailers, said in a regulatory filing it was working with its lenders and landlords to restructure its debt and cut costs.

“It would surprise me if we got to Nov. 1 without a bankruptcy,” Wedbush Securities Inc analyst Michael Pachter told Reuters.

RadioShack shares, which are in danger of being delisted from the New York Stock Exchange, were up 2 percent at 95 cents in volatile early trading.

The company said same-store sales declined 20 percent in the latest quarter, while total sales plunged to their lowest in more than 20 years.

The company is being advised by a restructuring attorney at law firm Jones Day as it tries to strike a deal with creditors to close stores, two people close to the matter told Reuters on Wednesday.

RadioShack tried to close 1,100 stores this year, but reduced that number to 200 a year when lenders did not agree to the plans.

RadioShack’s landlords, however, may be open to mass store closures if they believe it will allow them to find new tenants more quickly than in a bankruptcy, a source close to the matter told Reuters.

David Tawil, president of hedge fund Maglan Capital that focuses on companies approaching bankruptcy, said he saw “major execution risks” to RadioShack’s recapitalization and turnaround efforts.

“I don’t think that the chances are great that RadioShack survives,” Tawil said, adding that the company’s credit default swaps were trading higher, pointing to market expectations of a near-term debt default.

The company ended the second quarter with $30.5 million in cash and $658.0 million in debt, which matures between 2018 and 2019.

Source

Bitcoin Use Growing

Bitcoin is gaing greater acceptance at U.S. online merchants including Overstock.com and Expedia, as customers use a digital currency that just a few years ago was virtually unknown but is now showing some staying power.

Though sales paid for in bitcoin so far at vendors interviewed for this article have been a fraction of one percent, they expect that as acceptance grows, the online currency will one day be as ubiquitous as the internet.

“Bitcoin isn’t going anywhere; it’s here to stay,” said Michael Gulmann, vice president of global products at Expedia Inc. in Seattle, the largest online travel agent. “We want to be there from the beginning.” Expedia started accepting bitcoin payments for hotel bookings on July 11.

Until recently a niche alternative currency touted by a fervent group of followers, bitcoin has evolved into a software-based payment online system. Bitcoins are stored in a wallet with a unique identification number and companies like Coinbase and Blockchain can hold the currency for the user.

When buying an item from a merchant’s website, a customer simply clicks on the bitcoin option and a pop-in window appears where he can type in his wallet ID number.

Still, broad-based adoption of bitcoin is at least five years away because most consumers still prefer to use credit cards, analysts said.

“Bitcoin is a new way of making payments, but it’s not solving a problem that’s broken,” said George Peabody, payments consultant at Glenbrook Partners in Menlo Park, California. “Retail payments aren’t broken.”

There are also worries about bitcoin’s volatility: its price in U.S. dollars changes every day.

That risk is borne by the consumer and the bitcoin payment processor, such as Coinbase or Bitpay, not the retailer. The vendor doesn’t hold the bitcoin and is paid in U.S. dollars. As soon as a customer pays in bitcoin, the digital currency goes to the payment processor and the processor immediately pays the merchant, for a fee of less than 1 percent.

“We don’t have to deal with the actual holding of the bitcoin: it’s the payment processor that takes the currency risk for us,” said Bernie Han, chief operating officer at Dish Network Corp, in Englewood, Colorado. “That’s what makes it appealing for us and I guess for other merchants as well.”

Source

UPS Breached

Credit and debit card information belonging to customers made purchases at 51 UPS Store Inc. locations in 24 states this year may have been illegally accessed as the result of an intrusion into the company’s networks.

In a statement on Wednesday, UPS said it was recently notified by law enforcement officials about a “broad-based malware intrusion” of its systems.

A subsequent investigation by an IT security firm showed that attackers had installed previously unknown malware on systems in more than four-dozen stores to gain access to cardholder data. The affected stores represent about 1% of the 4,470 UPS Store locations around the country.

The intrusion may have exposed data on transactions conducted at the stores between Jan. 20 and Aug. 11, 2014. “For most locations, the period of exposure to this malware began after March 26, 2014,” UPS said in a statement.

In addition to payment card information, the hackers also appear to have gained access to customer names, as well as postal and email addresses.

Each of the affected locations is individually owned and runs private networks that are not connected to other stores, UPS added. The company provided alist of affected locations.

The breach is the third significant one to be disclosed in the past week. Last Thursday, grocery store chain Supervalu announced it had suffered a malicious intrusion that exposed account data belonging to customers who had shopped at about 180 of the company’s stores in about a dozen states. The breach also affected customers from several other major grocery store chains for which Supervalu provides IT services.

Source

Amazon Goes 3D

Amazon.com Inc will offer 3D printing services that allow customers to customize and build earrings, bobble head toys and other items from third-party vendors using a new personalization option on its website.

Most of the more than 200 items available on the company’s new 3D printed products store, which was rolled out on Monday, can be customized using a new feature that allows users to rotate and change the item they are viewing.

Before it is printed by one of Amazon’s sellers, users can customize a product like as a bobble head figure by changing its skin and eye color, hair style and outfit, Amazon said.

“The customization is something we’re keenly interested in,” said Petra Schindler-Carter, director for Amazon marketplace sales, speaking in an interview. “We’ll always look for new applications for that.”

Amazon, which has more than 240 million users, has expanded its marketplaces division to include new areas such as fine art and wine. It is part of Amazon’s larger investment into new areas like mobile services and original content that led to its larger-than-expected second-quarter loss last week.

The new printing option taps into a broader “Maker movement” among tech entrepreneurs in northern California, and to some extent Europe, that is focused on customizing 3D objects rather than development software or mobile applications.

3D printers have gained in popularity on Amazon Supply, a wholesale site for businesses. That interest led Amazon to offer customers an 3D print option, Schindler-Carter said.

Source

« Previous Page — Next Page »