Showing posts with label pci. Show all posts
Showing posts with label pci. Show all posts
Saturday, December 11, 2010
Friday, February 12, 2010
European credit and debit card security broken
Seems like the problem with this system is that the problem is that the PIN is stored on the chip... and that's just as stupid as writing it on the card! The attacks are simple... either a card that always agrees the PIN given is correct, or a terminal that tries to authenticate all 10000 PINS and then learns the right one.
Payment processors have for years been wanting to have an offline secure system, but it just doesn't work. With cheap enough data systems available everywhere, it's not hard for every Wal-Mart most rural gas stations to see a satellite. Get a $20/mo. dial-up account if you have to... there's no reason for anything that does money to be off the grid.
If the PIN is stored online like traditional ATM cards, then there would be a quick way to be sure there's honest checking of the pin and alarms if somebody fails too many times. The American "contact" systems are actually reasons to not require a signature or a PIN... but those are also designed for small-dollar transactions and keeping the fast food line moving. Sure, they're open to cloning risk, but they're willing to take that downside because there's enough upside to using the system.
Thursday, October 8, 2009
Lawsuit: A Heartland Manager Resigned Because Of PCI Compliance Issues
As the lawsuits involving Heartland’s massive data breach move through the court system, an unusual claim was inserted into a court filing. The Sept. 23 filing in the U.S. District Court for the Southern District of Texas was trying to raise questions about Heartland’s post-breach conduct. It then shared the following anecdote without further explanation.
“On the day after the data breach, Heartland conducted a webinar about the data breach for its high-level employees, sales representatives and/or relationship managers. Upon information and belief, Heartland relationship managers were told that PCI compliance was not a big deal. One of Heartland’s relationship managers resigned on or around April 23, 2009, in part because of Heartland’s statements regarding its PCI compliance. A Referee’s Decision in a Delaware Department of Labor proceeding reached the conclusion that this relationship manager had “good cause” to leave her position at Heartland based, in part, on Heartland’s conduct.” That might prove quite significant or it could be an irrelevant red herring. Either way, it’s not the kind of detail we see very often.
“On the day after the data breach, Heartland conducted a webinar about the data breach for its high-level employees, sales representatives and/or relationship managers. Upon information and belief, Heartland relationship managers were told that PCI compliance was not a big deal. One of Heartland’s relationship managers resigned on or around April 23, 2009, in part because of Heartland’s statements regarding its PCI compliance. A Referee’s Decision in a Delaware Department of Labor proceeding reached the conclusion that this relationship manager had “good cause” to leave her position at Heartland based, in part, on Heartland’s conduct.” That might prove quite significant or it could be an irrelevant red herring. Either way, it’s not the kind of detail we see very often.
Friday, October 2, 2009
"Debt Slavery" Replaces Physical Slavery"
This form of "debt slavery" or "debt peonage" was not just an accidental development of history. It was a deliberately-planned alternative to the slave arrangement in which owners were responsible for the feeding and care of a dependent population, and it is still with us today. Although European financiers were in favor of an American Civil War that would return the United States to its colonial status, they admitted privately that they were not necessarily interested in preserving slavery. They preferred "the European plan": capital could exploit labor by controlling the money supply, while letting the laborers feed themselves. In July 1862, this ploy was revealed in a notorious document called the Hazard Circular, which was circulated by British banking interests among their American banking counterparts. It said:
Slavery is likely to be abolished by the war power and chattel slavery destroyed. This, I and my European friends are glad of, for slavery is but the owning of labor and carries with it the care of the laborers, while the European plan, led by England, is that capital shall control labor by controlling wages. This can be done by controlling the money. The great debt that capitalists will see to it is made out of the war, must be used as a means to control the volume of money. To accomplish this, the bonds must be used as a banking basis. . . . It will not do to allow the greenback, as it is called, to circulate as money any length of time, as we cannot control that
http://www.webofdebt.com/articles/debt-serfdom.php
Slavery is likely to be abolished by the war power and chattel slavery destroyed. This, I and my European friends are glad of, for slavery is but the owning of labor and carries with it the care of the laborers, while the European plan, led by England, is that capital shall control labor by controlling wages. This can be done by controlling the money. The great debt that capitalists will see to it is made out of the war, must be used as a means to control the volume of money. To accomplish this, the bonds must be used as a banking basis. . . . It will not do to allow the greenback, as it is called, to circulate as money any length of time, as we cannot control that
http://www.webofdebt.com/articles/debt-serfdom.php
Wednesday, September 23, 2009
Credit card fraud might have played role in financing Mumbai terror attacks, expert suggests
ndian authorities have recovered $1,200 and several credit cards from a backpack carried by one of the terrorists
who assailed ten targets in Mumbai, killing at least 172 people and injuring hundreds of others, according to press
reports. The presence of the cards might signal that credit card fraud helped fund the terror attacks, Dennis Lormel,
an anti-money laundering consultant who once led the Federal Bureau of Investigation’s anti-terrorist financing unit,
told Complinet.
The credit cards in question reportedly were issued by Citibank, HSBC, ICICI Bank, Axis Bank, HDFC Bank and
State Bank of Mauritius.
“I’m interested in the potential credit card fraud as a funding source and operational support mechanism,” Lormel
said.
For Lormel, the possible link between credit card fraud and the Mumbai terrorist attacks is more than a fleeting
interest. He has long feared that terrorists are becoming increasingly adept at generating funds through such illicit
schemes; he recently wrote a white paper in which he dubbed credit card fraud a “growth industry” for terrorists.
“There is no empirical statistical data establishing the nexus between credit card exploitation and terrorism, but
there are ample anecdotal case studies demonstrating how extensively terrorists rely on credit card information in
furtherance of their heinous activities,” Lormel wrote in his paper.
Alternative funding sources
Lormel added that a previous Complinet article examining how the Mumbai attacks might have been funded
“presents interesting and viable possible funding sources.”
“It’s highly likely hawalas were used. Wealthy individual donors and charities could be funding sources, as pointed
out. It will be interesting to determine if drugs and other criminal activities contributed. Likewise, the nexus between
Dawood Ibrahim and the attack should be one of the highest investigative priorities,” he said.
“The attack itself will play out to be inexpensive. The overall operation will be much costlier when you factor in the
training and subsistence of the attackers and their logistical support element.”
Still, Lormel conceded that it may be some time before authorities can say with any degree of certainty how the
murderous rampage was funded.
“It’s too early to understand the scope of the funding for the attacks,” he said.
Subscribe to:
Comments (Atom)
