Security analysts found that the Petrwrap ransomware attack, initiated June 27, 2017, in the Ukraine, shares characteristics with WannaCry, a May 2017 attack initiated in Europe that rapidly spread to 150 countries. A criminal group known as the Shadow Brokers claimed responsibility for the WannaCry attack, claiming they stole the malware from U.S. intelligence agencies. Both the Petrwrap and WannaCry cyberattacks exploited a common vulnerability in Microsoft Windows and then encrypted computers using a private key, demanding a $300 bitcoin ransom from victims who wanted to retrieve their data, analysts stated.

read more

NACHA—The Electronic Payments Association stated it is celebrating the 30th year of The Payments Institute, "a university-style program focused on continuing payments education for industry professionals. "Just as the payments industry and ecosystem have evolved over the last 30 years, so has The Payments Institute," said Scott M. Lang, AAP, Senior Vice President, Association Services at NACHA, which has served as trustee of the automated clearing house network since 1974. "With its incomparable, in-depth and comprehensive curriculum and respected faculty, TPI remains the smart educational investment for employers, as well as payments practitioners who want to better contribute to their organizations and grow their careers."

read more

On June 26, 2017, payment platform provider Flywire revealed it had added PayPal to its menu of payment options in Canada, the European Union, the United Kingdom and the United States. PayPal and Flywire representatives said the integration will combine PayPal's popular, secure technology with Flywire's expertise in tailored, international currencies and vertical industries.

read more

Fraudsters are relentless and ever more sophisticated in their attacks on the world’s financial networks. However, security experts are also relentless and ever more sophisticated in their work to protect our systems. And law enforcement agencies are coordinating efforts to capture the criminals bent on profiting through cyber-crime. Last week, the Merchant Risk Council reported that 26 countries participated in eCommerce Action 2017 (eComm 2017). The Europol European Cybercrime Centre (EC3) coordinated this second annual coordinated action, which apprehended 73 fraudsters and members of Internet-based criminal networks for alleged online fraud activities. Arrests took place from June 6 through 16; suspects “were responsible for more than 20,000 fraudulent transactions with compromised credit cards, an estimated value exceeding EUR 5 million,” the EC3 stated.

read more

Security analysts are warning early Internet of Things (IoT) adopters to enhance the security of Universal Plug and Play (UPnP) routers and hubs in their connected homes due to recently detected malware attacks. The malware, known as Pinkslipbot, is a variation of a known malware scheme designed to attack firewalls, lock out system users and disrupt enterprise directories, analysts stated. Don Duncan, Sales Engineer - Eastern at NuData Security, said the malware is a derivative of QakBot, a form of malicious code that has been actively infecting networks for more than 10 years.

read more

New data from Trustwave Holdings Inc. forensics investigations indicates that despite efforts to increase POS data security following the U.S. EMV (Europay, Mastercard and Visa) mandate in 2015, adoption has been slow, and payment card data remained a target in 63 percent of the data incidents perpetrated globally in 2016. As of November 2016, only 38 percent of U.S. transactions used EMV technologies, Trustwave noted. According to the 92-page 2017 Trustwave Global Security Report, the North American region and the retail sector accounted for 49 percent and 22 percent of total breaches, respectively. Next in line regionally were Asia-Pacific (21 percent); Africa, Europe and Middle East (20 percent); and Latin America (10 percent).

read more

The Consumer Financial Protection Bureau’s detractors have much to be happy about now that the Trump Administration and Congress are pushing to curb the federal consumer watchdog agency’s power to supervise providers of payment and other financial services. The Treasury Department, on June 12, 2017, laid out a set of proposals in a report titled A Financial System that Creates Economic Opportunities: Banks and Credit Unions. This came just days after the House passed the Financial CHOICE Act, which would revamp the CFPB and undo many rules imposed under the 2010 Dodd-Frank Act

read more

Cannabis merchants and payment processors face hurtles on the road to legitimacy due to regulatory challenges and uncertainties posed by a new presidential administration. U.S. Attorney General Jeff Sessions voiced his opposition to the Rohrabacher-Farr amendment in a May 1, 2017, letter to Congress. Enacted in 2014 as part of a larger budgetary bill, the amendment protects state-sanctioned medical marijuana dispensaries from being prosecuted by the Department of Justice, a grave mistake according to Sessions.

read more

Visa Canada and Mastercard issued brief statements, June 12 and 13, 2017, respectively, heralding the settlement of a lawsuit over surcharging rules brought against the card brands by Canadian merchants in 2011. The settlement is subject to court approval in the provinces in which the claims were brought ‒ British Columbia, Alberta, Saskatchewan, Ontario and Quebec.

read more

The Women's Enterprise Development Center held a gala dinner and award ceremony June 15, 2017, at the Westchester Marriott in Tarrytown, N.Y., to celebrate its 20th anniversary. The not-for-profit organization has provided educational and financial guidance to entrepreneurial women since 1997. Programs and services have expanded into seven New York counties and parts of Connecticut, helping to launch nearly 8,000 women-owned businesses, representatives stated.

read more

The Electronic Transactions Association, which represents more than 500 payment and technology companies and offers educational and networking meetings and resources for payment professionals throughout the year, released the agenda for Transact Tech Atlanta. The one-day event will take place June 20, 2017, at the Georgia Tech Student Center in Atlanta. Attendees will include senior level payments industry executives including financial institutions, technology companies, investment and venture capital firms, as well as analysts and industry consulting firms, the ETA stated.

read more

Petaluma, Calif., police arrested three individuals on June 9, 2017, on suspicion of identity theft and drug possession, according to the Santa Rosa Press Democrat, a regional newspaper. A routine traffic stop led to the discovery of illegal and restricted drugs, as well as personal data reportedly stolen from InTouchPOS, a global hospitality service provider based about 70 miles away in Walnut Creek, Calif. In addition to cocaine, methamphetamine and pharmaceuticals found in the car, police uncovered a cache of personal identifying information belonging to approximately 100 people. Authorities are investigating one of the arrestees, former InTouchPOS employee Brittany Spears, for possible identity theft, Petaluma Police Sgt. Lance Novello said.

read more

Singularity University’s fourth annual Exponential Finance Summit, held June 7 through 9, 2017, in New York City, drew a diverse crowd of executives from a range of industries to explore how emerging technologies can solve global problems at scale. Speakers and panelists challenged attendees to “be exponential” and “unlearn” linear forms of thinking by tapping into the vast computational power and digital transformation of innovative change-makers and organizations. The three-day summit was organized into separate tracks to enable stakeholders in banking, financial advisory and wealth management, and insurance industries to examine how emerging technologies are impacting each vertical.

read more

According to recent data published by EMVCo, the number of EMV (Europay, Mastercard and Visa) chip cards in global circulation increased by 1.3 billion in 2016, bringing the total to 6.1 billion worldwide. Over the same period, card-present transactions conducted using EMV chip card and terminal technologies grew to 52.4 percent, up from 35.8 percent in 2015. Of the six regions tracked, Europe Zone 1 recorded the highest penetration of EMV card-present transactions, at 97.8 percent, with an adoption rate of 84.9 percent. While Asia Pacific (38.8 percent adoption) and the United States (52.2 percent adoption) lagged behind other regions, the data revealed U.S. adoption nearly doubled year-over-year.

read more

News this week from Apple Inc. could pave the way for much broader use of near field communications (NFC) technologies in mobile commerce, as well as increase competition in person-to-person (P2P) payments. NFC has been a go-to technology for mobile payments, particularly in the United States. But potential NFC applications don’t end there. With the advent of NFC tags, the same tap-and-go functionality that makes paying with smartphones fast and easy can also be used to access and transfer information. Potential applications are limitless, according to experts. But the end-user universe has been limited by Apple’s refusal to expand NFC functionality in its phones beyond payments.

read more

The Midwest Acquirers Association will return to downtown Chicago for its 15th anniversary show, MWAA 2017. For two days, July 18 and 19, payment professionals will enjoy the amenities of the Chicago Marriott Downtown Magnificent Mile hotel while attending educational presentations, special events and networking opportunities at the hotel's spacious conference facilities.

read more

Sears Holdings Inc. revealed May 31, 2017, that a data security breach occurred in its Kmart Stores division. A notice on Kmart’s website apologized for the incident, the second security breach in three years for the retailer. Sears spokesman Chris Brathwaite previously disclosed a security breach of the Kmart brand in October 2014, one month after an investigation exposed unauthorized access of its payment data systems.

read more

A month after confirming during an earnings call that it would divest Sage Payment Solutions Inc., U.K.-based Sage Group PLC entered into a definitive agreement with private equity firm GTCR under which GTCR will acquire Reston, Va.-based SPS for $260 million. "GTCR is partnering with SPS management to pursue organic growth initiatives and fund future acquisitions in the payment processing industry," GTCR stated in a press release about the transaction. "To support this strategy, GTCR has committed up to $350 million of equity capital to the platform. The transaction is expected to close in the third quarter following receipt of regulatory approvals and other consents."

read more

Security analysts are calling for a targeted, proportional response to increasingly sophisticated criminal attacks on security infrastructures. Because criminals gain access to networks by using technologies similar to those used by retailers and law enforcement, alternative approaches to data security are needed, experts have said. A Day in the Life of a Cyber Security Pro, a study published May 17, 2017, by Bay Dynamics in conjunction with research firm Enterprise Management Associates, highlighted the need for more robust and scalable tools.

read more