GS Logo
The Green Sheet, Inc

Please Log in

Banner Ad
Skyscraper Ad

Wednesday, January 17, 2018

Jason's Deli confirms RAM-scraper attack

I t was news no merchant wants to hear. Family-owned Jason's Deli, which operates 275 delis in 28 states, received notice on Dec. 22, 2017, that a large quantity of payment card information associated with the business was for sale on the Dark Web. Law enforcement, a threat response team and forensic experts began investigating immediately and recently reported a breach had, indeed, occurred. It began June 8, 2017, and jeopardized the credit card information of approximately 2 million Jason's Deli customers.

Criminals gained access by using RAM-scraping malware at POS terminals at some, but not all, Jason's Deli locations. RAM-scraper attacks take advantage of a vulnerability that occurs during processing at the POS terminal. POS terminals are mini computers with card readers. Thus, they typically have permanent storage in hard drives or flash memory, and temporary storage in random access memory (RAM).

Vigilance required

The Payment Card Industry (PCI) Data Security Standard (DSS), devised to protect payment card data and the systems that process that information, is complex and difficult for many busy merchants to understand. For some time, the PCI DSS has explicitly required that merchants encrypt card data both residing on permanent storage and traversing their publicly accessible networks, but it has not mandated encryption for data in RAM, where it must be briefly decrypted for processing. That is where many fraudsters have accessed data from merchants who believed themselves to be PCI compliant.

As Jason's Deli and other merchants have learned, data security requires vigilance. Encryption is essential, but so is keeping unauthorized parties and their malware out of networks responsible for safeguarding personal data. Merchants are expected to keep abreast of ongoing and developing threats and employ network upgrades and software patches to address system vulnerabilities as needed.

Jason's Deli stated that the breach has now been contained and the malware disabled at all locations where it was discovered. Visit for further details. To help merchants with ongoing education on data security, acquaint them with the PCI Security Standards Council's website, .

NRF 2018 highlights retail transformation
Monday, January 15, 2018

T he National Retail Federation's 107th annual Convention and Expo opened Jan. 14, 2018, at Jacob Javits Convention Center in New York City. The NRF expects record attendance, with 35,000 registered attendees and 600 exhibitors from more than 3,500 companies and 90 countries. NRF executives held a pre-show press briefing in the Innovation Lab, a show within a show designed to highlight emerging technologies. In opening remarks, NRF President and Chief Executive Officer Matthew R. Shay said retail transformation is good for companies, employees and customers.

"Retail is not dead," Shay said. "It is being reshaped in response to shifting customer expectations and buying behaviors." The Innovation Lab, begun last fall with, has been expanded into a more dynamic experience, Shay noted. The Retail 2020 section features 25 technologies shaping the new retail landscape, and an emerging technology showcase with hands-on demos of futuristic applications.

"So much is changing in retail, in the way we shop, explore and transact," added Jack Forestell, Global Head of Merchant and Acquirer Sales and Solutions at Visa Inc. "What's making it come to life is innovation." Forestell encouraged members of the media to tour both areas of the Innovation Lab and attend technology presentations at the Innovation Lab's Feature Stage.

Transforming the shopping journey

The Innovation Lab's two unique exhibit areas and sound stage will provide insights into retail-shaping technologies throughout the conference, NRF representatives stated. The Retail 2020 area is an interactive showcase featuring 25 exhibitors that are transforming each stage of the shopping journey, using augmented reality, artificial intelligence, machine learning, facial recognition, big data and robotics. NRF identified 5 unique stages of the shopping journey as: awareness, consideration, engagement, service and post-purchase.

The emerging technology section of the Innovation Lab is a more futuristic experience, NRF representatives stated. These exhibitors are early-stage innovators and some may not be here in five years, but this is where innovation happens, they said. Emerging Tech exhibitor Sam Vasisht, Chief Marketing Officer at, expects to grow and scale his tech company, after two his previous start-ups were acquired by Cisco and TiVo.

"Magia's Cognitive Selling platform powers Virtual Sales Assistants to engage, persuade and build trust with shoppers, by providing a human-like experience," he noted. "The AI uses psychology-based selling skills to help customers easily and confidently reach buying decisions."

'Retail is retail'

Shay described ecommerce and brick-and-mortar as complementary parts of the same industry, adding, "retail is retail." Consumers are increasingly shopping across all channels and expecting the same experience online and in stores, he said. Retail has always been about connecting with customers across all devices and channels. Referencing NRF data, Shay said consumers who shop online and in stores tend to spend more, and retailers are leveraging this trend by using all available tools, technology and resources at the intersection of the online and in-store experience.

Retailers are resilient and creative and constantly looking for new ways to connect with their customers, Shay noted. Retail is a high-growth sector with a strong future ahead. Retailers employ more than 13 million Americans and support 42 million jobs. Many of these new jobs are in corporate headquarters and distribution centers, and may not be reported by the current Bureau of Labor Statistics, but NRF is actively working to correct the record, he said.

Note: The Green Sheet Inc. is closed for the Martin Luther King Day holiday, Mon. Jan. 15, 2018.

ETA selects 2018 Young Payments Professionals Scholars, readies podcast
Friday, January 12, 2018

T he Electronic Transactions Association, a global trade association representing more than 500 payments and technology companies, selected 10 participants for its 2018 ETA Young Payments Professionals Scholar Program.

The ETA devised the program, which is supported by ETA member Discover Financial Services, to help young professionals in the payments industry grow, connect with a class of scholars and meet respected leaders from influential companies. The program's goal is to encourage leadership within the organization itself, as well as the industry at large.

"We are proud to support the success of the payments technology industry's next generation of leaders," said ETA CEO Jason Oxman. "By recognizing and investing in these diverse and talented young professionals at ETA member companies, we believe the entire payments ecosystem stands to gain." The ETA stated the 2018 YPP scholars, who represent finance, payments, and technology enterprises from across ETA's membership, will be matched with industry mentors for the duration of the program. The 2018 scholars include:

As part of the program, YPP Scholars will receive complimentary registration, lodging and travel registration to TRANSACT, as well as complimentary registration to ETA's Strategic Leadership Forum, TRANSACT Tech Events and for the ETA CPP Certification exam, the ETA noted.

In addition, the ETA is launching a podcast Jan. 17, 2018. Twice a month, Oxman will be joined by the association's Vice President of Industry Affairs, Amy Zirkle, and Seneior Vice President of Government Affairs, Scott Talbott to discuss "the people, places and things that make our industry creative and cutting-edge," the ETA stated. For more information and to listen to Oxman introduce the podcast, visit .

Western Union forfeits $60 million to NYDFS
Wednesday, January 10, 2018

F ollowing an investigation by the New York Department of Financial Services set forth in Western Union Co.'s January 2017 deferred prosecution agreement (DPA) with the U.S. Department of Justice, its Western Union Financial Services Inc. subsidiary agreed to a consent order with NYDFS on Jan. 4, 2018. In the DPA, the company acknowledged deficiencies in its money services compliance programs from 2004 to 2012.

Under terms of the consent order, WUFSI agreed to pay $60 million to NYDFS to resolve violations of New York law arising out of facts set forth in the DPA. In its original agreement with the Justice Department, Western Union admitted to criminal violations including willfully failing to maintain an effective anti-money laundering program and aiding and abetting wire fraud.

The NYDFS consent order specifically acknowledged that since 2012, Western Union had undertaken agreed-upon remedial measures and implemented compliance enhancements. Western Union said it now spends $200 million per year on compliance measures, which has resulted in a 60 percent reduction in fraud over the past six years.

"We share the New York Department of Financial Services' goal of protecting consumers and the integrity of our global money transfer network," stated Western Union. "We have acknowledged that certain conduct in the 2004 to 2012 period fell short of that goal, but we have made substantial improvements since then as part of our commitment to continually enhance our compliance programs."

History of lax procedures

In January 2017, Western Union Co. agreed to forfeit $586 million to compensate individuals impacted and entered into agreements with the Federal Trade Commission, the Justice Department, and the U.S. Attorneys' Offices of the Middle District of Pennsylvania, the Central District of California, the Eastern District of Pennsylvania and the Southern District of Florida.

"Western Union's failure to comply with anti-money laundering laws provided fraudsters and other criminals with a means to transfer criminal proceeds and victimize innocent people," stated Acting U.S. Attorney Louis D. Lappen in January 2017. "Western Union has agreed to forfeit $586 million, the largest forfeiture ever imposed on a money services business, and has agreed to take specific steps to ensure that it complies with the law in the future."

The U.S. Postal Inspection Service conducted the criminal fraud investigation and the FTC the civil fraud investigation. "Since 2001 our office, in conjunction with the U.S. Postal Inspection Service, has charged and convicted 26 Western Union Agents in the United States and Canada who conspired with international fraudsters to defraud tens of thousands of U.S. residents via various forms of mass marketing schemes," said U.S. Attorney Bruce B. Brandler of the Middle District of Pennsylvania.

Referencing a direct link to New York, U.S. Attorney Eileen M. Decker of the Central District of California said a Western Union agent prosecuted by her office pleaded guilty to federal charges of structuring transactions – illegal conduct the company knew about for at least five years.

"Western Union documents indicate that its employees fought to keep this agent – as well as several other high-volume independent agents in New York City – working for Western Union because of the high volume of their activity," Decker said.

Consumers who may have lost money to scammers that accepted Western Union payments between Jan. 1, 2004, and Jan. 19, 2017, may be eligible for compensation. For information, visit . Claims must be submitted no later than Feb. 12, 2018.

DOJ guidelines threaten legal cannabis trade
Tuesday, January 9, 2018

A Jan. 4, 2018, memo by U.S. Attorney General Jeff Sessions gives law enforcement the right to prosecute marijuana-related activities, even in states that have legalized these practices. Sessions maintains marijuana cultivation, distribution, possession and use have always been illegal, despite the previous administration's policy against prioritizing prosecution of several types of cannabis-related activities in states that have legalized it.

"It is the mission of the Department of Justice to enforce the laws of the United States, and the previous issuance of guidance undermines the rule of law and the ability of our local, state, tribal, and federal law enforcement partners to carry out this mission," Sessions wrote. "Therefore, today's memo on federal marijuana enforcement simply directs all U.S. Attorneys to use previously established prosecutorial principals that provide them all the necessary tools to disrupt criminal organizations, tackle the growing drug crisis, and thwart violent crime across our country."

The D.O.J. said the new guidelines rescind those outlined in a 2013 Department of Justice memo to all United States Attorneys originally drafted by former U.S. Attorney General James M. Cole (known as the Cole Memo) and revert to the Controlled Substances Act of 1970. DOJ representatives called Sessions' guidance a "return to the rule of law," intended to "reduce violent crime, stem the drug crisis and dismantle criminal gangs."

Payments, legal analysts react

While the impact of Sessions' guidance is yet unknown, legal experts and payments analysts expect it to shine a light on the growing cannabis industry. "Legal pot sales: a multibillion-dollar industry in limbo," published by The Green Sheet Dec. 11., 2017, issue 17:12:01, reported the market for legal cannabis products is huge and growing. Author Patti Murphy wrote, "The website Marijuana Business Daily estimates total annual demand for recreational cannabis in the United States exceeds $45 billion."

Bill White, Interim CEO at Intellicheck Inc., cited fear of underage access as one of the biggest barriers to cannabis market acceptance. "Fueling these fears [is] the readily available and easily accessible supply of sophisticated fake IDs," he stated. "The solution rests with the adoption of robust technology solutions that provide accurate ID authentication."

Nathaniel Gurien, CEO of Fincann, a payment solutions and banking compliance firm, said the Cole Memo set priorities but did not restrain local authorities from prosecuting marijuana sales to minors or out-of-state shipments. However, the Rohrbacher-Blumenauer budget amendment specifically prohibits the DOJ from using federal funds to enforce federal marijuana laws against state-sanctioned medical marijuana facilities, he noted.

"This development will undoubtedly have an at least temporary chilling effect, particularly on new investment and banking," Gurien added. "However, it is also likely to drive marijuana-related businesses to higher levels of accountability and compliance, making their businesses less susceptible to targeted enforcement and overall more sustainable in the long run, and this would be a positive outcome."

Mitchell Kulick, founder of Feuerstein Kulick LLP, a cannabis law firm, said the Rohrabacher-Farr amendment prohibits the DOJ from using budgetary resources to interfere with or prosecute legal medical marijuana businesses. He expects additional clarity on the DOJ's position on cannabis after members of Congress vote on the following amendments to:

"The silver lining of AG Sessions' actions today is that Congress won't be able to continue to ignore these big issues and hide behind the status quo provided by the Cole memo," Kulick said. "AG Sessions has thrown down a gauntlet, and it is time for Congress to heed the will of the people that it serves and enact laws and pass amendments that protect and clarify the fastest growing industry in America."

A bump in the road

Some cannabis industry leaders believe the DOJ is out of touch with popular sentiment and expect its new guidance to help decriminalize marijuana. Leslie Bocskor, President of Electrum Partners LLC, called Sessions' guidance both a bump in the road and an opportunity. "When we look back on this day in years to come, one of the big factors will be separating the dedicated from the dilettantes of who is building this industry," he said. "Additionally, we expect the Attorney General to announce new guidance to replace the Cole memo in the near future."

"Rescinding a memo doesn't wipe out public opinion, nor does it reverse scientific advancements," stated Shanel Lindsay, founder and President of Ardent LLC. "We will not be deterred by the actions of well-connected, misinformed politicians. The majority of Americans on both sides of the aisle support legalization, and more research continues to show the effectiveness of cannabis as a viable medicine."

Mike Kramer, co-founder and CEO of 420 Blockchain, a blockchain solution provider in the cannabis industry, urged cannabis industry stakeholders to implement best practices to combat federal prohibition.

"If the cannabis industry wants to stay legitimate in the eyes of the state governments standing up for them, it's imperative that we combat this stigmatized federal prohibition with strong data, secure networks, and the confidence that our businesses are run with the due diligence we claim," Kramer stated. "In times like this, with uncertain terrain ahead, my biggest concern for our industry is keeping the companies within it, that make it thrive so well, secure, compliant and transparent so they can never have the rug swept out from beneath them."

View prior breaking news

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM