GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Oct. 1, 2011: D-Day for debit cards?


Industry Update

New Visa, MasterCard rates take effect

Heartland offers Durbin impact insights

Operation Swiper succeeds, cyber theft continues

World payments growing in recession

Trade Association News


An interview with Douglas Bergeron

Ken Musante
Eureka Payments LLC

Underbanked in America

Patti Murphy
ProScribes Inc.

Research Rundown

Helping to expand services while minimizing costs

Square versus the payments world

Tim McWeeney

Payroll and gen Y

Excelling at social media marketing

Selling Prepaid

Prepaid in brief

First Data powers prepaid for Google Wallet

Prepaid spot-on for incentives


Merchants lack focus, fraud eats profits

Patti Murphy
ProScribes Inc.


Street SmartsSM:
Vertical market tradeshows hold many helpful surprises

Bill Pirtle
MPCT Publishing Co.

Fraud's twists and turns in 2011

Nicholas Cucci
Network Merchants Inc.

Customer longevity in the new commerce chain

Dale S. Laszig
Castles Technology Co. Ltd.

Steps toward efficient IRS 1099-K reporting

Troy Thibodeau
Convey Compliance Systems Inc.

Company Profile

Lead Source Call Center

New Products

A complete online payment center

Transaction Express
TransFirst LLC

Cloud-based POS comes in three flavors

Moneris Solutions Inc.


It really is about you



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

October 24, 2011  •  Issue 11:10:02

previous next

Fraud's twists and turns in 2011

By Nicholas Cucci

2011 may go down as a pivotal year in the fight against fraud. The year has seen one of the biggest breaches in history, the development of organized fraud rings with members who exhibit rather unpredictable motivations, federal efforts to tighten up breach notification laws and a new type of Ponzi scheme involving online poker.

In April, the now infamous Sony Corp. network breaches were disclosed. The information of over 100 million gamers was reportedly compromised. One of several breaches forced Sony's popular PlayStation online game network to go dark for 23 days. The total amount of damages to Sony exceeds $170 million thus far.

On the upside, in just a few months after the hack, multiple suspects were arrested. The most recent arrest was of Cody Andrew Kretsinger, a 23 year-old network security student at the University of Advancing Technology in Tempe, Ariz. He is believed to be a member of computer hacker group Lulz Security, commonly called LulzSec. He is also said to be a former associate at another notorious hacking group, Anonymous.

According to the indictment, Kretsinger was involved in executing, and later, promoting the high-profile and costly attacks on Sony's networks. Oddly enough, he was named Student of the Month at UAT in July 2011.

In an interview originally published in the UAT Student of the Month newsletter, Kretsinger talked about his plans for the future.

After graduation Kretsinger hopes to work as a network security professional for the U.S. Department of Defense. "From what I hear, they're pretty good at what I want to do," Kretsinger said in the newsletter. More specifically, the enterprising hacker thinks it would be "fun" to build networks from the ground up and then secure them.

Perhaps Kretsinger represents the changing face of fraud. One day he's arrested for taking part in one of the most costly hacks in history. The next day he's a celebrity aiming for a cushy job in the public sector.

Tightening breach notifications

LulzSec claimed to have breached other networks, namely those of the CIA and the U.S. Senate. Such activity spurred Capitol Hill to prioritize data security on the legislative agenda; numerous bills focused on data security are now working their way through Congress.

In July, the House Subcommittee on Commerce, Manufacturing and Trade approved by voice vote a version of a data breach notification bill designed to enhance protection of consumers' personal information by establishing uniform national standards.

Then, in September, the Senate Judiciary Committee OK'd the Personal Data Privacy and Security Act, the Data Breach Notification Act and the Personal Data Protection and Breach Accountability Act. Of that last bill, key provisions would require businesses to:

Additionally, the bill would require breached organizations to post media notices and alert credit reporting agencies if individual hacks involve the information of 5,000 or more individuals. Exceptions to these provisions are provided in cases where notification could threaten criminal investigations.

The proposed federal law would also preempt state laws on breach notification, with the exception of state laws that provide consumers with information about victim protection assistance that may be available to consumers in a particular state.

Because the breach notification requirements in the bill do not apply to state and local governments, this provision would not preempt state or local laws regarding obligations by businesses in those jurisdictions to provide notice of data breaches to affected consumers.

There are 18 members on the Senate committee - 10 Democrats and 8 Republicans. Despite political differences, the committee's main goal is to strengthen privacy protection and nationalize breach notification practices. It seems each committee member understands the magnitude of the problem that confronts the nation.

A revealing hand of poker

When someone mentions online gambling, the first thing that comes to mind is poker and what happened to the popular online pastime this year. In September, Chicago's Daily Herald reported in "U.S.: Online gaming site is Ponzi, not poker" about the woes of online gambling site Full Tilt Poker, and how most online poker companies have been shut down.

According to the report, Full Tilt Poker and its operators built a global Ponzi scheme that cost its online poker players at least $390 million. Full Tilt Poker, PokerStars and Absolute Poker were shuttered in April, and a grand jury indicted Full Tilt Poker founder and Chief Executive Officer Raymond Bitar and 10 other executives on charges of bank fraud, money laundering and gambling law violations.

PokerStars returned proceeds to U.S. players in the wake of federal actions. Absolute Poker agreed to refund what it owed. But Full Tilt Poker, with only $60 million in its coffers, didn't have enough funds to pay back players, the report said.

In an interesting turn of events, Full Tilt Poker was reportedly scammed by a U.S. payment processing network that stole $42 million from the poker site, preventing it from pulling money from customers' bank accounts to fund online gambling credits.

Instead of disclosing the problem, Full Tilt maintained a false image of financial stability by crediting players' accounts with $130 million in "phantom funds," according to prosecutors quoted in the Daily Herald article. When players gambled with these funds and lost to other players, a "massive shortfall" developed, the prosecutors said.

And so it goes.

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at .

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios