A Federal Trade Commission complaint filed June 26, 2012, in the U.S. District Court for the District of Arizona, alleges the Wyndham Worldwide Corp. hotel chain and three of its subsidiaries repeatedly failed to properly secure electronic customer data, and the lapses led to three data breaches at Wyndham hotels in less than two years.
The complaint alleges Wyndham Worldwide's poor security continued even after a breach was discovered in 2008, thus allowing two subsequent breaches in 2009. The FTC said Wyndham hotels also allowed improperly configured software onto its system that caused sensitive payment card information to be stored in clear text.
Additionally, the FTC said the breaches resulted in "fraudulent charges on consumers' accounts, millions of dollars in fraud loss and the export of thousands of consumers' payment card account information" to Russian cyber criminals. The commission asked the court to order Wyndham to make restitution and offer refunds for losses.
Michael Valentino, spokesman for Wyndham Worldwide, said after the breach was discovered the hotel chain promptly notified customers and offered credit monitoring services. To date, the company has not received any notice of a customer suffering financial loss as a result of the intrusions, he stated.
On June 26, 2012, the United States Attorney for the Southern District of New York and the New York Field Office of the FBI concluded Operation Card Shop, reportedly the largest coordinated international law enforcement action in history. The operation targeted cyber criminals who exploit stolen credit card, bank account and other personal information.
The investigation, which spanned two years and encompassed 13 countries, garnered 24 arrests, 11 of them in the United States. Four additional defendants remain at large. During the investigation, overseas authorities in seven countries conducted 30 interrogations and carried out more than 30 search warrants.
Manhattan U.S. Attorney Preet Bharara called the array of cyber schemes and scams the investigation uncovered "breathtaking." He said, "Individuals sold credit cards by the thousands and took the private information of untold numbers of people.
"The defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software-enabling cyber voyeurs to hijack an unsuspecting consumer's personal computer camera."
Janice Fedarcyk, FBI Assistant Director in Charge, New York Field Office, said, "From New York to Norway and Japan to Australia, Operation Card Shop targeted sophisticated, highly organized cyber criminals involved in buying and selling stolen identities, exploited credit cards, counterfeit documents and sophisticated hacking tools."
A new study by the Competitive Enterprise Institute for the Georgia Public Policy Foundation said federal regulations capping debit card fees harm Georgia financial institutions and could hurt the state's economic recovery. The study sparked calls for repeal of the Durbin Amendment to the Dodd-Frank Act of 2010.
Economist John Berlau, the study's author and a Senior Fellow for Finance and Access to Capital at the Competitive Enterprise Institute, said losses sustained by banks as a result of the reduction in debit card fees are impairing the banks' ability to recover and help the state's economy.
As a result of the debit interchange regulations, "it will be much harder for local entrepreneurs to find the funding they need to grow their business," he said.
Kelly McCutchen, President and Chief Executive Officer of the Georgia Public Policy Foundation, stated, "The Durbin Amendment has already hurt small and large banks, and it isn't helping consumers. It should be repealed before it does any more harm to the businesses that rely on them for loans and lines of credit to make payroll, open new locations and hire more employees."
American Express Co. recently launched PAYVE, a digital payment service designed to help large and midsize businesses centralize the processing of multiple payment methods through one electronic platform. Payment methods include check, automated clearing house (ACH), international wire transfers and AmEx's web-based payment solution, Buyer Initiated Payments.
AmEx noted that more than half of U.S. business-to-business (B2B) payments are still made by paper check. On average, paper check payments cost companies 40 to 50 percent more to process than card or electronic payments, the company said.
Nancy Drexler, a frequent contributor to The Green Sheet, opened a marketing agency for businesses in the payments industry. Her agency, Acquired Marketing, offers creative and strategic services, such as advertising, product launches and vertical marketing strategies. The company will limit itself to representing two companies per market niche to devote itself more fully to clients.
ISO Chosen Payments held a grand opening and ribbon-cutting ceremony for its new headquarters in its hometown of Moorpark, Calif. The Moorpark Chamber of Commerce sponsored the event and First Data Corp. representatives attended. First Data is Chosen Payment's primary processing partner.
First Data released the First Data PCI Rapid Comply Solution, an online self-assessment questionnaire (SAQ) and vulnerability scanning tool to help small to midsize merchants achieve and maintain Payment Card Industry (PCI) Data Security Standard (DSS) compliance.
ISO and POS systems provider Harbortouch deployed a free online reservations module for its hospitality systems program. The new Harbortouch Reservations module allows restaurant customers to make reservations online and restaurants to manage reservations through their POS systems. It also will alert customers when their tables are ready.
For the third consecutive year, cloud-based network management and security company Mako Networks Ltd. received PCI DSS certification, the company reported. Compliance requires Mako to undergo an independent audit to ensure its business, processes and documentation meet the more than 200 requirements of the PCI DSS.
Merchant service provider Merchant Warehouse is offering a new lifetime residual revenue program for its agents. The program, called the Insight Partnership Program, bases revenue splits with its agents on gross profits after processing related expenses.
Payment gateway operator Shift4 Corp. launched a point-to-point encryption solution that reportedly will securely process credit, debit and third-party gift cards, and handle split-processing. Shift4 said the solution is unique because an entirely neutral entity holds the encryption keys, and it protects merchants from the "rate creep" associated with proprietary technologies offered by others.
In other news, Shift4 released a card data security technology solution designed to address the unique complexities of the hospitality industry.
Payment software manufacturer ACI Worldwide Inc. expanded its partnership with smart card and token management software solutions provider Bell ID to deliver issuance and management of mobile near field communication (NFC) payment tokens. The tokens will be paired with devices equipped with contactless technology and that use ACI Token Manager for Mobile.
ACI is also partnering with Spectrum Message Services Pty Ltd. to deliver mobile alerts designed to identify and stop fraud. ACI said customers using its mobile alerting will be able to identify suspicious transactions in near real-time and send short message service text messages to alert cardholders, thereby rooting out fraud quickly.
In addition, ACI agreed to work with Credit Agricole Cards and Payments, the processor for the payment business of European bank Credit Agricole S.A., to upgrade Credit Agricole Cards and Payments' infrastructure. The companies promise to deliver world-class scalability, reliability and agility to the bank's ATM network.
Citigroup Inc. (Citi) and the U.S. Agency for International Development teamed to broaden financial inclusion worldwide by promoting mobile money technology in developing countries. Citi will integrate its banking services with mobile money platforms to integrate banks with mobile money services in developing countries.
POS device distributor BlueStar extended its partnership with Psion PLC to distribute the POS hardware manufacturer's solutions in Mexico. The agreement enables BlueStar to expand its distribution of Psion's hand-held devices, vehicle mounted computers and connectivity solutions to the Mexico market. Psion's devices are known for their ruggedness and application in industrial markets globally.
Merchant acquirer Elavon Inc. chose end-to-end data security solution provider Protegrity USA Inc. for next generation tokenization technology. Protegrity's patent-pending Vaultless Tokenization product is now part of Elavon's SAFE-T Suite solution. "Together, we can help businesses ease the burden of PCI compliance audits and reduce the total cost of card acceptance - two challenges that are impacting retailers on a global basis," said Suni Munshani, Chief Executive Officer at Protegrity.
First Data won a competitive bidding process to use the i-design Group PLC marketing software solution, joono, on ATMs. The software enables banks to deliver targeted marketing, multimedia capability and, potentially, third-party advertising campaigns using i-design's media sales and campaign operations services.
First Data also signed a long-term strategic merchant services partnership with Chemical Financial Corp. The acquirer will deliver processing services to the bank's commercial customers throughout Michigan. And the Vancouver Board of Trade inked a merchant processing services agreement with First Data whereby the board will receive exclusive rates on electronic payment processing services.
Payment terminal manufacturer Ingenico S.A. signed a multiyear distribution agreement with The Phoenix Group that will allow TPG to market and sell Ingenico's Telium series of POS devices to ISOs in the United States.
ISO Meritus Payment Solutions joined with Junction Solutions Inc., a provider of software solutions and services for the multichannel retail, distribution and food and beverage industries. Junction Solutions' e-commerce offerings will now include Meritus' products and services.
ISO and electronic payment processor Payment Alliance International is now in a strategic partnership with Panoptic Security Inc. to provide PAI customers with an online PCI DSS compliance portal. Panoptic's compliance and indemnification program, ExpertPCI, allows merchants to complete SAQs and network Internet Protocol scans online.
Merchant services provider US Bankcard Services Inc. added the mobile software solutions of Charge Anywhere LLC to its offerings. The Charge Anywhere Mobile Payment App Solution, which is Payment Application DSS certified, comes with a Bluetooth card reader and receipt printer. It is reportedly compatible with the leading operating systems for mobile devices.
Mobile solutions provider Monitise PLC closed its deal to acquire mobile banking and payment specialist Clairmail Inc. Monitise said the combined businesses will manage more than 1 billion transactions a year and payments and transfers worth $15 billion annually. Terms of the deal were not released.
Paris-based smart card security, solutions and services provider Oberthur Technologies acquired Boston-based mobile payment company MoreMagic Solutions Inc. The acquisition allows Oberthur to provide mobile telecommunication firms, financial institutions and other non-telecom service providers with person-to-person money transfer, mobile banking, proximity and remote payment capabilities.
EastPay Inc. hired Debra Arai as its Director of Risk Management Services. She is responsible for ACH compliance audits, ACH risk assessments and remote deposit capture risk reviews. She is also Product Manager for the ProceduresNow! software suite and provides ACH rules interpretation support to members of NACHA - The Electronic Payments Association's Regional Payments Associations.
Heartland Payment Systems Inc. added three executive positions to help develop its portfolio and services in key industries. Robert H.B. Baldwin Jr. was promoted from President to Vice Chairman. He will work closely with Chairman and CEO Robert O. Carr to build industry and investor relations and develop the company's information security and customer service operations.
Heartland Chief of Corporate Development, Michael Lawler, was promoted to President - Strategic Markets Group. Lawler is responsible for growing key markets in retail, services, education, health care, government, utility and micropayments. Lawler was a Senior Vice President at Tier Technologies Inc. before joining Heartland in 2009.
David Gilbert is the new President of Heartland's Hospitality Group. Gilbert is responsible for growing the company's restaurant and lodging business. He comes to Heartland from his position as Chief Operating Officer of the National Restaurant Association.
Terry Balthaser is the new Vice President of Sales and Marketing at JR's POS Depot. He is responsible for increasing sales and developing new partnerships. Balthaser previously worked for National Distribution & Contracting Inc. and VeriFone Inc.
Doug Byerley is the new Chief Operations Officer of third-party payment service provider Meracord LLC. Byerley is responsible for strategic operations and for developing new growth and service business. He headed product management at Total System Services Inc. before coming to Meracord.
Christine Lee was named President, North American Strategic Partnerships and Emerging Markets for merchant services provider Moneris Solutions. She is responsible for business growth, marketing strategies and initiatives, and for launching new products. Lee previously worked for MasterCard Worldwide.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next