The Green Sheet Online Edition
July 10, 2017 • Issue 17:07:01
Editor's Note: Following are excerpts from news stories recently posted under Breaking Industry News on our home page. For the full stories, see Breaking Industry News on our home page, www.greensheet.com.
Visa, MC settle surcharging suit with Canadian merchants
Visa Canada and Mastercard issued brief statements on June 12 and 13, 2017, respectively, heralding the settlement of a lawsuit over surcharging rules brought against the card brands by Canadian merchants in 2011. The settlement is subject to court approval in the provinces in which the claims were brought ‒ British Columbia, Alberta, Saskatchewan, Ontario and Quebec.
Among the terms agreed upon, the card brands will pay financial settlements of CAD $19.5 million, pre-tax, apiece, and revise their no-surcharging rules in a manner similar to their modified U.S. surcharging rules. Neither company admitted to any wrongdoing; both emphasized that protections would be in place for consumers. Revised rules are expected to come into effect 18 months after court approval of the settlement.
Facing federal hostility, cannabis merchants eye bitcoin
Cannabis merchants and payment processors face hurdles on the road to legitimacy due to regulatory challenges and uncertainties posed by a new presidential administration. U.S. Attorney General Jeff Sessions voiced his opposition to the Rohrabacher-Farr amendment in a May 1, 2017, letter to Congress. Enacted in 2014 as part of a larger budgetary bill, the amendment protects state-sanctioned medical marijuana dispensaries from being prosecuted by the Department of Justice, a grave mistake according to Sessions.
Emily Gordon, In-House Counsel at Simplifya LLC, said Session's opinions are at odds with most Americans, 73 percent of whom oppose federal interference in state marijuana legislation, according to a recent poll.
Payment service providers are especially concerned by recent efforts to rein in the nascent industry. Some high-risk processors will refrain from onboarding cannabis accounts until certain federal guidelines and standard Federal Deposit Insurance Corp. protections are in place.
SinglePoint Inc. said its subsidiary SingleSeed plans to accept cryptocurrency at the POS. The company partnered with First Bitcoin Capital Corp., reflecting the cannabis community's growing interest in alternative currencies. Wil Ralston, Vice President, Sales and Marketing at SinglePoint, stated he expects bitcoin acceptance to solve banking and underwriting issues.
Trump Administration aims to overhaul Dodd-Frank, gut CFPB
The Consumer Financial Protection Bureau's detractors have much to be happy about now that the Trump Administration and Congress are pushing to curb the federal consumer watchdog agency's power to supervise providers of payment and other financial services.
The Treasury Department, on June 12, 2017, laid out a set of proposals in a report titled A Financial System that Creates Economic Opportunities: Banks and Credit Unions. This came just days after the House passed the Financial CHOICE Act, which would revamp the CFPB and undo many rules imposed under the 2010 Dodd-Frank Act.
The Treasury's new report is the first in a series intended to identify and propose changes to onerous federal regulations, treaties, regulatory guidance, supervisory standards and other government policies. Like the Financial CHOICE Act, the report takes aim, in particular, at changes ushered in by the Dodd-Frank Act, an omnibus financial reform package passed in response to the 2008 financial meltdown and ensuing major recession. In addition to revamping the CFPB, the report calls for better overall coordination among financial regulatory agencies, easing restrictions on bank trading operations, scaling back banks' annual stress tests, and simplifying regulation of small banks and credit unions.
Global cybersecurity trends a mixed bag
New data from Trustwave Holdings Inc. forensics investigations indicates that despite efforts to increase POS data security following the U.S. EMV (Europay, Mastercard and Visa) mandate in 2015, adoption has been slow, and payment card data remained a target in 63 percent of the data incidents perpetrated globally in 2016. As of November 2016, only 38 percent of U.S. transactions used EMV technologies, Trustwave noted.
According to the 92-page 2017 Trustwave Global Security Report, the North American region and the retail sector accounted for 49 percent and 22 percent of total breaches, respectively. Next in line regionally were Asia-Pacific (21 percent); Africa, Europe and Middle East (20 percent); and Latin America (10 percent). Just behind the retail sector, the food and beverage industry was targeted in nearly 20 percent of data breaches committed globally.
Trustwave determined that progress has been made in breach detection and containment; detection time dropped from 80.5 days to 49 days year-over-year. The time from detection to containment dropped from 13 days to 2.5 days. However, median time from cyber intrusion to containment remained stable at 62 days versus 63 days in 2015. Malicious advertising remained the top source of traffic to exploit kit landing pages, Trustwave found. An exploit kit is software designed to locate system vulnerabilities. Trustwave forensics discovered an alleged undisclosed Windows zero-day vulnerability and exploit code for sale in 2016 at an initial price of $95,000; a zero-day vulnerability is a hole in software code undetected by the vendor.
New malware targets IoT routers
Security analysts are warning early Internet of Things (IoT) adopters to enhance the security of Universal Plug and Play (UPnP) routers and hubs in their connected homes due to recently detected malware attacks. The malware, known as Pinkslipbot, is a variation of a known malware scheme designed to attack firewalls, lock out system users and disrupt enterprise directories, analysts stated.
Don Duncan, Sales Engineer - Eastern at NuData Security, said the malware is a derivative of QakBot, a form of malicious code that has been actively infecting networks for more than 10 years.
"Pinkslipbot is extremely persistent, and essentially, anyone with fast Internet and open ports on an Internet gateway device using UPnP is vulnerable to it," he said. "Pinkslipbot detects available ports, infects machines behind the firewall, and relays information to C&C [Command and Control] servers. In the short term, it's important that 'local port-forwarding rules' be monitored, and UPnP should be turned off if the user doesn't need it."
Duncan urged network operators to implement behavioral biometrics to create additional barriers around UPnP routers and hubs.
International cooperation leads to arrest of 73 cyber-criminals
Fraudsters are relentless and ever more sophisticated in their attacks on the world's financial networks. However, security experts are also relentless and ever more sophisticated in their work to protect our systems. And law enforcement agencies are coordinating efforts to capture the criminals bent on profiting through cyber-crime.
The Merchant Risk Council recently reported that 26 countries participated in eCommerce Action 2017 (eComm 2017). The Europol European Cybercrime Centre (EC3) coordinated this second annual coordinated action, which apprehended 73 fraudsters and members of Internet-based criminal networks for alleged online fraud activities. Suspects "were responsible for more than 20,000 fraudulent transactions with compromised credit cards, an estimated value exceeding EUR 5 million," the EC3 stated. "Hundreds of packages from online shops were intercepted and more than 100 locations were searched, using information that had been previously submitted by eMerchant, payment and logistic companies. The house searches led to the seizures of high-value goods, including electronic appliances, smartphones, tablets, watches and clothing. The joint analysis method revealed criminal hot spots and organised criminal groups that attempted to bypass the various security measures of merchants and financial institutions."
Flywire, PayPal cross new borders
On June 26, 2017, payment platform provider Flywire Corp. revealed it had added PayPal to its menu of payment options in Canada, the European Union, the United Kingdom and the United States. PayPal Inc. and Flywire representatives said the integration will combine PayPal's popular, secure technology with Flywire's expertise in tailored, international currencies and vertical industries.
Boston-based Flywire also has offices in the United Kingdom, China, Japan, Singapore, Australia and Spain. The company said it is committed to serving the needs of the global citizen, which includes addressing new types of transactions and payment corridors, while continuing to improve the speed, transparency, efficiency, choice and security of its payment services.
In an interview with The Green Sheet, Flywire Chief Executive Officer Mike Massaro said the partnership will additionally address a growing need for cross-border payment diversification. "PayPal is an industry leader in cross-border payments and e-wallet and is looking for different use cases," he said. "Cross-border remittances have evolved from workers in developed countries sending money home to less developed nations. … Our job is to enable institutions to easily accept payments and payers to easily transact."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.