A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

June 25, 2018 • Issue 18:06:02

New Briefs

Editor's Note: Following are excerpts from news stories recently posted under Breaking Industry News on our home page. For links to these and other full news stories, please visit www.greensheet.com/breakingnews.php?flag=previous_breaking_news.

Router reboots halt VPNFilter but won't ensure security

The FBI issued an alert on May 25, 2018, after discovering a global attack on small-office and home-office routers. Bad actors have used VPNFilter malware, which can detect and exploit data transitioning through infected devices, authorities stated. Forensic researchers noted the malware can block network traffic, and its use of encryption and spoofed networks as camouflage makes it difficult to find. The bureau estimates hundreds of thousands of networked devices may have already been compromised.

"The size and scope of the infrastructure impacted by VPNFilter malware is significant," FBI agents stated. "The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown."

The FBI asked small-business owners and civilians to disrupt the malware and help identify infected devices by rebooting their routers. They also recommended disabling remote management settings on connected devices and using advanced encryption methods, up-to-date firmware and strong passwords when remote access is enabled.

Russians behind Yahoo breach, Feds say

Karim Baratov, a 23-year-old Canadian hacker, was formally sentenced in Northern California, May 29, 2018, in connection with a massive Yahoo! data security breach first reported in September 2016.

Baratov, whose aliases include Kay, Karim Taloverov and Karim Akehmet Tokbergenov, will serve five years in prison and was ordered to pay restitution of $250,000 to millions of consumers whose identities and personal information were compromised, authorities stated. His sentencing concluded a multinational FBI investigation and led to the arrest of other offenders Baratov named as part of a plea deal.

Baratov testified he was hired by Dmitry Dokuchaev and Igor Sushchin, officers of the Russian Federal Security Service, who directed him and others to hack webmail accounts at Yahoo and other hosting services. The spear-phishing campaign was active between January 2014 and December 2016, according to court records. The campaign used data stolen in the Yahoo breach to gain access to private emails.

Visa, Mastercard settle with New Mexico

The state of New Mexico reached a $3.4 million settlement with Visa and Mastercard. The settlement stems from a 2014 lawsuit that called into question credit and debit card interchange fees assessed New Mexico merchants and state agencies, alleging they were excessive in violation of state law.

Visa and Mastercard agreed to settle "without any admission of liability or wrongdoing whatsoever," according to the settlement document. Under terms of the agreement, Visa paid about $2.27 million into a settlement fund and Mastercard paid about $1.13 million. The two companies also agreed to join and pick up the cost of a consumer financial education campaign to be launched by the state attorney general's office.

"We negotiated an agreement that will compensate the harm to New Mexico's economy, enforce our strong consumer protection statutes and deter companies that seek to exploit our citizens and violate our consumer protection laws," state Attorney General Hector Balderas said regarding the settlement in April. Balderas, in his complaint, alleged that interchange affects not only merchants in New Mexico, but consumers in the state as well, because merchants pass along a portion of card costs to consumers in the form of higher prices.

Despite being identified as injured parties, neither merchants nor consumers in New Mexico will see any of the settlement money. "It is the State's position that the settlement amount and related injunctive relief are intended to remediate the harms to the State and its communities resulting from the alleged unlawful conduct of the Defendants, and that the settlement amount shall be expended, in the sole discretion of the Attorney General, to enhance the Office of the Attorney General's law enforcement efforts to prevent and prosecute financial fraud or unfair or deceptive acts or practices, including anti-competitive behavior, and to investigate, enforce and prosecute other illegal conduct related to financial services or consumer protection and antitrust laws," the settlement document stated.

Big goals for Ripple's blockchain-to-blackboard initiative

The University Blockchain Research Initiative, underwritten by Ripple and launched June 4, 2018, will support academic research and development of blockchain and cryptocurrency schemes. Ripple, a global financial and blockchain settlement network headquartered in Amsterdam, with offices in San Francisco, New York, London, Sydney, India, Singapore and Luxembourg, stated it will donate $50 million to participating universities.

Eric van Miltenburg, Senior Vice President of Business Operations at Ripple, said Ripple looks forward to facilitating faculty and student-led projects that explore digital payments use cases. "Academia has traditionally been a critical driver of technical innovation," he said. "The University Blockchain Research Initiative is an acknowledgment of the vital importance of the unique role universities will play in advancing our understanding and application of cryptography and blockchain technology. It also speaks to the reality that university graduates will fuel a continually evolving and maturing financial marketplace and workforce."

As emerging currency schemes gain worldwide popularity, their benefits to civilians and business owners have yet to be fully clarified, van Miltenburg noted. He acknowledged Ripple will support university projects that focus on useful applications without dictating research parameters.

Paysafe's well-timed open banking card

Paysafe Group, a global provider of end-to-end solutions with U.S. headquarters in Houston, disclosed June 7, 2018, that its prepaid product, paysafecard, will be accepted in the Google Play Store. Paysafe plans to roll out the card in Europe following a pilot test in Poland, which is home to more than 1 million paysafecard cardholders, company representatives stated.

By removing the need for online shoppers to share banking or credit card credentials, Paysafe expects paysafecard to appeal to underbanked, video gaming and privacy-conscious consumers while also complying with European Union privacy regulations. Udo Müller, CEO at paysafecard, said these expectations are consistent with company research on consumer trends.

"The risk of fraud and sharing personal data online still concern many consumers," he said. "Lost in Transaction: Payment Trends 2018, our proprietary research launched earlier this week, shows that half of respondents worry about fraudulent purchases and 48 percent worry about the safety of their personal data. This is why offering paysafecard as a way to pay in the Google Play Store has come at the right time to enable consumers and both companies to benefit."

U.S. company makes open banking history

On June 1, Token.io Ltd. became the first licensed Payment Initiation Service Provider to conduct an end-to-end payment through a public bank application programming interface (API). The San Francisco-based open-banking platform provider received confirmation by the UK Open Banking Implementation Entity that it was indeed first to execute this type of transaction.

The initial API payment was executed via Token's network using Santander's API payment initiative endpoints, the company noted. "Billions of payments will follow," said Marten Nelson, co-founder and chief marketing officer at Token. "Ours was the first."

Less than a month earlier, Token, which also operates offices in London and Berlin, was granted authority by the Financial Conduct Authority to deliver payment initiation and account information services under terms of the European Commission's Payment Services Directive 2 designed to increase pan-European competition and participation from non-banks and guarantee faster payments.

According to Token, with the infrastructure operational, banks, merchants and other providers of payment and data services can now leverage open banking to reduce costs, generate new revenues, increase security and deliver a simpler, more convenient digital payment experience for the end user.

Encryption debated in Washington

Security experts are debating the Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act, proposed legislation to create a uniform national encryption policy. Introduced June 7, 2018, by Reps. Ted Lieu, D-Calif., Mike Bishop, R-Mich., Suzan DelBene, D-Wash., and Jim Jordan, R-Ohio, the bill would enable federal agents to access "back doors" into encrypted data. It would also prevent individual states from enacting separate data access policies. ENCRYPT Act supporters call it a necessary protection against counterterrorism; opponents argue it gives too much power to federal law enforcement.

Rep. Lieu believes the bill has received bipartisan support because it addresses conflicting encryption standards for interstate commerce, economic security and cybersecurity. "I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement," he stated. "Encryption exists to protect us from bad actors and can't be weakened without also putting every American in harm's way."

Morgan Reed, President of The App Association, added, "On behalf of app developers and tech innovators across the country and around the world, we can attest to the value of encryption technologies to protect data and prevent crimes. The ENCRYPT Act is a necessary step to ensure Americans can use encrypted technologies to protect themselves and their data, regardless of where they live."

Reed further noted that encryption protects data from criminal access, but the current patchwork of conflicting state policies creates known vulnerabilities that criminals can exploit. "This legislation establishes national guidelines for the interstate use of encrypted technology and protects the data that drives our local economies and the app economy at large," he said.

Apple Pay, Google Paylose ground at stores

According to an annual survey of merchants, two major mobile wallet providers lost traction over the past year. Merchants accepting Apple Pay slipped from 48 percent to 35 percent in 2018, while Google Pay dropped from 38 percent 25 percent year-over-year. Support for PayPal, however, surged from 48 percent to 64 percent. Looking at the overall picture, mobile wallet support grew from 22 percent to 29 percent.

Pain points cited by merchants in the 2018 Mobile Payments & Fraud Survey, conducted by Kount Inc. and The Fraud Practice, included maintaining ease of use for consumers for 60 percent of those surveyed. The ability to detect fraudulent order attempts was a challenge for 52 percent. Even with these challenges, nearly one-third of merchants were optimistic that the mobile channel will represent at least half their total revenue by 2020.

Support across the board was up for near field communication at the POS, which grew from 29 percent to 37 percent year-over-year. Twenty-six percent of merchants surveyed indicated they plan to increase or add support for social commerce through social media channels. end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
A Thing