BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
April 15, 2011

Welcome to Tech Talk!
In this edition, Tech Talk Editors George Milner and Teri Wesley write about ATM attacks, a bunch of breaches, friendly fraud, and more!

Our selections from this week's tech news:
  • Tap and go ATMs
  • ATM hacking
  • Breach 1: Big breach in Texas
  • Breach 2: Humble Hartford hack
  • Breach 3: Pilots' data pillaged
  • FBI's major botnet coup
  • Hacker's 15 minutes
  • Trojan thieves arrested
  • Open season for phishing
  • Mission: data security
  • One-fifth of fraud is friendly
  • Mobile advisor apps
  • Patches, updates and alerts
  • and on the lighter side...
  • Get the details below.

    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    April 15th is upon us. Even though the IRS has extended the filing deadline to Monday, we thought you might enjoy a little humor during these taxing times.
    Tap and go ATMs
    Leading European savings bank La Caixa is rolling out the world's first contactless ATMs. Developed by Japan's largest IT services firm Fujitsu, the new cash machines are already in use in three Spanish cities and La Caixa plans to install additional machines throughout Spain. Instead of inserting cards into a slot, customers simply tap or hold their contactless cards or mobile devices with NFC (Near Field Communications) capability next to a reader and enter their PINs to complete transactions, vastly increasing the speed of transactions. Banking Technology has the details. Will this new technology increase ATM security and reduce ATM skimming?

    ATM hacking
    Data servers and PCs aren't the only targets for hackers. Skimming thieves are hacking ATMs and replacing key machine components with compromised replicas that work together with a skimming device to capture and record users' card data and PINs. Krebs on Security reports with detailed photos of hacked ATMs and a link to a recent ATM hacking incident in Florida.

    Big breach in Texas
    Texas-sized is an expression used to describe the second largest state in the U.S. and the bigger-than-life attitude of Texans. Hailed as the South's "Silicon Valley," the Lone Star State inadvertently posted unencrypted personal data of 3.5 million Texas residents on a server - which was publicly accessible for more than a year in some cases. Get more details at Reuters. Data breaches involving the exposure of Social Security numbers along with other personal data can lead to identity theft as thieves use the information to open bank and credit card accounts.

    Humble Hartford hack
    In what is being described as a "very small incident" by a spokesperson for The Hartford insurance company, 300 employees, contractors and some customers have been notified of a data breach to The Hartford's servers. Hackers allegedly accessed and installed the W32-Qakbot Trojan on a number of the 200-year-old insurance giant's servers to collect personally identifiable information. Threatpost has the story. The security of an organization's data should be taken very seriously no matter how significant or insignificant a potential loss may be.

    Pilots' data pillaged
    In a modern day Hatfield and McCoy-style feud between former America West pilots and US Airways associates, sensitive financial data of 3,000 pilots has been caught up in the crossfire. A disgruntled former management-level US Airways pilot turned over an Excel database containing names, addresses, and other personal information of pilots to Leonidas, LLC - a group comprised of former America West pilots. Threatpost has more on the story.

    Major botnet coup by FBI
    In a joint effort with the Department of Justice, the FBI has disabled the Coreflood botnet network - an international cyber fraud operation allegedly responsible for infecting more than two million computers worldwide. Civil complaints issued against the defendants for bank and wire fraud and seizure of the group's servers have successfully interrupted the operation of the botnet servers, preventing Coreflood from sending stolen financial information to the cyber thieves. The government has taken further action to stop Coreflood software from responding to infected computers. Get more details at Networkworld .

    Hacker's 15 minutes of fame
    Everyone wants their fifteen minutes of fame. A French hacker known only as "Carl" used his fifteen minutes on a France 2 television program "Complément d'enquête" (Further investigation) to spill the beans about his hacking exploits and how he spends his profits from stolen card data. When authorities arrested "Carl" following his television debut, compromised credit card and bank account data was found on his personal computer. Help Net Security has the story.

    Trojan thieves arrested
    Three men in England have been arrested by UK authorities for their use of the SpyEye trojan to steal banking credentials. They were charged with conspiracy to defraud, unauthorized modifications to computers and concealing proceeds from the crime. The three arrests were part of an international investigation into a group suspected of using a uniquely modified variation of SpyEye to harvest bank details. Computerworld has the story.

    Open season for phishing
    Fishing season is in full swing for most parts of the country. But bait is being cast for more than just trout or salmon. In the wake of the recent Epsilon breach, merchants, banks and credit card companies are warning their customers to be on the lookout for spear phishing emails attempting to hook their bank account and credit card details in what Infosec Island reports to be the busiest spear phishing season to date.

    Mission: data security
    In the once-popular television series Mission: Impossible, each episode generally began with the leader of the mission getting orders from a recorded message followed by a warning that the tape would self-destruct in five seconds. This would ensure that the details of the mission would not fall into the wrong hands. Toshiba has announced its move toward greater data security with the release of its new Self-Encrypting Drives series. While the drives don't self destruct, if connected to an unknown host the drive can erase itself, restrict access or encrypt the data to prevent an unauthorized user from reading it. PC World has the details.

    One-fifth of fraud is "friendly"
    Online shopping provides consumers the convenience of not having to leave home to purchase products they want or need. It also increases the ease for consumers to defraud credit card companies. "Friendly fraud" cost retailers $139 billion last year and accounted for one-fifth of merchant-related fraud, according to LexisNexis Risk Solutions. This not-so-friendly fraud occurs when a consumer purchases an item online, receives it, but then files a claim with the credit card provider asserting that the order was not received and requesting a refund. Infosec Island reports.

    Mobile advisor apps
    Financial management advisors and their clients are taking advantage of mobile technology to interactively connect, explore portfolio options, and manage their assets. Advisor-specific apps for iPads and other tablets provide the convenience of wealth management and trading directly from the mobile device. The security in place to protect the sensitive data being accessed is the greatest concern. Get more details at Reuters.

    Updates, Patches and Alerts...
    Subscribe to Tech Talk and BOL Tech Advisories

      In the Banker Store
    CD ROM Training
    "Social Engineering"
    What the Red Flag Regulations Missed
    FACTA: Responding to Identity Theft (Video)
    Video Training
    Responding to Identity Theft
    CD ROM Training
    The Network Security Headache
    Is There an Easy Remedy?
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.