NYC Cabbies Who Resisted Credit Card Machines... Now Making More Money Because Of Them

from the resisting-technology dept

A rather common theme around here is how often various industries resist the use of new technologies, fearing that those technologies will somehow harm or even destroy the industry. And yet, before too long, the opposite turns out to be true. Remember how Jack Valenti declared the VCR to be the "Boston Strangler" to the movie industry? Just a few years later, revenue from VCR rentals and sales represented a massive part of the movie business's yearly income. It happens over and over again. The NY Times has a different kind of example of the same basic thing. Two years ago, Mayor Bloomberg in NY pushed for taxis to be required to take credit cards. The cabbies resisted, complaining that it would cause all sorts of problems. They even went on strike over the issue.

And yet, two years later, having easy to use credit card readers in the back of every cab means that more people are taking cabs, because it's easier, and they tend to tip more as well. Part of that is because the machines have "preset" tip suggestions that many riders use, which often result in higher tips than average. While the article still quotes a few angry cab drivers who insist that higher tips aren't true, the reporter was able to review the receipts from a few cabs and found that the average tip was 18%, with the preset tip suggestions being used more than half the time. While it's still early, it certainly seems like this was yet another overreaction to new technology that has actually ended up helping, rather than hurting.

24 Comments | Leave a Comment..

Looks Like The Guy Who Set The Record For Largest Credit Card Breach Was Breaking His Own Record

from the raising-the-bar dept

Back in January, we noted that it looked like there might be a new winner in the battle to see who was responsible for the largest ever credit card breach. Until that time, the honor had gone to a series of department stores owned by TJX (TJ Maxx, Marshalls, etc.). That involved info on 94 million credit card holders. Not bad. But the newer deal, involving Heartland Payment Systems appeared to effect well over 100 million. Now, you may have seen the news reports this week that have upped that total to 130 million, as part of the announcement of indictments against three individuals for illegally accessing the data. But, what's fascinating is that the one guy in custody, Albert Gonzalez, was already in custody for his role in the TJX hack (along with some other retailers). Oh, and there's also the tidbit about how he was a government informant, handing over info on (you guessed it) the underworld involved in stolen credit card numbers.

9 Comments | Leave a Comment..

The Fact That A Credit Card Is Patented Is A Selling Point?

from the what-has-the-world-come-to dept

In the (snail) mail this week I happened to get an ad for the Visa Black Card, which Visa is pitching as "exclusive," though I'm guessing that exclusivity is mostly based on finding enough suckers to pay a $500 annual fee for the card. Anyway, as I was tossing the application into the shredder, one thing caught my eye. The pamphlet cover lists out six marketing bullet points, with the fourth one being that the card is "patent pending." This struck me as odd on a couple of fronts:

1. Why is the fact that it's patent pending a marketing point? I could maybe sorta barely understand it if it was an issued patent. But a pending one? That means next to nothing other than that you spent some money to file a patent application. To me, that means you may have wasted a lot of money -- which could explain the $500 fee.
2. A patent on what? On the idea of a "black card" or some other swanky exclusive credit card? Or on the physical card itself?

So, I did a little Googling, and turned up the following: apparently the patent filing (at the time of this announcement, just a provisional patent filing) is is on the physical card itself because it includes "carbon and/or carbon based material." I guess if you're the sort of person interested in spending so much money on a credit card, perhaps you'll pay extra to have carbon in your credit card. Still doesn't make much sense here...

28 Comments | Leave a Comment..

Visa Tests New Anti-Fraud Card Device, But What About The Data Leaks?

from the finger-in-the-dike dept

Visa is testing a new type of credit card that's got additional security measures built in as a means of cutting down on "card not present" (CNP) fraud -- the fraudulent sales rung up using stolen credit-card numbers and the security codes that are normally printed on the cards. Visa's new cards have a small screen on the back that displays a six-digit code when the cardholder enters a PIN on the card's keypad, making it sound like Visa has basically built in a tiny version of something akin to the SecurID, a popular two-factor authentication device for corporate computer networks. The devices generate an additional one-time password using an algorithm synced with the system on the other end; the user enters this password when they attempt to log on, or in Visa's case, make a CNP transaction. If the passwords match, the transaction goes ahead. It sounds like a good way to cut down on CNP fraud, but is it just a way to try and gloss over the massive data leaks that see millions of credit-card numbers lost out into the world? It almost seems that if these new anti-fraud cards make it to market, the party line will be "the data leaks don't matter anymore" -- but criminals will still be able to obtain credit-card numbers and make fake cards with the stolen info (for card-present fraud). It might make criminals' lives a little more difficult, but it won't make credit-card fraud impossible. Raising the level of security on credit cards is, without question, a good thing. But unless it involves doing more to stop massive data leaks, it's not enough.

Carlo Longino is an expert at the Insight Community. To get insight and analysis from Carlo Longino and other experts on challenges your company faces, click here.

13 Comments | Leave a Comment..

Making Credit-Card Payments More Secure By Making Breaches More Expensive

from the aligning-incentives dept

It seems that hardly a month goes by without news of yet another credit-card data breach. Based on this, it seems fairly clear that the industry largely sees these breaches and the fallout from them as a cost of doing business, and one that's preferable to the cost of securing and monitoring their systems effectively. The industry has come up with a security compliance framework, but such rules have a history of being ignored. Even if they aren't ignored, though, they're so full of loopholes that they're fairly worthless. As the original poster, Andrew Conry-Murray, puts it, "It's not about security. It's about an industry covering its ass." Basically, the compliance system exists not to truly protect data, but rather to ward off government intervention.

Conry-Murray's contention is that the compliance system is far too easy to game, particularly because it only checks companies' systems once per year. His suggestion is to force all merchants and processors to comply, and check their systems regularly. Companies could opt out, but by doing so, they would be agreeing to significantly higher fees and penalties in the case of a breach. As he notes, these fees would have to be high enough to where they would make devoting more resources to security a more desirable option. This idea, and indeed any that dramatically increases the cost of breaches, is worth mulling over as a way to encourage companies to increase their security. As long as the fallout from data breaches isn't enough to make companies sit up and take notice -- and change their behavior -- there won't be any real change.

Carlo Longino is an expert at the Insight Community. To get insight and analysis from Carlo Longino and other experts on challenges your company faces, click here.

10 Comments | Leave a Comment..

SMS Alerts Over Credit Card Transactions? Patented! Visa Sued

from the innovation-at-risk dept

Let's say you were an engineer at a major credit card company like Visa, and put in charge of watching over new technologies, and thinking about ways that you could make the credit card process better and more secure for card holders. It probably wouldn't take you all that long to come up with a variety of useful measures for checking to make sure certain transactions were legit -- such as alerting cardholders to transactions via SMS. That's nothing particular special or unique, but it's a nice obvious addition, thanks to the fact that SMS text messaging has now become popular. So, you go ahead and implement it... and promptly get sued by some small company that claims a patent on the "invention" of alerting cardholders of transactions by SMS. I'm sure the angry patent system defenders will be quick to show up in the comments claiming that Visa "stole" this "invention," but I'm having a really difficult time understanding how you can support innovation and allow this sort of result to happen.

41 Comments | Leave a Comment..

Escaped The Largest Credit Card Data Breach Ever? Well, Here's Another One...

from the just-assume-someone-else-has-your-cc-info dept

Remember last month when a credit card payment processor was forced to admit a security breach that could impact 100 million people? Well, if you were lucky enough not to get caught up in that breach, there's apparently another one to worry about. Visa and Mastercard are issuing a new warning over a different payment processor whose system was apparently compromised as well. At this rate, it's getting silly to have static credit card numbers, since it seems like we're replacing our cards every few months anyway.

14 Comments | Leave a Comment..

May Have A New Winner In The Largest Security Breach Ever Department

from the and-it-will-get-larger,-I'm-sure dept

In the past, we've joked about how with pretty much every security breach, there's an initial estimate of the damage done, followed much later by a second report that admits the breach impacted many more people. It happened with the VA. It happened with Choicepoint. And, it happened with TJX, who raised the bar on being the worst security breach ever not once, but twice to impact nearly 94 million people. Who could top that?

Step up to bat, Heartland Payment Systems. Chris writes in to point out that Heartland appears to have picked a pretty good day to announce a security breach that may impact over 100 million people. Everyone's off paying attention to the inauguration, so they might miss the news as it comes out today -- but they're likely to hear about it soon enough. It appears that Heartland's own computers were infected with malware which passed on information about transactions to some scammers.

Heartland is now claiming that this really isn't that big a deal, because personal information wasn't included in the breach -- meaning the data was useful for creating new cards with bogus data, but not useful for "card not present" transactions such as internet transactions or creating fake cards of real people. Because of this, Heartland doesn't think that it should need to offer credit monitoring services to impacted users, which has become the somewhat standard penance for those caught leaking credit card info.

Of course, some are already questioning the timing of announcing the breach. Considering they figured out what happened a week ago, it does seem a bit of interesting timing to wait until the inauguration was underway to disclose this information.

Still, given the history of so many earlier breaches turning out to be much worse later on, what's the over-under on the next announcement about how much worse this breach actually was?

15 Comments | Leave a Comment..

Study Says Lots Of Kids Are Making Sneaky Purchases Online With Parents' Cookied Credit Card Info

from the cookies-are-for-kids dept

Plenty of online shopping sites let customers store their credit card info to make it easier to purchase stuff in the future. And, for most home users, that is a convenient feature -- as it seems unlikely that a third party would access your computer and use your credit cards to order stuff. Except, apparently, a lot of parents forget about their kids being able to do that. A study in the UK found that plenty of kids were buying stuff online without their parents' knowledge or approval, using the stored credit card info on certain web shopping sites. Of course, if parents checked over their credit card statements regularly (or received the packages when delivered), you would think they would notice such activity.

25 Comments | Leave a Comment..

Dear Verizon: I Haven't Been An MCI Customer In Four Years

from the customer-service dept

About five or six years ago, I had landline phone service from MCI. In the age before VoIP was common, MCI had a service called "The Neighborhood" which was like many VoIP services today, but without the VoIP part. Unlimited calls for a single flat rate and such advanced (at the time!) features as emailing you your voicemails. It wasn't a bad deal, and I used it for a year or two, until I was getting ready to move. VoIP services had become popular, so I transferred that phone line to a VoIP account and canceled the MCI service in 2004. And that was that. Or so I thought. In 2006, Verizon bought what was left of a scandal-ridden MCI, and as far as I knew, the MCI brand had pretty much gone away.

Yet, in the last couple of weeks, I've received a barrage of robocalls from MCI, letting me know that my credit card is expiring, and I need to log into mci.com to update the card. The call notes that my bill is automatically charged to this credit card and if I want to "continue enjoying this convenience" I need to update soon. The call is correct in that the credit card I used back when I had MCI expired this month, but is it that hard for Verizon (or whoever it is) to recognize that the very phone number they're calling me on hasn't been connected to MCI service in four years and that the company has not, in fact, billed me during that time? And, honestly, why did they hang onto my credit card info for so long? And, finally, why call me three times a day with no way for me to tell them to knock if off? I thought perhaps this was a new form of phishing, but the call directs you to log into mci.com itself, so it sounds like it's legit. Either way, it raises plenty of questions about MCI (and now Verizon's) data handling practices.

28 Comments | Leave a Comment..

Massive Stolen Credit Card Number Site Shut Down

from the good-work dept

It took quite some time for authorities around the world to recognize the extent to which organized crime was using the internet for various scams and frauds, but in the last year or so, it seems like many agencies around the world really are looking to go after the criminals. The latest example is that Darkmarket, an invitation-only secretive forum for buying and selling credit card numbers, has been shut down, and 60 people involved with the site have been simultaneously arrested. This is definitely a step up from what we were hearing just a couple of years ago, where the best authorities could do was arrest kids messing around with phishing scams, rather than actually going after the organized criminals who were the real issue. Cracking down on one site and arresting 60 individuals isn't going to stop these scammers, but it's at least good to see authorities trying to focus on the real problem cases, rather than just the small fry. Update: As was pointed out in the comments, it appears the original BBC article we relied on has the story a bit wrong. The site itself was actually an FBI-run honeypot. So, while the site was taken down, the story of how the whole process worked is quite different than what was implied in the first article.

16 Comments | Leave a Comment..

Don't Complain To WalMart About The Empty Laptop Box You Bought With Stolen Credit Cards

from the scammer-vs.-scammer dept

Well here's one for the dumb criminals series. Apparently, some guys with a bunch of forged credit cards and stolen credit card numbers went to Wal-Mart and bought a laptop. Except, somehow someone at Wal-Mart scammed them... and sold them an empty box. The guys got pissed off and went back to Wal-Mart to complain. Not surprisingly, the Wal-Mart employees thought the guys were trying to scam the Wal-Mart -- not with the fake credit cards -- but with the empty box. So they called the police, and hilarity ensued, as one guy tried to run away and dropped a bunch of the stolen credit cards. But, of course, the real kicker is that the guys weren't lying. Wal-Mart had accidentally sold them an empty box. Still, it makes you wonder what the hell the guys were thinking when they went back to complain about the empty box that had been sold to them using stolen credit cards.

30 Comments | Leave a Comment..

Forget Credit Cards, Scammers Now Want Your VoIP Accounts?

from the worth-more-money dept

Last month, we pointed out that the market for stolen credit card data was so saturated that prices were falling. Of course, that just inspired scammers to go looking for other types of data that was a bit harder to find: VoIP accounts. According to the BBC, scammers selling VoIP account info are now able to get higher prices than those selling credit card data. Of course, it's not at all clear how widespread this really is. The info seems to be coming from a company trying to sell a solution to deal with this -- which already makes it somewhat suspect. Also, you have to wonder how valuable VoIP account data really can be compared to credit card numbers which have much wider applicability. Either way, it will be interesting to see how the market deals with the "glut" of credit card data out there, and where else data scammers turn.

5 Comments | Leave a Comment..