The information you need to start your day, including top headlines from PaymentsSource and around the Web. In today's briefing:
There's never a good time for a security breach, but the news that up to 3.2 million debit cards in India have been exposed to ATM malware comes amidst the country's massive national financial inclusion initiative. The State Bank of India, HDFC Bank, ICICI Bank, Yes Bank and Axis bank have all issued warnings on the breach, and State Bank of India has blocked and recalled more than 600,000 cards. The other banks have told some customers to change PINs and avoid non-network ATMs. The incident, believed to be one of the largest data breaches in India's history, reveals how dangerous an ATM theft can be--the government-run RuPay card network estimates that only about 90 ATMs were compromised, but that's enough to impact 2.65 million Visa and Mastercard debit cards and about 600,000 RuPay cards. And Shiv Kumar Bhasin, SBI's chief technology officer, told local media that there's a high probability of data exposure when a consumer uses an infected ATM. The incident also comes at a delicate juncture, since India's financial inclusion initiative was showing progress--debit usage is up 70% over the past year.
Apple Pay's being introduced to countries around the world, but it soon may be available at the call center. Eckoh and WorldPay have conducted a phone voice pay transaction, a "proof of concept" the companies say can extend to customer service calls. When a consumer is on the phone with a customer service rep, a message goes to the customer's device linking to Apple Pay. The consumer is asked to confirm the payment on his or her smartphone, which sends an alert to the call center staffer. The transaction is secured by Apple's fingerprint authentication and tokenization, and is out of PCI scope because debit and credit card data is not shared with the call center.
An Ecuadorian bank's lawsuit against Wells Fargo over the recent Swift-related thefts can go forward, a U.S. court has decided. Banco del Austro sued after Wells Fargo approved about a dozen transfers totalling $12 million. Wells thought the requests were from Banco del Austro (hackers had stolen a Banco del Austro staffer's Swift log in), and mistakenly sent the money to accounts in Hong Kong, Reuters reports. The accounts were tied to companies existed for crooks to route stolen funds--many of the companies had no business activity. Judge Lewis Kaplan tossed breach of contract and negligence claims against Wells, but did not dismiss allegations of violations of regulations regarding commercially reasonable fund transfer security procedures. The Ecuadorian theft came to light after the $91 million Bangladesh Bank hack, which was linked to the Swift network. Swift is facing government pressure after the hack to improve security, and the incident has led to an industry-wide effort to consider new security technology such as blockchain.
Remember that big LinkedIn breach from 2012? The FBI and Czech officials have arrested a suspected Russian hacker in Prague in connection with the four year old incident. The New York Times reported the suspect was captured Oct. 5 at a raid at a hotel, about 12 hours after a receiving a tip he was in the country. Authorities are not naming the suspect, and also attributed the delay in public disclosure of the arrest to "tactical reasons." The LinkedIn hack was considered dangerous because people typically use the same password for networking sites as they do for professional sites and financial accounts. In an earlier interview, Trustwave told PaymentsSource that sites such as LinkedIn are often targeted as a gateway to install malware, which can later infect other computers and lead crooks to personal and financial data.
From the Web (powered by Wiser)
Keep Swiping: Credit Cards Still Growing in Popularity — Survey
The Wall Street Journal • Telis Demos
The plain old credit card may be winning the payments war, at least for now, a new survey finds.
How Mobile Millennials Buy: Banking 74%, App Purchases 53%, Music 51%, Retail 44%
MediaPost • Chuck Martin
Like most consumers, almost all millennials shop in person, but they also turn to their smartphones for all kinds of commerce. Millennials in the U.S. who shop in person do it because of a sense of immediacy and the ability to touch...
Orange Cash enable mobile payments for teenage demographic
Mobile Payments World • Alex Rolfe
Orange is broadening the range of functionalities available to the teenage demographic via Orange’s mobile wallet app ‘Orange Cash’ in France. The mobile payment solution has been extended to the new ‘Orange Cash Jeune’ offer, which is aimed at young users.
More from PaymentsSource
Merchant Cash Advance Market's Allure Hides Major RisksThe recession that began in 2008 left a mark on many industries, but one effect for payments was the growth of merchant cash advance (MCA), which became an ongoing source of alternative financing for retailers when the downturn caused banks to sharply curtail lending to small businesses.
Banks Aren't Ready for the Security Risks of Same-Day ACHThe fact that the number of cyber security incidents affecting companies is rising at an alarming rate year over year hardly raises eyebrows anymore. It’s a notion as commonplace as putting pumpkin spice in everything the minute fall arrives.
Amex Profit Beats Estimates as Lender Raises Full-Year ForecastAmerican Express Co., the largest U.S. credit-card issuer by purchases, posted third-quarter profit that beat analysts’ estimates and raised its full-year forecast for profitability.