Morning Brief 12.17.19: A new security threat for gas station checkout

Register now

The information you need to start your day, from PaymentsSource and around the web:

Gas leak

Payment criminals have found a vulnerability in gas station point-of-sale systems that can compromise card data, particularly for magnetic stripe payments that have not migrated to EMV.

Visa warns "sophisticated" groups are gaining access via emails and other methods, then placing scraping software to steal card information. EMV cards are not as vulnerable, according to Visa. Engadget reports the data is set in an unencrypted form that makes it relatively easier to intercept for mag stripe cards.

Gas stations in the U.S. are in the midst of an EMV migration, though there is still a critical mass of service stations that rely on magnetic stripe payments.

Holiday card

Mastercard's looking to pick up steam from last-minute holiday shoppers by introducing a fully digital gift card in Europe.

The card brand is collaborating with CleverCards and Appreciate Group, and enables consumers to instantly send the gift card by email, text or message app. The recipients can then add the digital Mastercard to their mobile wallet for immediate use. The network of merchants includes more than 60 retail brands such as Waterstones, Pizza Express, Debenhams and Argos.

Mastercard's move can also potentially take advantage of broader changes in the gift card market toward "self-gifting" and a general migration toward digital prepaid cards.

New leader

Payments Canada has appointed Tracey Black CEO, succeeding Gerry Gaetz, who was initially appointed to the role in 2013.
Black, who will formally become CEO on March 1, 2020, joined the organization in 2018 as leader of its payments modernization program. She was earlier president of GFH Group, which was part of the launch of EMV in Canada, and also worked for TD, RBC and McKinsey & Company.
Payments Canada is part of a long-term initiative to upgrade much of Canada's payment infrastructure, including faster payments, authentication and e-commerce transactions.

Car theft...and then some

Payroll information for about 29,000 Facebook staffers was compromised after a crook broke into a Facebook employee's car and took a hard drive.

Business Times reports the information included names, bank account numbers and Social Security numbers, adding Facebook confirmed the breach in an email to staff. In some cases, salaries, bonuses and equity compensation was leaked.

The data was tied to U.S. workers who were at Facebook in February 2018 and the stolen drives did not include user information.

Ransomware hits New Orleans

New Orleans suffered a barrage of phishing and ransomware attacks over the weekend, causing the city to shut down city computers and declare a state of emergency.

The city is continuing to investigate possible demands or fallout from the attacks, reports TechCrunch, adding there's very little sign of interaction between city employees and attackers. It's a sign that the city was prepared for such an attack, which could limit the damage.

Ransomware also hit Louisiana earlier this year with attacks on a handful of school districts.

From the web

PNC’s fight with Venmo highlights bigger issue over who owns your banking data
CNBC | Mon December 16, 2019
In the past few months, PNC customers have taken to Twitter to complain about issues connecting to the popular peer-to-peer payments app, owned by PayPal. Venmo shot back, suggesting users should tweet @PNCBank to “let me use the financial service apps I need!”

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
KREBS ON SECURITY | Mon December 16, 2019
As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.

Top 10 US Retail Banks Unknowingly Serve Crypto Startups, CipherTrace Claims
COINDESK | Mon December 16, 2019
CipherTrace's chief financial analyst published research showing that the top 10 retail banks by asset size in the U.S. worked with unregistered crypto money services businesses by transmitting funds on their payment networks. CipherTrace Labs also announced a tool to help banks identify those transactions and assess the risk profiles of Virtual Assets Service Providers (VASPs).

More from PaymentsSource

PayPal gives Citi a consumer twist for gig economy clients
Digital technology is increasingly connecting compensation and payment capabilities for contractors and creating an ability to share apps. It's a trend that’s brought Citi and PayPal together to offer flexibility and a network effect to counter fintechs.

Alibaba caps lucrative fall with Commercial Bank of China tech-sharing deal
Fresh off a public offering and shopping boost, Alibaba Group has entered into an agreement with Commercial Bank of China (ICBC) to build digital finance services in areas such as cross-border finance and electronic payment settlement.

Swift extends KYC registry to global corporations
Payments messaging standards provider Swift has opened its global Know Your Customer registry to all of the corporations it connects to following a successful test.

Valero turns to WEX's card rails to boost fuel sales
WEX will begin managing the fuel card portfolio of Valero Energy Corp. next year, covering 5,000 U.S. fuel stations, as an extension of the partners’ existing card acceptance agreement.

For reprint and licensing requests for this article, click here.