The information you need to start your day, from PaymentsSource and around the Web:

Senators don't hail Uber: Uber faced bipartisan grilling after disclosing a data breach that exposed 57 million accounts and included an attempt by Uber to pay a $100,000 ransom to the hackers to hide the incident. The Hill reports Sen. Mark Warner (D-Va) has asked the company's leadership for "answers," saying, "while Uber reportedly learned of the breach in November 2016...Uber decided not to inform either passengers or drivers of the breach until last week...even more disturbingly, Uber is reported to have shared information concerning the breach with a potential investor weeks prior to alerting regulators or affected drivers and passengers, as required under numerous state data breach laws." Uber's security is especially important now that the company is asking riders to apply for a credit card within its app. A group of four Republican Senators, Sens. John Thune (R-S.D.), Orrin Hatch (R-Utah), Jerry Moran (R-Kan.) and Bill Cassidy (R-La.) signed a similar letter to Uber's management, stating, "Our goal is to understand what steps Uber has taken to investigate what occurred, restore and maintain the integrity of its systems,and identify and mitigate potential consumer harm and identity theft-related fraud against Federal programs."

Bloomberg News

Scraping's last gasp: While Europe's revised Payments Service Directive (PSD2) goes into effect in January, two measures will be delayed until Sept. 2019 to provide a longer transition. One deals with screen scraping, a practice that fintechs have favored but will be replaced by APIs as a way to meet the directive's data sharing requirement. There was considerable lobbying on both sides of the screen scraping issue before the final decision, necessitating the extra time for compliance. The second measure requires extra payment security. The provision of a password or details on a credit card will no longer be sufficient for a payment, and in most cases a single-use transaction code, such as a token, will be required along with two other factors. Some cases will also require biometric authentication. The stricter standards do have exemptions for payment companies that have developed advanced ways of assessing transaction risk; for contactless payments and small transactions such as transit fares and parking fees.

Europe's cash firewall: Cash's lingering strength in the face of new payment technology is a common story in Europe, but there are signs of a breaking point. The European Central Bank sounds some of the same drums in new research, noting 79% of point of sale transactions in the past year were carried out with cash, totalling 54% of the value of payments. Cards were used for 19% of transactions and made up 39% of payments. What's different with this research was it found more than half of people say they prefer to use a digital payment mode. The contradiction is due to the relative lack of contactless terminals in Europe and the fact that more than two thirds of payments are under EUR15, making cash the easier option, if not the desired choice. That means that once third party "Pay" apps such as Apple Pay and other contactless options mature, the percentage of cash payments should fall quickly, according to the central bank.

Hackers for hire: While it's not unheard of for malicious hackers to go legit after they're caught, apparently the reverse can happen too. Three suspects who were shareholders and employees of Guangzhou Bo Yu Information Technology Company have been indicted for allegedly using spear phishing techniques to target multinational corporations including Siemens AG, Moody’s Analytics, and the GPS technology company Trimble, Ars Technica reports. Though the indictment does not accuse the defendants of working on behalf of the Chinese government, the article notes similarities between the defendants' methods and those tied to China's Ministry of State Security.

From the Web

Worldpay sees financial year revenue growth at lower end of guidance
Reuters | Mon Nov 27, 2017 - Worldpay Group Plc, which has agreed to be taken over by U.S. rival Vantiv, said on Monday that it expected net revenue growth for 2017 to be at the lower end of its 9-11 percent guidance range. It blamed slowing British consumer demand and weaker U.S. economic conditions, factors it said it expected to continue into 2018. It reported a 8.4 percent rise in revenue to 1.27 billion pounds for the third quarter that ended Sept. 30. Credit card processing company Vantiv secured a deal to buy Britain’s largest payment processor for 8 billion pounds ($10.68 billion) in August in a deal set to create a $29 billion global payments powerhouse.

Square Carries Too Much Risk, Analyst Says
U.S. News & World Report | Mon Nov 27, 2017 - For Square Inc investors, 2017 has seemed like a dream. Unfortunately, BTIG analyst Mark Palmer says it's time for the market to wake up. Square stock, which is up an incredible 245 percent year-to-date, fell more than 3 percent Monday after BTIG downgraded the stock from "neutral" to "sell." Palmer says the stock has simply gotten too overheated at the moment and investors are not fully appreciating the risks the company faces. Square has consistently delivered revenue growth above 20 percent in 2017. The company has also beaten consensus estimates and raised guidance multiple times. However, at its current valuation, Palmer says impressive growth and an optimistic outlook are fully reflected in the stock.

Bitcoin mining consumes more energy than 159 countries
CBS | Mon Nov 27, 2017 - Bitcoin, the digital currency also known as cryptocurrency, has been on an upward trajectory lately. The value of bitcoin broke the $9,000 barrier over the weekend and sat at over $9,800 on Monday evening. But bitcoin is also making other headlines: The rise in its currency value has given way to a spike in electrical consumption that is used to "mine" more bitcoins, according to a new report. Consumption in the last month increased by nearly 30 percent. In other words, it takes a whopping 29.05TWh annually to operate the energy-hungry computers and networks that power bitcoin transactions. That's about 0.13 percent of total global electricity consumption, according to Digiconomist. That would rank bitcoin as 61st if it were its own country.

More from PaymentsSource

Five-year reissuance cycle? More like five cards in a year, due to fraud concerns
Nearly half of the cardholders in the U.S. have had at least one card reissued in the past year, with those experiencing fraud multiple times saying they have had nearly five cards reissued, according to recent Auriemma Consulting Group research.

Machine learning is the best tie to bind user experience and security
The right platform can detect unusual behaviors and block fraudulent transactions as they occur, while still allowing real customers to make legitimate transactions without interruptions, writes Dave Excell, CTO and co-founder of Featurespace.

Caixa and partners officially open payments research hub
Caixa Bank and its partners in Spain's first cross-industry collaboration to advance payments technology have officially launched their research lab in Barcelona.

Mass transit's cashless conundrum
Boston’s Massachusetts Bay Transportation Authority is the latest transit agency to attempt to eradicate cash and the bottlenecks that it causes from situations where customer throughput is paramount. But is this effort truly viable given the entrenched payment behaviors and requirements for serving everyone, even digital naysayers?

Daniel Wolfe

Daniel Wolfe

Daniel Wolfe is editor in chief at PaymentsSource and a contributing editor at American Banker.