Welcome to the PaymentsSource Morning Briefing, delivered daily. The information you need to start your day, including top headlines from PaymentsSource and around the Web:

From Sonic to 'Firetigerrr': The fast food chain Sonic is investigating a breach of unknown size that may have resulted in the sale of millions of stolen card accounts to underground cybercrime stores, reports security writer Brian Krebs. Krebs attributes his reporting to "banking sources" who agreed to buy a handful of cards from a credit card theft bazaar called Joker's Stash, and found these cards had all been recently used at Sonic. The Oklahoma City-based fast food chain, which has 3,600 locations in 45 states, told Krebs it is working with law enforcement agencies to ascertain the scope of the breach. The stolen accounts are part of a group of stolen cards that Joker's Stash calls "Firetigerrr," and are indexed by city, state and zip code. This allows people to buy stolen cards that were used locally, circumventing "out of state" fraud blocking. Additionally, prices for Firetigerrr cards are higher than other stolen cards because the cards are more recently stolen and less likely to have been cancelled by banks.

Bloomberg News

Shameless miners: Showtime's website and its streaming site ShowtimeAnytime were slow this past weekend because someone placed JavaScript into the sites to mine a cryptocurrency, Engadget reports. The script siphoned off up to 60% of some users' processing time to mine Monero. Engadget reports it's unclear who inserted the script, speculating it may be hackers or even an insider at Showtime or parent company CBS. Coinhive, a company that provides web code that enables users to generate revenue without using ads, wrote the Monero mining scripts, but would not give out the information about the account owner, and may not know who owns the account, according to Engadget. Coinhive did tell the tech site it will make its script opt-in in an attempt to avoid another Showtime-style incident.

ABN Amro's 'stream store': ABN Amro is supporting Dutch cheese shop Kaan's Kaashandel, which has opened a stream store. A stream store is a combination of a brick and mortar store and a website. Online customers access an app for a real-time view of the store and its staff, then commence a purchase via live chat. The store's staff communicate through a video link, provide tips and recipes, and cut and wrap cheeses on screen. Tapping any cheese in the store results in a pop-up screen with a product description. The store is targeting tourists, hoping to provide an in-store experience to a remote audience. ABN Amro is providing the logistics for the store, according to the bank. The stream store is at least unusual — ABN Amro contends it's the first such store in the world — though there are many attempts underway to marry e-commerce and brick and mortar experiences. Amazon's Go concept store enables payments without a cashier, and a startup called Standard Cognition is embedding mobile technology inside the store to detect a customer's movements and execute payments.

Japan plans digital currency: Despite studies contending blockchain technology isn't ready to support nationwide digital currencies, Japan is marching ahead, the Financial Times reports. Japan Post Bank and Mizuho Financial Group are leading a group of banks to launch J Coin with a goal of having the currency available for the 2020 Tokyo Olympics. J Coin will be convertible to yen on a one-to-one basis, and will use smartphones and QR codes to execute payments in stores. The banks won't charge for the currency, but would be able to improve data collection on consumer spending, a move designed to create an alternative to payment cards. Bank of Tokyo Mitsubishi is working on its own digital currency that will be used for P-to-P transfers and e-commerce. The FT reports there are talks underway to integrate the Bank of Tokyo Mitsubishi's currency with the newly announced national virtual currency.

From the Web

China's Ant brings in CK Hutchison as Hong Kong payments partner
Reuters | Tue Sep 26, 2017 - Ant Financial, the payment affiliate of Alibaba Group Holding Ltd, said it will create a joint venture this year with CK Hutchison Holdings Ltd to operate its payment app in Hong Kong, ending Ant’s solo management of the service. The new venture will allow Ant Financial’s Alipay to offer services via companies under CK Hutchison, which operates ports, retail, infrastructure and telecommunications businesses across 50 countries. Ant Financial currently operates its payment app under the Alipay brand in Hong Kong, which offers transaction services at around 4,000 outlets in the city. The new joint venture will take over operation of the app, though it will still be branded Alipay, it said on Tuesday.

Medicare cards are dropping Social Security numbers
Fox | Tue Sep 26, 2017 - Connecticut Better Business Bureau said new Medicare cards to be issued in the spring will help protect an estimated 57 million seniors enrolled in the plan from identity theft. Existing Medicare cards contain recipient's’ Social Security Number, a central element of identity theft. As of March, 2018, the Centers for Medicare and Medicaid Services will begin issuing new Medicare cards for new and existing recipients. The SSN will be replaced with a Medicare Beneficiary Identifier, consisting of 11 uppercase letters and numerals.

U.S. asks China not to enforce cyber security law
Reuters | Tue Sep 26, 2017 - The United States has asked China not to implement its new cyber security law over concerns it could damage global trade in services, a U.S. document published by the World Trade Organization showed on Tuesday. China ushered in a tough new cyber security law in June, following years of fierce debate around the move that many foreign business groups fear will hit their ability to operate in the country. The law requires local and overseas firms to submit to security checks and store user data within the country. The United States, in a document submitted for debate at the WTO Services Council, said if China’s new rules enter into full force in their current form, as expected by the end of 2018, they could impact cross-border services supplied through a commercial presence abroad.

More from PaymentsSource

Single sign on is a monumental gift for fraudsters
Imagine your home. It contains your cherished possessions, loved ones, and invaluable information about you and your family. It’s likely to include financial information, pay stubs, where you work, credit card statements, and even your purchasing habits.

How a global gig economy adds complexity to payments tech
International sourcing is stressing businesses that are already too reliant on paper-based payment methods, argues Hyperwallet's Tomas Likar.

The last thing Equifax needs is leadership continuity
Inevitably, Equifax’s CEO Richard Smith has left his post, joining the firm’s CIO and CSO in the ranks of the unemployed. In his place, Paulino do Rego Barros Jr., a seven-year Equifax veteran, will take over as interim CEO. For the credit bureau's sake, let's hope it has a long-term plan that's better than promoting from within.

Equifax follows Wells' crisis management playbook — with a twist
WASHINGTON — In announcing Tuesday that Equifax CEO Richard Smith will take early retirement, the credit reporting bureau observed an increasingly well-worn ritual of scandal-ridden firms: apologize, promise to do better in the future, and sacrifice your top executive in the hopes it will ward off action by Congress and regulators.