Target's Data Breach Began With A Company That Does Heating And A/C Work On Its Stores
Welcome to our new Payments Insider newsletter, a morning email with the top news and analysis on the digital payments industry, produced by BI Intelligence.
Click here to sign up for Payments Insider today, and receive it every morning in your inbox.
THE TARGET DATA BREACH WAS THE HEATING GUY'S FAULT: Network security expert Brian Krebs has an excellent look at the Target data breach, and presents persuasive evidence that the initial intrusion into Target store networks was possible thanks to network passwords stolen from an air conditioning and heating contractor based in Pennsylvania, Fazio Mechanical Services. While not explicitly admitting that it was the channel for the breach, Fazio acknowledged yesterday that it had access to Target's network for electronic billing and project management purposes. It also acknowledged that it was part of the federal investigation. Once the hackers had accessed Target's network, they were able to upload their malware to cash registers within Target stores and gradually spread it a majority of Target's point-of-sale devices. It's estimated that the breach exposed 40 million debit and credit card accounts. (KrebsonSecurity)
QUOTE OF THE DAY - "Like Target, we are a victim of a sophisticated cyber attack operation." - Fazio Mechanical Services, a Sharpsburg, Pennsylvania-based heating and air conditioning company alleged to be the source of the Target data breach.
PREVENTING POINT-OF-SALE ATTACKS: Online security firm Symantec has published a timely white paper on attacks on cash register systems. The report makes the point that stolen credit card information can sell for as much as $100 per account. (Symantec - PDF)
OPENTABLE MOVES INTO RESTAURANTS. San Francisco-based online and mobile restaurant reservation company OpenTable, announced yesterday that it would add payments to its app's functionality. The new feature is in a pilot phase for select restaurants and users in San Francisco. Below is a screenshot of the feature as it appears on a phone. (OpenTable)
U.S. BANKING AUTHORITIES ASK HOW TO IMPROVE PAYMENTS, RECEIVE A DELUGE OF RESPONSES: The Federal Reserve Bank, the central banking authority in the United States, has been collecting feedback from the payments industry on what it would take to make the national payments system more efficient, secure, and accessible to a wider portion of the population. Payments companies were asked to identify gaps and opportunities in the payments system, and suggest how the Fed could help it improve. Responses from the industry - 188 in total - can be viewed at this link. Earlier this week Sandra Pianalto, Cleveland Federal Reserve Bank President, who heads the Fed effort, announced that the final recommendations would be published in the second half of this year. (Federal Reserve Bank)
WELCOME, INSIDERS: Don't forget to sign up and get Payments Insider every morning in your inbox. Please email johnh@businessinsider.com with news and tips.
ELECTRONIC BILL PAY PROVIDER TRIPLES VOLUME, RAISES $20 MILLION: Sunnyvale, Calif.-based billing company PayNearMe said its transaction volume tripled in 2013. The company has also received $20 million in a new financing round led by GSV Capital, with additional funds from August Capital, Khosla Ventures, Maveron, and True Ventures. PayNearMe allows customers to pay bills, buy tickets, and make purchases online by using cash at participating retailers. To make payments PayNearMe customers bring a payment code, usually in the form of a PayNearMe slip or e-mail with a bar code, to one of the 17,000 participating bricks-and-mortar locations across the United States. Participating retailers include 7-Eleven, Family Dollar, and ACE Cash Express stores. (PayNearMe)
Credit unions are terrified of moving to real-time payments: Last fall the Federal Reserve said financial institutions should adopt real-time payments systems, which transfer funds virtually instantly rather than the standard multi-day lags. Credit union trade groups are up in arms about this for two reasons. First, adopting real-time payment systems could be very expensive, which would give larger banks a competitive advantage in that they could more easily make upgrades. Second, credit unions warn that real-time payments would increase fraud risks. We think the credit unions are using the risk of fraud as a crutch because their real concern is competition. While new technologies may increase fraud risk in the short-term, they will improve with time like all technologies and the result will be a better payments system. (American Banker)
APPLE IS CRACKING DOWN ON BITCOIN APPS: Apple has removed popular Bitcoin app Blockchain, which allows users to send and receive Bitcoins, from its App Store due to "unresolved issues," according to Payments Source. Two other apps that allow users to send and receive bitcoins, Coinbase and Gliph, were also removed from the App Store in late 2013. It's not clear what the reason is for the crackdown. (Payments Source)
EMV MAY NOT BE UP TO THE TASK, BUT IT WILL DEFINITELY BENEFIT FIS: Jeffrey Greey, known as @epaymentsguy on Twitter, has an excellent take of what the hotly debated push for EMV chips on credit cards in the U.S. will mean for the domestic payments industry. In a nutshell, EMV chips - which are an added layer of security popular on credit cards in Europe and Latin America, but is a pretty old technology - will be good for payments giant FIS, which has a lot of experience with the technology. FIS, he notes, is also wading into mobile payments and "playing both sides of the fence," building capacity in emerging payments and legacy payments technologies simultaneously. (PYMNTS)
Here's what else BI Intelligence subscribers are reading...