Author Archives: Christine Speedy

About Christine Speedy

B2B cloud payment acceptance solutions and CenPOS enterprise cloud payment solutions global sales.

Fresno Woman Pleads Guilty to Committing $100,000 in Credit Card Fraud

Posted on by
1

FRESNO, Calif. — Alena Nicole George, 43, of Fresno, pleaded guilty today to access device fraud, Acting U.S. Attorney Phillip A. Talbert announced.

According to court documents, from February through April 2019, George used a credit card that was fraudulently opened in the identity of a victim with a name similar to her own name to make $100,000 in purchases at national retailers and cash advances at a national bank.

This case is the product of an investigation by the Federal Bureau of Investigation and the U.S. Postal Inspection Service. Assistant U.S. Attorneys Vincente Tennerelli and Joseph Barton are prosecuting the case.

George is scheduled to be sentenced by U.S. District Judge Dale A. Drozd on Jan. 21, 2022. George faces a maximum statutory penalty of 10 years in prison and a $250,000 fine. The actual sentence, however, will be determined at the discretion of the court after consideration of any applicable statutory factors and the Federal Sentencing Guidelines, which take into account a number of variables.

https://www.justice.gov/usao-edca/pr/fresno-woman-pleads-guilty-committing-100000-credit-card-fraud

Miami Man Pleads Guilty to Participating in Access Device Fraud and Money Laundering Conspiracies for his Roles in Nationwide Gas Station Skimming Scheme

Posted on by
Reply

ALBANY, NEW YORK – Hugo Hernandez, age 34, of Miami Lakes, Florida, pled guilty today to a superseding indictment charging him with being part of access device fraud and money laundering conspiracies for his roles in a nationwide gas station skimming scheme that involved stealing banking and personal information of residents in and around the Northern District of New York, as well as multiple other parts of the country, who used the “pay at the pump” feature to make gasoline purchases.

The announcement was made by United States Attorney Carla B. Freedman; Janeen DiGuiseppi, Special Agent in Charge of the Albany Field Office of the Federal Bureau of Investigation (FBI); and Inspector in Charge Ketty Larco-Ward, Boston Division, United States Postal Inspection Service (USPIS).

As part of his guilty plea, Hernandez admitted that between December 2015 and July 2019,  he conspired with others to commit access device fraud by building skimming devices designed to steal gas station customer information, installing those devices inside gas pumps in Albany, Broome, and Montgomery Counties, and elsewhere, and then using the information collected by those devices to create fake credit and debit cards. The fake cards were used to obtain money orders, gift cards, cash, and other things of value.

Hernandez also admitted to being part of a conspiracy to launder funds obtained through the access device fraud conspiracy, and, in facilitating that conspiracy, causing at least 162 money orders, worth $173,257, to be deposited into a bank account he controlled. As part of his plea agreement, Hernandez agreed to be subject to a forfeiture money judgment in the amount of $173,257.

A sentencing hearing is set to take place on March 1, 2022, before Senior United States District Judge Gary L. Sharpe. Hernandez faces up to 20 years in prison; a fine of up to $500,000 or twice the value of the property involved in the transaction, whichever is greater; and up to 3 years of supervised release. A defendant’s sentence is imposed by a judge based on the particular statute the defendant is charged with violating, the U.S. Sentencing Guidelines and other factors.

This case was investigated by the FBI Albany Field Office and USPIS Boston Division, with assistance from the FBI Field Offices in Miami, Pittsburgh, and San Juan, the USPIS Miami Division, the United States Secret Service Miami Field Office, as well as the New York State Department of Agriculture, Division of Weights and Measures. The case is being prosecuted by Assistant U.S. Attorneys Rick Belliss and Emily C. Powers.

https://www.justice.gov/usao-ndny/pr/miami-man-pleads-guilty-participating-access-device-fraud-and-money-laundering

U.S. data breaches Q3 2021

Posted on by
Reply

Identity Theft Resource Center to Share Latest Data Breach Analysis with U.S. Senate Commerce Committee; Number of Data Breaches in 2021 Surpasses all of 2020

The number of data breach victims dramatically increased in Q3 2021 due to a series of data exposures during the quarter 

SAN DIEGO, October 6, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter?(Q3)?of 2021. According to the data breach analysis,?the number of data breaches publicly-reported in the U.S. decreased nine (9) percent in Q3 2021 (446 breaches) compared to Q2 2021 (491 breaches). However, the number of data breaches through September 30, 2021 has exceeded the total number of events in Full-Year (FY) 2020 by 17 percent (1,291 breaches in 2021 compared to 1,108 breaches in 2020). The trendline continues to point to a record-breaking year for data compromises (the all-time high of 1,529 breaches was set in 2017). 

For Q3 2021, the number of data compromise victims (160 million) is higher than Q1 and Q2 2021 combined (121 million). The dramatic rise in victims is primarily due to a series of unsecured cloud databases, not data breaches. Also, the total number of cyberattack-related data compromises year-to-date (YTD) is up 27 percent compared to FY 2020. Phishing and Ransomware continue to be, far and away, the primary attack vectors. 

Download the ITRC’s 2021 Q3 Data Breach Analysis and Key Takeaways 

“While the total number of data breaches dropped slightly in Q3, we are only 238 data breaches away from tying the all-time record for data compromises in a single year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “It’s also interesting to note that the 1,111 data breaches from cyberattacks so far this year exceeds the total number of data compromises from all causes in 2020. Everyone needs to continue to practice good cyber-hygiene to protect themselves and their loved ones as these crimes continue to increase.” 

Other findings in the analysis include: 

  • There have been no publicly-reported data breaches to date in 2021 attributed to payment card skimming services.  
  • Some organizations and state agencies are not including specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice since September 2020. 

Enhancing Data Security – U.S. Senate Committee Hearing – Oct. 6, 2021

The ITRC will testify before the U.S. Senate Committee on Commerce, Science & Transportation today to present the findings from our Q3 Data Breach Analysis. Watch the hearing on enhancing data security live at 10 a.m. EST/7 a.m. PST.  ITRC COO, James E. Lee, issued a written statement for the record as part of a hearing with the U.S. Senate Committee. 

For more information about recent data breaches, or?the increase in the number of?data breaches discussed in?the?latest?trend analysis, consumers and businesses should visit the ITRC’s data breach tracking tool,?notified.??? 

Anyone?can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting ?www.idtheftcenter.org to live-chat.?? 

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC)?is a?national?nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.?Through public and private support, the ITRC provides no-cost victim assistance and consumer education through?its website?live-chat?idtheftcenter.org?and?toll-free phone number 888.400.5530.?The ITRC also?equips?consumers and businesses?with?information about recent data breaches through its data breach tracking tool,?notified.?The ITRC offers help to specific?populations, including?the?deaf/hard of?hearing and?blind/low?vision?communities.? 

CVV Card Verification Value vs 3-D Secure, D365, Dynamics Ax

Posted on by
Reply

What’s the difference between Card Verification Value verification and 3-D Secure cardholder authentication? How can each be used in Microsoft D365 F&O or Dynamics AX 2012? Both are solutions to reduce chargeback risk for card not present transactions, but not much else is the same.

The CVV, or Card Verification Value, is a three or four-digit number on credit cards to add an extra layer of security for phone and online purchases to help protect against identity theft. CVV or CSC, or Card Security Code, and CVV2 have the same purpose. The “2” means it was created using a newer process to make the number more difficult to guess.

3-D Secure is a protocol providing an additional layer of security for eCommerce transactions prior to authorization. 3-D secure 1.0 is being retired October 1, 2021 and legacy integrations often require an update.

What are merchant benefits for using 3-D Secure vs CVV?

  • More authorization approvals. False declines are a significant source of lost revenue.
  • Some cards have reduced interchange rates when the authentication is invoked, which are usually over 90% of fees.
  • Less friction for customers at checkout because it’s more likely to get approved and no need to chat or call for help.
  • Reduced risk of chargeback losses. Fraud liability for “it wasn’t me” automatically shifts to the issuer; Merchants do not have to defend those chargebacks, they never even see them.

At this stage of massive data breaches and stolen data globally, the CVV is just not enough to mitigate chargeback risk because too many compromised cards with CVV data are available on the dark web. Additionally, merchants can experience issuer generated chargebacks even if an authorization was granted. What? Yes, and there is no recourse. A big issue is following authorization rules. Here’s some examples:

  1. A merchant has customer card numbers on file (old school on paper). The merchant key enters each transaction. This fails the unscheduled credential on file rule, where after the initial authorization, a response code is submitted with each subsequent authorization.
  2. A merchant has customer card numbers on file via stored tokens, no access to cardholder data. The merchant uses token to get new authorizations. This can fail the unscheduled credential on file rule, where after the initial authorization, a response code is required with each subsequent authorization, however, the technology used does not support those protocols.
  3. A merchant gets a phone order and enters CVV. The merchant has higher risk of fraud because the customer must self-enter the card number to participate in 3-D Secure authentication.

If you have non-qualified, STD, and other classes of transactions on merchant statements, that usually means that an authorization rule was not followed. So while an authorization code may have been granted, the merchant is at higher risk of a chargeback and usually pays penalty fees.

How can Microsoft D365 and Dynamics AX users leverage the benefits of 3-D Secure 2.0 vs CVV verification? For B2B, I recommend all merchants require their customers self-manage their payment methods using a payment gateway that supports all the latest authorization rules. (Few do.) For cards that have been stored over multiple years, it’s unlikely that the token stored has the correct data (not visible to merchants) to send with newer transactions. For example, Authorize.net, a popular payment gateway, just started supporting unscheduled credential on file this year, and only on First Data. Ask about our integrated and standalone solutions that include a cloud portal for customers to self-manage payment methods, view payment history, and pay invoices, if applicable.

What payment gateways support customers self-managing payment methods in compliance with all the current rules? Contact us for stand alone, Dynamics integrated, Magento and other solutions. Remember, 3-D secure can only be invoked if the customer entered their cardholder data. For subsequent unscheduled credential on file transactions, CVV and 3-D secure are not needed, because the cardholder has already verified themselves.

Call Christine Speedy, PCI Council Qualified Integrator Reseller (QIR) certified, for all your card not present, Microsoft Dynamics AX and D365 payment processing needs from ACH to credit cards and more. Get a new merchant account or keep your existing. 954-942-0483, 9-5 ET.

Mandatory Visa logo update

Posted on by
Reply

Do you display the Visa logo on your ecommerce web site or other online checkout? Visa mandatory deadline to implement updated logos was August 31, 2021. The merchant signage web page below includes all the logos and general requirements and guidelines for use of Visa brand artwork.

Visit Visa brand logos guidelines for partners, acquirers and online merchants, used across credential-on-file, stored credential and online transactions for immediate logo downloads.