Miami Man Pleads Guilty to Participating in Access Device Fraud and Money Laundering Conspiracies for his Roles in Nationwide Gas Station Skimming Scheme

Posted on October 22, 2021 by Christine Speedy

ALBANY, NEW YORK – Hugo Hernandez, age 34, of Miami Lakes, Florida, pled guilty today to a superseding indictment charging him with being part of access device fraud and money laundering conspiracies for his roles in a nationwide gas station skimming scheme that involved stealing banking and personal information of residents in and around the Northern District of New York, as well as multiple other parts of the country, who used the “pay at the pump” feature to make gasoline purchases.

The announcement was made by United States Attorney Carla B. Freedman; Janeen DiGuiseppi, Special Agent in Charge of the Albany Field Office of the Federal Bureau of Investigation (FBI); and Inspector in Charge Ketty Larco-Ward, Boston Division, United States Postal Inspection Service (USPIS).

As part of his guilty plea, Hernandez admitted that between December 2015 and July 2019, he conspired with others to commit access device fraud by building skimming devices designed to steal gas station customer information, installing those devices inside gas pumps in Albany, Broome, and Montgomery Counties, and elsewhere, and then using the information collected by those devices to create fake credit and debit cards. The fake cards were used to obtain money orders, gift cards, cash, and other things of value.

Hernandez also admitted to being part of a conspiracy to launder funds obtained through the access device fraud conspiracy, and, in facilitating that conspiracy, causing at least 162 money orders, worth $173,257, to be deposited into a bank account he controlled. As part of his plea agreement, Hernandez agreed to be subject to a forfeiture money judgment in the amount of $173,257.

A sentencing hearing is set to take place on March 1, 2022, before Senior United States District Judge Gary L. Sharpe. Hernandez faces up to 20 years in prison; a fine of up to $500,000 or twice the value of the property involved in the transaction, whichever is greater; and up to 3 years of supervised release. A defendant’s sentence is imposed by a judge based on the particular statute the defendant is charged with violating, the U.S. Sentencing Guidelines and other factors.

This case was investigated by the FBI Albany Field Office and USPIS Boston Division, with assistance from the FBI Field Offices in Miami, Pittsburgh, and San Juan, the USPIS Miami Division, the United States Secret Service Miami Field Office, as well as the New York State Department of Agriculture, Division of Weights and Measures. The case is being prosecuted by Assistant U.S. Attorneys Rick Belliss and Emily C. Powers.

https://www.justice.gov/usao-ndny/pr/miami-man-pleads-guilty-participating-access-device-fraud-and-money-laundering

U.S. data breaches Q3 2021

Posted on October 6, 2021 by Christine Speedy

Identity Theft Resource Center to Share Latest Data Breach Analysis with U.S. Senate Commerce Committee; Number of Data Breaches in 2021 Surpasses all of 2020

The number of data breach victims dramatically increased in Q3 2021 due to a series of data exposures during the quarter

SAN DIEGO, October 6, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter?(Q3)?of 2021. According to the data breach analysis,?the number of data breaches publicly-reported in the U.S. decreased nine (9) percent in Q3 2021 (446 breaches) compared to Q2 2021 (491 breaches). However, the number of data breaches through September 30, 2021 has exceeded the total number of events in Full-Year (FY) 2020 by 17 percent (1,291 breaches in 2021 compared to 1,108 breaches in 2020). The trendline continues to point to a record-breaking year for data compromises (the all-time high of 1,529 breaches was set in 2017).

For Q3 2021, the number of data compromise victims (160 million) is higher than Q1 and Q2 2021 combined (121 million). The dramatic rise in victims is primarily due to a series of unsecured cloud databases, not data breaches. Also, the total number of cyberattack-related data compromises year-to-date (YTD) is up 27 percent compared to FY 2020. Phishing and Ransomware continue to be, far and away, the primary attack vectors.

Download the ITRC’s 2021 Q3 Data Breach Analysis and Key Takeaways

“While the total number of data breaches dropped slightly in Q3, we are only 238 data breaches away from tying the all-time record for data compromises in a single year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “It’s also interesting to note that the 1,111 data breaches from cyberattacks so far this year exceeds the total number of data compromises from all causes in 2020. Everyone needs to continue to practice good cyber-hygiene to protect themselves and their loved ones as these crimes continue to increase.”

Other findings in the analysis include:

There have been no publicly-reported data breaches to date in 2021 attributed to payment card skimming services.
Some organizations and state agencies are not including specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice since September 2020.

Enhancing Data Security – U.S. Senate Committee Hearing – Oct. 6, 2021

The ITRC will testify before the U.S. Senate Committee on Commerce, Science & Transportation today to present the findings from our Q3 Data Breach Analysis. Watch the hearing on enhancing data security live at 10 a.m. EST/7 a.m. PST. ITRC COO, James E. Lee, issued a written statement for the record as part of a hearing with the U.S. Senate Committee.

For more information about recent data breaches, or?the increase in the number of?data breaches discussed in?the?latest?trend analysis, consumers and businesses should visit the ITRC’s data breach tracking tool,?notified.???

Anyone?can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting ?www.idtheftcenter.org to live-chat.??

About the Identity Theft Resource Center?

Founded in 1999, the Identity Theft Resource Center® (ITRC)?is a?national?nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.?Through public and private support, the ITRC provides no-cost victim assistance and consumer education through?its website?live-chat?idtheftcenter.org?and?toll-free phone number 888.400.5530.?The ITRC also?equips?consumers and businesses?with?information about recent data breaches through its data breach tracking tool,?notified.?The ITRC offers help to specific?populations, including?the?deaf/hard of?hearing and?blind/low?vision?communities.?

Mandatory Visa logo update

Posted on September 1, 2021 by Christine Speedy

Do you display the Visa logo on your ecommerce web site or other online checkout? Visa mandatory deadline to implement updated logos was August 31, 2021. The merchant signage web page below includes all the logos and general requirements and guidelines for use of Visa brand artwork.

Visit Visa brand logos guidelines for partners, acquirers and online merchants, used across credential-on-file, stored credential and online transactions for immediate logo downloads.

When will I receive American Express deposits?

Posted on August 24, 2021 by Christine Speedy

American Express merchant services deposits are now faster. As of April 2021, merchants see deposits the next business day after the transactions are submitted Monday through Friday. As of October 2020, merchants are receiving separate payment deposits for Friday, Saturday and Sunday on Monday to help simplify payment reconciliation.

American Express receipts for small businesses now appear on merchant statements with other credit cards, depending on when the merchant account opened. Older merchant accounts that did not sign up for the new program, merchants that prefer separate, and those that do not meet the maximum processing limits receive separate statements from American Express instead of their acquirer.

Call Christine Speedy, PCI Council QIR certified, for all your credit card processing questions and services. 954-942-0483, 9-5 ET.

EMVCo Publishes EMV® 3-D Secure UI/UX Guidelines

Posted on August 15, 2021 by Christine Speedy

New interactive online resource to help card issuers, merchants and solution providers optimise the EMV® 3DS payment authentication experience for e-commerce consumers.

16 August 2021 – Global technical body EMVCo has published EMV® 3-D Secure (EMV 3DS) UI/UX Design Guidelines to help card issuers, banks, merchants and solution providers optimise the EMV 3DS payment authentication experience for e-commerce consumers. The guidelines are publicly available on the EMVCo website in an easy-to-use interactive format.
In e-commerce purchases where EMV 3DS solutions are used, EMV 3DS user interface (UI) and user experience (UX) design refers to the look and feel of the screen that consumers interact with on their device during authentication with their card issuer. This includes how visual components (e.g., logo, colour, iconography, etc.) are displayed in various device layouts, and how information is presented and communicated to guide them through the steps for verifying that they are the legitimate cardholder.
According to an EMVCo-commissioned global market research study1, consistent, familiar and efficient EMV 3DS UI/UX design is key to instilling consumer trust in the authentication process and optimising the checkout experience during shopping. The new guidelines are designed specifically to help card issuers, merchants and EMV 3DS solution providers achieve this objective and deploy user interfaces for EMV 3DS authentication that support a secure and seamless e-commerce checkout experience.
“Authenticating the individual making the payment continues to be key in the fight against e-commerce fraud. The EMV 3DS UI/UX Guidelines support the consistent implementation of EMV 3DS for fraud prevention to deliver an efficient and trusted e-commerce consumer experience, which benefits the entire payment ecosystem,” said Robin Trickel, EMVCo Executive Committee Chair.
The EMV 3DS UI/UX Guidelines are supplemental to the EMV 3-D Secure User Interface Templates, Requirements, and Guidelines chapter in the EMV 3DS Protocol and Core Functions Specification.
1 Methodology: Qualitative and quantitative usability study conducted in 2019-2020. Featured surveys with 650+ participants in UK, Brazil, China, France, Singapore and the U.S.

To learn more, view the EMV Insights post: Optimising the EMV 3DS Payment Experience: UI/UX Design Guidelines.
About EMV 3DS
EMV 3DS is a fraud prevention technology that enables consumer authentication, without adding unnecessary friction to the payment process that often leads to abandoned purchases. The EMV 3DS Specification provides a common set of requirements product providers can use to integrate this technology into their solutions to support seamless and secure e-commerce payments. View the EMV 3DS Press Kit to learn more.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Card Not Present, CenPOS, credit card processing

B2B Cloud payment processing technology blog about increasing profits, efficiency and security.

Category Archives: industry news