Monday, December 7, 2009

Top tips to beat the ‘12 scams of Christmas’

Something you can share with your merchants, family, and friends. Let’s keep everyone safe this holiday season!

As seen at: http://www.telegraph.co.uk/finance/personalfinance/consumertips/6750972/Top-tips-to-beat-the-12-scams-of-Christmas.html

1. Always shield your PIN and don’t ever send it over the internet or disclose it to anyone. Your bank or the police will never phone you and ask you to disclose it.

2. Consider your card details to be as valuable as cash – in the hands of a criminal there is no difference.

3. Keep your PC protected by using up-to-date antivirus software. Try to ensure you have the latest operating system and web browser.

4. Shop only on secure websites. Before submitting card details, look for a padlock or an unbroken key symbol on your web browser.

5. Also check that the internet browser address changes from “http” to “https” to indicate that you have a secure connection.

6. Sign up to Verified by Visa or MasterCard SecureCode when given the option. Such systems provide an added level of security as you must register a password with your card company.

7. Check receipts against card and bank statements regularly. If you find an unfamiliar transaction contact your bank or card company immediately. Shred or completely destroy all documents that contain personal details and don’t keep such documents in your car or handbag.

8. Try not to let your card out of your sight when making a transaction at restaurants, bars and clubs.

9. Don’t use a cash machine that appears to have been tampered with. Report it immediately to the bank concerned.

10. Don’t be distracted or accept help from apparently well-meaning strangers while using a cash machine. If someone is crowding or watching you, cancel the transaction and use another machine.

11. When buying tickets online check with the venue to find out when they are being released and sent out. Also check that you know the geographic address of the website company and that they have a working landline phone number. Make sure there is a refund policy in case something goes wrong.

12. When dealing with tradesmen never hand over a cash deposit, be wary of special offers or warnings about your home and don’t agree to a trader starting any work straight away. Take time to consult with someone you trust for a second opinion and speak to friends, family or neighbours before making any decision.

Posted by NAAIO in 14:45:51 | Permalink | No Comments »

Fed ban on automatic ATM, debit overdraft fees on the way

As seen in ATMmarketplace.com

Bloomberg reports that the Federal Reserve will prohibit banks from charging overdraft fees on ATMs and debit cards, unless the bank customer or credit union member agrees to pay charges for exceeding account balances. And financial companies that do impose fees will be required to explain their overdraft programs, as well as the choices they are offering consumers.
The final Fed rules will require banks to provide the same terms, including prices, for consumers who decline overdraft protection. The rules take effect July 1. Consumers who decline to join a program may be denied access to cash at an ATM or have their debit-card transactions rejected.
According to a statement released by the Fed, lenders last year collected almost $37 billion in overdraft fees:
“The final overdraft rules represent an important step forward in consumer protection,” said Federal Reserve chairman Ben S. Bernanke. “Both new and existing account holders will be able to make informed decisions about whether to sign up for an overdraft service.”

House and Senate committees have introduced separate legislation that would restrict banks’ ability to charge overdraft fees. Both bills would permit one overdraft fee a month or six in a year.

Giving consumers a choice is important, “but we need to do far more to protect customers from abusive bank products,” said Senate Banking Committee Chairman Christopher Dodd in a statement. “We still need to stop the excessive fees, repeated charges, lax notifications and processing manipulation” in overdraft-protection programs.
Dodd introduced legislation Nov. 10 that would give Congress more power in naming the central bank officials who set interest rates. Dodd’s plan would create a Consumer Financial Protection Agency, which would assume the Fed’s role on consumer issues.
Fed consumer research shows “most consumers prefer not to be enrolled in overdraft services for ATM and one-time debit- card transactions unless they affirmatively consent.”

Posted by NAAIO in 14:38:51 | Permalink | No Comments »

NAAIO Member Jim Penza of WRG Publishes Article Entitled “What Does the Future Hold for the ATM Business

Full Article here: http://www.naaio.org/enewsletter/wrgplaymeter112409.pdf

In the Past several issues of Play Meter magazine, WRG executives have written a series of articls that discuss the ease of transitioning from the vending industry to the ATM industry.

Our experts have discussed topics that include ATM service and repair, ATM transaction processing services, and legal issues that face ATM operators.

Now that you understand the importance of finding the right full-service ATM partners, you may be asking yourself, “What does the future hold for ATM business?”

It is understandable to be apprehensive about jumping into a new industry - especially in the current economic climate - but with more programs moving to an electronic-based payment system, the potential still exists to grow your busines by adding ATMs.

Posted by NAAIO in 14:35:50 | Permalink | No Comments »

Friday, July 24, 2009

NYC Woman Accused of ATM Fraud at Pa. Slots Parlor

http://www.philly.com/philly/wires/ap/news/state/pennsylvania/20090723_ap_nycwomanaccusedofatmfraudatpaslotsparlor.html

The Associated Press

EASTON, Pa. - Authorities in eastern Pennsylvania say an illegal immigrant from China bilked casino patrons out of as much as $10,000 last month.

Northampton County District Attorney John Morganelli says 56-year-old Shoumin Chai scammed casino patrons who used an ATM at the Sands Casino Resort in Bethlehem last month. Surveillance footage allegedly shows Chai offering to assist two dozen people with their withdrawals and double-swiping their cards to access their accounts.

Morganelli says three people have already come forward claiming $1,100 in loses.

Chai, a New York City resident, faces more than a hundred charges. Her bail was increased to $200,000 on Wednesday.

Morganelli says Chai has a history of fraud convictions and was banned from Atlantic City casinos in May. Immigration officials say they have begun deportation proceedings.

Posted by NAAIO in 14:11:46 | Permalink | No Comments »

Customers File 9 Federal Lawsuits Seeking ATM Fee Payback

http://www.pittsburghlive.com/x/pittsburghtrib/news/pittsburgh/s_627580.html

By Jason Cato | TRIBUNE-REVIEW | Monday, June 1, 2009

ATM transactions might cost a number of financial institutions and operators in Western Pennsylvania more than a nominal fee if they lose a rash of lawsuits filed in federal court in Pittsburgh.

Customers filed nine lawsuits during a two-week period claiming they used automated-teller machines that violated the Electronic Funds Transfer Act because “no notice was posted ‘on or at’ the ATM,” as federal law requires. The law requires notifying customers of fees by signs located on or near the machines and on-screen before transactions are completed.

Each lawsuit alleges there was no sign, although customers were notified on the screen of fees ranging from $1 to $2.

“Go to 20 ATMs, and I think you’ll see that people tear the stickers off everyone’s machines,” said Tom Ronalo, president of ATM Cash World in Green Tree.

Ronalo’s company is being sued by a Wexford man who claims a machine in a Coraopolis convenience store violates the law. Dale Holland said he was illegally assessed a $2 fee. Other defendants include Clearview Credit Union, Northwest Savings Bank and Allegheny Valley Bank of Pittsburgh.

“We’ve got a thousand machines,” Ronalo said. “People tamper with them. I don’t see how anybody can be damaged by that.”

Congress saw differently when it made several amendments to the law in the 1990s, though lawmakers placed a $500,000 limit on the amount a company can lose through a class-action lawsuit.

“The overwhelming majority of financial institutions and ATM operators are in compliance with the law,” said Bruce Carlson, a Sewickley lawyer whose firm filed the nine lawsuits and seeks class-action status for them. “But the law speaks for itself. The requirements are unambiguous.”

Carlson said legislators encouraged lawsuits as an enforcement tactic because the government lacks the resources to make sure each machine complies with the law.

“These lawsuits and publicity will make sure everyone soon is in compliance,” Carlson said.

Class-action lawsuits often recoup minimal losses for many people, said Jonathan Klick, a University of Pennsylvania law professor.

“Individually, you would never bring your own case if it cost $5,000 to win $1,000,” Klick said. “If we didn’t have these cases litigated, these companies would have nothing to worry about and no reason to change.”

A Chicago bank this year settled a similar lawsuit for $75,000 after it was sued for charging customers $3 per transaction instead of the $2 it told them they would be charged. Of the settlement money, the person who sued received $3,000 and his lawyers took $31,000. The remaining $41,000 will be split among the class-action members, with each getting up to $75.

Posted by NAAIO in 14:07:59 | Permalink | No Comments »

Wachovia Offering Reward in Stolen ATM Incident

http://www.onlineathens.com/stories/072309/new_468131411.shtml

Well-equipped thieves take ATM

With stolen forklift, bank robbers pull off a hoist

By Joe Johnson  |  joe.johnson@onlineathens.com

Wachovia has posted a reward after thieves stole an ATM this week from the drive-thru of the bank’s Mitchell Bridge Road branch.

The thieves boosted a forklift from an Atlanta Highway construction site early Monday morning, drove it to the bank about a mile and a half away, then used it to rip the ATM from the ground and load it into a pickup, Athens-Clarke police said.

As officers responded to a silent bank alarm at 4:24 a.m. a witness called 911 to report she saw the driverless forklift rolling across the parking lot of Athens Promenade shopping center on Atlanta Highway, which is adjacent to the bank.

Officers barely missed the thieves, arriving soon after the forklift crashed into a tree at the shopping center, according to police.

The forklift was stolen from Adcock Furniture Co., 4220 Atlanta Highway, but police don’t know if the thieves drove it to the bank at 1200 Mitchell Bridge Road or loaded it into another vehicle.

Thieves began using forklifts and other construction equipment to steal ATMs in metro Atlanta about five years ago, but the technique is just reaching Clarke County, police said.

The trend began in the summer of 2004, officials said, when police arrested a heavy equipment operator at his home in Conyers in connection with seven ATM thefts over a five-week period.

More recently and closer to home, ATM thieves struck in Banks County two months ago.

Athens-Clarke police Detective Sean McCauley plans to compare notes with authorities there who are investigating an attempted ATM theft on May 2 from Northeast Georgia Bank on U.S. Highway 441 in Commerce.

The thieves stole a forklift from a construction site on the other side of the road, drove it to the bank and plunged the forks into the ATM, tearing it from the ground and placing it in a pickup truck’s bed, Banks County Sheriff Charles Chapman said.

When bank’s alarm went off, the startled thieves rushed to get away. They didn’t secure the ATM and the machine fell into the bank’s parking lot.

They abandoned the pickup - which was stolen in Gwinnett County - in Jefferson, not far from Interstate 85.

A Banks County investigator met with officers from the Peachtree City area, where thieves used the same method to steal 11 ATMs.

“They all happened between 3 and 5 in the morning, and they all used stolen construction equipment to put the ATM machines into stolen vehicles,” Chapman said.

“It’s probably going to be the same perpetrators,” he said. “It may or may not be a large group of them, but they’re going to be one and the same.”

The thieves in Monday’s heist probably used a stolen truck, and the vehicle will turn up abandoned over the next few days, Chapman predicted.

Wachovia is offering up to $20,000 in reward money for information leading to the arrest of the thieves.

Anyone with information can call McCauley at (706) 353-4218, extension 141, or use the Crime Stoppers confidential tip line, at (706) 613-3342.

Editor’s note: Due to incorrect information provided to the Banner-Herald, the amount of award money offered by Wachovia Bank was incorrect in a previous version of this story.

Originally published in the Athens Banner-Herald on Thursday, July 23, 2009
Posted by NAAIO in 14:03:36 | Permalink | No Comments »

Wednesday, April 29, 2009

Remote Key Loading: The Next In ATM Security for ISOs

Dennis “Abe” Abraham has spent the last five years waiting for remote key loading to reach a tipping point. The president of Concord, N.C.-based Trusted Security Solutions Inc., developer of the A98 remote key loading system, says the timing for RKL is finally right, and independent sales organizations are now seriously considering their options.
 
     Though complicated by complex algorithms and multiple levels of encryption, the function of remote key loading is simple. Basically, RKL eliminates the need for ATM technicians to physically visit ATMs for manual key changes - thus eliminating expense and the possibility for human error.


     After completing their investments in Triple DES upgrades, ATM deployers are now finally able to focus some time and money on RKL. Up to this point, financial institutions have expressed interest in RKL, but few have made large investments. In the ISO space, movement has been, by and large, non-existent.
 
     And there are a few reasons for that.
 
     Deployers of off-premises ATMs have not been as diligent about ensuring their keys are changed. In fact, before the October 2008 release of version 1.2 of the Payment Card Industry Council Data Security Standard, no definitive requirements for key changing existed. ATM deployers were required to change keys if and when audited, but audits were not mandated across the board.
 
     Under version 1.2, keys must be changed every 12 months, and the networks are watching, says Chuck Hayes, product development manager for Long Beach, Miss.-based Triton Systems of Delaware. That PCI push has encouraged manufacturers like Triton to start marketing RKL as part of the overall ATM offering.
 
      “It’s a differentiator for us,” Hayes said. “It’s the first time an RKL solution has been brought to market for the off-premises space, and that’s helping us enjoy a competitive advantage.”
 
     Triton’s patent-pending RKL offer may only require a software upgrade, if the ATM already has Triton’s upgraded encrypting PIN pad.
 
     For an ISO that acquires and needs to merge a fleet of remote-key capable ATMs with an existing fleet of ATMs that aren’t remote-key ready, the Triton solution calls for a mere switch of the host for transaction processing, Hayes says.
 
“The business case for ISOs is simple: less key handling,” he said. “That’s an advantage. If an ATM key was corrupted, the host could rekey that ATM within minutes, rather than having to go through the manual process of sending someone out, which takes time and expense.”

A case for ISOs and FIs
 
RKL adoption is definitely picking up, Abraham says, from the FI and ISO sides of the business.
 
“In today’s economy, the price of labor is going up and the number of people is diminishing,” Abraham said. “Everybody is looking for more efficient ways of doing things.”
 
Wes Dunn, the director of business development for Hayward, Calif.-based Tranax Technologies, says adoption of remote key loading will be critical for ISOs in the coming the months.
 
“The ISOs are the ones that lose out on this deal, because if they have to go out and change those keys manually — especially when we are already in a business of pennies — and have to do it once a year, it’s going to get very expensive. The ISO is going to have to bear the cost, because the retailer is not going to understand why the keys need to be changed and is not going to pay for it.”
 
Tranax expects to launch its own RKL solution by the end of the year.
 
“We understand the importance of it,” Dunn said. “With all of the regulation, it’s going to become a very hot topic very fast, and the financial implications of not doing remote key could be potentially devastating.”
 
Like ISOs, the business case for RKL also is reaching a tipping point for more FI adoption.
 
“Up until now, there have been a lot of other things going on in the financial space, and many banks didn’t see that they were losing too much money in this area — at least not enough to make it worth an investment,” Abraham said. “Besides, up until recently, many ATMs out there weren’t even capable of doing remote key. Now that Visa requires all new ATMs to be remote-key capable, the market’s perception is changing.”
 
Trusted Security now works with Triton, Wincor Nixdorf, Diebold Inc. and NCR Corp. on remote key solutions. But some hurdles still need to be jumped.
 
For one, Abraham says, many PCI auditors and rule makers are not educated well enough about RKL to conduct audits and set policy.
 
“They are trying to connect symmetric cryptography to asymmetric public key cryptography, and there is no connection there,” Abraham said. “There are a lot of rules being made that don’t make sense. We have a need for a lot of education.”
 
Diebold’s patent raises eyebrows
 
RKL can be handled in one of two ways: either through a signature-based protocol or a certificate-based protocol. NCR and Wincor Nixdorf International rely on the signature-based method. Diebold uses certificate-based protocol.
 
With signature-based protocol, the data structure is very simple. It’s a structure of information that has a digital signature attached to it, such as a public key.
 
With certificate-based protocol, the data structure is much more complex. The data being transmitted is much larger, so it’s not easily transported over dial-up networks. And the certificates themselves contain much more information.
 
“Because of that complexity, implementation for Diebold CBP (certificate-based protocol) would not work on a Triton CBP,” Abraham said. “They each have differences; so consequently, we end up implementing different protocols.”
 
What concerns other manufacturers and bankers, as it relates to Diebold’s certificate-based protocol, Abraham says, is that because the solution is patented, permission must be granted by Diebold to utilize the protocol. Everyone is worried about a lawsuit.
 
Some manufacturers have developed their own key loading solutions. Others, like Triton, are working with third parties like Trusted Security.
 
“In our system, we treat everything as a data transport, so the ATM deployer doesn’t have to worry about the difference in CBP or SBP,” Abraham said. “We do all of that stuff internally.”

Posted by NAAIO in 12:28:26 | Permalink | No Comments »

Wednesday, March 25, 2009

Alert! Use Caution When Purchasing or Deploying Pin Entry Devices (PEDs)

    In the past, Pin Entry Device (PED) security requirements originated from Visa, MasterCard and JCB.  That is no longer true.  Currently, the five major payment brands (American Express, Discover, JCB, MasterCard and Visa) have come together to form the Payment Card Industry Security Standards Council, commonly known as PCI.
 
      Until PCI came along, Visa maintained on its web-site a listing of compliant point of sale devices and encrypting pin pads, but Visa’s listing (today referred to as the Pre-PCI device listing) expired on December 31, 2007.   The Visa Pre-PCI device listing was replaced by the PCI listing now available on the PCI website at www.pcisecuritystandards.org.
 
      According to Visa, all Pre-PCI device approvals have expired as of December 31, 2007 and Pre-PCI devices cannot be purchased after their approval expiration date.  Pre-PCI devices can be deployed after December 31, 2007 only if purchased before December 31, 2007.    
 
      Why is this important to ATM ISOs and Operators?    As ATM ISOs and Operators shop for PEDs to be used as replacements or upgrades in their ATMs, they need to be cautious of sellers who offer devices for sale that are not on the current PCI PED approval list.   For example, be cautious of advertisements or listings that make no mention of PCI PED approval.   And be cautious of ads that might state products as “Visa approved.”  You might be buying obsolete products that will expose you to liability according to network rules.  
 
      In order to avoid liability associated with the compromise of a personal identification number (PIN), it is the obligation of every ATM ISO or Operator to make sure they purchase and deploy PEDs on their ATMs that are PCI PED approved.
 
Currently, the one and only place to verify whether a PED is approved is the PCI website.  Click here if you’d like to verify your equipment

IMPORTANT PCI LINK: https://www.pcisecuritystandards.org/education/prioritized.shtml

Posted by NAAIO in 22:00:14 | Permalink | No Comments »

NAAIO Has Second Meeting with MasterCard

On February 24, 2009, representatives of NAAIO met with MasterCard for a second time at MC’s headquarters in Purchase, NY.  NAAIO representatives included Steve Burns (E-Cash; NAAIO Board member and NAAIO President), Ray Varcho (WRG Services Inc; NAAIO Board member), and Darryl Ware (WWS ATM; NAAIO Board member).   The meeting was coordinated and attended by Kendall Harsch of MetaBank, a leading ISO sponsoring financial institution.
 
      NAAIO, on behalf of its membership, welcomed the invitation to sit down with top decision makers who hold responsibility for ATM program management.  As a continuation of the introductory meeting held in November of 2008, significant effort was devoted to a discussion of the typical ISO ATM business model, as compared and contrasted with the financial institution ATM model.  The discussion included the current state of the ATM ISO industry and the challenges related to surcharge, interchange, equipment pricing, service, and ancillary products and services such as co-branding.  NAAIO and MC are exploring ways to foster ATM transactional growth.
 
      Other topics of discussion included educational and public relations efforts, as well as frivolous chargeback activity, non-compliant operators, and non-compliant ATMs.
 
      A third meeting with MC is being planned. In preparation for that meeting NAAIO welcomes comments and suggestions from all its members, whether ISOs, Operators or Vendors.  NAAIO encourages each of its members to get involved.  Let your voice be heard.
Posted by NAAIO in 21:50:57 | Permalink | No Comments »

NAAIO Has Joined the PCI Security Standards Council

Last month, at our annual meeting, we announced that NAAIO has been accepted to the PCI Security Standards Council. You may be wondering just what this means to you, the NAAIO member.
 
      First, it gives us at NAAIO the option of nominating a member to the Board of Advisors. This person, if elected, would have direct input to the new PCI standards. NAAIO has nominated Daryl Ware to sit on this board and we’ll keep you posted as to his election on the board.
 
     Second, and more importantly, NAAIO’s acceptance to the PCI Security Standards Council means that you, the NAAIO member have direct access to any and all information that NAAIO receives from membership in this council - at no added cost to you. As a valued member of NAAIO, we believe that your voice and needs as an ISO are important. If you have questions, if you want to be heard, NAAIO will make sure that you are.
 
      Through NAAIO’s membership in the PCI Security Standards Council, YOU are a member of the PCI Security Standards Council.
Posted by NAAIO in 21:44:40 | Permalink | No Comments »