CA Digest        

CA Digest

Number 135; 13th December 2007

Subscribe to the CA DIGEST Alert Service - This page is updated regularly with news relating to Operational Risk and Compliance issues from around the world. Subscribe to this alert service by sending a blank e-mail to  with the word SUBSCRIBE in the subject line

In Focus

ID theft victims disclose costs of violations

The Identity Theft Resource Center has published a study which analyses the personal impact of identity theft on victims. “Identity Theft: The Aftermath 2006” was not based on a random survey, but on interviews with actual confirmed victims of ID theft in 2006, the U.S.-based non-profit body says.

ID theft victims were invited to respond to a series of 44 questions, the Center says. The questions ranged from the emotional impact that ID fraud has had on their lives, and how easy it was to recover their good name, to the financial losses suffered by banks, card issuers and merchants as a result of the fraud the victims suffered.

A large percentage of respondents reported being victimized by people who may have had easy access to personal identifying information, including friends, family members, ex-spouses or those in close contact with the victim, such as co-workers.

Of those respondents who knew something about their imposter, victims reported that their imposters also committed other crimes; experienced financial difficulties; have addictions; and may have committed ID theft against other family members.

Nearly two-thirds of the 2006 sample reported that their personal information had been used to open a new credit line in their name; 29 percent reported their information was used to obtain new cable TV or utility accounts; and a further 27 percent reported that the imposter made charges to the victims' existing credit card accounts.

Victims spent an average of 97 hours repairing the damage done by identity theft to an existing account used or taken over by the thief. The average total value of charges made to fraudulent accounts in the victims’ names was US$87,303 in 2006, up 78 percent from 2004.

Nearly half (45 percent) of victims in 2006 reported that ID fraud had stressed their family life; 27 percent felt betrayed by unsupportive family members and friends; and 34 percent said their family did not understand.

Among the emotions expressed by victims were: anger; betrayal; a sense of being unprotected by police and of being powerless; personal financial fears; and the desire to give up and stop fighting the system.

Look for our upcoming courses being held around the world by clicking on the globe


 Basel II 


Expert charges banks on effective risk management

A risk management expert has urged Nigerian banks to put in place effective risk management system rather than focusing on raising capital. Executive director (Risk Management Control) First Bank of Nigeria , Lamido Sanusi, who made the call, said that although capital is important but there is much more to a sound bank than raising capital.

He said there is a high watermark burden on bank to entrench transparency and operate in an ethical manner, adding that as banks are raising more money from the capital market they are also under pressure to deliver huge returns to shareholders at the end of the day. He further said that many banking risk arise from common cause of mismatching, adding that if banks had perfectly matched assets and liabilities, the only risk faced by a bank would be credit risk.

He stated that risk in banks could not be completely eliminated but it could be minimized through robust risk management practices. Highlighting the elements of sound corporate governance, he said that with a well articulated corporate strategy, the overall success and the contribution of individuals could be measured. He said that there was need of setting and enforcing clear assignment of responsibilities, decision-making authority and accountabilities that are appropriate for the bank's risk profile.

Stating types of risk in banks, he said that operational risk is associated with the problem of accurately processing, settling and taking or making delivery on trades in exchange for cash. While legal risks are endemic in financial contracting and separate from the legal ramification of credit, counterparty and operational risks.

 Operational Risk 



Police arrest card skimmer suspects

Vancouver police have arrested two suspects in connection with a sophisticated debit and credit-card skimming operation. A Canada-wide warrant has been issued for a third man in connection with the operation, which allegedly robbed hundreds of people of their money.

Dumitru Gabureac and Oksana Syrevich, both of Vancouver, were arrested November 23 and face multiple charges including theft and possession of credit card forging equipment.

Dimitru Gigi Kovacs, who remains at large, faces charges including fraud, theft, possession of credit card forging equipment, and possession of unauthorized credit card data.

The charges come after a police investigation into a debit-card skimming fraud that was first spotted in Langley, near Vancouver in August 2007.

Police say several debit card skim sites were located in Langley, where Ingenico 1200 Series debit PINpads at fast-food restaurants and other businesses were replaced by “parasite” pads that recorded the user's card information.

Fraudulent cards were then made up, resulting in "hundreds of thousands" of dollars withdrawn from the victims' bank accounts, police said.

During the course of the investigation, the Langley skim sites were linked to similar incidents in other nearby cities including Vancouver, Maple Ridge, Richmond, Coquitlam and Abbotsford, British Columbia.

Police say one popular fast-food chain was victimized 16 times by what appeared to be the same group of individuals.

Police say the Vancouver operation has extensive connections to organized crime gangs in Ontario and Montreal. Gabureac has a number of warrants from Montreal for similar offences to those he is accused of in British Columbia .


RBI cautions public against remittance frauds

The Reserve Bank of India has cautioned people not to fall prey to fictitious offers for release of cheap funds claimed to have been remitted by overseas entities to banks in India or the RBI.

The warning comes in the wake of international e-mail frauds and lottery scams, where people have lost money by believing unknown entities making claims of a lottery in store for the unsuspecting victim.

Public should not make any remittance towards participation in such schemes or offers from unknown entities, an RBI note said.

Describing the modality of such offers, the RBI stated that certain foreign entities or individuals, including Indian residents acting as representatives of such entities, make offers through letters or e-mails, of huge money in foreign currency to resident individuals (including schools / hospitals), on the pretext of helping them in their business or ventures in India.

Once the contact is established, the offer is followed by a request seeking details of the bank account of the individuals or Indian entity and asking some amount to be remitted to them as initial deposit / commission so that the offer money could be transferred.

Likewise, references have been also received in the RBI in the recent past from individuals and authorized dealers seeking approvals or clarifications for effecting remittances in foreign currency towards commission or fees for receiving prizes won in overseas lottery schemes etc, the note said.

It has also come to the notice of the RBI that certain overseas organizations have been advising individuals / companies and trusts in India that huge sums of money for disbursal of loans in India at cheap rates has been kept in an account with the RBI and the funds would be released after approval from the central bank.

To substantiate their claims, even copies of certificate / deposit receipts purported to have been issued by the RBI are produced by such operators.

The RBI clarified that remittance in any form towards participation in lottery schemes is prohibited under Foreign Exchange Management Act, 1999. Further, these restrictions are also applicable to remittances for participation in lottery-like schemes functioning under different names, such as, money circulation scheme or remittances for the purpose of securing prize money / awards, etc.

The central bank further clarified that it does not maintain any account in the name of individuals / companies or trusts in India to hold funds for disbursal.


Security experts warns of man-in-the-browser threat

Security experts are reporting a surge in so-called "man-in-the-browser" attacks where hackers infect PCs with malicious code that is only triggered when a Web user visits an online bank site.

Helsinki-based digital security firm F-Secure is warning that this new type of malware can retrieve information - such as logins and passwords - entered on a legitimate bank site by intercepting the HTML code in the Web browser. Criminals then store the personal data on FTP sites before selling it on.

Mikko Hypponen, chief research officer at F-Secure, says: "With the enhancements that banks have deployed in terms of authentication security on their online banking sites, phishing attacks are becoming less and less effective, and attacks of the 'man in the browser' type are set to increase."

F-Secure says security products using behavioral analysis are the most effective against these attacks, as the malicious codes are designed specifically for certain banking sites. They are not distributed en masse like phishing emails.

Recently Connecticut-based start-up security firm KeyID reported that it is in discussions with banks about testing its patent-pending SecureOTP technology, which uses one time passwords (OTPs) to add an extra layer of security to two factor authentication methods in order to protect against man-in-the-browser and man-in-the-middle attacks as well as phishing and pharming.

The KeyID system works at the authentication stage of a transaction, providing a separate encryption packed with the OTP meaning any hacker that tries to intercept the transmission cannot read the password information.

KeyID president and CEO, Sunil Ippagunta, told reporters that, although man-in-the-browser attacks could still occur after secure authentication is set up, the criminal wouldn't be able to read the secured credentials because they are only valid for specific sessions and channels.

The start-up is expected to begin testing technology in the first quarter of 2008, before a roll out in Q2.

Gail Kerr, executive vice president of business development for KeyID, says the company has demonstrated the technology to PayPal, Bank of America and CitiBank.


Allied Irish Bank sends 15,000 customer payment receipts to wrong addresses

Allied Irish Bank (AIB) says a computer error caused 15,000 payment advice slips - some featuring personal details including names, addresses and bank account and sort code numbers - to be sent to the wrong addresses.

In a statement the bank says that a "technical problem" led to 15,000 payment slips for deposits or withdrawals in foreign funds being issued to the wrong customers between 13 and 15 November. About 11,000 individual customers are thought to be affected by the glitch.

Around half of payment slips are thought to have contained names, addresses and account and bank sort code numbers of other clients. The rest contained partial information such as account numbers and sort codes. AIB says that no customer accounts have been incorrectly debited and all payments were processed in accordance with customer instructions.

The bank says it is writing to all affected customers and has informed the Data Protection Commissioner on the incident.

New Zealand

Hacking gang leader arrested in New Zealand

Police in New Zealand are questioning a teenager who is accused of being the ringleader of a cyber crime network that pilfered over £12 million from bank accounts after infiltrating more than a million computers.

The 18-year-old cannot be named for legal reasons but is know by his cyber ID 'Akill'.

He was interviewed as part of an investigation involving the NZ Police, FBI and Dutch authorities. NZ police say Akill was later released without charge but remains part of their investigation.

It is alleged that Akill headed an elite 'botnet' group called "The A-Team" which was comprised of people from the US and abroad. The gang are thought to have used botnets to infiltrate and control around 1.3 million computers.

The hackers could then use the computers to steal credit card information and manipulate stock trades.

In a statement NZ police say Akill is alleged to have designed a virus that utilised encryption and was undetectable by anti-virus software. The head of the country's police e-crime unit, Martin Kleintjes, told reporters that Akill is "very bright and very skilled" and hires his services out to others.

It is thought the New Zealander was also a co-conspirator in a denial of service attack a Philadelphia university early last year. A FBI investigation into the attack on a University of Pennsylvania engineering school server led to the arrest of 21 year old Ryan Goldstein who was indicted earlier this year.

The FBI says an investigation launched in June into criminal use of botnets has uncovered more than $20 million in economic loss and more than one million "victimised computers" so far.

"Today, botnets are the weapon of choice of cyber criminals. They seek to conceal their criminal activities by using third party computers as vehicles for their crimes," says FBI director Robert Mueller.

Since the FBI launched "Operation Bot Roast" in June, eight individuals - including Goldstein - have been indicted, pleaded guilty or been sentenced for crimes related to botnet activity.

FBI assistant director James Finch, cyber division, says the public can play a part in thwarting botnet activity by maintaining strong computer security and updating anti-virus software, installing a firewall, using strong passwords etc.

"Without employing these safeguards, botnets, along with criminal and possibly terrorist activities, will continue to flourish," says Finch.

South Africa

Bank clients pay the price for ATM bombings

South Africa's banking sector and its customers are paying the price for the increase in criminal activity. Sue Potgieter, general manager of commercial crime operations at the South African Banking Risk Information Centre (Sabric), recently released worrying figures on card fraud and ATM bombings.

Since January there have been 335 ATM bombings across the country, compared to only 53 bombings last year. The number of monthly ATM bombings peaked in October at 44.

Potgieter said the bombings occurred mainly between midnight and 4am. The preferred targets were stand-alone ATMs.

General credit card fraud increased 59 percent nationally during the first half of this year compared to the same period last year.

In KwaZulu-Natal, card fraud surged by 129 percent, placing the province second to Gauteng, where this crime was committed most often. Nationally, fraud committed with counterfeit or cloned cards rose 116 percent.

But fraud committed with lost and stolen cards was still the biggest problem. That kind of crime increased 81 percent.

Transactions where card details were used without the card being physically present were also risky, she said.

Potgieter warned people to be vigilant against ATM card fraudsters, especially during the build-up to the festive season, the peak card crime period.

Potgieter said the main reason criminals were successful at card fraud was because they won the confidence and trust of their victims. She said they were able, without their victim's knowledge, to swap and skim cards using handheld devices at the ATM, before handing the original card back to the customer.

Others jammed machines or posed as bank staff in clothing branded with banks' logos to fool their victims.

United Kingdom

FSA warns on misleading Internet advertising

One in four promotional Web sites operated by financial services firms fail to present information in a "fair, clear and not misleading way", says the UK's Financial Services Authority (FSA) following a review of advertising on investment sites.

The year-long review involved 130 visits to 77 firms' Web sites. Each visit to a Web site replicated the type of journey a customer may be making through the service, says the FSA.

The study found that three quarters of sites met the standards required, but one-in-four were difficult for consumers to navigate and failed to highlight key information.

This is partly because firms are not placing enough emphasis on the customer journey and general Web site design when placing key information, says the watchdog. In some instances general Web site maintenance was also lacking, resulting in out-of-date or incorrect information being provided to consumers.

The FSA did not name the firms operating the sites that fall short, but says it will carry out another review in March 2008 and will take action if it finds further failings.

Dan Waters, Director of Retail Policy and Themes at the FSA, says for many customers the Internet is the channel of choice for shopping around for financial products, but it can expose consumers to high risk as they are able to make instant purchases without advice.

"We expect the senior management of all regulated firms to ensure their customers are treated fairly - and we will be looking at promotional Web sites again early next year to make sure that firms have taken our findings on board and are taking Web site design seriously," adds Waters.

But the watchdog says standards have improved since it stepped up its supervision of Internet-based promotions following reviews in 2005 and 2006, which identified widespread failings.

Banks facing major security costs over Government data leak

The UK Government's loss of sensitive data compromising 25 million individuals could force British banks to take "enormously expensive" emergency measures, Gartner warns.

The potential cost of the data breach to the UK banking system, and to the economy as a whole, could reach £244 million (US$488 million), based on an estimate of just under £10 per bank account, Gartner says.

Recently the UK Government warned that disks containing bank account details, dates of birth, National Insurance numbers and other personal data for every UK family receiving Child Benefit, had been lost.

"The type of data lost could be enormously valuable to ID thieves and other criminals who could use stolen account numbers to take over bank accounts,” Avivah Litan, a Gartner vice president and distinguished analyst, told VNU Net.

Bank account numbers typically sell on the U.S. black market for as much as US$400 compared with US$5 for stolen credit card numbers, Litan said.

Even the possibility of bank account details being sold illegally would force UK banks to take emergency measures, including closely monitoring all fund transfers out of potentially affected accounts, Litan predicted.

This would be problematic due to the UK's ongoing implementation of the Faster Payments system, which will enable almost immediate fund transfers out of consumers’ bank accounts. Faster Payments will replace a system, which takes three days to effectuate fund transfers between accounts.

Gartner believes that it is "fortunate", under the circumstances, that Faster Payments has been delayed until 2008.

"If evidence emerges that the lost data is in criminal hands, UK banks could be forced to close down millions of accounts and reopen new ones at enormous cost," said Litan. "The banks' customers would also face considerable inconvenience, because automatic payments and transfers would have to be set up again, and debit cards might have to be reissued."

Litan said the chances of a genuine data loss - such as disks being mislaid - resulting in ID theft, are usually extremely low, typically less than 1 per cent for any given individual. But the media attention means that criminals are likely to pursue the lost data as vigorously as the authorities, she said.

UK bank details for sale on the Web – report

The UK Information Commissioner's Office (ICO) is investigating claims that financial data - including private account numbers, PINs and security codes - of tens of thousands of UK customers is available for sale on the Internet.

The data protection watchdog has launched an investigation following a report by UK newspaper The Times which uncovered more than 100 Web sites that are trafficking British bank details. Scotland Yard is reported to be looking into the matter. Times reporters managed to download the banking information of 32 people for free and also found a fraudster offering to sell 30,000 UK credit card numbers for less than £1 each.

A spokesman for Information Commissioner Richard Thomas told The Times that the office will be looking at the evidence provided and investigating the circumstances.

He said the ICO can take action against UK-based organisations that flout the Data Protection Act. In cases where Web sites are not UK-based the ICO will work with counterparts in the relevant country.

Surge in PIN changes after UK data breach

There has been a surge in the number of people changing their PINs in the UK following the revelation about a data breach involving 25 million Britons. According to British ATM network operator Link, the number of people changing their PINs at an ATM rose by over 50 percent in the three days after the government on November 20 revealed that it had lost computer disks containing bank account details, dates of birth, National Insurance numbers and other personal data for every UK family receiving Child Benefit.

“There was no loss of PIN information in this security breach, but our figures picked up an increase in the use of the Link ATM PIN change service after this news broke,” a Link spokesperson says. “This probably means that people were following advice from their banks, and changing PINs which might have been easily guessed, for example, a child’s date of birth.”

In the UK, PIN change is available free-of-charge to most cardholders at most ATMs.

According to a survey carried out for UK payments association APACS, most British people affected by the data breach have remained calm but vigilant. The survey found that 62 percent of adults who receive Child Benefit checked their bank statements following the news of the breach. Nearly a third (30 percent) of adults took no action following the news; 10 percent changed their passwords; and 6 percent changed their PINs.

An APACS spokesperson said the survey showed that people have not panicked and are following the advice issued by their banks.

United States

TJX offers $40.9m in Visa Settlement

TJX has agreed to a US$40.9 million settlement with US-based issuers of Visa cards which were affected by the theft of card data from the retailer's IT system. The settlement is conditional on its being accepted by the issuers of at least 80 percent of the Visa card accounts affected by the breach.

The deadline for acceptance by the issuers is December 19, 2007, TJX says.

According to a Federal court deposition made by Visa USA in October 2007, 65 million Visa accounts may have been compromised in the TJX breach (TJX Data Breach Card Count at 94 Million).

Once the settlement is completed, the issuers who accept its terms will be paid by December 27, 2007, TJX says. In return, each accepting issuer has to waive the right to any other form of compensation, such as litigation, and provide releases to TJX and its U.S. acquiring banks.

“We look forward to a high issuer acceptance of the proposal,” Carol Meyrowitz, TJX’s President and Chief Executive Officer, says in a statement.

TJX has learned a great deal about the risks of cyber-attacks as the result of the data security breach it suffered, according to Meyrowitz. “We have learned about the heightened security risks that exist across the entire U.S. retail and banking industries as a result of today’s high-tech criminals,” she says.

Meyrowitz warns that, in order to protect customers’ payment card data, cooperative action is needed from all banks, card companies and merchants. The agreement between TJX and Visa includes a provision for TJX to serve as an advocate in support of the goals of the PCI DSS (Payment Card Industry Data Security Standard) initiative.

Visa has also agreed to provide TJX with the opportunity to pilot any new payment card security technology.

Over eight million Americans hit by ID theft in 2005

A new report released by The Federal Trade Commission (FTC) estimates that 8.3 million Americans - around four per cent of the US population - fell victim to identity theft in 2005.

The FTC study, which was based on 4917 telephone interviews conducted between 27 March and 11 June 2006, indicates that 3.7% of all American adults were victims of ID theft in 2005. This is below the 4.6% rate recorded in the FTC's 2003 poll, but the agency says the decline is "not statistically significant".

Estimated total losses from ID theft came in at $15.6 billion - considerably lower than the estimate of $47.6 billion in the 2003 survey. This reflects lower estimates of both the prevalence of ID theft and the average loss per incident. But the FTC says some of these differences result from the changes in survey methodology.

"Thus, we cannot determine whether total losses have actually dropped significantly between 2003 and 2006," says the report.

Of the victims, around 3.2 million, or 1.4% of all adults, experienced misuse of existing credit card accounts, while 3.3 million, or 1.5%, experienced misuse of non-credit card accounts. Around 1.8 million victims, or 0.8%, found that new accounts were opened or other frauds were committed using their personal information.

Over half - 56% - of victims don't know how thieves obtained their information. Just one per cent say it was the result of hacking into a computer and another one per cent blamed phishing.

The FTC says in more than half of the incidents victims incurred no out-of-pocket expenses as a result of ID theft. Some victims, however, incurred substantial expenses, with 10% of all victims reporting costs of $1200 or more.

Around 37% of victims reported other difficulties, including harassment by debt collectors, the denial of new credit or loans, disconnection of utilities and problems obtaining or accessing bank accounts.

ID theft is also time consuming for victims with an average of four hours being spent resolving problems and five per cent of people taking at least 130 hours.

The survey found that fraudsters obtained more goods and services - and victims spent more time and money recovering - in cases where the thief opened new accounts rather than only hijacking existing accounts. Where the theft was limited to the misuse of existing accounts, the median value of goods and services obtained by the thieves was less than $500. Where the thieves opened new accounts or committed other frauds, the median value of goods and services obtained was $1350.

Lydia Parnes, director of the FTC's Bureau of Consumer Protection, says it is important that people learn how to deter identity thieves, detect suspicious activity on financial records and defend against the crime.

"Consumers have great tools at their disposal in their fight against identity thieves," says Parnes. "For example, the law gives every consumer the right to get their credit report for free once every 12 months from each of the three national credit reporting companies. Monitoring your credit report periodically is one valuable way to check for activity that you didn't authorize."

However the Consumers Union in the US says the FTC's report underscores the need to provide consumers with stronger protections against ID fraud.

"Identity theft is a huge headache that continues to plague millions of Americans every year," says Gail Hillebrand, director of the consumer group's Financial Privacy Now campaign. "It's time to require businesses and government agencies to safeguard sensitive personal data and to give consumers the protection they need."  

 Payments, Liquidity and Operational Risk Courses

Citadel Advantage has a variety of  Courses in its program. Details of can be found at


 Payment & Settlement Systems 


Disposable virtual prepaid card launched 

Visa has teamed up with Melbourne-based prepaid card firm SCX Global to launch the first disposable, virtual prepaid card in Australia. The Vcard, which is designed for Internet and telephone purchases only, is issued by Australia ’s Heritage Building Society.

According to Visa, the Vcard does not require cardholders to have a bank account or an existing plastic payment card. The card is also being targeted at people who are reluctant to use their existing credit or debit cards on the Web due to concerns about fraud.

Consumers have to pay A$5.50 to register for a Vcard, and then they can load a designated amount onto the card. Vcards can be purchased and loaded either at retail outlets or at the Vcard Website.

Funds can only be loaded on one occasion onto the card, Visa says. Once these funds have been used up, the card becomes invalid.

The Vcard is activated when the consumer enters the account’s reference number, which was provided at the time of purchase, onto a Website hosted by the issuer. Following activation, the consumer receives a 16-digit Visa account number. An expiry date and three-digit security code (CVV2) are delivered separately to the consumer either via e-mail or SMS text message.

A similar Visa virtual prepaid card called 3V was launched in Ireland in 2005 and in theUK in late 2006. At the end of March 2007, there were over 100,000 active 3V customers in Ireland , according to Visa.


Central bank unveils new payment system

The Peoples Bank of China has launched a new interbank transfer system for small sized payments. The group of 14 Beijing banks have begun to use the system.

After signing an advance contract with its bank clients can deposit and withdraw or transfer small sums of money amongst outlets of banks participating in the program.


Indian M-payment service launched

mChek, an Indian mobile payments technology firm, has launched a service enabling shoppers to make credit card purchases at Websites using their cellphones. The service is initially available to consumers with an Airtel cellphone account and a Visa or MasterCard credit card, but mChek also plans to sign up other Indian cellphone operators.

Bangalore-based mChek says it plans to extend its m-payment service to debit cardholders. mChek says the service complies with the Payment Card Industry Data Security Standard (PCI DSS).

Currently, Airtel subscribers can make mobile payments using mChek at four e-commerce sites,,, and

To use the service, customers have to link their credit card to their Airtel cellphone account and set up an mChek PIN. When making a purchase at an mChek-affiliated e-merchant, they select the ‘Mobile/mChek payment’ option on the merchant’s Website and enter their cellphone number. They then authorize the transaction to be charged to their credit card by entering their mChek PIN on their cellphone.

Separately, mChek has teamed up with Visa and three Indian banks to trial person-to-person money transfers via cellphone. Corporation Bank, HDFC Bank, ICICI Bank and mChek will test the Visa Money Transfer mobile remittance service with 500,000 Visa cardholders in India .

Visa Money Transfer, which enables Visa cardholders to transfer money to each other, was launched in India in 20004. The service is available at Indian bank branches, ATMs and Web banking services.


CLS Bank extends settlement service to non-deliverable forwards

CLS Bank International has extended the CLS settlement service to non-deliverable forward foreign exchange transactions. CLS says the service offer a complete straight-through process - post execution to settlement - for NDF transactions.

The service goes live with six NDF-enabled CLS member banks and one third party customer. It covers 48 reference currencies, with the net proceeds settling in any of CLS Bank's 15 settlement currencies. The new system will capture the various instructions for the life of the contract (opening and valuations), provide matching and reporting services and settle the net amount.

CLS says post trade processing of NDFs has traditionally been manually intensive, due to lack of standardisation and use of long-form confirmations. These factors contribute to higher processing costs.

The new service provides automation in an environment where little standardisation or automation currently exists, delivering more convergence and standardisation on a global scale, bringing increased efficiency and resulting in significant reduction in both cost and operational risk, says CLS.

"With a market size estimated at 10,000 trades a day, NDFs are used by those seeking to invest in and hedge exposure to foreign currencies that are not physically delivered," says Rob Close, president and CEO, CLS Bank and CEO, CLS Group. "By creating a new market standard that removes risk and automates the process, CLS will significantly reduce the cost of these transactions, making this hedging product for emerging markets simpler and more attractive to market participants."

PayPal set to roll out virtual card payments system

Ebay subsidiary PayPal is gearing up to launch a 'virtual card payment system' which allows surfers to pay for purchases on Web sites that don't accept PayPal services directly.

PayPal said in January that it was launching beta trials of the virtual card payments system in partnership with MasterCard. According to a Reuters report, PayPal's new Secure Card plug-in has been tested by three million customers and will be available to US consumers from Tuesday. An international roll out is expected to follow.

The browser plug-in detects when a user lands on an e-commerce checkout page and automatically fills in their stored financial details.

The system also generates a MasterCard number and one-time card verification code that are linked to PayPal accounts and used when paying for online purchases at Web sites that don't accept PayPal. Using technology from Orbiscom, the virtual card generates a unique number for each new purchase.

Chris George, director of financial products, PayPal, said that the transaction looks like any other MasterCard payment to the merchant and a normal PayPal purchase to the customer.

As well as increasing convenience for customers, the plug-in will multiply the number of Web sites that can offer the PayPal service by extending the system to merchants that don't currently have the PayPal technology embedded in their own e-commerce services.

Secure Card is a response to the Google Checkout Web payments processing service which was launched last year. Checkout also stores customers’ financial details to make shopping online quicker and more convenient for customers. However despite the competition PayPal has continued to grow and now claims 164 million user accounts worldwide.

A study released by Javelin Research & Strategy earlier this year predicted further growth for PayPal as consumers increase take up of "alternative payment methods" - such as e-mail payment accounts.


VeriFone offering hosted payment services in Mexico

VeriFone has set up VeriFone Access, which will provide hosted merchant payment services in Mexico and other emerging economies. The new company will provide small and medium-sized merchants with access to managed services over broadband and wireless links, VeriFone says.

VeriFone Access was formed with VeriFone's investment and in partnership with Tienda-kit, a Mexican third-party acquirer and merchant services provider. Tienda-kit now operates as VeriFone Access, VeriFone says.

VeriFone Access will enable small and mid-size merchants to roll out point-of-sale managed services previously available only to larger retailers, such as selling mobile airtime, accepting utilities payments and developing loyalty programs. Merchants signing up for VeriFone Access will be able to take advantage of increasing customer preferences in Mexico and Latin America for credit and debit card-based purchases, including monthly installment payments, VeriFone says.

The company's first offering will be a hosted managed service platform based on a proprietary transaction handling technology and on VeriFone's PAYware software. The platform will include payment authorization; estate management; front- and back-end services; value-added payment card management; digital product distribution services; and card issuance and management products.


DnB Nor, MasterCard and Telenor in mobile payments trial

Norwegian banking group DnB Nor is partnering with MasterCard and local telco Telenor to launch a public trial of near field communications (NFC)-based contactless mobile payments technology. DnB Nor, Telenor and MasterCard will begin testing the technology with customers in Oslo in the first half of 2008.

The system utilizes MasterCard's PayPass contactless technology, which will enable customers to pay for low value purchases at certain retailers in Oslo city centre by tapping their handsets on a specially-equipped terminal.

"Once the testing starts, it will be the first of its kind in the Nordic region and among the first in the world based on standardized components," says Hanne Sjursen, group manager, e-ID and e-Payments, Telenor.

Carlos Rodriguez, general manager, Nordic region, MasterCard Europe, says: "The innovative combination of mobile and contactless payments gives consumers the choice of a new way to pay for everyday items that is faster, safer and more convenient than cash."

Earlier this month MasterCard revealed plans to launch an NFC-enabled mobile payments services in Japan that would allow Japanese customers to use contactless 'tap and go' PayPass technology at retail outlets around the world.

The card issuer recently claimed that 75% of customers that participated in a mobile phone PayPass pilot program in Taiwan preferred the contactless technology to traditional contact-based cards and made payments more often.

A report published by Juniper Research earlier this year predicted that the popularity of mobile payments is set to rocket over the next few years, with the value of the market rising from $77.6 million in 2007 to $11.5 billion in 2011.

The Norwegian initiative comes as Sony and Dutch chipmaker NXP Semiconductors announce the creation of Moversa, a joint venture company set up to promote smart-card applications in mobile phones by developing a chip that includes both companies' contactless formats: Mifare and FeliCa.

First samples of the secure chip will be available by mid-2008 with initial commercial deployments targeted for the end of next year.

Moversa will have a nominal capitalisation of $146,600 and a total capitalisation of $28 million. Sony and NXP will each hold 50 percent of the company, which will be based in Vienna , Austria .

United Kingdom

New rules for cheque clearing in UK

UK banks and building societies will be required to pay interest on money paid in by cheque after two working days, under rules that came into effect November 30, 2007. Banks had previously been paying interest after cheque deposits had cleared, which can take up to six working days.

Under the new rules, consumers will be able to withdraw the money after four days if it is paid into a current account. They will also be guaranteed that, after six days, the cash is theirs, even if the cheque subsequently bounces.

The changes follow an investigation by the Office of Fair Trading (OFT), the UK government’s consumer affairs regulator, into the cheque clearing cycle.

Although cheques are becoming a less popular method of payment due to the growth in card transactions, 270 million cheques were written by UK consumers in the third quarter of 2007. Prior to the new rules, banks could set their own timescales for clearing cheque payments, a situation which often led to confusion among bank customers.

Research by the Cheque and Credit Clearing Company, which represents 11 banks and one building society, found that fewer than a quarter of UK customers knew how long it took for a cheque to clear after they had paid it in. More than half of those questioned said they were worried about accepting a payment by cheque in case it bounced.

 “Although cheque use has fallen over the last few years, cheques remain important for certain customers in certain situations,” Angela Thomas, the Cheque and Credit Clearing Company’s managing director, says. "Whether it's a small business or someone selling a car, there are many occasions where cheques still get handed over.”

The changes are designed to make the cheque clearing process more transparent for individuals and businesses, enabling them to spend money confidently after the six-day cycle, Thomas says.

UK operator tests mobile payment system

UK operator O2 has begun the UK's first large scale pilot of Near Field Communications (NFC) technology on mobile phones. The trial, which will involve over 500 O2 customers, will run until the end of May.

Partners in the trial include Transport for London, TranSys, Barclaycard, Visa Europe, Nokia and AEG, and retailers Books Etc, Chop'd, Coffee Republic, EAT, Krispy Kreme, Threshers and YO! Sushi.

Each user will be given a Nokia 6131 NFC handset installed with the O2 Wallet loaded with £200 ($416). The wallet will hold several cards – such as Oyster and Barclaycard – in virtual form and with NFC functionality. As well as making payments, customers will also be able to use the phones to check available funds and to locate retailers close to them that accept contactless payments.

“We believe that NFC technology is going to fundamentally change the way people use their mobile phones,” said O2 UK customer director Cath Keers.

 Central Banks  


Reserve Bank of India in favour of migration to new payment model

A Change in the regulatory regime to enable a migration to a new payments model featuring the use of mobile phones and pre-paid cards may not be too far off. In its first review of payments and settlements systems in India , the Reserve Bank of India (RBI) has recognized the need for a new payment model considering the high cost involved in the use of credit and debit cards for small payments. The report has made out a strong case for raising awareness of payment products, transparency in charges and the need for possible regulatory changes to suit innovative products.

The report says the widespread use of mobile instruments for payment and settlement services would require that the cash-in and cash-out points for these payments should not be curtailed by the number of bank branches. It would require that the central bank carry out regulatory changes to facilitate the maintenance of customer accounts at mobile companies and pooled accounts at banks. It also suggested the facilitation of acceptance and disbursal of cash at merchant or mobile phone service providers’ locations, similar to what has been permitted by the central banks of Kenya and Philippines .

The review was released by RBI, after collecting feedback from banks, trade and industry and consumer associations. Cash transfer and banking through cell phones have been successfully experimented in countries like South Africa , Mexico and North Korea . In South Africa , mobile company MTN had partnered with Standard Bank to create a low-cost mobile banking platform.

Recently in India, Bharti Airtel has partnered with State Bank of India and ICICI Bank for mobile banking and pilot projects on mobile remittances have been conducted for the past few months. Also, there has been an emergence in the number of mobile payments companies like mChek, Paymate and Obopay which have set up shop in India , hoping to tap into the huge unbanked population.

Also highlighted was the need for transparency in service and other related charges. In particular, the need to reduce the amount of surcharge levied on merchants for credit and debit cards was pointed out since they disincentives the use of such payment gateways. It also suggested banks may be encouraged to provide incentives to merchants in smaller cities to improve the acceptance of credit and debit cards. It further suggested for the encouragement of customers by banks to use their debit cards at merchant locations.

While some banks have been promoting the use of payment instruments, they don’t have proper systems for addressing grievances, the review pointed out. It suggested that such grievance redressal mechanisms, manned by competitive staff be made available at branch levels. The need for trained bank employees at bank counters was also highlighted by the review.

The central bank added 59 of the 1,064 clearing houses should make use of MICR-sorting machines, since 80% of the cheque volumes of the country are handled by these centers. A more efficient method of cheque clearing called Magnetic Media Based Clearing System (MMBCS), which will bring more automation to clearing, is being implemented in other clearing houses associated with more than 15 branches, where it is being done manually at present, it mentioned.


EU 'working hard' to conclude inquiry into MasterCard interchange fees

EU competition commissioner Neelie Kroes said the EU executive is 'working hard' to conclude its inquiry into credit card group MasterCard Inc's (NYSE:MA) interchange fee payments network, with the launch of the Single Euro Payments Area (SEPA) on the horizon next year.

Speaking at the European Parliament here, Kroes said: 'The Commission is working hard to bring the MasterCard case to a conclusion. We want this decision to provide the industry with a solid competition analysis of the (interchange fee system) as applied by MasterCard.'

In mid-October, Kroes said she envisaged that the inquiry would be completed by the end of the year.

At the end of January, the commission completed its banking and payment card sector inquiry and said that while it would not abolish interchange fees - paid, under the direction of bank card networks such as MasterCard and Visa, by the merchant's bank to the cardholder's bank to cover the costs of operating debit and credit card payment networks - it would continue to assess the legality of current fee levels.

Kroes also said arguments calling for the introduction of interchange fees for direct debit transactions once SEPA is implemented in January next year would have to be thorough and persuasive.

'Even if it can be argued that an (interchange fee) for direct debit transactions might be necessary in the initial phase or during the transition to SEPA, the justification for keeping it once migration is achieved would have to be very convincing.'

The commissioner said the commission continues to have concerns about the 'migration' of national card schemes to international brands once SEPA begins.

'I do not want to see low cost national card schemes being replaced by more expensive payment card schemes, using SEPA as an excuse and a pretext for this move.'

'Experience shows that when national card schemes have migrated to international brands, as has happened in the UK and Austria, there has been an increase in fees charged to retailers. But guess who pays in the end: these fees were ultimately passed on to customers in the form of higher prices'.

Kroes reminded: 'The integration of European financial markets is a complex process and SEPA is an important part of it. We owe it to European consumers to ensure that the process has a simple outcome in the form of cheap, secure and efficient payment systems.'

Since January 2002, consumers have been paying with euro banknotes and coins everywhere in the euro zone. However, non-cash payments between two countries in the zone continued to be 'expensive and complicated', according to the European Central Bank (ECB) -- thus necessitating 'further integration'.

The project is supported by two pieces of EU legislation, one adopted in 2001 and one agreed by EU finance ministers this year.

The goal of SEPA - developed and managed by the banking industry, as represented by the European Payments Council - is to turn individual national retail payment markets into one pan-European market.

It will harmonize bank systems throughout the euro zone - currently comprising of thirteen countries Austria, Belgium, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, Netherlands, Portugal, Slovenia, Spain -- so as to make cross-border payments easier and to facilitate euro zone-wide banking from a single account in any one country.

It will enable customers to make cashless euro payments to anyone located anywhere in the euro zone using a single bank account and a single set of payment instruments.

The ECB says SEPA will turn 'fragmented' national markets for euro payments into a single domestic one.

It argues that the transformation will increase business opportunities and competition among providers of payment services. Customers will benefit from the single currency for cashless payments and the scheme will bring down prices for customers and raise the quality of services, it argues.

Implementation of the project is seen by Jan 28 next year, when banks will start migrating customers over to the new payment instruments.

The date of January 1 was revised to reduce the risk of additional technical problems due to the change of year.

SEPA impacts all banks operating in 31 countries, not just those in the euro zone - the 27 EU member states, the three other European Economic Area countries (Liechtenstein, Iceland and Norway) and Switzerland. By 2010, the majority should be on the SEPA framework, says the ECB.

 Money Laundering   

United States

Digital currencies used to launder $35m in card fraud money

Digital currencies were used to launder an estimated US$35 million in proceeds from payment card data theft, according to charges filed by Manhattan District Attorney Robert M. Morgenthau.

Seventeen individuals and one corporation are facing corruption charges connected with global trafficking in stolen credit card numbers, cybercrime and identity theft. If convicted, the defendants face up to 25 years in jail.

The indictment marks the second phase in a joint two-year investigation by the Manhattan District Attorney’s Identity Theft Unit and the United States Secret Service.

The investigation revealed that, over a four-year period, Manhattan-based corporation Western Express handled over US$35 million in proceeds from criminal activity, channeling the money through numerous Egold and Webmoney digital currency accounts. These Internet-only accounts were managed respectively by U.S.-based Egold and Russia ’s WM Transfer.

According to the indictment, the people involved in the so-called Western Express Cybercrime Group communicated through “carding” Websites that are devoted to trafficking in stolen credit card and personal identifying information.

Besides using digital currency, the group used nicknames, false identities, anonymous instant messenger accounts and anonymous e-mail accounts to conceal its existence and to avoid detection by law enforcement and regulatory agencies.

Nine defendants have already been arraigned, two are in custody on unrelated charges, and six are still being sought, Morgenthau says.



Western Union and Bharti Airtel to pilot mobile remittance system

Money transfer operator Western Union is teaming with Indian telco Bharti Airtel to develop a mobile international remittance system in India.

The new mobile money transfer service will enable people outside the country to send remittances to recipients in India.

Western Union has 45,000 agent locations, across 5000 towns and cities, in India whilst Bharti Airtel claims 50 million mobile phone customers in the country.

Western Union cites statistics from the Reserve Bank of India that suggest the annual value of remittances into India stood at over $26 billion for the fiscal year 2006 - 2007, accounting for approximately 10% of the global inward remittance market.

Commenting on the deal, Gopal Vittal, director, marketing and communications, Bharti Airtel, says: "This will help us move money via mobile in a fast and convenient way, supporting low-value transactions."

Matt Dill, general manager, Western Union Mobile, adds: "This is a very exciting development, especially given the expanse and reach of mobile services in the Indian subcontinent."

The service is subject to regulatory approval.

The move follows an agreement between Western Union and the GSMA - an international trade group of mobile phone operators - to develop a system that would enable customers to use their handsets to conduct cross-border fund transfers. Bharti Airtel is chairing the programme, which includes 35 mobile phone operators with 800 million customers in more than 100 countries.

Earlier this year the GSMA agreed to pilot a similar international remittance system using mobile payments technology with MasterCard.


Remittance flows to developing countries reach $240bn - World Bank

A new set of data released by the World Bank group has revealed that remittances to developing countries are expected to reach an estimated $240 billion in 2007.

The new data contained in a brief titled 'Remittance Trends 2007', which was released on November 30 by the Bank, also disclosed that the true size of remittances including unrecorded flows is even larger. The release was timed to coincide with a November 28-30 G8 Outreach meeting on remittances in Berlin .

Speaking on the issue, Dilip Ratha, Senior Economist in the Development Prospects Group of the World Bank, said recorded remittances are more than twice as large as official aid and nearly two-thirds of FDI flows received by developing countries.

The brief, which was displayed on the Bank's website, described broad regional and country specific trends in remittance flows worldwide, and highlighted some structural changes that would affect future flows.

According to the analysis, a near stagnation in remittance flows to Mexico and a deceleration in other Latin American countries contributed to a slowdown in the rate of growth of remittances in 2007. Nevertheless, the growth of remittances to developing countries remains robust because of strong growth in Europe and Asia .

The remittance industry, the brief noted. is experiencing some positive structural changes with the advent of cell phone and internet-based remittance instruments. These changes, however, are slowed down by a lack of clarity on key regulations (including those relating to money laundering and other financial crimes).

"Remittance costs have fallen, but not far enough, especially in the South-South corridors," said Uri Dadush, Director of the World Bank's Development Prospects Group and International Trade Department. Dadush chairs the World Bank's Working Group on Migration.

The work program on Migration and Remittances in the Development Prospects Group (DECPG) involves efforts to monitor and forecast remittance and migration flows, analysis of the here-and-now topics involving remittances and migration, and the provision of services to the World Bank and the global development community.

The World Bank began working on international migration and remittances issues with the publication of the Global Development Finance 2003 dedicated to remittances. This chapter had a seminal impact on the global debate on migration and development. In October 2003, the Development Prospects Group collaborated with the financial sector of the World Bank and with DFID to organise a conference on migrant remittances in London . To meet heightened global interest in remittances, the World Bank devoted the Global Economic Prospects 2006 to the topic of International Remittances and Migration.

Recorded remittances to developing countries are estimated to reach $240 billion this year alone. The true size of remittances including unrecorded flows is even larger. The brief also described some broad regional and country specific trends in remittance flows worldwide.

Post-9/11 curbs hinder transfer of remittances

The World Bank is looking into the possibility of smoother flows of remittances by migrants from the developed world to countries like Afghanistan under the existing stricter banking regulations created post-9/11.

"Regulations (imposed after 9/11) are a major issue for remittance, Regine De Clercq, executive director in charge of organizing the first meeting of the Global Forum on Migration and Development in Brussels, said at a press conference at the UN headquarters.

The problem encountered by migrants from countries like Afghanistan was discussed at the conference held in July this year, and would also be taken up during the second Global Forum on Migration and Development in October next year, she added.

"Since September 11, the world has become very sensitive about the misuse (of remittances), which could be made of international transfers. Therefore they have to go through regulations - which results in delay and costs, Clercq observed.

She said the World Bank had taken note of the situation and had discussed ideas about how the restrictions could be minimized in order to allow people to send money back home as freely as possible within the existing regulations against money-laundering and terrorism.

As a result of the current curbs, a large number of Afghans living in countries like the United States and Canada are unable to transfer money back home. Even if they are, it costs a lot of time and money.

Sri Lanka

Awareness program on worker remittances

Several initiatives have been launched to organize a country-wide public awareness program in order to facilitate the smooth functioning of foreign exchange markets in terms of the strategic plan of the Central Bank’s Exchange Control Department for the year 2007. The inaugural seminar of this program was successfully held at ‘Hotel Spring View’ in Matale on 10th November 2007.The main theme of the program is the ‘Promotion of worker remittances through formal channels from Sri Lankan expatriate workers’.

The event was organized by Mr. D Wasantha, Controller of Exchange, Mr. Udeni Alawattage, and the Additional Controller of Exchange along with other officials of the Exchange Control Department.

The fact that all stakeholders i.e. family members of migrant workers, prospective migrant workers, divisional secretariats, representatives of the commercial and state banks, officials of the Foreign Employment Bureau, members of the Association of Licensed Foreign Employment Agents and the representatives of the MMBL had gathered at a single Forum was of immense benefit of the public.

The Central Bank would function as a facilitator during this program by collecting all stakeholders into one forum for discussion.

While the guest speeches created awareness among the public on the ways and means of channeling foreign exchange safely through legal channels, the benefits and the possible fruitful investment of such remittances were also highlighted.

The importance of channeling remittances to the country through the banking system was discussed by the Senior Assistant Controller of Exchange, Sudath Prasanna and the role of the Foreign Employment Bureau and the problems encountered by Sri Lankan expatriates abroad were discussed by working director of the Foreign Employment Bureau, Bhathiya Sumitharachchi.

Participants were also given the opportunity to raise their own queries and to obtain immediate solutions from the respective authorities during the seminar.

A facilitation session had also been arranged at the end of the session which was a great opportunity for the public to meet the bankers from their area.

The Department of Exchange Control intends to continue this program and a decision has been taken to conduct a second program in Negombo in December.

 Legal Issues



New agency for retail payments envisaged

The Indian government proposes to set up a new National Payments Corporation of India (NPCIL) to take over the operation of retail payment systems in the country. 

This corporate entity will be outside the specific regulatory purview, on the lines of the inter-bank government securities and forex clearing systems operated by the Clearing Corporation of India Ltd. 

The Payment and Settlement Systems Bill-2006, which provides for the setting up of NPCIL also makes a clear demarcation of functions of the central bank as a service provider and as the regulator. 

Asking the house to consider the Bill, Finance Minister P. Chidambaram said the changes could not have been effected by making an amendment to the Reserve Bank of India Act as the Bill has 38 sections that seek to bring the payments systems in the country in conformity with the global standards. 

He added the Bill was referred to a Standing Committee which submitted its recommendations earlier this year. The NPCI will be set up under Section 25 of the Companies Act and will be owned by public sector banks including the State Bank of India . 

In India, a host of payment systems are in operation ranging from manual paper-based clearing, to real time gross settlement for non-cash payments. 

The various retail systems prevalent also include MICR clearing, electronic funds transfer system, card-based payment systems, government securities clearing and forex clearing among others. 

RBI operates and manages paper-based cheque processing in the four metros, while it is operated by public sector banks at 12 other centers but managed by the central bank. 

Clearing houses are not legal entities but voluntary bodies of banks, with the rules and regulations being contractual in nature. 

The RBI is empowered to make regulations of clearing houses for banks and electronic fund transfers. The procedure of ‘netting’ is not legally recognized but has been adopted as a working procedure by the clearing house members. 

In view of this, the government has considered it necessary to enact a specific legislation which designates RBI as the authority with a number of powers and functions in this regard.




Citadel Advantage Ltd. is a registered limited company