Number 135; 13th December 2007
Subscribe to the CA DIGEST Alert Service - This page is updated regularly with news relating to Operational Risk and Compliance issues from around the world. Subscribe to this alert service by sending a blank e-mail to CADIGEST@citadeladvantage.com with the word SUBSCRIBE in the subject line
theft victims disclose costs of violations
The Identity Theft Resource Center has published a study which
analyses the personal impact of identity theft on victims. “Identity
Theft: The Aftermath 2006” was not based on a random survey, but on
interviews with actual confirmed victims of ID theft in 2006, the
U.S.-based non-profit body says.
ID theft victims were invited to respond to a series of 44
questions, the Center says. The questions ranged from the emotional impact
that ID fraud has had on their lives, and how easy it was to recover their
good name, to the financial losses suffered by banks, card issuers and
merchants as a result of the fraud the victims suffered.
A large percentage of respondents reported being victimized by
people who may have had easy access to personal identifying information,
including friends, family members, ex-spouses or those in close contact
with the victim, such as co-workers.
Of those respondents who knew something about their imposter,
victims reported that their imposters also committed other crimes;
experienced financial difficulties; have addictions; and may have
committed ID theft against other family members.
Nearly two-thirds of the 2006 sample reported that their personal
information had been used to open a new credit line in their name; 29
percent reported their information was used to obtain new cable TV or
utility accounts; and a further 27 percent reported that the imposter made
charges to the victims' existing credit card accounts.
Victims spent an average of 97 hours repairing the damage done by
identity theft to an existing account used or taken over by the thief. The
average total value of charges made to fraudulent accounts in the
victims’ names was US$87,303 in 2006, up 78 percent from 2004.
Nearly half (45 percent) of victims in 2006 reported that ID
fraud had stressed their family life; 27 percent felt betrayed by
unsupportive family members and friends; and 34 percent said their family
did not understand.
Expert charges banks on effective risk management
A risk management expert has urged Nigerian banks to put in place
effective risk management system rather than focusing on raising capital.
Executive director (Risk Management Control) First Bank of
He said there is a high watermark burden on bank to entrench
transparency and operate in an ethical manner, adding that as banks are
raising more money from the capital market they are also under pressure to
deliver huge returns to shareholders at the end of the day. He further
said that many banking risk arise from common cause of mismatching, adding
that if banks had perfectly matched assets and liabilities, the only risk
faced by a bank would be credit risk.
He stated that risk in banks could not be completely eliminated
but it could be minimized through robust risk management practices.
Highlighting the elements of sound corporate governance, he said that with
a well articulated corporate strategy, the overall success and the
contribution of individuals could be measured. He said that there was need
of setting and enforcing clear assignment of responsibilities,
decision-making authority and accountabilities that are appropriate for
the bank's risk profile.
Police arrest card skimmer suspects
Vancouver police have arrested two suspects in connection with a
sophisticated debit and credit-card skimming operation. A Canada-wide
warrant has been issued for a third man in connection with the operation,
which allegedly robbed hundreds of people of their money.
Dumitru Gabureac and Oksana Syrevich, both of Vancouver, were
arrested November 23 and face multiple charges including theft and
possession of credit card forging equipment.
Dimitru Gigi Kovacs, who remains at large, faces charges
including fraud, theft, possession of credit card forging equipment, and
possession of unauthorized credit card data.
The charges come after a police investigation into a debit-card
skimming fraud that was first spotted in Langley, near Vancouver in August
Police say several debit card skim sites were located in Langley,
where Ingenico 1200 Series debit PINpads at fast-food restaurants and
other businesses were replaced by “parasite” pads that recorded the
user's card information.
Fraudulent cards were then made up, resulting in "hundreds
of thousands" of dollars withdrawn from the victims' bank accounts,
During the course of the investigation, the Langley skim sites
were linked to similar incidents in other nearby cities including
Vancouver, Maple Ridge, Richmond, Coquitlam and Abbotsford, British
Police say one popular fast-food chain was victimized 16 times by
what appeared to be the same group of individuals.
Police say the Vancouver operation has extensive connections to
organized crime gangs in Ontario and Montreal. Gabureac has a number of
RBI cautions public against remittance frauds
The Reserve Bank of India has cautioned people not to fall prey
to fictitious offers for release of cheap funds claimed to have been
remitted by overseas entities to banks in India or the RBI.
The warning comes in the wake of international e-mail frauds and
lottery scams, where people have lost money by believing unknown entities
making claims of a lottery in store for the unsuspecting victim.
Public should not make any remittance towards participation in
such schemes or offers from unknown entities, an RBI note said.
Describing the modality of such offers, the RBI stated that
certain foreign entities or individuals, including Indian residents acting
as representatives of such entities, make offers through letters or
e-mails, of huge money in foreign currency to resident individuals
(including schools / hospitals), on the pretext of helping them in their
business or ventures in India.
Once the contact is established, the offer is followed by a
request seeking details of the bank account of the individuals or Indian
entity and asking some amount to be remitted to them as initial deposit /
commission so that the offer money could be transferred.
Likewise, references have been also received in the RBI in the
recent past from individuals and authorized dealers seeking approvals or
clarifications for effecting remittances in foreign currency towards
commission or fees for receiving prizes won in overseas lottery schemes
etc, the note said.
It has also come to the notice of the RBI that certain overseas
organizations have been advising individuals / companies and trusts in
India that huge sums of money for disbursal of loans in India at cheap
rates has been kept in an account with the RBI and the funds would be
released after approval from the central bank.
To substantiate their claims, even copies of certificate /
deposit receipts purported to have been issued by the RBI are produced by
The RBI clarified that remittance in any form towards
participation in lottery schemes is prohibited under Foreign Exchange
Management Act, 1999. Further, these restrictions are also applicable to
remittances for participation in lottery-like schemes functioning under
different names, such as, money circulation scheme or remittances for the
purpose of securing prize money / awards, etc.
The central bank further clarified that it does not maintain any
account in the name of individuals / companies or trusts in India to hold
funds for disbursal.
Security experts warns of man-in-the-browser threat
Security experts are reporting a surge in so-called
"man-in-the-browser" attacks where hackers infect PCs with
malicious code that is only triggered when a Web user visits an online
Helsinki-based digital security firm F-Secure is warning that
this new type of malware can retrieve information - such as logins and
passwords - entered on a legitimate bank site by intercepting the HTML
code in the Web browser. Criminals then store the personal data on FTP
sites before selling it on.
Mikko Hypponen, chief research officer at F-Secure, says:
"With the enhancements that banks have deployed in terms of
authentication security on their online banking sites, phishing attacks
are becoming less and less effective, and attacks of the 'man in the
browser' type are set to increase."
F-Secure says security products using behavioral analysis are the
most effective against these attacks, as the malicious codes are designed
specifically for certain banking sites. They are not distributed en masse
like phishing emails.
Recently Connecticut-based start-up security firm KeyID reported
that it is in discussions with banks about testing its patent-pending
SecureOTP technology, which uses one time passwords (OTPs) to add an extra
layer of security to two factor authentication methods in order to protect
against man-in-the-browser and man-in-the-middle attacks as well as
phishing and pharming.
The KeyID system works at the authentication stage of a
transaction, providing a separate encryption packed with the OTP meaning
any hacker that tries to intercept the transmission cannot read the
KeyID president and CEO, Sunil Ippagunta, told reporters that,
although man-in-the-browser attacks could still occur after secure
authentication is set up, the criminal wouldn't be able to read the
secured credentials because they are only valid for specific sessions and
The start-up is expected to begin testing technology in the first
quarter of 2008, before a roll out in Q2.
Gail Kerr, executive vice president of business development for
KeyID, says the company has demonstrated the technology to PayPal, Bank of
America and CitiBank.
Allied Irish Bank sends 15,000 customer payment receipts to wrong
Allied Irish Bank (AIB) says a computer error caused 15,000
payment advice slips - some featuring personal details including names,
addresses and bank account and sort code numbers - to be sent to the wrong
In a statement the bank says that a "technical problem"
led to 15,000 payment slips for deposits or withdrawals in foreign funds
being issued to the wrong customers between 13 and 15 November. About
11,000 individual customers are thought to be affected by the glitch.
Around half of payment slips are thought to have contained names,
addresses and account and bank sort code numbers of other clients. The
rest contained partial information such as account numbers and sort codes.
AIB says that no customer accounts have been incorrectly debited and all
payments were processed in accordance with customer instructions.
The bank says it is writing to all affected customers and has
informed the Data Protection Commissioner on the incident.
Hacking gang leader arrested in New Zealand
Police in New Zealand are questioning a teenager who is accused
of being the ringleader of a cyber crime network that pilfered over £12
million from bank accounts after infiltrating more than a million
The 18-year-old cannot be named for legal reasons but is know by
his cyber ID 'Akill'.
He was interviewed as part of an investigation involving the NZ
Police, FBI and Dutch authorities. NZ police say Akill was later released
without charge but remains part of their investigation.
It is alleged that Akill headed an elite 'botnet' group called
"The A-Team" which was comprised of people from the US and
abroad. The gang are thought to have used botnets to infiltrate and
control around 1.3 million computers.
The hackers could then use the computers to steal credit card
information and manipulate stock trades.
In a statement NZ police say Akill is alleged to have designed a
virus that utilised encryption and was undetectable by anti-virus
software. The head of the country's police e-crime unit, Martin Kleintjes,
told reporters that Akill is "very bright and very skilled" and
hires his services out to others.
It is thought the New Zealander was also a co-conspirator in a
denial of service attack a Philadelphia university early last year. A FBI
investigation into the attack on a
The FBI says an investigation launched in June into criminal use
of botnets has uncovered more than $20 million in economic loss and more
than one million "victimised computers" so far.
"Today, botnets are the weapon of choice of cyber criminals.
They seek to conceal their criminal activities by using third party
computers as vehicles for their crimes," says FBI director Robert
Since the FBI launched "Operation Bot Roast" in June,
eight individuals - including Goldstein - have been indicted, pleaded
guilty or been sentenced for crimes related to botnet activity.
FBI assistant director James Finch, cyber division, says the
public can play a part in thwarting botnet activity by maintaining strong
computer security and updating anti-virus software, installing a firewall,
using strong passwords etc.
"Without employing these safeguards, botnets, along with
criminal and possibly terrorist activities, will continue to
flourish," says Finch.
Bank clients pay the price for ATM bombings
South Africa's banking sector and its customers are paying the
price for the increase in criminal activity. Sue Potgieter, general
manager of commercial crime operations at the South African Banking Risk
Information Centre (Sabric), recently released worrying figures on card
fraud and ATM bombings.
Since January there have been 335 ATM bombings across the
country, compared to only 53 bombings last year. The number of monthly ATM
bombings peaked in October at 44.
Potgieter said the bombings occurred mainly between midnight and
4am. The preferred targets were stand-alone ATMs.
General credit card fraud increased 59 percent nationally during
the first half of this year compared to the same period last year.
In KwaZulu-Natal, card fraud surged by 129 percent, placing the
province second to Gauteng, where this crime was committed most often.
Nationally, fraud committed with counterfeit or cloned cards rose 116
But fraud committed with lost and stolen cards was still the
biggest problem. That kind of crime increased 81 percent.
Transactions where card details were used without the card being
physically present were also risky, she said.
Potgieter warned people to be vigilant against ATM card
fraudsters, especially during the build-up to the festive season, the peak
card crime period.
Potgieter said the main reason criminals were successful at card
fraud was because they won the confidence and trust of their victims. She
said they were able, without their victim's knowledge, to swap and skim
cards using handheld devices at the ATM, before handing the original card
back to the customer.
Others jammed machines or posed as bank staff in clothing branded
with banks' logos to fool their victims.
FSA warns on misleading Internet advertising
One in four promotional Web sites operated by financial services
firms fail to present information in a "fair, clear and not
misleading way", says the UK's Financial Services Authority (FSA)
following a review of advertising on investment sites.
The year-long review involved 130 visits to 77 firms' Web sites.
Each visit to a Web site replicated the type of journey a customer may be
making through the service, says the FSA.
The study found that three quarters of sites met the standards
required, but one-in-four were difficult for consumers to navigate and
failed to highlight key information.
This is partly because firms are not placing enough emphasis on
the customer journey and general Web site design when placing key
information, says the watchdog. In some instances general Web site
maintenance was also lacking, resulting in out-of-date or incorrect
information being provided to consumers.
The FSA did not name the firms operating the sites that fall
short, but says it will carry out another review in March 2008 and will
take action if it finds further failings.
Dan Waters, Director of Retail Policy and Themes at the FSA, says
for many customers the Internet is the channel of choice for shopping
around for financial products, but it can expose consumers to high risk as
they are able to make instant purchases without advice.
"We expect the senior management of all regulated firms to
ensure their customers are treated fairly - and we will be looking at
promotional Web sites again early next year to make sure that firms have
taken our findings on board and are taking Web site design
seriously," adds Waters.
But the watchdog says standards have improved since it stepped up
its supervision of Internet-based promotions following reviews in 2005 and
2006, which identified widespread failings.
Banks facing major security costs over Government data leak
The UK Government's loss of sensitive data compromising 25
million individuals could force British banks to take "enormously
expensive" emergency measures, Gartner warns.
The potential cost of the data breach to the UK banking system,
and to the economy as a whole, could reach £244 million (US$488 million),
based on an estimate of just under £10 per bank account, Gartner says.
Recently the UK Government warned that disks containing bank
account details, dates of birth, National Insurance numbers and other
personal data for every UK family receiving Child Benefit, had been lost.
"The type of data lost could be enormously valuable to ID
thieves and other criminals who could use stolen account numbers to take
over bank accounts,” Avivah Litan, a Gartner vice president and
distinguished analyst, told VNU Net.
Bank account numbers typically sell on the U.S. black market for
as much as US$400 compared with US$5 for stolen credit card numbers, Litan
Even the possibility of bank account details being sold illegally
would force UK banks to take emergency measures, including closely
monitoring all fund transfers out of potentially affected accounts, Litan
This would be problematic due to the UK's ongoing implementation
of the Faster Payments system, which will enable almost immediate fund
transfers out of consumers’ bank accounts. Faster Payments will replace
a system, which takes three days to effectuate fund transfers between
Gartner believes that it is "fortunate", under the
circumstances, that Faster Payments has been delayed until 2008.
"If evidence emerges that the lost data is in criminal
hands, UK banks could be forced to close down millions of accounts and
reopen new ones at enormous cost," said Litan. "The banks'
customers would also face considerable inconvenience, because automatic
payments and transfers would have to be set up again, and debit cards
might have to be reissued."
Litan said the chances of a genuine data loss - such as disks
being mislaid - resulting in ID theft, are usually extremely low,
typically less than 1 per cent for any given individual. But the media
attention means that criminals are likely to pursue the lost data as
vigorously as the authorities, she said.
UK bank details for sale on the Web – report
The UK Information Commissioner's Office (ICO) is investigating
claims that financial data - including private account numbers, PINs and
security codes - of tens of thousands of UK customers is available for
sale on the Internet.
The data protection watchdog has launched an investigation
following a report by UK newspaper The Times which uncovered more than 100
Web sites that are trafficking British bank details. Scotland Yard is
reported to be looking into the matter. Times reporters managed to
download the banking information of 32 people for free and also found a
fraudster offering to sell 30,000
A spokesman for Information Commissioner Richard Thomas told The
Times that the office will be looking at the evidence provided and
investigating the circumstances.
He said the ICO can take action against UK-based organisations
that flout the Data Protection Act. In cases where Web sites are not
UK-based the ICO will work with counterparts in the relevant country.
Surge in PIN changes after UK data breach
There has been a surge in the number of people changing their
PINs in the UK following the revelation about a data breach involving 25
million Britons. According to British ATM network operator Link, the
number of people changing their PINs at an ATM rose by over 50 percent in
the three days after the government on November 20 revealed that it had
lost computer disks containing bank account details, dates of birth,
National Insurance numbers and other personal data for every
“There was no loss of PIN information in this security breach,
but our figures picked up an increase in the use of the Link ATM PIN
change service after this news broke,” a Link spokesperson says. “This
probably means that people were following advice from their banks, and
changing PINs which might have been easily guessed, for example, a
child’s date of birth.”
In the UK, PIN change is available free-of-charge to most
cardholders at most ATMs.
According to a survey carried out for UK payments association
APACS, most British people affected by the data breach have remained calm
but vigilant. The survey found that 62 percent of adults who receive Child
Benefit checked their bank statements following the news of the breach.
Nearly a third (30 percent) of adults took no action following the news;
10 percent changed their passwords; and 6 percent changed their PINs.
An APACS spokesperson said the survey showed that people have not
panicked and are following the advice issued by their banks.
TJX offers $40.9m in Visa Settlement
TJX has agreed to a US$40.9 million settlement with US-based
issuers of Visa cards which were affected by the theft of card data from
the retailer's IT system. The settlement is conditional on its being
accepted by the issuers of at least 80 percent of the Visa card accounts
affected by the breach.
The deadline for acceptance by the issuers is December 19, 2007,
According to a Federal court deposition made by Visa USA in
October 2007, 65 million Visa accounts may have been compromised in the
TJX breach (TJX Data Breach Card Count at 94 Million).
Once the settlement is completed, the issuers who accept its
terms will be paid by December 27, 2007, TJX says. In return, each
accepting issuer has to waive the right to any other form of compensation,
such as litigation, and provide releases to TJX and its
“We look forward to a high issuer acceptance of the
proposal,” Carol Meyrowitz, TJX’s President and Chief Executive
Officer, says in a statement.
TJX has learned a great deal about the risks of cyber-attacks as
the result of the data security breach it suffered, according to Meyrowitz.
“We have learned about the heightened security risks that exist across
Meyrowitz warns that, in order to protect customers’ payment
card data, cooperative action is needed from all banks, card companies and
merchants. The agreement between TJX and Visa includes a provision for TJX
to serve as an advocate in support of the goals of the PCI DSS (Payment
Card Industry Data Security Standard) initiative.
Visa has also agreed to provide TJX with the opportunity to pilot
any new payment card security technology.
Over eight million Americans hit by ID theft in 2005
A new report released by The Federal Trade Commission (FTC)
estimates that 8.3 million Americans - around four per cent of the US
population - fell victim to identity theft in 2005.
The FTC study, which was based on 4917 telephone interviews
conducted between 27 March and 11 June 2006, indicates that 3.7% of all
American adults were victims of ID theft in 2005. This is below the 4.6%
rate recorded in the FTC's 2003 poll, but the agency says the decline is
"not statistically significant".
Estimated total losses from ID theft came in at $15.6 billion -
considerably lower than the estimate of $47.6 billion in the 2003 survey.
This reflects lower estimates of both the prevalence of ID theft and the
average loss per incident. But the FTC says some of these differences
result from the changes in survey methodology.
"Thus, we cannot determine whether total losses have
actually dropped significantly between 2003 and 2006," says the
Of the victims, around 3.2 million, or 1.4% of all adults,
experienced misuse of existing credit card accounts, while 3.3 million, or
1.5%, experienced misuse of non-credit card accounts. Around 1.8 million
victims, or 0.8%, found that new accounts were opened or other frauds were
committed using their personal information.
Over half - 56% - of victims don't know how thieves obtained
their information. Just one per cent say it was the result of hacking into
a computer and another one per cent blamed phishing.
The FTC says in more than half of the incidents victims incurred
no out-of-pocket expenses as a result of ID theft. Some victims, however,
incurred substantial expenses, with 10% of all victims reporting costs of
$1200 or more.
Around 37% of victims reported other difficulties, including
harassment by debt collectors, the denial of new credit or loans,
disconnection of utilities and problems obtaining or accessing bank
ID theft is also time consuming for victims with an average of
four hours being spent resolving problems and five per cent of people
taking at least 130 hours.
The survey found that fraudsters obtained more goods and services
- and victims spent more time and money recovering - in cases where the
thief opened new accounts rather than only hijacking existing accounts.
Where the theft was limited to the misuse of existing accounts, the median
value of goods and services obtained by the thieves was less than $500.
Where the thieves opened new accounts or committed other frauds, the
median value of goods and services obtained was $1350.
Lydia Parnes, director of the FTC's Bureau of Consumer
Protection, says it is important that people learn how to deter identity
thieves, detect suspicious activity on financial records and defend
against the crime.
"Consumers have great tools at their disposal in their fight
against identity thieves," says Parnes. "For example, the law
gives every consumer the right to get their credit report for free once
every 12 months from each of the three national credit reporting
companies. Monitoring your credit report periodically is one valuable way
to check for activity that you didn't authorize."
However the Consumers Union in the US says the FTC's report
underscores the need to provide consumers with stronger protections
against ID fraud.
"Identity theft is a huge headache that continues to plague
millions of Americans every year," says Gail Hillebrand, director of
the consumer group's Financial Privacy Now campaign. "It's time to
require businesses and government agencies to safeguard sensitive personal
data and to give consumers the protection they need."
Liquidity and Operational Risk Courses
Citadel Advantage has a variety of Courses in its program. Details of can be found at
Payment & Settlement Systems
Disposable virtual prepaid card launched
teamed up with Melbourne-based prepaid card firm SCX Global to launch the
first disposable, virtual prepaid card in Australia. The Vcard, which is
designed for Internet and telephone purchases only, is issued by
Visa, the Vcard does not require cardholders to have a bank account or an
existing plastic payment card. The card is also being targeted at people
who are reluctant to use their existing credit or debit cards on the Web
due to concerns about fraud.
have to pay A$5.50 to register for a Vcard, and then they can load a
designated amount onto the card. Vcards can be purchased and loaded either
at retail outlets or at the Vcard Website.
only be loaded on one occasion onto the card, Visa says. Once these funds
have been used up, the card becomes invalid.
The Vcard is
activated when the consumer enters the account’s reference number, which
was provided at the time of purchase, onto a Website hosted by the issuer.
Following activation, the consumer receives a 16-digit Visa account
number. An expiry date and three-digit security code (CVV2) are delivered
separately to the consumer either via e-mail or SMS text message.
Visa virtual prepaid card called 3V was launched in Ireland in 2005 and in
theUK in late 2006. At the end of March 2007, there were over 100,000
active 3V customers in
Central bank unveils new payment system
Bank of China has launched a new interbank transfer system for small sized
payments. The group of 14
signing an advance contract with its bank clients can deposit and withdraw
or transfer small sums of money amongst outlets of banks participating in
Indian M-payment service launched
Indian mobile payments technology firm, has launched a service enabling
shoppers to make credit card purchases at Websites using their cellphones.
The service is initially available to consumers with an Airtel cellphone
account and a Visa or MasterCard credit card, but mChek also plans to sign
up other Indian cellphone operators.
mChek says it plans to extend its m-payment service to debit cardholders.
mChek says the service complies with the Payment Card Industry Data
Security Standard (PCI DSS).
Airtel subscribers can make mobile payments using mChek at four e-commerce
sites, FutureBazaar.com, Indiatimes.com, SifyMall.com and Yatra.com.
To use the
service, customers have to link their credit card to their Airtel
cellphone account and set up an mChek PIN. When making a purchase at an
mChek-affiliated e-merchant, they select the ‘Mobile/mChek payment’
option on the merchant’s Website and enter their cellphone number. They
then authorize the transaction to be charged to their credit card by
entering their mChek PIN on their cellphone.
mChek has teamed up with Visa and three Indian banks to trial
person-to-person money transfers via cellphone. Corporation Bank, HDFC
Bank, ICICI Bank and mChek will test the Visa Money Transfer mobile
remittance service with 500,000 Visa cardholders in
Transfer, which enables Visa cardholders to transfer money to each other,
was launched in India in 20004. The service is available at Indian bank
branches, ATMs and Web banking services.
CLS Bank extends settlement service to non-deliverable forwards
International has extended the CLS settlement service to non-deliverable
forward foreign exchange transactions. CLS says the service offer a
complete straight-through process - post execution to settlement - for NDF
goes live with six NDF-enabled CLS member banks and one third party
customer. It covers 48 reference currencies, with the net proceeds
settling in any of CLS Bank's 15 settlement currencies. The new system
will capture the various instructions for the life of the contract
(opening and valuations), provide matching and reporting services and
settle the net amount.
post trade processing of NDFs has traditionally been manually intensive,
due to lack of standardisation and use of long-form confirmations. These
factors contribute to higher processing costs.
service provides automation in an environment where little standardisation
or automation currently exists, delivering more convergence and
standardisation on a global scale, bringing increased efficiency and
resulting in significant reduction in both cost and operational risk, says
market size estimated at 10,000 trades a day, NDFs are used by those
seeking to invest in and hedge exposure to foreign currencies that are not
physically delivered," says Rob Close, president and CEO, CLS Bank
and CEO, CLS Group. "By creating a new market standard that removes
risk and automates the process, CLS will significantly reduce the cost of
these transactions, making this hedging product for emerging markets
simpler and more attractive to market participants."
PayPal set to roll out virtual card payments system
subsidiary PayPal is gearing up to launch a 'virtual card payment system'
which allows surfers to pay for purchases on Web sites that don't accept
PayPal services directly.
in January that it was launching beta trials of the virtual card payments
system in partnership with MasterCard. According to a Reuters report,
PayPal's new Secure Card plug-in has been tested by three million
customers and will be available to US consumers from Tuesday. An
international roll out is expected to follow.
plug-in detects when a user lands on an e-commerce checkout page and
automatically fills in their stored financial details.
also generates a MasterCard number and one-time card verification code
that are linked to PayPal accounts and used when paying for online
purchases at Web sites that don't accept PayPal. Using technology from
Orbiscom, the virtual card generates a unique number for each new
George, director of financial products, PayPal, said that the transaction
looks like any other MasterCard payment to the merchant and a normal
PayPal purchase to the customer.
As well as
increasing convenience for customers, the plug-in will multiply the number
of Web sites that can offer the PayPal service by extending the system to
merchants that don't currently have the PayPal technology embedded in
their own e-commerce services.
is a response to the Google Checkout Web payments processing service which
was launched last year. Checkout also stores customers’ financial
details to make shopping online quicker and more convenient for customers.
However despite the competition PayPal has continued to grow and now
claims 164 million user accounts worldwide.
released by Javelin Research & Strategy earlier this year predicted
further growth for PayPal as consumers increase take up of
"alternative payment methods" - such as e-mail payment accounts.
VeriFone offering hosted payment services in Mexico
set up VeriFone Access, which will provide hosted merchant payment
services in Mexico and other emerging economies. The new company will
provide small and medium-sized merchants with access to managed services
over broadband and wireless links, VeriFone says.
Access was formed with VeriFone's investment and in partnership with
Tienda-kit, a Mexican third-party acquirer and merchant services provider.
Tienda-kit now operates as VeriFone Access, VeriFone says.
Access will enable small and mid-size merchants to roll out point-of-sale
managed services previously available only to larger retailers, such as
selling mobile airtime, accepting utilities payments and developing
loyalty programs. Merchants signing up for VeriFone Access will be able to
take advantage of increasing customer preferences in Mexico and Latin
America for credit and debit card-based purchases, including monthly
installment payments, VeriFone says.
company's first offering will be a hosted managed service platform based
on a proprietary transaction handling technology and on VeriFone's PAYware
software. The platform will include payment authorization; estate
management; front- and back-end services; value-added payment card
management; digital product distribution services; and card issuance and
DnB Nor, MasterCard and Telenor in mobile payments trial
banking group DnB Nor is partnering with MasterCard and local telco
Telenor to launch a public trial of near field communications (NFC)-based
contactless mobile payments technology. DnB Nor, Telenor and MasterCard
will begin testing the technology with customers in
utilizes MasterCard's PayPass contactless technology, which will enable
customers to pay for low value purchases at certain retailers in Oslo city
centre by tapping their handsets on a specially-equipped terminal.
the testing starts, it will be the first of its kind in the Nordic region
and among the first in the world based on standardized components,"
says Hanne Sjursen, group manager, e-ID and e-Payments, Telenor.
Rodriguez, general manager, Nordic region, MasterCard Europe, says:
"The innovative combination of mobile and contactless payments gives
consumers the choice of a new way to pay for everyday items that is
faster, safer and more convenient than cash."
month MasterCard revealed plans to launch an NFC-enabled mobile payments
services in Japan that would allow Japanese customers to use contactless
'tap and go' PayPass technology at retail outlets around the world.
issuer recently claimed that 75% of customers that participated in a
mobile phone PayPass pilot program in Taiwan preferred the contactless
technology to traditional contact-based cards and made payments more
published by Juniper Research earlier this year predicted that the
popularity of mobile payments is set to rocket over the next few years,
with the value of the market rising from $77.6 million in 2007 to $11.5
billion in 2011.
Norwegian initiative comes as Sony and Dutch chipmaker NXP Semiconductors
announce the creation of Moversa, a joint venture company set up to
promote smart-card applications in mobile phones by developing a chip that
includes both companies' contactless formats: Mifare and FeliCa.
samples of the secure chip will be available by mid-2008 with initial
commercial deployments targeted for the end of next year.
have a nominal capitalisation of $146,600 and a total capitalisation of
$28 million. Sony and NXP will each hold 50 percent of the company, which
will be based in
New rules for cheque clearing in UK
UK banks and
building societies will be required to pay interest on money paid in by
cheque after two working days, under rules that came into effect November
30, 2007. Banks had previously been paying interest after cheque deposits
had cleared, which can take up to six working days.
new rules, consumers will be able to withdraw the money after four days if
it is paid into a current account. They will also be guaranteed that,
after six days, the cash is theirs, even if the cheque subsequently
follow an investigation by the Office of Fair Trading (OFT), the UK
government’s consumer affairs regulator, into the cheque clearing cycle.
cheques are becoming a less popular method of payment due to the growth in
card transactions, 270 million cheques were written by UK consumers in the
third quarter of 2007. Prior to the new rules, banks could set their own
timescales for clearing cheque payments, a situation which often led to
confusion among bank customers.
the Cheque and Credit Clearing Company, which represents 11 banks and one
building society, found that fewer than a quarter of UK customers knew how
long it took for a cheque to clear after they had paid it in. More than
half of those questioned said they were worried about accepting a payment
by cheque in case it bounced.
cheque use has fallen over the last few years, cheques remain important
for certain customers in certain situations,” Angela Thomas, the Cheque
and Credit Clearing Company’s managing director, says. "Whether
it's a small business or someone selling a car, there are many occasions
where cheques still get handed over.”
are designed to make the cheque clearing process more transparent for
individuals and businesses, enabling them to spend money confidently after
the six-day cycle, Thomas says.
UK operator tests mobile payment system
O2 has begun the UK's first large scale pilot of Near Field Communications
(NFC) technology on mobile phones. The trial, which will involve over 500
O2 customers, will run until the end of May.
the trial include Transport for London, TranSys, Barclaycard, Visa Europe,
Nokia and AEG, and retailers Books Etc, Chop'd, Coffee Republic, EAT,
Krispy Kreme, Threshers and YO! Sushi.
will be given a Nokia 6131 NFC handset installed with the O2 Wallet loaded
with £200 ($416). The wallet will hold several cards – such as Oyster
and Barclaycard – in virtual form and with NFC functionality. As well as
making payments, customers will also be able to use the phones to check
available funds and to locate retailers close to them that accept
“We believe that NFC technology is going to fundamentally change the way people use their mobile phones,” said O2 UK customer director Cath Keers.
Reserve Bank of India in favour of migration to new payment model
A Change in
the regulatory regime to enable a migration to a new payments model
featuring the use of mobile phones and pre-paid cards may not be too far
off. In its first review of payments and settlements systems in
says the widespread use of mobile instruments for payment and settlement
services would require that the cash-in and cash-out points for these
payments should not be curtailed by the number of bank branches. It would
require that the central bank carry out regulatory changes to facilitate
the maintenance of customer accounts at mobile companies and pooled
accounts at banks. It also suggested the facilitation of acceptance and
disbursal of cash at merchant or mobile phone service providers’
locations, similar to what has been permitted by the central banks of
was released by RBI, after collecting feedback from banks, trade and
industry and consumer associations. Cash transfer and banking through cell
phones have been successfully experimented in countries like
India, Bharti Airtel has partnered with State Bank of India and ICICI Bank
for mobile banking and pilot projects on mobile remittances have been
conducted for the past few months. Also, there has been an emergence in
the number of mobile payments companies like mChek, Paymate and Obopay
which have set up shop in
highlighted was the need for transparency in service and other related
charges. In particular, the need to reduce the amount of surcharge levied
on merchants for credit and debit cards was pointed out since they
disincentives the use of such payment gateways. It also suggested banks
may be encouraged to provide incentives to merchants in smaller cities to
improve the acceptance of credit and debit cards. It further suggested for
the encouragement of customers by banks to use their debit cards at
banks have been promoting the use of payment instruments, they don’t
have proper systems for addressing grievances, the review pointed out. It
suggested that such grievance redressal mechanisms, manned by competitive
staff be made available at branch levels. The need for trained bank
employees at bank counters was also highlighted by the review.
EU 'working hard' to conclude inquiry into MasterCard interchange
competition commissioner Neelie Kroes said the EU executive is 'working
hard' to conclude its inquiry into credit card group MasterCard Inc's (NYSE:MA)
interchange fee payments network, with the launch of the Single Euro
Payments Area (SEPA) on the horizon next year.
the European Parliament here, Kroes said: 'The Commission is working hard
to bring proceedings...in the MasterCard case to a conclusion. We want
this decision to provide the industry with a solid competition analysis of
the (interchange fee system) as applied by MasterCard.'
mid-October, Kroes said she envisaged that the inquiry would be completed
by the end of the year.
At the end
of January, the commission completed its banking and payment card sector
inquiry and said that while it would not abolish interchange fees - paid,
under the direction of bank card networks such as MasterCard and Visa, by
the merchant's bank to the cardholder's bank to cover the costs of
operating debit and credit card payment networks - it would continue to
assess the legality of current fee levels.
said arguments calling for the introduction of interchange fees for direct
debit transactions once SEPA is implemented in January next year would
have to be thorough and persuasive.
'Even if it
can be argued that an (interchange fee) for direct debit transactions
might be necessary in the initial phase or during the transition to SEPA,
the justification for keeping it once migration is achieved would have to
be very convincing.'
commissioner said the commission continues to have concerns about the
'migration' of national card schemes to international brands once SEPA
'I do not
want to see low cost national card schemes being replaced by more
expensive payment card schemes, using SEPA as an excuse and a pretext for
shows that when national card schemes have migrated to international
brands, as has happened in the UK and Austria, there has been an increase
in fees charged to retailers. But guess who pays in the end: these fees
were ultimately passed on to customers in the form of higher prices'.
reminded: 'The integration of European financial markets is a complex
process and SEPA is an important part of it. We owe it to European
consumers to ensure that the process has a simple outcome in the form of
cheap, secure and efficient payment systems.'
January 2002, consumers have been paying with euro banknotes and coins
everywhere in the euro zone. However, non-cash payments between two
countries in the zone continued to be 'expensive and complicated',
according to the European Central Bank (ECB) -- thus necessitating
is supported by two pieces of EU legislation, one adopted in 2001 and one
agreed by EU finance ministers this year.
The goal of
SEPA - developed and managed by the banking industry, as represented by
the European Payments Council - is to turn individual national retail
payment markets into one pan-European market.
harmonize bank systems throughout the euro zone - currently comprising of
thirteen countries Austria, Belgium, Finland, France, Germany, Greece,
Ireland, Italy, Luxembourg, Netherlands, Portugal, Slovenia, Spain -- so
as to make cross-border payments easier and to facilitate euro zone-wide
banking from a single account in any one country.
enable customers to make cashless euro payments to anyone located anywhere
in the euro zone using a single bank account and a single set of payment
The ECB says
SEPA will turn 'fragmented' national markets for euro payments into a
single domestic one.
that the transformation will increase business opportunities and
competition among providers of payment services. Customers will benefit
from the single currency for cashless payments and the scheme will bring
down prices for customers and raise the quality of services, it argues.
of the project is seen by Jan 28 next year, when banks will start
migrating customers over to the new payment instruments.
The date of
January 1 was revised to reduce the risk of additional technical problems
due to the change of year.
Digital currencies used to launder $35m in card fraud money
currencies were used to launder an estimated US$35 million in proceeds
from payment card data theft, according to charges filed by Manhattan
District Attorney Robert M. Morgenthau.
individuals and one corporation are facing corruption charges connected
with global trafficking in stolen credit card numbers, cybercrime and
identity theft. If convicted, the defendants face up to 25 years in jail.
indictment marks the second phase in a joint two-year investigation by the
Manhattan District Attorney’s Identity Theft Unit and the United States
investigation revealed that, over a four-year period, Manhattan-based
corporation Western Express handled over US$35 million in proceeds from
criminal activity, channeling the money through numerous Egold and
Webmoney digital currency accounts. These Internet-only accounts were
managed respectively by U.S.-based Egold and
the indictment, the people involved in the so-called Western Express
Cybercrime Group communicated through “carding” Websites that are
devoted to trafficking in stolen credit card and personal identifying
using digital currency, the group used nicknames, false identities,
anonymous instant messenger accounts and anonymous e-mail accounts to
conceal its existence and to avoid detection by law enforcement and
Western Union and Bharti Airtel to pilot mobile remittance system
transfer operator Western Union is teaming with Indian telco Bharti Airtel
to develop a mobile international remittance system in India.
mobile money transfer service will enable people outside the country to
send remittances to recipients in India.
Union has 45,000 agent locations, across 5000 towns and cities, in India
whilst Bharti Airtel claims 50 million mobile phone customers in the
Union cites statistics from the Reserve Bank of India that suggest the
annual value of remittances into India stood at over $26 billion for the
fiscal year 2006 - 2007, accounting for approximately 10% of the global
inward remittance market.
on the deal, Gopal Vittal, director, marketing and communications, Bharti
Airtel, says: "This will help us move money via mobile in a fast and
convenient way, supporting low-value transactions."
general manager, Western Union Mobile, adds: "This is a very exciting
development, especially given the expanse and reach of mobile services in
the Indian subcontinent."
is subject to regulatory approval.
follows an agreement between Western Union and the GSMA - an international
trade group of mobile phone operators - to develop a system that would
enable customers to use their handsets to conduct cross-border fund
transfers. Bharti Airtel is chairing the programme, which includes 35
mobile phone operators with 800 million customers in more than 100
year the GSMA agreed to pilot a similar international remittance system
using mobile payments technology with MasterCard.
Remittance flows to developing countries reach $240bn - World
A new set of
data released by the World Bank group has revealed that remittances to
developing countries are expected to reach an estimated $240 billion in
The new data
contained in a brief titled 'Remittance Trends 2007', which was released
on November 30 by the Bank, also disclosed that the true size of
remittances including unrecorded flows is even larger. The release was
timed to coincide with a November 28-30 G8 Outreach meeting on remittances
the issue, Dilip Ratha, Senior Economist in the Development Prospects
Group of the World Bank, said recorded remittances are more than twice as
large as official aid and nearly two-thirds of FDI flows received by
which was displayed on the Bank's website, described broad regional and
country specific trends in remittance flows worldwide, and highlighted
some structural changes that would affect future flows.
the analysis, a near stagnation in remittance flows to Mexico and a
deceleration in other Latin American countries contributed to a slowdown
in the rate of growth of remittances in 2007. Nevertheless, the growth of
remittances to developing countries remains robust because of strong
growth in Europe and
remittance industry, the brief noted. is experiencing some positive
structural changes with the advent of cell phone and internet-based
remittance instruments. These changes, however, are slowed down by a lack
of clarity on key regulations (including those relating to money
laundering and other financial crimes).
costs have fallen, but not far enough, especially in the South-South
corridors," said Uri Dadush, Director of the World Bank's Development
Prospects Group and International Trade Department. Dadush chairs the
World Bank's Working Group on Migration.
program on Migration and Remittances in the Development Prospects Group (DECPG)
involves efforts to monitor and forecast remittance and migration flows,
analysis of the here-and-now topics involving remittances and migration,
and the provision of services to the World Bank and the global development
Bank began working on international migration and remittances issues with
the publication of the Global Development Finance 2003 dedicated to
remittances. This chapter had a seminal impact on the global debate on
migration and development. In October 2003, the Development Prospects
Group collaborated with the financial sector of the World Bank and with
DFID to organise a conference on migrant remittances in
remittances to developing countries are estimated to reach $240 billion
this year alone. The true size of remittances including unrecorded flows
is even larger. The brief also described some broad regional and country
specific trends in remittance flows worldwide.
Post-9/11 curbs hinder transfer of remittances
Bank is looking into the possibility of smoother flows of remittances by
migrants from the developed world to countries like Afghanistan under the
existing stricter banking regulations created post-9/11.
(imposed after 9/11) are a major issue for remittance, Regine De Clercq,
executive director in charge of organizing the first meeting of the Global
Forum on Migration and Development in Brussels, said at a press conference
at the UN headquarters.
encountered by migrants from countries like Afghanistan was discussed at
the conference held in July this year, and would also be taken up during
the second Global Forum on Migration and Development in October next year,
September 11, the world has become very sensitive about the misuse (of
remittances), which could be made of international transfers. Therefore
they have to go through regulations - which results in delay and costs,
She said the
World Bank had taken note of the situation and had discussed ideas about
how the restrictions could be minimized in order to allow people to send
money back home as freely as possible within the existing regulations
against money-laundering and terrorism.
As a result
of the current curbs, a large number of Afghans living in countries like
the United States and Canada are unable to transfer money back home. Even
if they are, it costs a lot of time and money.
Awareness program on worker remittances
initiatives have been launched to organize a country-wide public awareness
program in order to facilitate the smooth functioning of foreign exchange
markets in terms of the strategic plan of the Central Bank’s Exchange
Control Department for the year 2007. The inaugural seminar of this
program was successfully held at ‘Hotel Spring View’ in Matale on 10th
November 2007.The main theme of the program is the ‘Promotion of worker
remittances through formal channels from Sri Lankan expatriate workers’.
was organized by Mr. D Wasantha, Controller of Exchange, Mr. Udeni
Alawattage, and the Additional Controller of Exchange along with other
officials of the Exchange Control Department.
that all stakeholders i.e. family members of migrant workers, prospective
migrant workers, divisional secretariats, representatives of the
commercial and state banks, officials of the Foreign Employment Bureau,
members of the Association of Licensed Foreign Employment Agents and the
representatives of the MMBL had gathered at a single Forum was of immense
benefit of the public.
Bank would function as a facilitator during this program by collecting all
stakeholders into one forum for discussion.
guest speeches created awareness among the public on the ways and means of
channeling foreign exchange safely through legal channels, the benefits
and the possible fruitful investment of such remittances were also
importance of channeling remittances to the country through the banking
system was discussed by the Senior Assistant Controller of Exchange,
Sudath Prasanna and the role of the Foreign Employment Bureau and the
problems encountered by Sri Lankan expatriates abroad were discussed by
working director of the Foreign Employment Bureau, Bhathiya Sumitharachchi.
were also given the opportunity to raise their own queries and to obtain
immediate solutions from the respective authorities during the seminar.
facilitation session had also been arranged at the end of the session
which was a great opportunity for the public to meet the bankers from
New agency for retail payments envisaged
government proposes to set up a new National Payments Corporation of India
(NPCIL) to take over the operation of retail payment systems in the
corporate entity will be outside the specific regulatory purview, on the
lines of the inter-bank government securities and forex clearing systems
operated by the Clearing Corporation of India Ltd.
and Settlement Systems Bill-2006, which provides for the setting up of
NPCIL also makes a clear demarcation of functions of the central bank as a
service provider and as the regulator.
house to consider the Bill, Finance Minister P. Chidambaram said the
changes could not have been effected by making an amendment to the Reserve
Bank of India Act as the Bill has 38 sections that seek to bring the
payments systems in the country in conformity with the global standards.
He added the
Bill was referred to a Standing Committee which submitted its
recommendations earlier this year. The NPCI will be set up under Section
25 of the Companies Act and will be owned by public sector banks including
the State Bank of
In India, a
host of payment systems are in operation ranging from manual paper-based
clearing, to real time gross settlement for non-cash payments.
retail systems prevalent also include MICR clearing, electronic funds
transfer system, card-based payment systems, government securities
clearing and forex clearing among others.
and manages paper-based cheque processing in the four metros, while it is
operated by public sector banks at 12 other centers but managed by the
houses are not legal entities but voluntary bodies of banks, with the
rules and regulations being contractual in nature.
The RBI is
empowered to make regulations of clearing houses for banks and electronic
fund transfers. The procedure of ‘netting’ is not legally recognized
but has been adopted as a working procedure by the clearing house members.
Citadel Advantage Ltd. is a registered limited company