creditcard
Latest
Thieves can use web bots to guess your Visa card details
If you've punched in credit card details while shopping online, you've probably wondered how secure those digits are. According to Newcastle University, the answer is: not very. Its researchers have discovered that thieves are using web bots to guess Visa credit and debit card info thanks to a flaw in the company's payment system. The biggest challenge is obtaining valid 16-digit card numbers, usually by buying them or using an algorithm to generate valid examples. After that, the bots find expiration dates and CVVs (that three-digit number on the back) by spreading guesses across hundreds of shopping sites, plugging numbers into fields until they hit the jackpot. While that sounds like a painstaking process, the bots can figure things out in 6 seconds.
ICYMI: The selfie-obsessed can verify online ID with photos
try{document.getElementById("aol-cms-player-1").style.display="none";}catch(e){}Today on In Case You Missed It: Mastercard is introducing a way to verify online purchases, by sending a link to the user's cell phone, which then walks them through taking a selfie and blinking on command to show they're a real human. Meanwhile Google unleashed a slew of new products at its Developer's Conference in San Francisco, here's the full scoop on the new phone. Toyota's cute little robot is available only in Japan but sure is darling, the video is here. As always, please share any interesting tech or science videos you find by using the #ICYMI hashtag on Twitter for @mskerryd.
Thieves find a more insidious way to steal credit card details
The secret service has issued a warning to banks and ATM companies about a new way that thieves can steal your credit card information. A report from Krebs on Security explains that "periscope" skimmers have been found inside teller machines in Connecticut and Pennsylvania in the last two months. Of course, since the devices attach to the internal mechanism, there's absolutely no way for an end user to tell if they're at risk.
PayPal's Mastercard deal brings its payments to more stores
PayPal wants to be your go-to payment option online and in stores, but it has a problem: banks and credit cards aren't a fan of its free bank transfers and other attempts to push online payment over the conventional variety. However, it's trying to make amends. In the wake of a Visa deal from July, PayPal has forged a partnership with Mastercard that gives the credit card firm higher prominence online in return for more of a retail footprint. PayPal will make Mastercard a "clear and equal" payment choice in its wallet (complete with an image of your card), let you set the card as a default payment method and will "not encourage" you to link a bank account if you're a Mastercard customer. In exchange, you can use a linked Mastercard in your PayPal wallet to make in-store purchases at contact-free terminals.
All Eddie Bauer stores in the US hit with malware
If you shopped at an Eddie Bauer store in the first half of 2016, you may want to keep a close eye on your personal and banking information. The clothing store chain has reported that -- like a growing number of retailers of the last few years -- it's detected and subsequently removed malware from its point-of-sale systems at every one of its 350+ stores in North America.
Hyatt and Starwood hotel chains suffer credit card breach
HEI, the holding company behind a wide number of hotel brands including Marriott and (wait for it) Hyatt, has announced that it suffered a data breach via its payment tools. According to the outfit, hackers installed malware inside payment processing systems that harvested data at point-of-sale kiosks at 19 locations in the US. Specifically, those who made card purchases at specific restaurants, gift shops or spas between March 2015 and July 2016. In total, around 8,000 transactions are likely to be affected, with people's credit card numbers and addresses potentially at risk.
Uber deal gives you free rides when you pay with Capital One
Getting a free Uber ride isn't usually easy. Unless you get a referral from a friend, you typically have to get that gratis trip outside of the app. You'll have a much easier time after today, though -- Uber is launching a promotion with Capital One that makes every 10th ride free (up to $15, that is) if you pay with a Quicksilver or QuicksilverOne card. The offer only lasts until March 2017, and you'll have until April 30th, 2017 to use your free travel, but it could save you quite a bit of cash if you regularly hail Uber cars to get around town. Let's just hope that these kinds of promos spread to other partners and become more of a mainstay.
Florida man gets four years in prison for selling Vitamixes on eBay
41-year-old Kevin Wain, of Tampa, Florida, has been sentenced to four years in federal prison for running a credit card fraud operation that netted him more than $881,000 over the course of three years. Using counterfeit credit cards -- made with with a magnetic card reader/writer that he'd bought on eBay -- Wain bought hundreds of high-end home goods at Williams Sonoma and Bed, Bath & Beyond stores that he would turn around and sell for profit on eBay.
Walmart takes Visa to court over debit card payments
Walmart isn't happy that Visa still allows customers to sign for purchases made with their chip-equipped debit cards. The retail giant has filed a lawsuit against Visa in New York in an effort to compel the credit card brand to require PIN verification when paying in its stores. Walmart argues that PINs are a lot more secure than signatures and can help prevent fraud. It used to only allow debit card payments verified by PINs when it first started accepting chip cards, but Visa forced the company to allow signature verifications.
Hyatt is the latest hotel chain to spot malware on its systems
Unfortunately, Hilton isn't the only hotel chain grappling with malware on sensitive computers. Hyatt is now warning travelers that it recently spotted malware on its payment processing systems (on November 30th, the company tells us). It's still investigating what happened and has precious few details, but it maintains that you can "feel confident" using your card. Unfortunately, that's not much help if you recently stayed at a Hyatt. How long does it think the malware was hanging around? And how much damage did the rogue code do? Hyatt tells that it'll share more when the investigation is over. Until it offers the full scoop, your best option is to watch your financial statements for any shady behavior.[Image credit: AP Photo/Charlie Riedel]
Stratos' universal credit card lives on with a new owner
Like a certain Monty Python Black Knight, the all-in-one credit card company Stratos is still clinging to life. Yesterday we heard that it was going out of business after only six months, but now TechCrunch reports that it was sold at the last minute to Ciright One, which is developing a smart credit card of its own. Ciright will now manage Stratos sales and management of its existing service, but it's unclear how long that will last. After all, it doesn't make sense for it to have two universal credit card products. Most likely, one of those cards will eventually shut down, but Ciright will still be equipped with Stratos' technology and design work. It looks like the all-in-one credit card battle is now between Ciright and Coin.
Stratos is going out of business
According to TechCrunch, the Stratos Card company is going out of business barely half a year after launching the product. The Stratos, which was meant to replace a customer's various debit, credit and loyalty cards, promised to be "100 percent compatible" with US payment systems and point of sale machines. Over the past few weeks, the company reportedly stopped replying to social media and customer service requests. What's more, they've also placed their Ann Arbor-based HQ up for sale.
Square's new reader arrives to accept mobile payments and chip cards
We've known about Square's new NFC-friendly reader for a while, and now the point-of-sale gadget is available for use. Starting today, 100 merchants in "select cities" (quite a few, actually) will begin accepting NFC-driven payments like Apple Pay, Android Pay, Samsung Pay and those newfangled chip credit/debit cards. The reader is a square pad (of course) separate from the company's usual POS setups and sliding readers, allowing you to hover your phone or insert a card to complete purchase. The unit is wireless and pairs with either a countertop system or Square's free mobile app to handle the transactions. However, the new reader itself will set businesses back $49 in order to get started. For the initial rollout, look for the device at businesses in the following cities: Atlanta, Austin, Boston, Chicago, Denver, Los Angeles, Nashville, New Orleans, New York, Miami, Minneapolis, Philadelphia, Phoenix, Sacramento, San Francisco, Santa Cruz, Seattle, St. Louis Tampa, and Washington, D.C.
Check your credit card transactions: 54 Starwood hotels hit by malware
Third-party forensic experts have discovered that the point-of-sale systems in 54 Starwood hotels across the US and Canada were infected with malware. The company has listed all the locations in its PSA, including various Sheraton, Westin and W properties. That list also notes the possible dates (ranging from November 2014 to October 2015) when each location could have been compromised, and they were all before the hotel chain announced its acquisition by Marriott. Just like what happened to Hilton earlier this year, you might have only been affected if you used your credit cards in one of the 54 hotels' restaurants or gifts shops. Starwood America president Sergio Rivera says there's no evidence that its guest reservation and membership systems also had a security flaw.
Marks and Spencer suspends website after customer details leak
Shoppers logging into the Marks & Spencer website were given a little surprise last night when it began sharing other people's account details. The company confirmed that a "technical issue," not an attack by a third party, resulted in personal data, including names, dates of birth, contacts and previous orders to become easily viewable. Some customers also reported being able to see credit card details, but Marks & Spencer says data was encrypted and no full numbers were shared.
Discover cards will work with Apple Pay starting September 16th
Discover has been dragging its heels on Apple Pay support for its credit cards (it confirmed its plans back in the spring), but it's finally ready to get with the mobile payment program. The firm now expects to roll out Apple Pay compatibility on September 16th, with perks (such as a 10 percent cashback bonus and additional travel miles) kicking in if you use Apple's tech to buy goods before the end of 2015. This might not matter much to you if you're a loyal AmEx, MasterCard or Visa fan, but the move means that every major US credit card provider now accepts the iPhone-only service. While this still doesn't represent truly universal card support in Apple Pay, it's much closer than before.
Coin's newest credit card replacement adds built-in NFC
After delays plagued the initial launch of Coin's Bluetooth single-card solution to slimming down your wallet, the company is back with version 2.0. The new option still stores credit card info for taking care of the bill after lunch, but there's a big addition in tow: NFC. With the addition of NFC tap to pay, you can make contactless payments with the cards stored on Coin. While the new version is starting to ship today, the company is still working on "additional partnerships" with banks and financial institutions, though, so it'll arrive with an Early-Access-Mode. Basically, your options for tapping to pay will be limited at first, but as more banks opt in, you'll be able to enable EMV compatibility through a software update. Speaking of EMV, those Chip and Pin cards will work with the new Coin, too.
Stratos' all-in-one payment card should work anywhere in the US
Many "universal" payment cards... well, aren't. They either don't work everywhere or only hold a limited number of cards, which leaves you out of luck when you're trying to add one more loyalty program. Stratos thinks it has this problem licked, though. Its new Bluetooth Connected Card promises "100 percent compatibility" with payment systems in the US, and it can hold an unlimited number of cards that you control through a mobile app. You also shouldn't have to worry about a thief going on a shopping spree if you lose your card, since you can tell it to automatically lock down if it's not close to your phone for a while.
Visa wants to track your travels abroad to prevent declined payments
Yes, banks sometimes decline credit card transactions abroad for your own protection, but it sure can be annoying, especially when you're not carrying money in the local currency. Visa has a new service for card holders in the US that could prevent that from happening again: one that instantly cross-references your phone's location with the transaction. If the location data matches, the bank automatically approves your payment, so you can use your cards even in places with high CC fraud rates. The feature will come bundled with banks' mobile apps starting in April this year, but Visa says it's completely optional, and you can leave it deactivated in case of privacy concerns.
Swyp is yet another one-card wallet vying for your attention
High-tech cards that store all your credit, gift and loyalty card info haven't exactly made it big yet, but the competition's already heating up. The newest entry in the race is called Swyp: a metallic device with a screen that transforms into the card you want to use when you need it, so long as you choose the appropriate one using its scroll buttons. In order to upload info, you'll need to scan credit cards and loyalty cards with magnetic strips (support for scannable barcodes will come later) using a reader that plugs into a phone's headphone jack. Each card's details are then stored in the accompanying app, which you can also use to snap pictures of paper receipts. The device itself can store up to 25 cards' info, more than what its rivals can handle: Coin, its oldest competition, can store up to 8 cards, while Plastc can keep up to 20.
