Apple Pay launched on Monday (October 20th), although not everyone was ready to go. Many users were disappointed to find out that their credit card company had not yet transitioned to Apple Pay, or that their favorite store wasn't on board yet. However, I'm sure it won't be much longer until they are.
Some stores took advantage of the launch, like Whole Foods - with advertising geared towards Apple Pay users. Others, such as Staples, have not yet fully transitioned - while Staples is accepting Apple Pay through its mobile app, it is not yet accepting it in stores.
Several stores have stated that they will not be jumping on the Apple Pay bandwagon - at least not yet. Another company, called Mercent Customer Exchange (MCX), is working on a technology called CurrentC - which would be similar to Apple Pay. However, instead of accepting payments using NFC (near field communication), the customer would scan a QR code at the register.
What's the advantage to this type of system? Well, the stores would not be required to change out their existing terminals - while they do have to in order to communicate with the new Apple devices using NFC. Several stores, including Wal-Mart, Best Buy, Target, and Darden Restaurants are said to be supporting the MCX system. In addition to not having to change out the terminals, the merchants would also avoid the 2% to 3% fee that is charged by the credit card giants - Visa and Mastercard.
CVS and Rite Aid have also said that they will not be using Apple Pay - even though their existing systems support NFC. Time will tell who the winner of this fight will be - if Apple Pay becomes successful, it would be very difficult for stores to continue to decline its use within their stores.
Sunday, October 26, 2014
Sunday, October 19, 2014
Russian Hackers Strike Again
A new vulnerability in Microsoft Windows has been uncovered, which reportedly allowed Russian hackers to spy on several different groups - including NATO, an academic institution, the European Union, and the Ukrainian government.
The security flaw is said to have been present in operating systems from Windows Vista through Windows 8.1. Microsoft released the patch to fix these vulnerabilities earlier this week. The vulnerabilities allowed a remote hacker to take control of a target computer.
Dallas-based security firm iSight Partners discovered the vulnerability, and it has been nicknamed 'Sandworm' - because references to the science fiction movie "Dune" have been found in the code. The hackers used a common technique called spear-phishing - where innocent looking emails were sent to targets. Once the emails were opened, the malware was downloaded onto the servers and used to exploit the vulnerability.
While many of the targets have been identified, it is still unclear what type of information they were seeking or what they were able to obtain.
- Adobe AIR
- Adobe Flash Player
- Java
- A number of Windows components, including Office, Internet Explorer, and .NET
The Adobe and Java updates are unrelated to the Windows vulnerability; however, they do fix several other security holes that have been discovered. The Adobe update fixes issues with three known security flaws, and the Java update includes fixes for more than two dozen identified security issues.
Sunday, October 12, 2014
An update on the J.P. Morgan Chase data breach; additional data breaches come to light
The same hackers who breached J.P. Morgan Chase did in fact attempt to gain access to several other financial institutions. Chase still maintains that financial information was not accessed in the breach, although they do continue to warn customers about phishing scams because of personal information that was obtained by the hackers.
Based on the SEC filing, it appears that the hackers were able to obtain the password of an employee and use it to gain access to the personal information of millions of customers. What was originally thought to include only one million customers ended up being over 83 million, including both personal and business accounts.
Up to 13 other financial institutions discovered attempts to access their systems by the same suspected hacking group. By checking the web addresses used by the group in the J.P. Morgan Chase breach, these companies were able to identify attempts that were made on their systems as well. These other institutions include ADP, Citigroup, HSBC, E*Trade, Fidelity, and Regions Financial Corporation. However, none have reported evidence that any personal or financial information was accessed by the hackers.
One positive that has come from this breach is that J.P. Morgan Chase has said that it plans to increase its cyber-security budget over the next five years. With a current spending of $250 million per year, Chase expects to double this figure in the future.
Other reported data breaches this week include Dairy Queen and K-Mart. The K-Mart data breach is currently being investigated, and appears to have begun in early September. Initial reports state that it is the same software that was used on Home Depot's systems. Dairy Queen also reported that it's payment systems contained malware, which likely captured the account numbers and expiration dates of customers.
Saturday, October 4, 2014
Millions of Chase accounts compromised
First reported in early September, the suspected data breach of J.P. Morgan Chase has now been confirmed. Hackers were able to gain access to the accounts of 76 million households and 7 million small businesses. Fortunately, they were not able to obtain any financial information related to these accounts - however they did obtain personal information such as names, addresses, and email addresses.
The data breach was first discovered in July, and is suspected to be the work of Russian hackers. While no payment information was stolen, the idea that hackers had any access to the systems of a financial institution is of great concern to the security community. It has also been reported that the same hacking group obtained access to nine other banks, although those banks have not been identified.
If you are a Chase customer, the biggest concern right now is phishing and scams. Since thieves obtained contact information, they could potentially contact customers pretending to be the bank in order to gain access to financial accounts. If you are a Chase customer, you should be incredibly diligent in verifying someone contacting you. Thieves will try anything - including telephone calls, emails, and even snail mail. While financial information is not suspected to have been compromised, you should also keep an eye out on your bank statements and quickly report any suspicious activity.
With all of the security breaches lately, there has been an increased focus on companies to invest both more monetary and human resources into protecting consumer information. Many companies who did not have CISO positions before now do, and companies are hiring additional security staff as well. I expect to see an increase in degree and training programs related to security in the near future as well.
The data breach was first discovered in July, and is suspected to be the work of Russian hackers. While no payment information was stolen, the idea that hackers had any access to the systems of a financial institution is of great concern to the security community. It has also been reported that the same hacking group obtained access to nine other banks, although those banks have not been identified.
If you are a Chase customer, the biggest concern right now is phishing and scams. Since thieves obtained contact information, they could potentially contact customers pretending to be the bank in order to gain access to financial accounts. If you are a Chase customer, you should be incredibly diligent in verifying someone contacting you. Thieves will try anything - including telephone calls, emails, and even snail mail. While financial information is not suspected to have been compromised, you should also keep an eye out on your bank statements and quickly report any suspicious activity.
With all of the security breaches lately, there has been an increased focus on companies to invest both more monetary and human resources into protecting consumer information. Many companies who did not have CISO positions before now do, and companies are hiring additional security staff as well. I expect to see an increase in degree and training programs related to security in the near future as well.
Subscribe to:
Posts (Atom)