Showing posts with label pre-paid. Show all posts
Showing posts with label pre-paid. Show all posts

Monday, July 7, 2008

Fed Accepting Comments On Proposed Credit Card Rules

More reasons we at IPM see banked and unbanked people moving to more pre-paid, stored value card and electronic transaction products.

Article follows:

Hat Tip: Mish's Global Economic Trend Analysis

The Fed has proposed sweeping changes for the credit card industry and is now accepting comments. MarketWatch sounded the horn in Your own bully pulpit.

"The Federal Reserve is accepting comments through Aug. 4 on credit-card reform rules it proposed in May. (The deadline for comments regarding related proposals, mainly to do with credit-card disclosures, is sooner: July 18.)

Already, more than 9,300 people have commented on the sweeping set of proposed changes that, among other things, would prohibit credit-card companies in some instances from hitting you with a higher interest rate on debt you've already incurred.

The proposed rules also would prohibit "two-cycle billing," in which banks compute interest on debt on days preceding the most recent billing cycle, a practice that can result in borrowers paying interest on debt paid off during the previous month's grace period."

Mish's Comment: Discover Card uses the two cycle billing method. For more on two cycle billing, please see Read the Fine Print On Credit Cards.

"Credit industry disagrees

Credit-card issuers say the proposed rules are bad news for consumers.
"We are deeply concerned that these rules will result in less competition, higher consumer prices, fewer consumer choices and reduced consumer access to credit cards," said Edward Yingling, president and chief executive of the American Bankers Association, a Washington-based trade group, in a statement released soon after the Fed's proposal."

Mish's Comment: The credit card companies do not give a damn about consumers. Here is a better translation of their concerns: "We are deeply concerned that these rules will result in fewer fees, less revenue, and less profit for the industry."

"And the Fed rules don't really address fees. That's where Congress may step in. A veritable feast of pro-consumer bills has been introduced over the past year or so.

In February, Rep. Carolyn Maloney, D-N.Y., introduced H.R. 5244, a bill that, among other things, would end "universal default" -- when a credit-card issuer raises a consumer's interest rate based on late payments to other, unrelated creditors. The bill would also prohibit "any time, any reason" changes in credit-card terms, with certain exceptions.

Sen. Chris Dodd, D-Conn., recently outlined a bill he intends to introduce with similar provisions to Maloney's, such as requiring banks mail statements 21 days before the bill is due rather than the current 14, according to Dodd's statement.

In May 2007, Sen. Carl Levin, D-Mich., introduced S. 1395, which proposes a cap on "penalty" interest-rate hikes to no more than seven percentage points above the previous interest rate. The bill would also prohibit charging interest on fees, among other provisions.

Sen. Robert Menendez, D-N.J., introduced S. 2753 in March. Like Dodd's proposal, the bill limits the ways in which banks offer credit to people under age 21. Also, it would prevent late-payment fees on any payment postmarked by the payment date, among other changes."

Reform Is Coming

Credit card reform as well as a potential rewrite of the bankruptcy reform act of 2005 are very likely under the next Congress. Please see Bank of America's Parking Meter Play for more discussion of this theme.
Mish's Global Economic Trend Analysis: Fed Accepting Comments On Proposed Credit Card Rules
Blogged with the Flock Browser

Thursday, July 3, 2008

Hackers steal $2M from Citi ATMs


Citibank ATM breach reveals PIN security problems - Jul. 2, 2008

SAN JOSE, Calif. (AP) -- Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record.

The scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs - the numeric passwords that theoretically are among the most closely guarded elements of banking transactions - by attacking the back-end computers responsible for approving the cash withdrawals.

The case against three people in U.S. District Court for the Southern District of New York highlights a significant problem.

Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft Corp.'s (MSFT, Fortune 500) Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption - which means encoding them to cloak them to outsiders - some ATM operators apparently aren't properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.

"PINs were supposed be sacrosanct - what this shows is that PINs aren't always encrypted like they're supposed to be," said Avivah Litan, a security analyst with the Gartner research firm. "The banks need much better fraud detection systems and much better authentication."

It's unclear how many Citibank customers were affected by the breach, which extended at least from October 2007 to March of this year and was first reported by technology news Web site Wired.com. The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven Inc. stores throughout the United States, but it doesn't own or operate any of them.

That responsibility falls on two companies: Houston-based Cardtronics Inc. (CATM), which owns all the machines but only operates some, and Brookfield, Wis.-based Fiserv Inc. (FISV, Fortune 500), which operates the others.

A critical issue in the investigation is how the hackers infiltrated the system, a question that still hasn't been answered publicly.

All that's known is they broke into the ATM network through a server at a third-party processor, which means they probably didn't have to touch the ATMs at all to pull off the heist.

They could have gained administrative access to the machines - which means they had carte blanche to grab information - through a flaw in the network or by figuring out those computers' passwords. Or it's possible they installed a piece of malicious software on a banking server to capture unencrypted PINs as they passed through.

What that means for consumers is that their PINs were stolen from machines that showed no signs of tampering they could detect. In previous PIN thefts, thieves generally took steps that might draw notice - sending "phishing" e-mails, for example, or installing false-front keypads or even tiny cameras on ATMs.

Getting the PINs is a key step for identity thieves. It lets criminals encode stolen account information onto blank ATM cards and withdraw piles of cash from compromised accounts.
Click here to read entire article: Citibank ATM breach reveals PIN security problems - Jul. 2, 2008
Blogged with the Flock Browser