PayPal Unveils New Payment System

PayPal has unveiled a mobile payment product for customers that doesn’t require near-field communication (NFC) technology inside smartphones.

The system relies instead on using smartphones and other mobile devices to scan product bar codes and to authorize payments through PayPal mobile accounts. Shoppers will also be able to use credit-card scanning terminals commonly seen in grocery stores: The user inputs a phone number and PIN on the terminal’s keypad instead of swiping a credit or debit card.

PayPal President Scott Thompson laid out the basics of the plan in a blog posted Wednesday. In the blog, he also took a swipe at competitors, including Google, MasterCard, Visa and others, who are working with NFC in smartphones for a mobile wallet.

“Let’s be clear about something — we’re not just shoving a credit card on a phone,” Thompson said in his blog.

PayPal is already a major global force in online payments, with 100 million customers. While PayPal’s new payment technologies don’t rely on NFC, they do propose making in-store payments possible from any device and support GPS-based offers, according to Thompson’s blog. PayPal will even allow for customers to set up payments on credit after they’ve checked out.

Dozens of merchants got a sneak peak of the technology Wednesday at an event PayPal sponsored. The event was covered by All Things D, which was not allowed to take photographs, but posted a story. In addition to the payment methods shown in the PayPal video, that story said PayPal will allow customers to continue using plastic cards, issued by PayPal, for payment.

In an interview posted on AllThingsD, Thompson said the PayPal approach doesn’t require merchants to install new terminals, nor does it require customers to buy a new smartphone.

Read more here….

India Wants To Monitor Twitter & Facebook

India’s Communications Ministry has received a request from the Home Ministry to monitor social networking websites such as Twitter and Facebook amid fears that the services are being used by terrorists to organize attacks.

The request suggests that the Indian government is trying to expand the scope of its online surveillance for national security purposes.

Telecommunications service providers in India provide facilities for lawful interception and monitoring of communications on their network, including communications from social networking websites such as Facebook and Twitter, in accordance with their license agreements, Milind Deora, the minister of state for communications and IT, told Parliament, according to the country’s Press Information Bureau.

But there are certain communications which are encrypted, Deora said Friday.

The government did not provide details of what encrypted data they would like to have access to. A spokesman for the home ministry said on Monday that additional
information can only be provided in Parliament while it is in session.

Under new rules to the country’s IT Act that came into force earlier this year, websites and service providers are required to provide government security agencies with information on private accounts, including passwords, on request without a court order.

Most companies, however, are not willing to share information with law enforcement agencies unless they have a court order.

Twitter states in its guidelines for law enforcement that “non-public information about Twitter users is not released unless we have received a subpoena, court order, or other valid legal process document.”

Read More…

SpyEye Poses Risk To Banking Defenses

Financial institutions are facing more trouble from SpyEye, a piece of malicious software that steals money from customers online bank accounts, according to new research from security vendor Trusteer.

SpyEye is a dastardly piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.

In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.

Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.

SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying to mimic — albeit in an automated way — how a real person would navigate a website.

Read More…..

Twitter Security Lagging,Says Experts

The fast-growing microblogging site Twitter is lagging behind some other Internet services in using methods to help secure the accounts of users, security experts say.

Weaknesses in Twitter’s security became apparent on the U.S. July 4 Independence holiday as a still unidentified hacker took control of a Fox News Twitter account and tweeted falsely claiming that U.S. President Barack Obama was dead.

While the hijacking of Twitter accounts is not new, the false Tweets about Obama generated headlines around the world.

The Secret Service is investigating the matter. Fox News has said does not know how the attacker gained control of its account, but complained that it took Twitter more than five hours to return control of the account to Fox.

“What Twitter needs to do now is to commit to a thorough review of their security practices,” said Daniel Diermeier, a professor at Northwestern University’s Kellogg School of Management. “For Twitter this is a very serious problem.”

Security experts said the attack might have been prevented if Twitter had offered two-factor authentication technology to secure its accounts.

Read More….

Chinese Government Questioned About Cyber-attack

The U.S. State Department questioned the Chinese government regarding an attack that had temporarily shut down the website Change.org after the site hosted a petition urging Chinese authorities to release artist Ai Weiwei from custody.

U.S. deputy assistant secretary Daniel Baer raised concerns about the attack in April with China’s foreign ministry, according to an official letter sent from the State Department to U.S. Rep. Rosa DeLauro (D-Conn.). Change.org obtained a copy of the letter and released it Tuesday.

The nature of those talks is still somewhat vague. The U.S. Embassy in Beijing said it had no current information on the matter and deferred to the State Department. China’s foreign ministry has yet to respond to a request for comment.

Change.org, an online petitioning platform, was the victim of a distributed denial of service (DDoS) attack originating from China on April 17. The attacks nearly brought down the site for days.

DDoS attacks can do this by using hundreds or thousands of hacked computers to drive traffic to a website. The data will become so overwhelming that the site will become inaccessible to users.

Change.org said the DDoS attacks from China continue to bring down the site intermittently. The FBI is investigating the case, said Benjamin Joffe-Walt, an editor with Change.org.

Read More….

Microsoft’s IE Latest Flaw: ‘Cookiejacking’

A technology security researcher has discovered a flaw in Microsoft Corp’s widely used Internet Explorer browser that he said may allow hackers to steal credentials to access FaceBook, Twitter and other websites.

He coined the technique as ”cookiejacking.”

“Any website. Any cookie. Limit is just your imagination,” said Rosario Valotta, an independent Internet security researcher based in Italy.

Hackers can exploit the flaw to access a data file stored inside the browser known as a “cookie,” which holds the login name and password to a web account, Valotta wrote.

Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique “cookiejacking.”

The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.

To take advantage of this flaw, the hacker must first persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.

That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to “undress” a photo of an attractive woman.

“I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server,” he said. “And I’ve only got 150 friends.”

Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.

“Given the level of required user interaction, this issue is not one we consider high risk,” said Microsoft spokesman Jerry Bryant.

Read More….

Amex Debuts Mobile Payment System

American Express has just debuted a digital payment and commerce service that makes it possible to use Android-based devices and Apple iPhones for person-to-person online payments. Visa announced a similar personal payment product in the U.S. on March 16.

Analysts say the moves by Visa and American Express are clearly aimed at challenging PayPal in the personal payments business.

The new Amex service, named Serve, allows consumers and small businesses to make purchases and person-to-person payments on iOS- and Android-based devices. Serve accounts are also accessible on personal computers through Facebook and at Serve.com.

Serve also allows users to create and manage sub-accounts for friends and family members.

Read more….

Visa Offers New Payment Service

Visa announced Wednesday it is developing a new service that will allow U.S. customers to send money directly to one another, presenting new competition to PayPal.

Visa already lets people send money to Visa accounts in many other countries, but this will be the first time it will offer the service in the U.S.

People who use banks that participate in the new program will be able to send money directly to someone’s Visa account by entering the recipient’s Visa account number, e-mail address or mobile-phone number in an online payment form.

Visa said it has made deals with two payment companies, Fiserv and CashEdge, so that those companies can allow their customers to send money to Visa accounts. Banks offer Fiserv’s ZashPay and CashEdge’s Popmoney services to their customers for sending money to other people. The first banks are expected to make the Visa service available through CashEdge and Fiserv in the second half of the year, Visa said. It’s not clear whether Visa will offer the service on its own.  Read More…

Microsoft Eyeing More Software For The iPad

The current rumor on the street is that Microsoft might be looking beyond the recently released OneNote for iPad. Insiders are saying Microsoft is closely monitoring the number of downloads of OneNote for iPad/iPhone/iPod Touch to perhaps gauge the possible interest in adding more productivity software for Apple iOS suite of products. Read More…..

« Previous Page