Microsoft Refunds Dad for $8k Worth of Credit Card Charges

Microtransactions are used in games to let you buy anything from new lives, energy to complete tasks and even unlocking weapons or equipment early. Some companies have suffered due to their introduction of microtransactions, and many wish to avoid charging what are often seen as additional fees for power boosts. FIFA is one game to include such transactions, as one dad find out when he received a bill totaling nearly $8,000.

December 23rd, 2015 came and Lance Perkins received his last bill for the year only to find $7, 625,88 worth of charges from the Xbox. The credit card in question was given to the son to make emergency purchases for the family’s convenience store.

“He thought it was a one-time fee for the game,” Perkins said, contacting the credit card company did little help though with the company refusing to act unless he charged his son with fraud. Still seeking help Perkins contacted Xbox looking for help removing the charges. Within minutes, the company responded saying that the bill would stand. Microsoft said they would look into the charges when Perkins informed them that his son was a minor, only 17 years of age.

Microsoft has since changed their mind, removing the charges. In a statement, Microsoft wanted to remind users that “Purchases made using a parent’s payment account are legitimate transactions under the Microsoft Services Agreement, and we encourage parents to use the many platform and service features we make available to prevent unapproved charges,”.

If you are playing a game which has microtransactions you should always play it safe and double-check bills and game accounts for transactions, authorised or otherwise.

Security Firm Sued For Incorrect Forensics Report

Remember when you are watching those TV shows, you know the ones, where government agencies are trying to track down bad guys who have breached a “secure” network? Happens in real life too, with companies like Affinity Gaming finding out the hard way.

Affinity gaming is a Las Vegas-based casino operator who discovered back in 2013 that their network had been breached and people were able to get to the credit card data. Sounds familiar right? Affinity Gaming hired the security firm Trustwave to investigate and isolate the breach, effectively fixing the problem. At the end of the investigation, they claimed that the data breach was “contained”, then adding comments on how to “fend off future data attacks”.

Affinity Gaming then found that they were suffering another data breach, for which they hired the data security firm Mandiant to investigate. It was during Mandiant’s investigation that they worked out the work previously done was only on a “subset of Affinity Gaming’s data security”. This coupled with the fact that they “had failed to identify the means by which the attacker had breached” their systems meant that overall Affinity Gaming believes Trustwave was responsible for “misrepresentations and grossly negligent performance” which in turn they believe cost them “significant out of pocket losses”.

Listing 76 steps outlying their interactions between the three companies and now the complaint, you can see why if one company promised to protect your data and then was found to have failed this task, you would want your money back.

Hide Your Wallets – Steam Winter Sale Starts Today

It is that wonderful time of the year again, the time where you should hide your wallets and credit cards far away and preferable forget where they are until next year. The reason, Steam Winter Sale is starting today and it is that time where your risk buying hundreds of games because they are cheap and look interesting enough to be worth it.

There will also be a lot of high-profile games on sale as there is each year and while PayPal told us the date for the sale a while ago, we don’t know what actual games will be on sale yet. But there are only a few hours until we all find out.

This year as every year, Steam created a profile badge for the sale where you can collect trading cards in order to craft your badge and get an emoticon, background, or other in-game items. Usually, you’ll get one card for free each day for logging in and more for every 10 dollars you spend during the sale.

Are there any special deals you are hoping for? Some game you have been waiting to get? Or have you already spent all your money in advance to be out of the risk zone? Let us know in the comments.

Hackers Post 10GB Stolen Data as Ashley Madison Stays Online

It has been a while since hackers attacked the online cheating site Ashley Madison where the hackers claimed that they had downloaded pretty much all relevant information about the users from the site. For those who don’t know it, Ashley Madison is an online dating site specifically designed and advertised to married people who want to cheat on their partner. A pure disgrace in my book that a site like that is allowed to stay online, but that is beside the point right now.

The hackers wanted the site to shut down and threatened to release the user data if that didn’t happen. The site didn’t give in to the blackmail as it looks to be a very lucrative operation, even though they’ve exposed for having 90-95% male profiles and most female profiles being faked by the company. I don’t think that women cheat less than men, perhaps they’re smarter about it.

Now the hackers have made good on their promise and released 10GB stolen data that includes not only usernames and emails, but also appears to contain credit card information to pay for the membership as well as many other personal information. While the site doesn’t verify the profiles in any way and it is possible to create fake profiles with any email you wish, it’s still scary how many government email addresses were found in the database.

Avid Life Media, the company behind Ashley Madison, condemned the release of the data with a statement: “This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world.”

All the information has been posted to the “Dark Web” that only can be accessed through the Tor browser. It will be interesting to see what new dirt will show up as experts dig through the data and decrypt the parts that were secured.

Thank You Wired for providing us with this information

2.4 Million Carphone Warehouse Customer Accounts Hacked

Carphone Warehouse, the biggest independent mobile phone retailer in the UK, has been hacked. The company confirmed that up to 2.4 million customer accounts have been compromised, and around 90,000 encrypted credit card records could have been stolen. Carphone Warehouse operates through a number of resellers, so you may not be aware that you are a customer of the company. Resellers and associate services include OneStopPhoneShop.com, e2save.com, Mobiles.co.uk, TalkTalk Mobile, Talk Mobile, and iD Mobile.

“We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems,” Sebastian James, Group Chief Executive of Dixons Carphone, said. “We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”

Though the hack was discovered on Wednesday, Carphone Warehouse failed to admit to it until Saturday. It stresses, though, that Currys and PC World customers, two businesses owned by the Dixons Carphone group, were protected from the attack as their data is stored within a separate database. A “leading cyber security firm” is helping Carphone Warehouse find the vulnerability in its system and prevent it from happening again.

Thank you Engadget for providing us with this information.

Hackers Can Now Use Square Reader to Act as a Credit Card Skimmer

The Square Reader device has been a popular and cheap alternative to point of sale devices. However, as you know where everything is heading nowadays, what can be used to make transactions can also be used to hack your accounts too.

A few grad students seem to have managed to alter the Square Reader with everyday tools so it can be used to skim credit cards. They say that this was made possible due to the fact that Square Reader is made using cheap components and direct communication with smartphones. Of course, its developers wanted it to be cheap and effective, but in doing so, they opened up other unwanted doors too.

The mod consists of stripping away the encryption on the Reader, which makes all credit card information visible after swiping it through the device. Of course, once modified, the Reader becomes unusable with the official Reader app, but the student researched a way of making a custom app and adapting it to the hacker’s purpose. The app they made was so great that it automated the whole process, meaning that a hacker would have access to a target’s bank account as soon as he or she swipes the card through the tampered Reader.

So, the bottom line here is that the devices are not as safe as people thought. If you’ve paid a merchant through a Reader device, you should keep an eye on your bank statement. It is said that all models of the Reader are vulnerable and can be tampered with, so customers should take caution when completing transactions through a Reader device.

Thank you Motherboard for providing us with this information

Image courtesy of Mashable

Amazon’s New Prime Credit Card Offers 5% Cash Back

Amazon is rolling out a brand new store card that gives holders that are Prime members 5% cash back on eligible Amazon.com purchases. The card is different than the current popular Amazon Rewards Visa from Chase, which does not offer the 5% cash back.

The new Amazon.com store card also gives holders the options of 5% cash back in the form of statement credit or 0% financing on purchases more than $149. The store card does not have an annual fee, is backed by Synchrony Bank and comes with fraud protection for piece of mind.  The holder must have their own Prime membership to be eligible for the cash back, as being an invited guest on a Prime account will not count. This card will be a good choice for those users who use Amazon Prime frequently and pay off cards every month, as it does carry a 25.99% APR.  Signing up for the card and being approved will get you a free $40 gift card to make the deal even better.

The only items that are not eligible are “Amazon Prime memberships, digital newspaper and magazine subscriptions, games and software downloads“, as stated by Amazon.

Source: LifeHacker

Scientists Developing Unforgeable Credit Cards

Dutch scientists have created a theoretical system that could render credit cards nearly impossible to clone. Currently, credit cards are secured by numerical encryption which, given the appropriate equipment, can be deciphered so that the card can be copied. Scientists at the University of Twente in the Netherlands propose using quantum encryption to secure the credit cards of the future.

Quantum technology uses shaped photons to transmit data in configurations so unique they are the technological equivalent of a fingerprint. Project leader Professor Pepjin Pinkse explains, “The best thing about our method, which we’ve called Quantum Secure Authentication (QSA), is that secrets aren’t necessary… so they can’t be filched either.”

The team maintain that the system could be easily implemented using current technology, so credit card cloning could soon become a thing of the past.

Source: E & T

Quixter Shows How Your Palm Can One Day Replace A Credit Card

Quixter, created by engineering student Fredrik Leifland at Lund University, aims to replace the standard method of  paying at your local retailer by removing the need for a card or device completely. Instead it uses your palm and a phone number. NFC was aimed to speed things up by allowing you to just wave a device over a machine. But there’s still a lack of NFC-enabled devices on the market and it still requires a device be present.

The technology works by integrating a biometric scanner into the payment device. Then, once signed up, the user can pay simply by allowing their palm to be scanned for a couple of seconds and then entering the last four digits of their phone number. It’s secure because every vein pattern in a hand is unique. It’s also very convenient as you aren’t fumbling in your pocket for the thing that allows you to pay.

Quixter is only working as a system at Lund University right now with 1,600 users. It’s possible that it may expand into the consumer space, but for now NFC looks like the safer bet.

[youtube]https://www.youtube.com/watch?v=s1fJLZAtD2Q[/youtube]

Thank you to Tech Crunch for providing us with this information.

NSA Reportedly Snoops Millions Of Text Messages With The Dishfire Program

NSA has been reportedly using SMS messaging to extract data on location, contact networks and credit card details of mobile users. British spies were given access by the NSA to search the collected “metadata”, information about the text messages but not the actual contents, of British citizens.

The Guardian and Channel 4 have reported that the program, codenamed Dishfire, collects every data it can from the handsets and sends it back to the NSA for processing. It works by collecting and analysing automated text messages such as missed call alerts or texts sent to inform users about international roaming charges. It is also said that the project can work out phone users’ credit card numbers using texts from banks.

“All of GCHQ’s work is carried out in accordance with the strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate and that there is rigorous oversight,” the statement cited.

The statement is taken from an internal NSA presentation from 2011 on the Dishfire program and papers from the GCHQ facility. The report comes a day before US President Barack Obama is due to give a long-awaited speech proposing curbs on NSA phone and internet data dragnets exposed by fugitive intelligence contractor Snowden.

Thank you ZDNet for providing us with this information

US Launch Their Largest Ever Hacking Fraud Case

Five men in Russia and Ukraine have been charged after it was found they were running an operation that allegedly stole more than 160 million credit and debit card numbers, including those from many major US companies that included Nasdaq, Visa, Dow Jones and JC Penney over a period of seven years, making this the largest ever hacking fraud case ever launched in the US.

US attorney for the District of New Jersey, Paul Fishman said that the case was “the largest ever hacking and data scheme breach in the United States”.

The scale of the case just gets more and more ridiculous as the damage done on just three of the corporate victims totals around $300m (£196m) in losses according to prosecutors. While other victims included the Heartland Payment Systems, French retailer Carrefour, Dexia Bank Belgium and 7-Eleven, so pretty much ever major company out there may have been stung on one level or another, as 160 million credit card and debit card numbers is a LOT of bank accounts to be compromised in a seven year period.

The defendants are known as Vladimir Drinkman, Aleksander Kalinin, Roman Kotov and Dmitriy Smilianets, all from Russia, and Mikhail Rytikov, a Ukrainian. All five have been charged with taking part in a computer hacking conspiracy to commit wire fraud, although given the vast scale of the evidence it doesn’t seem like they’ll have much trouble proving their case.

“This type of crime is the cutting edge,” said Mr Fishman. “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security.”

The team used techniques such as hacking SQL databases, uploading malware and phishing sites that could use “sniffer” software to find valuable personal data. The credit card details were sold for around $15 – $50 each according to prosecutors.

They were obviously good at what they did to get away with this for so long on such a massive scale, but it seems they got too greedy and the law caught up with their trail in the end.

Thank you BBC for providing us with this information.

Image courtesy of Telegraph.

New Malware Targeting ATMs of Major U.S. Banks

A new malware called “Dump Memory Grabber” is found that has been collecting information about credit/debit card information from ATM and point-of-sale systems from major U.S. banks.

This malware is reported by a Russian-based security company called “Group IB” and it seems that the author who made this malware is affiliated with a Russian based cyber crime gang. The security company pointed out that the malware has already stolen multiple data of credit and debit cards from Major U.S. banks such as Chase, Capital One, Citibank and Union Bank of California. Currently Group IV has been working closely with VISA, U.S. banks and U.S. law enforcement agents by sharing its findings about the Dump Memory Grabber malware.

The “Dump Memory Grabber” malware collects and transfers Track 1 and Track 2 data which are encoded into the magnetic stripe of the credit/debit cards. These information includes first and last name, expiration and the bank account number. With this information, one can create a cloned physical debit card.

The malware is written using C++ without any additional libraries which adds itself to the system’s registry and runs automatically whenever the system is on. The malware then creates a txt file which contains memory dumps and stolen data, which is then transferred to a remote server via FTP. It was found that it is a Russian based as the IP address of the remote server originates from a Russian based ISP called “Selectel”, and it was associated with a domain name “CISLAB” which is a Russian company.

It was found that a Boston’s Blanchard’s Liquors also had their POS affected by a malware over the weekend and reports of some customers who have been charged for no reason. After notifying its other customers, they have taken down their credit card machines. Its not clear if they have been affected by the same malware.

Andrey Komarov, CTO of CERT-GIB who is affiliated with Group IB said pointed out they have also found one of the C&C (Command and Control) servers, but many POS and ATMS were infected, and the issue is currently under investigation.

Source: Security Week

Paypal Starts Chip-and-Pin Payment Device in the UK as an Alternate Payment Method

Well-known online payment gateway Paypal has launched a chip-and-pin machine for market traders, taxis and shops allowing them to accept credit and debit cards and even their Paypal option.

Paypal stated that this new device will cost under £100 and charges less than 3% transaction fees.

[youtube]http://youtu.be/IVR0IM5rxvI[/youtube]

David Marcus, president of Paypal said the following:

“At Paypal, we spend a huge amount of time talking and listening to small businesses. They are the core of Paypal’s business and they’ve told us that they want a simple, secure way to take card payments anytime and anywhere they trade.”

As of now Paypal is offering these new devices only to a few selected businesses, but it expects to have a full launch by summer 2013. Once they’re able to implement this successfully in the UK, Paypal have already started to make plans to expand this alternate payment procedure in other countries.

Devices like this aren’t new. Even in the UK, there are similar alternate payment methods where Paypal faces competition. Even in the United States, there is a dongle-type device which plugs into a mobile phone and can be used as a credit card reader. There are companies such as iZettle, Intuit and mPowa who have already rolled out similar devices and as said by an analyst of research firm Ovum, Eden Zoller, these types of devices are popular in the US so it makes sense to have an optimized version in the European market.

This will be a boon to small business owners, such as Mark Thomas who runs an ice cream stall at London’s Borough’s Market who will one of the first to use this device.

He said,”Cash is king in the market, but people run out of cash very quickly, and we often lose sales because customers can’t face the long weekend wait at the ATM.”

[youtube]http://youtu.be/IxJ49LtfhLo[/youtube]

In any case, Paypal has a large presence and a huge database, not to mention one of the well-known ways for international and/or online payment. Since you can also use your Paypal account to make payments from these devices, it adds as a +1 advantage.

Source: BBC UK