Data breaches cost companies a staggering $156.7 billion over six years

Data breaches cost organizations $156.7 billion over a six-year period, according to new data breach study by Digital Forensics Association.

The study presents data breach information collected from 2005 through 2010, including the disclosure of more than 800 million records over that period. The association said the overall data breach dollar figure did not include the costs that the organizations downstream or upstream incurred, or the losses sustained by the data breach victims. Further, the report, The Leaking Vault 2011, said the data breach cost estimate was low because 35% of the incidents did not name a figure for records lost.

On average, these organizations lost over 388,000 people’s records per day/15,000 records per hour every single day for the past six years, according to the report, which studied 3,765 publicly disclosed data breach incidents from 2005 through 2010.

In 65% of the data breach cases, the data disclosed included the subject’s name, address, and social security number. In contrast, only 15% of the incidents disclosed credit card numbers, and 16% disclosed medical information. Medical disclosures saw a significant increase with the addition of the 2010 data. This is more likely due to the reporting requirement of existing regulations going into effect than an actual increase in incidents, the report observed.

The data breach incidents where criminal use of the data was confirmed increased by 58% from the prior report. The two vectors most likely to show criminal use were the fraud and hacker vectors. Hackers were responsible for 48% of the records disclosed in the study.

Download file: Don’t have Data Breach Insurance? Read this… (39.pdf / 5,016kb)

Source: InfoSecurity

Valued Clients,

I personally wanted to take this time to update you on this piece of legislation and the recent Federal ruling relating to your debit card processing. If you have followed this government decision you no doubt are wondering how this might affect your credit card processing and the fees associated.

The Durbin Amendment was a last-minute addition to the Dodd-Frank Wall Street Reform and Consumer Protection Act. With the passing of the Durbin Amendment on July 29, 2011 the Federal Reserve announced their final regulation and effectively capped Debit and Check Card transactions at 21 cents per swipe and 0.05 percent of the transaction*, effective October 1, 2011.

While many details are yet to be clarified – technologically and otherwise – Axia is committed to passing on the savings attributed to the Durbin Amendment to our clients.

We anticipate that our customers will average over $1,000 annually in savings. It is important to note that this is actually more, on average, than what Axia receives for processing.

Please be aware, not all competing processing companies will be passing on all, or even a portion, of the savings to their clients. We earnestly desire to have our clients benefit from these positive financial changes and such savings reflect Axia’s long-term partnership and commitment with our clients. Added to our superior support, products and personnel it continues to affirm that Axia is the ideal choice for merchants and their payment processing needs and expectations.

As always, the greatest compliment we can receive is a referral from our clients. Please feel free to share this good news with your business friends, and we would enjoy the opportunity to serve as their payment processor.

We appreciate your continued trust in Axia and we celebrate with you this significant decrease in costs.

Sincerely,

Randal Clark,
President/CEO, Axia Payments

Download file: Durbin Amendment = Merchant Savings for Axia Clients (38.pdf / 597kb)

Season-to-Date Highest Growth in eCommerce, Apparel; Most Other Categories Also in Positive Territory

A macroeconomic indicator, SpendingPulse reports on national retail and services sales and is based on aggregate sales activity in the MasterCard payments network, coupled with survey-based estimates for all other payment forms, including cash and check. MasterCard SpendingPulse does not represent MasterCard financial performance. SpendingPulse is provided by MasterCard Advisors, the professional services arm of MasterCard Worldwide.

Source: Mastercard USA

The attacks by a band of hackers calling itself “Anonymous” were reportedly in retaliation for Visa Inc., MasterCard and PayPal Inc. dropping Wikileaks from their client rosters after the controversial website refused to stop publishing hundreds of thousands of pages of confidential cables between U.S. embassies and Washington.

The distributed denial-of-service (DDoS) attacks by the “hacktivists” involved the use of software Anonymous offered to supply free to supporters. Downloading the software connects the user to a network of hacker machines known as a botnet, which is used to flood websites with requests until the sites are unable to cope with the traffic.

The primary result of the attacks was to make the websites of PayPal, MasterCard and Visa temporarily unavailable due to the magnitude of the web traffic generated.

SecureCode service out briefly

Also unavailable was MasterCard’s SecureCode service, apparently because verification relies on loading pages from the company’s web server, which was one of the targets of the DDoS attacks. MasterCard SecureCode allows cardholders to create a private code for use in shopping online as added protection against fraud.

Mike Monsivais, a Security Analyst for SecurityMetrics Inc., a company that provides Payment Card Industry (PCI) Data Security Standard (DSS) compliance consulting and tools, pointed out that disruption of the SecureCode system didn’t mean users couldn’t make purchases online.

Monsivais said, “It means the system defaulted, or ‘failed over’ to asking them for the normal credentials needed to use your credit card online: credit card number, security code and expiration date.”

MasterCard posted a statement on its website stating, “Our core processing capabilities have not been compromised, and cardholder account data has not been placed at risk. While we have seen limited interruption in some web-based services, cardholders can continue to use their cards for secure transactions globally.”

DDoS attacks a fact of life

Security analysts suggest that the DDoS attacks vary in intent, method and impact from those launched by “financially” motivated hackers. When a financially motivated hacker launches an attack, “he’s attacking weaknesses in the protocols and applications on the vulnerable server to try and access it,” said Chad Horton, Penetration Testing Manager at SecurityMetrics. “In a DDoS case, they’re flooding the pipelines that feed into websites with legitimate traffic so that other legitimate traffic can’t get through.”

Security experts admit DDoS attacks cannot be prevented; they advise the best way to protect against intrusions from financially motivated hackers is to be vigilant and adhere to security best practices.

“Part of security is an appreciation that these sorts of things can and will happen,” said Tim Cranny, President and Chief Executive Officer of Panoptic Security Inc., a technology security company specializing in PCI compliance. “You do everything you can to prevent it, but then you also do everything you can to mitigate the effects and consequences of it.”

Source: The Green Sheet

The U.S. online retail sector delivered strong growth on Cyber Monday 2010 compared to the same period last year, according to powerful analytics-based findings by IBM (NYSE: IBM).

IBM’s findings expand on the company’s earlier report that Black Friday 2010 delivered double-digit growth over 2009, and its forecast that in-store sales of consumer electronics and appliances in U.S. retail stores would get an early start this year, with consumers spending a larger-than-usual share in November.

Download file: Cyber Monday 2010 Benchmark Report (36.pdf / 1,440kb)

Source: Coremetrics

We believe our merchant statements are designed very well to begin with, however we have made a few subtle changes that provide an even better experience. If you click the URL link it will bring up a sample draft of our new statement for your review. Some of the more noticeable changes are:

1. Axia logo on top of header to better help identify our statement.
2. Truncated Routing and Deposit Account numbers for better security.
3. Better Summary of Deposits provides easier reconciliation with bank statements.
4. Larger notes area for future updates.

We have increased our security protocols and provided you with a better, more direct and immediate access to your historical data. Click the link here to access the reporting page. For future reference, that url is: http://www.axiapayments.com/cap/

IMPORTANT: If you have not received the emails below by Nov 3rd, please email us at support@axiapayments.com and we can send you your login information immediately.

As part of our increased security efforts, you will be receiving two new emails very soon from “do-not-reply”, if you have junk mail filters please remember to check there as well:

1. The first email will contain your new login.
2. The second email will contain your temporary password. Once you login you will be prompted to create a new password.

Over the course of the last 6 months Axia has been in development, with our vendor partner Simply Swipe It, on a credit card terminal application for the iPhone. If you are interested in:

• The ability to take mobile payments at lower costs
• An inexpensive system in case of failure on your credit card system
• A solution to processing transactions in difficult environments

For more information please visit Simply Swipe It’s website.

We are currently in a BETA testing stage, if you would like to be a part in testing this revolutionary new credit card terminal please fill out the Got Questions section at www.simplyswipeit.com and someone will contact you soon.

Launch Time Frame: We anticipate the iPhone application launching by mid-November for keyed transactions and by 1st quarter 2010 for swiped transactions. We are currently testing our prototype for swiped transactions, so stay tuned for further updates.

Click the URL Link below and you will be sent to our Merchant Referral Webpage where you can simply fill in 3 business referrals. For each referral that begins processing with Axia you will receive $100.

Once you fill out the form it will email it to our offices or if you prefer you can click the attached PDF file. Once you have filled it out you can fax it back to us at our toll free number (877.875.5135).

When each referral has processed with Axia for a minimum of 90 days we will initiate a credit to your merchant statement.

Thank you again for your referral, we look forward to demonstrating our value to Axia while we continue to do so for you!

Download file: Introducing Axia’s Merchant Referral Program (32.pdf / 176kb)

As a result of these thefts, merchants and financial institutions suffer fraud losses and unanticipated operational expenses, and consumers are inconvenienced significantly.

To protect your business, your customers (cardholders), and the integrity of the payment system, each of the card companies has in place a set of requirements governing the safekeeping of account information.

This document gives a brief overview of the most critical aspects of those requirements.

Download file: Merchant Requirements for Securing Cardholder Information (24.pdf / 45kb)

Date: 08.11.2004

Source: Visa, MasterCard, American Express, Diners Club, Discover, JCB