Payment Matters: No 7 - Worldwide News

• Financial services

24-02-2014

Snapchat and Skype Hacks results in data security breaches by the App

Over the Christmas holiday period, Snapchat users’ information was inadvertently released following a gap in the app’s security software. It resulted in usernames and phone numbers from up to 4.6 million accounts being downloaded by an unconnected website. Security researchers confirmed that the app’s Android and iOS versions were vulnerable to hacking and could be accessed to reveal users’ personal details.

Even with further security put in place by Snapchat after the event, the website responsible for the hack was still able to access further information relating to Snapchat’s users. At this stage, it remains unclear whether Snapchat have resolved the issue satisfactorily.

Snapchat was not the only victim of hacking events over the festive period.  The Syrian Electronic Army claimed credit for hacking into users’ accounts on Skype. The group also published the contact details of Microsoft’s retiring Chief Executive, Steve Ballmer. The hack was a protest at the US’ alleged monitoring of personal communication accounts.

What this means for you

Whilst the security breaches committed by the hackers included personal information, it did not include users’ card details.  That possibility remains very real. Payment processors need to remain alive to the use of card details with apps. In order to avoid security breaches, robust security measures need to be in place and ongoing checks on merchants involved in this business should be completed with PSPs looking towards compliance with PCI DSS as the gold standard in data security.

New Rules on Prepaid Cards in Canada

Transactions using prepaid cards still represent a relatively small proportion of non-cash payments but there has been a large increase in the use of pre-paid cards in recent years. Recently, the Federal Trade Commission of Canada announced proposed new regulations to abolish expiry dates on prepaid cards. In addition, card issuers will not be allowed to impose fees in relation to dormant balances during the first year of use. Canada also intends to publish a comprehensive consumer financial code to provide better protection to consumers.

The proposals are in response to consumer complaints about fees not being properly set out for their consideration and the fact that, on expiry, any funds remaining on the prepaid card would be lost and would no longer be accessible to the cardholder.

What this means for you

Whilst the regulations set out above relate to Canada, similar regulations are already in place in the UK and the Consumer Financial Protection Bureau in the USA aims to introduce similar provisions this year. The industry should be alert to changes such as this since the popularity of prepaid cards only seems to be increasing as a useful alternative to credit and debit cards.

Reporting information

AUSTRAC (Australia’s anti-money laundering and counter terrorism financing regulator) was recently able to uncover a large drugs syndicate and recover substantial sums of money from those criminal activities. The drugs gang set up an intricate web of company structures and property portfolios in an attempt to clean the money received in return for the supply of drugs.

The drugs syndicate was unwound when two suspect transaction reports were made to AUSTRAC which alerted them to their conduct and the police were informed. One of the members of the gang was noted to be making multiple cash deposits on the same day for sums just below the $10,000 reporting threshold. As a result of the alerts, and AUSTRAC’s intervention, the police were able to undo the syndicate resulting in the recovery of assets and prison sentences for those involved.

What this means for you

Where suspicious transactions are flagged by financial institutions systems, they should be reviewed and consideration should be given to whether a report should be made to the police or relevant other authorities. Information held by financial institutions can be key to their investigations and may uncover crimes that they were otherwise unaware of.

This extends to merchant acquirers. Where numerous chargeback requests are being received, it would be prudent for the reasons behind those chargebacks to be reviewed and scrutinised. For example, if refunds being received cite the fact that goods received are counterfeit, notifying the relevant authorities may result in the fraudulent activity being stopped.