25. July 2010 · Comments Off on Fraud related to virtual goods sales increases to 1.9% · Categories: Fraud, Security-Compliance · Tags: , ,

The Wall St. Journal is reporting that fraud related to the sale of virtual goods, primarily in online games, increased to 1.9% in 2009. This compares to 1.1% for physical goods. These numbers are coming from CyberSource Corp., a subsidiary of Visa, which provides payment management services including fraud detection related to the sale of digital goods. (We at Cymbel have no relationship with CyberSource or the other vendors like PayPal mentioned in the article.)

While interesting, these numbers are not surprising. As the article states, many of the precautions that can be used in the physical world, like checking the shipping address against the address on the credit card, are not available in the world of purely digital goods.

So for those selling digital goods, selecting a payment processing provider should be just as much about its fraud detection capabilities as processing fees.

10. January 2010 · Comments Off on Heartland to pay Visa up to $60 million for its 130 million credit card data breach in 2008 · Categories: Breaches, Legal · Tags: , ,

Heartland Payment Systems has agreed to pay up to $60 million to Visa and Visa Issuing banks for its 2008 breach of over 130 million credit card data. The press release offers very little in the way of details and simply says, "Visa will present the details of the settlement in coming days."

A key question is whether this settlement includes the issuing banks' costs for reissuing cards or just losses due to actual card fraud directly related to the illegal use of the stolen card data.

Recently, issuing credit card unions and their insurance company lost a lawsuit they filed against BJ's and its acquiring bank, Fifth Third, for losses they incurred which resulted from BJ's 2004 breach. The key  difference with this settlement is that Visa was directly involved in the negotiations. If Visa were to terminate Heartland's Visa card processing contract, it could be an existential blow to Heartland.

The amount of this settlement blows well past the $12 million CEO Bob Carr said Heartland set aside when he announced the $3.6 million settlement with American Express. Of course, it may be years before we know (if we ever find out) exactly how much Heartland actually has to pay.