Anyone who regularly banks online is at risk from the malware, which has the ability to harvest passwords and customer numbers which then can be used to make transactions within an individual’s account which seem legitimate to the bank, but are actually the work of criminals.

One out of every 500 computers in the UK is infected with the Silon.var2 malware, whilst one in 5000 has Agent.DBJP onboard, according to security firm Trusteer. This penetration level is much lower than in the USA, but as a result of the regional, small scale targeting it has been much harder for the large security vendors to react to what seems to be a limited, local issue.

Two botnets based in the UK have also been identified and the specificity of these is equally troubling, as UK banks seem to be the only target, with UK-based computers being harnessed to make the attacks. This tactic is another that aims to circumvent the conventional malware detection process of anti-virus firms and it seems as though the criminals have been able to work around many security systems that would usually guarantee the protection of personal data.

The group behind this malware are targeting UK citizens through spam campaigns which centre around local issues, as well as piggybacking on formerly legitimate websites which have become compromised.

Trusteer’s Mickey Boodaei said that a small number of UK banks were being targeted by the current campaign, with between three and seven being hit at the same time, as opposed to the hundreds of financial institution which can be targeted by the better known data theft tools which are thus largely defeated by the anti-virus vendors.

The small group of target banks are repeatedly attacked for up to nine months at a time, according to Mr Boodaei, before the focus of the criminals changes and the malicious software evolves.

UK financial data targeted by malware campaign is a post from our Online Backup blog. Contact us today for business continuity consulting.

PCI DSS is being instigated by Visa from the start of July. As a result, the electronic point of sale (EPOS) and online retail sites operated by many of the smaller enterprises in the UK could come under scrutiny and be deemed inadequate under the new rules.

Larger businesses have until the end of September to ensure compliance with PCI DSS as the process of converting outdated systems is perceived to be lengthier and more complex within organisations of significant size.

Regulators have divided businesses into multiple tiers in order to separate out those businesses dealing with the most significant volume of transactions annually from those responsible for the least. The first tier businesses are the largest, with six million or more payment card transactions channelled through them annually, while the fourth tier enterprises experience less than 20,000.

Experts believe that Visa will start issuing fines to firms that have not ensured complete compliance as soon as the rules come into effect for that particular tier.

The acquirer will be fined by the payment card firm and these fines and associated costs will be passed onto the non-compliant business, according to Barclaycard’s head of security, Neira Jones.

Smaller firms from tiers two to four are encouraged to ensure complete PCI DSS compliance, because any breach will not only result in direct fines, but may also move them up the pile to be considered alongside tier one firms and their associated charges, which could have a long lasting impact according to data security expert Mathieu Gorge.

Some believe that smaller firms are being penalised under the new system, with security advisor John Walker suggesting that the limited understanding and explanation of PCI DSS rules to lower tier UK businesses could result in fines and poor treatment for those who unwittingly break the new regulations.

PCI DSS compliance heads for UK in July is a post from our Online Backup blog. Contact us today for business continuity consulting.

Andrew Brant, a malware prevention blogger, explained in a recent post that consumers should be wary of any emails claiming to have originated from Visa and asking them to follow a link and update their payment card details online.

The malicious emails link to the phony but authentically designed site and users are then encouraged to enter a significant number of personal details, including answers to any security questions you may have used when setting up your Visa account.

Brant assured readers that this was the first indication that something was afoot, as no Verified by Visa payment type scheme should ever ask you for extensive personal information. This rule is applicable to site online with which you already hold an account and vigilance is essential if consumers wish to avoid having their personal information harvested with their unknowing complicity.

It is believed that this new phishing scam is being perpetrated by a particularly sophisticated group that has put a lot of effort into making the page look authentic. A casual viewer might be hard pressed to tell the difference between an official Verified by Visa page and the fake site.

Online security expert Nigel Hawthorn urged worried consumers to invest in a URL filter for their computers so that they would never accidentally enter information on phishing sites. Because data harvesting via phishing does not utilise virus or malware techniques, but is instead a con based on misleading online shoppers, standard antivirus software will not be an adequate defence.

Hawthorn emphasised the need for additional security tools which do more than just filter spam and remove viruses. He also pointed out that the new Visa phishing campaign could have a widespread effect because Visa itself has been associated with watertight online security in the past, so consumer trust is intrinsically assured by the brand.

Visa online payment system targeted by cyber criminals is a post from our Online Backup blog. Contact us today for business continuity consulting.

IBM has called the lengthy breakdown an ‘interruption’ which it says was caused by a major upgrade to the payment system which occurred in unison with the switch-over. Customers who could not make the Congestion Charge payments online were forced to use either the mobile payment service or to make their payments at one of the many retail outlets in and around London.

Transport for London was forced to apologise on behalf of IBM and assured its customers that no one would be improperly penalised as a result of the recent crash. Sources inside TfL claimed that some customers could be issued with incorrect penalty notices. It was also claimed that IBM had not undertaken the necessary planning in order to ensure a smooth changeover, though these allegations have yet to be substantiated.

The downtime further detracted from the reputation of the IT giant after Southwark Council began the process of claiming £700,000 in damages from IBM just three days earlier. The allegations levelled at IBM include claims that they failed to provide the council with a satisfactory Master Data Management system. It was also alleged that IBM failed to act on the findings of a review which identified the key areas of failure within the MDM system.

In response to the lawsuit, IBM stated that it regards the allegations as founded on false evidence and that it will be refuting any limitations to its services during the ensuing legal proceedings. Whether these events will tarnish the reputation of a trusted brand within the capital remains to be seen, but IBM has certainly had its data management skills brought under the glare of the media spotlight.

Congestion charging online payments fail during hand-over is a post from our Online Backup blog. Contact us today for business continuity consulting.