Copyright violations

Ronald Raygun Remailer alzheimer at juno.com
Mon Nov 25 08:51:16 PST 1996


[This should make you feel better about GAK]


New York Times: Thursday, November 21, 1996
 
Social Security Workers Held In Frauds Using Credit Cards
 
By LYNDA RICHARDSON
 
Federal officials announced the arrests of a group of Social Security
Administration employees Wednesday, charging them with passing

confidential information on at least 1,000 people to credit-card thieves
for
bribes as little as $10. 
 
Under the scheme, the employees would give out confidential information
that
would allow the credit-card thieves to use the cards when they made
purchases. The authorities think the thieves were able to obtain the
cards by
stealing them through the mail, in some cases.
 
The authorities said six current or former employees and a former
security
guard with the agency were arrested Tuesday in the scheme, which resulted
in at least $10 million in losses to credit card issuers from October
1995 to
this June. The credit card issuers are Citibank, Visa and Mastercard. 
 
The employees were charged with bribery and misuse of a government
computer, and face prison terms of 2 to 15 years and fines up to
$250,000. 
 
The arrests resulted from a federal investigation that began in February
into
what computer experts say may be one of the biggest breaches of security
of
federal government data on residents. 
 
Officials said 20 people have been arrested, including 10 current or
former
employees of the Social Security Administration. The scheme was first
detected in February by Citibank, which noticed an unusual amount of
fraudulent charges on credit cards it had mailed to customers but that
the
customers said they had not received, officials said. 
 
Like many banks, Citibank has a security procedure that requires
customers
who receive new cards to activate them by calling a toll-free telephone
number and provide some personal information, like their mother's maiden
name, to activate the credit card. 
 
The bank discovered that its security system had been foiled in dozens of
cases in which cards were activated by someone who was not the cardholder
but had access to the cardholder's mother's maiden name. 
 
Investigators for the Social Security Administration, which keeps files
of
maternal maiden names and records the identification number of employees
who call up files, determined that an employee at the Brooklyn Social
Security office had illegally looked at the personal records of nearly
two
dozen people and sold the information to conspirators, who activated
credit
cards, said Philip A. Gambino, an agency spokesman. 
 
Based on information from that employee, the agency identified several
other
employees who had illegally released confidential information, often in
exchange for bribes. Those arrested this week were described as low-level
workers, including claim representatives and clerks. 
 
In 1,000 cases, credit cards were activated using information illegally
provided by the government employees, Gambino said. 
 
``Most have been fired and the others are in the process of being
fired,'' he
said. 
 
Officials said the thieves who approached the Social Security employees
already had access to Social Security numbers and wanted the numbers run
through the agency's database. Social Security numbers are the closest
thing
to a universal identifier that Americans have, and are widely available
from
public sources like college and employee ID cards and hospital tags, and
even driver's licenses in more than 30 states. 
 
The investigation has resulted in the arrests of nine people, including
seven
Nigerians, who are accused of receiving or using the stolen confidential
information to commit various types of credit card fraud, said Brian F.
Gimlett, the special agent in charge of the Secret Service in New York. 
 
He said the stolen or reissued credit cards were used to buy merchandise,
obtain cash advances and line-of-credit checks and make illegal
withdrawals
from automated teller machines. 
 
Gimlett said the conspirators who approached the government workers were

not part of an organized crime ring. 
 
``Actually, most were individual operations, but doing the same type of
crime,'' he said. ``This is another example of greedy people finding new
ways
to compromise the security systems to financially gain from credit card
fraud
and other types of fraud.'' 
 

 
EFT Report: November 20, 1996
 
Micro Card Targets U.S. Smart Card Market
 
Bull CP8 Transac, of France, says it wants to help U.S. banks issue smart
cards through its U.S. subsidiary, Micro Card Technologies, of Billerica,
Mass. The company believes that 60 percent of the smart card opportunity
resides here, says Gerald Hubbard, vice president of marketing. That
market
is expected to grow to a total of about $100 million to $200 million by
the
year 2000, according to industry figures. 
 
Debit and stored-value cards are targeted as the first smart-card
applications
to be issued in the United States. 
 
As a result, Micro Card is forming alliances throughout the card industry
to
penetrate the U.S. market. It recently partnered with NBS, of Plainfield,
N.J., one of the nation's largest card manufacturers. 
 
Bull's strategy is similar to that of its competitors, says Ben Miller, 
president
of CardTech/SecurTech in Bethesda, Md. 
 
All the world's major smart card firm are bringing smart card
capabilities in
from offshore and have set up acquisitions or partnerships with U.S. card
manufacturers to build strength and confidence from American bankers,
Miller says. Schlumberger, also of France, recently bought Malco. 
 
The existing manufacturing facilities are secure and card association
compliant, helping the companies earn industry trust. The firms, in turn,
receive an existing revenue stream from the magnetic stripe sales, Miller
says.
 
Micro Card claims it has the longest U.S. history of its competitors. It
set up
shop here in 1984 and has since participated in several smart card
closed-system initiatives. For example, U.S. Marine Corp.'s recruits in
Parris
Island, S.C., receive their pay on CP8 Micro Cards, which are accepted at
post exchanges for cash withdrawals and purchases. Micro Card also has
been selected to provide half of the card readers in the Citibank and
Chase
Manhattan Bank smart card pilot in New York. 
 
Micro Card sells readers, encoders and several different types of cards
ranging from the basic one-issuer, multiple-application system, called
SCOT,
to its high-end electronic purse card that can handle multiple
applications
from several unconnected service providers, says Hubbard. Its crypto card
uses public key cryptography to secure transactions, Hubbard says. 
 

Micro Card's systems all contain microprocessors and comply with Europay,
MasterCard and Visa (EMV) standards as well as International Standards
Organization specifications, he adds. Micro Card also is partnering with
Redmond, Wash.-based Microsoft and several smart card vendors to
develop integration standards for smart cards and personal computers. 
 
 
 
Evening Standard (London): Monday, November 18, 1996
 
Smart Card Code is Cracked
 
By Flora Hunter 
 
A Cambridge scientist has broken the smart card code, casting doubt over
the card's future as the ultimate security device. 
 
Dr Ross Anderson's work, published today, has been kept secret for six
months to allow institutions such as the Bank of England to review
security. 
 
The Cambridge University computer expert claims his methods of accessing
information from smart cards, which were previously thought impenetrable,
could be used by organised criminals using simple equipment. 
 
He is warning banks and other financial institutions to rethink their
security
operations, as his breakthrough could lay bare the private financial
secrets of
everyone from governments to the holders of High Street bank accounts.
 
Smart cards are used as identity tokens in satellite TV cards and bank
cards.
They are also used as top-level security passes at nuclear installations.
The
Government recently announced plans to store information such as driving
licence, tax, social security and pension details on individual smart
cards. 
 
Today, Dr Anderson said: 'For a number of years these smart cards and
processors have been marketed as tamper-proof. If you try and get into
their
chip using whatever method, they are supposed to be inaccessible. 
 
'We have developed techniques that can get into most of these smart cards
and I believe they can all be accessed. Banks are moving away from
magnetic cards towards smart cards to improve security but they are going
to
have to think again. 
 
'They are going to have to rethink their whole security process because
we
have shown the security processors can be attacked with the kind of
equipment available to any undergraduate. 'Organised criminals could use
the
techniques to cause disaster to financial institutions.' 
 
Smart cards can store information on a tiny microchip embedded in the
plastic which lets the user access electronic and computer systems. 
 
Banks and other financial institutions must now make immediate changes to
their sophisticated security systems, which could cost millions of
pounds. 
 
In conjunction with an American colleague, Dr Anderson has perfected
techniques that could cause havoc. 
 
Dr Anderson said: 'We have been in consultation with the Bank of England
and various national intelligence agencies. We agreed to postpone
publishing
our paper to give them a chance to look at the findings. A lot of people
have
put all their eggs in one basket by relying on smart cards for security.
Now
the basket has been tipped over.' 
 
 

American Banker: Thursday, November 21, 1996
 
Wells, 31 Others Ease Downloading of Account Data from
Internet 
 
By DREW CLARK
 
Wells Fargo & Co. and 31 community banks and credit unions announced
that their customers will be able to download account information from
the
Internet with the click of a button. The technology is one of the first
uses of
Microsoft Corp.'s set of standards for electronic financial connections,
which
were introduced last March. 
 
Called Active Statement Technology, advocates say that it will simplify
the
process of transferring account files from the World Wide Web to personal
financial software programs. 
 
Making data on Web sites easier to download is likely to
encourage banking customers to go to the sites, industry
observers said. That, in turn, would offer banks more
chance to promote their services on the Internet. 
 
"Today we offer both our Quicken and our Microsoft Money customers the
ability to download information into their software spreadsheets," said
Wells
Fargo spokeswoman Janet Otsuki. But the features of Microsoft's new
technology "will allow Money customers to have a more direct and more
efficient downloading experience." 
 
The benefits of that arrangement are hardly accidental from the
standpoint of
Microsoft, which has been aggressively battling Intuit Inc. for a greater
share
of the personal financial software market. Intuit's Quicken leads Money
by
75% to 20%, according to a recent independent consumer study. 
 
Microsoft offers its technology for free to all financial institutions,
and it
encourages banks to link their Web sites so that their customers will
find a
trial offer for the Money product. 
 
Competing Web browsers will be able to download financial data, but

Microsoft Money 97 is the only financial software able automatically to
receive the information.
 
"We expect this will be a de facto technology that any bank would want to
incorporate," said Matthew Cone, a business development manager at
Microsoft. 
 
Others familiar with Active Statement Technology said the program's
ability
to recognize information that has already been recorded offers a crucial
advantage over the widely used Quicken Import Format. 
 
"Comparing the Quicken Import Format to (Microsoft's technology) is like
comparing apples to oranges," responded Intuit senior vice president Eric
Dunn. "Automatic reconciling has been possible in both Quicken and Money
for over a year." 
 
By now, 275 financial institutions offer some form of PC banking, and 46
let
customers gain access to their accounts from the Web, according to the
Seattle-based Online Banking Report. But encouraging customers to come
over via the Web may hold benefits for banks. 
 
"Instead of starting with Money or Quicken, customers start at the bank's
Web site," said Paul Fiore, chief executive of Digital Insight. 
 
The Camarillo, Calif., company has helped 28 credit unions develop
transactional Web sites. Without having to pay Microsoft for a direct
connection, all those institutions now offer their customers the ability
to
download their finances easily into Money 97. 
 
How soon will that affect consumers at those institutions? Cathi
Cavanagh,
home banking coordinator at the Plano, Tex., Community Credit Union, is
already watching: "I am personally going to look to see if people are
converting from Quicken to Microsoft Money." 
 
 






More information about the cypherpunks-legacy mailing list