Tag Archives: Card
NEW YORK (Reuters) – Hudson’s Bay Co said on Sunday that data from card payments in some of its Saks and Lord & Taylor stores in North America had been compromised.
The Canadian retail company said it had identified the issue and taken steps to contain it, adding that “there is no indication” so far that the issue had affected the company’s e-commerce or other digital platforms.
Customers will not be liable for fraudulent charges that may result from the issue, the company said.
The stores involved include Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor, the company said.
Reporting by David Henry in New York; Editing by Bill Rigby
NEW DELHI (Reuters) – Tech news site ZDNet said on Sunday it stood by its report that identified a security vulnerability in data-linked to Aadhaar – India’s national identity card project, after a semi-government agency that manages the database sought to discredit the report.
ZDNet reported here that a data leak on a system run by a state-owned utility company could allow access to private information of holders of the biometric “Aadhaar” ID cards, exposing their names, their unique 12-digit identity numbers, and their bank details.
The Unique Identification Authority of India (UIDAI), which manages the Aadhaar program, said “there is no truth in this story,” in a statement late on Saturday.
ZDNet’s global editor-in-chief Larry Dignan said in an email to Reuters on Sunday the publication stood by its report. Dignan said they spent weeks compiling evidence and verifying facts.
“We spent weeks reaching out to the Indian authorities, specifically UIDAI, to responsibly disclose the security issue, and we heard nothing back — and no action was taken until after we published our story,” said Dignan.
UIDAI sought to downplay the report stating that even if the claims in the story were true, it would raise security concerns with the database of the utility company and not with the security of UIDAI’s Aadhaar database. UIDAI said it is “contemplating legal action against ZDNet”.
Multiple researchers and journalists, who have identified loopholes in India’s massive national identity card project, say they have been harassed here by some government agencies and slapped with criminal cases because of their work.
Aadhaar is a biometric identification card that is becoming integral to the digitisation of India’s economy, with over 1.1 billion users it is the world’s largest such database.
Indians have been asked to furnish their Aadhaar numbers for a host of transactions including accessing bank accounts, paying taxes, receiving subsidies, acquiring a mobile number, settling a property deal and registering a marriage.
The government’s demands for Aadhaar linkage for multiple services is currently being challenged here in India’s Supreme Court.
At the same time, security researchers and journalists have highlighted multiple vulnerabilities and data leaks tied to the program. UIDAI has sought to downplay the reports and last week it said the biometric data was safe from hacking as the storage facility was not connected to the internet.
Reporting by Malini Menon; Writing by Malini Menon and Krishna N. Das; Editing by Andrew Bolton, Euan Rocha and David Evans
NEW DELHI (Reuters) – The semi-government agency behind India’s national identity card project on Saturday denied a report by news website ZDNet that the program has been hit by another security lapse that allows access to private information.
ZDNet reported that a data leak on a system run by a state-owned utility company, which it did not name, could allow access to private information of holders of the biometric “Aadhaar” ID cards, exposing their names, their unique 12-digit identity numbers, and their bank details.
But the Unique Identification Authority of India (UIDAI), which runs the Aadhaar program, said “there is no truth in this story” and that they were “contemplating legal action against ZDNet”.
ZDNet could not immediately be contacted for comment on the UIDAI’s response.
“There has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure,” the agency said in a statement late on Saturday.
“Even if the claim purported in the story were taken as true, it would raise security concerns on database of that utility company and has nothing to do with the security of UIDAI’s Aadhaar database,” it said.
MORE THAN BILLION USERS
ZDNet had reported that even though the security lapse had been flagged to some government agencies over a period of time, it has yet to be fixed. It said it was withholding the name of the utility and other details.
Karan Saini, a New Delhi-based security researcher, said that anyone with an Aadhaar number was affected.
“This is a security lapse. You don’t have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes,” Saini told Reuters.
In recent months researchers and journalists who have identified loopholes in the identity project have said they have been slapped with criminal cases or harassed by government agencies because of their work.
Aadhaar, a biometric identification card with over 1.1 billion users, is the world’s biggest database.
But it has been facing increased scrutiny over privacy concerns following several instances of breaches and misuse.
Last Thursday, the CEO of the UIDAI said the biometric data attached to each Aadhaar was safe from hacking as the storage facility was not connected to the internet.
“Each Aadhaar biometric is encrypted by a 2048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card’s biometric details,” Ajay Bhushan Pandey said.
Reporting by Malini Menon; Writing by Malini Menon and Krishna N. Das; Editing by Andrew Bolton
Most major U.S. credit card issuers have now banned the use of their cards to buy Bitcoin or other digital currencies, in a move intended to decrease both financial and legal risk.
Citigroup also says it is halting cryptocurrency purchases on credit, and Capital One and Discover had already enacted their own bans. That means all of the top five credit card issuers have announced or implemented bans.
The moves are above all in the banks’ self-interest. As Fortune previously reported, the mania surrounding cryptocurrency late last year appears to have motivated many retail investors to use credit cards as leveraging tools, buying more cryptocurrency than they could afford. With Bitcoin down roughly 50% from December highs, many of those investors are likely underwater right now, and may not be able to pay off their initial Bitcoin purchases soon, if ever.
Get Data Sheet, Fortune’s technology newsletter.
Further, as Bloomberg points out, banks may be responsible for monitoring customers’ behavior to prevent money laundering after they make a credit-backed Bitcoin purchase, a tough standard for them to comply with.
The bans — or more to the point, the news of the bans — may exacerbate ongoing declines in cryptocurrency prices. After a hefty bounce Saturday morning, crypto markets broadly retreated on Sunday. Bitcoin is now trading at around $ 8,500 from a December high near $ 20,000.
In the longer term, however, tighter cryptocurrency investment controls, whether from regulators or lenders, seem likely to help mitigate the consequences of both hype and scams. For much of 2017, those threatened to overshadow the underlying promise of blockchain technology, which is still in the very early stages of evolution.