Group items tagged

You pay off your credit card balance every month, thinking you are taking advantage of the “interest-free grace period” and getting free credit. You may even use your credit card when you could have used cash, just to get the free frequent flier or cash-back rewards. But those popular features are misleading. Even when the balance is paid on time every month, credit card use imposes a huge hidden cost on users—hidden because the cost is deducted from what the merchant receives, then passed on to you in the form of higher prices. Visa and MasterCard charge merchants about 2% of the value of every credit card transaction, and American Express charges even more. That may not sound like much. But consider that for balances that are paid off monthly (meaning most of them), the banks make 2% or more on a loan averaging only about 25 days (depending on when in the month the charge was made and when in the grace period it was paid). Two percent interest for 25 days works out to a 33.5% return annually (1.02^(365/25) – 1), and that figure may be conservative. Merchant fees were originally designed as a way to avoid usury and Truth-in-Lending laws. Visa and MasterCard are independent entities, but they were set up by big Wall Street banks, and the card-issuing banks get about 80% of the fees. The annual returns not only fall in the usurious category, but they are returns on other people’s money – usually the borrower’s own money!  Here is how it works . . . .

The Federal Housing Finance Agency (FHFA) has given notice of its intent to database a large number of very personal data points on every American who possesses a mortgage — which may include as many as 227 million Americans.   These points include things like financial histories, credit card balances, credit scores, personal demographics, lists of assets and property, family information, and more. Assembled with the help of the the Consumer Finance Protection Bureau, the database’s stated purpose is for research and modeling.  The agencies have been collecting data for modeling for years, but the addition of many new pieces of personally identifiable information is a reversal of previously stated policy.

The database will include very specific and personal information on the borrowers and co-borrowers.  According to the Federal Register Notice on April 16, 2014, the database includes: Individual’s name, address, and phone number; Individual’s Social Security Number; Individual’s gender, race, ethnicity, and religion; Individual’s marital status; Individual’s household composition (number and ages of males, females, children); Individual’s household income; Individual’s credit score; Individual’s education records; Individual’s military status/records; Individual’s employment status/records; Individual’s bank account numbers; List of individual’s “financial events in the last few years”; List of individual’s “life events in the last few years”;

List of individual’s other assets/wealth; Individual’s current mortgage balance; Individual’s current monthly mortgage payment; Individual’s payment delinquency records; Individual’s bankruptcy records; Individual’s credit card numbers; Individual’s credit card balances; Individual’s credit card charge limit and the highest balance charged; Individual’s minimum payments due on all loans; Attributes of the property (square footage, number of rooms, lot size…); Sale price and down payment of the property; Mortgage information (dates, interest rate, amount, loan servicer…);

By Editor Filed in News May 19th, 2015 @ 11:50 am The Consumer Financial Protection Bureau (CFPB) filed a complaint and proposed consent order in federal court against PayPal, Inc. for illegally signing up consumers for its online credit product, PayPal Credit, formerly known as Bill Me Later. The CFPB alleges that PayPal deceptively advertised promotional benefits that it failed to honor, signed consumers up for credit without their permission, made them use PayPal Credit instead of their preferred payment method, and then mishandled billing disputes.

Under the proposed order, PayPal would pay $15 million in consumer redress and a $10 million penalty, and it would be required to improve its disclosures and procedures. “PayPal illegally signed up consumers for its online credit product without their permission and failed to address disputes when they complained,” said CFPB Director Richard Cordray. “Online shopping has become a way of life for many Americans and it’s important that they are treated fairly. The CFPB’s action should send a signal that consumers are protected whether they are opening their wallets or clicking online to make a purchase.”

As with credit cards and other forms of credit, consumers using PayPal Credit may incur interest, late fees, and other charges. Consumers often enroll in PayPal Credit while purchasing a good or service online or while creating a PayPal account. Since 2008, PayPal has offered PayPal Credit to consumers across the country making purchases from thousands of online merchants, including eBay. The CFPB alleges that many consumers who were attempting to enroll in a regular PayPal account, or make an online purchase, were signed up for the credit product without realizing it. The company also failed to post payments properly, lost payment checks, and mishandled billing disputes that consumers had with merchants or the company. Tens of thousands of consumers experienced these issues.

The Maldives has said it acted alone to expel a Russian national suspected by the US of being one of the world’s most prolific traffickers of stolen credit cards. President Abdulla Yameen denied a claim by Moscow that the United States had abducted Roman Seleznev from the Maldives and taken him to the American territory of Guam. Yameen told reporters that Maldives police, acting on an Interpol arrest warrant, had moved against 30-year-old Seleznev during the weekend.

he US Justice Department said on Monday that Seleznev was arrested and taken to Guam, although the details of his seizure were not known. He is charged with hacking into retail computer systems and installing malicious software to steal credit card numbers in a scheme that operated between October 2009 and February 2011. Seleznev and his partners stole over 200,000 credit card numbers, with bank losses from the scheme estimated at over US$1.1 million, according to a 2011 indictment.

The Russian foreign ministry said Seleznev’s detention was a “hostile step”, adding that Russian diplomatic missions had not been notified of his arrest.

Justia.com Opinion Summary: An agreement between American Express and merchants who accept American Express cards, requires that all of their disputes be resolved by arbitration and provides that there “shall be no right or authority for any Claims to be arbitrated on a class action basis.” The merchants filed a class action, claiming that American Express violated section 1 of the Sherman Act and seeking treble damages under section 4 of the Clayton Act. The district court dismissed. The Second Circuit reversed, holding that the class action waiver was unenforceable and that arbitration could not proceed because of prohibitive costs. The Circuit upheld its reversal on remand in light of a Supreme Court holding that a party may not be compelled to submit to class arbitration absent an agreement to do so. The Supreme Court reversed. The FAA reflects an overarching principle that arbitration is a matter of contract and does not permit courts to invalidate a contractual waiver of class arbitration on the ground that the plaintiff’s cost of individually arbitrating a federal statutory claim exceeds the potential recovery. Courts must rigorously enforce arbitration agreements even for claims alleging violation of a federal statute, unless the FAA mandate has been overridden by a contrary congressional command. No contrary congressional command requires rejection of this waiver. Federal antitrust laws do not guarantee an affordable procedural path to the vindication of every claim or indicate an intention to preclude waiver of class-action procedures. The fact that it is not worth the expense involved in proving a statutory remedy does not constitute the elimination of the right to pursue that remedy.

Economics and a degree of common sense also tells us that we will always be more cautious in spending our money than a third party will be.

The National Security Agency (NSA) widely monitors international payments, banking and credit card transactions, according to documents seen by SPIEGEL. The information from the American foreign intelligence agency, acquired by former NSA contractor and whistleblower Edward Snowden, show that the spying is conducted by a branch called "Follow the Money" (FTM). The collected information then flows into the NSA's own financial databank, called "Tracfin," which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions. Further NSA documents from 2010 show that the NSA also targets the transactions of customers of large credit card companies like VISA for surveillance. NSA analysts at an internal conference that year described in detail how they had apparently successfully searched through the US company's complex transaction network for tapping possibilities.

Their aim was to gain access to transactions by VISA customers in Europe, the Middle East and Africa, according to one presentation. The goal was to "collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions." In response to a SPIEGEL inquiry, however, VISA issued a statement in which it said, "We are not aware of any unauthorized access to our network. Visa takes data security seriously and, in response to any attempted intrusion, we would pursue all available remedies to the fullest extent of the law. Further, its Visa's policy to only provide transaction information in response to a subpoena or other valid legal process." The NSA's Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a "target," according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency's "tailored access operations" division. One of the ways the agency accessed the data included reading "SWIFT printer traffic from numerous banks," the documents show.

But even intelligence agency employees are somewhat concerned about spying on the world finance system, according to one document from the UK's intelligence agency GCHQ concerning the legal perspectives on "financial data" and the agency's own cooperations with the NSA in this area. The collection, storage and sharing of politically sensitive data is a deep invasion of privacy, and involved "bulk data" full of "rich personal information," much of which "is not about our targets," the document says.

Wells Fargo WFC -9.22%Wells FargoWFC$58.16$-5.91(-9.22%)As of 02/06/2018, 01:01am EST is facing far more than a fine for its fake accounts scandal, in which employees at the lender's branches across the country opened over a million fraudulent checking and credit card accounts to hit their numbers. Late on Friday, the Federal Reserve decided to restrict growth at America's third-largest bank by assets until its risk and governance is improved. The order, which also called for a revamp of Wells Fargo's board of directors, sent the bank reeling in early trading Monday. Wells Fargo shares plunged 9% lower in Monday trading, erasing most of its gains over the past 12 months. For its top shareholder, Warren Buffett's Berkshire Hathaway, the Fed-inspired stock slide meant its Wells Fargo holdings lost over $2.7 billion in value. "We cannot tolerate pervasive and persistent misconduct at any bank and the consumers harmed by Wells Fargo expect that robust and comprehensive reforms will be put in place to make certain that the abuses do not occur again," said chair Janet L. Yellen on Friday. The order was her last as head of the Federal Reserve. On Monday, successor Jerome Powell was sworn in. Added Yellen, "the enforcement action we are taking today will ensure that Wells Fargo will not expand until it is able to do so safely and with the protections needed to manage all of its risks and protect its customers." In September 2016, Wells Fargo paid a $185 million fine to the Consumer Financial Protection Bureau after the agency found branch bankers had opened well over a million fake accounts, which generated millions of dollars in fees to the lender. When the scandal, which occurred over almost a decade, was first revealed, Wells Fargo and its board didn't immediately overhaul their leadership, or sanction top executives in the divisions where fake accounts were created. Only after significant public outcry, in addition to a widening scope of the scandal, did Wells Fargo begin a revamp, firing CEO John Stumpf and clawing back bonuses for numerous executives. Backer Warren Buffett later said in an appearance on CNBC the bank and its leadership had misjudged the severity of the problem.

In addition to harsh words, the Fed is ordering a sanction of almost unprecedented severity. It will restrict the bank's growth until its governance and risk management improve, though it will allow Wells to continue current operations from taking deposits to offering loans.

Three Wells Fargo long-standing board directors, John Chen, Lloyd Dean and Enrique Hernandez, will likely retire at the firm's annual meeting as part of the Fed's additional order for a refreshment of four board directors. Analysts did not brush off the Fed's move, as they have large fines coming out of the crisis.

AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data. The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania. In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

The National Security Agency has collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details, according to top-secret documents. The untargeted collection and storage of SMS messages – including their contacts – is revealed in a joint investigation between the Guardian and the UK’s Channel 4 News based on material provided by NSA whistleblower Edward Snowden. The documents also reveal the UK spy agency GCHQ has made use of the NSA database to search the metadata of “untargeted and unwarranted” communications belonging to people in the UK.

The NSA program, codenamed Dishfire, collects “pretty much everything it can”, according to GCHQ documents, rather than merely storing the communications of existing surveillance targets. The NSA has made extensive use of its vast text message database to extract information on people’s travel plans, contact books, financial transactions and more – including of individuals under no suspicion of illegal activity. An agency presentation from 2011 – subtitled “SMS Text Messages: A Goldmine to Exploit” – reveals the program collected an average of 194 million text messages a day in April of that year. In addition to storing the messages themselves, a further program known as “Prefer” conducted automated analysis on the untargeted communications.

• Over 800,000 financial transactions, either through text-to-text payments or linking credit cards to phone users The agency was also able to extract geolocation data from more than 76,000 text messages a day, including from “requests by people for route info” and “setting up meetings”. Other travel information was obtained from itinerary texts sent by travel companies, even including cancellations and delays to travel plans.

Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.

Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.

Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.

The Consumer Financial Protection Bureau (CFPB) has fined Wells Fargo for $100 million based on fraudulent customer account practices. An additional $85 million is to be paid to the city of Los Angeles in California, along with the Office of the Comptroller of the Currency.

Last year Wells Fargo was sued by employees (current and former) and customers all across the nation for setting up “unwanted accounts, unwarranted fees”. According to the lawsuit, this was “the largest California-based bank violated state and federal laws by misusing confidential information and failing to notify customers when personal information was breached.” Using “aggressive tactics” to coerce new customers, Wells Fargo made it “difficult to correct the mistakes” made by Wells Fargo and return fees to customers because of “high-pressure sales culture set unrealistic quotas, spurring employees to engage in fraudulent conduct to keep their jobs and boost the company’s profits.” Over the course of an extended period of time, “Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses.” There were 1.5 million accounts opened without the authorization of customers and 500,000 credit cards accounts to boot. Wells Fargo has consistently blames “a few rogue employees. Five hundred employees were terminated, according to a Wells Fargo spokesperson. There was no mention of rescinding of bonuses paid to those employees, and there is no clear evidence that executive’s payouts totaling $155 million for “performance based compensation” for 2012 through 2013 was returned to the bank.

Those bonuses were administered based on the fraudulent accounts opened without customer approval. In a statement, Wells Fargo expressed belated regret and a sudden desire to “take responsibility for any instances where customers may have received a product that they did not request.” The training that caused this problem in the first place was a cross-selling strategy called “Going For Gr-Eight” which is a brochure for employees to push banking products onto households of existing customers to increase fee potential and overall profitability. Wells Fargo “staffers, fearing disciplinary action from managers, begged friends and family members to open ghost accounts” and forged signatures “and falsified phone numbers” of customers who did not want to open an account. This practice drove Wells Fargo’s financial success with an estimated “26% of the company’s revenue was from fee income, including those from credit and debit card accounts, trusts and investments.” The bank not only stole money from customers but “also damage their credit scores” and put some into collections to garner fees “for unauthorized accounts went unpaid”. In case of a complaining customer, Wells Fargo would “sandbag” their customers; meaning “failing to open accounts when requested by customers, and instead accumulating a number of account applications to be opened at a later date.”