Archive for the ‘VIDEO AUDIO’ Category

Credit card minimum repayments the hidden danger in your post-Christmas bill

Beware the minimum payment as you contemplate that post-Christmas credit card balance.

Economists have found the minimum payments that appear on monthly credit card statements act as an “anchor” causing many consumers to pay off less debt than they otherwise would – and should.

Putting a price on Christmas

Australians will spend billions this Christmas, with the largest percentage spent on food.

A study by American researchers Benjamin Keys and Jialan Wang shows that almost a third of card borrowers in the US make payments at or near the monthly minimum. Their findings suggest a substantial proportion of consumers – up to one in five – settle for the lowest possible payment even though they could afford to pay more.

“A large fraction of near-minimum payers appear to treat the minimum as an anchor,” the study published by America’s National Bureau of Economic Research said.


That means higher balances, higher interest costs and eventually greater financial risk for many card holders. At the national level the influence of the minimum payments may be helping to elevate household debt, which makes the whole economy more vulnerable to shocks.

Australian credit card users are also susceptible. A consultation paper released this year by the Australian Treasury said “a growing body of experimental research and field studies have shown that some consumers make a smaller repayment than they otherwise would have simply due to the presence of the minimum repayment.”

The Treasury paper said card issuing companies set minimum repayment amounts as a very small proportion of the outstanding balance, “so that households making the minimum repayment will only pay off their balance over a very long period and incur very large interest costs.”

Gerard Brody, chief executive of Consumer Action Law Centre, said that credit card users should focus on the total amount outstanding on their credit card statement and pay off as much as possible rather than the minimum payment.

“The minimum payment might look easy to pay but that’s all the bank wants you to pay,” he said.

“They know that if you do that, they will make a lot of money from you in interest payments. What you should be focused on is the full amount outstanding and paying that before the due date when the interest payments come through.”

There are no regulations that determine how credit card minimum payments are set. The Treasury’s paper said they are typically 2-3 per cent of the outstanding balance.

Consumer advocacy groups including the Consumer Action Law Centre and CHOICE say minimum repayments should be lifted to ensure consumers aren’t lumbered with high interest debt for decades.

CHOICE spokeswoman Nicky Breen said card issuers should also be required to “proactively contact customers” who are only making minimum payments and drawing out their debt.

“The federal government has had a consultation on broad credit card reform but no decisions have been made as of yet,” she said.

Some card users simply don’t have enough money to repay any more than the minimum. But Dr Keys and Dr Wang observe that when American credit card companies lifted their minimum payments, consumers paid the higher amount most of the time, suggesting they could have contributed that much all along.

Bessie Hassan, from financial comparison website, said card users with the means to make payments above the minimum payment should make a conscious effort to do so.

“Many borrowers fall into the mentality of thinking they just need to make the minimum payment on their credit card, or some may simply be unaware that they can make overpayments,” she said.

“Typically, there’s no cost involved for making overpayments so you’ve got nothing to lose and everything to gain.”

Ms Hassan said that if a consumer with an average credit card debt of $3073 (and average card purchase interest rate of 17.31 per cent) paid the minimum repayment of $62, it would take 24 years to settle the debt and a total of $6000 in interest would be paid.

“However, if you increased your minimum monthly repayments by $50 to $112…you’d pay it off within three years and only pay a total of $867 in interest,” she said.

Since 2011 Australian card issuers have been required to tell customers on statements how long it will take to repay debt if only the minimum payment is made.

But Mr Brody said there has not yet been any “rigorous analysis” of what impact this requirement has had on the behaviour of credit card users.


Henry Sapiecha

Stolen credit card details available for £1 each online

Guardian finds batch of 100 stolen cards on sale for £98 on ‘dark web’ amid heightened fears about identity theft in wake of TalkTalk hack

cyber attacker on dark keyboard image

To bulk buy stolen data at lower prices, fraudsters head to the dark web via the Tor browser. Photograph: Thomas Trutschel/Photothek via Getty Image

UK credit card details are on sale for as little £1 each online, the Guardian has learned, as fears rise over the security of personal data in the wake of the TalkTalk cyber-attack.

More than 600,000 individuals had their personal details stolen from UK companies in 2014, according to the Financial Times, underlining the scale of online crime in this country. It is likely that some of that data will have ended up on a website used by criminals wanting to buy high-end UK credit card data.

Visa and Mastercard details stolen on Tuesday were offered to the Guardian the following day – provided payment was made in the cypto-currency bitcoin – on a website which is registered in Russia but run in English.

The site did not reveal where the details were harvested from, but the ownership of the cards was clear. One credit card was registered to a person in Craigavon in north County Armagh; another belonged to a resident of Chelmsford, Essex, who lost their platinum Visa card earlier this week. Platinum cards are particularly attractive to fraudsters because of their high credit limit. Scores more card details, registered to addresses up and down the country, from Aberdeenshire to Devon, were openly for sale on the site.


The example of the Russian-registered site is striking because it is on the “surface” web, and easily available to conventional internet users. It has a high-end design and layout, offers customer support and promises an 80% success rate for the buyers of stolen cards. It sits at the luxury end of the identity theft market, and charges accordingly – it wanted $72 (£47) for each card sold to us.

To bulk buy stolen data at lower prices, however, fraudsters head to the dark web. This can be accessed via the Tor browser, rather than conventional browsers used by the vast majority of users. It bounces a connection through multiple encrypted relays before it hits its destination. This obscures where the site’s server is located, allowing would-be identity thieves to connect to hidden services, and sites not accessible to non-Tor users.

Searching through Tor, it is possible to access a site which will sell 100 credit cards (with the CVV2 digits – the three numbers on the reverse of the card) for just $150 (£98), around £1 per card. The site also sells PayPal accounts at $100 for 100, while other hidden services will offer €1,250 of counterfeited notes for €500. Free shipping is included.

Buying the stolen information is just the first step in a process that criminals use to convert digital data bought online into hard cash. The credit cards are used to load money onto easily obtained pre-paid debit cards. These are payment cards that function similar to credit cards, and can be used to shop online, but can be opened without the sort of checks wanted by banks when opening a current account.

These pre-paid debit cards are used to buy online gift cards. In turn, these gift cards are used to buy high-value electronics, such as iPhones or games consoles, which are sold at a discount – an iPhone 6S for $430 or an Xbox One for $240. That cash goes in the pocket.

But how do these dark websites get the data? A significant source of stolen information, particularly in the US, is old-fashioned card-skimming: a compromised terminal or company employee on the take, who steals the details of a card in the process of completing a transaction.

Just as common is the 21st-century equivalent: malware. This is the catch-all term for malevolent software that infects an individual’s computer to monitor communications for confidential information such as banking passwords, credit card details and social media logins. The data is uploaded to a central server where it is sold on or used to further spread the malware.

The Gameover Zeus malware, disrupted by a joint UK-US operation in June 2014, was one such attack. This acted as a form of “ransomware”, encrypting the infected computer and demanding payment in bitcoin to release the data.

The third major source of data for sale is large-scale hacks, of the type that was flagged by telecoms operator TalkTalk on 23 October. Sometimes the stolen information can be used directly, especially where the company has irresponsibly stored credit card data or passwords on their servers in plaintext; or it may be used as the first step in stealing someone’s identity, where information from two or more hacks is linked to build a profile that can be used to apply for bank accounts or credit cards.

TalkTalk boss: we’re unsure how many customers were affected by cyber-attack – video

Security experts call the organised criminal hacks “advanced persistent threats”. But the attack on TalkTalk has left researchers bemused. A 15-year-old boy from Northern Ireland is on police bail in connection with the cyber-attack, while on Friday a 16-year-old boy was arrested in London.

TalkTalk appears to have been the victim of a relatively amateur and opportunistic hack, according to experts. The company’s chief executive, Dido Harding, said the perpetrator exploited a “sequential injection” attack. Security researchers, realising she meant to say “SQL injection” – a common form of attack in which a hacker tricks the website into releasing information from a database – had a field day.

“It’s not the lowest-hanging fruit of all,” said David Enn, a researcher at information security firm Kaspersky. “But certainly in terms of attacking core infrastructure of the business, we’re not looking at a concerted, targeted attack. What you’re talking about here is like managing to sneak through the security barrier just by slipstreaming an employee.”

TalkTalk declined to discuss its defences in detail, given the ongoing police investigation, but said it continually invested in improving its systems, and constantly monitored and scanned its network to detect any weaknesses.

“We defend against all manner of attacks on a day by day basis,” a statement said. “Each day we have to block over 170m scamming emails to our customers, and we block over 1m nuisance calls to our customers each day.

“It is a constantly evolving fight against cybercrime and individual companies on their own can’t tackle this problem.”


Henry Sapiecha