Fraud | Bach Seat

Tag Archive for Fraud

RB | April 23, 2015

Comments Off

iPad Deal Haunts LAUSD

Readers of Bach Seat should remember the botched $1.3 Billion iPad deal the USA’s second-largest school district made with Apple (AAPL). rb- I covered the massive failure here and here. Well, it seems that buyer remorse has finally set in.

The LA Times is reporting that the Los Angeles Unified School District is now demanding a multi-million dollar refund from Apple or they may sue their former partner. In a letter obtained by LA public radio KPCC, to Apple’s general counsel, David Holmquist, LAUSD attorney wrote,

While Apple and Pearson promised a state-of-the-art technological solution for ITI implementation, they have yet to deliver it … the vast majority of students are still unable to access the Pearson curriculum on iPads … will not accept or compensate Apple for new deliveries of [Pearson] curriculum.

Others have called this deal an incompetent, unconscionable betrayal of LA by people who are so ignorant about technology it’s scary to imagine them responsible for anyone’s education.

Margot Douaihy documents the shameful history, which has included firings, resignations, an FBI investigation, an SEC investigation, and the $22 million “d’oh” moment when district officials realized for the very first time that iPads don’t come with keyboards.

The LA Times also reports that a top lieutenant of former LAUSD Supt. John Deasy and architect of the district’s flawed and now-abandoned $1.3 billion iPads-for-all and new online student records system is now taking the helm of the Burbank school district at $241,000 a year. Why?—because Burbank BoE believes they need someone with business savvy to sort out their technology.

rb-

If it walks like a duck and quacks like a duck while the FBI and SEC are investigating, it is probably a politician.

Los Angeles Schools Want Refund For Failed iPad Program (nbcnews.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Tablet computing | Tags: 2015, AAPL, Apple, FBI, Fraud, iPad, LAUSD, SEC

RB | March 17, 2015

Comments Off

Banks Scramble to Fight Apple Pay Fraud

SearchFinancialSecurity reports that Apple Pay fraud is on the rise and banks are rushing to fix sloppy authentication processes. Sloppy bank authentication processes are at the heart of growing Apple Pay fraud and experts worry about potential fraud with other mobile payment systems.

When Apple Pay was first unveiled by Apple (AAPL) in October 2014, it was touted for its increased security thanks to tokenized Device Account Numbers and the Touch ID fingerprint system. eWeek.com provided a good overview of how Apple Pay’s approval process works:

The camera of an iPhone 6 or 6 Plus takes a photo of the credit or debit card
Apple Passbook software extracts the name and expiration date, then encrypts and transmits the data to Apple
If the photo doesn’t allow for extraction (poor quality or card is too worn), users are allowed to manually enter the card number
Apple checks to see if the card is already on file in iTunes, verifying it through a match
But most cards aren’t already in iTunes – so Apple sends card data, phone data, and iTunes account info to the card-issuing bank
If verified by the bank and approved, it’s added to Apple Pay and the Apple Passbook, and it’s ready to be used for purchasing

If this provisioning is successful, the bank will automatically accept (Green Path) the info and then beam an encrypted version of the card details to be stored.

According to reports, criminals have set up iPhones with stolen personal information, which has been tracked back to accounts compromised in Target’s big data breach at the end of 2013, the Home Depot hacking in 2014, and likely the Anthem breach of 2015. The criminals take the stolen PII and call banks to authenticate a victim’s card on the new device. This is so-called “Yellow Path” authentication, where a card isn’t or rejected (Red Path), but requires more provisioning by the bank to be added to Apple Pay.

When Yellow Path authentication is required, the bank may send a one-time authorization code to the customer’s email or mobile phone that must be entered into the Apple Pay set-up. Other banks may ask the customer to call a toll-free number where a customer service representative will try to verify the person’s identity with a series of questions about recent purchases or a home address according to the WSJ.

If this provisioning is successful, the bank will then beam an encrypted version of the card details to be stored on the Secure Element of the phone (PDF). The author contends that the heart of the problem is that some banks have lax Yellow Path processes, only asking for the last four digits of a Social Security number, leading to criminals using stolen identities and credit/debit cards to buy high-priced goods, often from Apple Stores.

Avivah Litan, a VP at Gartner (IT) said that this kind of fraud is a fundamental flaw that will affect all mobile payment services. “This isn’t necessarily an Apple Pay problem. The responsibility ultimately lies with the card issuer who must be able to prove the Apple Pay cardholder is indeed a legitimate customer with a valid card,” Ms. Litan wrote in a blog post. “That always appeared to me to be the weakest link in mobile commerce — making sure you provide the app to the right person instead of a crook.”

rb-

With the iPhone 6’s NFC capabilities, the physical card may not be required for such “purchases.” Maybe someday this will keep merchants from holding card data but for now, seems like the banks need to get their act together.

Apple Pay: Bridging Online and Big Box Fraud (krebsonsecurity.com)

Category: Uncategorized | Tags: 2015, AAPL, Anthem, Apple, Apple Pay, Authentication, Banking, Biometrics, Data breach, Fraud, Home Depot, iPhone, PII, Security, Target

RB | February 26, 2013

Comments Off

Cables Carrying Fake UL Marks

Underwriters Laboratories recently warned that two communications cable products carried “counterfeit UL marks.” Neither cable has been evaluated by the laboratory for safety. In addition, UL claims that the two cables do not contain required flame-retardant elements, so they both pose fire hazards. The first warning regards a StarTech product while the second carries the brand name Monoprice.

Back in January Underwriters Laboratories (UL) issued a public notice that identified StarTech communications cable as being mislabeled. According to an article in Cabling Installation & Maintenance, UL stated that the cable, “bears a counterfeit UL Mark for the United States and may pose a fire hazard.” The safety organization states, “The communications cable has not been evaluated by UL to the appropriate standard for safety in the United States, and is not authorized to bear the UL mark or any reference to UL.”

Further, the notice states that the cable “is missing required flame retardant elements. This may cause an increased risk of fire.” The box bears the brand name StarTech and has the terms “ISO 9011,” “UL,” “ETL,” and “IECQ” printed on it. According to UL’s notice, the cable jacket includes the following: “CMR Type 4PR 24AWG 75C (UL) E151955-A CSA LL79189 ETL Verified TIA/EIA-568-B.2 CAT 5E UTP 350 MHZ Patch Cable B-8A1004 ROHS Compliant.” The UL alert says that the cable was sold at overstock.com and may have been sold at other locations.

In a February article at Cabling Installation & Maintenance, there is a similar problem with cable sold by Monoprice. The UL issued, an alert to the public that Monoprice cable uses the UL mark without authorization and lacks certain fire-retardant materials. The UL alert says this cable is known to be also sold at www.greenconnectionsusa.com

The Fiber Optic Association has a YouTube video that demonstrates the fire dangers of counterfeit communications cable.

The StarTech response to the UL warning shared with Cabling Installation & Maintenance seemed more concerned about their ISO certification than correcting the problem. StarTech issued the following statement on January 24: “StarTech.com has been an ISO 9001 registered company since 1998 and is currently certified as ISO 9001:2008 compliant. As such, we take this matter seriously and have issued an internal corrective action report (CAR) and are investigating the circumstances surrounding this incident. Based on the outcome of our investigation, appropriate action will be taken.”

Monoprice’s response to Cabling Installation & Maintenance came from company rep. Chris Apland. The firm claimed they did not know about the misleading and dangerous cat 5 cables. He claims they did not know what their vendor was doing. “Unbeknownst to us at the time, Monoprice’s former vendor for the product in question was inappropriately labeling our product certifications.”

He goes on to claim the firm is sorry and has changed its ways. “Monoprice terminated our relationship with the vendor in question … We apologize to both UL and to our customers for any confusion this may have caused.” Mr. Apland added in the firm’s response that Monoprice’s “new vendor provides a higher quality Cat 6 bulk cable that includes the critical fire-retardant material called for in the UL complaint … we have since been in contact with UL through our China office…”

rb-

In order to prevent safety problems on your job site, the Communications Cable and Connectivity Association (CCCA) recommends the best practice is to buy proven quality, name-brand cables and patch cords for known vendors.

Other recommendations include:

Check for the UL holographic label on all boxes or reels of cable.
Verify the UL mark and cable type on the cable jacket.
Consult the UL online certifications directory to find if the manufacturer has a UL listing via the UL file number (the E number).
Verify the authorized UL marks and correct terminology appear in cable specifications (cut sheets)
Weigh the box of cable. Substantially less weight may indicate non-compliant copper clad aluminum (CCA) conductors were used in place of solid copper

The CCCA has developed the Cable Check™ App to help check these best practices. Download the app from Apple’s (AAPL) iTunes to detect cables carrying fake UL marks on your job.

How Monoprice is eating the tech world from the inside out (buzzfeed.com)

Category: low voltage | Tags: 2013, Cable, Cat 5, Cat 6, Fraud, Monoprice, Safety, StarTech, Underwriters Laboratories

RB | March 21, 2010

Comments Off

Michigan Firms Barred From H-1B Program

eWeek is reporting that the U.S. Department of Labor’s Wage and Hour Division has debarred two Michigan-based firms for being willful violators of laws that regulate H-1B visas for foreign workers. During the debarment period, these companies are not allowed to apply for or obtain H-1B visas for foreign workers. These IT companies have “committed either a willful failure or a misrepresentation of a material fact,” according to Labor Department statistics.

Employer: R-Tech Group, Ltd. (also known as R-Tech, Ltd.)
City: Keego Harbor, Michigan
Debarment Period: 1/1/2009 to 12/31/2010

Employer: Amtech Electrocircuits
City: Troy, Michigan
Debarment Period: 3/1/2008 to 2/28/2010

rb-

Umm isn’t Michigan’s unemployment rate over 14%?

Category: Uncategorized | Tags: 2010, Business, Fail, Fraud, H-1B visa, Michigan, Outsourcing, Recession

Bach Seat

Tag Archive for Fraud

iPad Deal Haunts LAUSD

Related articles

Banks Scramble to Fight Apple Pay Fraud

Related articles

Cables Carrying Fake UL Marks

Related articles

Michigan Firms Barred From H-1B Program

Meta