Amazon is making it a little, or a lot, harder for miscreants to make off with user accounts by adding two-factor authentication.
It has taken Amazon some time to fall into line on this. Two-factor authentication has become increasingly popular and common in the past couple of years, and it is perhaps overdue for a firm that deals so heavily in trade.
Amazon is treating it like it’s new, and is offering to hold punters’ hands as they embrace the security provision.
“Amazon Two-Step Verification adds an additional layer of security to your account. Instead of simply entering your password, Two-Step Verification requires you to enter a unique security code in addition to your password during sign in,” the firm said.
The way that the code is served depends on the user, who can choose to get the extra prompt in one of three ways. They may not appeal to those who do not like to over-share, but they will require a personal phone number.
As is frequently the case, Amazon will offer to send supplementary log-in information to a phone via text message or voice call, and even through a special authenticating app.
It’s an option, and you do not have to enable it. Amazon said that users could select trusted sign-on computers that spare them from the mobile phone contact.
“Afterward, that computer or device will only ask for your password when you sign in,” explained the Amazon introduction, helpfully.
There are a number of other outfits that offer the two-factor system and you might be advised to take their trade and do your business through them. Apple, Microsoft, Google, Twitter, Dropbox, Facebook and many others offer the feature.
A website called TwoFactorAuth will let you check your standing and the position of your providers.
Samsung Electronics is about to decrease personnel at its Samsung Seoul R&D Campus by as many as two-thirds in order to restructure its business model and operations
A new report from ChosunBiz said that Samsung originally aimed to house around 10,000 personnel on the site. However the majority of the decreases will be applied to Samsung’s Digital Media & Communication (DMC) and Media Solutions Centre (MSC).
The campus will instead house about 3,500 staff who have master and PhD degrees and specialise in software, design and digital media development.
The move is odd as it is coming at a time when Samsung is really desperate for killer innovation to steal the march on the competition. However reading between the lines it looks like it is reducing work in its content creation side.
We are surprised that it is doing anything with its Media Solutions centre. Originally, it was established to operate as a Korean version of the App Store. But the company announced on December 10 last year that it was dissolves the organisation.
At the time it was admitted that the content business has not been as successful as the hardware business. Moreover, the worsening performance of the smartphone business arising from the increasingly saturated market forced the company to speed up the break-up process.
A majority of U.S. consumers plan to go to Amazon.com for most of their online holiday shopping, according to a Reuters/Ipsos poll, even after traditional retailers have collectively spent billions of dollars to try to capture Web demand.
The survey of 3,426 adults conducted from November 12 to 18 found that 51 percent plan to do most of their online shopping at Amazon this holiday season, compared to 16 percent at Walmart, 3 percent at Target and 2 percent at Macy’s.
A little more than a quarter of respondents said they would use another retailer not listed in the poll.
The poll underscored the hurdles that traditional retailers faced in expanding online. Their own sales data this week showed that such efforts were falling short.
Target Corp said on Wednesday its digital sales grew 20 percent in the latest quarter, missing its expectations for a 30 percent gain. The discount retailer cited weakness in electronics demand.
A day earlier, Wal-Mart Stores Inc reported quarterly online sales growth of 10 percent, slower than its target growth in the mid-to-high-teens this fiscal year. Wal-Mart pointed to sluggish market conditions in China, Britain and Brazil, and said it fared better in the United States.
In contrast, Amazon.com Inc had posted a 28 percent jump in North American sales in its quarterly report last month.
“The Big Kahuna that continues to grab market share is Amazon,” said Craig Johnson, head of retail consultancy Customer Growth Partners. “Both Wal-Mart and to some extent Target have simply not kept pace enough.”
Johnson added that sluggish spending overall contributed to the weaker-than-expected online sales at Target and Wal-Mart, which also faced increased competition from other online retailers, such as Wayfair Inc.
According to the Reuters/Ipsos poll, 8 percent of adults said they plan to shop only online this year, compared to 6 percent a year earlier. The proportion of respondents who said they would shop mostly online remained steady at 17 percent.
All major retailers are investing in e-commerce.
As retailers and consumers gear up for the holiday shopping season, attempts by criminals to steal payment card information to commit fraud online are likely to rise, according to new research by ACI Worldwide.
The move by U.S. merchants and card issuers to switch to more secure chip cards for in-store purchases this year is likely to increase fraudulent attempts on transactions online.
The ACI research showed fraud rates by volume for transactions that don’t involve physically swiping a card have increased in 2015, with one out of every 86 transactions a fraudulent attempt compared with one out of 114 transactions in 2014.
Fraud attempt rates by volume have increased by 30 percent compared with 2014 as consumers shop with more devices online and card issuers are slower to shut down accounts after fraudulent activity.
“When it comes to fraud, 2015 is likely among the riskiest season retailers have ever seen,” said Mike Braatz, senior vice president, Payments Risk Management, ACI Worldwide. “It is critical that they prepare for a significant uptick in fraud, particularly within e-commerce channels,” he said.
ACI, which delivers electronic banking and payment solutions for financial institutions, retailers and processors around the world, said its data is based on an analysis of hundreds of millions of transactions from large global retailers between January and July 2015 compared with the same period in 2014.
The research also forecast a spike in buy online and pick up in-store attempted fraud rates.
That is expected to increase by 28 percent this holiday season as a result of chip-cards being deployed within stores and as retailers do not require consumers to re-run cards when they pick up products ordered online in store.
The Apple Press is doing its best to snatch victory from the jaws of defeat over the failure of the iWatch to meet the hype.
Today the papers are full of stories claiming that Apple is the “King of the Smartwatch” because it has sold more than its rivals put together. The figure quoted is a speculative seven million .
We are not saying that figure is bad. In fact many smartwatch sellers would only dream of selling that many but it is simply nowhere near what was expected. When Apple announced it was “inventing” the smartwatch the Tame Apple Press confidently predicted 42 million of the things would ship in the first year.
As Apple failed to get the product to market and others popped up analysts started to drop the figures down. At the launch, when it became obvious that the Apple Watch was not shipping with nearly enough functionality, people like an analyst who previously predicted Apple would sell 24 million devices during 2016 has significantly reduced this figure – to 21 million – following the lukewarm reaction. Later, Pacific Crest Securities analyst Andy Hargreaves made the predictions in a research note to clients.
He said: ‘Anecdotal evidence suggests Apple Watch demand is slowing quickly’ and predicted sales for 2015 will reach 10.5 million – 500,000 less than his initial estimates.
It can be seen on this basis that seven million is hugely disappointing and it is not surprising that Apple is desperately trying to keep the actual numbers secret.
We estimate that seven million is roughly the same figure of hardcore Apple fanboys who will buy anything the company buys even if they don’t need it. Apparently they are so stupid that they have bought a watch that runs out of battery in 12 hours or have not realized they just need to take their phone out of their pocket to get the same functionality.
Again the Tame Apple Press has another cunning plan to keep people focused on the smartwatch.
It is talking about how more people will flock to the smartwatch when Apple releases all the functionality it promised for the smartwatch the first time.
However they are also ignoring the fact that Apple might equally lose customers because those who saw the first one thought it was complete pants and swore they would never buy another.
“We’ll offer a one-click opportunity to get Genuine via the Windows Store or by entering an activation code purchased elsewhere,” said Terry Myerson, who heads Microsoft’s Windows and devices teams, which were recently reorganized under the “More Personal Computing” umbrella.
“Genuine” is Microsoft’s nomenclature for a legal license to its software.
Myerson said that the move, which he called experimental, would debut “soon” in the U.S. and would be expanded to other markets if it works here. “We’d like to welcome as many of these customers as possible to the legitimate Windows ecosystem,” he added in a post to a Microsoft blog.
The company will not give away Windows 10 to those whose PCs are powered by a pirated version, sticking with the decision it made earlier this year after some considerable back and forth.
In March, Myerson was quoted by Reuters as saying that pirated copies of Windows 7 and Windows 8.1 could be upgraded to Windows 10 under a just-announced free upgrade program that Microsoft later kicked off in July. At the time, Microsoft confirmed that Myerson’s comments to the wire service were accurate, leading to conclusions that the company was offering an unprecedented amnesty.
But within hours, the Redmond, Wash.-based company took back that confirmation, saying that although pirates could upgrade to Windows 10, the operating system would still be stamped as counterfeit.
Microsoft is able to streamline a get-legal move by pirates because of a recent change to the way Windows 10 activates, a process that pairs a device with a legitimate copy of the operating system.
The same mechanism will be used to activate a non-Genuine copy of an older version upgraded to Windows 10. Users will purchase a license, and thus a product key code, from Microsoft or third-party retailers like Amazon and Newegg.com, then enter it into Windows 10 to make their software legit.
But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.
A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.
But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.
Broadly, U.S. banks are unprepared or resisting the change.
The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.
But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.
“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.
Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.
“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”
But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.
EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.
Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.
“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.
JPMorgan Chase & Co has announced that it will soon unveil its own competitor to Apple Pay that will allow consumers to pay retailers using their smartphones in stores, and it has already won the endorsement of a major group of merchants.
The largest U.S. bank is the latest company to try to profit from the prevalence of smartphones, which many financial executives believe will one day be consumers’ preferred way to pay for everything from milk and eggs at the supermarket to a rental car at an airport.
No clear front-runner has emerged in the business yet. Chase believes its smart phone application, known as Chase Pay, has one key advantage: the caliber of retailers it has brought on board, Gordon Smith, chief executive of the bank’s consumer business, told Reuters.
Chase has signed a deal with the Merchant Customer Exchange, a group of major retailers including Wal-Mart Stores Inc, the largest U.S. retailer, and Best Buy Co Inc to accept payments through the bank’s technology.
Retailers included in the Merchant Customer Exchange ring up more than $1 trillion of sales per year and have over 100,000 outlets.
Rivals like Apply Pay have struggled to sign up retailers to accept their payments. In June, Reuters interviewed the top 100 U.S. retailers and found that two-thirds said they did not plan to accept Apple Pay this year.
Chase signed up the Merchant Customer Exchange mainly by promising to cut retailers’ costs, Smith said. Whenever a consumer pays for something with plastic, the retailer pays fees to banks and credit card networks to process the transaction.
Chase is willing to accept a lower fee for Chase Pay transactions than for other transactions, and hopes to make up the difference by getting more volume over its network, Smith said.
“As merchants give us more business, we will give them better pricing,” Smith said in an interview. Chase declined to comment on how much it would cut fees.
Chase expects to market its product heavily in the middle of next year. Smith is speaking to retailers about Chase Pay at a conference about payments on Monday in Las Vegas.
Wal-Mart Stores Inc have applied to U.S. regulators for permission to test drones for home delivery, curbside pickup and checking warehouse inventories, a sign it plans to go head-to-head with Amazon in using drones to fill and deliver online orders.
The world’s largest retailer by revenue has for several months been conducting indoor tests of small unmanned aircraft systems – the term regulators use for drones – and is now seeking for the first time to test the machines outdoors. It plans to use drones manufactured by China’s SZ DJI Technology Co Ltd.
In addition to having drones take inventory of trailers outside its warehouses and perform other tasks aimed at making its distribution system more efficient, Wal-Mart is asking the Federal Aviation Administration for permission to research drone use in “deliveries to customers at Walmart facilities, as well as to consumer homes,” according to a copy of the application reviewed by Reuters.
The move comes as Amazon.com Inc, Google and other companies test drones in the expectation that the FAA will soon establish rules for their widespread commercial use. FAA Deputy Administrator Michael Whitaker said in June that the agency expected to finalize regulations within the next 12 months, faster than previously planned. Commercial drone use is currently illegal, though companies can apply for exemptions.
The FAA will review Wal-Mart’s petition to determine whether it is similar enough to earlier successful applications to be fast-tracked, or whether it would set a precedent for exemptions, requiring regulators to conduct a detailed risk analysis and seek public comment, agency spokesman Les Dorr said. The FAA normally aims to respond to such petitions in 120 days. Amazon has said it would be ready to begin delivering packages to customers via drones as soon as federal rules allow.
Wal-Mart spokesman Dan Toporek said the company would move quickly to deploy drones depending on its tests and regulations.
Amazon.com Inc announced that it will be adding 100,000 seasonal jobs across its network of fulfillment and sorting centers in the United States to meet increased customer demand during the holiday season.
Amazon has hired more than 25,000 full-time employees since August to prepare for the 2015 holiday season, the company said in a statement.
“Following last year’s holiday season, tens of thousands of seasonal employees found regular, full-time roles with Amazon,” said Mike Roth, Amazon’s vice president of North America operations.
The company had created 80,000 seasonal jobs last holiday season.
Amazon has more than 90,000 full-time employees across its more than 50 fulfillment and 20 sortation centers in the United States.
Canadian e-commerce company Shopify Inc announced that it was partnering with taxi-hailing service Uber to help merchants deliver goods to customers on the same day in New York City, Chicago and San Francisco.
Shopify said the UberRUSH delivery service will be available to its merchants in the three cities immediately.
U.S. department stores such as Kohl’s and Macy’s Inc offer same-day delivery services via a tie-up with Deliv, an Uber-like startup that contracts drivers to pick up ordered items from stores and deliver them to customers.
The agreement with Uber is the latest in a series of major tie-ups announced by Ottawa-based Shopify. Last month, it inked a tie-up with the U.S. Postal Service, making it more attractive for smaller U.S. retailers to use its software to power their e-commerce sites.
Just prior to that, Amazon.com also made Shopify its preferred partner for smaller vendors that are seeking to sell their goods via the online retailing giant.
Although the rapid delivery services appear to compete with Amazon’s own speedy shipping options, the tie-ups with Uber and USPS will not put Shopify on a collision path with Amazon said Brennan Loh, Shopify’s head of product partnerships, who added that smaller vendors would still look to sell their products via Amazon due to its much broader reach, in comparison to their own portals.
“We are trying to alleviate as many pain points as merchants face when running their business,” said Loh. “The partnership with Uber is sort of another step in that direction.”
Shopify merchants can provide their customers with an option for UberRUSH delivery, the company said. Merchants can request an Uber pickup and both the customer and merchant can track the exact location from pickup to drop-off from Shopify.
Re/code reported last month that Uber was planning to tie-up with retailers and fashion brands.
In an effort to move further into e-commerce and compete with Amazon Inc’s retail offerings, Facebook announced that it is testing several ad features that allow users to shop directly through its app.
Few users make purchases on mobile phones because it is slow and cumbersome, but Facebook hopes to win over more ad dollars by smoothing the process. Mobile purchases make up less than 2 percent of all retail sales, according to research firm eMarketer.
“We’re looking to give people an easier way to find products that will be interesting to them on mobile, make shopping easier and help businesses drive sales,” said Emma Rodgers, Facebook’s head of product marketing for commerce.
Among the new features are ads that take a user through a specific brand’s products without redirecting them to another site. For example, a user who clicks on an ad from a boutique could see an expanded page that displays numerous clothing items.
Businesses on Facebook will also be able to display products for purchase directly on their own pages. And users will be able to purchase products directly on Facebook through a “buy now” button that will be more widely available.
The 1.5-billion-member social network has also added a new section on its app that takes users directly to a shopping page where they can browse among numerous brands from a select group of small businesses that will gradually expand.
“From Facebook’s perspective, they’re addressing a pain point for retailers,” said Catherine Boyle, an analyst at eMarketer. “They will attract serious ad dollars with this offering.”
A spate of hacking attacks on U.S. companies over the past two years has caused insurers to massively increase cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover.
On top of rate hikes, insurers are raising deductibles and in some cases limiting the amount of coverage to $100 million, leaving many potentially exposed to big losses from hacks that can cost more than twice that.
“Some companies are struggling to find the money to buy the coverage they want,” said Tom Reagan, a cyber insurance executive with Marsh & McLennan Co’s Marsh broker unit.
The price of cyber coverage – which helps cover costs like forensic investigations, credit monitoring, legal fees and settlements – varies widely, depending on the strength of a company’s security. But the overall trend is sharply up.
Retailers and health insurers have been especially hard hit by the squeeze after high-profile breaches at Home Depot Inc , Target Corp, Anthem Inc and Premera Blue Cross.
Health insurers who suffered hacks are facing the most extreme increases, with some premiums tripling at renewal time, said Bob Wice, a leader of Beazley Plc’s cyber insurance practice.
Average rates for retailers surged 32 percent in the first half of this year, after staying flat in 2014, according to previously unreported figures from Marsh.
Higher deductibles are also now common for retailers and health insurers. And even the biggest insurers will not write policies for more than $100 million for risky customers. That leave companies like Target, which says its big 2013 data breach has cost $264 million, paying out of pocket.
No. 2 U.S. health insurer Anthem ran into difficulties renewing its coverage after an attack early this year that compromised some 79 million customer records, according to testimony from Anthem General Counsel Thomas Zielinski at an August hearing of the National Association of Insurance Commissioners.
Renewal rates were “prohibitively expensive,” according to minutes of that session seen by Reuters. The company managed to get $100 million in coverage, Zielinski said, but only after agreeing to pay the first $25 million in costs for any future attacks. The company would not say what that figure was before, but it was likely much smaller.
A problem with Cisco VPN systems could be exposing enterprise passwords to the sort of people who use them for bad things.
Yesterday we had Cisco warning about someone else’s problem, but today we have a company called Volexity volleying a shot in Cisco’s direction. Volexity said that it has found two exploitable vulnerabilities that can be used to drain details from databases. It reckons that this represents an upscaling in attacks, their means and their methods.
The problems exist in the web-based Cisco Clientless SSL VPN (Web VPN) that connects users to Cisco Adaptive Security Appliance devices. A screenshot shows this as a typical log-in box that asks for a username and password.
“As the industry is learning, firewalls, network devices and anything else an attacker might be able to gain access to should be scrutinised just as much as any workstation or server in an organisation.
“Having your own devices turned against you can make for a bad week. This represents yet another way attackers are taking credential theft and network persistence to the next level.”
We have asked Cisco to comment on the Volexity report, and are waiting for a response. Volexity has plenty to say, and explained that even two-factor authentication would have quailed in the face of the threat because of its positioning on the network.
The vulnerability has been present for at least a year, according to the study, and has been addressed by Cisco in the past. However, hackers moved fast and got a foot in the door.
“While Cisco provided updated software to address the vulnerability, attackers were already off to the races. Vulnerable organisations that were slow to update may have received an unwelcome addition to the source of their logon.html file,” added Volexity.
“Victim organisations effectively had their Cisco Web VPN devices turned into credential collectors for the attackers. This particular round of attacks appears to have compromised several organisations around the globe.”
This is the second time in a month that Cisco has had the insecurity finger pointed at its hardware. In September Mandiant warned about Synful Knock. Then Cisco released prophylactic tools, and thanked the messenger.
Samsung is expected to announce its first annual increase in quarterly profit in two years following a dismal third quarter in 2014, but word on the street is that things are not going well.
Samsung’s July-September operating profit to have risen 64 percent marking the first pickup since a record profit in the third quarter of 2013, but investors are not exactly excited.
Most of Samsung’s problems are its phone business. Though overall phone shipments likely rose, the brokerage says the greater share of lower-end products and price cuts for the Galaxy S6 models weighed heavily on the company’s bottom line.
At the lower end it launched new products targeting markets such as India, while at the high end it switched from plastic to metal, introduced curved screens and cut the price for its flagship Galaxy S6 devices after sales fell short of high expectations in the second quarter.
The smartphone market is saturated and no one is selling that many anymore. Chinese makers have eaten up its lower end market. New hardware features can be quickly matched by rivals. Samsung lacks service or software offerings that can pique consumer interest and not easily be replicated, a problem it hopes its recently launched Samsung Pay service can help address.
None of this has convinced investors that the company is back on track for sustained growth and the sustained growth is likely soon. The company is under pressure to return some of a cash pile of $53 billion through dividends or share buybacks.
Samsung’s semiconductor business probably remained its top earner for the fifth straight quarter as new premium phones came to market.