By Anthony M. Freed, Information-Security-Resources.com Financial Editor
PCI DSS, the self-regulatory set of guidelines that the payment card industry and retail merchants use to encourage financial information security, may well have entered it’s death throes Tuesday, as evidenced by revealing testimony during the House of Representative’s Committee on Homeland Security hearings.
Why the dire prognosis?
Anyone who has been following the cascade of security failures plaguing the payment card industry in the last year, and punctuated by the still-shrouded breaches at RBS WorldPay (RBS) and Heartland Payment systems (HPY), has to acknowledge that there are major problems with security that need to be addressed pronto.
But the greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers intent on a “big score,” but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve.
The squabbling and finger pointing displayed during the first quarter of 2009 within the industry itself has resulted in nothing less than a public relations nightmare in my opinion, as major card brands, processors, and merchants each seek to deflect responsibility onto the others.
Someone on the sidelines, intently watching the game, would have to wonder what the heck these people are thinking.
First, RBS WorldPay and Heartland maintain that because they had been PCI DSS compliant at some point before their systems were breached, they can essentially shrug off any any culpability for the security lapses, offering only the caveat that they are doing the best they can with what they have.
Almost simultaneously, the PCI Security Standards Council was staunchly asserting that no company that suffers a breach can be considered PCI compliant – regardless of their being listed as in good standing with the council at the time of the breach. From Securosis.com:
Businesses that are compliant with PCI standards have never been breached, says Bob Russo, general manager of the PCI Security Standards Council, or at least he’s never seen such a case. Victims may have attained compliance certification at some point, he says, but none has been in compliance at the time of a breach, he says.
“We’ve never seen anyone who was breached that was PCI compliant,” Phillips says without specifically naming – or excluding — Heartland. “The breaches that we have seen have involved a key area of non-compliance.”
To add to the confusion, Visa issued statements that RBS WorldPay and Heartland had been belatedly removed from the PCI Compliant list, in what has been widely considered to be merely legal maneuvering to effectively shield themselves from culpability while blocking the only alibi the processors have.
“It’s all legal maneuvering by Visa,” says Gartner security analyst Avivah Litan in an interview with ComputerWorld.com. “This is PCI enforcement as usual: They’re making the rules up as they go.”
This was apparently seen as an opportunity by some Heartland competitors to move in on some of Heartland’s clients, with reports of merchants being warned by other processors that they may be violating PCI compliance by continuing to do business with Heartland, and prompting Heartland to respond with threats of lawsuits.
Then, during Tuesday’s Congressional hearings, representatives of the merchant community, long thought to bear the brunt of security protocol “cram-downs” by the issuing brands, threw their hat into the ring in what now amounts to an industry free-for-all. From Forbes.com:
Michael Jones, the chief information officer at the retail company Michael’s, testified that the PCI rules were “expensive to implement, confusing to comply with and ultimately subjective both in their interpretation and their enforcement.”
Now bear in mind, all of these factions are supposed on the same team, and all are supposed to be working in unison to continue the evolution of ever more secure systems to thwart the increasingly resourceful criminal hackers.
Is it any wonder that the future of PCI DSS is in question?
And what could possibly be worse than an entire industry at each others throats in the midst of the biggest security problems they have faced to date?
Well, they could make enough of a brouhaha that they attract the attention of lawmakers, as they have succeeded in doing; lawmakers who have regularly demonstrated their intention of late to force industries of all stripes to cede to their “better judgment.” Also from Forbes.com:
“I’m concerned that as long as the payment card industry is writing the standards, we’ll never see a more secure system,” (Rep. Bennie) Thompson said. “We in Congress must consider whether we can continue to rely on industry-created standards, particularly if they’re inadequate to address the ongoing threat.”
This means that the PCI Security Council, keepers of the PCI DSS flame, have their work cut out for them if they want to remain the chief regulating body for PCI security. Maybe they left these issues to simmer on the back burner for too long, and maybe someone will be looking for a scapegoat.
It’s all uphill now.
During a phone call in early March with Lib de Veyra, VP of emerging technologies at JCB International and recently named Chair of the PCI Security Council, I expressed my concern over the state of relations between the various elements that make up the payment card industry.
I likened the public displays of policy incongruity and the tendency for all interested parties to respond to news of security lapses by rushing to throw each other under the bus, to that of the image of a snake swallowing its own tail.
I expressed concern by offering my opinion that the biggest threat to PCI DSS does not come from the endless supply of criminal hackers the industry will certainly face in perpetuity, but instead comes from the fractured portrait of an industry in crisis, and its inability to effectively manage itself.
That was one long month ago, and opportunity to avert the creation of a new regulatory body to oversee PCI may have already come and gone, which is most unfortunate everyone concerned.
PCI DSS is not broken, but the collective will to make it an effective standard for security just might be.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Sunday March 22, 2009, Dateline NBCaired a piece called “Inside the Financial Fiasco,” in which Chris Hanson finally takes a break from exposing sexual predators to take a closer look at the current housing mess.
NBC attempts to assign blame for the mortgage meltdown, and also tries to make it seem like they have finally identified the handful people who were the “only ones who knew” what lay in store for the economy when Wall Street embarked on the derivatives end-run that fueled the crisis.
So let’s go down the list of people that are prime candidates in the vicious circle of blame, and what their role where in the making of this fiasco.
Let’s start at the top. Back in the mid ‘90’s, The Government loosened credit guidelines and required lenders to make mortgages available to more to minority buyers.
By doing this, they gave the lenders an open check book to write questionable loans, all the while knowing that they would be able to sell them on the secondary market (Wall Street).
This was the creation of the infamous “Subprime” loans which later morphed into Alt-A and Expanded Approval loans.
Next, let’s look at the Product Managers who wrote the underwriting guidelines for the toxic loans known as SISA’s and NINA’s, which required little or no documentation of income and assets. The SISA loans are highlighted in the Dateline piece.
Do you think that these product managers had no idea that these types of loans may be misused, or did they only see the underlying profit that was possible from billions of dollars of loan fees collected by creating millions of loans that were virtually just ticking time bombs?
Yes, there are some cases where these loans were appropriate, such as for the business owner who had a lot of write offs, or the borrower whose spouse may not have the best of credit, but will nonetheless contribute towards the monthly mortgage payments.
But the types of borrowers who where actually put into these loans were completely unqualified, as mentioned in the NBC piece.
People like Delores Parker Jackson, who took out multiple loans on four condos totaling over $1.3 million with a negative (-$6000) shown on her tax returns.
Mrs. Jackson, who claims to have run a profitable daycare, and says that she is not to blame, but is actually the victim of predatory lending.
REALLY? She took out multiple mortgages on four different properties totaling over a million dollars with a payment of more than $10k a month, and she claims she had no idea that she could not afford the terms. Now she wants to pretend that she is not culpable, and that the mortgage company committed fraud?
Come on, do seem we that stupid?
Thirdly, let’s look at another “innocent” party: The CEO’s of all the banks and mortgage companies.
These people should have overseen the product managers and acted as the final line of defense by looking out for the company’s long term interests by saying “Hey, stop! These loans may be too risky.”
But the CEO’s saw only a “pot of gold” in the form of billions in loan fees, and where slaves to the corporate bottom line.
Do you think that Angelo Mozilo, the former CEO of Countrywide who earned over $400 million during his last five years at the company, had absolutely no idea that SISA and NINA loans with zero money down would backfire?
Chris Hansen attempts to talk to Mr. Mozilo, but to no avail.
Since he quit Countrywide and the mortgage mess started to blow up, Mozilo has been hiding out at his palatial estate in Southern California, ala Howard Hughes. Chris tried to get the guard at Mr. Mozilo’s gate outside his house to let him in, but was turned away.
Also to blame are the former CEO’s at places like Bear Stern’s and Lehman Brothers, who ended up driving their companies into the ground by buying up these toxic securities. And none of these guys saw the writing on the wall?
I think they did, but also saw big dollar signs in the racket, and choose to ignore the hazards.
Next up for their heaping of blame are The Borrowers. I was an LO for 15 yrs, and used Countrywide as a purchaser for many of my loans.
I knew that some of my borrowers were “less than qualified,” but the underwriting said to “make the loan.”
Like when I would be working for a builder, and a borrower would come to me and asked what loan amount they qualified for, my reply often was, “How much can you afford?”
I told them that I could tell them all day how much they can and cannot get approved for, but only they could tell me how much they really afford.
I could tell them on paper or with calculator that you could qualify to pay, but only the borrower could tell me if they could actually maintain that payment.
I cannot tell you how many times I was told by borrowers, “Don’t worry about me affording it. You just write that mortgage.”
This is where I move on to include the next culprit in this mess, The Loan Officers.
How many LO’s wrote loans for people that they knew would end up in foreclosure?
Many borrowers who I turned down for a mortgage would come back to me later to say, “See, I knew I could get approved. Thanks for nothing.”
At the height of the bubble, there were so countless mortgage brokers who were willing to do anything to write a loan and collect a fee.
They would falsify the numbers to make them work if they had to.
In the Dateline piece, they showcase a woman who was employed as a personal trainer, and who claimed to of told the LO at People’s Choice that she only made $1600/mo.
She was approved for a $259k loan.
Even after she was told that the payment would be over $2100/mo, she figured that she would just have her sister move in and help with the payment.
Do you think that the LO at People’s Choice had any idea that she may NOT be able to make the payment on this house? When Chris Hansen looked at the original paperwork, it stated that she made $7300/mo, which surprised the woman.
She claims she never provided that figure to the LO.
How many LO’s committed fraud because the commissions that they were going to make on each loan they closed could be well into the tens-of-thousands of dollars?
Even though my job was commissioned based, I only made loans if I had some degree of certainty that the borrower had both the ability to pay the mortgage payment and that they completely understood why I was giving them a SISA or NINA loan product.
I did not want a former borrower hunting me down in the parking lot some night after work because I put them in a loan that that left them flat broke.
Next in line is a major player, one who no one seems to put much blame on or even mention much, The Appraiser’s. I believe these guys had a huge impact on the housing explosion, and no one seems to want to bring them up.
As the appraisers continued to inflate the values of the properties, the mortgage companies continued to write mortgages to cover the obscene appraisals.
I knew that if a borrower told me that they were short on funds to close, I could call the appraiser and ask him to “bump up” the value of the property a bit, so that I could give the borrower the money cover closing costs.
This was considered a legitimate practice because real estate only increases in value, remember? But in reality, the value of that house did not go up $5k in the 2-3 weeks since they had done the actual appraisal.
I also found out the hard way how much of an “opinion” an appraisal really was.
Prior to working for the builder, I worked for a short time as a mortgage broker. I only did one loan at the place. , and it was for a gentleman who was doing some renovations on his house, but did not have enough money to finish the project.
Less than a year earlier, the value of the house came in at $85k. When he wanted to do another cash-out refinance a year later, but the new appraisal came in again at $85k. So when I went to my boss and told him that I did not have the value to support the loan, he handed me a business card and said, “Call him.”
Two weeks later, I had an appraisal for $115k, enough to cover the loan.
Was there that much movement in the values of the house? Did it really go up $20k in three weeks, or did the new appraiser just want more business?
What do you think? I know when I worked for one of the big mortgage companies and did a ton of refi’s, every time I had to put an initial value of a home on an application (which typically came from the borrower) nine times out of ten, the appraisal came back with the exact same value.
Curious.
Another big part of the mess, the people who were supposed to catch any fraud or mistakes, were The Underwriters.
They were the final check points in the mortgage process, and when they were presented with a SISA loan that showed that a “house cleaner” made $12k/mo, they should have sounded the alarm.
Like the appraisers, the underwriters are merely mentioned in the piece on Dateline.
Ilene Lanacano, who worked for “People’s Choice,” says that when she brought up some of these problems with the questionable loans, she was often overruled by the CEO of the company.
She states that she was often offered “incentives” by loan officers (money, jewelry, even a car) to approve loans. Ilene says that she never took any of these incentives.
She also claimed that there was harassment and intimidation if you did not approve loans, such as flattened tires and physical threats.
Ilene finally left “People’s Choice” for a consulting firm whose business was to analyze the loans to be pooled in Mortgage Backed Securities (MBS’s). When she raised some flags, she ended up getting in trouble by management.
Next, let’s look to good old Wall Street. You would think that one of the supposed guru’s of Wall Street could have seen the possibility that at least some of these loans were destine fail. But they too, only saw the bottom line, and they sold these MBS to everyone: investors, pension funds, municipalities and other countries.
And then there is China, who bought up trillions of dollars in MBS in an attempt to control the US. By owning all these MBS, China has a huge stake in our mortgage meltdown.
They were only briefly mentioned in the “Dateline” piece, and no real repsonsibility was levied on them. If China had not been so greedy, there wouldn’t have such a demand for MBS, which would have cut down the toxic loans being written.
And the Chinese are smart, shouldn’t they have seen some of the signs?
Next ones to heap some blame on are the Bond Rating Agencies, such as Standard and Poors, who was also briefly mentioned in NBC’s piece.
As Dateline explained, they were hired to give credit ratings to these MBS, which are supposed to indicate their level of risk to investors. “AAA” was the highest rating that they could give a security, and 80% of MBS received that top stamp of approval.
They suggested that most MBS would perform well, despite the fact that the agencies did not have any historical data to back the ratings up. Richard Gufliota of S&P, stated that they were so over inundated with securities to rate that most were not examined to the extent that they should have been.
It should also be mentioned that they made their money in volume too. More quantity over quality.
Finally, a lesser acknowledged culprit of this financial fiasco is The Media itself.
If it wasn’t for the greed of the media (TV, Radio and Newsprint), rolling out with advertisement after advertisement for these mortgage companies and their products, borrowers would not have been so encouraged to accept some of these toxic loan.
In years leading up to this mess, there wasn’t a commercial break that did not produce a mortgage ad.
Often advertised were the No Closing Cost, Stated Income, No Income Verified, and so forth.
There wasn’t a Radio host in the nation who didn’t have at least one mortgage company in their back pocket paying them to be their spokesperson.
Did any of them look into the products that they were pitching to their listeners? Nope. I think they just laughed all the way to the bank.
And what is strange about the media’s role, is that I have yet to see anyone try to add them into the equation. Now, all you hear out of radio talk show hosts spewed crap about how everyone else is to blame. None have come forward to say, “Hey, I guess I had a hand in it too.”
All in all, it is going to be a vicious circle of blame.
There is plenty of blame to go around, and I think when it comes down to it, we can sum it all up with one little word: “GREED;” the Greed of the Government, the greed of the Product Managers, the greed of the CEO’s, the greed of the borrowers, the greed of the Loan officers, the greed of the Appraisers, the greed of the Underwriters, the greed of Wall Street, the greed of China, the greed of the Bond Raters, and greed of the media.
The plaint that credit default swap-promulgating AIG (AIG) is contractually obligated to pay out millions in bonuses to the same pitted brass that led the company, the industry, and the entire economy off a cliff is a bunch of horse hooey.
If you are on the management team of a company that lays off workers, can’t pay its bills, leaves shareholders holding nothing, and has to take public bailouts, it’s your damn job to make a deal to restructure that company, or wind it down responsibly.
Your bonus is getting to keep porking up to the paycheck trough while other workers are losing salary, severance, and health care.
New York Times: The payments to A.I.G.’s financial products unit are in addition to $121 million in previously scheduled bonuses for the company’s senior executives and 6,400 employees across the sprawling corporation. Mr. Geithner last week pressured A.I.G. to cut the $9.6 million going to the top 50 executives in half and tie the rest to performance.
The payment of so much money at a company at the heart of the financial collapse that sent the broader economy into a tailspin almost certainly will fuel a popular backlash against the government’s efforts to prop up Wall Street. Past bonuses already have prompted President Obama and Congress to impose tough rules on corporate executive compensation at firms bailed out with taxpayer money.
A.I.G., nearly 80 percent of which is now owned by the government, defended its bonuses, arguing that they were promised last year before the crisis and cannot be legally canceled. In a letter to Mr. Geithner, Edward M. Liddy, the government-appointed chairman of A.I.G., said at least some bonuses were needed to keep the most skilled executives.
I sure would like to see those AIG contracts – I’ll bet I can poke a hole in the specious supposition that the company really, really wants to do the right thing, but its little hands are tied. Since the public bailout of AIG, we all have an ownership interest in where the money is going, and are entitled to ask probing questions.
New York Times: “We cannot attract and retain the best and the brightest talent to lead and staff the A.I.G. businesses — which are now being operated principally on behalf of American taxpayers — if employees believe their compensation is subject to continued and arbitrary adjustment by the U.S. Treasury,” he wrote Mr. Geithner on Saturday.
Still, Mr. Liddy seemed stung by his talk with Mr. Geithner, calling their conversation last Wednesday “a difficult one for me,” and noting that he receives no bonus himself.
“Needless to say, in the current circumstances,” Mr. Liddy wrote, “I do not like these arrangements and find it distasteful and difficult to recommend to you that we must proceed with them.”
I know contracts inside and out, at the real-world, down and dirty level, not the black-box, ivory tower, theoretical stratum that gets adjusted as the tectonic plates of business deals crash into each other.
Although I have chosen not to practice law anymore, I am really good at understanding the terms of these agreements, and evaluating when it would appropriate to reward corporate players for their performance.
And, when it is not.
New York Times: Of all the financial institutions that have been propped up by taxpayer dollars, none has received more money than AIG, and none has infuriated lawmakers (and Ben Bernanke per 60 Minutes) more, with practices that policy makers have called “reckless”
The bonuses will be paid to executives at A.I.G.’s financial products division, the unit that wrote trillions of dollars’ worth of credit-default swaps that protected investors from defaults on bonds which were backed in many cases by subprime mortgages.
The bonus plan covers 400 employees, and the bonuses range from as little as $1,000 to as much as $6.5 million. Seven executives at the financial products unit were entitled to receive more than $3 million in bonuses.
Any attorney who advises that these bonuses are appropriate ought to have his or her head checked.
Base salary, maybe, if not outrageous. No bonus. No severance unless everybody else also received proportionate assistance. Don’t care what the contract says – attack it in bankruptcy or wind down – I saw it many times in the Silicon Valley meltdown.
But the official also said the administration will force A.I.G. to eventually repay the cost of the bonuses to the taxpayers as part of the agreement with the firm, which is being restructured.
AIG’s main business is insurance, but the financial products unit sold hundreds of billions of dollars’ worth of derivatives, the notorious credit-default swaps that nearly toppled the entire company last fall. AIG had set up a special bonus pool for the financial products unit early in 2008, before the company’s near collapse, and when problems stemming from the mortgage crisis were just becoming clear.
There were concerns that some of the best-informed derivatives specialists might leave.the company. AIG then locked in $450 million for the financial products unit, and prepared to pay it in a series of installments to encourage people to stay.
This poignant issue is near and dear to me, as I have shut down management bonuses before, even when I would have received some of that money, and even when I really needed it.
I also have been lucky enough to work with one of the premier corporate governance experts in the country and with a bankruptcy and wind down expert whom I hope will end up on the federal bench.
In the past, I have known both of these gentlemen to express support for my assertion that it is appalling for a destitute company to pay out management and deal bonuses to the team that took the company under.
New York Times: A.I.G.’s main business is insurance, but the financial products unit sold hundreds of billions of dollars’ worth of derivatives, the notorious credit-default swaps that nearly toppled the entire company last fall.
Under a deal reached last week, A.I.G. agreed that the top 50 executives would get half of the $9.6 million they were supposed to get by March 15. The second half of their bonuses would be paid out in two installments in July and in September. To get those payments, Treasury officials said, A.I.G. would have to show that it had made progress toward its goal of selling off business units and repaying the government.
Nice. You just keep holding that moral compass you got there, guys.
Laura is a business consultant and an advocate for information security, consumer protection, long-term shareholder value, and better management decisions. Her specialty is finding and fixing risks and threats to sensitive data. Her experience includes international banking, credit card, and mortgage companies, venture capital portfolio companies, and software and technology providers. She practiced law in Silicon Valley during the tech boom and meltdown, handling corporate governance and information protection.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
Heartland Payment Systems (HPY), one of the largest credit card processors in North America, is finally being called to the carpet for the apparent lapses in Payment Card Industry Data Security Standards (PCI DSS) that contributed to the largest data breach of 2008, perhaps even the largest breach ever considering the full extent of the exposure has yet to be determined.
Called to the carpet sort of, anyway; the sanctions and guidance laid out by Visa (V) seem a little lackluster when weighed against the severity and duration of the breach.
Given that Visa is now considered the most likely of several candidates for inclusion in the Dow Industrial Average, taking up slack from soon to be sidelined Citigroup (C) and Bank of America, (BAC) it is not surprising that they do not want to call too much attention to the situation:
On January 20th of this year, Heartland Payment Systems (HPS) publicly disclosed a large-scale compromise involving account data from all card brands. In light of this event, Visa has taken the following actions to help protect the Visa system:
CAMS Alerts – Between January 18th and February 4th Visa issued a series of Compromised Account Management System (CAMS) alerts (US-2009-046-IC) to financial institutions related to this compromise event. Providing this information can help financial institutions act quickly to minimize fraud on exposed card accounts.
It is worth noting here that Visa and MasterCard (MC) reported anomalies to Heartland in late October, about two and a half months before the CAMS alert was issued.
Data breaches in the financial industry always reignite the debate between those who want full and immediate disclosure, and those who would prefer to subdue the news.
A lot seems to depend on your preferred usage of words like “quick” and “help”.
As for the sanctions Visa has prescribed for Heartland, I believe it’s something akin to when Dean Wormer put the Delta House on Double Secret Probation, or at least that’s how it reads:
Removal from Visa’s List of Compliant Service Providers – Visa has removed Heartland from its online list of Payment Card Industry Data Security Standard (PCI DSS) compliant service providers. HPS has advised, however, that it is aggressively working on remediation and re-validation of its systems to comply with PCI DSS standards. The company will be relisted once it revalidates its PCI DSS compliance using a Qualified Security Assessor and meets other related compliance conditions.
System Participation – HPS is now in a probationary period, during which it is subject to a number of risk conditions including more stringent security assessments, monitoring and reporting. Subject to these conditions, Heartland will continue to serve as a processor in the Visa system.
So Heartland is off of Visa’s Christmas card list for 2009, but they still get a fruitcake.
A breach of unknown scope and impact to consumers, participating banks, their shareholders, merchants, the economy in general, the source of multiple class action lawsuits and untold losses for years to come, and the big smack down is that Heartland has to sit in the back of the bus?
Profits over protocols; some actuary must have crunched the numbers, the underwriters drew the bottom line, and the executives decided to mush on. Damn the torpedo (holes).
And Heartland may not be the whole story.
There are multiple access points in the data chain. Heartland may be where the malware disease did its worst damage, but that does not guarantee that Heartland is also the point of infection.
And as far as being PCI DSS compliant, there has been some confusion as to what that exactly means for security assurance.
PCI DSS compliance is only a momentary measure. Think of it along the lines of a kitchen inspector who gives a restaurant the highest rating after inspection, that is no guarantee the cook will wash his hands well next week, or that the mayonnaise will never get left out.
That is why you will hear a CEO of a breached credit card processor plead “But we were PCI DSS compliant” and simultaneously you will hear the PCI council (made up of the major payment card brands American Express (AXP), Discover Financial Services (DFS), JCB International, MasterCard Worldwide and Visa) exclaim that “No PCI compliant processor has ever been breached.”
Both of these statements can not be correct.
Also included in Visa’s belated response to the Heartland breach is a fine to be levied against the participating banks – most of whom rightly consider themselves to be victims of the breach as much as their customers are.
This must be like when the mean Drill Sergeant makes everyone march in the rain because one jerk made a goof. I guess the client banks are supposed to exert peer pressure on Heartland to mend their ways, or something:
Fines – In accordance with Visa Operating Regulations, fines will be assessed to Heartland’s sponsoring banks. Such fines are part of the program Visa uses to assure compliance with system rules. Ongoing compliance with PCI DSS helps keep the system more secure for all participants.
I fail to see the purpose of penalizing banks that send their processing business to Heartland unless it can be shown that the bank somehow contributed to the breach in a material manner, otherwise this is just more fodder for the lawyers in the form of damages to recover through litigation.
Another mystery contained in Visa’s announcement is the requirement that all fraud related to the Heartland breach has to be reported by May 19th. This is ridiculous, as it could be a year or two before all fraud cases can be identified and then substantiated; requiring this to happen in the next two months is unrealistic, if not unreasonable:
Account Data Compromise Recovery – Visa has determined that this event qualifies for the Account Data Compromise Recovery (ADCR) program. Subject to its terms, this program provides issuers the ability to recover a portion of their losses related to accounts that are determined to be the subject of a breach, by assessing acquirers for the ADCR financial liability. An acquirer’s ADCR financial liability is determined based on a percentage of magnetic stripe-read counterfeit fraud and specified operating expense liability amounts. Issuers will have until May 19th to report fraud losses related to this event to Visa. Until this reporting window closes, specific recovery amounts cannot be determined. Visa will provide clients with additional information as it becomes available.
Finally we get to that last paragraph, and I can say there is something there that I actually agree with: The PCI DSS is a decent start. What really needs to be fixed is how PCI DSS is implemented and maintained throughout the data access chain:
This recent compromise underscores the importance of all parties maintaining ongoing compliance with the Payment Card Industry Data Security Standard. These standards continue to serve as a robust and critical foundation to protect cardholder data and, when implemented properly, have proven to be highly effective in preventing and mitigating the impact of data compromises. Compromise events are a reminder of the importance for all parties in the payment system to maintain ongoing vigilance when it comes to protecting cardholder data. Each stakeholder in the Visa system has a critical role in our collective fight against the criminals that perpetuate card fraud.
So in summation, Heartland (and others) may be full of holes, and Visa belatedly recommends business as usual until such time as the holes can be found and filled.
On to the next breach.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
By showing the inside workings of a take over, “60 Minutes” (I think) was trying to put our minds at ease by showing how smoothly it goes.
But this is a bank of only 5 branches, with a total 12,000 deposits worth only $200 million. Not pocket change, but not any where in the same ballpark or even league as a big bank like B of A (BAC) or Chase (C).
In the story, they state that when Indy Mac (IDMCQ) went down it held close to $11 billion. The FDIC levies premiums that they charge banks to insure the deposits, and put the funds into a reserve for such failures.
The FDIC states that there were 25 closings in 2008, but as of the first two months 2009, there have already 1been 6 closings. The FDIC estimates that they will need $65 billion to cover closings over the next five years.
Let’s do the math:
-$65 billion over then next five years = $13 billion per year.
-If HCB is an average bank, don’t think that with five branches is that big = $200 million.
-That means they can handle 65 closings a year of these small banks.
So that being said, what happens if another Indy Mac goes down?
According to Sheila Bair (Chairman of the FDIC) the FDIC will never go broke. It will always be backed by the government.
What does Bair think? That the fed will just print some more money and give to her? That doesn’t sound so good.
Now I have done some investigating of my own: According to this piece, there are three things that the FDIC can do when a bank fails:
-They can close the bank and pay the depositors.
-They can close the bank as it was and run it themselves.
-They can sell the bank (as was the case in the HCB in this story.)
In the story, Heritage was sold to MB Financial (MBF) and things went on as normal they next day (Saturday) after the FDIC take over. The FDIC paid MB $3.5 million dollars to take over Heritage. The FDIC also insures that if any loan by HCB that goes bad in the near future will re-reimbursed up to 80% of the loan loss.
Okay, so this situation seems to have a happy ending.
But let’s say that a bank fails and the FDIC fails to get a suitable buyer, what happens if they don’t want to run it and they close it down.
I brought this question to the attention of my banker at Regions Bank (RF). He informed me that the FDIC has up to TWO years to pay depositors their claim. Yes it is insured, but if you don’t have access to your money for up to two years, what good is it going to do you?
What about the people who live pay check to pay check? Or the seniors that have a limited cash flow and everything they own is in that one bank that went under?
Once I heard this from my banker at Regions, my wife and I decided to diversify in three banks. This way if one goes under and no one buys it, I will have a back up. We also took some cash and put it into our safe.
Why, do you say or wonder? Well, lets to some thinking here:
Who, if anybody, remembers what happened during the depression? Who really lived it? Answer: Seniors.
Who has some of the most assets? Answer: Seniors.
If there is a massive scare and there is a run on the banks, who do you think will be the first to come to the bank and withdraw all of their savings? Answer: Seniors.
And last, how many “average Joe” accounts would it take to equal what one senior couple would have in their account? Answer: I don’t know, but I know it is probably at least 10 to 1, probably close to 20 to 1 or higher.
Keeping the confidence in the people who have the most at stake…seniors. If there is a run on the banks, you can bet that the seniors will be the first ones in line to get their cash.
In the “60 Minutes” piece, they in fact show a senior citizen come in with an empty brief case in order to withdraw all his money. Nothing in this story examines how seniors can make or break this mess with run on the banks.
I have never been involved with a bank that was being taken over, but I am sure it is not as nice as the way they show it in this piece.
Heritage had been in business for 45 yrs and probably didn’t take some of the most risky loans such as the Chases (JPM), B of A’s and Well’s (WFC), but they get bailed out where these small banks seem to be just kicked to wayside.
One other thing that is brought up is when Pelley brings to the attention of Bair about what would happen if a big bank goes under and why they get bailed out and the small banks don’t, she suggests that we need to legislate the size of the big banks.
Make it so that they cannot exceed a certain limit to insure the fact that they cannot get too big and fail.
Bair says that the FDIC can and will not fail, what will happen if a Chase or B of A goes under. I think that the FDIC would have a hard time handling one of those.
They won’t be able to just “print money” to clean up the mess without creating another snowball effect on the value of the dollar, let alone the consumer confidence. That is something that Pelley should have investigated instead of how nice it was when this little five branch bank failed.
The euphemism “deleveraging” defines this crisis. A person or bank reduces debt by selling an asset. Deleveraging advances. If there is no asset, and no cash on hand, however, debt must still be reduced. A write-off is taken.
Deleveraging actually re-leverages the asset seller as bad investments destroy good capital. Thus deleveraging is the opposite of its name in a crash. Many write-offs pushes deleveraging into a bankruptcy. A new euphemism is used: “Nationalization”. The state seizes a bankrupt bank. What do you do with a bankrupt bank?
That is the question of the day.
A loan officer qualifying a purchaser for a new mortgage reviews the income of the borrower. He then determines an affordable level of debt. “You can go out and buy a property worth X,” the loan officer says.
If we are to judge the validity of bank assets like mortgage debt, then Gross Domestic Product (GDP) may be a reliable starting place. GDP is suggestive of a nation’s buying power and comparable to income for an individual. GDP broadly defines reasonable debt levels.
Review a history of the ratios of household debt-to-GDP and bank-sector debt-to-GDP. Shrill alarm bells ring out loud. It’s hard to hear anything else. This macroeconomic picture inspires fear. “It cannot possibly be that bad,” one thinks.
If 1980 is a base year, and we hypothesize debt levels at that time were affordable and smart, and that we should return to them, then they suggest the excess of debt which households owe today equals $7 trillion (of a total of $14 trillion).
That’s terrible and unworkable. It is also modest compared to the financial sector. The excess of financial debt is $14 trillion (of a total of $16 trillion) (see graph 1: “US Private Sector Debt”).
Rosetta Stone: Huge increases in debt may be the key issue driving the financial crisis
Meditating on this excess leverage reminds one of watching from the 2nd floor window of your suburban home as a nuclear bomb detonates in the city center. That is where your office is / was. You are still alive, but for how long? One thing we know: You will not be going to work tomorrow.
These gargantuan numbers paint with a very broad brush. All excess debt is not un-payable. Still, while the numbers appear to be impossibly large, they should not be dismissed simply because reason tells us they are impossible. Reason did not guide debt creation.
Set aside for a moment the argument about what is the right level of debt for all banks and all households. Let’s run a fire drill, and assume in 1980 we had it right. Assume GDP is a valid starting place to determine our ability to pay debt. And then assume $7 trillion of household debt and $14 trillion of financial debt is un-payable. All of it is a write off in this scenario. How do we erase this value-less pestilence?
If an individual could sell his house to end a debt burden, he would. If a bank could sell a loan asset to pay down a debt, it would. Unfortunately, if an asset doesn’t cover a bill, they can’t sell unless they admit a loss. The would-be seller waits and hopes and turns to zombie. That’s the difference between a boom and a bust. Selling doesn’t help enough in a bust.
My guess is our deleveraging requires a bankruptcy filing, but not for one homeowner or one bank, but systemically, for many or all money center banks, and for a huge subset of households; maybe something like one of five households. If indeed we have to do this, we should get this work done quickly.
The question is: What is the smart way to start and immediately finish bankruptcy?
The right way forward is simple: Enact Plan Orange.
Convert senior debt holders of commercial banks en masse into equity, and give them control of the banks. Zero the old equity and preferred shares. And employ a highflying kicker: Reduce mortgage debt for any homeowner to at most 80% of the present value of a home (see graph “Plan Orange”).
These actions radically fortify banks and homeowners. They are valid for all countries with excess debt in households and banks, which includes at least Ireland, Spain, and England. A coordinated enactment among nations may bring stable confidence to the markets.
The mortgage plan, which the graph estimates reduces consumer debt by $5 trillion in the United States, accomplishes many things. It’s primary virtue is reawakening a huge number of consumers; the group which accounts for 70% of our economic activity.
The impact would dwarf the recent stimulus package, making it a Mini-Me in comparison. With it we destroy negative equity, unfair loans, and foreclosures. Mortgage investments mutate in an instant from bad to good. The owners of mortgage investments, including banks and insurance companies, may be free again to lend, or they are far less undead.
If you believe time is money, this plan is dirt-cheap medicine. It employs massive simplicity to achieve maximum speed. Should we take such an action, we may even unleash a boom from this terrible crisis. We need the boom to pay off the massive new debts which our government must shoulder as part of this plan.
The first step is the most difficult. We must admit a debt which cannot be repaid is not a debt. We must realize our bubble is superior among bubbles. It is different this time – in the breadth of its magnitude.
Credit spread the bubble here, there and everywhere. Therefore it is a double or triple or an infinite bubble. Wherever borrowed money could purchase a major asset class, contamination permeates that asset class. And the debt used to purchase it is a mirage. Thus double bubble or bankruptcy squared. You choose the name.
Does anyone believe residential real estate and mortgages are the end of our calamity?
Who can predict losses in commercial real estate, leveraged buy outs, and credit cards? What performance in those classes should we anticipate if unemployment hits 12% and GDP contracts 9%? Those are the numbers we have to plan for, while at the same time we elide $21 trillion of extraneous debt.
Let’s review the economic conditions under which the debtor will struggle to repay the obligations. If we are in a severe banking crisis, history says our unemployment of 4.9% in January 2008 will peak at 12% (it is 7.6% as of January 2009) (3. The Aftermath of Financial Crisis).
Gross Domestic Product will fall by 9% from its high; a radical drop compared to consensus estimates. Property values will fall 35%. We can only hope it will stop there for us. Stocks will fall 56% — a number easily believed.
OMINOUS OMNISCIENCE: The best research describing the affect of a bank crisis predicts difficulties far more serious than consensus forecasts by economists and analysts
These terrible things will happen at the same time we must pay the monthly interest expense on a huge possibly excess debt of $21 trillion between households and financial firms. My hypothesis: There’s no way we can make it.
Some of the excess debt is a write-off. But how much of it is excess?
We actually don’t need to answer that question now. What we need is debt destruction and capital creation. We need bankruptcy. Erase un-payable debts the old fashioned way. Take out the old owners. Install the debt holders as owners. Reorient the economy from debt to equity.
Since an un-payable debt is a write-off, and since financial-debt-to-GDP ratios are EIGHT times higher than in 1980, the right question for our banks is not how much their equity is worth. The equity is dead and gone. The right question is: Will bondholders, converted to equity, be destroyed just as their predecessors must be?
Given the excess of leverage, they will likely zero out as well. Even if all bank debt for money-center banks is converted to equity, state-sponsored capital injections will likely be enormous. For Fannie and Freddie, there is no such thing as disposable debt holders. Our credit worthiness depends upon us honoring their debts. All their losses go straight to Uncle Sam.
The losses will be mammoth.
Generally what we need is to build a bon fire and burn to the ground ten or 20 or 30 years of manic lending. Debt must be welshed on in numerous trillions. Alan Greenspan recently approved of bankruptcy for money-center banks (nationalization), but said bond holders of seized banks require a guarantee (4).
The view from the tundra does not support this guarantee. Would Mr. Greenspan support his own position if the banks’ bond holders would be wiped two or three or five times by write offs? Bond investors are adults, and money-center-bank creditors invested poorly. The IMF and Goldman Sachs both predict greater than $2 trillion of loan losses for US-based assets (5). What if the losses are twice that?
Our speed-test ratios of debt-to-GDP hypothesize excess debt of $21 trillion for banks and households as one group. What if the $2 trillion figure is short by half? If banks do convert their debt to equity, and the banks end up stronger than they appear, the new equity holders aka the former bond holders will be paid back by the value of their stock. They can get their money back if there is any money to pay them back with.
We must dramatically reorient a debt-centered boom into an equity-heavy recovery. Start by paying down all mortgages to a reasonable level. Convert bank debt to equity. The bank debt alone represents almost a trillion dollars of new capital for the four majors and more than doubles the equity account (6). We will have begun reducing a vast part of the grotesque imbalances in broad ratios of debt-to-GDP. If adequate capital is our goal, why do we ignore this remedy?
Pumping Up: The money-center banks can radically increase their capacity to withstand losses and to lend if debt holders are converted to equity owners
If new state injections of capital are necessary, and if old injections need to be re-categorized, they should resemble senior debt, which neatly solves the question of government management by giving it to someone else. Since post-orange banks have huge capital accounts and no bad residential mortgages on the books, they have breathing room to make money.
Next up are monstrosities in commercial real estate, buyouts, and credit cards. We must anticipate unprecedented write-downs in these categories. And we must devise the same instant-bankruptcy mechanisms for these assets as is suggested here for mortgages.
Regulators must expand their thinking. They must move beyond their scientist-like role as lender-of-last-resort. They have handled this well, but science is easy. Now they have to do the art work. This will require that they wear different hats which are at first uncomfortable. They are the bankruptcy prosecutor-judge-and-jury of-last-resort and parent-with-checkbook-open of-last-resort.
While they adapt to those roles, we put the lending rules back together again. Make the rules real and make them stick. Regulate leverage for banks as borrowers. Regulate leverage for banks as lenders. It’s a great cure all for our ugly failures.
We don’t have time to play around.
Review the devastating early effects of our crisis. Global equity markets had fallen $21 trillion last year at the market low (7). Fifty million people worldwide are now expected to lose their job (8). How many mouths are now unfed, when even before the disaster 100,000 people starved to death every day (9)? When these innocent bystanders enter our calculus the dictates of moral hazard grow false quickly, and the regulation of leverage now can bar repetition of our most serious errors.
Until the next time.
Poor Souls: The U.S. economy guides the world’s economy
Our decisions make life better or worse for all. Roughly 100,000 people die every day from starvation
Untold masses and markets all over the world depend upon us. We can’t be guided by the hurt feelings of stock and bond holders. We need a bright rebound. We need radical courage, great ambition, and intelligence. Plan Orange has it.
A zombie is a person, bank, or country, which pretends a vast array of un-payable debt has substance.
We are not a zombie country.
We need to get to work, and a radical move into equity will make this possible. We have nothing to fear but debt itself. Just take aim at this ugly beast debt.
Kill it dead with bankruptcy. Write off the debt and burn it to the ground. Good things follow.
1. GDP-to-Debt in major sectors. See graph labeled “US Private Sector Debt”.
2. “Plan Orange” graph.
3. Bank crisis statistics. See “The Aftermath of Financial Crisis”. Dec 19, 2008. Carmen Reinhart & Kenneth Rogoff.
4. Greenspan on bank bondholders: “You would have to be very careful about imposing any loss on senior creditors of any bank taken under government control because it could impact the senior debt of all other banks,” he said. “This is a credit crisis and it is essential to preserve an anchor for the financing of the system. That anchor is the senior debt.” Financial Times. 2/18/09. “Greenspan Backs Bank Nationalization”.
5. Credit-loss projections. IMF & Goldman Sachs. “The fund said that credit losses from bad assets originating in the US would be $2,200bn (€1,662bn, £1,537bn), a sharp increase from its previous $1,400bn estimate.” Financial Times, 1/28/09, “IMF Slashes 2009 Growth Forecasts”. “Analysts at Goldman Sachs were the latest to jack up estimates of potential U.S. loan losses. In a report released late Tuesday night, Goldman economists estimated that losses from delinquent U.S. residential mortgages alone would hit $1.1 trillion as home prices sink, up from an earlier estimate of $780 billion. Add in losses from commercial real estate, credit cards, auto debt and business debt and Goldman’s loan loss estimate hit $2.1 trillion.” Wall Street Journal 1/15/09 “Banks Loan Losses Could Reach $2 Trillion.
6. Long-term debt and equity at money center banks (2007 annual report of BA, Chase, Citi, Wells).
7. $21 trillion lost in equities: “When equities bottomed on 21 November 2008, the MSCI World index had fallen 55 per cent since 31 October 2007. This worked out at a global loss of $21 trillion, or $ 21,000 for every individual in the developed world.” TimesOnline. 2/11/09. “Global Stock Market Losses Total $21 Trillion”.
8. 50 million jobs lost: “Worldwide job losses from the recession that started in the United States in December 2007 could hit a staggering 50 million by the end of 2009, according to the International Labor Organization, a United Nations agency. The slowdown has already claimed 3.6 million American jobs.” New York Times. 2/15/09. “Job Losses Pose a Threat to Stability Nationwide”.
9. 100,000 die of starvation every day: “In 2006, more than 36 million died of hunger or diseases due to deficiencies in micronutrients”[8]. Wikipedia: Entry under Malnutrition. World Health Organization.
The AIG Bailout: It is not about regulation and de-regulation, as Washington lawmakers would like you to believe. It is also not about the inability to control derivative transactions, as self-styled experts are claiming on your television sets.
In fact, if the facts are closely scrutinized, the alarm bells are all ringing the wrong jagged tune.
What we are facing today is the complete lack of comprehension of the very nexus which triggered the most remarkable phase of capital accumulation following the Second World War.
The post-WW II universe was shaped entirely by a capital accumulation process which guaranteed huge surpluses for the United States, Western Europe and Japan, and which was inherently the cause of sustained poverty throughout the developing world.
In the late-1990s, however, the capital equilibrium began shifting; production-cost arbitrage and outsourcing began directing cash to countries like China and India.
But western economies confronted that equilibrium shift by continuing to create huge debt-based wealth, mainly through fundamentally flawed asset valuations, through unrealistic credit ratings and through rampant speculation.
Today, the capacity of large segments of American corporations and consumers to service debt is almost negligible.
Valuations did not lead to cash flows and profits. Credit ratings failed to fully comprehend impairments in business models. And, as if to drive the inevitable final nail in the debt coffin, the risk insurance sector, without which the modern-day capital enterprise is a non-starter, is now destined to walk away from the wealth bubble in a matter of a few short weeks and months.
The nexus of capital, debt and insurance (and militarism, for that matter) is currently in crisis mode.
American International Group (AIG), for example, will need more than US$150 billion as cash margin for its credit default swap contracts to offset the downgrades in its own credit ratings; other risk reinsurance entities, including European majors, are expected to emerge from the woodwork with serious counterparty deficits within this month.
Banks like Washington Mutual (WAMUQ) and Wachovia (WB), as other examples, are still not disclosing the foreclosure-to-sale risk inside their property portfolios.
Elite Wall Street institutions, like Citibank (C) and Morgan Stanley (MS). are reported to be undertaking, as a matter of top priority, worst-case revaluations of all American and foreign assets appearing on their balance sheets.
The evidence is overwhelming: this crisis is like no other in American history. It is not a question of a loss of confidence but that there are no grounds for confidence at all.
As long as the global economy created genuine capital surpluses in the American capitalist structure, valuations were a non-issue, since ongoing and increasing demand for assets invariably generates its own momentum in terms of perceptions of value and future value. And exceptionally high debt levels are not considered prohibitive in the face of valuations being proven, repeatedly, at points of liquidation.
But the unique combination of industrial growth and impoverishment in the emerging markets has rapidly eroded the foundations of the post-WW II capital accumulation process. Cash demand for American assets, as a consequence, has dried up, and debt can no longer underpin over-valuations.
So exactly what credit quality was AIG insuring?
Surely, the underlying nexus propping up the global capitalist economy did not lend itself to actuarial mathematics. Nor did the hopelessly inadequate property valuations, often provided by unqualified appraisers on American main streets, support any credible asset definitions.
By all accounts, default swap prices were predicated on the mere belief that any potential degradation of American assets was both manageable and, at worst, a cyclical phenomenon.
To offer a simplistic explanation, a credit default swap provider is required to make immediate cash reserve provisions in the event that the credit rating (issued and updated by the established credit rating agencies) of the provider is downgraded; quite clearly, the bigger the downgrade, the bigger the cash reserve requirement.
Therefore, in view of the fact that Standard & Poors, Moodys and Fitch have all lowered AIG credit ratings during the last few hours, the American financial system is due for a significant shake-up this week. Similar credit events will then follow in Europe and Japan.
The less said about the impact on the third world, the better.
Rakesh Saxena is a pricing and risk analysis specialist in insurance and derivative products and has extensive deal making in the emerging economies. He can be reached at derivatives@shaw.ca. Home URL: http://www.quoteplatform.com
Lockheed Martin (LMT) may see their stock rebound after being pummeled last week by news the Obama administration was weighing its options in regard to a controversial program to replace the current fleet of Presidential helicopters, commonly referred to as “Marine One.”
What’s the good news? Well, there isn’t any.
There were revelations this weekend that a defense contractor staff member had used a P2P file sharing program on their company computer, which also happened to contain much there is to know about the President’s iconic helicopter.
The information had made its way as far as an ISP address in Tehran, Iran:
ISR News — A Pittsburgh-area company that monitors peer-to-peer networks accessed with file-sharing software like LimeWire and Napster says it has identified a potentially serious security breach involving Marine One and an IP address in Tehran, Iran.
The company found a file detailing the helicopter’s blueprints and avionics package, which it then traced to its original source, TiversaCEO Bob Boback told NBC affiliate WPXI, which reported the story Saturday.
It literally baffles the mind: Billions of dollars are spent on physical and information security every year, and it can be trumped by one bonehead maneuver, by one little lapse in judgment.
That is a tremendous amount of resources and effort committed to security just to have it undermined by the whim of one non-malicious individual, and it underscores the precariousness of even the most secure of systems.
The final bill for this breach may be hard to figure, as this could influence a decision by the Obama administration to continue funding for a Bush initiative to replace the current presidential helicopter fleet:
New York Times — A six-year-old project to build state-of-the-art presidential helicopters has bogged down in a contracting quagmire that will challenge Mr. Obama’s desire to rein in military contracting expenses. The price tag has nearly doubled, production has fallen years behind schedule and much of the program has been frozen until the new administration figures out what to do about it.
Equipped to deflect missile attacks and capable of waging war from the air, the new VH-71 helicopters would fly farther, faster and more safely than the current decades-old craft. But each improvement pushes up the cost. The program’s original $6.1 billion contract has ballooned to $11.2 billion, and the Pentagon notified Congress last month that it was so far over budget that the law required a review. The Obama administration now must determine if the project is essential to national security and if there are alternatives that would cost less.
Now it is up to defense and security experts to decide exactly what threat this exposed information may have.
“If the office of the presidency is vulnerable, then the country is vulnerable,” said Representative Joe Sestak of Pennsylvania, a Democrat and a retired Navy vice admiral. “However, the nation is crying for accountability, from Wall Street to Congress to Iraq.”
Any way this is sliced, it looks as though those in favor of putting an end to the VH-71 program may have a more difficult time making their case after this breach, and iit could bena boon for Lockheed Martin and their British and Italian partners who would provide much of the design.
The program had been criticized as nothing more than a political bone thrown to the UK and Italy as a gratuity for their support for Bush’s War in Iraq.
As the program’s tab ballooned to over $12 billion dollars – about twice the initial bid for the project – and the economy began to fail, support for the program declined sharply:
New York Times — Asked about it in last year’s campaign, Mr. Obama promised to “take a close look” at the program, adding that it was “a lot of money, even in Washington.” The White House had no comment last week, but Geoff Morrell, the Pentagon press secretary, said Defense Secretary Robert M. Gates was rethinking the VH-71 and other projects that were “having execution problems.”
“We’re prepared to make some hard choices,” Mr. Morrell said.
Which brings us back to a point I have been trying to hammer away at this year, that information security breaches have far reaching fiscal and national security repercussions, and they are not getting enough attention of the right kind, or from the right people.
Our team has been predicting that 2009 will be the year that InfoSec moves to the forefront of the economic crisis, and with Homeland Security implications.
This latest security breach further highlights the fact that the failure to secure information is the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.
(Kudos to the Tiversa team who uncovered the breach through their hard work and dedication – Great Job!)
Author’s Disclosure: No Holdings
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Expenses associated with rising loan losses and declining asset values overwhelmed revenues in the fourth quarter of 2008, producing a net loss of $26.2 billion at insured commercial banks and savings institutions. This is the first time since the fourth quarter of 1990 that the industry has posted an aggregate net loss for a quarter. The ?0.77 percent quarterly return on assets (ROA) is the worst since the ?1.10 percent in the second quarter of 1987. A year ago, the industry reported $575 million in profits and an ROA of 0.02 percent. High expenses for loan-loss provisions, sizable losses in trading accounts, and large writedowns of goodwill and other assets all contributed to the industry’s net loss. A few very large losses were reported during the quarter-four institutions accounted for half of the total industry loss-but earnings problems were widespread. Almost one out of every three institutions (32 percent) reported a net loss in the fourth quarter. Only 36 percent of institutions reported year-over-year increases in quarterly earnings, and only 34 percent reported higher quarterly ROAs.
Insured banks and thrifts set aside $69.3 billion in provisions for loan and lease losses during the fourth quarter, more than twice the $32.1 billion that they set aside in the fourth quarter of 2007. Loss provisions represented 50.2 percent of the industry’s net operating revenue (net interest income plus total noninterest income), the highest proportion since the second quarter of 1987 when provisions absorbed 53.2 percent of net operating revenue. As in the fourth quarter of 2007, a few institutions reported unusually large trading losses, while others took substantial charges for impairment of goodwill. Trading activities produced a $9.2 billion net loss in the quarter, compared to a loss of $11.2 billion a year earlier. These are the only two quarters in the past 25 years in which trading revenues have been negative. Goodwill impairment charges and other intangible asset expenses rose to $15.8 billion, from $11.5 billion in the fourth quarter of 2007. Other negative earnings factors included a $6.0-billion (12.8-percent) year-over-year decline in noninterest income, and $8.1 billion in realized losses on securities and other assets in the quarter, more than twice the $3.7 billion in losses realized a year earlier. The reduction in noninterest income was driven by declines in servicing income (down $3.1 billion from a year earlier) and securitization income (down $2.6 billion, or 52.3 percent).
Net income for all of 2008 was $16.1 billion, a decline of $83.9 billion (83.9 percent) from the $100 billion the industry earned in 2007. This is the lowest annual earnings total since 1990, when the industry earned $11.3 billion. The ROA for the year was 0.12 percent, the lowest since 1987, when the industry reported a net loss. Almost one in four institutions (23.4 percent) was unprofitable in 2008, and almost two out of every three institutions (62.5 percent) reported lower full-year earnings than in 2007. Loss provisions totaled $174.3 billion in 2008, an increase of $105.1 billion (151.9 percent) compared to 2007. Total noninterest income was $25.5 billion (10.9 percent) lower as a result of the industry’s first-ever full-year trading loss ($1.8 billion), a $5.8-billion (27.4-percent) decline in securitization income, and a $6.8-billion negative swing in proceeds from sales of loans, foreclosed properties, and other assets. As low as the full-year earnings total was, it could easily have been worse. If the effect of failures and purchase accounting for mergers that occurred during the year is excluded from reported results, the industry would have posted a net loss in 20081. The magnitude of many year-over-year income and expense comparisons is muted by the impact of these structural changes and their accounting treatments.
Net loan and lease charge-offs totaled $37.9 billion in the fourth quarter, an increase of $21.6 billion (132.2 percent) from the fourth quarter of 2007. The annualized quarterly net charge-off rate was 1.91 percent, equaling the highest level in the 25 years that institutions have reported quarterly net charge-offs (the only other time the charge-off rate reached this level was in the fourth quarter of 1989). The year-over-year increase in quarterly net charge-offs was led by real estate construction and development loans (up $6.1 billion, or 448.1 percent), closed-end 1-4 family residential mortgage loans (up $4.6 billion, or 206.1 percent), commercial and industrial (C&I) loans (up $3.0 billion, or 97.3 percent), and credit cards (up $2.5 billion, or 60.1 percent). Charge-offs in all major loan categories increased from a year ago. Real estate loans accounted for almost two-thirds of the total increase in charge-offs (64.7 percent).
Total reserves increased by $16.5 billion (10.5 percent) in the fourth quarter. Insured institutions added $31.5 billion more in loss provisions to reserves than they took out in charge-offs, but the impact of purchase accounting from a few large mergers in the quarter limited the overall growth in industry reserves2. The growth in reserves, coupled with a decline in industry loan balances, caused the industry’s ratio of reserves to total loans to increase during the quarter from 1.96 percent to 2.20 percent, a 14-year high. However, the increase in reserves did not keep pace with the sharp rise in noncurrent loans, and the industry’s ratio of reserves to noncurrent loans fell from 83.9 percent to 75.0 percent. This is the lowest level for the “coverage ratio” since the third quarter of 1992.
Total assets of insured institutions increased by $250.7 billion (1.8 percent) in the fourth quarter. The growth was driven by a $341.7-billion (194.3-percent) increase in balances with Federal Reserve banks. While 1,069 banks reported increases in reserve balances during the quarter, five banks accounted for more that half of the entire industry increase. Net loans and leases fell by $130.6 billion (1.7 percent), as several large institutions restructured their loan portfolios. Three large banks accounted for all of the decline in the industry’s loans during the fourth quarter; most institutions grew their loan balances in the quarter. Almost two-thirds of all institutions (64.2 percent) reported increases in their loans and leases, while only about half as many institutions (2,894 institutions, or 34.8 percent of all reporters) had declines in their loan portfolios.
The number of FDIC-insured commercial banks and savings institutions reporting financial results fell to 8,305 at the end of 2008, down from 8,384 at the end of the third quarter. The net decline of 79 institutions was the largest since the first quarter of 2002. Fifteen new institutions were chartered in the fourth quarter, the smallest number in any quarter since the third quarter of 1994. Seventy-eight insured institutions were absorbed into other institutions through mergers, and 12 institutions failed during the quarter (five other institutions received FDIC assistance in the quarter). For all of 2008, there were 98 new charters, 292 mergers, 25 failures and 5 assistance transactions. This is the largest number of failed and assisted institutions in a year since 1993, when there were 50. At year-end, 252 insured institutions with combined assets of $159 billion were on the FDIC’s “Problem List.” These totals are up from 171 institutions with $116 billion in assets at the end of the third quarter, and 76 institutions with $22 billion in assets at the end of 2007.
During Heartland Payment Systems (HPY) quarterly Earnings conference call, CFO and President Robert Baldwin revealed that Heartland is indeed under SEC investigation, though the details of exactly why they are being investigated have not been released.
Company President and Chief Financial Officer Robert Baldwin Jr. disclosed the investigations during Heartland’s quarterly conference call with investigators (sic) Tuesday, saying that the SEC had launched an informal inquiry into the company and that there is also a related investigation by the Department of Justice. The U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC), which regulates national banks and their service providers, has launched an inquiry, as has the FTC, he said.
Reached Wednesday, a Heartland spokesman could not say why the SEC was investigating the company.
However, the investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland’s stock was trading in the $15-to-$20 range for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49.
This is trenchant to my January 29 analysis about the possibility that knowledge of the 2008 information breach may have influenced stock trades by Heartland CEO Robert O. Carr. The article prompted an email response direct to me from Heartland representatives in which they categorically denied any illicit trading activity on the part of Carr:
At the time of this announcement, Mr. Carr was not under any trading restrictions pursuant to the company’s insider trading policy and was not in possession of any material non-public information concerning the company. Under this 10b5-1 plan, programmed sales of company stock were made on Mr. Carr’s behalf, and he had no discretion regarding the timing or other aspects of those sales.
Although he was not required to do so, Mr. Carr terminated his 10b5-1 when the company confirmed the security breach it disclosed in the company’s press release of January 20, 2009. As has been reported, Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan.
As CEO of the sixth largest payment card processor, I would hope that Carr would at times possess some non-public information on the company he built, but that is a topic for a different discussion on the overall CEO performance levels and our failing economy.
Here is the time line of the breach and Carr’s trades so far:
May 14, 2008: Breach reported to have began May 20, 2008 Carr Makes first stock sale of the year, 2695 shares August (first week), 2008: CEO Robert Carr’s 10b5-1 is proposed August 8, 2008: Board approves 10b5-1 plan August 8 – August 14, 2008: Carr makes six separate sales of stocks totalling 60,000 shares August 19, 2008: Breach reported to have ended August 28, 2008: Carr sells 80,000 shares September 3, 2008: Carr sells 80,000 shares September 17, 2008: Carr sells 80,000 shares October 15, 2008: Carr sells 80,000 shares October 28, 2008: Visa and MasterCard notify Heartland of problems; Carr sells 80,000 shares November 6, 2008: Carr sells 80,000 shares November 20, 2008: Carr sells 80,000 shares December 11, 2008: Carr sells 80,000 shares December 26, 2008: Carr sells 42,900 shares January 7, 2009: Carr sells 80,000 shares January 12, 2009: Carr suspends his 10b5-1 stock selling plan January 20, 2009: Breach Announced Sources: (http://www.secform4.com/insider-trading/1144354.htm) (http://www.2008breach.com/)
Revelations that the SEC is investigating the stock trades comes on top of class action lawsuits spurred by the breach, as well as a steady decline in stock price.
Heartland has also been hit with a class-action lawsuit relating to the breach, which was publicly disclosed on Jan. 20. “We may, in the future, be subjected to other governmental inquiries and investigations,” Baldwin said during the call. “We intend to vigorously defend any claims asserted against us.”
An unofficial transcript of Heartland’s call can be found here.
The Heartland breach, which has now affected more than 500 banks across the country, leaving an untold number of consumers at risk of financial identity theft and Heartland stakeholders with a loss exceeding 50% in about one month’s time.
There is also another “undisclosed” breach which we are hearing about. The breach itself has already been confirmed by Visa, and it is possible the breach will exceed Heartland in size.
Our team has been predicting that 2009 will be the year that InfoSec moves to the forefront of the economic crisis with Homeland Security implications. We believe the somewhat obscure issue will be as familiar to the American public as the notorious subprime and pay option ARMs have in the last year or two.
Much like the meltdown of the mortgage industry, the revelations of lax governance in the handling of sensitive and private data will likely shock the public and the business community alike, and those revelations are bound to come all too painfully slow, especially for shareholders.
The data loss debacle at Heartland highlights the fact that the failure to secure information is the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Most men have wives. Studies have shown married men to be happier than single men. They live longer, commit fewer crimes, and are more likely on average to actively raise their children than single men.
Likewise married women are measurably happier than single women on average, and children do better when raised by two married parents, so it’s safe to say that marriage overall does society more good than harm.
Yet despite the many benefits of marriage and family values, we simply do not talk about a man’s right to a wife. In a world without slavery, a right to a wife makes no sense at all; one could state with certainty that there is obviously no such thing.
It is less obvious but equally true that there’s no such thing as an absolute right to health care. You can have a right to be left alone, a right to speak your mind, a right to pray to your own god in your own language, but you can’t have a right which requires that another human being go to school for 24 years and then treat you for free.
You might want free health care, you might need free health care, we as a society probably ought to provide some level of free health care to everyone, but no one can claim free health care as an inalienable right, for the simple reason that it requires the services of others who have not been born under a symmetrical obligation.
The notion of restricting the concept of human rights only to natural rights that don’t require the services of others is perhaps the biggest reason why the approach taken by Jefferson in the American Declaration of Independence has had so much more traction and political acceptance than the broader unrestricted case for entitlement proclaimed in the UN’s still unenforced Universal Declaration of Human Rights.
Some rights are arguable; some are clear.
But no right is as fundamental as the right to exist. The right to life is the most clear-cut, basic right, and murder is the clearest right violation. It’s clear, that is, as long as you are talking about human beings. Extend it to fetuses, animals, or countries, and the right to exist becomes highly controversial, dependent on various details, and anything but clear-cut.
Supporters of abortion rights have long been angered by the wide adoption of the term “pro-life” to describe opposition to abortion. The notion that the right to life should be extended to fetuses and should override the mother’s right to make choices concerning her body is a controversial one. Framing it into a term like “pro-life” is an old attempt to influence the narrative by linking the prohibition of abortions with the most fundamental right of all. Getting to name your own controversial position is half the battle.
A widely adopted name is a crucial fulcrum in forming the perception of truth.
A similarly unreasonable extension of the right to life is made by using the concept to refer to countries. Who can oppose Israel’s right to exist if the term implies respecting the right to life of Israel’s Jewish inhabitants?
The usage is particularly insidious because it implies a simple numerical aggregation: the right of Israel to exist sounds like the combined right to life of all Israelis, which is clearly even more fundamental than the right to life of any one individual.
Given that Israel was created largely as a response to a relatively recent, deliberate, and partly successful attempt to murder every Jew in the world, it is particularly easy to associate Israel’s right to exist with that fundamental right to life, and to hold people who deny it in great contempt. But is it in fact a reasonable association?
Taking a closer look at the language, the right to exist of a certain country is a very different thing than the right to life of its inhabitants. Specifically, Israel’s right to exist refers to the right of the nation to call itself “Israel”, and by implication to consider itself a Jewish state. And that unfortunate framework demands that all others, particularly the large and growing Arab population of both Israel proper as well as of its occupied territories, also consider the nation they live in to be a Jewish state.
Arabs may have some substantial rights in Israel. In some ways their lives may be better than those of people in neighboring countries. But living in an officially Jewish state, no Arab child can grow up with the full dignity and pride of citizenship.
Even with anti-discrimination laws on the books, and amendments to the constitution ensuring that we are in fact one nation with liberty and justice for all, it took a black president for many African Americans to begin to feel equal in the United States.
Imagine how blacks and Latinos would have felt if the US was re-named to a word with the historic meaning of “White nation under God”, and they were asked to affirm its right to exist as a White and Christian State?
The framers of the American constitution had it right: The concept of the nation-state formed along ethnic lines got us out of the middle ages, but has long since outlived its usefulness.
The world is evolving away from ethnic divisions and towards equality and human rights, naturally selecting post-ethnic open-access societies, and rewarding them with prosperity. Meanwhile the same long term global evolution is slowly but surely presenting Nazi Germany and her lesser cousins, in places like Rwanda, Cambodia, and Darfur, with the ultimate future of the Tyrannosaurus Rex.
But by responding to genocide with a Jewish state, the Zionists have inadvertently surrendered their humanist ideals to survivalist realpolitik. In forming their core political philosophy as an antithesis to Hitler’s rhetoric, they have extended the damage done to them by fascism.
A more progressive, post-ethnic response would have been to create a refuge for all victims of attempted genocide, and to include all existing residents as equal citizens of this refuge-state.
Unfortunately the path of division was taken instead, resulting in 60 years of bloodshed, recriminations, and deepening desperation.
Pragmatists inside and outside of the region continue to shout for a separate but equal two-state solution. But history shows that the two ethnically divided states will never be equal, and that in the long term, states based on ethnic division will become extinct.
Only a single, pluralistic, inclusive, post-ethnic Israeli-Palestinian state will have an absolute right to exist.
And when an era of justice and equality for all comes to the region at last, ending thousands of years of pogroms and crusades, Barack Obama’s inaugural words will ring as true in the Middle East as they do now in America:
“For we know that our patchwork heritage is a strength, not a weakness. We are a nation of Christians and Muslims, Jews and Hindus – and non-believers. We are shaped by every language and culture, drawn from every end of this Earth; and because we have tasted the bitter swill of civil war and segregation, and emerged from that dark chapter stronger and more united, we cannot help but believe that the old hatreds shall someday pass; that the lines of tribe shall soon dissolve; that as the world grows smaller, our common humanity shall reveal itself; and that America must play its role in ushering in a new era of peace.”
Semyon Dukach is an angel investor, high tech entrepreneur, and former president of the MIT Blackjack Team.
If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com. Include your name, email, and a phone number where you may be contacted for verification.
Acadian Federal Credit Union, Fort Kent, ME
Access National Bank, Reston, VA
Achieva Credit Union, Largo, FL
Adams Bank & Trust, Grant, NE (15)
Alabama State Employees Credit Union, Montgomery, AL (4,097)
Alaska USA Federal Credit Union, Anchorage, AK (70,000)
Alerus Financial, Grand Forks, ND
Alpine Bank, Aspen, CO (3,500)
Alva State Bank, Alva, OK
Amarillo National Bank, Amarillo, TX (5,000)
Amboy Bank, Old Bridge, NJ
American Bank, Waco, TX (1,000)
American Exchange Bank, Elmwood, NE
American Bank Montana, Bozeman, MT
American National Bank, Oakland Park, FL
American National Bank, Denver, CO (2,500)
American National Bank and Trust Co., Danville, VA
American Riviera Bank, Santa Barbara, CA
American State Bank of Grygla, Grygla, MN
American West Bank, Spokane, WA
Apple Creek Banking Co., Apple Creek, OH
Apple Valley Bank, Cheshire, CT (100)
Arizona State Credit Union, Phoenix, AZ
Arkansas County Bank, Stuttgart, AR
Arvest Bank, Mountain Home, AR
Association of Vermont Credit Unions, VT (6,000)
Baker Boyer Bank, Walla Walla, WA
BancFirst, Oklahoma City, OK
Bangor Federal Credit Union, Bangor, ME (3,000)
Bangor Savings Bank, Bangor, ME (18,000)
Bank of America, St. Louis, MO
Bank of Bridger, Bridger, MT (80)
Bank of Broken Bow, Broken Bow, NE
Bank of Cape Cod, Hyannis, MA
The Bank of Edwardsville, Edwardsville, IL
The Bank of Elk River, Elk River, MN (6,000) The Bank of Fayetteville, Fayetteville AR
The Bank of Guam, Territory of Guam
Bank of Jackson Hole, Jackson Hole, WY
Bank of Lee’s Summit, Lee’s Summit, MO
Bank of the Panhandle, Guymon, OK
The Bank of the Pacific (3,000)
Bank of Monticello, Monticello, MO
Bank of Oklahoma, Tulsa, OK
Bank of the Ozarks, Little Rock, AR
Bank of Utah, Ogden, UT (245)
Bank of Westminster, Westminster SC
The Bank of Zachary, Zachary, LA (1,200)
Bank Plus, Graettinger, IA
BankTrust, Mobile, AL
Banterra Bank, Mt. Vernon, IL
Bay Bank, Theodore, AL
Bay Vanguard FSB, Baltimore, MD
BBVA Compass, Birmingham, AL
Beacon Credit Union, Wabash, IN (4,500)(See what Beacon told their members about the Heartland Breach)
Bellwether Community Credit Union, Manchester, NH
Berkshire Bank, Pittsfield, MA
Bermuda Bank, Bermuda
Best of Iowa Community Credit Union, Hiawatha, IA
Big Horn Federal Savings Bank, Greybull, WY (650)
Big Sky Western Bank, Bozeman, MT
Black River Country Bank, Black River Falls, WI (300)
Braham Bank, Braham, MN
Bremer Bank, St. Paul, MN (See what Bremer Bank told its customers about the Heartland breach) (7,800)
Brighton Bank, Salt Lake City, UT
The Brunswick State Bank, Brunswick NE
Butterfield Bank, Bermuda
Calhoun County Bank, Hampton, AR
California Community Credit Union, Sacramento, CA
Canadian Tire Financial Services, Niagara, Ontario, Canada (15,000)
Canandaigua National Bank, Canandaigua, NY (7,993)
Cape Cod Cooperative Bank, Cape Cod, MA (3,600)
Capital Communications Federal Credit Union, Albany, NY
Capitol Federal, Topeka, KS (14,000)
Carson National Bank, Auburn, NE
Central Bank, Arlington, MA
Central National Bank, Enid, OK
The Central National Bank and Trust Company of Enid, Enid OK, (1600)
Central Savings Bank, Sault Ste. Marie, MI (300)
Century Bank and Trust, Milledgeville, GA
Century Bank FSB, Sarasota, FL (2,200)
Century Bank of Kentucky, Lawrenceburg, KY (1,000)
Charleroi Federal Savings Bank, Charleroi, PA
Charles River Bank, Medway, MA
The Charlotte Fire Department Credit Union, Charlotte, NC
Charter Oak Bank, Napa, CA
Chase Bank, Utah
Chocolate Bayou Community FCU, Alvin, TX (2500)
Citigroup Inc., New York, NY
The Citizens Bank of Winfield, Winfield, AL
Citizens Bank Corvallis, OR
The Citizens Bank of Swainsboro, Swainsboro, GA
The Citizens Bank of Weston, Weston, WV (550)
Citizens National Bank of Park Rapids, Park Rapids, MN
Citizens State Bank of Clayton, La Crosse & Onalaska, WI
Citizens State Bank, New Baltimore, MI
Citizens State Bank, Perry, FL (400)
Citizens State Bank of Roseau, Roseau, MN (700)
Citizens State Bank of Loyal, Loyal, WI
Citizens Trust Bank, Atlanta, GA (1,000)
Citizens & Northern Corporation, Wellsboro, PA
Clay County Savings Bank, Liberty, MO (900)
Coloramo Federal Credit Union, Grand Junction, CO
Columbia Bank, Lake City FL
Columbia River Bank, The Dalles, OR
Columbus Community Bank, Columbus, GA (50)
Comerica Bank, Springfield, OH
Communication Federal Credit Union, Oklahoma City, OK (6,700)
Commercial & Savings Bank, Millersburg, OH
Community Bank, Alva, OK
Community Bank of Broward, Weston, FL
Community Bank of The Red River Valley, Grand Forks, ND
Community First Bank, New Iberia, LA
Community First National Bank of Mountain Home, Mountain Home, AR
Community One, Asheboro, NC
Community Savings Bank, Edgewood, IA (1,000)
Community Spirit Bank, Red Bay, AL
Concorde Bank, Blomkest, MN
Consumers Credit Union, Kalamazoo, MI
Cooperative Extension Service Federal Credit Union, Little Rock, AR
Coronado First Bank, Coronado, CA
Core First Bank, Topeka, KS
Countybank, Greenwood, SC (3,000)
Credit Union 1, Rantoul, IL
Credit Union 1 of Kansas, Topeka, KS
Credit Union 1, Fairbanks, AK (8,256)
CU Community Credit Union, Springfield, MO (16)
Cumberland County Federal Credit Union, Falmouth ME
Cumberland Security Bank, Pulaski, KY
Custer Federal, Broken Bow, NE
CWV Tel Federal Credit Union, Clarksburg, WV
Dairy State Bank, Rice Lake, WI (1,500)
Davison State Bank, Davison, MI
Dearborn Village Community Credit Union, Dearborn, MI
Dedham Savings, Dedham MA
Denali Alaskan Federal Credit Union, Anchorage, AK (10,300):
Denali State Bank, Fairbanks AK (1,000)
The Dewey State Bank, Dewey, IL (150)
Dime Bank, Norwich, CT
Dollar Bank, Pittsburgh, PA
Dupaco Community Credit Union, Dubuque, IA
DuTrac Community Credit Union, Dubuque, IA
EarthMover Credit Union, Oswego, IL (600)
East Dubuque Savings Bank, Dubuque, IA
East Wisconsin Savings Bank of Kaukauna, WI (600)
Eastern Maine Medical Center Federal Credit Union, Bangor, ME
Eastman Credit Union, Kingsport, TN
Elevations Credit Union, Denver, CO (35,000)
The Elkhart State Bank, Elkhart, TX (500)
Elliott Federal Credit Union, Jeanette, PA (100)
El Paso Employees Federal Credit Union, El Paso, TX (1,000)
Emporia State Federal Credit Union, Emporia, KS
Employees Credit Union, Dallas, TX
Emprise Bank, Wichita, KS
Enrichment Federal Credit Union, Oak Ridge, TN
Enterprise Bank of Florida, Palm Beach Gardens, FL
Enterprise Bank, Lowell, MA (3,000)
EPB Employees Credit Union, Chattanooga, TN, (300)
ESB Financial, Emporia, KS
Evansville Federal Credit Union, Evansville, IN
Extraco Banks, Killeen, TX (9,000)
F&A Federal Credit Union, Monterey Park, CA
Fairmont Federal Credit Union, Fairmont, WV
Family Community Credit Union, Charles City, IA
Family First Federal Credit Union, Orem, UT (3,600)
Farmers & Merchants Bank, Waterloo, AL
Farmers and Merchants Bank, Stuttgart, AR
Farmers & Merchants State Bank, Archbold, OH
Farmers National Bank, Lebanon, KY (500)
Farmers National Bank, Emlenton, PA (5,000)
Farmers State Bank of Ohio, West Salem, OH
Farmers State Bank, West Bend, IA
Farmers Trust & Savings Bank, Spencer, IA (725)
Fidelity National Bank, West Memphis, AR (1,463)
Fifth Third Bank, Cincinnati, OH
The First, A National Banking Association, Hattiesburg, MS
First & Farmers National Bank, Pulaski, KY
First American Bank, Elk Grove Village, IL
First Bank, Azle, TX (3,000)
First Bank & Trust, Brookings, SD
First Bank Blue Earth, Blue Earth, MN
First Bank of Delaware, Wilmington, DE
First Bankers Trust Company, Quincy, IL
1st Bank, Evanston, WY
First Bank Montana, Lewistown, MT
First Bank and Trust of East Texas, Lufkin, TX
First Century Bank, Claiborne County, TN
First Chatham Bank, Savannah, GA
First Cheyenne Federal Credit Union, Cheyenne, WY (500)
First Citizens National Bank, Charles City, IA
First Community National Bank, Steelville, MO
First County Federal Credit Union, Muncie, IN
First Dakota National Bank, Yankton, SD
First Enterprise Bank, Oklahoma City, OK
First Federal, Port Angeles, WA (3000)
First Federal Bank, Harrison, AR
First Federal Bank, Dickson, TN (5,057)
First Federal Bank of Florida, Lake City, FL
First Federal Savings Bank, Rochester, IN (3,500)
First Federal Savings Bank of Iowa, Fort Dodge, IA
First Financial Bank NA, Terre Haute, IN
First Financial Credit Union, Albuquerque, NM
1st Financial Federal Credit Union, St. Louis, MO (6,000)
1st Gateway Credit Union, Clinton, IA
First Lincoln Federal Credit Union, Lincoln, NE (259)
First Mid-Illinois Bank & Trust, Matoon, IL
First National Bank Alaska, Anchorage, AK
First National Bank of Central Texas, Waco, TX
First National Bank & Trust, Syracuse, NE (300)
First National Bank, Bastrop, TX (1,800)
First National Bank of Burleson, Burleson, TX
First National Bank of Monterey, Monterey, IN
First National Bank of Colorado, Ft. Collins, CO
First National Bank, Carmi, IL
First National Bank of Farragut-Shenandoah, IA (60)
First National Bank of Hutchinson, KS (1,000)
First National Bank Pratt, Pratt, KS
First National Bank, Seiling, OK
First National Bank of Crystal Falls, Crystal Falls, MI
First National Bank, Spearman TX
1st Pacific Bank of California, San Diego CA
First Security Bank, Missoula, MT
First Security Bank & Trust, Charles City, IA (1,400)
1st Source Bank, South Bend, IN
First State Bank of Illinois, Carthage, IL
First State Bank, Nora Springs, IA
First State Bank, Russellville, AR (1,500)
First State Bank of Kansas City, KS (400)
First State Bank of Scottsbluff, Scottsbluff, NE (200)
First State Bank, Union City, TN (9,300)
First State Community Bank, Farmington, MO
First Tech Credit Union, Portland, OR
FirstTrust Bank, Philadelphia, PA (3,000)
Five Points Bank, Hastings, NE (200)
Fleetwood Bank, Fleetwood, PA
Florence Savings Bank, Florence MA
Forcht Bank, Kentucky (8,500)
Forest Park National Bank & Trust Co., Forest Park, IL (500)
Four Corners Community Bank, Farmington, NM
Franciscan Skemp Credit Union, La Crosse, WI
Fraternal Order of Police Credit Union, Tulsa, OK (600)
Freedom Credit Union, Springfield, MA (2,400)
Fresno County Federal Credit Union, Fresno, CA
FSG Bank, Chattanooga, TN
Fullerton Community Bank, Fullerton, CA (78)
Fulton Bank, Lancaster, PA
Galveston Government Employees Credit Union, LaMarque, TX
Gate City Bank, Fargo, ND
Gateway Bank of Central Florida, Ocala, FL
GCS Federal Credit Union, Pontoon Beach, IL
GECU, El Paso, TX (25,000)
Georgetown Savings Bank, Georgetown, MA
GFA Federal Credit Union, Gardner, MA
Glacier Bank, Kalispell, MT
The Gordon Bank, Gordon, GA (300)
Great Lakes Credit Union, Great Lakes, IL
Great Southern Bank, Springfield, MO
Greater Nevada Credit Union, Carson City, NV
Greater Rome Bank, Rome, GA
Guaranty Bond Bank, Mt. Pleasant, TX
Guaranty Bank and Trust, Denver, CO
Gulf Coast Community Bank, Pensacola, FL
Happy State Bank and Trust, Happy, TX (2,000)
Hawaii Pacific Federal Credit Union, Honolulu, HI
Healthcare Employees FCU, Princeton, NJ (452)
Health Facilities Federal Credit Union, Florence, SC (3,500)
HealthFirst Federal Credit Union, Waterville, ME (261)
Heartland Bank, St. Louis, MO
Heritage Bank, Hastings, NE (50)
Heritage Bank of Nevada, Reno, NV
Heritage South Credit Union., Sylacauga, AL (600)
Heritage Valley Federal Credit Union, York County, PA
Home Federal Bank, Treasure Valley, ID (1,800)
Huntington Bank, Ashland, OH
Huntingdon Valley Bank, Warminster, PA
Huron Community Bank, East Tawas, MI
Hyperion Bank, Philadelphia, PA
IberiaBank, Lafayette, LA
Idadiv Credit Union, Nampa, ID
Independent Bank, Ionia, MI
Indiana State University Federal Credit Union, Terre Haute, IN (1,300)
Indiana University Credit Union, Bloomington, IN
Industrial Credit Union of Whatcom County, Bellingham, WA
Innovations Federal Credit Union, Bay County, FL (400 cards)
Integra Bank, Evansville, IN
International Bank of Commerce, Laredo, TX
INterra Credit Union, Goshen IN
Iowa State Bank, Ruthven, IA
Iowa State Bank and Trust Company, Fairfield, IA
Iowa State Savings Bank, Knoxville, IA
Iowa Trust and Savings Bank, Emmetsburg, IA (700)
Jeanne D’Arc Credit Union, Lowell, MA (500)
Jefferson Bank, Dallas, TX, (200)
Johnson Bank, Racine, WI
Kellogg Company Employee Federal Credit Union, Omaha, NE
Kennebec Savings Bank, Augusta, ME (1,500)
Kennebunk Saving Bank, ME (7,000)
Killbuck Savings Bank, Killbuck, OH
Kinecta Federal Credit Union, Manhattan Beach, CA
Kootenay Savings, Trail, British Columbia, Canada
La Loma FCU, Loma Linda, CA (300)
Lake Country Community Bank, Morristown MN (245);
Landmark Credit Union, New Berlin, WI
Lassen County Federal Credit Union, Susanville, CA (600);
Laurens State Bank, Emmetsburg, IA;
Legence Bank, Evansville, IN;
Liberty Bank, Cheshire, CT;
Liberty Bank, South San Francisco, CA;
Lutheran Credit Union, Brea, CA
Machias Savings Bank, Machias, ME
Maple City Savings Bank, FSB, Hornell, NY
Marine Bank and Trust, Carthage, IL
Marlborough Savings Bank, Marlborough, MA
Mascoma Savings Bank, White River Junction, VT
mBank, Manistique, MI
McCone County Federal Credit Union, Circle, MT
Members Choice Credit Union, Houston, TX
Mercer County State Bank, Sandy Lake, PA (2,516)
Merchants & Southern Bank, Gainesville, FL
Mercy Family Credit Union, Mason City, IA
Merrill Bank, Bangor, ME (156)
Metro North Federal Credit Union, Waterford, MI
Michigan Catholic Credit Union, Troy, MI
Mid America Bank & Trust Co., Rolla, MO (200)
MidFirst Bank, Tulsa, OK
Mid-Oregon Credit Union, (4,000)
Minnwest Bank, Redwood Falls, MN
Mission Bank, Bakersfield, CA
M&I Bank
M & T Bank, Buffalo, NY
Monad Federal Credit Union, Pasco, WA
Monroe Bank & Trust, Monroe, MI
MountainCrest Credit Union, Arlington, WA
Mountain West Bank, Couer d’Alene, ID
Mt. McKinley Bank, Fairbanks, AK
Municipal Employees Credit Union Oklahoma City, OK
Mutual Bank, Muncie, IN (8,000)
NAFT Federal Credit Union, Pharr, TX (250)
Nantahala Bank And Trust Company, Franklin, NC
NAS JRB Credit Union, New Orleans, LA
National Bank of Delaware County, Delaware County, NY
NBC Oklahoma, Oklahoma City, OK
Nebraska Land National Bank, NE (150)
Nebraska State Bank, Broken Bow, NE
Newburyport Five Cents Savings Bank, Newburyport, MA
NIH Federal Credit Union, Rockville, MD
Norfolk Municipal Employees Federal Credit Union, Norfolk, VA
North Alabama Educators Credit Union, Huntsville, AL
North American Savings Bank, Kansas City, MO
North Country Savings Bank, Canton, NY
North Iowa Community Credit Union, Mason City, IA
North Star Community Credit Union, Maddock, ND
North Valley Bank, Redding, CA (11,000)
Northeast Family Federal Credit Union, Manchester, CT
Northern Indiana Federal Credit Union, Merrillville IN (600)
Notre Dame Credit Union, South Bend, IN (2,000)
Oak Valley Community Bank, Oakdale, CA
O Bee Credit Union, Tumwater, WA (See what O Bee told its members: http://www.obee.com/)
Ohio Valley Community Credit Union, Clarington, OH (690)
Ohio University Credit Union, Athens, OH (8,500)
Oklahoma Central Credit Union, Tulsa, OK
Old National Bank, Mt. Vernon, IL
Old National Bank, Evansville, IN
Old West Federal Credit Union, John Day, OR (1,000)
OptumHealthBank, Salt Lake City, UT
Oregon Territory Federal Credit Union, Salem, OR
P&S Credit Union, Salt Lake City, UT
Pacific Western Bank PacWest Bancorp, San Diego, CA
PALCO Federal Credit Union, Muncy, PA (1,214)
Parsons Federal Credit Union, Pasadena, CA
Patriots Bank, Kansas City, MO
Patterson State Bank, Patterson, LA
Pentagon Federal Credit Union, Alexandria, VA
PeoplesChoice Credit Union, Saco, ME. (500)
Peoples National Bank, Mt. Vernon, IL (2,927)
Peoples State Bank, Wyalusing, PA
People’s State Bank in Wausau, WI
Piedmont Credit Union, Danville, VA (15)
Pine Bluff National Bank, Pine Bluff, AR
Pinnacle Bank, NE
Pinnacle Bank of South Carolina, Greenville, SC
Pinnacle Federal Credit Union, Edison, NJ
Pioneer Credit Union, Green Bay, WI
The Pittsfield Cooperative Bank, Pittsfield, MA
Planters & Citizens Bank, Camilla, GA (340)
Platte Valley National Bank, Scottsbluff, NE (388)
Poplar Bluff Federal Credit Union, Poplar Bluff, MO (998)
Port Alliance Federal Credit Union, Norfolk, VA (700)
Prairie Federal Credit Union, Minot, ND
Premier Bank, Dubuque, IA
Prosperan Bank, Oakdale, MN
Provident Bank, Baltimore, MD
Public Service Credit Union, Denver, CO
Pulaski Bank, Little Rock, AR
Rainier Pacific Bank, Tacoma, WA (5,700)
Redding Bank of Commerce, Redding, CA (4,000)
Regions Financial Corp., Birmingham, AL
Republic Bank, Louisville, KY
The RiverBank, Osceola, WI
Rivermark Credit Union, Portland, OR
River Valley Credit Union, Miamisburg, OH
Rockville Bank, Rockville, CT
Rocky Mountain Law Enforcement Federal Credit Union, Denver, CO
Rosedale Federal Savings & Loan Association, Baltimore, MD
RTP Federal Credit Union, Durham, NC
SAFE Credit Union, North Highlands, CA
Sanford Institution for Savings, Sanford, ME
San Mateo Credit Union, Redwood City, CA (10,000)
Savings Bank of Danbury, Danbury, CT
Sawyer Savings, Saugerties, NY
Schertz Bank & Trust, Schertz, TX (600)
Schools First FCU, Orange County, CA
School Systems Federal Credit Union, Troy NY
Security Federal Savings Bank, Logansport, IN
Security Service FCU, San Antonio, TX
Select Employees Credit Union, Sterling, IL (100)
SESLOC Federal Credit Union, San Luis Obispo, CA
Shelby Savings Bank, Center, TX (600)
Shell New Orleans Federal Credit Union, New Orleans, LA (1,800)
Shore Community Bank, Toms River, NJ (283)
Show Me Credit Union, Mexico, MO
Silver Lake Bank, Topeka, KS (900)
Simmons First National Corp., Pine Bluff, AR
Southern Missouri Bank of Marshfield, Marshfield, MO
South Central Credit Union, Jackson, MI (650)
South City Bank, Vestavia Hills, AL
SouthFirst Bank, Sylacauga, AL
Southside Credit Union, San Antonio, TX (775)
Sovereign Bank, Northeast U.S.
Spirit Bank, Belmont, MS
Spokane Media Federal Credit Union, Spokane, WA (330)
St. Agnes Employees FCU, Baltimore, MD (550)
Star Financial Bank, Fort Wayne, IN
State Bank of Countryside, Countryside, IL
State Bank of Chandler, Chandler, MN
The State Bank, Fenton, MI
The State Bank, La Junta, CO (2075)
State Bank of Texas, Irving, TX
State Employee’s Credit Union (SECU), Raleigh, NC (60,000)
State Highway District #5 Credit Union, Yakima, WA (268)
The Stephenson National Bank & Trust, Marinette, WI (884)
Sterling Savings Bank, Spokane, WA
St. Mary’s Bank, Manchester, NH (4,300)
The Stock Exchange Bank, Woodward, OK
Stockman Bank, Billings, MT
Summit Federal Credit Union, Rochester, NY (500 cards)
Sundown State Bank, Denver City, TX
Sun West Bank, Las Vegas, NV
Superior Bank, Birmingham, AL
Surrey Bank & Trust, Mount Airy, NC
Susquehanna Bank, Lancaster, PA
TD Bank, Portland, ME
TD Bank North, Portland, ME
TelComm Credit Union, Springfield, MO
Telesis Community Credit Union, Chatsworth, CA, (2,360)
Texas Bank & Trust, Longview, TX
TierOne Banks, Broken Bow, NE
Timberland Bank, Hoquiam, WA
Tinker Federal Credit Union, Enid, OK
Topeka City Employees Credit Union, Topeka, KS (190)
TPS Credit Union, Toledo, OH (900)
Town & Country Bank, Ravenna, NE
Tobacco Valley Teachers Federal Credit Union, Enfield, CT
Total Community Credit Union, Taylor, MI
Town and Country Credit Union, Minot, ND
Trinity Bank, Dothan, AL (152)
Triangle Credit Union, Nashua, NH
TrustCo Bank Corp., Glenville, NY
Trustmark Bank, Jackson, MS (75,000)
Tucson Federal Credit Union, Tucson, AZ
Tulsa Teachers Credit Union, Tulsa, OK
The Twin Star Credit Union, Olympia, WA
Two Rivers Bank, Blair, NE (1,000)
Ulster Savings Bank, Kingston, NY (2,300)
United Bank of El Paso, El Paso, TX (250)
United Mississippi Bank, MS (200)
Union Bank of California, San Francisco, CA
Union State Bank, Arkansas City, KS
United Credit Union, Mexico, MO
Union State Bank, Winfield, KS
United Heritage Credit Union, Austin, TX
United Savings Credit Union, Fargo-Moorehead, ND, (450)
United Southern Bank, Umatilla FL (1,500)
University of Wisconsin-Oshkosh Credit Union, Oshkosh, WI
US New Mexico Federal Credit Union, Albuquerque, NM
USAA Federal Savings Bank, San Antonio, TX
U.S. Bank, St. Louis, MO
UT-MUO Federal Credit Union, Toledo, OH (410)
Valley Bank of Helena, Helena, MT
Valley Bank & Trust, Gering, NE (16).
Valley National Bank, Wayne, NJ (20,013)
Valley View Bank, Kansas City, MO
Virginia Bank & Trust, Danville, VA
Warren Federal Credit Union, Cheyenne, MT (1,400)
The Warrington Bank, Pensacola, FL
Washington State Employees Credit Union, Olympia, WA (4,000)
Waterford Bank, NA, Toledo, OH
Wells Fargo, Utah
Wells Federal Bank, Wells, MN (160)
WESC Federal Credit Union, Casper, WY (140)
Westar Federal Credit Union, Camillus, NY
West Branch Valley FCU, Williamsport, PA (432)
West Iowa Bank, West Bend, IA
West Michigan Community Bank, Grandville, MI
Westbound Bank, Katy, TX
Western Illinois Credit Union, Macomb, IL
Western Security Bank, Billings, MT
WestSide Bank, Hiram, GA
WGE Federal Credit Union, Muncie, IN
White Earth Reservation Federal Credit Union, Mahnomen, MN
Wright-Patt Credit Union, Dayton, OH (17,200)
Advocates of an open Government and transparent allocation of taxpayer funds celebrated the news late Friday afternoon (2-20-09) that the U.S. District court has moved to enforce a Freedom of Information Act (FOIA) request to release more details about exactly how TARP bailout funds have been and are being used.
The TARP was passed in early October, 2008, in an effort to stem the damage to the nation’s financial industry incurred during a decade of lax risk-abatement that pervaded the banking culture after the legislative emasculation of the Glass-Steagall Act.
FOX Business sued Treasury on Dec. 18 over failure to provide information on the bailout funds or respond to FBN’s expedited requests filed under the FOIA.The initial request, filed on Nov. 25, sought actual data on the use of the bailout funds for American International Group (AIG) and the Bank of New York Mellon (BK), and an additional request, filed on Dec. 1, sought similar data on the bailout funds for Citigroup (C).
FBN asked the Treasury Department to identify, among other issues, the troubled assets purchased, any collateral extended, and any restrictions placed on these financial institutions for their participation in this program.
The Treasury Department – along with the other banking regulators like the FDIC, OTS, and the Federal Reserve – are notoriously secretive concerning the data they collect and their subsequent analysis of the viability of any particular institution, preferring to operate instead behind closed doors.
This tendency often leaves investors in the dark, which generally tends to work in the banks’ favor. Regulators would argue that they are not in the business of moving markets, and that some data may be misinterpreted and inadvertently cause a run on funds at named institutions, evidenced by Schumer’s now infamous disclosure of details that may have led to the collapse of Indy Mac Bank in 2008.
That argument may have held some water until the TARP bailout effectively made the U.S. taxpayer a shareholder in any number of as yet identified institutions, and the owner of any assortment of exotic financial instruments which have proved toxic to Global capital markets.
Judge Richard J. Holwell of the U.S. District Court for the Southern District of New York said in a decision Friday that the government is directed to comply with FOX Business’s request under the FOIA “within 30 days and to produce a Vaughn index with 45 days.”That means Treasury must comply with FOX Business’s request by Monday, March 23, and must produce a Vaughn index by Monday, April 6.
The Treasury will have the chance to withhold some documents and information they deem too sensitive, but now have to provide an itemized “Vaughn index” of which documents and information have been redacted, and for exactly what reason.
“A Vaughn Index must: (1) identify each document withheld; (2) state the statutory exemption claimed; and (3) explain how disclosure would damage the interests protected by the claimed exemption.”
This may open the door to further FOIA challenges to release the remaining information if the Treasury fails to convince the courts that their vetting of information was reasonable.
I don’t think Treasury has realized that they are not the only ones who have new powers and responsibilities in the implementation of this historic bailout – the courts have yet to weigh-in on much of this, including who is ultimately going to be held responsible for the mess that is the economy, even if it is still taxpayers who have to foot the bill to clean it all up.
My guess is that the courts feel very differently about full disclosure than does the insider Wall Street elite who regulate themselves from Washington D.C. in seeming perpetuity.
Frank Rich of the New York Times wrote a good op-ed piece called What We Don’t Know Will Hurt Us, which helps further the argument that it is time to get to bottom of exactly what is going on with our economy, and why their seems to be so little consequence for the perpetrators of so much devastation.
Americans are right to wonder why there has been scant punishment for the management and boards of bailed-out banks that recklessly sliced and diced all this debt into worthless gambling chips. They are also right to wonder why there is still little transparency in how TARP funds have been spent by these teetering institutions. If a CNBC commentator can stir up a populist dust storm by ranting that Obama’s new mortgage program (priced at $75 billion to $275 billion) is “promoting bad behavior,” imagine the tornado that would greet an even bigger bank bailout on top of the $700 billion already down the TARP drain.
Remember, the fundamental point of the TARP bailout is to funnel incredible amounts of taxpayer money – debt, actually – to the very institutions and people who are responsible for driving the markets off the cliff in the first place.
And they got paid handsomely for doing it.
It is time for our nation’s financial machine to drop the self-righteous arrogance they have cloaked themselves in for too long, for all of those paper-pushing money lords to release their false sense of entitlement, relinquish their ill-gotten wealth from the last 10 years, and to return to their proper place in the economic landscape as facilitators of capital creation, not the creators of capital.
Accountability in the largest disbursement of public funds in history is not only a good idea, it is essential to our democracy, as is ending the revolving door between corporate boardrooms and the regulatory offices of our government.
The Fox Business FOIA request and the court’s decision to release more information should serve as a warning to the Wall Street good ol’ boys that their orgy of omnipotence is truly over, and that the era of accountability is in.
We have always recognised that banks have to be trustworthy for the system of money to be able to function at all. This is because the banks completely control everything that happens, or can happen to money – how reliable it is and how freely it moves from person to person.
Every time money moves from one person to another, it creates something useful and valuable: real wealth of some sort and employment, enabling workers to use their wages to eat and house themselves.
Millions of people Worldwide are now losing their jobs, their houses and their wages enabling them to eat and survive. Homelessness and starvation is being forced on them, not because they do not want to work; on the contrary, they are pretty desperate to work. Very few people like to be idle.
The only reason these people’s lives are being wantonly destroyed is because the people and organisations in charge of maintaining the reliability and integrity of money have completely wrecked it, wrecked the whole delicate system of trading, rolling back civilisation to poverty and primitive barter as that fragile symbol of trust – money – is destroyed and debased by the very people we all trusted to cherish it on our behalf.
These people are the banks.
Money itself is simply a symbol of trust. It has no other value than to allow one person in possession of some money to pass it on to another person in exchange for something that does have real value – a loaf of bread, or something else that’s really useful, like a house to live in.
Our system of money is now in complete shambolic meltdown because nobody can trust it; it has become unreliable.
Why ?
Because it has become unreliable, individuals and businesses are unable to be certain there will be an adequate flow of money for them to continue to function. Business cannot function without reliable flows of money purchasing it’s products from which it then pays it’s workers, who are then enabled to eat and pay their mortgage.
Money was originally ‘invented’ by banks as merely a trusted symbol of exchange to replace the clumsy idea of barter. They have been in control of it ever since. It is important to be an honest person when handling money as there is always a temptation to find an excuse to keep some or all of it for yourself.
Dishonesty has always been around to some extent, and there have always been people whose job it is to handle money not belonging to them, who have stolen some.
Because theft is so damaging and disruptive, society has always sought to achieve a high degree of honest morality in all public dealings of any kind. Without it, all civilisation crumbles into anarchy, chaos and brutality. Dictatorships, violence, famine and death have always been the consequence throughout history.
In recent times the banks have invented excuse after excuse to construct more and more reasons to take some of our money we entrusted to them for themselves.
Some examples of this, and there are many, might be the quaint idea of inventing something called the penalty charge. This can range from a charge of millions to a business, or a small amount to an individual who fails to precisely control even the pettiest detail of his finances.
This results in banks looking for excuses to ‘justify’ a penalty charge and their artfully constructed self-righteous, twisted, logic then turns their honest customer into an enemy with whom the bank battles with and often then irretrievably harms by wrecking every aspect of that person’s finances.
Every time this little bit of dishonest, fraudulent dealing occurs in some tiny little corner of the financial system, a small amount of trust is destroyed and ripples out far beyond that bank and the customer it is stealing from, magnified beyond recognition as it touches huge numbers of other people.
A good example of the cumulative effect of this is the ‘sub-prime’ mortgage. This is a farce. An artificial construction by banks designed to milk outrageous amounts of money from people unable to defend themselves from what amounts to blatant fraud in a form the law describes as ‘conversion’.
Conversion is simply when you unlawfully ’convert’ property rightfully owned by another to your own use in such a devious manner it cannot be legally seen as obvious common theft because it is disguised. Sounds familiar in your dealing with banks ?
The banks deliberately set out to create this type of mortgage because it is more profitable than the old fashioned type based on honest trust and fair dealing which no longer provided enough profits to fuel the bank’s rapacious greed.
This is how it is done.
A perfectly respectable, reliable, person has an ordinary mortgage with an old fashioned building society – one of those ‘high street’ lenders. That person’s life may be disrupted by common events. It may be divorce, sickness, temporary unemployment, for example.
Nothing that would normally destroy people’s financial lives to the extent of being unable to have enough money to keep the roof over their head and feed themselves. Disruption of this sort normally happens to a huge proportion of the population.
What does a modern bank do when such a person become a few months in arrears with their mortgage ? Why, it first of all makes it more difficult for that person to recover their financial stability as the bank imposes arbitrary ‘penalty’ charges which are designed to rapidly mount up into thousands of pounds.
It then ‘black lists’ the unfortunate individual by notifying the credit agencies that they are financially unreliable. This is used as an excuse by any other financial organisation to make life even more impossible for that person by pushing them further and further into uncontrollable debt by using the excuse to milk them of more money by penalising them financially at every possible opportunity; using sanctimonious self-righteousness to blame the unfortunate individual they are manipulating for what the banks are actually doing themselves.
So, someone who may have a loan for only half the value of their house and be only as few as three months in arrears will have re-possession proceedings brought against them by the the bank. They are threatened with eviction and homelessness, with the inevitable consequences of forced unemployment, family breakup, increased debt and even illness.
The bank evicts them, and the house may remain empty so long it loses value as it deteriorates. Or it is likely to be sold at a considerable loss. That former homeowner is now blacklisted as too uncreditworthy to be lent money again by the ordinary high street mortgage lenders.
Curiously, that same bank just happens to wholly or partially own another company which also lends money for buying houses. But this one only lends to people with ‘impaired’ credit. The same sort of people who have just been refused an ordinary, standard mortgage.
People are also refused standard mortgages for infinitely more trivial reasons. They may have a county court judgement of just a few pounds against them. It may be such a frivolously brought claim they may have chosen to simply contemptuously ignore it.
But such a thing and a myriad other excuses are used by the banks to push people into the more profitable ’sub-prime’ mortgage lending arena with one of those subsidiary companies the banks own.
Or they are pushed into this rapacious ‘sub-prime’ lending market by all sorts of other restrictions manufactured by lenders.
A common one is the borrower not earning enough money to afford the ‘high street lender’s loan. Funny how that doesn’t stop the same financial organisation lending the money to the same ‘unreliable’ , ‘uncreditworthy’ person at higher rates of interest and with huge penalties imposed by another partly or even wholly owned lending business subsidiary to the one that refused the fairer loan !
Now the banks have manipulated someone into a position where the banks can produce an excuse to charge more for a mortgage – much more.
Enticed by a low starting rate of interest that escalates after a while to often as much as double monthly repayments and with penalty charges of thousands of pounds if the borrower has to terminate the mortgage in a year or two, the borrower has nowhere to turn.
All the banks collude to stop him obtaining an honest loan costing less. The banks want their extra profits ! And here is a mug who can’t complain and has nowhere to turn to and the banks know it. Don’t they just.
They have carefully manipulated their affairs by jointly creating this stranglehold over money by pooling their resources and their information to enable them to work together to create this extra profitable ‘sub-prime’ lending market. Pretty much exactly the same techniques used by the door to door rip off loan shark illegally charging annual percentage rates of thousands of per cent to impoverished workers.
It is exactly the same process at work. Fraud, theft, manipulation, threats, fear. These immoral sub-prime lenders have much in common with criminal door to door loan sharks and other thieves. Their victims are caught like flies in spiders webs. There is no escape.
But wait. It doesn’t just end there does it ? Having established this wicked system of modern banking that provides such huge profits to the banks, they wanted more. Greed is good they seemed to think. Yes, that’s what they said. Greed is good !
So they started using the same ludicrous types of manipulation on each other as lending between banks escalated beyond reason or comprehension to prop up the fragile system of deceit the banks were busy creating.
The banking system seemed to become more and more like a giant ‘Ponzi’ scheme where banks borrowed money from other banks to repay their own debts before it was discovered they had no money left at all to meet their obligations, because they had lent the lot as they forced increasingly large amounts of loans onto a gullible population who simply couldn’t understand what was going on.
All people could see was the value of houses increasing to levels of un-affordability where everyone was forced to borrow gigantic amounts of money just to have a home to live in.
But, like all ‘Ponzi’ or pyramid selling schemes based on fraud, the banking system was becoming more and more fragile. It was so riddled with double dealing, fraud, dishonesty and mistrust, banks became too fearful of even each other’s reliability to lend to each other anymore. The banks had successfully created a system based on deceit, mistrust and lies which had also spread into the whole wider community of individuals and business.
The Global banking system went into meltdown as money disappeared into the banks from wherever they could grasp it. The biggest con trick of all was persuading Governments ‘to bail them out’ by giving huge amounts of money – hundred of billions of pounds to stop them going bust and then even more of our money disappearing into oblivion.
The banks kept it for themselves where it is actually useless. Money is only useful and only performs it’s function when it keeps moving from person to person. The banks stopped the World money supply from moving.
So, in the same way the banks are the places where money is created to make trade and commerce become possible, so it is that money is destroyed and is now completely vanishing from existence by the banks being able to reverse the process.
That is exactly what the banks have done. It is the biggest fraud in history.
Looking for someone to blame other than themselves, the banks immediately blamed the ‘sub-prime’ borrowers.
The banks claimed it was all their fault because they were unreliable individuals who couldn’t afford to keep up the payments on the loans they should never have had in the first place; mainly because they were too poor to be able to afford them.
All those very bad borrowers had misled the poor innocent banks into lending them money. It was all their fault, the banks said. But they weren’t too poor for the banks to take their money, were they ?
The banks are liars. Sub-prime was deliberately created by the banks as a means to make more money and take advantage of people. and the banks in their breathtaking greed were too stupid to know when to stop, so they still haven’t stopped.
They are still foreclosing on homeowners even if there is loads of equity remaining in the property. Business loans are forcibly being demanded to be prematurely repaid to the banks and further new loans are rare and generally mostly unavailable.
So, the result is World-wide economic meltdown and poverty and misery of all sorts. Word wide trade and commerce is being destroyed by banks being irresponsible, greedy, and nasty.
Thank you very much, the banks.
PSSSST
Consider this.
A little clue it cannot be sub-prime lenders responsible for the gigantic sums of money disappearing into oblivion is simply that the amounts of money now vanishing into a black hole is apparently reaching into trillions -many trillions. It is a sum my calculator cannot understand or even cope with. So I haven’t much hope of understanding it either. Nor have you.
Let’s do some maths. If the average house price is £200 000 and the loan to buy it is 100 per cent, then one million sub-prime borrowers failing to pay a single penny of that back, ever, means a total loss to the banks of 200 000 million pounds or 200 billion pounds.
Of course this calculation is a complete fiction, because usually the banks re-possess the homes and get all their money back and then some. Sometimes, just sometimes, the banks will not be able to sell the homes for the full amount of the loan and there will be a loss. But the banks still won’t lose that money without pursuing the former homeowner for years to recover anything still owed from their wages.
The banks will not be suffering much in the way of loss from re-possessions and I imagine any losses are more than compensated by profit. So where might this loss they all whinge about be ? Search me ! Perhaps they might like to tell us ?
Here is a slightly more realistic calculation which tells another part of the story. The Council of Mortgage Lenders here in the UK say that each re-possessed house costs £35 000 to repossess. So each bad sub-prime mortgage loan is costing £35 000 and not actually the full value of the property at all.
Even that figure is misleading because it, apparently, is what the CML say the cost is, but they carefully bend the truth by omitting to mention that whole cost is usually born only by the borrower and never by the lender, unless the sale price of the property falls below the value of the loan; something almost unheard of here in the UK in normal circumstances.
But, assuming there is that cost of £35 000, and not arguing about who bears it, multiplying it by one million feckless sub-prime borrowers having their homes repossessed makes a total figure of 35 thousand million or just thirty five billion pounds,
Do you recall the hundreds of billions, even trillions of pounds forthcoming recently from Governments to subsidise the banks ? Seems to be a bit of a discrepancy here somewhere, don’t you think ?
Figures of annual repossessions in the UK were running at about 50 000 homes a year until a few months ago. Nothing like that fictional figure of one million used above. So what does fifty thousand repossessions look like costing at the official Council of Mortgage Lenders figure of £35 000 ?
Why, that comes down to only one thousand, seven hundred and fifty million pounds or 1.75 billion pounds; virtually all of which is borne by the borrower and is not a loss to the lender at all.
Frankly, I doubt if lenders even lose ten per cent of that and that would reduce the figure of apparent loss to just one hundred and seventy five million. Tiny, miniature, compared with the eye watering losses the banks are complaining about and the Governments are pumping into the banks to keep them from going broke.
As America has about five times the population of the UK you might, roughly, multiply that figure by five to get an approximate figure for the USA. At 1.75 billion it’s nothing like the losses banks are claiming sub -prime mortgages have cost them, is it ?
That’s thousands of millions, or hundreds of billions, even trillions, remember ?
The inescapable conclusion is someone is not telling the truth ! I wonder who that could be ?
I think it might be the banks.
I was always told that people who didn’t tell the truth were called liars.
If the banks are lying, and it looks like they are, then how can they be trusted to be in charge of the money supply ?
Nicholas Windrum is a thinker and writer living somewhere in the UK…
Reports are surfacing that there has been another major information security breach at a credit card payment processor, though the company has not yet been identified.
The breach news comes less than one month after Heartland Payment Systems announced they had suffered what is likely to be the biggest PCI breach to date, possibly bigger than the TJMAX breach.
Heartland (HPY) is the sixth largest payment processor in the nation.
There had been indications in early Heartland reports that the FBI was pursuing suspects who may be part of a larger criminal conspiracy targeting multiple companies, but there are no reports yet as to whether this latest breach is part of that investigation, or whether the revelations at Heartland led to this breach being uncovered.
From DataLossDB.org on the breach at the unknown company:Banks around the country are reportedly receiving warnings, and perhaps even new lists of cards to replace. This is apparently regarding another credit card processor, unrelated to Heartland Payment Systems, having a significant breach.
OSF has received multiple tips from multiple sources, and has spoken with the good people over at bankinfosecurity.com who have confirmed they too are hearing the exact same thing. From what we’ve heard, this second breach is significant in scale, but we have not as of yet been told who the processor is.
Also, speaking of BankInfoSecurity.com, they’ve released an article about three people being arrested for allegedly using credit cards from the Heartland Breach. And also, their list grows of institutions affected by the Heartland incident (they maintain a much more comprehensive list than we did). Hats off!
Our team has been predicting that 2009 will be the year that InfoSec moves to the forefront of the economic crisis. We believe the somewhat obscure issue will be as familiar to the American public as the notorious subprime and pay option ARMs have in the last year or two.
Much like the meltdown of the mortgage industry, the revelations of lax governance in the handling of sensitive and private data will likely shock the public and the business community alike, and those revelations are bound to come all too painfully slow, especially for shareholders.
The data loss debacle at Heartland highlights the fact that the failure to secure information is the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.
Nearly one month after going public, few details of the Heartland breach have been released, and many questions remain regarding a long chain of events that include both the breach and also an aggressive executive 10b5-1 stock selling plan adopted in early August of last year, the same month the breach is now reported to have ended, but still five months before the breach was announced publicly.
Heartland Payment Systems stock price has been flat-lined since losing half of it’s value shortly after the January 20, 2009 breach announcement. A report form komonews.com gravely illustrates that this is more than a security issue, it is a commercial viability issue:
Heartland says it has closed the security hole that allowed criminals to infiltrate their systems, but the matter is far from settled. The company will likely have to pay big penalties to banks to reimburse the cost of issuing new cards, and analysts say the intrusion could even threaten the company’s survival if the big card brands decide to cut off Heartland from connecting to their networks.
One big payment processor, CardSystemsSolutions, went under after a 2005 data breach in which 40 million credit card accounts were compromised and the big card brands stopped doing business with CardSystems. Representatives for Visa Inc. and MasterCard Inc. declined to comment.
“According to a MasterCard alert, this sniffer program stole card numbers and expiration dates from credit and debit cards processed by Heartland from May 14, 2008, through Aug. 19, 2008, as the information entered Heartland’s payment switch,”
Here is what we know of the Heartland timeline thus far, which is not much, but it does beg for a more thorough explanation by company officials for no other reason than several important things happened in a relatively short period of time, and that alone should be reason enough:
May 14, 2008: Breach reported to have began
May 20, 2008 Carr Makes first stock sale of the year, 2695 shares
August (first week), 2008: CEO Robert Carr’s 10b5-1 is proposed
August 8, 2008: Board approves 10b5-1 plan
August 8 – August 14, 2008: Carr makes six separate sales of stocks totalling 60,000 shares
August 19, 2008: Breach reported to have ended
August 28, 2008: Carr sells 80,000 shares
September 3, 2008: Carr sells 80,000 shares
September 17, 2008: Carr sells 80,000 shares
October 15, 2008: Carr sells 80,000 shares
October 28, 2008: Visa and MasterCard notify Heartland of problems; Carr sells 80,000 shares
November 6, 2008: Carr sells 80,000 shares
November 20, 2008: Carr sells 80,000 shares
December 11, 2008: Carr sells 80,000 shares
December 26, 2008: Carr sells 42,900 shares
January 7, 2009: Carr sells 80,000 shares
January ??, 2009: Carr suspends his 10b5-1 stock selling plan
January 20, 2009: Breach Announced
In an email I received from Heartland’s representatives, they state that there is no relationship whatsoever between the breach and Carr’s stock sales:
At the time of this announcement, Mr. Carr was not under any trading restrictions pursuant to the company’s insider trading policy and was not in possession of any material non-public information concerning the company. Under this 10b5-1 plan, programmed sales of company stock were made on Mr. Carr’s behalf, and he had no discretion regarding the timing or other aspects of those sales.
Although he was not required to do so, Mr. Carr terminated his 10b5-1 when the company confirmed the security breach it disclosed in the company’s press release of January 20, 2009. As has been reported, Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan.
I can see no reason not to take them at their word, but I also urge Heartland officials to release more information to clear up the issue, such as the documentation that Heartland’s Systems and IT departments keep to show compliance with requirements for sensitive data protection. Hard copy confirmation that no one at Heartland was aware of any major security problems prior to October 28, 2008 would put any questions to rest with more finality than a corporate press release or an email.
Something to look forward to is the conference call with Carr now scheduled to take place in the last week of February. The agenda state the call will discuss Q4-2008 earnings, but it seems almost certain they will address the breach then, and hopefully will provide more details regarding an eventful August 2008.
Chairman & Chief Executive Officer Robert Carr and President & Chief Financial Officer Robert Baldwin will host a conference call beginning at 8:30 AM Eastern Time, Tuesday, February 24, 2009, to discuss fourth quarter and fiscal year end 2008 results and conduct a question and answer session.
Heartland Payment Systems invites all interested parties to listen to its conference call broadcast through a webcast on the Company?s website. To access the call, please visit the Investor Relations portion of the Company?s website at: http://www.heartlandpaymentsystems.com. The webcast will be archived on the Company?s website within two hours of the live call and will remain available through Friday, May 22, 2009.
You may also participate by calling (800) 559-6679 and providing the operator with Pin Number 81829786
The SEC does require disclosure by company leadership of known threats to share price, so we should expect that more will be revealed during the call – unless the investigation would prevent the release of such information, in that case we would probably at least get some statements to that effect.
Either way it seems that much will be revealed in the call.
As for the latest breach, let’s hope it is not a record breaker and that no fraud cases are the result. Be vigilant about checking your own credit card statements and report any suspicious activity immediately. Then just keep your fingers crossed that we can effectively put the information security genie back in the bottle before the next breach is not just a financial security matter, but a national security event as well.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com.
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
On Friday January 30, representatives of Heartland Payment Systems (HPY) contacted me via email regarding my recent article which had asked some tough questions regarding the timing and nature of multiple large stock sales during the months leading up the revelation that the company was the victim of a security breach.
The company’s prompt attention in addressing these questions is appreciated. From Heartland’s Representatives:
In August 2008, Mr. Carr put in place a 10b5-1 plan to sell Heartland stock. The company publicly announced this plan by press release on August 8th, 2008, stating:
Mr. Carr and Robert Baldwin, President and Chief Financial Officer, have adopted prearranged trading plans to sell a portion of their company stock over time as part of their individual long-term tax planning, asset diversification, and liquidity strategy. Following the completion of trades contemplated under the plan, both Carr and Baldwin will continue to hold a substantial ownership interest in Heartland Payment Systems. Included in Carr’s holdings are 2,375,000 shares acquired through options exercised in the first quarter of 2006, none of which were used to satisfy the tax obligations incurred at the time the options were exercised. The stock trading plans were adopted in accordance with Rule 10b5-1 under the Securities and Exchange Act of 1934, as amended, as well as the Company’s policies with respect to sales of shares held by insiders. Under the Carr plan, a maximum one million shares can be sold over the next year, corresponding to the number of new performance-based options granted to Carr by the Board of Directors. Under the Baldwin plan, a maximum 78,180 shares can be sold, representing his options that expire in January 2009.
At the time of this announcement, Mr. Carr was not under any trading restrictions pursuant to the company’s insider trading policy and was not in possession of any material non-public information concerning the company. Under this 10b5-1 plan, programmed sales of company stock were made on Mr. Carr’s behalf, and he had no discretion regarding the timing or other aspects of those sales.
Although he was not required to do so, Mr. Carr terminated his 10b5-1 when the company confirmed the security breach it disclosed in the company’s press release of January 20, 2009. As has been reported, Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan.
These are important issues to stakeholders, and legitimate questions to ask. I appreciate Heartland’s concern, and I will continue to follow the story as it unfolds.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author andInformation-Security-Resources.com
ByAnthony M. Freed, Information-Security-Resources.com Financial Editor
Heartland Payment Systems (HPY) and Federal investigators have released more details about the technical nature of the massive financial data breach made public last week, but have refused to pinpoint the exact date that Heartland first became aware there may have been a problem with their network security.
The date they settle on may well be the difference between market serendipity and an SEC investigation for insider trading, as an examination of stock sales made by Heartland CEO Robert O. Carr in the second half of 2008 raises some serious questions about just who knew what and when in the latest version of the worst-ever information security breach which has now spawned a class action lawsuit.
Federal investigators and the Secret Service have apparently traced the Heartland data breach to sources outside of North America, with some reports indicating Eastern Europe as being the most likely origin of the unauthorized access.
The principles and methods used by the perpetrator(s) have been uncovered, with evidence that is somewhat contradictory in nature, some of which is suspected of being nothing more than red haring planted by the hacker(s) to throw investigators off their trail.
The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud alerts went off at both Visa (V) and MasterCard (US:MA) according to Heartland CFO Robert Baldwin.
“A significant portion of the sophistication of the attack was in the cloaking,” Baldwin said.
Another consultant-who also wanted his name left out-said the ability to write directly to specific disk sectors is frightening. “Somehow, these guys went directly to the base level of the machine (to an area) that was not part of the file table for the disk,” he said. “Somehow, they got around the operating system. That’s a scary mother in and of itself.”
Other industry brains were less impressed. One nationally recognized and certified information security expert who I corresponded with Wednesday evening regarding the breach indicated that the hackers exploited a system weakness that should have been well known to Heartland, for which protocols issued several years ago.
From my email conversation:
“This was an ‘I told you so’ moment for me. I know exactly which part of the process got hit. It was the un-encrypted Point-to-Point connection which occurs between the Host Security Module (HSM) and the Application Security Module (ASM).
“But that means that they had to have had a hole in their firewall to insert the sniffer into unallocated disk space. “
“Now Heartland is crying poor me, and the making it sound like they are heroes by claiming that they are going to ‘develop’ end to end encryption. They should have been using the ISO Banking Security Standards which were promulgated in 2004/2005. They should be expected to uphold the standard.”
It looks as if the techies have already dissected the mechanics of this modern day cyber-cat-burglar, but ten days later we still have no clear idea of how long the sensitive data was exposed or when Carr and other Heartland executives first had an indication that something was not as it should be.
Heartland CFO Robert) Baldwin also added more details to the sketchy timeframes that have been revealed thus far about the attacks, specifying that Heartland was contacted by Visa and MasterCard “in very late October,” possibly October 28.
Given that authorities are conducting an investigation, it is understandable that many details will not be released until after an arrest is made, but given the nature of the details that have and have not been revealed, one has to wonder who all is actually under investigation here.
Usually in an on-going criminal investigation, details are withheld from the press and public for many different reasons, but generally it is the mechanistic details of the crime, and often all the press has to report on is the headline and a timestamp.
Oddly enough it is the those details of the crime that have been trickling out that one would not expect – including the suspects possible location – but yet the generalities are being obscured, like what was stolen when did they steal it?
The answer to the latter of the two questions is of particular issue.
If Heartland personnel, and particularly Bob Carr, had absolutely no indication that something was awry with their processing system security until they were alerted by Visa and MasterCard at the end of October, then there is no problem.
Under this scenario, according to the chart above, Carr just happened to be in the middle of a major sell off of Heartland stock unlike any he has ever undertaken before when he found out “late in the fall” about the existence of problems.
It could simply be the case that Carr just happen to decide to sell 80,000 shares of Heartland stock for roughly $1.6 Million a pop on nine separate occasions about every other week in the four month period leading up to the announcement of the breach. These uncharacteristically large and more than frequent liquidations just happen to have occurred while the company was in the middle of an expensive acquisition and expansion of services push, all of course while the credit markets were in total dysfunction.
If on the other hand, company communiqué and records reveal that Heartland knew of possible anomalies in the processing security at the end of August instead of at the end of October, then we have a whole other scenario to apply the data to.
Under this hypothetical situation, Heartland may have discovered problems prior to end of August and may have known it was something serious simply because no one could figure it out. According to the official company statements, this was a difficult intrusion to detect, one that was missed more than once.
The initial internal conclusion was that “it looked most likely that it would be in a certain segment of our processing platform,” said Baldwin, adding that Heartland does not want to identify what that segment was. The company hired a forensic investigation team to come in and focus solely on that one area, an effort that ultimately proved fruitless. “We found issues in a large segment of our processing environment. The one that looked like the most promising turned out to be clean,” he said.
That second team “was nearing conclusion” and was about to make the same assessment the first team did: clean bill of health. But one of the last things that external, qualified risk assessor did was to try and match various temp files with their associated application. When some orphans-.tmp files that couldn’t be matched to any application or the OS-were turned over to Heartland’s internal IT group, they also couldn’t explain them, saying that it was “not in a format we use,” Baldwin said. More investigation ultimately concluded that those temp files were the byproduct of malware, and more searching eventually located the files in the unallocated portions of server disk drives.
So, continuing with the hypothetical scenario, Heartland would have had inside personnel looking for the problem when they get a call of Visa and MasterCard with the friendly heads-up. Heartland could have just not acknowledged the problem until their business partners forced them to.
The end of August is of interest because this is when Carr began to sell of large blocks of stock about every other week, and this was a significantly different trading pattern than Carr had engaged in previously.
If documentation turns up that indicates Heartland knew of serious problems with their network security prior to August 28th, these huge and rapid sell-offs by Carr may look more than suspect to the SEC.
I can not see the strategic value of withholding an accurate timeline of what exactly the company and Carr knew, and when exactly they knew it. But, if it turns out that everything is kosher here and all is as Heartland has indicated so far – which is very little – then I guess I just don’t understand Carr’s trading strategy over the last half of 2008 and how it related to his goals as a CEO for the growth an performance of his company.
They seem to be at odds, but that is no crime, just ask anyone who shorts their own company from time to time. It just needs to be cleared up. Not to worry though, as this is nothing that a solid and well documented timeline won’t be able to take care of (hint hint).
Meanwhile, Heartland’s stock (HPY) bounced back a little Wednesday, but is still trading at nearly half of it’s value prior to the breach announcement.
The data loss debacle at Heartland highlights the fact that the failure to secure information is a growing national security threat, and will be the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.
ByAnthony M. Freed, Information-Security-Resources.com Financial Editor. Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author andInformation-Security-Resources.com
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
Heartland Payment Systems stock (HPY) was hit hard in the wake of what is being described as the biggest single breach of consumer and financial data security ever. The company issued statements Friday (1/23) in an effort at damage control in which the CEO compares the potential industry-wide impact of the breach to none other than that of the Tylenol poisonings of some twenty-five years ago that nearly brought down the drug maker.
Not the kind of association I would want to make for my company, but then it’s not my company.
Worse yet, Heartland’s press release was crafted with the kind of classic crisis-response-mode denials, deflections, and spin that we have all become so accustomed to in other sectors of the financial industry.
The data loss debacle at Heartland highlights the fact that information security will be the next major shareholder derivative and D&O liability issue, regulatory, consumer, and national security threat, and class-action litigation subject to impact our ailing economy.
Heartland CEO Robert O. Carr’s statements do not contain any details of the breach or anything resembling an apology to consumers and shareholders. Instead, Carr gave himself a pat on the back for expanding Heartland’s client base in spite of exposing millions of people and hundreds of banks to fraud and losses.
“Despite the headwinds of the economy and attacks by some of our competitors, we have installed new merchants, new payroll clients and new check management clients since our disclosure of the breach on Tuesday morning,” Carr stated.
The press release further states “Heartland Payment Systems added more than 400 merchants to its client base in the past few days – exceeding results for the same period from last year.”
When Carr does finally address the breach, he seems to imply that the lapse in data security is some kind of validation of Heartland’s capacity to respond to threats to its customer base and stakeholders, but only after a breach is uncovered. Carr even managed to sound almost self-congratulatory in the process:
“Our energized organization called on the owners of more than 150,000 business locations these past three days to help them understand the breach and what it means to them. I couldn’t be prouder of our entire organization for the way everyone has pulled together to help.”
Kudos Heartland? No. The congratulations should instead go to the kind of executives who are proactive enough to make sure that the measures are in place from day one of contract negotiations with the systems and security providers to insure these kinds of problems never materialize.
As soon as Heartland’s stock began to tank in earnest late this week, leadership chose to respond to this breathtaking lapse in security and due diligence by acting first to reassure their clients and shareholders that all was well at the company, even a bit exciting lately – what with the opportunities the new security vulnerability will give those in the payment industry to share ideas with one another.
Now what about that data breach? You know, the whole reason for the press release in the first place? Little was offered in the press release:
“No confidential merchant data, Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were retrieved in what is believed to be a global cyber-fraud operation.”
If no critical data was exposed, what’s the real problem then? Well, there are many.
First and most obviously is that for an unknown period of time some consumer and merchant data worthy of encryption were exposed to hackers and thieves when the data were briefly unencrypted and encrypted again during processing, according to bankinfosecurity.com.
Card reissue would solve that problem, albeit at some expense to the companies. I say companies (plural) because if Heartland’s system was exposed then it can be expected that the same vulnerabilities have been exploited in systems at other companies, perhaps even in other industries with similar data security software and systems.
Hence the scramble by law enforcement (FBI) and the entire financial industry to figure out what happened.
Also of note is a problem that has been at the forefront of information security from the beginning: The bad guys tend to know more than we do about the vulnerabilities in our data systems because it is worth a lot of money to them.
Aside from network audits and professionals who hunt for holes in security systems for a living (some of whom where at one time themselves hackers), most companies find out about information security issues after their networks are breached.
Even though industry leaders can show that they spend hundreds of millions of dollars on cyber-security, more and more resources – time, talent, money, reputation – are all being lost by reacting to threats after the fact.
There has been a marked increase in attempted and successful attacks on corporate, government, and military systems, yet the looming economic realities today are forcing information security executives and IT departments to try to do more protecting at less cost.
This situation poses a threat to the security of I call our financial identities, which are made up of the ever-accumulating bits of electronic information that increasingly represent the bulk of our identity and net worth, which can disappear in minutes from a sharp dip in the markets, or in the blink of eye with just the click of a mouse.
The economic downturn is further exposing our financial identities to fraud and exploitation from external threats such as criminally intent hackers, as well as from internal threats like budget cuts, cutting corners on security due diligence, or cash-hungry employees who may succumb to the temptation to sell sensitive datain the lucrative information and identity black-markets that thrive on the Internet.
Another big problem is that despite Heartland’s assurances, the company understands neither the size nor scope of the breach, let alone how it happened.
“Heartland does not yet know how many card numbers were obtained. Many reports in the press are speculative,” the press release states.
Well, there is a lot to speculate about.
Given the financial industry’s record of not fully disclosing damaging information to consumers or shareholders, even as required by law, it can be expected that further details of this case will reveal this breach is much worse than anyone is letting on, especially Heartland executives.
Heartland is the sixth-largest payment processor in the country, with as many as a quarter of a million payment and payroll clients, and they may be only one of many similar companies targeted in a broader criminal activity meant to defraud through malicious software known as “malware.”
Visa and MasterCard, who first recognized discrepancies in their own records, notified Heartland of a potential problems late in 2008.
“Visa and Mastercard instructing many card issuers to offer fraud-monitoring protection, replace cards, or do a combination of both for customers whose card purchases were processed by Heartland.”
Visa and MasterCard wouldn’t elaborate, citing an ongoing FBI criminal investigation.
“Heartland should feel urgency to notify everyone who could be a victim, says Todd Davis, CEO of LifeLock, a fraud-monitoring service. “Victims are sitting naked, not knowing whether to take extra steps to protect themselves,” he says. “The default should be toward notifying all possible victims,” according to the Detroit Free Press.
Oh yes! The victims of this fiasco – what is on the agenda for them? Heartland’s press release instructs them to basically fend for themselves for now, which is a fairly typical response to consumer data breaches.
“Consumers will know if their card account numbers have been used by reviewing their monthly statements. Cardholders should report suspicious activity to their issuing banks (the bank that issued the card, not the card brand). If unauthorized use is confirmed, cardholders are reimbursed for the fraudulent purchases and are not held financially responsible,” Heartland assures in their press release.
Sounds painless enough, but I really doubt it will be pain free for those who will have to deal with it.
Not only will this be a tremendously stressful and potentially time consuming endeavor for the affected cardholders, this is also a tremendous drain on the financial resources of an already troubled industry.
Heartland (HPY)‘s stock value has lost more than 50% of it’s twelve-month high. Visa (V) and MasterCard (US:MA) have seen similar declines. Ultimately, the lawyers will join the fray, multiple lawsuits will be filed, the costs will continue to climb, and shareholder value will continue to decline.
Information and data security are essential to protecting every single individuals financial identity, and every corporation’s value from falling prey to the most sophisticated forms of cyber-attack conceivable.
President Obama has indicated he is taking cyber-security very seriously, going so far as to announce the pending appointment of a cyber-advisor to spearhead efforts.
Moving forward, we should also start thinking of our financial identities, our investments, our assets, and all of our wealth as really being nothing more than data. Data to be to be kept safely, not lost or stolen.
Carr concluded, “Just as the Tylenol(R) crisis engendered a whole new packaging standard, our aspiration is to use this recent breach incident to help the payments industry find ways to protect its data – and therefore businesses and consumers – much more effectively.”
If Carr is comparing this breach to the Tylenol poisonings, a textbook commercial and consumer nightmare of epic proportion – including multiple deaths – then you know this breach is going to be something really, really big in the end.
The Authors give permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is given toInformation-Security-Resources.com.
Anthony M. Freed, Information-Security-Resources.com Financial Editor, researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
Since the United States Government has decided to go into the MBS business (Mortgage Backed Securities), I have noticed in all of the debate and coverage that there is a serious lack of knowledge on the part of our congressional membership and in the news media regarding the mechanics of such a plan, and no one has even come close to outlining the actual costs that will be incurred.
I don’t expect government bureaucrats news jockeys to know and understand all the intricacies of the mortgage business, but someone, somewhere has to have wondered what exactly the long term costs required to administrate a program of this magnitude would be.
What will happen when the government buys trillions and trillions of dollars of these “toxic” loans in this MBS bailout? How many thousands of people will it take to do all the legwork on these mortgages? Will there have to be a new government division created just for this purpose? How many hundreds-of-millions of dollars will this plan need that has not been budgeted for – or even considered as of yet?
Or will they contract this all out? Then the real corruption can begin! Can you imagine all the “deals” that will be made with “friends” to get these huge government-paid contracts?
Everybody, there is an 800 lbs gorilla sitting in the living room of this banking bailout, and the general public doesn’t see it. Trust me it’s there, and there are more than a few bank executives that have taken notice.
I worked for one of the three largest banks still standing, and I have done everything from marketing, originating, processing, closing, secondary markets, and even foreclosures – at one particular bank I would estimate that there were no less than 2000 people who work in foreclosures, loss mitigation, and short sales alone – and that was before the bubble popped when foreclosures were minimal.
In addition to this new government agency that will need to be created to manage these loans, there is also a highly complex computer system that will have to be developed to handle all the different formats and software that currently store the loan information at the different banks.
I know what a hassle it was when the bank that I was at purchased a block of loans from another bank: We basically had to “build” a new in-house system to adapt to the format of the system that the loan information was stored on, and it could take weeks.
This is just one bank assimilating one block of loans from another bank, nothing like the task of assimilating thousands of blocks of toxic loans from hundreds of different banks, with dozens of different systems and software packages being consolidated into one single system, and then expecting that system to run properly.
As it never ran well with only two different systems, I can not imagine the nightmare of problems that lie ahead for the programmers on this project. It literally will take years to get the data organized, and at a tremendous cost that has not been addressed.
And then there are the servicing problems.
The banks I worked for made tens-of-millions of dollars a month for “servicing” loans. The bank gets a “servicing fee” every month for basically just collecting your payment. They don’t make a lot on every loan, the basic principal is making a little on a large volume – and they do.
This is a huge profit machine for banks, but it takes a large number of loans to be profitable, so large in fact that many banks just opt to sell the “servicing rights” to the big banks like Chase, Bank of America, and Wells Fargo for an SRP (service release premium), basically an upfront payment against the value of the servicing fees.
The issue that I am getting at is this: Who will do the servicing for all these toxic loans when the government buys them all up?
If they let the banks service them even though the government holds all of the risk, the banks will be getting the best of both worlds. The banks will get rid of the bad debt on their books courtesy of the American Taxpayer, and they still get to make a ton of money by servicing them for the government.
And what happens if the taxes and insurance are not paid on the loan? Normally it is the servicer’s responsibility to pay the taxes and insurance whether the borrower has paid them or not.
Will this cost be passed on to the taxpayers too?
Again, this is a division of the banks that employ tens-of-thousands of people – will this mean yet another government department will have to created? Will it be contracted out? Either way, it is a tremendous expense to taxpayers that is not being addressed in any of the MBS bailout talk, and will be in addition to the cost of the assets to begin, which is all they seem to be discussing.
More unseen costs of this MBS bailout.
I don’t expect the government officials and journalists to know or understand all these small details of how the mortgage business operates, but if this is the business they are itching to get into, they should at least understand the basics of it before they dig our nation into a financial hole we will not be able to climb out of.
Although earnings were down and losses up in the end of 2008, Goldman sources reported that the astonishing tax windfall was more due to “changes in our geographic earnings mix.”
(click to enlarge)
When I heard “changes in our geographic earnings mix,” I immediately thought of a document that a friend had sent me a while back, with a rather long list of off-shore hedge funds and other tax-evading rackets located in the Cayman Islands, Bermuda, Mauritius, and the British Virgin Islands – all infamous for their anti-American tax havens and utilized by US corporations to evade their legal dues – all of which are owned in one way or another by Goldman Sachs.
It kills me to think Goldman probably spends millions of dollars in order to avoid billions of dollars in taxes, and then turns around and asks the American people for a handout.
Hopefully the Democratic led Congress will get to the bottom of some of the illicit relationships between regulators like Paulson and their Wall Street connections, unless they are too scared they will have to accept responsibility for some of the Fannie and Freddie mess.
Posted by Anthony M. Freed 
Your Mortgage or Your Life... 