Wednesday, August 20, 2008

PIN Debit White Paper on Improving Merchant Profitability

A white paper educating merchants on the benefits of migrating their electronic payments from credit and signature debit, to PIN Debit has been released by Optimized Payments Consulting.

Of course, it goes without saying, that I couldn't agree more.  In addition to reducing your card processing fees by 73%, Internet Retailers also virtually eliminate chargebacks and reduce risk related expenses signficantly.  Given that majority of consumers have at least one debit card with PIN functionality, e-commerce merchants would be best served to recognize this fact and take advantage  of the myriad benefits provided by HomeATM's Internet PIN Debit solution – lower acceptance costs, greater security, faster funding, and typically faster checkout.

Moreover, merchants see reduced fraud and chargebacks with PIN debit transactions. Since only the card holder knows the PIN, it is less likely to be stolen and used fraudulently like credit and signature debit cards. And PIN‐based debits are not subject to the same chargeback rules as their counterparts, although some of this is changing in the industry.

So if you are or know of an internet retailer who would like to investigate our PIN Debit solution further, visit HomeATM or give us a call or email me to request further information and I'll make sure you get it.   As always, click any of the graphics to enlarge.  Here's the press release from Optimized Payments Consulting which was released today:

Atlanta, Ga. (PRWEB) August 20, 2008 -- In today's plastic society, electronic payment processing is a must for businesses to operate and to be competitive.  Unfortunately, the high fees associated with credit card processing and merchant accounts are setting recession-hit firms back even further. To help companies meet this challenge, the payment processing experts at Optimized Payments Consulting (OPS) are sharing their expertise - gained over ten years working with retail, Internet, and healthcare clients - in a new white paper titled "How Accepting ATM Cards Can Improve Merchant Profitability."

The chart on the left  highlights the cost differential between the three dominant payment methods depending on average ticket size. A merchant’s actual cost of processing a PIN transaction will depend on the specific ATM network (Interlink, Star, Pulse, NYCE, etc.) used to process the sale and the mark‐up added by the payment processor. Using a weighted average cost based on market share of the ATM debit networks in the U.S., a $50 sales transaction will cost about 54 cents with PIN‐debit, versus 73 cents for signature debit, and 93 cents for credit.  From a merchant’s perspective, accepting PIN debit becomes more attractive as the average ticket grows, but this product is not competitive if the average ticket is below $25.

As the table shows, the fixed per‐item and switch fees do not make PIN transactions cost effective for smaller ticket transactions. However, on the flipside.. for average tickets above $25, a merchant can save 25%‐61% over signature debit, and 39%‐73% over credit transactions.

ecognizing that over 90 percent of merchants were unknowingly overpaying for credit card processing services, Goel established Optimized Payments Consulting to help merchants understand and reduce their payment processing costs.  In the most recent in a series of white papers on the topic, OPS experts provide in-depth background and analysis on how merchants can accept and promote ATM cards and drive profitability.

"Businesses can save 25% to 73% percent on their processing costs for every transaction they migrate from signature debit and credit to PIN debit respectively".

By 2010, Morgan Stanley estimates that credit card processing rates will "rise to 1.86 percent and generate $32.4-billion in interchange fees." Those skyrocketing interchange rates, along with processing fees, are squeezing businesses as credit card processing fees eat away at their already shrinking bottom lines. Fortunately for these businesses, there are lower cost alternative payment options.

According to Digital Transactions, an industry publication, the use of PIN-based debit cards in the U.S. has been rising faster than signature debit cards and credit cards.

Merchant sales volume for PIN transactions has been growing 21 percent annually since 2000, slightly ahead of signature debit and "significantly ahead of credit cards." And according to a recent study by Star electronic funds transfer (EFT) network, "consumers preferred PIN debit over signature debit", with 54 percent opting for PIN and 38 percent for signature.

This trend spells good news for businesses that know how to leverage it.  To find out how to leverage it click here to email me.

How to hack RFID-enabled Credit Cards for $8 Bucks

Having learned a lot over the course of the last two or three weeks about "WarDriving" (and warcarting) it occurred to me that if it's that easy to access wireless networks, then why the heck would Visa and Mastercard come out with a Radio Frequency ID (RFID) card.  Even with my newly ascertained, albeit, limited knowledge on the subject, I thought:  "certainly they would be easier to breach than plain old magnetic stripe cards right"? 

Right...but what surprised me is that it can be done for only $8, which is less than the cost of a movie ticket.  Speaking of's one on how to do it.

Sorry Charlie...Boston Transit Authority Gag Order Lifted

A federal judge has lifted a gag order on three MIT students who were barred from talking publicly about security flaws they discovered in the Boston transit system's automated fare network.

So here's the Presentation!

A lawyer for the transit agency acknowledged its CharlieTicket system has security flaws. But the lawyer asked Judge George O'Toole Jr. to impose a five- month injunction continuing to block the students from revealing anything publicly about the security system. O'Toole rejected the request Tuesday.

The students had been blocked from presenting their findings on the security flaws in early August at DefCon, an annual computer hackers' conference.

"Judge O'Toole said he disagreed with the basic premise of the MBTA's argument: That the students' presentation was a likely violation of the Computer Fraud and Abuse Act, a 1986 federal law meant to protect computers from malicious attacks such as worms and viruses. Many had expected Tuesday's hearing to hinge on First Amendment issues and what amounts to responsible disclosure on the part of computer security researchers. Instead, O'Toole based his ruling on the narrow grounds of what constitutes a violation of the CFAA. On that basis, he said MBTA lawyers failed to convince him on two points: The students' presentation was meant to be delivered to people, and was not a computer-to-computer 'transmission.' Second, the MBTA couldn't prove the students had caused at least $5,000 damage to the transit system."
O'Toole did not rule on the students' claim that the MBTA had violated their First Amendment rights by stopping them from speaking at the hackers' convention.

This from the Boston Globe:
Cindy Cohn, a lawyer for the students, said the students had complied with the MBTA's request to turn over slides from their presentation and a 30-page "security analysis" that outlines everything they discovered about weaknesses in the fare system.

"The MBTA ultimately is trying to silence some uncomfortable truths that these students uncovered," said Cohn, legal director for the Electronic Frontier Foundation, a San Francisco-based legal organization that specializes in civil liberties issues related to technology.

"They brought an action against three college kids rather than address the problems in their own house," Cohn said.  Cohn said the students never intended to reveal key details that would have given hackers information to help them hack into the fare collection system and ride the system for free, despite what the online ad for the demonstration said.

But Ieuan Mahony, an attorney for the MBTA, said the MBTA simply wanted the students to refrain from revealing details about the security problems publicly until the MBTA has time to correct the flaws, which could take five months.  Mahony said that after reading the security analysis submitted by the students last week, the MBTA "has determined that the CharlieTicket system is compromised." 

"We've known that there are some issues with the CharlieTicket, but we realized after reading this paper that they were able to clone and counterfeit the CharlieTicket," Mahony said after the hearing.  Mahony said the MBTA still wants to get additional information from the students on how they were able to clone the CharlieTicket.

Some details about the vulnerabilities of automated fare system were released before the students' planned talk at the DefCon conference. Electronic copies of their 87-slide presentation were included on CDs handed out to conference attendees before the conference officially began and before the MBTA filed its lawsuit.  - Boston Globe

Card Skimming Perps Show Patience if not Virtue

Patient thieves make off with thousands from stolen card data seems like there's about four or five of these stories per day now. I guess I was spot on with my prediction to look for more of these gas station skimmer stories in the near future. One has to wonder what the long term effect on consumers trust of Point of Sale devices may be as they become more aware of how simple it is to fall victim to this type of fraud.

Maybe HomeATM can look into creating a system whereby consumers (knowing that their own personal card swiping device is safer than the ones at gas stations) can "prepay for gas at home" using their HomeATM wedgie,  get a gas disbursement code, and then go to the gas station, enter the code and dispense their gas.  Anyway, here's yet another story on card skimming at gas stations.  This time, the perpetrators waited a full year before empyting the bank accounts of their victims.  I guess patience is not always virtuous.

Last summer, thieves skimmed debit card information from a South Hill gas station. Then, nearly a year later, they withdrew tens of thousands of dollars from Pierce County residents’ bank accounts, Pierce County Sheriff’s officials said.

By waiting, the thieves can be pretty sure surveillance videos showing them will have been erased. And by making their ATM withdraws over a holiday weekend, it created an extra day for banks to realize something was amiss, said Pierce County Sheriff’s spokesman Ed Troyer said.

Detectives have identified about 75 victims, including cases reported to Tacoma police, and expect many more may be out there, he said. Some victims lost several hundred dollars, others lost thousands.

“Someone might have only had $500 in their account, but the bank lets them take out $3,000 because of overdraft protection,” Troyer said.

By comparing the bank statements of the victims, investigators believe the cards were skimmed from the ARCO station at 11608 Meridian East last August.

“We don’t know if they have more cards and are planning to do another round,” Troyer said. Anyone who used a debit card at the station in August 2007 should get their card replaced, he said.

The thieves used an electronic device that records the customers’ card numbers and pin information, he said. People should be on the look out for card readers that don’t look right or keypads that have been placed over the existing one, Troyer said.

While these types of scams are sophisticated, the electronic components are relatively easy to come by. The next generation of electronic theft, which taps into Bluetooth and wireless technology, is even scarier, Troyer said.

Disqus for ePayment News