Monday, November 24, 2008

Retail E-Commerce Growth Dropping

Retail E-Commerce Growth Drops Sharply - eMarketer

Retail E-Commerce Growth Drops Sharply
NOVEMBER 24, 2008

Online sales are still growing, but far more slowly.

2008 had already been shaping up to be the weakest holiday season yet for retail e-commerce. Based on just-released Q3 e-commerce data from the US Department of Commerce (DOC), eMarketer is predicting even more anemic growth—both for the holiday and the year.

The DOC estimated that e-commerce sales grew only 4.6% in Q3 2008, compared with Q3 2007.

In May 2008, eMarketer projected that retail e-commerce sales growth would drop to 14.3% this year compared with 2007. Benchmarked against the new DOC data, eMarketer predicts 2008 will now be the first year of single-digit growth of the decade.

Online sales (excluding travel) will total nearly $137 billion in 2008, up 7.2% year-over-year, compared with last year’s 19.8% growth rate.

eMarketer expects that consumers will spend only $30.3 billion online in November and December this year. Its May number was a mere 10.1% growth over last year’s holiday spending. But the new estimate is for just 4% growth.

The weak economy is placing downward pressure on e-commerce sales this season. Online shopping growth had already been slowing naturally as part of the channel’s maturation; the economy is slowing growth even more.

“Hopefully, we’re nearing the bottom of this,” says Jeffrey Grau, eMarketer’s e-commerce analyst. “People are going to be more frugal this holiday season."

Reblog this post [with Zemanta]

Bank of Terrorism

Terrorists are increasingly turning to credit cards, according to an expert on terrorist financing...

Credit cards serve two key terrorist functions, providing both operational funding and as a means of distributing money to group members. “Credit card exploitation and fraud has become a growth industry for terrorists,” writes IPSA International’s Dennis Lormel in a white paper entitled,
Terrorism and Credit Card Information Theft - Connecting the Dots

Lormel is a managing director with investigative consulting services provider IPSA. According to Lormel: “Credit card information theft and fraud represents a lucrative funding stream for terrorists and consequently poses a serious threat to our national security.”

While Lormel writes that there is no exact data on the amount of credit card use by terrorists, there are “ample” reports showing that terrorists do rely on credit card information in helping to reach their goals.

Terrorist reliance on credit cards appears to be on the rise. “I think it’s taken an upward path over the last few years,” Lormel says via phone, meaning “a limited number of people can do an incredible amount of damage.”

Continue reading at…………..

Terrorism and Credit Card Information Theft - Connecting the Dots
Summary of Key Points, Issues, Conclusions:

Although no empirical statistical data establishes a connection between credit card exploitation and terrorism, there are ample anecdotal case studies demonstrating terrorist reliance on credit card information to further heinous acts. Within this white paper, two cases are presented. Terrorist groups require financial support in order to
achieve goals and credit card information theft and fraud represents a lucrative funding stream for terrorists and consequently poses a serious threat to our National Security. Lormel suggests that terrorist financing training should focus on factors to

• Types of terrorist groups
• Funding capacities
• Mechanisms for fundraising and operations
• Individuals and cells
At least twelve areas of systemic weaknesses allow for terrorist exploitation to raise and move funds. Of those, at least five of those areas involve credit card information and fraud: identity theft and fraud, credit cards, criminal activity, internet, and cyberfraud.

Lormel recommends best practices for detection and prevention of credit card information theft and fraud by terrorists:

• Identifying risk
• Understanding terrorists adaptability
• Vigilance
• Training
Name of Researcher: Natalie Prendergast
Institution: Integrated Center for Homeland Security, Texas A&M University
Date Posted: November 12, 2008
Reblog this post [with Zemanta]

PayPal Introduces Text Authentication

Finextra: PayPal introduces SMS-based authentication
PayPal introduces SMS-based authentication

Person-to-person online payments outfit PayPal has introduced an optional SMS text message-based two factor authentication system for customers logging into their accounts.

The PayPal SMS Security Key sends a six-digit code to users' mobile phones before they log in to their accounts. The customer then uses the code, along with their username and password, to sign in.

The system uses the same infrastructure as PayPal's Security Key offering. Developed by VeriSign and rolled out in the US last year, this provides customers with a small authentication token which displays a new one-time six-digit password every 30 seconds.  (Editor's Note:  I believe these are classified as "'s some more info on "short codes")
Public Knowledge  are "confusing text messaging and provision of common short codes," Verizon said in its filing. Short codes are not a transmission-based service, and are not subject to the Communications Act, Verizon said. Short codes are six-digit numbers used for text messaging. Ever voted for American Idol on your cell phone, texted Google for directory assistance, or signed up for one of those monthly horoscope, ringtone or joke services advertised on TV?  Chances are you typed in a short code instead of a full-length phonen.  There are two different types of short codes – standard and premium rates.
Michael Barrett, chief information security officer, PayPal, says: "PayPal was built from the ground up with security in mind, and we've always been committed to using cutting-edge technology to protect our customers' accounts. Now, we're taking the additional protection provided by two-factor authentication and delivering it to something most people don't leave home without - their mobile phones."

Both the SMS code and security token systems are available to PayPal customers in the US, Australia, Austria, Canada and Germany.

PayPal says it does not charge for delivery of security codes to handsets but the mobile provider's standard text messaging charges will apply. Editor's Note:  Technically, PayPal can say they're not charging for delivery, but there's a revenue sharing plan I'm sure they are set up for, so don't believe that they aren't making anything. AT&T's standard rate is .20 cents per message, so if you buy something for $10.00 on PayPal, you're paying a 2% fee.  I'd like to learn more to see if they charge premium short code rates.  Anyway...the Finextra article continues:
The firm has been a popular target for cybercriminals. Back in 2006 IT security firm Sophos reported that over 75% of all phishing e-mails were aimed at users of PayPal or its parent company eBay.
Reblog this post [with Zemanta]

Debit Card Use Rises 547% in South Africa

Credit card fraud cost South Africa R420-million in the past year and has increased by 146 percent, the South African Banking Risk Information Centre (Sabric) said on Monday.

"It is a frightening picture, it really is," said Sabric chief executive Kalyani Pillay.

"Fraud on RSA issued credit cards has increased by 146 percent between 2005/2006 and 2007/2008. This increase should be understood in the context of a huge rollout of cards by South African banks into the market."

It was estimated in 2006 that there were more than 25,5 million debit cards and 7,2 million credit cards in circulation in South Africa.  The amount of money spent using credit cards at point of sale devices increased by 101 percent between 2004 and 2007. The amount of money spent using debit cards soared by 547 percent in the same period.

Most fraud occurred with criminals using lost and stolen cards.  However, fraud with counterfeit cards caused the most losses in money terms.

"This card fraud type is the single biggest contributor to overall card fraud losses in 2007/2008," said Pillay, adding that it amounted to R118,3-million in the past year, up from R57,2-million in 2006/2007. Vigorous prevention programmes from banks saw a 67 percent drop in the number of false credit card applications. Fraud valued at R420-million was committed on South African issued credit cards, mainly in South Africa, between 2006/2007 and 2007/2008, said Pillay.

"South Africa mirrors the credit card fraud trends in the UK... Counterfeit card fraud remains the biggest driver of total card fraud losses both in the [United Kingdom] and RSA...

"The total card fraud losses in the UK in 2007 stood at 535,2 million pounds and in RSA it was R420-million between 2006/2007 and 2007/2008."

However, the banking industry prevented fraud valued at R573-million in 2007/2008.

Also, the retrieval of hand-held skimming devices, electronic devises used to steal card data from magnetic strips, increased by an average of 45 percent year-on-year since 2005. "A total of 254 hand-held skimming devices have been retrieved since 2005."

Pillay said these devices were small and easy for criminals to hide. Consumers must never lose sight of their credit cards, she emphasised. (continue reading in a new window)
Reblog this post [with Zemanta]

Wireless Identity Theft - More on Hackers 11

In an article published on IBLS (Internet Business Law Services)  the author talks about wireless hacking (See WarDriving 101), Hackers 11 and possible changes in laws relating to cybercriminal behavior...

Identity Theft from Wireless Networks : Internet Business Law

IBLS Editorial Department Staff Attorney
Monday, November 24, 2008

Identity theft is the unauthorized use of an individual's personal information, such as a social security number or bank accounts, for fraudulent purposes or to commit a crime. While the usual form of identity theft refers to the unauthorized use of personal information obtained from databases, another form has evolved; this form uses sophisticated hacking techniques over wireless networks to acquire the necessary private information. In this form of identity theft, hackers typically breach security systems and install programs to obtain personal and financial data that is then either sold to a third party, or used by the hackers for personal gain.

In August 2008, the U.S. Department of Justice filed charges against 11 individuals who allegedly obtained identity information over wireless networks from nine major U.S. retailers, resulting in the theft and sale of more than 40 million credit and debit card numbers. The hackers apparently garnered tens of millions of dollars from a broad-based scheme that involved citizens of the United States, Estonia, Ukraine, China and Belarus. Attorney General Michael Mukasey said, "so far as we know, this is the single largest and most complex identity theft case ever charged in this country, which they then allegedly sold to others or used themselves. And in total, they caused widespread losses by banks, retailers, and consumers."

The hackers used a tactic known as "wardriving" that involves driving around with a laptop computer and trying to access wireless networks in the range of the car. After hacking into the networks, the hackers use programs to locate card numbers and PIN passwords that are then sent to servers in the U.S. and Eastern Europe for online sale. The stolen numbers are "cashed-out" by encoding them on magnetic strips of blank cards to steal money from ATMs.

The Identity Theft and Assumption Deterrence Act of 1998 (18 U.S.C.S. § 1028) makes identity theft a federal crime, carrying penalties of up to 15 years imprisonment and a maximum fine of $250,000. The December 2007 amendments to the above Act provide that a person whose identity was stolen is a "true" victim; previously, only the credit grantors who suffered monetary losses were considered victims. This recent revision of the legislation also allows an identity theft victim to seek restitution if there is a conviction, and it establishes the Federal Trade Commission as a central agency to act as a clearinghouse for complaints and to assist victims of identity theft.

On a State level, in recent years, nearly 40 States have criminalized identity theft, with most making it a felony.

Some experts claim that the noticeable drop in identity theft cases in recent years makes additional state laws unnecessary. Others, however, claim that the current requirement that information must be stolen by means of interstate or foreign communications in order to be prosecutable under federal law, may provide a window of escape to many identity thieves. This is particularly significant because experts say that in the majority of identity theft cases, the victim knows the perpetrator personally. Experts have further warned that cyber-criminals will continue to find unique ways to steal personal information, and that the current laws do not carry particularly significant penalties to promote adequate deterrence.

Legal commentators have suggested that additional laws could make it a felony to damage ten or more computers through the use of spyware or keyloggers. Spyware -software that secretly gathers personal information about an online user while navigating the Internet- and keyloggers -a hardware device that can monitor a user's individual computer keystrokes- are among cyber-thieves' most effective identity theft tools. Another improvement could be to include cyber-extortion cases, where the criminal removes malicious software from a user's computer in exchange for payment, within the definition of identity theft crimes.

Reblog this post [with Zemanta]

Look at Prepaid Processors - Javelin Strategy & Research

Javelin Strategy & Research has announced results from a study of how a prepaid card issuer should assess and choose a processing partner in order to obtain the greatest success from prepaid card programs. According to Javelin, the processor choice is often overlooked and undervalued by prepaid program managers - but growth in the complexity of prepaid products underscores the importance of selecting the right processor.

Results have been published in a white paper titled: Choosing a Prepaid Processor in an Evolving Market: A Study on Issuer and Program Manager Needs and will be presented during a complimentary webinar session on Wednesday, December 3rd, 2008 at 11:00am Pacific Standard Time.

Registration for the webinar can be accessed at Attendees will be provided a link to access the materials, including the paper.

Companies that want to enter or expand their prepaid card presence face important business decisions,” said Bruce Cundiff, (pictured at right) Director of Payments Research and Consulting at Javelin. “Using a thorough methodology to choose the right processor is integral to achieving success and a reliable return on any prepaid card program.

There are, according to Javelin, 4 key components to an effective prepaid processing program.  These include:
  • Managing the card
  • Serving the cardholder
  • Executing the transaction
  • Getting the most from the platform.
A detailed discussion of each component provides decision-making guidance to prepaid issuers chartered with managing a program. The study also takes on several of the common misconceptions about the processor selection criteria, dispelling myths and setting the record straight based on perspectives from practitioners and current market trends

How to Start

Don’t start with the solution, start with the business objective. Find an experienced and consultative processor who can help crystallize your short-term and long-term needs and configure a tailored solution.

  • Look for holistic processing. Companies entering the prepaid arena need to look at the full range of capabilities a processor offers and clearly understand how each component, from the platform to cardholder support, satisfies your operating requirements for the most effective program.
  • Let customer preferences drive product innovation. As issuers develop new, niche products, find a processor with the flexibility and options to help satisfy customer needs expediently and reliably.
  • Security and risk management are paramount. In prepaid card issuance, both with respect to fraud mitigation and also in terms of the scrutiny that issuers face to comply with money-laundering and homeland security standards, risk and compliance management can’t be overlooked.
  • Plan for growth, anticipate evolution. As the market continues to mature, growth and change will follow. Prepaid issuers must look for a processor who has the foresight, scale and track record to help minimize growing pains.
Cundiff continues, “The evolution of the prepaid card segment will be driven by consumer needs and technology innovation that enhances functionality and security. Processors that continuously expand their offerings and essentially provide flexible solutions, will enable prepaid card issuers to strengthen and deepen their relationships with cardholders.”

Reblog this post [with Zemanta]

Symantec Report on Internet Underground Economy

Did you know that you can buy a keystroke logger for $23 or pay $10 to have someone host your phishing scam? Having a botnet at your fingertips will cost you $225, and a tool that exploits a vulnerability on a banking site averages $740 and runs as high as $3,000.

That's according to the Symantec Report on the Internet Underground Economy due to be released Monday.

Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.

Credit card numbers were the most popular item on sale and made up 31% of all the goods on offer. Coming in second were bank details which made up 20% of the items being offered on criminal chat channels.

The $5.3 billion figure was reached by multiplying the average amount of fraud perpetrated on a stolen card, $350, by the many millions Symantec observed being offered for sale. Similarly, the report said, if hi-tech thieves plundered all the bank accounts offered for sale they could net up to $1.7bn.

1)  Credit card information - 31%
2)  Financial accounts - 20%
3)  Spam and phishing information - 19%
4)  Withdrawal service - 7%
5)  Identity theft information - 7%
6)  Server accounts - 5%
7)  Compromised computers - 4%
8)  Website accounts - 3%
9)  Malicious applications - 2%
10) Retail accounts - 1%

Credit card numbers have proved so popular among hi-tech thieves because they are easy to obtain
and use for fraudulent purposes.  Many of the methods favored by cyber criminals, such as phishing schemes, database attacks and magnetic strip skimmers, are designed to steal credit card information, it said.

The existence of a ready market for any stolen data and the growing use of credit cards also helped maintain their popularity, it said.  "High frequency use and the range of available methods for capturing credit card data would generate more opportunities for theft and compromise and, thus, lead to an increased supply on underground economy servers," said the report.

The price card thieves can expect for the numbers they offer for sale also varied by the country of origin. US card numbers were the cheapest because they were so ubiquitous - 74% of all cards offered for sale were from the US.

By contrast numbers from cards issued in Europe and the Middle East commanded a premium because they were relatively rare. 

Reblog this post [with Zemanta]

UATP to Expand Network to Hotels and Car Rentals?

According to Commercial Payments International,  "This week, the payment network Universal Air Travel Plan indicated that it is considering expanding its existing merchant network in 2009 to both hotels and car rental vendors. (At present, over 240 airlines and travel agencies accept UATP for air travel, service fees, management fees and net fares payment.)

It believes the time may be right to make such a move as so many companies are looking for ways to cut costs. Merchants are usually charged lower service fees by UATP than by other corporate card networks.

If UATP proceeds with this strategy, it would represent more competition for the existing dominant payment networks such as MasterCard and Visa. UATP is already a significant payment network as far as airline payments go – the organization is expecting its charge volume to reach $12 billion in 2008, with further growth predicted for next year."

In related news, UATP announced yet another partnership...this time with Atlanta based Moneta.  Here's the press release:

UATP and Moneta Partnership Broadens Airline Payment Options - MarketWatch
Universal Air Travel Program (UATP), the low cost payment network privately owned by the world's airlines, announced it has partnered with Moneta to support Moneta's online payment wallet for the 250 airlines utilizing UATP payment gateway services. Moneta offers consumers, airline and merchants a convenient, safe and affordable payment method which is distributed and marketed through the consumer's bank. Airlines using the UATP payment gateway connection can activate Moneta on their retail checkout site with no infrastructure investment and minimal configuration.

"The Moneta-UATP partnership provides a low-cost payment option for airlines while enhancing consumer confidence and loyalty for both airlines and banks," said Ralph Kaiser, president and chief executive officer, UATP. "As our network of airlines continues to grow, we look forward to assisting Moneta in expanding their airline distribution."

Initially, Moneta transactions will use the U.S. ACH debit network, enabling consumers to pay directly from their checking or money market accounts. In 2009, Moneta plans to offer additional payment options including international debit payments, credit cards, pay later and pay early functionality. The Moneta service is free to consumers and is available to customers in the United States, Puerto Rico and U.S. Virgin Islands.

"Partnering with UATP underscores the ease of implementing Moneta's online wallet for airlines," said Guido Sacchi, CEO of Moneta. "By integrating into the UATP gateway service, airlines can take immediate advantage of lower online transaction costs. Additionally, airlines offering Moneta will enjoy the ability to reach new customers through our bank partner network. Airlines selecting the UATP-Moneta solution will realize not only cost savings, but the ability to market their airlines through online banking customers either on a per-market basis or around the country."

About Moneta Corporation

Moneta Corporation is a leading payments company offering secure, convenient methods for consumers to pay online merchants directly from their checking or money market accounts. Moneta partners with online merchants to accept and process payments, while providing financial institutions branding opportunities during the transaction process. Moneta's rapidly growing partner network enables online retailers and travel providers to attract valuable customers with a preference for paying directly from their well-established bank accounts. Moneta is a privately-held company headquartered in Atlanta, Ga. For more information visit

Reblog this post [with Zemanta]

US Bails Out Citi

Government plans massive Citigroup rescue effort
Rushing to rescue Citigroup, the government agreed to shoulder hundreds of billions of dollars in possible losses at the stricken bank and to plow a fresh $20 billion into the company.

Regulators hope the dramatic action will bolster badly shaken confidence in the once-mighty banking giant as well as the nation's financial system, a goal that so far has been elusive despite a flurry of government interventions to battle the worst global crisis since the 1930s.

Wall Street appeared encouraged as stock futures moved higher ahead of the market opening in New York. Dow Jones industrial average futures rose almost 2 percent. Stock markets in Britain and Germany gained more than 4 percent in afternoon trading. Citigroup shares themselves climbed 44 percent to $5.64 in premarket trading.

"If they didn't help, the damage would be beyond imagination," said Teck-Kin Suan, economist at United Overseas Bank in Singapore.

The action, announced late Sunday by the Treasury Department, the Federal Reserve and the Federal Deposit Insurance Corp., is aimed at shoring up a huge financial institution whose collapse would wreak havoc on the already fragile financial system and the U.S. economy.   - continue reading

Reblog this post [with Zemanta]

Disqus for ePayment News