Friday, December 19, 2008

Dual Authentication for All Consumer Accounts - FTC

Finextra: US Federal agency urges authentication of all consumer accounts
US Federal agency urges dual authentication of all consumer accounts

The Federal Trade Commission is calling on the US Government to extend two-factor authenticati
on standards deployed by banks to all private sector organisations that maintain consumer accounts, in a bid to combat rising levels of ID fraud.

In a report published late Thursday, the FTC recommends that Congress consider taking action to strengthen the procedures that private-sector organisations use to authenticate their customers' identities.

"Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses (primarily to businesses) in the billions of dollars," the report states.

The FTC report states that adopting nationwide standards for how businesses and other organizations verify the identity of new and existing customers would make it harder for identity thieves to use social security numbers and other stolen information to commit fraud.

Currently, the only private-sector organizations subject to nationwide authentication standards are financial institutions regulated by the federal banking agencies. The FTC's report recommends that Congress consider establishing similar standards to cover all private-sector entities that maintain consumer accounts.

Such standards would require organizations to adopt reasonable procedures for authenticating customers, but also would allow them to adopt a program that is compatible with their size and the nature of their business, the report states.

Download the document now - 785.5 kb (PDF File)

Reblog this post [with Zemanta]

Chipping Away at Credit Card Fraud

Chipping away at credit card fraud - Canadian Broadcasting News

By Grant Buckler CBC News

If you presented your newly issued credit card at a store recently and were surprised to be asked to enter a personal identification number as if you were using a debit card, you're not alone.

Major credit card issuers Visa and MasterCard are rolling out new cards that contain memory chips across Canada. The chips store information used to prevent fraud.

As old-style MasterCard and Visa cards that have just a magnetic strip expire, they're being replaced with the new chip cards. You can spot these new cards at a glance — on the front is a small silver square, a little less than a centimetre each way, with lines on it. That's the chip.

On the chip are stored the card number, expiry date and security code and your personal identification number (PIN). All this information is encrypted so that only an authorized card-reading device can decode it.

The chip could also be used to store other information, such as your credit limit, says Shirley Matthew, director of chip platforms at Visa Canada. When a card is used fraudulently, a card issuer could send a message to the card to disable it, and that information would also be stored on the chip.

Don't confuse these new cards with "contactless" payment systems, though.

Card issuers expect it to take a couple of years to replace all old-style cards and readers.

The chip cards use a chip standard — called EMV after Europay, MasterCard and Visa, the three credit-card companies that developed it — that requires the reader to make contact with the chip. That's unlike some payment cards now coming into use in Canada — MasterCard's PayPass and Visa's payWave, for instance — that are contactless and will work as long as the card gets within a few centimetres of the reader. MasterCard is issuing cards that combine both functions in one chip.

And even if you have a chip card, you won't always be asked for a PIN. Merchants that don't yet have chip-card readers still use the cards in the old way. Card issuers expect it to take a couple more years to replace all cards and readers.

How it works

A chip card reader scans the card and requires the customer to input a personal identification number, the same way they would enter a PIN to use a debit card.A chip card reader scans the card and requires the customer to input a personal identification number, the same way they would enter a PIN to use a debit card. (Courtesy Visa Canada)When you present a chip card to a merchant who has one of the new card readers, the sales clerk inserts the card in a slot in the reader and leaves it there while you enter your PIN on the keypad, just as you would enter a PIN to use a debit card.

When you enter your security number, the reader checks it against the PIN stored on the chip. If it checks out, your transaction goes ahead. If not, you'll usually have at least one more chance to enter the correct PIN, but repeated wrong PINs will eventually lock up the card — the exact policy is up to the card issuer.

One big advantage of the chip is that a PIN can be used for security without the PIN having to be transmitted to a central computer to check if it's correct. That's what happens when you enter a PIN for a debit-card transaction. Although a PIN can be encrypted, not having to transmit it to the credit card company's server makes the transaction that much more secure, says William Giles, vice-president of acceptance at MasterCard Canada.

Chip cards don't eliminate the need to talk to the credit-card issuer's computers, though, because the merchant still must make sure the card hasn't been reported lost or stolen and that you have enough credit available to cover the purchase.

So why are these chip cards more secure?

The main reason is that a PIN is more secure than a signature. While merchants are supposed to check the signature on each credit-card slip against that on the back of the card, it doesn't always happen and it's not too difficult to forge a signature well enough to fool an untrained eye. But with a chip card, if someone doesn't know your PIN then they can't use your card.

Also, chip cards get around the classic horror story in which someone takes your card into a back room or otherwise out of sight (think of a waiter or gas-station attendant who usually takes the card away and returns it) and imprints an extra credit-card slip or two. All that person has to do is fill in that slip and copy your signature and you'll be charged for something you didn't buy.

With a chip card, if someone doesn't know your PIN then they can't use your credit card.

With a chip card, you have to enter your PIN for each transaction, and nobody but you knows that number.

Chip cards aren't perfect credit protectors, though — they don't address purchases you make by phone or on the internet. You won't be asked for your PIN when you use your card this way. Asking you to give your PIN verbally or type it into a website would compromise its security.

So the credit card companies are dealing with these transactions in other ways. Visa has a program called Verified by Visa, in which you set up a password for online purchases. MasterCard has a similar setup called SecureCode. Asking for the additional three- or four-digit security code printed on your card also provides some extra security, though not if someone has your card who shouldn't.

That's not to say chip cards won't eventually be used for remote purchases. Giles says MasterCard has developed a calculator-sized device that, when you insert your card in it, will generate a passcode for one-time use. You would use this like a SecureCode passcode. MasterCard will make this technology available to other card issuers, Giles says. He expects it to be widespread by 2015.

So in a few years, entering a PIN to use your credit card may be the norm even when you're shopping on the internet — and signing a credit card slip will seem as old-fashioned as, well, paying cash.

Reblog this post [with Zemanta]

APACS Interactive Payments Guide

APACS has created an interactive guide to demonstrate the varied payment attitudes, preferences and behaviors that can be seen in the different regions of the UK.

For example, their research reveals:

  • Plastic cards: Adults in East Anglia are the most likely to hold plastic cards (97 per cent)
  • Checking card or bank statements for unfamiliar transactions: West Midlanders are the best at doing this, as 85 per cent admit to always checking their statements - the national average is 82 per cent
  • Phone or internet banking: Adults in the North West are most likely to use phone or internet banking (55 per cent), whilst adults in Yorkshire and the Humber and Scotland are least likely to (46 per cent)
  • Cash: Adults in the North East make the highest number of cash machine withdrawals (76 annually), but adults in Scotland withdraw the most amount of cash annually (£5,650)
  • Cheque usage: More adults in the South West regularly use cheques for spontaneous payments* than in any other region (44% compared to the national average of 37%)
*Spontaneous payments are those that don’t arise from an existing commitment to pay, and include payments in the retail, travel and entertainment sectors and payments to other individuals and tradespeople.

Reblog this post [with Zemanta]

Finovate 2009 Dates Announced

Announcing The Finovate 2009 Conference Series: FinovateStartup and Finovate2009

Although 2009 promises to be a challenge, if history is any judge there will bemore lasting innovations put in place next year than any year this century. Necessity truly is the mother of invention, especially when you are a startup.  Next year, we will again showcase the best and brightest ideas at our Finovate conferences:
imageFinovate Startup:
San Francisco - 28 April 2009

The conference features the launch of new companies in financial tech, as well as young companies launching major new products and features. Last year, we had 40 startups participate, this year we expect even more (see demos from 2008).
imageFinovate 2009
New York City - 29 Sep 2009
We head to NYC for the third year in a row to showcase the best of 2009 in the online and mobile space. Company size is irrelevant; it's all about what's new and what's hot (see demos from 2008, 2007).
Attend a Finovate conference in 2009


700 of the most innovative execs in banking, finance and technology attended a Finovate event in 2008. The events are fast-paced, just a single day, and allow you to network with the presenting execs along with the decision makers in the audience. Both attendees and presenters love the format. If you want to join the excitement, you can sign up up now at deeply discounted prices. Tickets are transferable, and refundable,
 so the risk is low. If you want to bring your entire team, email Eric Mattson,, for a team price.

Present in 2009: FinTech Startups

If you have a young company involved in the online or mobile finance area, there is no reason not to be at FinovateStartup. This year, we are opening the floor to any qualifying startup. So, for the price of a single ticket, you are ensured a table at the event to show off your company and a chance to demo on stage (see previous FinovateStartup demos). The earlier you apply, the more benefits you receive. Please check out the Presenters page or email to

Present in 2009: Other FinTech Companies

At Finovate2009 in NYC, we'll put the best two dozen ideas on stage regardless of the size or location of the company. Last year, we had popular demos from large companies including Intuit and CheckFree Fiserv as well as startups, Mint, CreditKarma, NeoSaej and others (see previous demos from Oct. 2008 and Oct. 2007).

If you have a dynamite new product and are interested in launching it at Finovate NYC, please email or check out the presenters page.


Last year, more than 50 financial, technology and personal finance press and analysts attended the Finovate conferences. If you'd like a press passfor either event, please email me at

Prevent Fraud Use PIN - Liberty Bank

Liberty Bank is watching debit card transactions after learning thieves skimmed off debit card numbers and produced fake cards that are being used to make purchases across the country.  "It's a huge fraud ring," said Larry Woods, president and chief executive officer of South San Francisco-based Liberty Bank.

To prevent further fraud, the bank instituted a policy of requiring customers use a PIN number in order for the debit card to be accepted.

Editor's Note:  Once  again, yet another bank is stating the fact that in order to prevent fraud a PIN number should be used.  Where's the PIN for Internet Transactions?  HomeATM will dramatically reduce fraud by allowing internet retailers to process PIN based transactions, which in turn, reduces Interchange Fees by up to 100 basis points.

He's not surprised thieves would time their attack for December. "They think people will have money in their accounts at this time of year," he said.

The bank reported the fraudulent transactions to the STAR Network, a division of Colorado-based First Data that processes its transactions. First Data spokesman Glen Turpin responded to an inquiry Thursday night, saying there has not been any unauthorized access of the STAR Network.

Reblog this post [with Zemanta]

Disqus for ePayment News