Thursday, March 12, 2009

PIN on PED vs. PIN on the Web

Editor's Note:  Both Ken Mages, HomeATM CEO, and Mitch Cobrin, COO were at the Merchant Risk Council Annual Conference over the past two days.  At the conference, a "cautious" Chase Paymentech, announced that they will "pilot" PIN Debit on the Web, first with Acculynk, with others to possibly follow. 

See Digital Transaction News
: A Cautious Chase Paymentech Signs Up for Online PIN Debit


The developments at the MRC are definitely raising awareness for the desire to incorporate PIN Debit into the webosphere.  That is good.  In fact, Mike Strada, manager for debit card product at the Dallas-based processing giant predicted that PIN Debit would become the most widely used payment mechanism on the web by 2012.  I've been predicting that the potential for PIN Debit on the web cannot be ignored since early 2006, back when I started the Pay By Touch Blog.  (HomeATM has been doing the same since 2000)

I know enough about a PIN Based Application to be dangerous, speaking of which, (dangerous) I received an email from our CEO regarding these recent announcements.  I asked if I could post it and he gave me the go ahead, so here it is:

John, I appreciate that your blog is truly YOUR blog. You and I both have issues with the old ATMDirect so those topics are naturally covered frequently.

I don't editorialize nor do I influence the content. Having said this, and having just attended the MRC, I can't help but say that Acculynk does indeed deserve kudos for raising the awareness of PIN for the Internet.

What I would say is that HomeATM does NOT do PIN on the web.  We use the web to connect a buyer to a seller and then we do a safer than standard (the track2 data is encrypted also), traditional, unhackable, unbreachable, impregnable where the Internet is merely the conduit for our encrypted packets (as it is for 99% of all PIN transactions).


I won't belabor the point but if Acculynk (or ANY software only) PIN on the web solution goes live, I promise, just as I promised music and movie executives fifteen years ago that their digital business would die on a PC (and entertainment has, check out Virgin).  Not to mention any software solution using a browser for PIN entry likely violates our core patent.

This isn't meant as a threat nor as a contentious point, I just want PIN experts to weigh in on the real issues of "software vs. hardware"  
POS transactions.


Finally I'll make this last promise or take a lunch bet with anyone...that once software PIN goes live, within a month an FTP site will arise with user's PAN and PIN numbers.

I One-Hundred-Percent (100%) guarantee it.

Thanks,

kgm
Chairman/CEO
HomeATM ePayment Solutions



Editor's Note:  At $1000 per PIN (see illustration above, click to enlarge)  I wouldn't bet lunch against him.  Speaking of the illustration above...let me remind you of a direct quote from Acculynk Chairman and CEO, Ashish Bahl... (from Digital Transactions:) 


Without going into details, Acculynk’s CEO Ashish Bahl counters that each click is encrypted in ways intended to frustrate hackers.

At the same time, he adds, the resources necessary to predict when to start and stop screen scraping with each click
would be cost-prohibitive even for determined fraudsters

Editor's Note: "Cost prohibitive" is relative to the potential return. (again, see graphic above) Personal Identification Numbers are the "holy grail" for hackers. If you have the PINs then you have the capability to empty bank accounts. So, in my humble opinion, there is simply no such thing as a "cost prohibitive" barrier when it comes to PIN's. Especially, if the hackers are "determined."  It's something hackers would want to get their hands on "at all costs."



Technorati Tags:







Reblog this post [with Zemanta]

Disqus for ePayment News